he Register Service is used to register a new user when a number of Grids have been configured in a Grid hierarchy. With a central Register Service, we achieve the goal of using one CA for the all the Grids in the Grid hierarchy. As part of the workflow of adding a user, the Register Service: creates the user's certificate, pushes it to the central MyProxy Server as well as to the local Campus Grid's MyProxy Server, and creates a GridSphere account for the user at the highest level Grid Portal. In the UC system, this is the UC Grid Portal. The entire workflow is described in detail here.
The Register Service is a web service running in a Globus Toolkit 4.x container. It is based on the WS-Resource Framework(WSRF).
In order to connect the Campus Grid Portals to the Register Service at the highest-level Grid Portal, you need to do the following:
- Install the CA and the Register Service on the same machine at the higher-level Grid Portal. This will be the single CA for all the Campus Grids connected to this higher-level Grid Portal.
- Do NOT install a CA at any of the Campus Grid Portals.
Add the hostnames of all the Campus Grid Portals to the file:
- Have the central CA issue a host certificate for each of the Campus Grid Portals. The administrator of each Campus Grid Portal will install the certificate there in /etc/grid-security. In addition, the Campus Grid Portals have to trust the central CA. See the INSTALL instructions.
In order for the Register Service to be able to push the signed certificates to a campus MyProxy Server, you have to configure the following file:
Include one myproxy chunk for each portal host:
- <dn> /C=US/O=Institution/OU=Institution Grid/CN=host/myproxy.campus.org</dn>
Note that in the dn, Institution and Institution Grid will be the same for all of the campuses because they are all using a common CA.
The Register Service has the following actions:
- The Register Service will save the information in the user's application as pending until the add user workflow is complete. In doing so, it will reserve the Username requested by the user ans save the password that the user requested in an encryped form.
- Register the user. When the Register Service registers a User, it requests a certificate for that user from its associated CA and signs it, so that the proxy certificate can be retrieved for the user with the Username and the password specified by the user. The user information in the database is no longer pending and the encrypted password saved there is nullified. As described in Workflow, the proxy certificate is pushed to the two MyProxy servers and a GridSphere account is created for the user on the higher-level Grid Portal.
- Add resource (Pool or Cluster) to the uesr.
- Delete the user from the system if the user is denied access during the application process process.
- Check whether the user exists.
- Delete the user who has the specified Username.
- Dnable the user to reset his/her password.
- Reset the user's password.