Getting Grid Certificates and ATLAS VO

Domentation prepared for ANL ASC (RY based on documentation by R. Calkin at NIU)

Updated: March 6, 2008

You need to get a Grid certifticate and join the "ATLAS VO" in order to be able to start taking full advantage of the analysis environment at ANL ASC (and ATLAS in general).   This is the instruction to get you there.  Before getting started, there are a couple of basic ideas you should understand:

  1. The following is an instruction to get the DOE Grid cirtificate.   This should be appropriate for most users of ANL ASC.
  2. In order to access ATLAS specific resources, you will need to join ATLAS VO.  Obviously,  you will need to be registered with the ATLAS collaboration as a member to be able to get this.
  3. When you get the certificate, you will import the certificate to a web browser; this will be the same browser you will use in the application procedure.  It's strongly recommended that you use a browser which is private to you, and is the one you use primarily for your work.  (It is possible to import the certificate into a different browser at the end of the procedure, if necessary.)
  4. After you get the certificate, you will "export" it to your working account (in our particular case your ANL ASC account) in order to be able to submit jobs to the Grid.  This account is not necessarily the same account (or computer) where your browser resides.

Follow the instructions below to get your Grid certificate and join ATLAS VO:
  1. With the browser you into which you intend to import your certificate, go to this site to request a DOE Grid certifiate.  We have had problems using Seamonkey in the past--IE and Firefox appear to be fine.   The procedure will ask, at some point, for a "registration authority" you will be using.   You should check with your University ATLAS group and ask about the normal procedure used in your group.  Alternately, it is possible to choose ANL as the registration authority and name your ANL ASC contact when that is asked for.
  2. You will receive an email with a link when the request is approved.  With the same browser you used for the request, go to the link and import the certificate by clicking on the appropriate link at the bottom of the page.
  3. You will need to renew the certificate annually.  You will be notified by email.
  4. You will need to be an ATLAS member to join the ATLAS VO.  Go to this site and follow the instructions exactly.  (This page also has instructions on how to register as an ATLAS member.)  Remember to use the same browser where you have your Grid certificate installed.
  5. At some point in the application procedure, you will be redirected to the "ATLAS VO Registration Service" page.  Make sure that your Grid certificate appears at the bottom of the page.  If not, you are not using the same brower as you used in your certificate application.
  6. The ATLAS VO approval is a two step process.  You will be a "candidate" after the first step.  After you are approved, you will need to go back to ATLAS VO Registration Service page to complete phase II.  Again follow the instructions at this site closely.
Typically, you will install your Grid certificate into the account from which you intend to submit your Grid jobs.   (Your ANL ASC account, for example) To do this:
  1. You do not need to have ATLAS VO membership to follow this procedure although you will be very restricted in what you can do until you obtain it.
  2. "Export" the certificate from your browser as a .p12 or a .pfx file.  The instruction are in the middle of this site.  You will be asked for a password during the procedure.  Do not forget this password.
  3. In the relevant account, create a directory called ~/.globus/
  4. Copy your cerficate file to this directory.
  5. Give the following commands
At this point, you should have two files ~/.globus/usercert.pem and ~/.globus/userkey.pem.   You have successfully installed your certificate.