reana-auth-vomsproxy provides a container image for either setting up or creating a VOMS proxy certificate. The container image includes no additional logic or libraries, just the bare minimum to support the VOMS client. The image is configured to support authentication for the four experiments at CERN's Large Hadron Collider (ALICE, ATLAS, CMS, LHCb), as well as ESCAPE Virtual Organization.

reana-auth-vomsproxy was developed for use in the REANA reusable research data analysis platform.

You can use reana-auth-vomsproxy as a base image, however it was built to be used as a sidecar container for user jobs generated via reana-job-controller with the single purpose of establishing the VOMS proxy authentication. The VOMS proxy file set up by the sidecar is shared with the main job container using common namespace.

The end users can ask for VOMS authentication by means of declaring voms_proxy: true workflow hints. For more information, please see here.

If you would like to try it out locally, you can run:

$ docker run -i -t --rm -v $HOME/foo:/root/.globus/ docker.io/reanahub/reana-auth-vomsproxy:1.0.0 /bin/bash

Your local directory /foo should contain your usercert.pem and userkey.pem files. By default the VOMS client checks the directory /$HOME/.globus for the files needed. In this image that path results in /root/.globus/.

Inside the container a VOMS proxy can be obtained by specifying the Virtual Organization, for example via:

$ voms-proxy-init --voms cms

If you would like to use the sidecar to simply expose the VOMS proxy file generated on the client-side by the user, there is nothing to configure.

If you would like to use the sidecar to create a VOMS proxy certificate from user Grid credentials, this requires additional information and inputs:

• Grid user certificate: ${HOME}/.globus/usercert.pem
• Grid user key: ${HOME}/.globus/userkey.pem
• Grid user password
• Virtual organisation membership (e.g. cms)

• Changes documentation to better expose two usage modes, the client-side and the server-side generation of VOMS proxy file.

• Adds support for ESCAPE VOMS.
• Changes base image to use latest CC7.

• Initial release

You can build the reana-auth-vomsproxy image by passing the build arguments DATE in the format "YYYY-MM-DD" and VERSION as either a semantic versioning and/or the git SHA.

For more information about REANA reusable research data analysis platform, please see its documentation.