DIRAC - FOXMAN-UN Integration
After successful installation of the DIRAC server the communication between FOXMAN-UN and DIRAC is set up so that the FOXMAN-UN Ethernet Security Manager recognizes a working DIRAC server over the REST interface. To enable communication between the two systems, keys and certificates are exchanged...
• (recommended setup:) automatically during installation if FOXMAN-UN core and DIRAC server are installed on the same machine and DIRAC server is installed after the FOXMAN-UN core - see instructions “Set up communication between DIRAC and FOXMAN-UN” further below;
• (not recommended:) manually by the server administrator if the DIRAC server and FOXMAN-UN core are installed on different machines, or if FOXMAN-UN is installed after the DIRAC server - see instructions “Exchange certificates between DIRAC and FOXMAN-UN” and “Set up communication between DIRAC and FOXMAN-UN” below.
Exchange certificates between DIRAC and FOXMAN-UN
Keys and certificates for the DIRAC REST interface are generated during the DIRAC installation and stored in the folder /etc/pki/dirac. The following two files are relevant for the next steps:
• nem.pem
• nem.crt
As the server administrator (you will need root permission to do this),
Proceed as follows: (applicable only if the DIRAC server and FOXMAN-UN core are installed on different machines)
1. Copy the DIRAC key from the DIRAC machine:
/etc/pki/dirac/nem.pem
to the following folder on the FOXMAN-UN machine:
/opt/nem/etc/enpsec/
2. Copy the DIRAC certificate from the DIRAC machine:
/etc/pki/dirac/nem.crt
to the following folder on the FOXMAN-UN machine:
/opt/nem/etc/enpsec/
3. Change the ownership of the two copied files on the FOXMAN-UN machine:
cd /opt/nem/etc/enpsec/
chown nemadm:nem nem.pem
chown nemadm:nem nem.crt
4. Verify that the following two entries in the file “/opt/nem/etc/enpsec/dpmprop.cfg” are present:
clientCertificateFile=nem.crt
privateKeyFile=nem.pem
Result: The DIRAC - FOXMAN-UN certificates are in place.
End of instruction
Set up communication between DIRAC and FOXMAN-UN
Proceed as follows:
1. Login as ‘root’ user on the FOXMAN-UN server
2. Verify that the DIRAC server can be addressed from FOXMAN-UN; the following entry in the file “/opt/nem/etc/enpsec/dpmprop.cfg” is required when DIRAC server is installed on the same machine as FOXMAN-UN:
enpsec_hostname=localhost
If the DIRAC server is on a different machine “localhost” needs to be replaced by the hostname of the DIRAC server, e.g.
enpsec_hostname=mydiracserver
3. Make sure the following entry is present in the file “/etc/hosts”:
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
4. Log in to FOXMAN-UN and open the Ethernet Security Manager application from the NEM Desktop (menu: Application - Ethernet Security Manager...).
5. Verify the DIRAC communication status in the upper right corner of the Ethernet Security Manager dialog window. The status should show an OK mark 
and the text “DIRAC localhost:9343” or a text similar to “DIRAC mydiracserver.company.com:9343”.
and the text “DIRAC localhost:9343” or a text similar to “DIRAC mydiracserver.company.com:9343”.If this is not the case you may need to reboot the DIRAC server software by entering the command “dirac-restart” in the DIRAC CLI (as user dirac).
Optionally, but only recommended if necessary due to its wider impact, restart the NEM core and/or NEM base services by entering the command “nembasestop”, followed by “nemstart” in a terminal (as a NEM administrator).
Optionally, but only recommended if necessary due to its wider impact, restart the NEM core and/or NEM base services by entering the command “nembasestop”, followed by “nemstart” in a terminal (as a NEM administrator).
Result: The DIRAC - FOXMAN-UN communication via the REST interface is up and running.
End of instruction