BOINC Image
===========


The client side interaction is handled by CERN IT (Laurence Field atm).
I am not sure how their whole system works, but the main point is that the client ends up booting an image:
* contextualized by a user_data file which basically just specify the cvmfs path to use, and contain the MrBoincHost certificate and key (see below)
* Start a pilot bootstrap script available here: https://gitlab.cern.ch/vc/vm/raw/master/bin/lhcb-pilot




Generate the MrBoinc host certificate
=====================================

This certificate/key needs to be given to IT to add in the contextualization file.

Work into ``/path/to/boincCertificate`` and there::

    mkdir MrBoincHost

Create the ``openssl_config_host.cnf`` file in the ``MrBoincHost/`` directory::

    # Generate the key
    openssl genrsa -out MrBoincHost/hostkey.pem 4096
    chmod 400 MrBoincHost/hostkey.pem

    # Create the request
    openssl req -config MrBoincHost/openssl_config_host.cnf -key MrBoincHost/hostkey.pem  -new -sha256 -out MrBoincHost/request.csr.pem

    # Sign it
    openssl ca -config ca/openssl_config_ca.cnf \
         -extensions server_cert \
         -in MrBoincHost/request.csr.pem \
         -out MrBoincHost/hostcert.pem


This self-signed host certificate (MrBoinc Host) must then be saved on any BOINC VM in ``/etc/grid-security``.
Do not forget to add it to the list of trusted host for ProxyDelegation in the dirac.cfg of the gateway