fix: docs fixes for client installation

docs/source/AdministratorGuide/ServerInstallations/InstallingDiracServer.rst

@@ -195,6 +195,12 @@ Couple notes:
 * SAN in your certificates: if you are contacting a machine using its aliases, make sure that all the aliases are in the SubjectAlternativeName (SAN) field of the certificates
 * FQDN in the configuration: SAN normally contains only FQDN, so make sure you use the FQDN in the CS as well (e.g. ``mymachine.cern.ch`` and not ``mymachine``)
 
+
+User (admin) certificate
+------------------------
+
+The user installing the server should have their own certificate: it will be used for administration.
+
 .. _using_own_CA:
 
 -----------------
@@ -266,41 +272,31 @@ be taken based on the Python version you wish to install.
         #  it can be used to cover more than one VO in the grid sense.
         #  If you are going to setup DIRAC as a multi-VO instance, remove the VirtualOrganization parameter.
         VirtualOrganization = Name of your VO
-        #  Site name
+        #  Server name
         SiteName = DIRAC.HostName.ch
 
         #  Flag to skip download of CAs, on the first Server of your installation you need to get CAs
-        #  installed by some external means
+        #  installed by some external means, so do not change this flag.
         SkipCADownload = yes
-        #  Flag to use the server certificates
+        #  Flag to use the server certificates. Do not change this flag.
         UseServerCertificate = yes
-        #  Configuration Server URL (This should point to the URL of at least one valid Configuration
-        #  Service in your installation, for the primary server it should not used )
-        #  ConfigurationServer = dips://myprimaryserver.name:9135/Configuration/Server
-        #  Configuration Name
-        ConfigurationName = MyConfiguration
-        #
-        #   These options define the DIRAC components to be installed on "this" DIRAC server.
-        #
-        #
-        #  The next options should only be set for the primary server,
-        #  they properly initialize the configuration data
-        #
-        #  Name of the Admin user (default: None )
-        AdminUserName = adminusername
-        #  DN of the Admin user certificate (default: None )
+        #  Name of the Admin user (default: None)
+        #  This should be the nickname as appears in your identity provider (normally: first letter of your name followed by surname)
+        AdminUserName =
+        #  DN of the Admin user certificate (default: None)
         #  In order the find out the DN that needs to be included in the Configuration for a given
         #  host or user certificate the following command can be used::
         #
         #          openssl x509 -noout -subject -enddate -in <certfile.pem>
         #
-        AdminUserDN = /DC=ch/aminDN
-        #  Email of the Admin user (default: None )
-        AdminUserEmail = adminmail@provider
-        #  Name of the Admin group (default: dirac_admin )
-        AdminGroupName = dirac_admin
-        #  DN of the host certificate (*) (default: None )
-        HostDN = /DC=ch/DC=country/OU=computers/CN=computer.dn
+        AdminUserDN =
+        #  Email of the Admin user (default: None)
+        AdminUserEmail =
+        #  DN of the host certificate (*) (default: None)
+        HostDN =
+        #
+        #   These options define the DIRAC components to be installed on "this" DIRAC server (do not change).
+        #
         # Define the Configuration Server as Master for your installations
         ConfigurationMaster = yes
         # List of Systems to be installed - by default all services are added
@@ -351,14 +347,13 @@ be taken based on the Python version you wish to install.
         }
       }
 
-  or You can download the full server installation from::
+  or you can download the full server installation from::
 
     $ curl -L https://github.com/DIRACGrid/DIRAC/raw/integration/src/DIRAC/Core/scripts/install_full.cfg -o install.cfg
 
 - Run ``install_site.sh`` giving the edited configuration file as the argument. The configuration file must have
-  .cfg extension (CFG file). While not strictly necessary, it's advised that a version is added with the '-v' switch
-  (pick the most recent one, see `here<https://pypi.org/project/DIRAC/#history>`).
-  In the same way, extensions have to be added with the '-e' switch (the name of the extension should be complete). Finally,
+  .cfg extension (CFG file).
+  Extensions can be added with the '-e' switch (the name of the extension should be complete). Finally,
   further pip packages (e.g. WebAppDIRAC) can follow with the '-p' switch, which can be repeated multiple times::
 
     $ ./install_site.sh -i /opt/dirac [-v <x.y.z>] [-e <extension>] [-p <extra-pip-install>] /home/dirac/DIRAC/install.cfg
@@ -376,11 +371,13 @@ of the status of running DIRAC services, e.g.::
                                 Name : Runit    Uptime    PID
                 Configuration_Server : Run          41    30268
        Framework_SystemAdministrator : Run          21    30339
+       Framework_ComponentMonitoring : Run          21    30341
+       ResourceStatus_ResourceStatus : Run          21    30349
                      Tornado_Tornado : Run          11    30340
 
 
-Now the basic services - Configuration, SystemAdministrator, TornadoComponentMonitoring and TornadoResourceStatus - are installed,
-or at least their DBs should be installed, and their services up and running.
+Now the basic services - Configuration, SystemAdministrator, ComponentMonitoring and ResourceStatus - are installed,
+or at least their DBs should be installed, and the services connecting to them up and running.
 
 There are anyway a couple more steps that should be done to fully activate the ComponentMonitoring and the ResourceStatus.
 These steps can be found in the respective administration sessions of this documentation:
@@ -390,8 +387,7 @@ These steps can be found in the respective administration sessions of this docum
 
 but, no hurry: you can do it later.
 
-The rest of the installation can proceed using the DIRAC Administrator interface,
-either command line (System Administrator Console) or using Web Portal (eventually, not available yet).
+The rest of the installation can proceed using the DIRAC Administrator interface CLI.
 
 It is also possible to include any number of additional systems, services, agents and databases to be installed by ``install_site.sh``.
 
@@ -407,11 +403,22 @@ It is also possible to include any number of additional systems, services, agent
       killall runsv svlogd
       killall runsvdir
 
+
+Now it is time to add the necessary services for a minimal installation. In order to do so:
+
+- install a client as described in the users' guide. Remember to use the same user certificate that you defined as "AdminUser".
+- get a proxy using `dirac-proxy-init -g dirac_admin --no-upload`
+- start the `dirac-admin-sysadmin-cli --host=$your_server_host` and inside install the services "Framework/BundleDelivery", "Framework/ProxyManager" (see instructions on the use of this CLI below)
+- exit the CLI, and simply run `dirac-proxy-init`
+
+
 .. _install_additional_server:
 
 Additional server installation
 ------------------------------
 
+Additional servers can be installed for redundacy purposes. This operation can always be done later, so for now the suggestion is to skip to the next session.
+
 To add a new server to an already existing DIRAC Installation the procedure is similar to the one above.
 You should perform all the preliminary steps to prepare the host for the installation. One additional
 operation is the registration of the new host in the already functional Configuration Service.
@@ -444,8 +451,6 @@ operation is the registration of the new host in the already functional Configur
         #  Service in your installation, for the primary server it should not used)
         ConfigurationServer = https://myprimaryserver.name:9135/Configuration/Server
         ConfigurationServer += https://localhost:8443/Tornado/Tornado
-        #  Configuration Name
-        ConfigurationName = MyConfiguration
 
         #
         #   These options define the DIRAC components being installed on "this" DIRAC server.

docs/source/UserGuide/GettingStarted/InstallingClient/index.rst

@@ -8,10 +8,16 @@
 Installing DIRAC client
 =======================
 
-The DIRAC client installation procedure consists of few steps.
+This documentation explains how to install a Dirac client. Existing installations will often pre-configure a `*rc` file for their users to source.
+
+.. note::
+  A "DIRAC client" is also a DiracX client.
+
+The installation procedure consists of few steps.
 You can do these steps as any user without the need to be root.
+The procedure has been tested on recent versions of `el9` (i.e. AlmaLinux) and `debian`. We assume that it would work on most Linux distributions.
 
-Python3 DIRAC installations rely on the environment provided by `DIRACOS2 <https://github.com/DIRACGrid/DIRACOS2>`_.
+DIRAC installations rely on the environment provided by `DIRACOS2 <https://github.com/DIRACGrid/DIRACOS2>`_.
 So, you first install DIRACOS2 and only then install DIRAC in it::
 
   $ curl -LO https://github.com/DIRACGrid/DIRACOS2/releases/latest/download/DIRACOS-Linux-$(uname -m).sh
@@ -23,29 +29,35 @@ and now DIRAC::
 
   $ pip install DIRAC
 
-will install the most recent production version found on https://pypi.org/project/DIRAC/
+will install the most recent production versions found in https://pypi.org/project/DIRAC/. This will also install the most recent versions of DiracX.
+You should now be able to tab-complete `dirac-` to see all of the DIRAC commands that are available.
 
-And for the configuration::
+At this point, you have a DIRAC/DiracX client installed, but the client needs to be connected to a server.
+The configuration to connect to the server will be written down (in a "dirac.cfg" file) by the `dirac-configure` command.
+Before running it, make sure that the following conditions are satisfied:
 
-  $ dirac-configure
+* As a user, you have a personal certificate in `.pem` format. This certificate must be stored in the `~/.globus/` directory of the machine.
+* You are part of a Virtual Organization. You are registered in your VO's VOMS server (for talking to DIRAC), and in your VO's IdP server (e.g. IAM) (for talking to DiracX).
+* Your VO admins have set up a DIRAC/DiracX installation to which to connect to.
 
-Using a user proxy
-==================
 
-If you want to use a user proxy, we assume that you already have a user certificate,
-so in this case create a directory *.globus* in your home directory and copy the certificate files
-`usercert.pem` and `userkey.pem` -- public and private keys in .pem (Privacy Enhanced Mail)  format to this directory::
+For the configuration, simply issuing `dirac-configure` will start a configuration wizard, using some predefined setups. If your setup is not present, but you know the URL of DIRAC's Configuration Server, issue instead::
 
-   $ mkdir ~/.globus
-   $ cp <<certificate files>> ~/.globus/
+  $ dirac-configure -C $DIRAC_CS_URL --SkipCAChecks --SkipCADownload
+
+In both cases you will be prompted to insert the password of your personal certificate.
+
+Using a user proxy
+==================
 
-At this point you need a proxy, but you still have not configured DIRAC. So, you should issue the command::
+At this point you need a proxy, so you should issue the command::
 
    $ dirac-proxy-init
 
-You can see which file is your proxy certificate using the *dirac-proxy-info* command.
+This command will also embed a token in the proxy, in order to talk to DiracX.
+You can see which file is your proxy certificate using the `dirac-proxy-info` command.
 
 Updating client
 ===============
 
-The client software update, when a new version is available, can be simply done by running again ``pip``.
+The client software update, when a new version is available, can be simply done by running again ``pip install``.

docs/source/UserGuide/WebPortalReference/index.rst

@@ -2,8 +2,6 @@
 Web Portal Reference
 ==================================
 
-  This page is the work in progress. See more material here soon !
-
 .. toctree::
    :maxdepth: 1
 

src/DIRAC/Core/scripts/install_full.cfg

@@ -29,7 +29,7 @@ LocalInstallation
   #  Service in your installation, for the primary server it should not used )
   #  ConfigurationServer = dips://myprimaryserver.name:9135/Configuration/Server
   #  Configuration Name
-  ConfigurationName = Dirac-Production
+  ConfigurationName = central_config
   #
   #   These options define the DIRAC components to be installed on "this" DIRAC server.
   #
@@ -48,8 +48,6 @@ LocalInstallation
   AdminUserDN = /DC=ch/DC=cern/OU=Organic Units/OU=Users/CN=jdoe/CN=123467/CN=John Doe
   #  Email of the Admin user (default: None )
   AdminUserEmail = john.doe@example.invalid
-  #  Name of the Admin group (default: dirac_admin )
-  AdminGroupName = dirac_admin
   #  DN of the host certificate (*) (default: None )
   HostDN = /DC=ch/DC=cern/OU=computers/CN=lbcertifdirac7.cern.ch
   # Define the Configuration Server as Master for your installations

src/DIRAC/FrameworkSystem/Client/ComponentInstaller.py

@@ -36,7 +36,7 @@
 
 If a Controller Configuration Server is being installed the following Options can be used::
 
-  /LocalInstallation/ConfigurationName: Name of the Configuration (default: Setup )
+  /LocalInstallation/ConfigurationName: Name of the Configuration (default: central_config )
   /LocalInstallation/AdminUserName:  Name of the Admin user (default: None )
   /LocalInstallation/AdminUserDN:    DN of the Admin user certificate (default: None )
   /LocalInstallation/AdminUserEmail: Email of the Admin user (default: None )
@@ -45,6 +45,7 @@
   /LocalInstallation/VirtualOrganization: Name of the main Virtual Organization (default: None)
 
 """
+
 import glob
 import importlib
 import importlib.util
@@ -1302,7 +1303,7 @@ def setupSite(self, scriptCfg, cfg=None):
         setupWeb = self.localCfg.getOption(cfgInstallPath("WebPortal"), False)
         setupConfigurationController = self.localCfg.getOption(cfgInstallPath("ConfigurationMaster"), False)
         setupPrivateConfiguration = self.localCfg.getOption(cfgInstallPath("PrivateConfiguration"), False)
-        setupConfigurationName = self.localCfg.getOption(cfgInstallPath("ConfigurationName"), "DIRAC-Prod")
+        setupConfigurationName = self.localCfg.getOption(cfgInstallPath("ConfigurationName"), "central_config")
         setupAddConfiguration = self.localCfg.getOption(cfgInstallPath("AddConfiguration"), True)
 
         for serviceTuple in setupServices:
@@ -1673,7 +1674,7 @@ def installComponent(self, componentType, system, component, extensions, compone
                         textwrap.dedent(
                             f"""#!/bin/bash
 
-                            rcfile={os.path.join(self.instancePath, 'bashrc')}
+                            rcfile={os.path.join(self.instancePath, "bashrc")}
                             [[ -e ${{rcfile}} ]] && source ${{rcfile}}
                             #
                             export DIRAC_USE_TORNADO_IOLOOP=Yes
@@ -1883,7 +1884,7 @@ def installPortal(self):
                         textwrap.dedent(
                             f"""#!/bin/bash
 
-                            rcfile={os.path.join(self.instancePath, 'bashrc')}
+                            rcfile={os.path.join(self.instancePath, "bashrc")}
                             [[ -e $rcfile ]] && source $rcfile
                             #
                             exec 2>&1
@@ -2299,7 +2300,7 @@ def installTornado(self):
                     textwrap.dedent(
                         f"""#!/bin/bash
 
-                        rcfile={os.path.join(self.instancePath, 'bashrc')}
+                        rcfile={os.path.join(self.instancePath, "bashrc")}
                         [ -e $rcfile ] && source $rcfile
                         #
                         export DIRAC_USE_TORNADO_IOLOOP=Yes

tests/CI/exportCSLoop.sh

@@ -1,28 +1,28 @@
 #!/usr/bin/env bash
-# This script will export to the `Production.cfg` file to the
+# This script will export to the `central_config.cfg` file to the
 # yaml format for diracx every 5 seconds
 set -x
 exec >>/tmp/cs-loop.log 2>&1
 
 while [[ ! -f /home/dirac/ServerInstallDIR/bashrc ]]; do
-    sleep 1;
+  sleep 1
 done
-sleep 1;
+sleep 1
 source /home/dirac/ServerInstallDIR/bashrc
 
 git config --global user.name "DIRAC Server CI"
 git config --global user.email "dirac-server-ci@invalid"
 
 mkdir -p /home/dirac/TestCode/diracx/tests/cli/legacy/cs_sync/
-curl -L https://raw.githubusercontent.com/DIRACGrid/diracx/main/diracx-cli/tests/legacy/cs_sync/convert_integration_test.yaml > /home/dirac/TestCode/diracx/tests/cli/legacy/cs_sync/convert_integration_test.yaml
+curl -L https://raw.githubusercontent.com/DIRACGrid/diracx/main/diracx-cli/tests/legacy/cs_sync/convert_integration_test.yaml >/home/dirac/TestCode/diracx/tests/cli/legacy/cs_sync/convert_integration_test.yaml
 
 while true; do
-    DIRAC_COMPAT_ENABLE_CS_CONVERSION=x dirac internal legacy cs-sync \
-        "$DIRACOS/etc/Production.cfg" \
-        /cs_store/initialRepo/default.yml
-    git --git-dir=.git -C /cs_store/initialRepo/ commit -am "export $(date)"
-    if [[ "${1}" == "--once" ]]; then
-        break
-    fi
-    sleep 5;
+  DIRAC_COMPAT_ENABLE_CS_CONVERSION=x dirac internal legacy cs-sync \
+    "$DIRACOS/etc/central_config.cfg" \
+    /cs_store/initialRepo/default.yml
+  git --git-dir=.git -C /cs_store/initialRepo/ commit -am "export $(date)"
+  if [[ "${1}" == "--once" ]]; then
+    break
+  fi
+  sleep 5
 done