Difference between revisions of "Globus"
From Nuclear Physics Group Documentation Pages
Jump to navigationJump to search| (5 intermediate revisions by the same user not shown) | |||
| Line 3: | Line 3: | ||
== Configuration on Taro == | == Configuration on Taro == | ||
| − | Software is installed from RPM, but configuration is still to be done. | + | Software is installed from RPM, but configuration is still to be done. The main issue here is that the Great Firewall of UNH blocks all the incoming Globus traffic. Duh. |
| + | |||
| + | What turns out IS possible is to run a "globus personal endpoint". Useful instructions are at: [https://support.globus.org/entries/24078973 Command Line Installation for Linux] | ||
| + | |||
| + | <pre> | ||
| + | wget https://s3.amazonaws.com/connect.globusonline.org/linux/stable/globusconnect-latest.tgz | ||
| + | tar xzf globusconnect-latest.tgz | ||
| + | cd tar xzf globusconnect-xxx | ||
| + | ssh maurik@cli.globusonline.org endpoint-add taro_personal --gc | ||
| + | ./globusconnectpersonal -setup 2a0a5d39-a534-4fe7-b78a-acdb00542c52 | ||
| + | ./globusconnectpersonal -start & | ||
| + | </pre> | ||
| + | |||
| + | At this point you can activate the connection from the command line (endpoint_activate) or from the Web interface. | ||
| + | |||
| + | == Add a user == | ||
| + | |||
| + | Example of how to add a user to the globus system. | ||
| + | |||
| + | <pre> | ||
| + | su - -s /bin/sh myproxy | ||
| + | -sh-3.2$ whoami | ||
| + | myproxy | ||
| + | -sh-3.2$ | ||
| + | -sh-3.2$ PATH=$PATH:/usr/sbin | ||
| + | -sh-3.2$ myproxy-admin-adduser -c "Maurik Holtrop" -l maurik | ||
| + | ... | ||
| + | Certificate subject is: | ||
| + | /O=Grid/OU=GlobusTest/OU=simpleCA-taro.unh.edu/OU=local/CN=Maurik Holtrop | ||
| + | -sh-3.2$exit | ||
| + | root@taro:~>grid-mapfile-add-entry -dn "/O=Grid/OU=GlobusTest/OU=simpleCA-taro.unh.edu/OU=local/CN=Maurik Holtrop" -ln maurik | ||
| + | Modifying /etc/grid-security/grid-mapfile ... | ||
| + | /etc/grid-security/grid-mapfile does not exist... Attempting to create /etc/grid-security/grid-mapfile | ||
| + | New entry: | ||
| + | "/O=Grid/OU=GlobusTest/OU=simpleCA-taro.unh.edu/OU=local/CN=Maurik Holtrop" maurik | ||
| + | (1) entry added | ||
| + | root@taro:~> | ||
| + | |||
| + | </pre> | ||
| + | |||
| + | == Add an iptable exception == | ||
| + | <pre> | ||
| + | iptables -I INPUT 8 -p tcp --dport 7512 -j ACCEPT | ||
| + | iptables -I INPUT 8 -p tcp --dport 2811 -j ACCEPT | ||
| + | </pre> | ||
== Installation steps == | == Installation steps == | ||
| Line 10: | Line 54: | ||
* Update the globus toolkit from website instructions, starting with the downloaded rpm. | * Update the globus toolkit from website instructions, starting with the downloaded rpm. | ||
| + | * Follow steps in:[http://toolkit.globus.org/toolkit/docs/6.0/admin/quickstart Quick Start] | ||
| + | ** Note: The myproxy etc have duplicates as shown by: "yum --showduplicates list myproxy | expand", this causes library version conflicts. | ||
| + | ** Install the gt6 version with: "yum install myproxy-6.1.8-1.el5+gt6 myproxy-server-6.1.8-1.el5+gt6 myproxy-admin-6.1.8-1.el5+gt6" | ||
* Install the simple certificates: globus-simple-ca globus-gsi-cert-utils-progs | * Install the simple certificates: globus-simple-ca globus-gsi-cert-utils-progs | ||
** Now /usr/local/globus-5.0.5/bin/grid-cert-diagnostics shows a proper cert. | ** Now /usr/local/globus-5.0.5/bin/grid-cert-diagnostics shows a proper cert. | ||
| + | |||
| + | Specific steps performed: | ||
| + | <pre> | ||
| + | rpm --install globus-toolkit-repo-latest.noarch.rpm | ||
| + | yum install globus-gridftp globus-gram5 globus-gsi | ||
| + | yum install myproxy-6.1.8-1.el5+gt6 myproxy-server-6.1.8-1.el5+gt6 myproxy-admin-6.1.8-1.el5+gt6 | ||
| + | install -o myproxy -m 644 /etc/grid-security/hostcert.pem /etc/grid-security/myproxy/hostcert.pem | ||
| + | install -o myproxy -m 600 /etc/grid-security/hostkey.pem /etc/grid-security/myproxy/hostkey.pem | ||
| + | emacs -nw /etc/myproxy-server.config # Uncomment sample policy #1 | ||
| + | usermod -a -G simpleca myproxy | ||
| + | service myproxy-server start | ||
| + | su - -s /bin/sh myproxy | ||
| + | </pre> | ||
Latest revision as of 03:36, 17 February 2015
Globus is a toolkit for transferring data. Detail are found on their website: Globus Toolkit
Configuration on Taro
Software is installed from RPM, but configuration is still to be done. The main issue here is that the Great Firewall of UNH blocks all the incoming Globus traffic. Duh.
What turns out IS possible is to run a "globus personal endpoint". Useful instructions are at: Command Line Installation for Linux
wget https://s3.amazonaws.com/connect.globusonline.org/linux/stable/globusconnect-latest.tgz tar xzf globusconnect-latest.tgz cd tar xzf globusconnect-xxx ssh maurik@cli.globusonline.org endpoint-add taro_personal --gc ./globusconnectpersonal -setup 2a0a5d39-a534-4fe7-b78a-acdb00542c52 ./globusconnectpersonal -start &
At this point you can activate the connection from the command line (endpoint_activate) or from the Web interface.
Add a user
Example of how to add a user to the globus system.
su - -s /bin/sh myproxy -sh-3.2$ whoami myproxy -sh-3.2$ -sh-3.2$ PATH=$PATH:/usr/sbin -sh-3.2$ myproxy-admin-adduser -c "Maurik Holtrop" -l maurik ... Certificate subject is: /O=Grid/OU=GlobusTest/OU=simpleCA-taro.unh.edu/OU=local/CN=Maurik Holtrop -sh-3.2$exit root@taro:~>grid-mapfile-add-entry -dn "/O=Grid/OU=GlobusTest/OU=simpleCA-taro.unh.edu/OU=local/CN=Maurik Holtrop" -ln maurik Modifying /etc/grid-security/grid-mapfile ... /etc/grid-security/grid-mapfile does not exist... Attempting to create /etc/grid-security/grid-mapfile New entry: "/O=Grid/OU=GlobusTest/OU=simpleCA-taro.unh.edu/OU=local/CN=Maurik Holtrop" maurik (1) entry added root@taro:~>
Add an iptable exception
iptables -I INPUT 8 -p tcp --dport 7512 -j ACCEPT iptables -I INPUT 8 -p tcp --dport 2811 -j ACCEPT
Installation steps
Steps performed on 2015/02/15
- Update the globus toolkit from website instructions, starting with the downloaded rpm.
- Follow steps in:Quick Start
- Note: The myproxy etc have duplicates as shown by: "yum --showduplicates list myproxy | expand", this causes library version conflicts.
- Install the gt6 version with: "yum install myproxy-6.1.8-1.el5+gt6 myproxy-server-6.1.8-1.el5+gt6 myproxy-admin-6.1.8-1.el5+gt6"
- Install the simple certificates: globus-simple-ca globus-gsi-cert-utils-progs
- Now /usr/local/globus-5.0.5/bin/grid-cert-diagnostics shows a proper cert.
Specific steps performed:
rpm --install globus-toolkit-repo-latest.noarch.rpm yum install globus-gridftp globus-gram5 globus-gsi yum install myproxy-6.1.8-1.el5+gt6 myproxy-server-6.1.8-1.el5+gt6 myproxy-admin-6.1.8-1.el5+gt6 install -o myproxy -m 644 /etc/grid-security/hostcert.pem /etc/grid-security/myproxy/hostcert.pem install -o myproxy -m 600 /etc/grid-security/hostkey.pem /etc/grid-security/myproxy/hostkey.pem emacs -nw /etc/myproxy-server.config # Uncomment sample policy #1 usermod -a -G simpleca myproxy service myproxy-server start su - -s /bin/sh myproxy
