Difference between revisions of "Globus"

From Nuclear Physics Group Documentation Pages
Jump to navigationJump to search
 
(4 intermediate revisions by the same user not shown)
Line 3: Line 3:
 
== Configuration on Taro ==
 
== Configuration on Taro ==
  
Software is installed from RPM, but configuration is still to be done.
+
Software is installed from RPM, but configuration is still to be done. The main issue here is that the Great Firewall of UNH blocks all the incoming Globus traffic. Duh.
 +
 
 +
What turns out IS possible is to run a "globus personal endpoint". Useful instructions are at: [https://support.globus.org/entries/24078973 Command Line Installation for Linux]
 +
 
 +
<pre>
 +
wget https://s3.amazonaws.com/connect.globusonline.org/linux/stable/globusconnect-latest.tgz
 +
tar xzf globusconnect-latest.tgz
 +
cd tar xzf globusconnect-xxx
 +
ssh maurik@cli.globusonline.org endpoint-add taro_personal --gc
 +
./globusconnectpersonal -setup 2a0a5d39-a534-4fe7-b78a-acdb00542c52
 +
./globusconnectpersonal -start &
 +
</pre>
 +
 
 +
At this point you can activate the connection from the command line (endpoint_activate) or from the Web interface.
 +
 
 +
== Add a user ==
 +
 
 +
Example of how to add a user to the globus system.
 +
 
 +
<pre>
 +
su - -s /bin/sh myproxy
 +
-sh-3.2$ whoami
 +
myproxy
 +
-sh-3.2$
 +
-sh-3.2$ PATH=$PATH:/usr/sbin
 +
-sh-3.2$ myproxy-admin-adduser -c "Maurik Holtrop" -l maurik
 +
...
 +
Certificate subject is:
 +
/O=Grid/OU=GlobusTest/OU=simpleCA-taro.unh.edu/OU=local/CN=Maurik Holtrop
 +
-sh-3.2$exit
 +
root@taro:~>grid-mapfile-add-entry -dn "/O=Grid/OU=GlobusTest/OU=simpleCA-taro.unh.edu/OU=local/CN=Maurik Holtrop" -ln maurik
 +
Modifying /etc/grid-security/grid-mapfile ...
 +
/etc/grid-security/grid-mapfile does not exist... Attempting to create /etc/grid-security/grid-mapfile
 +
New entry:
 +
"/O=Grid/OU=GlobusTest/OU=simpleCA-taro.unh.edu/OU=local/CN=Maurik Holtrop" maurik
 +
(1) entry added
 +
root@taro:~>
 +
 
 +
</pre>
 +
 
 +
== Add an iptable exception ==
 +
<pre>
 +
iptables -I INPUT 8 -p tcp --dport 7512  -j ACCEPT
 +
iptables -I INPUT 8 -p tcp --dport 2811  -j ACCEPT
 +
</pre>
  
 
== Installation steps ==
 
== Installation steps ==
Line 15: Line 59:
 
* Install the simple certificates: globus-simple-ca globus-gsi-cert-utils-progs
 
* Install the simple certificates: globus-simple-ca globus-gsi-cert-utils-progs
 
** Now /usr/local/globus-5.0.5/bin/grid-cert-diagnostics  shows a proper cert.
 
** Now /usr/local/globus-5.0.5/bin/grid-cert-diagnostics  shows a proper cert.
 +
 +
Specific steps performed:
 +
<pre>
 +
rpm --install globus-toolkit-repo-latest.noarch.rpm
 +
yum install globus-gridftp globus-gram5 globus-gsi
 +
yum install myproxy-6.1.8-1.el5+gt6 myproxy-server-6.1.8-1.el5+gt6 myproxy-admin-6.1.8-1.el5+gt6
 +
install -o myproxy -m 644  /etc/grid-security/hostcert.pem /etc/grid-security/myproxy/hostcert.pem
 +
install -o myproxy -m 600  /etc/grid-security/hostkey.pem  /etc/grid-security/myproxy/hostkey.pem
 +
emacs -nw /etc/myproxy-server.config  # Uncomment sample policy #1
 +
usermod -a -G simpleca myproxy
 +
service myproxy-server start
 +
su - -s /bin/sh myproxy
 +
</pre>

Latest revision as of 03:36, 17 February 2015

Globus is a toolkit for transferring data. Detail are found on their website: Globus Toolkit

Configuration on Taro

Software is installed from RPM, but configuration is still to be done. The main issue here is that the Great Firewall of UNH blocks all the incoming Globus traffic. Duh.

What turns out IS possible is to run a "globus personal endpoint". Useful instructions are at: Command Line Installation for Linux

wget https://s3.amazonaws.com/connect.globusonline.org/linux/stable/globusconnect-latest.tgz
tar xzf globusconnect-latest.tgz
cd tar xzf globusconnect-xxx
ssh maurik@cli.globusonline.org endpoint-add taro_personal --gc
./globusconnectpersonal -setup 2a0a5d39-a534-4fe7-b78a-acdb00542c52
./globusconnectpersonal -start &

At this point you can activate the connection from the command line (endpoint_activate) or from the Web interface.

Add a user

Example of how to add a user to the globus system.

su - -s /bin/sh myproxy
-sh-3.2$ whoami
myproxy
-sh-3.2$ 
-sh-3.2$ PATH=$PATH:/usr/sbin
-sh-3.2$ myproxy-admin-adduser -c "Maurik Holtrop" -l maurik
...
Certificate subject is:
/O=Grid/OU=GlobusTest/OU=simpleCA-taro.unh.edu/OU=local/CN=Maurik Holtrop
-sh-3.2$exit
root@taro:~>grid-mapfile-add-entry -dn "/O=Grid/OU=GlobusTest/OU=simpleCA-taro.unh.edu/OU=local/CN=Maurik Holtrop" -ln maurik
Modifying /etc/grid-security/grid-mapfile ...
/etc/grid-security/grid-mapfile does not exist... Attempting to create /etc/grid-security/grid-mapfile
New entry:
"/O=Grid/OU=GlobusTest/OU=simpleCA-taro.unh.edu/OU=local/CN=Maurik Holtrop" maurik
(1) entry added
root@taro:~>

Add an iptable exception

iptables -I INPUT 8 -p tcp --dport 7512  -j ACCEPT
iptables -I INPUT 8 -p tcp --dport 2811  -j ACCEPT

Installation steps

Steps performed on 2015/02/15

  • Update the globus toolkit from website instructions, starting with the downloaded rpm.
  • Follow steps in:Quick Start
    • Note: The myproxy etc have duplicates as shown by: "yum --showduplicates list myproxy | expand", this causes library version conflicts.
    • Install the gt6 version with: "yum install myproxy-6.1.8-1.el5+gt6 myproxy-server-6.1.8-1.el5+gt6 myproxy-admin-6.1.8-1.el5+gt6"
  • Install the simple certificates: globus-simple-ca globus-gsi-cert-utils-progs
    • Now /usr/local/globus-5.0.5/bin/grid-cert-diagnostics shows a proper cert.

Specific steps performed:

rpm --install globus-toolkit-repo-latest.noarch.rpm
yum install globus-gridftp globus-gram5 globus-gsi 
yum install myproxy-6.1.8-1.el5+gt6 myproxy-server-6.1.8-1.el5+gt6 myproxy-admin-6.1.8-1.el5+gt6
install -o myproxy -m 644  /etc/grid-security/hostcert.pem /etc/grid-security/myproxy/hostcert.pem
install -o myproxy -m 600   /etc/grid-security/hostkey.pem  /etc/grid-security/myproxy/hostkey.pem
emacs -nw /etc/myproxy-server.config  # Uncomment sample policy #1
usermod -a -G simpleca myproxy
service myproxy-server start
su - -s /bin/sh myproxy