Warning: The previous note about Globus installation dealt with Globus 2.0 beta release. In the meantime Globus team has released the Globus 2.0 version (without beta). This instruction is for the final release version of Globus 2.0. It is meant to replace the previous Globus installation instructions.
Note: In order for your grid station to work, you need the following three certificates:
1. personal certificate for every user
2. globus gatekeeper certificate for your gatekeeper machine
3. MDS service certificate for your gatekeeper machine
You can generate the requests for the above certificate only after installing globus. The instructions are embedded in the document with bold faced, green characters. Since it takes a few days for the authorities to issue the certificates, it is probably wise to go through these steps swiftly so that you can send the requests in an expeditious manner.
Before you start:
1. You will need some help later on from the root of your system.
2. You need an account named globus with a normal user privilege.
3. Make sure that your system has perl 5.005 or greater.
Where to get more information: Globus project home page is http://www.globus.org/. Installation instructions can be found on http://www.globus.org/gt2/install/index.html
$GLOBUS_LOCATION/setup/globus/setup-gsi
The above steps completes
the installation of globus-2.0 binaries.
A user must define an environment variable GLOBUS_LOCATION
to point to the directory where you want globus to be installed, for example /products/globus/globus-2.0 and initialize
globus environment, each login time one works with globus.
.
$GLOBUS_LOCATION/etc/globus-user-env.sh
These two command lines can be conveniently added to a
user’s login file. Now one has to ask
for one’s personal globus certificate, to obtain a gatekeeper certificate and
to install globus gatekeeper, grid ftp and MDS. The following sections will guide through these processes.
Obtaining
personal Globus certificate.
One needs a globus certificate in order to submit jobs to the machines on the grid network. To obtain a personal certificate execute (from your personal account):
grid-cert-request -gatekeeper FQDN \
-key /etc/grid-security/hostkey.pem \
-cert /etc/grid-security/hostcert.pem \
-req /etc/grid-security/host.req
All in one line, replacing FQDN with your full node name
including the domain (eg. xxx.uta.edu).
This must be done on the node the globus has been installed. Mail the file
~/.globus/usercert_request.pem to ca@globus.org
to request your personal certificate. One can mail the request file from any machine, though. Once they reply, install your
certificate by saving their reply in the user certificate file ~/.globus/usercert.pem.
Installing
and starting Globus gatekeeper.
In order for your machine to work in the grid environment you must request for a gatekeeper host certificate. As a root execute
grid-cert-request
–gatekeeper FQDN –key /etc/grid-security/hostkey.pem –cert
/etc/grid-security/hostcert.pem -req /etc/grid-security/host.req
(all in one line). Replace FQDN with the full host name of your Globus server. This must also be done on a machine that globus has been installed. This command will produce a file /etc/grid-security/host.req. mail this file to ca@globus.org. Within two days they will mail you back the certificate. Store their e-mail response (as root) in file /etc/grid-security/hostcert.pem. Give this file attribute 600, i.e. chmod 600 (as root).
Now you have to start the globus gatekeeper. Edit the file /etc/services (as root) and add a line:
gsigatekeeper 2119/tcp #
Globus gatekeeper
at the bottom of this file.
Goto /etc/xinetd.d (for linux 7.x) directory and create the file, globus-gatekeeper, with the following content (contact tomw@hepmail.uta.edu for linux6.x):
service gsigatekeeper
{
socket_type = stream
protocol = tcp
wait = no
user = root
server = GLOBUS_LOCATION/sbin/globus-gatekeeper
server_args
= -conf GLOBUS_LOCATION/etc/globusgatekeeper.conf
disable = no
}
(Replace the GLOBUS_LOCATION with the actual location of your globus installation, for example /products/globus/).
As the root execute
killall –USR1 xinetd
This will restart Linux daemons, starting the globus gatekeeper service.
Installing
Grid-ftp
1. As root edit /etc/services and add:
· gsiftp 2811/tcp
2.
Then goto /etc/xinetd.d directory (linux 7.x) and
create the file gsi-wuftpd, with the
following content in it:
service gsiftp
{
instances
= 1000
socket_type
= stream
wait
= no
user
= root
server
= GLOBUS_LOCATION/sbin/in.ftpd
server_args
= -l -a -G GLOBUS_LOCATION
log_on_success += DURATION
USERID
log_on_failure += USERID
nice
= 10
disable
= no
}
Replace
GLOBUS_LOCATION by the actual Globus location, for example /products/globus/.
3. As root go
to directory /etc/rc.d/init.d
and execute:
xinetd restart
This will
start the gridftp and gsiftp server for file transfer.
To use
grid ftp do
globus-url-copy
gsiftp://hepfm007.uta.edu/home/mcfarm/temp.source_file
file://heppc6.uta.edu/home/mcfarm/temp.target_file
Installing
and starting MDS
First of all, you have to ask for MDS server certificate. As root execute
grid-cert-request -cn "ldap/<FQDN>"
\
-cert $GLOBUS_LOCATION/etc/server.cert \
-key $GLOBUS_LOCATION/etc/server.key \
-req $GLOBUS_LOCATION/etc/server.request -nopw \
-dir $GLOBUS_LOCATION/etc
(all in one line). Replace FQDN with your full machine name of your server that you have (will) installed globus and the gatekeeper host certificate (e.g. hepfm007.uta.edu). Replace GLOBUS_LOCATION with your actual Globus location, for example /products/globus/. Mail the file GLOBUS_LOCATION/etc/server.request to ca@globus.org. Withn 2 days they will mail you back the certificate. Save their response (as root) in file GLOBUS_LOCATION/etc/server.cert, give this file permissions 600.
Once the certificate has been installed,you have to start the MDS service, by executing (as root) the following:
$GLOBUS_LOCATION/sbin/SXXgris
start
This should start the MDS service. To verify that it works you should (as regular user) initialize your grid proxy
$GLOBUS_LOCATION/bin/grid-proxy-init
This must be done every time you want to use globus.
Then do the following:
$GLOBUS_LOCATION/bin/grid-info-search
–anonymous –L
if everything is OK, this should dump you the MDS contents
(several screens of MDS output of status…)
Acknowledgements: Many thanks to Patrick McGuigan for his help in the titanic struggle with Globus installation.