cluster:Interactive/1/node
From Dgiref
Contents |
Interactive/1/node
Prepare
- Operating system
- Scientific Linux version 4.5 64 bit
Optimizing the configuration:
Use minimal operating system installation without firewall. To verify installed packages use the command
-
rpm -qa | grep package_name
Install the following additional packages:
-
yum -y install wget yum rpm make gcc gcc-c++ tar sed zlib openssl
After the installation is complete, turn off any unnecessary services (like gpm, sendmail, cups, haldaemon, messagebus, pcmcia, anacron, atd) with the following command:
-
chkconfig <SERVICE> off
Configure the following settings for the server:
- Additional software
- java SDK 1.5.0 (java-1_5_0-sun or java-1_5_0-ibm)
- Perl 5.8.8 (with XML::PARSER)
- Firewall configuration
- Access via GSISSH (TCP port 2222) to the interactive node should be allowed (how to open port in firewall).
administrator's script: prepare.sh
#!/bin/bash# prepare# Create the user globus as the Globus administrator and the group globus:su rootgroupadd globus
useradd -m -g globus -d /home/globus globus
# Create the installation directory for the Globus /usr/local/globus and accept the globus user to this:mkdir /usr/local/globus
chown -R globus.globus /usr/local/globus
# Create the directory for authorization and authentication functions:mkdir /etc/grid-security
mkdir /etc/grid-security/certificates
# Each grid user needs a directory for its certificates. As grid user create this directory bysu $USER
mkdir ~/.globus
### Environment Variables# As '''root''' generate new setup file ''/usr/local/bin/globus-env-setup.sh'':export GLOBUS_LOCATION=/usr/local/globus
export GLOBUS_USAGE_OPTOUT=1
export GLOBUS_TCP_PORT_RANGE=20000,25000
export JAVA_HOME=/usr/lib64/jvm/java-1.5.0
export ANT_HOME=/usr/share/ant
export CLASSPATH=$CLASSPATH:$JAVA_HOME/lib
export PATH=$ANT_HOME/bin:$JAVA_HOME/bin:$PATH
export PATH=$GLOBUS_LOCATION/bin:$GLOBUS_LOCATION/sbin:$PATH
if [ -r $GLOBUS_LOCATION/etc/globus-user-env.sh ]; then
. $GLOBUS_LOCATION/etc/globus-user-env.sh
elseecho "error: globus may not be installed yet"
fi# The file should be marked as executable:chmod +x /usr/local/bin/globus-env-setup.sh
#In order to execute this script for every user automatically, link in the directory /etc/profile.d as follows:ln -s /usr/local/bin/globus-env-setup.sh /etc/profile.d
Install
The interactive node installation is not far away from the Globus toolkit installation, and can be named as "lite Globus installation". Hence, the following steps are needed:
administrator's script: install.sh
#!/bin/bash# install interactive node# Set BASE_URL linkBASE_URL="http://mirror.scc.kit.edu/downloads/src/interactive/2009.1"
# GSI-SSH installation# As user 'globus' download the binary package for globus 4.0.7PACKAGE_VERSION="gt4.0.7-x86_64_rhas_4-installer"
% cd /tmp
% wget ${BASE_URL}/${PACKAGE_VERSION}.tar.gz
% tar xzvf gt4.0.7-x86_64_rhas_4-installer.tar.gz
% cd gt4.0.7-x86_64_rhas_4-installer
% ./configure --prefix=$GLOBUS_LOCATION --with-gsiopensshargs="--with-pam --with-md5-passwords --with-tcp-wrappers"
% make gsi-openssh 2>&1 | tee build.log
% make install
Configure
Please check the grid certificates allocation before to proceed.
- Grid Security Infrastructure
- In order to use the Globus services Globus user must be authenticated. There are two ways for user authentication in Globus:
1- manually
- as
grid-userextract the Distinguished name (DN) as the following:
su $USER grid-cert-info -subject /C=DE/O=GridGermany/OU=Leibniz-Rechenzentrum/CN=griduser1
- Now, the grid-user should be included to the grid-mapfile. For this, execute as
root:
su root grid-mapfile-add-entry -dn “<DN>” -ln <locale user name for griduser1>
2- automaticly
- There is the dgridmap script for automatic generation of the grid-mapfile. It is mandatory to execute the dgridmap script regularly (e.g. cron minimum once per 24 hours) for update of the Globus grid-mapfile (see section join D-Grid).
WARNING: Grid-mapfile:
The grid-mapfile located in the directory /etc/grid-security/ is necessary for the successful launch of the Globus container.
If you have none of it, an empty file with the name grid-mapfile should be created.
To configure gsissh do the following:
administrator's script: configure.sh
#!/bin/bash# configure interactive node# Start-Script for GSI-SSH# To configure the 'gsissh' start script do the following as 'root':su rootcp $GLOBUS_LOCATION/sbin/SXXsshd /etc/init.d/gsisshd
chkconfig --add gsisshd# As 'globus' user change the port number from 22 to 2222 in the following files:su globuscat $GLOBUS_LOCATION/etc/ssh/ssh_config
cat $GLOBUS_LOCATION/etc/ssh/sshd_config
# As 'root' start the 'gsissh' daemon with the following command:su root/etc/init.d/gsisshd start
# Setting up GSI-SSH service# In order to work with the GSI-SSH Service, the following line must be inserted as 'root' in the file /etc/services:gsissh 2222/tcp
# 2.1. In /etc/hosts the IP address of the server must be mapped to the FQDN as follows:# <IP ADDRESS> <FQDN> <hostname># Furthermore, insert as 'root' the following entries in the file /etc/hosts.allow:echo "gsisshd:ALL:ALLOW" >> /etc/hosts.allow
Proceed
To start/stop services use the commands:
administrator's script: proceed.sh
#!/bin/bashservice gsisshd [start|stop]
Initial test
Execute the following steps:
administrator's script: test.sh
#!/bin/bash# initial test for interactive node# Log on into a grid client (eg. with ssh)ssh griduser@gridclient
# logged in griduser@gridclient# GSI Authenticationgrid-proxy-init
# Your identity: /C=DE/O=GermanGrid/OU=FZK/CN=Grid User# Enter GRID pass phrase for this identity:# Creating proxy ...................................................... Done# Your proxy is valid until: Fri Aug 15 23:27:06 2008# GSI-SSH Access to login nodegsissh -p 2222 dgiref-login.fzk.de
#********************************************************## Welcome to the D-Grid-Referenzinstallation:## - Interactive node Installation:## * GSI-SSH (Globus 4.0.7 64 bit)# * gLite WN_TAR#**********************************************************# dgdt0001@dgiref-login.fzk.de:~>
Update
- It is highly recommended to install the following updates after the gsissh installation. All the updates can be downloaded from here and must be installed by user globus:
- deinstall software by the root user
administrator's script: update.sh
#!/bin/bash# update interactive node as 'globus' usersu globusgpt-build -update gsi_openssh_bundle-4.3-src.tar.gz gcc64dbg
gpt-build -update globus_gsi_callback-0.33.tar.gz gcc64dbg
# Deinstallation# This procedure run as 'root' will delete the whole installation and configuration of Globus from the machine:# Remove installation directories and filessu rootrm /etc/profile.d/globus-env-setup.sh
rm /usr/local/bin/globus-env-setup.sh
rm -rf /usr/local/globus
# Remove the Globus entries, if they are available.vi /etc/hosts.allow
# Delete user 'globus'userdel globus
rm -rf /home/globus
groupdel globus
# for GSI:rm -rf /etc/grid-security
su 'grid-user'
rm -rf ~/.globus (for the grid user)
# Remove the GSI-SSH start script:su rootchkconfig --del gsisshdrm -f /etc/init.d/gsisshd
