cluster:Interactive/2/node
From Dgiref
Contents |
Interactive node
Prepare
- Operating system
- Scientific Linux version 5.4 64 bit
Optimizing the configuration:
Use minimal operating system installation without firewall. To verify installed packages use the command
-
rpm -qa | grep package_name
Install the following additional packages:
-
yum -y install wget yum rpm make gcc gcc-c++ tar sed zlib openssl
After the installation is complete, turn off any unnecessary services (like gpm, sendmail, cups, haldaemon, messagebus, pcmcia, anacron, atd) with the following command:
-
chkconfig <SERVICE> off
Configure the following settings for the server:
- Additional software
- java SDK >=1.6.0 (java-1_6_0-sun or java-1_6_0-ibm)
- Perl version >= 5.8.8 (with XML::PARSER)
- Worker node packages
- Firewall configuration
- Access via GSISSH (TCP port 2222) to the interactive node should be allowed (how to open port in firewall).
administrator's script: prepare.sh
#!/bin/bash# prepare the interactive node installation# Declare the variables section ------------# Please insert your actual configuration# from here ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~echo `su -`
user_globus=globuspath_globus=/usr/local/globus
path_certificates=/etc/grid-security/certificates
path_gpt=/usr/local/gpt-3.2
JAVA_HOME=/usr/java/jdk1.6.0_13/
ANT_HOME=/usr/share/ant
# till here ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~#-> start routine# Create the directory for authorization and authentication functions:mkdir -p $path_certificates
mkdir -p $path_globus
chmod 755 $path_globus
chown -R $user_globus.$user_globus $path_globus
if [ ! -f /usr/local/bin/globus-env-setup.sh ];
thenecho "\
export GPT_LOCATION=${path_gpt}export GLOBUS_LOCATION=${path_globus}export GLOBUS_USAGE_OPTOUT=1export GLOBUS_TCP_PORT_RANGE=20000,25000export JAVA_HOME=${JAVA_HOME}export ANT_HOME=${ANT_HOME}export CLASSPATH=\$CLASSPATH:\$JAVA_HOME/libexport PATH=\$ANT_HOME/bin:\$JAVA_HOME/bin:\$PATHexport PATH=\$GLOBUS_LOCATION/bin:\$GLOBUS_LOCATION/sbin:\$PATHexport PATH=\$GLOBUS_LOCATION/etc:\$GPT_LOCATION/sbin:\$PATHif [ -r \$GLOBUS_LOCATION/etc/globus-user-env.sh ]; then. \$GLOBUS_LOCATION/etc/globus-user-env.shelseecho "error: globus may not be installed yet"
fi" > /usr/local/bin/globus-env-setup.sh
fi# The file should be marked as executable:chmod +x /usr/local/bin/globus-env-setup.sh
#In order to execute this script for every user automatically, link in the directory /etc/profile.d as follows:ln -s /usr/local/bin/globus-env-setup.sh /etc/profile.d
# GPT# # As 'root' create the directory /usr/local/gpt-3.2 for the GPT installation and for# the user 'globus' must have the necessary privileges:# su rootmkdir -p $path_gpt
chown -R $user_globus.$user_globus $path_gpt
#<- end routine
Install
- downloads and install the Grid Packaging Toolkit (GPT)
- download
gsisshpackage - install
gsisshby using the gpt toolkit - execute gpt-postinstall
administrator's script: install.sh
#!/bin/bash# install interactive nodeworkdir=/opt
PACKAGE=Lrz_SL5.3_gsissh-gsissh4.4-jdk-1.5-x86_64-unknown-linux-gnu-bin.tar.gz
# GSI-SSH installation# As user 'globus' download the binary package for gsisshsu globus# install gsissh packagecd $workdir
wget http://mirror.scc.kit.edu/downloads/src/globus/2009.2/gpt-3.2-src.tar.gz
su - $user_globus
. /usr/local/bin/globus-env-setup.sh
if [ ! -f /usr/local/gpt-3.2/sbin/gpt-build ];
thentar zxvf gpt-3.2-src.tar.gz
cd gpt-3.2
./build_gptcd ..rm -rf gpt-3.2/
rm gpt-3.2-src.tar.gz
fiwget http://mirror.scc.kit.edu/downloads/src/interactive/2010.1/$PACKAGE
gpt-install $PACKAGEgpt-postinstall
Configure
Please check the grid certificates allocation before to proceed.
- Grid Security Infrastructure
To use the Globus services Globus user must be authenticated. There are two ways for user authentication in Globus:
1 - manually
- as
grid-userextract the Distinguished name (DN) as the following:
su $USER grid-cert-info -subject /C=DE/O=GridGermany/OU=Leibniz-Rechenzentrum/CN=griduser1
- Now, the grid-user should be included to the grid-mapfile. For this, execute as
root:
su root grid-mapfile-add-entry -dn “<DN>” -ln <locale user name for griduser1>
2 - automaticly
- There is the dgridmap script for automatic generation of the grid-mapfile. It is mandatory to execute the dgridmap script regularly (e.g. cron minimum once per 24 hours) for update of the Globus grid-mapfile (see section join D-Grid).
WARNING: Grid-mapfile:
The grid-mapfile located in the directory /etc/grid-security/ is necessary for the successful launch of the Globus container.
If you have none of it, an empty file with the name grid-mapfile should be created.
To configure gsissh do the following:
administrator's script: configure.sh
#!/bin/bash# configure interactive node# To configure the gsisshd:su rootsed -i "s/Port 22/Port 2222/g" $GLOBUS_LOCATION/etc/ssh/sshd_config
sed -i "s/UsePAM/\#UsePAM/g" $GLOBUS_LOCATION/etc/ssh/sshd_config
# Create the service initialization gsisshcat << EOF>> /etc/init.d/gsisshd
#!/bin/sh# chkconfig: 2345 95 20# description: start the gsissh deamon# What your script does (not sure if this is necessary though)# processname: gsisshdcase "\$1" in
start)# export locationsexport GLOBUS_LOCATION=/usr/local/globus/gsissh
export LD_LIBRARY_PATH=/usr/local/globus/gsissh/lib
# link to the host keys[[ -f /usr/local/globus/gsissh/etc/ssh/ssh_host_dsa_key ]]&& echo ssh_host_dsa_key OK || \
ln -s /etc/ssh/ssh_host_dsa_key /usr/local/globus/gsissh/etc/ssh/ssh_host_dsa_key
[[ -f /usr/local/globus/gsissh/etc/ssh/ssh_host_rsa_key ]]&& echo ssh_host_rsa_key OK || \
ln -s /etc/ssh/ssh_host_rsa_key /usr/local/globus/gsissh/etc/ssh/ssh_host_rsa_key
# run the gsissh deamonchmod +x /usr/local/globus/gsissh/sbin/sshd
/usr/local/globus/gsissh/sbin/sshd
;;stop)echo -n "Shutdown and cleanup"
get_pid=$(echo `pidof /usr/local/globus/gsissh/sbin/sshd`)
kill -9 $get_pid
;;*)
## If no parameters are given, print which are avaiable.echo "Usage: \$0 {start|stop}"
exit 1
;;esacEOF
chmod +x /etc/init.d/gsisshd
chkconfig --add gsisshdservice gsisshd
# Setting up GSI-SSH service# In order to work with the GSI-SSH Service, the following line must be inserted as 'root' into the /etc/services:gsissh 2222/tcp
# 2.1. In /etc/hosts the IP address of the server must be mapped to the FQDN as follows:# <IP ADDRESS> <FQDN> <hostname># Insert as 'root' the following entries in the file /etc/hosts.allow:echo "gsisshd:ALL:ALLOW" >> /etc/hosts.allow
Proceed
To start/stop services use the commands:
administrator's script: proceed.sh
#!/bin/bashservice gsisshd [start|stop]
Initial test
To test the following commands can be used:
administrator's script: test.sh
#!/bin/bash# initial test for interactive node# Log on into a grid client (eg. with ssh)ssh griduser@gridclient
# logged in griduser@gridclient# GSI Authenticationgrid-proxy-init
# Your identity: /C=DE/O=GermanGrid/OU=FZK/CN=Grid User# Enter GRID pass phrase for this identity:# Creating proxy ...................................................... Done# Your proxy is valid until: Fri Aug 15 23:27:06 2008# GSI-SSH Access to login nodegsissh -p 2222 dgiref-login.fzk.de
#********************************************************## Welcome to the D-Grid-Referenzinstallation:## - Interactive node Installation:## * GSI-SSH (Globus 4.0.7 64 bit)# * gLite WN_TAR#**********************************************************# dgdt0001@dgiref-login.fzk.de:~>
Update
- It is highly recommended to install the following updates after the gsissh installation. All the updates can be downloaded from here and must be installed by user globus:
- deinstall software by the root user
administrator's script: update.sh
#!/bin/bash# update interactive node as 'globus' usersu globusgpt-build -update gsi_openssh_bundle-4.3-src.tar.gz gcc64dbg
gpt-build -update globus_gsi_callback-0.33.tar.gz gcc64dbg
# Deinstallation# This procedure run as 'root' will delete the whole installation and configuration of Globus from the machine:# Remove installation directories and filessu rootrm /etc/profile.d/globus-env-setup.sh
rm /usr/local/bin/globus-env-setup.sh
rm -rf /usr/local/globus
# Remove the Globus entries, if they are available.vi /etc/hosts.allow
# Delete user 'globus'userdel globus
rm -rf /home/globus
groupdel globus
# for GSI:rm -rf /etc/grid-security
su 'grid-user'
rm -rf ~/.globus (for the grid user)
# Remove the GSI-SSH start script:su rootchkconfig --del gsisshdrm -f /etc/init.d/gsisshd
