middleware:Globus/42/server
From Dgiref
See also troubleshooting for this page.
Contents |
Globus Toolkit server v.4.2
Prepare
- Operating system
- Scientific Linux v.5.4 64 bit
Optimizing the configuration:
Use minimal operating system installation without firewall. To verify installed packages use the command
-
rpm -qa | grep package_name
Install the following additional packages:
-
yum -y install wget yum rpm make gcc gcc-c++ tar sed zlib openssl
After the installation is complete, turn off any unnecessary services (like gpm, sendmail, cups, haldaemon, messagebus, pcmcia, anacron, atd) with the following command:
-
chkconfig <SERVICE> off
Configure the following settings for the server:
- proxy
- ntp
- script:/etc/resolv.conf
- configure the postgres update
- Additional Software
- torque & maui client
- java SDK >= 1.6.0 (from Sun, IBM, HP, or BEA (do not use GCJ))
- PostgreSQL 8.1.9 (postgresql, postgresql-libs, postgresql-server)
- Perl 5.8.8 (with XML::PARSER)
- sudo
- ant version >= 1.6.5
To make all libraries from ant available do the following as root:
$ cd /usr/share/ant/lib $ ln -s /usr/share/java/ant.jar ant.jar $ ln -s /usr/share/java/ant-launcher.jar ant-launcher.jar
 Each grid user needs a certificates directory . As grid user create this directory by: mkdir -p $home/.$user_globus chown $user_grid /localhome/.$user_globus |
- Firewall configuration
The GT4 frontend runs GRAM + MDS + GridFTP + RFT services (how to open port in firewall).
| Service | Incoming ports (TCP) | Change to default default |
| GRAM (GT2) | 2119 | No |
| GRAM (GT2) | 20000-25000 | Yes |
| WS-GRAM | 8443 | No |
| WS-GRAM | 20000-25000 | Yes |
| WS-MDS | 8443 | No |
| GridFTP | 2811 | No |
| GridFTP | 20000-25000 | Yes |
| RFT | 8443 | No |
administrator's script: prepare.sh
#!/bin/shsu root# prepare the installation of Globus 4.2.1# Declare the variables section ------------# user_globus=globus local user# user_grid=non root and non globus grid user# path_globus=globus localtion# path_certificates=certificates location# path_gpt=gpt-3.2 location# JAVA_HOME=java home location# ANT_HOME=ant home location# Please insert your actual configuration# from here ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~user_globus=globususer_grid=dgdt0065host_globus=dgiref-globus.fzk.depath_security=/etc/grid-security
path_certificates=${path_security}/certificates
path_workdir=/usr/local
path_globus=${path_workdir}/globus
path_gpt=${path_workdir}/gpt-3.2
path_java=${path_workdir}/jdk1.6.0_16
path_ant=${path_workdir}/apache-ant-1.7.1
JAVA_HOME=/etc/alternatives/jdk
ANT_HOME=/etc/alternatives/anthome
BASE_URL="http://mirror.scc.kit.edu/downloads/src"
PACKAGE_GPT_32="gpt-3.2-src.tar.gz"
# till here ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~yum -y install gcc postgresql postgresql-libs postgresql-server perl perl-XML-Parser
yum -y install java
#------------------------------------------------------ install SUN javawget -O ${path_workdir}/jdk-6u16-linux-x64.bin ${BASE_URL}/misc/jdk-6u16-linux-x64.bin
chmod +x ${path_workdir}/jdk-6u16-linux-x64.bin
cd ${path_workdir}
./jdk-6u16-linux-x64.binrm ${path_workdir}/jdk-6u16-linux-x64.bin
# link to the /opt/javarm /usr/java/latest
ln -s ${path_java} /usr/java/latest
rm -f /etc/alternatives/java
ln -s ${path_java}/bin/java /etc/alternatives/java
ln -s ${path_java}/ /etc/alternatives/jdk
# test after restart bash sessionjava -version#------------------------------------------------------ install antwget -O ${path_workdir}/apache-ant-1.7.1-bin.tar.gz ${BASE_URL}/globus/2009.2/apache-ant-1.7.1-bin.tar.gz
tar -C ${path_workdir} -xvzf ${path_workdir}/apache-ant-1.7.1-bin.tar.gz
# Symlinks for the ant executableln -s ${path_ant}/bin/ant /etc/alternatives/ant
ln -s ${path_ant}/ /etc/alternatives/anthome
ln -s /etc/alternatives/ant /usr/bin/ant
# test after restart bash sessionant -version#------------------------------------------------------ install antln -s /usr/local/apache-ant-1.7.1/lib/ant.jar /usr/share/java/ant.jar
ln -s /usr/local/apache-ant-1.7.1/lib/ant-launcher.jar /usr/share/java/ant-launcher.jar
# Create user and group globus:groupadd $user_globususeradd -m -g $user_globus -d /localhome/$user_globus $user_globus
umask 022# Create globus installation directory and set the globus user as owner:mkdir -p $path_globus $path_gpt
chown -R $user_globus.$user_globus $path_globus
chown -R $user_globus.$user_globus $path_gpt
chmod 755 $path_globus
chmod 755 $path_gpt
# Environment Variables# As '''root''' create a new setup file called ''/usr/local/bin/globus-env-setup.sh'':if [ ! -f /usr/local/bin/globus-env-setup.sh ];
thenecho "\
export GPT_LOCATION=${path_gpt}export GLOBUS_LOCATION=${path_globus}export GLOBUS_USAGE_OPTOUT=1export GLOBUS_HOSTNAME=${host_globus}export GLOBUS_TCP_PORT_RANGE=20000,25000export JAVA_HOME=${JAVA_HOME}export ANT_HOME=${ANT_HOME}export CLASSPATH=\$CLASSPATH:\$JAVA_HOME/libexport PATH=\$ANT_HOME/bin:\$JAVA_HOME/bin:\$PATHexport PATH=\$GLOBUS_LOCATION/bin:\$GLOBUS_LOCATION/sbin:\$PATHexport PATH=\$GLOBUS_LOCATION/etc:\$GPT_LOCATION/sbin:\$PATHif [ -r \$GLOBUS_LOCATION/etc/globus-user-env.sh ]; then. \$GLOBUS_LOCATION/etc/globus-user-env.shelseecho "error: globus may not be installed yet"
fi" > /usr/local/bin/globus-env-setup.sh
fi# The file should be marked as executable:chmod +x /usr/local/bin/globus-env-setup.sh
#In order to execute this script for every user automatically, link in the directory /etc/profile.d as follows:ln -s /usr/local/bin/globus-env-setup.sh /etc/profile.d
# Create the directory for authorization and authentication functions (GSI):mkdir -p $path_certificates
# after copy the host certificate and host key into /etc/grid-security/, configure GSI Security# cp yourhostkey.pem ${path_security}/hostkey.pem# cp yourhostcert.pem ${path_security}/hostcert.pemcp ${path_security}/hostkey.pem ${path_security}/containerkey.pem
cp ${path_security}/hostcert.pem ${path_security}/containercert.pem
chown globus.globus ${path_security}/container*.pem
# set certificate privilegeschmod 400 ${path_security}/*key.pem
chmod 644 ${path_security}/*cert.pem
#create an empty gridmap-filetouch ${path_security}/grid-mapfile
# install gptif [ ! -f /usr/local/gpt-3.2/sbin/gpt-build ];
thenwget -O ${path_workdir}/${PACKAGE_GPT_32} ${BASE_URL}/globus/2009.2/${PACKAGE_GPT_32}
tar zxvf ${path_workdir}/${PACKAGE_GPT_32}
cd ${path_gpt}
./build_gptcd ..rm -f gpt-3.2-src.tar.gz
fi
Install
The installation procedure includes the following steps:
- Download the GT binary
- Install with
gpt-install - Post-installation with
gpt-postinstall
administrator's script: install.sh
#!/bin/bash# installation script globus toolkit 4.2.1# Install GPT/Globus as the user '''globus''':su - $user_globus
# Declare the variables section ------------# from here ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~BASE_URL="http://mirror.scc.kit.edu/downloads/src"
PACKAGE_GLOBUS="Lrz_SL5.3-gt4.2.1-jdk-1.6.0_11-x86_64-unknown-linux-gnu-bin.tar.gz"
# till here ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~# Install the Globus Toolkit packageswget -O /tmp/${PACKAGE_GLOBUS} ${BASE_URL}/globus/2010.1/${PACKAGE_GLOBUS}
# install (configuration option was ''./configure --prefix=$GLOBUS_LOCATION --enable-wsgram-pbs'')$GPT_LOCATION/sbin/gpt-install /tmp/${PACKAGE_GLOBUS} 2>&1 | tee globus-install.log
# and wait around 10 min till the message#> Bundle Lrz_SL5.3 successfully installed.#> Cleaning up temp locations$GPT_LOCATION/sbin/gpt-postinstall 2>&1 | tee globus-postinstall.log
# wait till the message:#> ..Done
Configure
| To configure the gsissh, please use the Globus services page. Please check the grid certificates allocation before to proceed. |
- Configure Globus authorization
- Grid Security Infrastructure
- Globus user must be authenticated to use the services. There are two ways for user authentication in Globus - manually or automatically.
- automatically
- There is the dgridmap script for automatic generation of the grid-mapfile. It is mandatory to execute the dgridmap script regularly (e.g. cron minimum once per 24 hours) for update of the Globus grid-mapfile (see section join D-Grid).
Grid-mapfile:
The grid-mapfile located in the directory /etc/grid-security/ is necessary for the successful launch of the Globus container.
If you have none of it, an empty file with the name |
- manually
- as
grid-userextract the Distinguished name (DN) as the following:
su $USER grid-cert-info -subject /C=DE/O=GridGermany/OU=Leibniz-Rechenzentrum/CN=griduser1
- Now, the grid-user should be included to the grid-mapfile. For this, execute as
root:
su root grid-mapfile-add-entry -dn "<DN>" -ln <locale user name for griduser1>
- Configure /etc/services
- To make the Globus services available, the following ports must be inserted as
rootin the file/etc/services:
gsiftp 2811/tcp gsigatekeeper 2119/tcp
- Configure /etc/hosts
In /etc/hosts the IP address of the server must be mapped to FQDN as follows:
<IP ADDRESS> <FQDN> <hostname>
- Configure /etc/hosts.allow
- Insert as 'root' the following entries in the file
/etc/hosts.allow:
globus-gatekeeper:ALL:ALLOW
globus-gridftp-server:ALL:ALLOWThe required configuration for every Globus service is documented in a separate section using the links from service section
administrator's script: configure.sh
#!/bin/sh#cat /etc/services# gsiftp 2811/tcp# gsigatekeeper 2119/tcp# Configure /etc/hosts# Configure Globus Authorizationecho "\
globus-gatekeeper:ALL:ALLOW
globus-gridftp-server:ALL:ALLOW" > /etc/hosts.allow
Proceed
- Globus Usage statistics
- The Globus Toolkit provides functions for submitting personal user information to the Globus Alliance. Additional information about usage statistics is presented here.
- These functions should be deactivated in the the D-Grid reference installation. This can be done as follows:
- for Java components
- in file $GLOBUS_LOCATION/etc/globus_wsrf_core/server-config.wsdd the attribute <globalConfiguration> comment the parameter usageStatisticsTargets with the:
<!-- <parameter name="usageStatisticsTargets" value="usage-stats.globus.org:4810"/> -->
- for C components:
- Setup the environment variable GLOBUS_USAGE_OPTOUT with value 1.
- Globus start script
- create the
/etc/init.d/globus-containerfile, which serves as start/stop script for the container with the following content:
- create the
#!/bin/sh -e # use RedHat feature: # chkconfig: 345 80 50 # # A script to start and stop the Globus Container # ### BEGIN INIT INFO # Provides: globus-container # Required-Start: $network $remote_fs # Required-Stop: $remote_fs $network # Default-Start: 2 3 4 5 # Default-Stop: 0 1 6 ## Description: Start/stop the globus-container service. ### END INIT INFO case "$1" in start) su - globus -c "/usr/local/globus/sbin/globus-start-container-detached -p 8443" ;; stop) su - globus -c "/usr/local/globus/sbin/globus-stop-container-detached" ;; restart) $0 stop sleep 1 $0 start ;; *) printf "Usage: $0 {start|stop|restart}\n" >&2 exit 1 ;; esac
- the
/etc/init.d/globus-containershould be executed byroot:
- the
| Do not run the /etc/init.d/globus-container before install the Globus Toolkit services.
|
administrator's script: proceed.sh
#!/bin/sh# configure script for globus 4.2.1su root# create a Globus start scriptecho "\
#!/bin/sh -e
# use RedHat feature:# chkconfig: 345 80 50## A script to start and stop the Globus Container#### BEGIN INIT INFO# Provides: globus-container# Required-Start: \$network \$remote_fs# Required-Stop: \$remote_fs \$network# Default-Start: 2 3 4 5# Default-Stop: 0 1 6## Description: Start/stop the globus-container service.### END INIT INFOcase \"\$1\" instart)su - globus -c \"/usr/local/globus/sbin/globus-start-container-detached -p 8443\";;stop)su - globus -c \"/usr/local/globus/sbin/globus-stop-container-detached\";;restart)\$0 stopsleep 1\$0 start;;*)printf \"Usage: \$0 {start|stop|restart}\n\" >&2exit 1;;esac" > /etc/init.d/globus-container
chmod a+x /etc/init.d/globus-container
service globus-container start
Initial test
- Using a JDL file (job description language)
- The following job is described in XML format using the job description language (JDL). It is stated as a parameter during the job submission (see below).
- First, create as grid user the file torqueJob.xml and fill it with the following content (see script section #Using a JDL file)
- Using the
voms-proxy-init(e.g.voms-proxy-init -voms dgtest:/dgtest/admin:softwareadmin)
administrator's script: test.sh
#!/bin/bash# test for globus toolkit 4.2.1griduser='griduser'
gridclient="ui.d-grid.de"
# Generic Test# Log on into a grid client (eg. with ssh)ssh $griduser@$gridclient
## test vomsvoms-proxy-init -voms dgtest:/dgtest/admin:softwareadmin
globus-url-copy -dbg gsiftp://dgiref-globus.fzk.de/home/dgtest/dgdtsgm/secure_file file:///tmp/my_file
# debug: operation completeglobusrun-ws -submit -F https://dgiref-globus.fzk.de:8443/wsrf/services/ManagedJobFactoryService -Ft Fork -s -c /usr/bin/whoami
# dgdtsgm#GSI Authentication[dgdt0065@ui ~] grid-proxy-init
[dgdt0065@ui ~] globusrun-ws -submit -F https://dgiref-globus.fzk.de:8443/wsrf/services/ManagedJobFactoryService -Ft Fork -s -c /usr/bin/whoami
# dgdt0065#Test Counter Service# as griduser:counter-client -s https://<FQDN>:8443/wsrf/services/CounterService
#Got notification with value: 3#Counter has value: 3#Got notification with value: 13# Torque Test --------------------------------------------# The successful integration of torque with Globus can be tested as grid user like here:globusrun-ws -submit -F <FQDN> -Ft PBS -c /bin/sleep 120
#Using a JDL fileecho " <job>
<executable>/bin/echo</executable><directory>/tmp</directory><argument>***Hello D-Grid user***</argument><stdout>/tmp/stdout_torque</stdout><stderr>/tmp/stderr_torque</stderr><queue>dgiseq</queue></job>" > torqueJob.xml
#Then submit the grid job as griduserglobusrun-ws -submit -F <FQDN> -Ft PBS -f torqueJob.xml
Update
- Re-install Globus
- Execute commands in installation directory as user 'globus'
- Deinstallation
- This procedure run as 'root' will delete the whole installation and configuration of Globus from the machine:
- Remove installation directories and files
- Remove the Globus entries, if they are available.
- remove for GSI
- remove for GRAM
- remove for RFT
- delete postgressql packages with YaST or YUM
- Update
- The updates for the 64-bit architecture are available. For the 32-bit machines were the same packages with gcc32 packages installed. More current fixes can be found here.
WARNING: Globus 4.0.7 fixes:
It is highly recommended to install the following updates after the globus installation.
All the updates can be downloaded from here and must be installed by user globus:
administrator's script: update.sh
#!/bin/bash# updates for the globus 4.2.1griduser='griduser'
# REINSTALLATIONsu globusmake distcleanrm -rf $GLOBUS_LOCATION/*
cd /tmp
$GPT_LOCATION/sbin/gpt-install <GT4_binary.tar.gz>
$GPT_LOCATION/sbin/gpt-postinstall
# DEINSTALL## 1.1. Remove installation directories and filessu rootrm /etc/profile.d/globus-env-setup.sh
rm /usr/local/bin/globus-env-setup.sh
rm -rf /usr/local/gpt-3.2
rm -rf /usr/local/globus
## 1.2. Remove the Globus entries, if they are available.vi /etc/hosts.allow
## 1.3. Delete user 'globus'userdel globus
rm -rf /home/globus
groupdel globus
## 1.4. for GSI:rm -rf /etc/grid-security
su $griduser
rm -rf ~/.globus (for the grid user)
## 1.5. for GRAM:su rootrm /etc/xinetd.d/gsi*
vi /etc/sudoers
## 1.6. for RFT:su rootrm -rf /var/lib/pgsql/data/*
## 1.7. Delete the following packages with YUM:yum remove postgressqlyum remove postgressql-libsyum remove postgressql-server# UPDATE# as 'globus' user install the new updates after downlowding them# from http://www.globus.org/toolkit/advisories.html:su globusgpt-build -update globus_java_ws_core_common-1.15.tar.gz
gpt-build -update globus_java_ws_core-3.18.tar.gz
gpt-build -update globus_gass_cache-5.4.tar.gz gcc64dbg
gpt-build -update globus_gsi_cert_utils-5.5.tar.gz gcc64dbg
