middleware:Globus/extension

From Dgiref
Jump to: navigation, search
Please open a NGI-DE ticket if you experience any Installation or Configuration problem.

Contents

Attribute-based authorization

Install

Note-icon.png
  
The original description can be downloaded from d-grid site.

To apply the Attribute-based authorization to the Globus Toolkit, the following components should be additionally installed:

  • Virtual Organization Membership Server (VOMS) Authorization Interceptors for the Globus Web-Services (GRAM and RFT. The service security should be configured accordingly).
  • Authorization callout C-API for the Globus GridFTP should be used for attributes mapping.
  • The aba-glite.tar.gz file regarding the attribute based authorization is supposed to be installed in /opt/glite

Configure

  1. setup the voms server certificates
  2. Configure the sudo for WSGRAM
  3. Mappings for VOMS FQAN
  4. ln -s /etc/grid-security/voms-attr-authz /etc/grid-security/voms-lcmaps-mapfile
  5. configure the /opt/glite/etc/vomses file (see the file /opt/glite/etc/vomses.template for instructions, for accessing the voms server)
Note-icon.png
  
To avoid the error message: "<username> is not in the grid mapfile", all local accounts, which attributes should be mapped, the similar empty record in the grid-mapfile should be assigned: 
vi /etc/grid‐security/grid‐mapfile 
 "" uhdtsgm



JavaGAT adaptor

To use the GAT Globus Tookit adaptors, do the following:

  1. locate the personnel certificates files userkey.pem and usercert.pem in the directory $HOME/.globus
  2. locate the host certificates of the Grid hosts you like to access in the directory $HOME/.globus/certificates.
  3. create a proxy certificate with $GAT LOCATION/bin/grid-proxy-init.
  4. The dataset $HOME/.globus/cog.properties should exists and to be like: 


cat $HOME/.globus/cog.properties
 
#Java CoG Kit Configuration File
#usercert: The path to the file containing your dgrid certificate.
usercert=/home/dgdt0000/.globus/usercert.pem
# userkey: The path to the file containing your Grid key.
userkey=/home/dgdt0000/.globus/userkey.pem
# proxy: The name under which your proxy certificate which you create with grid-proxy-init is stored.
proxy=/tmp/x509up_u1000
#cacert: The path of the directory, which contains the host certificates.
#cacert=/etc/grid-security/certificates
cacert=/home/dgdt0000/.globus/cog-certificates

MPI extension for Globus 4.2

Globus Toolkit package provided by the D-Grid reference installation

From a user's perspective the change allows to use extensions to load the mpi module before the job starts as shown below: 

  <extensions>
     <preamble> module load mpi </preamble>
  </extensions>
</job>
Note-icon.png
  
In the latest globus 4.2 reference package the changes provided below are already made.

Globus Toolkit package do not provided by the D-Grid reference installation

Administrative changes

It is necessary to change the file $GLOBUS_LOCATION/lib/perl/Globus/GRAM/JobManager/pbs.pm. The output of diff pbs.pm.orig pbs.pm is shown below containing all the necessary changes including the ones proposed by Benjamin Henne (the changes below the diff entry 280c311 are from Benjamin and not related to this extension). 

patch pbs.pm -

The patch program will wait for your input. Paste the diff output below and when finished press enter and then ctrl-D (strg-D auf Deutsch) TWICE (ZWEIMAL). 

30c30
<     $mpirun         = 'no';
---
>     $mpirun         = '/home/software/mpi/mpiexec_wrapper';
37,39c37,39
<     $softenv_dir    = '';
<     $soft_msc       = "$softenv_dir/bin/soft-msc";
<     $softenv_load   = "$softenv_dir/etc/softenv-load.sh";
---
>     #$softenv_dir    = '';
>     #$soft_msc       = "$softenv_dir/bin/soft-msc";
>     #$softenv_load   = "$softenv_dir/etc/softenv-load.sh";
41a42,62
> sub new
> {
> 
>     my $cln   = shift;
>     my $class = ref($cln) || $cln;
> 
>     my $self  = $class->SUPER::new(@_);
>     bless $self, $class;
> 
>     $self->log("INFO: exec new from sge::new\n");
> 
>     my $description = $self->{JobDescription};
>     use Globus::GRAM::ExtensionsHandler;
>     new Globus::GRAM::ExtensionsHandler($class, $self, $description);
> 
> #        use Data::Dumper;
> #        $self->log("INFO: job description\n");
> #        $self->log(Dumper($description));
> #       if (defined($description->march)){$self->log("INFO: march available\n");}
>     return $self;
> }
268,275c289,296
<     if ($softenv_dir ne '')
<     {
<         $self->setup_softenv(
<             $self->job_dir() . '/pbs_softenv_job_script',
<             $soft_msc,
<             $softenv_load,
<             *JOB);
<     }
---
>     #if ($softenv_dir ne '')
>     #{
>     #    $self->setup_softenv(
>     #        $self->job_dir() . '/pbs_softenv_job_script',
>     #        $soft_msc,
>     #        $softenv_load,
>     #        *JOB);
>     #}
276a298,307
>     
>     #
>     # If preamble defined, insert it 
>     #
>     if(  $description->preamble() ) {
>         $self->log("INFO: Preamble:\n");
>         $self->log( $description->preamble() );
>         print JOB "\n# Preamble\n";
>         print JOB  $description->preamble() .  "\n\n";
>     }
280c311
<     $library_vars{LD_LIBRARY_PATH} = 0;
---
>     #$library_vars{LD_LIBRARY_PATH} = 0;
444c475
<                     $machinefilearg = ' -machinefile $PBS_NODEFILE';
---
>                 #    $machinefilearg = ' -machinefile $PBS_NODEFILE';
469c500
<                     print JOB ' -machinefile $PBS_NODEFILE';
---
>                 #    print JOB ' -machinefile $PBS_NODEFILE';
481,490c512,525
< hosts=\`cat \$PBS_NODEFILE\`;
< counter=0
< while test \$counter -lt $count; do
<     for host in \$hosts; do
<         if test \$counter -lt $count; then
<             $remote_shell \$host "/bin/sh $cmd_script_name; echo \\\$? > $exit_prefix.\$counter" < $stdin &
<             counter=\`expr \$counter + 1\`
<         else
<             break
<         fi
---
> if [ $count -eq 1 ]; then
>     /bin/sh $cmd_script_name; echo \$? > $exit_prefix.0 < $stdin
> else
>     hosts=\`cat \$PBS_NODEFILE\`;
>     counter=0
>     while test \$counter -lt $count; do
>         for host in \$hosts; do
>             if test \$counter -lt $count; then
>                 $remote_shell \$host "/bin/sh $cmd_script_name; echo \\\$? > $exit_prefix.\$counter" < $stdin &
>                 counter=\`expr \$counter + 1\`
>             else
>                 break
>            fi
>         done
492,493c527,528
< done
< wait
---
>     wait
> fi

The file $GLOBUS_LOCATION/lib/perl/Globus/GRAM/ExtensionsHandler.pm should also be changed! The diff is provided below. 

15a16,17
>     # LRZ: added $jm arg to get access to the JM log file
>     my $jm      = shift;
26a29,30
>     # LRZ: set log file handle
>     $self->{log} = $jm->{log} if ( $jm->{log} );
Finally the file <code>$GLOBUS_LOCATION/lib/perl/Globus/GRAM/JobManager.pm</code> should be changed as follows.
 
93c93,97
<     if ($description->xml_extensions())
---
>     #LRZ# if ($description->xml_extensions())
>     #LRZ#{
>     #LRZ#    new Globus::GRAM::ExtensionsHandler($class, $description);
>     #LRZ#}
>     if( ! defined($description->logfile()) )
95c99,103
<         new Globus::GRAM::ExtensionsHandler($class, $description);
---
>         my $WHOAMI = `whoami`;
>         chomp $WHOAMI;
> 
>         my $logfile = "/tmp/$WHOAMI-jobmanager.log";
>         $description->add('logfile', $logfile);
413a422
> # chdir("/"); is missing from
430c439
<     chdir("/");
---
>     #chdir("/");
Retrieved from "http://dgiref.d-grid.de/wiki/middleware:Globus/extension"
Personal tools