7/28/2019 Gt k Install
1/42
1. Introduction
This is a guide to Globus Toolkit 4.0.1 (GTK-4.0.1) installation. It deals with a basic
installation that installs Core and the following Base Services: a security infrastructure
(GSI), GridFTP, RFT, and DRS. After the installation and testing it looks into how touse the CA of one machine on a second one telling how to get the certificates of the
second machine signed by the CA and using the signed certificates. It also talks about
RLS and DRS configuration and testing.
Before going to the installation of the support softwares, create a .bash_profile
file in root user with the required CLASSPATH & PATH entries. The .bash profile
should look like the following:
# .bash_profile
# Get the aliases and functions
if [ -f ~/.bashrc ];
then
. ~/.bashrc
fi
# User specific environment and startup programs
ANT_HOME="/usr/local/apache-ant-1.6.2"
JAVA_HOME="/opt/SUNWappserver/jdk"
CATALINA_HOME="/opt/apache-tomcat-5.5.15"
CATALINA_BASE="/opt/apache-tomcat-5.5.15"
GLOBUS_LOCATION="/opt/globus-4.0.1"
GLOBUS_IODBC_PATH="/opt/globus-4.0.1"
ODBCINI="/opt/globus-4.0.1/var/odbc.ini"CLASSPATH=$CLASSPATH:/usr/local/apache-ant-1.6.2/lib/ant.jar
PATH=$PATH:$HOME/bin:$JAVA_HOME/bin:$ANT_HOME/bin:$GLOBUS_LOC
ATION/bin:$GLOBUS_LOCATION/sbin:
7/28/2019 Gt k Install
2/42
export PATH ANT_HOME JAVA_HOME CLASSPATH CATALINA_HOME
CATALINA_BASE GLOBUS_LOCATION GLOBUS_IODBC_PATH ODBCINI
unset USERNAME
if [ -e $GLOBUS_LOCATION/etc/globus-user-env.sh ];
then
. $GLOBUS_LOCATION/etc/globus-user-env.sh
fi
if [ -e $GLOBUS_LOCATION/etc/globus-devel-env.sh ];
then
. $GLOBUS_LOCATION/etc/globus-devel-env.sh
fi
After the creation of the .bash profile as root user execute the bash profile:
#. .bash_profile
Note : Give a hostname to your System by using neat command as a root
The /etc/hosts file
Entries made in the /etc/hosts should be strictly in this format. A sample /etc/hosts file
# Do not remove the following line, or various programs
# that require network functionality will fail.
10.160.2.45 localhost.localdomain localhost
10.160.2.45 gridproj1.ap.nic.in.in gridproj1
10.160.2.42 gridproject2. ap.nic.in.in gridproject2
10.160.2.43 gridproj3. ap.nic.in.in gridproj3
Special care should be taken with the first line mentioning localhost. The nextentries should be of the host machines IP addresses (one or more). After these shouldcome the entries of other systems.
7/28/2019 Gt k Install
3/42
NOTE: what ever the systems need to be connected those system entries should be
present in /etc/hosts file after the System name of the present globus installation
system.
2. Installing support softwares
GTK-4.0.1 requires various support softwares. These are required both for its
installation and its running. Their installation is discussed first
.2.1JAVA
GTK4.0.1 is completely written in java so, we want to install java. This
installation is also used for writing services in java. Before installing this java, remove
the pre installed java, which was installed along with O.S. Remove javac & java from
/usr/bin.
Install J2SE 1.4.2+ (+ means >= 1.4.2 version) SDK of SUN, IBM, BEA (do not
use GCJ).
Download Link: http://java.sun.com/j2se
Steps:
1. As root execute the binary j2sdk-1.4.2-nb-3.5-bin-linux.bin --
$ ./j2eesdk-1_4_02_2005Q2-linux.bin
This installs java in /opt/ SUNWappserver directory
2. Now test for which java being used with the command (as root user)
#which java
It should give the output as /opt/SUNWappserver/jdk/bin/java. This is shownonly when the pre-installed java is removed.
2.2Apache Ant
Ant is a Java-based build tool required for the GT4.0.1 installation. The toolkit is
composed of many Java classes that need to be combined or built to form a functioning
7/28/2019 Gt k Install
4/42
program. Ant is used to execute an Ant-based build script that automates the build
process (if the toolkit needs to be re-built at any point, Ant can skip actions that have
already been completed.)
Required for: Web services installation
Recommended Version: 1.6.1+
Download Link: http://jakarta.apache.org/ant
Steps:
Do the following as root.
1. To install Ant, copy the apache-ant-1.6.2-bin.tar.gz tar file in /usr/local
2. Untar this file --
tar -zxvf apache-ant-1.6.2-bin.tar.gz
3. A directory apache-ant-1.6.2 is created. This directory will be known as
ANT_HOME.
4. As root user run the command
# which ant
It gives which ant path the system is using, it must be the ANT_HOME path
otherwise you need to edit the /etc/bashrc file by adding the following lines
For further help http://ant.apache.org/manual/index.html can be visited.
2.3. C compiler
Required for compilation of C code. These things will come while installing
Operating system. We used Fedora Core 3 Operating systems. Avoid version 3.2, 3.2.1,
4.1.0. The versions can be downloaded from http://gcc.gnu.org
RPM used- gcc-3.4.2-6
7/28/2019 Gt k Install
5/42
2.4. GNU tar
Required for: Unpack aging software
Available at http://www.gnu.org/software/tar/tar.html
RPM used: tar-1.14-4
2.5. GNU Sed
Required for: scripts to edit text files
Available at http://www.gnu.org/software/sed/sed.html
RPM used: sed-4.1.2-4
2.6. Zlib
Required for: lossless data-compression library
Available at http://www.gzip.org/zlib/
Use zlib 1.1.4+
RPM used: zlib-1.2.1.2-1
2.7Make
Required for: Make is a tool, which controls the generation of executables and other
non-source files of a program from the program's source files.
Available at: www.gnu.org/software/make
RPM used: make-3.80-5
2.8. sudo
Required for: Allows administrator to give restricted root access.
7/28/2019 Gt k Install
6/42
Available at: www.courtesan.com/sudo/
RPM used: sudo-1.6.7p5-30.1
2.9. JDBC Complaint database
Required for: Database connectivity in java Environment.
We can use PostgreSQL7.1+
Available at: www.postgresql.org
RPM used: postgresql-7.4.6-1.FC3.1
This is available while installing O.S, or you can download it manually and install.
3.0 Additional users required:
1. To install GTK-4.0.1 the following users are needed on the machine.
User ID Group ID Description
root root Super user
globus globus Globus Toolkit environment. For
installation and execution of the Toolkit.
apuser apuser A user other than root or globus. End
user environment for job execution on
the Grid and testing the services
2. Steps of installation:
As root user, create globus user
[root@gridproj1 ~]# adduser globus
[root@gridproj1 ~]# passwd globus
7/28/2019 Gt k Install
7/42
3. Make the installation directory. This is where all the GT4 installation will reside. runas root user
[root@gridproj1 ~]# mkdir /opt/globus-4.0.1
4. Make a directory var in /opt/globus-4.0.1 and copy the odbc.ini file to that vardirectory.
5. Change the owner ship for this directory as globus. Run as root user
[root@gridproj1 ~]# chown R globus.globus /opt/globus-4.0.1
6. Download gt4.0.1-all-source-installer.tar.gz from
http://www.globus.org/toolkit/
3.2 Optional Software
3.2.1 IODBC
Required for: This is required for RLS
Download Link: http://www.iodbc.org/
NOTE: In this manual, postgresql 7.4.6 is used. Hence, the built-in odbc driver is usedin odbc.ini file. If any other version is used, install the concerned odbc driver and
mention that particular driver in odbc.ini file along with the path.
Steps:
To install IODBC, Do the following:
1. Copy libiodbc-3.52.4.tar.gz to /home/globus (as root user)
2. Untar this file with the command(as globus user)
[globus@gridproj1 ]#tar -zxvf libiodbc-3.52.4.tar.gz
3. A directory libiodbc-3.52.4 is created.
4. Change the directory to libiodbc-3.52.4 & run ./configure as the following
7/28/2019 Gt k Install
8/42
[globus@gridproj1 libiodbc-3.52.4]# ./configure --prefix
=$GLOBUS_IODBC_PATH --with-iodbcdir=$GLOBUS_LOCATION/var
checking for a BSD-compatible install... /opt/globus-4.0.1in/install -c
checking whether build environment is sane... yes
checking for gawk... gawk
checking whether make sets $(MAKE)... yes
.......................................................................
.........................................................................
config.status: creating include/config.h
config.status: executing depfiles commands
config.status: executing default commands
iODBC Driver Manager 3.52.4 configuration summary
Installation variables
layout default
prefix /opt/globus-4.0.1/
exec_prefix ${prefix}
Installation paths
programs ${exec_prefix}/bin
include files ${prefix}/include
libraries ${exec_prefix}/lib
7/28/2019 Gt k Install
9/42
manual pages ${prefix}/man
Configuration files
odbc.ini /etc/var
odbcinst.ini /etc/odbcinst.ini
Extensions
ODBC Version 3
GUI Extensions true
ThreadSafe true
5. Now run make
[globus@gridproj1 libiodbc-3.52.4]# make
6. Now run make install
[globus@gridproj1 libiodbc-3.52.4]#make install
3.2.2. Jakarta Tomcat
This is optional because the GT3 and above installation provides a standalone
web service container for testing purposes.
Recommended Version: 4.1.24 or above
Download Link: http://jakarta.apache.org/tomcat
Steps: As root do the following
1. Copy jakarta-tomcat-5.5.15.tar.gz to /opt/. Unpack it there.
$tar -zxvf jakarta-tomcat-5.5.15.tar.gz
4. Building the Toolkit
7/28/2019 Gt k Install
10/42
1. Copy the downloaded gt4.0.1-all-source-installer.tar.gz to the /home/globus.
2. Copy the roots bash profile to globus user home directory and execute it.
3. Run as globus user
[globus@gridproj1 ~]$ tar -xvzf gt4.0.1-all-source-installer.tar.gz
3. Change to gt4.0.1 installation directory
[globus@gridproj1 ~]$ cd gt4.0.1-all-source-installer
4. Run as user globus
[globus@gridproj1 gt4.0.1-all-source-installer]$ ./configure --
prefix=$GLOBUS_LOCATION --with-iodbc= $GLOBUS_LOCATION --enable-drs
checking build system type... i686-pc-linux-gnu
checking for javac... /opt/SUNWappserver/jdk/bin/javac
checking for ant... /usr/local/apache-ant-1.6.2/bin/ant
configure: creating ./config.status
config.status: creating Makefile
5. Make the installation
[globus@gridproj1 gt4.0.1-all-source-installer]$make
---------------------------------------------------------------------------------------------------
gpt-build ====> CHECKING BUILD DEPENDENCIES FOR
globus_c_wsrf_notification_test
gpt-build ====> Changing to /home/globus/gt4.0.1-all-source-installer/source-
trees/wsrf/c/core/notification/test
gpt-build ====> BUILDING FLAVOR gcc32dbg
gpt-build ====> Changing to /opt/globus-4.0.1/etc
gpt-build ====> REMOVING empty package globus_c_wsrf_notification_test-gcc32dbg-dev
gpt-build ====> REMOVING empty package globus_c_wsrf_notification_test-
gcc32dbg-pgm_static
gpt-build ====> REMOVING empty package globus_c_wsrf_notification_test-
gcc32dbg-rtl
7/28/2019 Gt k Install
11/42
gpt-build ====> REMOVING empty package globus_c_wsrf_notification_test-
noflavor-doc
/opt/globus-4.0.1/sbin/gpt-build -srcdir=source-trees/wsrf/c/core/providers/test_service
gcc32dbg
gpt-build ====> CHECKING BUILD DEPENDENCIES FOR
globus_c_wsrf_providers_test_service_bindings
gpt-build ====> Changing to /home/globus/gt4.0.1-all-source-installer/source-
trees/wsrf/c/core/providers/test_service
gpt-build ====> BUILDING FLAVOR gcc32dbg
gpt-build ====> Changing to /opt/globus-4.0.1/etc
gpt-build ====> REMOVING empty package
globus_c_wsrf_providers_test_service_bindings-gcc32dbg-pgm
gpt-build ====> REMOVING empty package
globus_c_wsrf_providers_test_service_bindings-gcc32dbg-pgm_static
gpt-build ====> REMOVING empty package
globus_c_wsrf_providers_test_service_bindings-noflavor-data
----------------------------------------------------------------
gpt-build ====> REMOVING empty package globus_rendezvous-noflavor-doc
echo "Your build completed successfully. Please run make install."
Your build completed successfully. Please run make install.make: Nothing to be done for `all'.
NOTE: This command may take around 2-4 hours depending upon the systemhardware dependents.
[globus@gridproj1 gt4.0.1-all-source-installer]$
5. Run make install now
[globus@gridproj1 gt4.0.1-all-source-installer]$ make install
/opt/globus-4.0.1/sbin/gpt-postinstall
7/28/2019 Gt k Install
12/42
running /opt/globus-4.0.1/setup/globus/setup-globus-common..[Changing to /opt/globus-
4.0.1/setup/globus ]
creating globus-sh-tools-vars.sh
creating globus-script-initializer
creating Globus::Core::Paths
checking globus-hostname
Done
..Done
running /opt/globus-4.0.1/setup/globus/setup-globus-rls-server..[Changing to
/opt/globus-4.0.1/setup/globus]
creating SXXrls
creating globus-rls-server.conf
creating rls-ldif.conf
Done
..Done
running /opt/globus-4.0.1/setup/globus/setup-globus-scheduler-provider-fork..[
Changing to /opt/globus-4.0.1/setup/globus ]
checking for touch... /bin/touch
find-fork-provider-tools: creating ./config.status
config.status: creating /opt/globus-4.0.1/libexec/globus-scheduler-provider-fork..Donerunning /opt/globus-4.0.1/setup/globus/setup-gram-service-common..[Changing to
/opt/globus-4.0.1/setup/globus ]
Running /opt/globus-4.0.1/setup/globus/setup-gram-service-common
Determining system information...
Buildfile: /opt/globus-4.0.1/setup/globus/build-gram-service-gar.xml
-------------------------------------------------------------------
If you wish to configure the optional GAA-based Globus Authorization
callouts, run the setup-globus-gaa-authz-callout setup script.
..Done
7/28/2019 Gt k Install
13/42
running /opt/globus-4.0.1/setup/globus/setup-globus-gatekeeper..[ Changing to
/opt/globus-4.0.1/setup/globus ]
Creating gatekeeper configuration file...
Done
Creating grid services directory...
Done
..Done
running /opt/globus-4.0.1/setup/globus/setup-seg-fork.pl..[ Changing to /opt/globus-
4.0.1/setup/globus ]
..Done
running /opt/globus-4.0.1/setup/globus/setup-globus-gram-job-manager..[ Changing to
/opt/globus-4.0.1/setup/globus ]
Creating state file directory.
Done.
Reading gatekeeper configuration file...
Warning: Host cert file: /etc/grid-security/hostcert.pem not found. Re-run
setup-globus-gram-job-manager after installing host cert file.
Determining system information...
Creating job manager configuration file...
Done..Done
running /opt/globus-4.0.1/setup/globus/setup-globus-job-manager-fork..[ Changing to
/opt/globus-4.0.1/setup/globus ]
checking for mpiexec... /usr/bin/mpiexec
checking for mpirun... /usr/bin/mpirun
find-fork-tools: creating ./config.status
config.status: creating fork.pm
..Done
[globus@gridproj1 gt4.0.1-all-source-installer]$
4 Simple CA set-up: (First machine installation)
4.1 Setting up the simpleCA for the machine run as user globus
7/28/2019 Gt k Install
14/42
[globus@gridproj1 ~]$GLOBUS_LOCATION/setup/globus/setup-simple-ca
WARNING: GPT_LOCATION not set, assuming:GPT_LOCATION=/opt/globus-4.0.1
C e r t i f i c a t e A u t h o r i t y S e t u p
This script will setup a Certificate Authority for signing Globususers certificates. It will also generate a simple CA packagethat can be distributed to the users of the CA.
The CA information about the certificates it distributes willbe kept in:
/home/globus/.globus/simpleCA/
/usr/local/globus-4.0.1/setup/globus/setup-simple-ca: line 250:test: res: integer expression expected
The unique subject name for this CA is:cn=Globus Simple CA, ou=simpleCA-gridproj1.ap.nic.in, ou=GlobusTest,o=Grid
Do you want to keep this as the CA subject (y/n) [y]:y
Enter the email of the CA (this is the email where certificaterequests will be sent to be signed by the CA): [email protected]
The CA certificate has an expiration date. Keep in mind thatonce the CA certificate has expired, all the certificatessigned by that CA become invalid. A CA should regeneratethe CA certificate and start re-issuing ca-setup packagesbefore the actual CA certificate expires. This can be doneby re-running this setup script. Enter the number of DAYSthe CA certificate should last before it expires.[default: 5 years (1825 days)]:9000
Enter PEM pass phrase:Verifying - Enter PEM pass phrase:
/bin/sed: can't read /tmp//globus_tmp_ca_setup//pkgdata/pkg_data_src.gpt.tmpl:No such file or directory
creating CA config package...done.
A self-signed certificate has been generated
7/28/2019 Gt k Install
15/42
for the Certificate Authority with the subject:
/O=Grid/OU=GlobusTest/OU=simpleCA-gridproj1.ap.nic.in/CN=Globus SimpleCA
If this is invalid, rerun this script
/opt/globus-4.0.1/setup/globus/setup-simple-ca
and enter the appropriate fields.
-------------------------------------------------------------------
The private key of the CA is stored in/home/globus/.globus/simpleCA//private/cakey.pemThe public CA certificate is stored in/home/globus/.globus/simpleCA//cacert.pem
The distribution package built for this CA is stored in
/home/globus/.globus/simpleCA/globus_simple_ca_9e85453f_setup-0.18.tar.gz
This file must be distributed to any host wishing to requestcertificates from this CA.
CA setup complete.
4.2 The following commands will now be run to setup the securityconfiguration files for this CA:
$GLOBUS_LOCATION/sbin/gpt-build/home/globus/.globus/simpleCA/globus_simple_ca_9e85453f_setup-0.18.tar.gz
$GLOBUS_LOCATION/sbin/gpt-postinstall-------------------------------------------------------------------
setup-ssl-utils: Configuring ssl-utils packageRunning setup-ssl-utils-sh-scripts...
******************************************************************
Note: To complete setup of the GSI software you need to run thefollowing script as root to configure your security configurationdirectory:
/opt/globus-4.0.1/setup/globus_simple_ca_9e85453f_setup/setup-gsi
7/28/2019 Gt k Install
16/42
For further information on using the setup-gsi script, use the -helpoption. The -default option sets this security configuration to bethe default, and -nonroot can be used on systems where root access isnot available.
******************************************************************
setup-ssl-utils: Complete
4.3 If you have set GLOBUS_LOCATION in .bash_profile of root, then no need of
doing this otherwise you want to export GLOBUS_LOCATION
[root@gridproj1 ~]#export GLOBUS_LOCATION=/opt/globus-4.0.1
4.4 Now you want to make my machine trust that new CA, which I do by running the
following command as root.
[root@gridproj1 ~]# /opt/globus-4.0.1/setup/globus_simple_ca_9e85453f_setup/setup-gsi default
setup-gsi: Configuring GSI securityMaking /etc/grid-security...mkdir /etc/grid-securityMaking trusted certs directory: /etc/grid-security/certificates/mkdir /etc/grid-security/certificates/Installing /etc/grid-security/certificates//grid-security.conf.9e85453f...Running grid-security-config...Installing Globus CA certificate into trusted CA certificate directory...Installing Globus CA signing policy into trusted CA certificate directory...setup-gsi: Complete
4.5 Now that we've created a CA and trust it, we'll get a hostcert for the machine.Run
the following as root.
[root@localhost certificates]# grid-cert-request -host `hostname`Generating a 1024 bit RSA private key..............................++++++
.....++++++writing new private key to '/etc/grid-security/hostkey.pem'-----You are about to be asked to enter information that will be incorporatedinto your certificate request.What you are about to enter is what is called a Distinguished Name or a DN.There are quite a few fields but you can leave some blankFor some fields there will be a default value,
7/28/2019 Gt k Install
17/42
If you enter '.', the field will be left blank.-----Level 0 Organization [Grid]:Level 0 Organizational Unit [GlobusTest]:Level 1Organizational Unit [simpleCA-gridproj3.ap.nic.in]:Name (e.g., John M. Smith)[]:
A private host key and a certificate request has been generatedwith the subject:
/O=Grid/OU=GlobusTest/OU=simpleCA-gridproj1.ap.nic.in/CN=host/gridproj3.ap.nic.in
----------------------------------------------------------
The private key is stored in /etc/grid-security/hostkey.pemThe request is stored in /etc/grid-security/hostcert_request.pem
Please e-mail the request to the Globus Simple CA [email protected] may use a command similar to the following:
4.7 We need to sign the certificate using our simpleCA, as globus, If you are using your
own CA, run the following command as globus user. Other wise you want to send
hostcert_request.pem and get it signed. If you are using your own CA then copy the
/hostcert_request.pem to /home/globus.
[globus@localhost ~]$ grid-ca-sign -in hostcert_request.pem -out hostsigned.pemsTo sign the request
Please enter the password for the CA key:
The new signed certificate is at: /home/globus/.globus/simpleCA//newcerts/01.pem
4.8 A signed host certifi cate, named hostsigned.pem is written to the current directory.
When prompted for a pass phrase, enter the one you specified for the private key of
the CA certificate.
4.9 As root, move the signed host certificate to /etc/grid-security/hostcert.pem. The
certificate should be owned by root, and read-only for other users. The key should
be read-only by root.
4.10 Users also must request user certificates, which you will sign using the globus user.
7/28/2019 Gt k Install
18/42
If you not created a user create the user.
4.11 Requesting a user certificate
NOTE: copy the .bash_profile of globus user to .bash_profile of the user.
As your normal user account (not globus), run:
grid-cert-requestAfter you enter a passphrase, this creates ~$USER/.globus/usercert.pem (empty) ~$USER/.globus/userkey.pem ~$USER/.globus/usercert_request.pemEmail the usercert_request.pem file to the SimpleCA maintainer. Or if you areusing local SimpleCA send the usercert_request.pem to the maintainer
4.12 Sign the user certificate
1 copy the usercert_request.pem present in users (not the globususer from normal user) .globus directory to /home/globus/
2 As the SimpleCA owner globus , run in user globus :
grid-ca-sign -in usercert_request.pem -out signed.pem
3 When prompted for a password, enter the one you specified in for the private
key of the CA certificate.
4 Now send the signed copy (signed.pem ) back to the user who requested the
certifi cate.
5 As your normal user account (not globus ), copy the signed user certifi cate
into ~/.globus/ and rename it as usercert.pem , thus replacing the empty file. The
certifi cate should be owned by the user, and read-only for other users.
The key should be read-only by the owner.
4.13 Verify the SimpleCA certificate installation
To verify that the SimpleCA certificate is installed in /etc/grid-
security/certificates and that your certificate is in place with the correct
permissions, run as user:
7/28/2019 Gt k Install
19/42
user$ grid-proxy-init -debug verify
After entering your passphrase, successful output will look like:
[neel@gridproj1 ~]$grid-proxy-init -debug -verifyUser Cert File: /home/user/.globus/usercert.pemUser Key File: /home/user/.globus/userkey.pemTrusted CA Cert Dir: /etc/grid-security/certificatesOutput File: /tmp/x509up_u1817Your identity: \/O=Grid/OU=GlobusTest/OU=simpleCA-mayed.mcs.anl.gov/OU=mcs.anl.gov/CN=User \
NameEnter GRID pass phrase for this identity:
Creating proxy ..............................++++++++++++...............++++++++++++DoneProxy Verify OKYour proxy is valid until: Sat Feb 24 03:01:46 2007
4.14 Make the host credentials accessible by the container
The host key (/etc/grid-security/hostkey.pem) is only readable to root. The
container (hosting environment) will be running as a non-root user (probably the
globus user) and in order to have a set of host credentials, which are readable by
the container, we need to copy the host certificate and key and change the
ownership to the container user.
As root, run:
root# cd /etc/grid-securityroot# cp hostkey.pem containerkey.pemroot# cp hostcert.pem containercert.pemroot# chown globus.globus containerkey.pem containercert.pemAt this point the certifi cates in /etc/grid-security should look something like:root# ls -l *.pem-rw-r--r-- 1 globus globus 1785 Mar 07 14:47 containercert.pem-r-------- 1 globus globus 887 Mar 07 14:47 containerkey.pem-rw-r--r-- 1 root root 1785 Mar 07 14:42 hostcert.pem-r-------- 1 root root 887 Feb 27 09:59 hostkey.pem
4.15 Add authorization
7/28/2019 Gt k Install
20/42
Add authorizations for users:
Create /etc/grid-security/grid-mapfile as root.
You need two pieces of information:
the subject name of a user
the account name it should map to.
The syntax is one line per user, with the certifi cate subject followed by the user
account name.Run grid-cert-info to get your subject name, and whoami to get
the account name: run the following as user
[neel@gridproj1 .globus]$ grid-cert-info -subject/O=Grid/OU=GlobusTest/OU=simpleCA-gridproject2.ap.nic.in/OU=ap.nic.in/CN=neel
[neel@gridproj1 .globus]$ whoamineel
[neel@gridproj1 .globus]$
run the following as root
root# $GLOBUS_LOCATION/sbin/grid-mapfile-add-entry -dn \/O=Grid/OU=GlobusTest/OU=simpleCA-gridproj1.ap.nic.in/OU=ap.nic.in/CN=neel \-ln neel
The corresponding line in the grid-mapfile should look like:
"/O=Grid/OU=GlobusTest/OU=simpleCA-gridproj1.ap.nic.in/OU=ap.nic.in/CN=neel" neel
The quotes around the subject name are important, because it contains spaces.
5) Setting up your Second machine
5.1 Installation of GTK4.0.1 is the same as above until section 4.2
5.2 Setting up your second machine:
Copy the following tar.gz
home/globus/.globus/simpleCA/globus_simple_ca_9e85453f_setup-0.18.tar.gz
7/28/2019 Gt k Install
21/42
to the globus user home direcotory of the second machine. and do thefollowing steps instead of section 4.3 and continue from section 4.3. In step 4.4,take care of mentioning the tar file name i.e, it should be the same tar file namewhich is copied from first machine because multiple tar files will exist in secondmachine. In the following two commands below, the tar file name is the one thatis copied from first machine.
1 run as globus user
[globus@gridproj1 ~]$$GLOBUS_LOCATION/sbin/gpt-buildglobus_simple_ca_9e85453f_setup-0.18.tar.gz -force
gpt-build ====> CHECKING BUILD DEPENDENCIES FORglobus_simple_ca_9e85453f_setupgpt-build ====> Changing to
/sandbox/globus/BUILD/globus_simple_ca_ebb88ce5_setup-0.18/gpt-build ====> BUILDING globus_simple_ca_ebb88ce5_setupgpt-build ====> Changing to /sandbox/globus/BUILDgpt-build ====> REMOVING empty packageglobus_simple_ca_9e85453f_setup-noflavor-datagpt-build ====> REMOVING empty packageglobus_simple_ca_9e85453f_setup-noflavor-devgpt-build ====> REMOVING empty packageglobus_simple_ca_9e85453f_setup-noflavor-docgpt-build ====> REMOVING empty packageglobus_simple_ca_9e85453f_setup-noflavor-pgm_staticgpt-build ====> REMOVING empty packageglobus_simple_ca_9e85453f_setup-noflavor-rtl
2 run as globus user
[globus@gridproj1 ~]$$GLOBUS_LOCATION/sbin/gpt-postinstall -force
running /opt/globus-4.0.1/setup/globus/./setup-ssl-utils...[Changing to /opt/globus-4.0.1/setup/globus/. ]...setup-ssl-utils: Complete..Done
WARNING: The following packages were not set up correctly:globus_simple_ca_9e85453f_setup-noflavor-pgmCheck the package documentation or run postinstall -verbose to see whathappen
That installed the package, but the warning is letting us know that root
still needs to run the setup script.
7/28/2019 Gt k Install
22/42
1 Grid FTP Configuration under inetd or xinetd
Prerequisites
Before configuring a GridFTP server, you must have: a host certificate
appropriate users in the grid-mapfile
Configuring GridFTP server daemon
In order to use GridFTP, the machine should be configured to automatically start the
GridFTP server daemon.
1.1 As root, add the following entry to /etc/services:
gsiftp 2811/tcp
Notify Inetd or Xinetd that its configuration file has changed. To do this, follow theinstructions for the server as listed in 1.2 Configuring in /etc/Xinetd.d
For Xinetd, add a file called gridftp to the /etc/xinetd.d/ directory with the
following contents:
service gsiftp{
instances = 100socket_type = streamwait = nouser = rootenv += GLOBUS_LOCATION=/opt/globus-4.0.1env += LD_LIBRARY_PATH=/opt/globus-4.0.1/libserver = /opt/globus-4.0.1/sbin/globus-gridftp-serverserver_args = -ilog_on_success += DURATIONnice = 10disable = no}
1.3 Notify Inetd/Xinetd to the manual (man inetd or man xinetd). It will probably be
something like /etc/init.d/xinetd reload.
Testing GridFTP
It consists of the following steps:
7/28/2019 Gt k Install
23/42
Starting a GridFTP server (steps 2-3 above)
Creating a proxy (step 4)
Moving a test file (step 5)
1.4 Create a proxy certificate: as a user
[neel@gridproj1 ~]$grid-proxy-init -verify -debug
1.5 to find 2811 port is listening or not as a root run
[root@gridproj1 ~ /etc/grid-security]# netstat -an | grep 2811
tcp 0 0 0.0.0.0:2811 0.0.0.0:* LISTEN
1.6 run the following command as userThe file /etc/groups is copied to /tmp/test.copy
[neel@gridproj1 ~]$globus-url-copy gsiftp://gridproj1.ap.nic.in/etc/groupfile:///tmp/test.copy
1.7 compare the two copied files
[neel@gridproj1 ~]$diff /tmp/test/copy /etc/group
[neel@gridproj1 ~]$
7. starting the container:
1 as a user globus run
[globus@gridproj1 ~]$ globus-start-container
starting the container:
Initially we will get the rft errors as the rft service has been not configured
[globus@gridproj1 ~]$ globus-start-container
2007-02-19 11:54:04,244 ERROR service.ReliableFileTransferImpl [main,:68]
Unable to setup database driver with pooling.Connection refused. Check that the
hostname and port are correct and that the postmaster is accepting TCP/IP connections.
7/28/2019 Gt k Install
24/42
2007-02-19 11:54:04,924 WARN service.ReliableFileTransferHome
[main,initialize:97] All RFT requests will fail and all GRAM jobs that require file
staging will fail.Connection refused. Check that the hostname and port are correct and
that the postmaster is accepting TCP/IP connections.
Starting SOAP server at: https://127.0.0.1:8443/wsrf/services/
With the following services:
[1]: https://127.0.0.1:8443/wsrf/services/TriggerFactoryService
[2]: https://127.0.0.1:8443/wsrf/services/DelegationTestService
[3]: https://127.0.0.1:8443/wsrf/services/ReplicationService
[4]: https://127.0.0.1:8443/wsrf/services/SecureCounterService
[5]: https://127.0.0.1:8443/wsrf/services/IndexServiceEntry
[6]: https://127.0.0.1:8443/wsrf/services/DelegationService
[7]: https://127.0.0.1:8443/wsrf/services/InMemoryServiceGroupFactory
[8]: https://127.0.0.1:8443/wsrf/services/mds/test/execsource/IndexService
[9]: https://127.0.0.1:8443/wsrf/services/mds/test/subsource/IndexService
[10]: https://127.0.0.1:8443/wsrf/services/SubscriptionManagerService
[11]: https://127.0.0.1:8443/wsrf/services/TestServiceWrongWSDL
[12]: https://127.0.0.1:8443/wsrf/services/SampleAuthzService
[13]: https://127.0.0.1:8443/wsrf/services/WidgetNotificationService[14]: https://127.0.0.1:8443/wsrf/services/AdminService
[15]: https://127.0.0.1:8443/wsrf/services/DefaultIndexServiceEntry
[16]: https://127.0.0.1:8443/wsrf/services/CounterService
[17]: https://127.0.0.1:8443/wsrf/services/TestService
[18]: https://127.0.0.1:8443/wsrf/services/InMemoryServiceGroup
[19]: https://127.0.0.1:8443/wsrf/services/SecurityTestService
[20]: https://127.0.0.1:8443/wsrf/services/ContainerRegistryEntryService
[21]: https://127.0.0.1:8443/wsrf/services/NotificationConsumerFactoryService
[22]: https://127.0.0.1:8443/wsrf/services/TestServiceRequest
[23]: https://127.0.0.1:8443/wsrf/services/IndexFactoryService
[24]: https://127.0.0.1:8443/wsrf/services/ReliableFileTransferService
[25]: https://127.0.0.1:8443/wsrf/services/mds/test/subsource/IndexServiceEntry
7/28/2019 Gt k Install
25/42
[26]: https://127.0.0.1:8443/wsrf/services/Version
[27]: https://127.0.0.1:8443/wsrf/services/NotificationConsumerService
[28]: https://127.0.0.1:8443/wsrf/services/IndexService
[29]: https://127.0.0.1:8443/wsrf/services/NotificationTestService
[30]: https://127.0.0.1:8443/wsrf/services/ReliableFileTransferFactoryService
[31]: https://127.0.0.1:8443/wsrf/services/DefaultTriggerServiceEntry
[32]: https://127.0.0.1:8443/wsrf/services/TriggerServiceEntry
[33]: https://127.0.0.1:8443/wsrf/services/PersistenceTestSubscriptionManager
[34]: https://127.0.0.1:8443/wsrf/services/mds/test/execsource/IndexServiceEntry
[35]: https://127.0.0.1:8443/wsrf/services/DefaultTriggerService
[36]: https://127.0.0.1:8443/wsrf/services/TriggerService
[37]: https://127.0.0.1:8443/wsrf/services/gsi/AuthenticationService
[38]: https://127.0.0.1:8443/wsrf/services/TestRPCService
[39]: https://127.0.0.1:8443/wsrf/services/ManagedMultiJobService
[40]: https://127.0.0.1:8443/wsrf/services/RendezvousFactoryService
[41]: https://127.0.0.1:8443/wsrf/services/WidgetService
[42]: https://127.0.0.1:8443/wsrf/services/ManagementService
[43]: https://127.0.0.1:8443/wsrf/services/ManagedExecutableJobService
[44]: https://127.0.0.1:8443/wsrf/services/InMemoryServiceGroupEntry
[45]: https://127.0.0.1:8443/wsrf/services/AuthzCalloutTestService[46]: https://127.0.0.1:8443/wsrf/services/DelegationFactoryService
[47]: https://127.0.0.1:8443/wsrf/services/DefaultIndexService
[48]: https://127.0.0.1:8443/wsrf/services/ShutdownService
[49]: https://127.0.0.1:8443/wsrf/services/ContainerRegistryService
[50]: https://127.0.0.1:8443/wsrf/services/TestAuthzService
[51]: https://127.0.0.1:8443/wsrf/services/CASService
[52]: https://127.0.0.1:8443/wsrf/services/ManagedJobFactoryService
2007-02-19 11:54:33,221 INFO impl.DefaultIndexService [ServiceThread-10,
processConfigFile:107] Reading default registration configuration from file: /opt/globus-
4.0.1/etc/globus_wsrf_mds_index/hierarchy.xml
2007-02-19 11:54:34,449 ERROR impl.QueryAggregatorSource [Timer-
3,pollGetMultiple:149] Exception Getting Multiple Resource Properties from
7/28/2019 Gt k Install
26/42
https://127.0.0.1:8443/wsrf/services/ReliableFileTransferFactoryService:
java.rmi.RemoteException: Failed to serialize resource property
org.globus.transfer.reliable.service.factory.TotalNumberOfBytesTransferred@101ea1e;
nested exception is:
org.apache.commons.dbcp.DbcpException: Connection refused. Check that the
hostname and port are correct and that the postmaster is accepting TCP/IP connections.
2007-02-19 11:55:34,294 ERROR impl.QueryAggregatorSource [Timer-3,pollGetMultiple:149] Exception Getting Multiple Resource Properties fromhttps://127.0.0.1:8443/wsrf/services/ReliableFileTransferFactoryService:java.rmi.RemoteException: Failed to serialize resource property The RFTwarnings are expected right now because we haven't setup our database yet.
2.3 Edit $GLOBUS_LOCATION/etc/globus_wsrf_core/server-config.wsdd, add a
line
under the section.
For instance:
Testing the container
as a user run
1 first run grid-proxy-init in user and enter user passphrase when it asks
[neel@gridproj1 ~]$ grid-proxy-init
2 [neel@gridproj1 ~]$ counter-client -s
https://gridproj1.ap.nic.in:8443/wsrf/services/CounterService
Got notification with value: 3
Counter has value: 3
Got notification with value: 13
Configuring postgresql
7/28/2019 Gt k Install
27/42
If you not installed the PostgreSQL while installing the OS then you need to install
postgreSQL again.
After installing PostgreSQL then follow the below steps to install RFT.
3.1 The installation of PostgreSQL while installing OS it is in the location /var/lib/pgsql
if you are running for the first time then database is not initialized so initialize it by
running as root
[root@gridproj1 ~]# /etc/init.d/postgresql start
3.2. By running the above command the database got initialized and in /var/lib/pgsql you
find installed directories. Change your directory to data where PostgreSQL is
installed.
[root@gridproj1 ~]# cd /var/lib/pgsql/data/Now in the file POSTMASTER add the line postmaster_options=-i
3.3 Now in the file postgresql.conf file you want to uncomment the following things
tcpip_socket = truemax_connections = 100
3.4. Now in the file pg_hba.conf you want to add the following lines at the end of the
file host rftDatabase "globus" "System IP Address" 255.255.255.255 trust
example for the system wih IP Address 10.160.2.45 it looks like this
# Using sockets credentials for improved security. Not available everywhere,# but works on Linux, *BSD (and probably some others)host rftDatabase "globus" "10.160.2.45" 255.255.255.255 trustlocal all all ident sameuser
3.5. now you want to restart postgresql demon. run as root
[root@gridproj1 data]# /etc/init.d/postgresql restartStopping postgresql service: [OK]Starting postgresql service: [OK][root@gridproj1 data]#
3.6 Now you want to creat user globus in postgerSQL database. Run as a root
[root@gridproj1 ~]#su postgres -c "createuser -P globus"Enter password for new user: *****Enter it again: *****Shall the new user be allowed to create databases? (y/n) y
7/28/2019 Gt k Install
28/42
Shall the new user be allowed to create more new users? (y/n) nCREATE USER
3.7 now globus user can create an rftDatabase. Run as globus user
[globus@gridproj1 ~]$createdb rftDatabaseCREATE DATABASE
3.8 as globus user run the following command
[globus@gridproj1 ~]$psql -d rftDatabase -f$GLOBUS_LOCATION/share/globus_wsrf_rft/rft_schema.sql
psql:/opt/globus-4.0.1/share/globus_wsrf_rft/rft_schema.sql:6: NOTICE:CREATE TABLE / PRIMARY KEY will create implicit index "requestid_pkey"for table "requestid"CREATE TABLE
psql:/opt/globus-4.0.1/share/globus_wsrf_rft/rft_schema.sql:11: NOTICE:CREATE TABLE / PRIMARY KEY will create implicit index "transferid_pkey"for table "transferid"CREATE TABLEpsql:/opt/globus-4.0.1/share/globus_wsrf_rft/rft_schema.sql:30: NOTICE:CREATE TABLE / PRIMARY KEY will create implicit index "request_pkey"for table "request"CREATE TABLEpsql:/opt/globus-4.0.1/share/globus_wsrf_rft/rft_schema.sql:65: NOTICE:CREATE TABLE / PRIMARY KEY will create implicit index "transfer_pkey"for table "transfer"
CREATE TABLECREATE TABLECREATE TABLECREATE INDEX
Edit the below mentioned file and change the value of password (enclosed within tags) to the password of globus user in postgresql
[globus@gridproj2 ~]$ vi /opt/globus-4.0.1/etc/globus_wsrf_rft/jndi-config.xml[globus@gridproj2 ~]$ grep -C 3 password$GLOBUS_LOCATION/etc/globus_wsrf_rft/jndi-config.xml
password
7/28/2019 Gt k Install
29/42
demohq
[globus@gridproj2 ~]$
3.9 The database is setup an now we can start container now we wont get the rft errors.as a user globus run
[globus@gridproj1 ~]$ globus-start-container10. Starting the container after configuring postgres:
[globus@gridproj1 ~]$ globus-start-container Starting SOAP server at:
https://10.160.2.45:8443/wsrf/services/
With the following services:
[1]: https://10.160.2.45:8443/wsrf/services/TriggerFactoryService
[2]: https://10.160.2.45:8443/wsrf/services/DelegationTestService
[3]: https://10.160.2.45:8443/wsrf/services/ReplicationService
[4]: https://10.160.2.45:8443/wsrf/services/SecureCounterService
[5]: https://10.160.2.45:8443/wsrf/services/IndexServiceEntry
[6]: https://10.160.2.45:8443/wsrf/services/DelegationService
[7]: https://10.160.2.45:8443/wsrf/services/InMemoryServiceGroupFactory
[8]: https://10.160.2.45:8443/wsrf/services/mds/test/execsource/IndexService
[9]: https://10.160.2.45:8443/wsrf/services/mds/test/subsource/IndexService
[10]: https://10.160.2.45:8443/wsrf/services/SubscriptionManagerService
[11]: https://10.160.2.45:8443/wsrf/services/TestServiceWrongWSDL
[12]: https://10.160.2.45:8443/wsrf/services/SampleAuthzService
[13]: https://10.160.2.45:8443/wsrf/services/WidgetNotificationService
[14]: https://10.160.2.45:8443/wsrf/services/AdminService
[15]: https://10.160.2.45:8443/wsrf/services/DefaultIndexServiceEntry
[16]: https://10.160.2.45:8443/wsrf/services/CounterService
[17]: https://10.160.2.45:8443/wsrf/services/TestService
[18]: https://10.160.2.45:8443/wsrf/services/InMemoryServiceGroup
[19]: https://10.160.2.45:8443/wsrf/services/SecurityTestService
7/28/2019 Gt k Install
30/42
[20]: https://10.160.2.45:8443/wsrf/services/ContainerRegistryEntryService
[21]: https://10.160.2.45:8443/wsrf/services/NotificationConsumerFactoryService
[22]: https://10.160.2.45:8443/wsrf/services/TestServiceRequest
[23]: https://10.160.2.45:8443/wsrf/services/IndexFactoryService
[24]: https://10.160.2.45:8443/wsrf/services/ReliableFileTransferService
[25]: https://10.160.2.45:8443/wsrf/services/mds/test/subsource/IndexServiceEntry
[26]: https://10.160.2.45:8443/wsrf/services/Version
[27]: https://10.160.2.45:8443/wsrf/services/NotificationConsumerService
[28]: https://10.160.2.45:8443/wsrf/services/IndexService
[29]: https://10.160.2.45:8443/wsrf/services/NotificationTestService
[30]: https://10.160.2.45:8443/wsrf/services/ReliableFileTransferFactoryService
[31]: https://10.160.2.45:8443/wsrf/services/DefaultTriggerServiceEntry
[32]: https://10.160.2.45:8443/wsrf/services/TriggerServiceEntry
[33]: https://10.160.2.45:8443/wsrf/services/PersistenceTestSubscriptionManager
[34]: https://10.160.2.45:8443/wsrf/services/mds/test/execsource/IndexServiceEntry
[35]: https://10.160.2.45:8443/wsrf/services/DefaultTriggerService
[36]: https://10.160.2.45:8443/wsrf/services/TriggerService
[37]: https://10.160.2.45:8443/wsrf/services/gsi/AuthenticationService
[38]: https://10.160.2.45:8443/wsrf/services/TestRPCService
[39]: https://10.160.2.45:8443/wsrf/services/ManagedMultiJobService[40]: https://10.160.2.45:8443/wsrf/services/RendezvousFactoryService
[41]: https://10.160.2.45:8443/wsrf/services/WidgetService
[42]: https://10.160.2.45:8443/wsrf/services/ManagementService
[43]: https://10.160.2.45:8443/wsrf/services/ManagedExecutableJobService
[44]: https://10.160.2.45:8443/wsrf/services/InMemoryServiceGroupEntry
[45]: https://10.160.2.45:8443/wsrf/services/AuthzCalloutTestService
[46]: https://10.160.2.45:8443/wsrf/services/DelegationFactoryService
[47]: https://10.160.2.45:8443/wsrf/services/DefaultIndexService
[48]: https://10.160.2.45:8443/wsrf/services/ShutdownService
[49]: https://10.160.2.45:8443/wsrf/services/ContainerRegistryService
[50]: https://10.160.2.45:8443/wsrf/services/TestAuthzService
[51]: https://10.160.2.45:8443/wsrf/services/CASService
7/28/2019 Gt k Install
31/42
[52]: https://10.160.2.45:8443/wsrf/services/ManagedJobFactoryService
RFT TESTING
[root@gridproj2 ~]# more /tmp/rft.xfrtrue1600016000false1true1nullnullfalse10
gsiftp://gridproj2.ap.nic.in:2811/etc/groupgsiftp://gridproj2.ap.nic.in:2811/home/apuser/test.copygsiftp://gridproj2.ap.nic.in:2811/tmp/test2.copygsiftp://gridproj2.ap.nic.in:2811/tmp/rft.xfrgsiftp://gridproj2.ap.nic.in:2811/home/browse/test.copy
[browse@gridproj3 browse]$ rft -h gridproj3.ap.nic.in -f /tmp/rft.xfrNumber of transfers in this request: 2Subscribed for overall statusTermination time to set: 60 minutes
Overall status of transfer:Finished/Active/Failed/Retrying/Pending0/1/0/0/1
Overall status of transfer:Finished/Active/Failed/Retrying/Pending1/0/0/0/1
Overall status of transfer:Finished/Active/Failed/Retrying/Pending1/1/0/0/0
Overall status of transfer:Finished/Active/Failed/Retrying/Pending2/0/0/0/0All Transfers are completed
RLS CONFIGURATION AND TESTING
7/28/2019 Gt k Install
32/42
Creating the user and password
Create the database user (in our example, calleddbuser) and password that RLS willuse:
root@gridproj1~# su postgres -c createuser -P dbuser
Creating the database(s)[go to os user of dbuser and then do thefollowing]
For PostgreSQL, run:
createdb -O dbuser -U dbuser -W lrc1000createdb -O dbuser -U dbuser -W rli1000psql -W -U dbuser -d lrc1000 -f $GLOBUS_LOCATION/setup/globus/globus-rls-lrc-postgres.sqlpsql -W -U dbuser -d rli1000 -f $GLOBUS_LOCATION/setup/globus/globus-rls-rli-postgres.sql
Testing with iODBC, run:
$GLOBUS_IODBC_PATH/bin/iodbctestDSN=lrc1000;UID=dbuser;PWD=dbpassword"
iODBC Demonstration programThis program shows an interactive SQL processorDriver Manager: 03.52.0004Driver: 03.52.06
SQL>
The output of the above commands looks like the following. Dont execute anyof the below commands. That is just to show the output of the above commands. Moveto RLS server configuration below.
[root@gridproj2 ~]# su - postgres-bash-3.00$ createuser -P dbuserEnter password for new user:Enter it again:Shall the new user be allowed to create databases? (y/n) yShall the new user be allowed to create more new users? (y/n) n
CREATE USER-bash-3.00$ exitLogout
[root@gridproj2 etc]#
7/28/2019 Gt k Install
33/42
[dbuser@gridproj2 ~]$ psql -W -U dbuser -d lrc1000 -f$GLOBUS_LOCATION/setup/globus/globus-rls-lrc-postgres.sqlPassword:psql:/opt/globus-4.0.1/setup/globus/globus-rls-lrc-postgres.sql:5: NOTICE: CREATETABLE will create implicit sequence "t_lfn_id_seq" for "serial" column "t_lfn.id"psql:/opt/globus-4.0.1/setup/globus/globus-rls-lrc-postgres.sql:5: NOTICE: CREATETABLE / PRIMARY KEY will create implicit index "t_lfn_pkey" for table"t_lfn"CREATE TABLECREATE INDEXpsql:/opt/globus-4.0.1/setup/globus/globus-rls-lrc-postgres.sql:12: NOTICE: CREATETABLE will create implicit sequence "t_pfn_id_seq" for "serial" column "t_pfn.id"psql:/opt/globus-4.0.1/setup/globus/globus-rls-lrc-postgres.sql:12: NOTICE: CREATETABLE / PRIMARY KEY will create implicit index "t_pfn_pkey" for table "t_pfn"CREATE TABLECREATE INDEXCREATE TABLEpsql:/opt/globus-4.0.1/setup/globus/globus-rls-lrc-postgres.sql:19: NOTICE: ALTER
TABLE / ADD PRIMARY KEY will create implicit index "pk_map" for table"t_map"ALTER TABLECREATE INDEXpsql:/opt/globus-4.0.1/setup/globus/globus-rls-lrc-postgres.sql:26: NOTICE: CREATETABLE will create implicit sequence "t_rli_id_seq" for "serial" column "t_rli.id"psql:/opt/globus-4.0.1/setup/globus/globus-rls-lrc-postgres.sql:26: NOTICE: CREATETABLE / PRIMARY KEY will create implicit index "t_rli_pkey" for table "t_rli"CREATE TABLECREATE INDEXCREATE TABLEpsql:/opt/globus-4.0.1/setup/globus/globus-rls-lrc-postgres.sql:33: NOTICE: ALTERTABLE / ADD PRIMARY KEY will create implicit index "pk_rlipartition" for table"t_rlipartition"ALTER TABLECREATE INDEXpsql:/opt/globus-4.0.1/setup/globus/globus-rls-lrc-postgres.sql:41: NOTICE: CREATETABLE will create implicit sequence "t_attribute_id_seq" for "serial" column"t_attribute.id"psql:/opt/globus-4.0.1/setup/globus/globus-rls-lrc-postgres.sql:41: NOTICE: CREATETABLE / PRIMARY KEY will create implicit index "t_attribute_pkey" for table"t_attribute"CREATE TABLECREATE INDEX
CREATE TABLECREATE INDEXCREATE INDEXCREATE INDEXCREATE TABLECREATE INDEXCREATE INDEXCREATE INDEX
7/28/2019 Gt k Install
34/42
CREATE TABLECREATE INDEXCREATE INDEXCREATE INDEXCREATE TABLECREATE INDEXCREATE INDEXCREATE INDEX
[dbuser@gridproj2 ~]$ psql -W -U dbuser -d rli1000 -f$GLOBUS_LOCATION/setup/globus/globus-rls-rli-postgres.sqlPassword:psql:/opt/globus-4.0.1/setup/globus/globus-rls-rli-postgres.sql:5: NOTICE: CREATETABLE will create implicit sequence "t_lfn_id_seq" for "serial" column "t_lfn.id"psql:/opt/globus-4.0.1/setup/globus/globus-rls-rli-postgres.sql:5: NOTICE: CREATETABLE / PRIMARY KEY will create implicit index "t_lfn_pkey" for table
"t_lfn"CREATE TABLECREATE INDEXpsql:/opt/globus-4.0.1/setup/globus/globus-rls-rli-postgres.sql:12: NOTICE: CREATETABLE will create implicit sequence "t_lrc_id_seq" for "serial" column "t_lrc.id"psql:/opt/globus-4.0.1/setup/globus/globus-rls-rli-postgres.sql:12: NOTICE: CREATETABLE / PRIMARY KEY will create implicit index "t_lrc_pkey" for table "t_lrc"CREATE TABLECREATE INDEXpsql:/opt/globus-4.0.1/setup/globus/globus-rls-rli-postgres.sql:19: NOTICE: CREATETABLE will create implicit sequence "t_sender_id_seq" for "serial" column"t_sender.id"psql:/opt/globus-4.0.1/setup/globus/globus-rls-rli-postgres.sql:19: NOTICE: CREATETABLE / PRIMARY KEY will create implicit index "t_sender_pkey" for table"t_sender"CREATE TABLECREATE INDEXCREATE TABLEpsql:/opt/globus-4.0.1/setup/globus/globus-rls-rli-postgres.sql:28: NOTICE: ALTERTABLE / ADD PRIMARY KEY will create implicit index "pk_map" for table"t_map"ALTER TABLECREATE INDEXCREATE INDEXCREATE INDEX
psql:/opt/globus-4.0.1/setup/globus/globus-rls-rli-postgres.sql:37: NOTICE: CREATETABLE will create implicit sequence "t_rli_id_seq" for "serial" column "t_rli.id"psql:/opt/globus-4.0.1/setup/globus/globus-rls-rli-postgres.sql:37: NOTICE: CREATETABLE / PRIMARY KEY will create implicit index "t_rli_pkey" for table "t_rli"CREATE TABLECREATE INDEXCREATE TABLE
7/28/2019 Gt k Install
35/42
psql:/opt/globus-4.0.1/setup/globus/globus-rls-rli-postgres.sql:44: NOTICE: ALTERTABLE / ADD PRIMARY KEY will create implicit index "pk_rlipartition" for table"t_rlipartition"ALTER TABLECREATE INDEX[dbuser@gridproj2 ~]$
[dbuser@gridproj2 ~]$ $GLOBUS_IODBC_PATH/bin/iodbctest"DSN=lrc1000;UID=dbuser;PWD=demohcm"iODBC Demonstration programThis program shows an interactive SQL processorDriver Manager: 03.52.0405.0204Driver: 07.03.0200 (libpsqlodbc.so)SQL>select * from t_attribute;
id |name |objtype |type
-----------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------+-----------
result set 1 returned 0 rows.
SQL>select * from t_date_attr;
obj_id |attr_id |value-----------+-----------+--------------------------
result set 1 returned 0 rows.
SQL>quit
Have a nice day.[dbuser@gridproj2 ~]$
Configuring RLS server:
Before going to RLS configuration & testing, a patch is to be implemented for
the correct configuration of RLS server. Copy db.c file provided along with the toolkit tothe directory /home/globus/ gt4.0.1-all-source-installer/source-trees/replica/rls/server/and run the following commands below:
[globus@gridproj1 ]cd /home/globus/ gt4.0.1-all-source-installer/source-trees/replica/rls/server
7/28/2019 Gt k Install
36/42
[globus@gridproj1 server] $GLOBUS_LOCATION/sbin/gpt-build verbose forcegcc32dbgpthr
[globus@gridproj1 ] $GLOBUS_LOCATION/sbin/gpt-postinstall -force
Edit the below mentioned file and make sure that the following entries areuncommented:
update_immediate true # Propagate changes to RLI quicklyrlscertfile /etc/grid-security/hostcert.pemrlskeyfile /etc/grid-security/hostkey.pem
[root@gridproj2 etc]# more globus-rls-server.conf# Database connection options
db_user dbuserdb_pwd password of dbuserodbcini /etc/odbc.ini
update_immediate true # Propagate changes to RLI quickly
# LRC optionslrc_server truelrc_dbname lrc1000
# RLI optionsrli_server true # Indicates this is an RLI serverrli_dbname rli1000 # mysql-database-name
# Access control. There may be multiple acl options, each one# is a regular expression which is matched against the user's Distinguished# Name in is X.509 certificate, followed by a colon and a whitespace# separated list of privs, which are all, lrc_read, lrc_update, rli_read,# rli_update, stats and admin. If you use a grid-mapfile to map DNs to# local usernames you may specify those instead of DNs.acl .*: all
# Here are all the configuration options with default values:
# acl [no default]# authentication true# db_pwd changethis# db_user dbperson# idletimeout 900# loglevel 0# lrc_bloomfilter_numhash 3# lrc_bloomfilter_ratio 10
7/28/2019 Gt k Install
37/42
# lrc_dbname lrc1000# lrc_server false# maxbackoff 300# maxconnections 100# maxfreethreads 5# maxthreads 30# myurl rls://hostname:port# odbcini $GLOBUS_LOCATION/var/odbc.ini# pidfile $GLOBUS_LOCATION/var/.pid# port 39281# rli_bloomfilter false# rli_bloomfilter_dir none # Use "none", "default" or dir path# rli_dbname rli1000# rli_expire_int 28800# rli_expire_stale 86400# rli_server false# rlscertfile /etc/grid-security/hostcert.pem
# rlskeyfile /etc/grid-security/hostkey.pem# startthreads 3# timeout 30# update_bf_int 900# update_buftime 30# update_factor 10# update_immediate false# update_ll_int 86400# update_retry 300[root@gridproj2 etc]#
# Configure the database connection info
db_user dbuserdb_pwd dbpassword #give dbuser password here
# If the server is an LRC serverlrc_server truelrc_dbname lrc1000
# If the server is an RLI serverrli_server truerli_dbname rli1000 # Not needed if updated by Bloom filters
# Configure who can make requests of the serveracl .*: all
Execute the following command for the first time after starting the RLSserver.
$ $GLOBUS_LOCATION/bin/globus-rls-admin -a rls://gridproj3.ap.nic.inrls://gridproj3.ap.nic.in
7/28/2019 Gt k Install
38/42
Starting the RLS Server
Start the RLS Server by running from root
$GLOBUS_LOCATION/sbin/SXXrls start
Start the server in debug mode with the command:
$GLOBUS_LOCATION/bin/globus-rls-server -d -L 3
Stopping the RLS Server
Stop the RLS Server by running:
$GLOBUS_LOCATION/sbin/SXXrls stop
Testing
Ping the server using globus-rls-admin:
$GLOBUS_LOCATION/bin/globus-rls-admin -p rls://gridproj1.ap.nic.in
Generate a valid proxy for user
Before using any of the tools, a user must generate a valid user proxy. Use grid-proxy-init.
% $GLOBUS_LOCATION/bin/grid-proxy-initYour identity:/O=Grid/OU=GlobusTest/OU=simpleCA.mymachine/OU=mymachine/CN=John DoeEnter GRID pass phrase for this identity:
Ping the server
To check whether server is active
% $GLOBUS_LOCATION/bin/globus-rls-admin -p rls://localhostping rls://localhost: 0 seconds
Creating replica location mappings
$GLOBUS_LOCATION/bin/globus-rls-cli create aplfn1gsiftp://gridproj1.ap.nic.in/etc/group rls://gridproj1.ap.nic.in
Here the lfns created will be updated in lrc1000 database andrli1000 database. Incase, if you cannot see the lfns present in boththe databases, try out with restarting RLS server or restartingpostgresql server or querying the database.
7/28/2019 Gt k Install
39/42
Adding replica location mappings
To map additional target names to a logical name created by the previously describedcreate command, use the globus-rls-cli(1) addcommand.
$GLOBUS_LOCATION/bin/globus-rls-cli add aplfn1
gsiftp://gridproj1.ap.nic/tmp/test rls://gridproj1.ap.nic.in
Querying replica location mappings
Once your RLS server is populated with replica location mappings, you can query theserver for useful information using the globus-rls-cli(1) query command.
$GLOBUS_LOCATION/bin/globus-rls-cli query lrc lfn aplfn1rls://localhostaplfn1: gsiftp://gridproj1.ap.nic.in/etc/groupaplfn1: gsiftp://gridproj1.ap.nic.in/tmp/test
Deleting replica location mappings
To remove unwanted replica location mappings from your RLS server, use the globus-rls-cli(1) delete command.
% $GLOBUS_LOCATION/bin/globus-rls-cli delete my-logical-name-1 url-for-target-name-1 rls://localhost
% $GLOBUS_LOCATION/bin/globus-rls-cli query lrc lfn my-logical-name-1rls://localhost
my-logical-name-1: url-for-target-name-2% $GLOBUS_LOCATION/bin/globus-rls-cli delete my-logical-name-1 url-for-target-name-2 rls://localhost% $GLOBUS_LOCATION/bin/globus-rls-cli query lrc lfn my-logical-name-1rls://localhostglobus_rls_client: LFN doesn't exist: my-logical-name-1
Using bulk operations
The globus-rls-cli(1) supports a variety of bulk operations that enhance productivity forusers and reduce network connection overhead from making multiple, separateinvocations of the client.
% $GLOBUS_LOCATION/bin/globus-rls-cli bulk create aplfn1gsiftp://gridproj1.ap.nic.in/etc/group aplfn2gsiftp://gridproj3.ap.nic.in/tmp/test.copy rls://gridproj1.ap.nic.in
$GLOBUS_LOCATION/bin/globus-rls-cli bulk query lrc lfn aplfn1 aplfn2rls://gridproj1.ap.nic.in
aplfn1:gsiftp://gridproj1.ap.nic.in/etc/groupaplfn2:gsiftp://gridproj3.ap.nic.in/tmp/test
7/28/2019 Gt k Install
40/42
DRS:
Configuration overview
The DRS requires certain JNDI settings to be properly configured. The installed JNDIconfiguration file may be found at$GLOBUS_LOCATION/etc/globus_wsrf_replicator/jndi-config.xml.
Syntax of the interface
The settings are structured as name-value pairs. For example:
defaultIndexUrlrls://127.0.0.1:39281
Generate a valid proxy
Before using any of the tools, a user must generate a valid user proxy. Use grid-proxy-init.
% $GLOBUS_LOCATION/bin/grid-proxy-initYour identity:/O=Grid/OU=GlobusTest/OU=simpleCA.mymachine/OU=mymachine/CN=John DoeEnter GRID pass phrase for this identity:Creating proxy ................................. DoneYour proxy is valid until: Tue Oct 26 01:33:42 2004
Delegate user credentials
$GLOBUS_LOCATION/bin/globus-credential-delegate -h gridproj1.ap.nic.in-p 8443 mycredential.eprEPR will be written to: mycredential.eprDelegated credential EPR:Address: https://128.9.72.118:8443/wsrf/services/DelegationServiceReference property[0]:3b6cb210-e9b2-11d9-ab74-f7fa10f094cd
7/28/2019 Gt k Install
41/42
Replication request file
A key parameter for any replication request is the request file. The replication requestfile is a text file containing CRLF-terminated rows of tab-delimited pairs of LogicalFilename (LFN) names and destination (URL) locations. An example of such a file is
shown.% vi /tmp/testrun.reqtestrun-1 gsiftp://gridproj2.ap.nic.in/tmp/testtestrun-2 gsiftp://gridproj3.ap.nic.in/tmp/testing
Create replication resource
$GLOBUS_LOCATION/bin/globus-replication-create -shttps://gridproj1.ap.nic.in:8443/wsrf/services/ReplicationService -Cmycredential.epr -V myreplicator.epr file:///tmp/testrun.req
Start replication
Once a replication resource has been create, the replication activities may be started.
$GLOBUS_LOCATION/bin/globus-replication-start -e myreplicator.epr
Get replication resource properties
% $GLOBUS_LOCATION/bin/wsrf-get-property -e myreplicator.epr"{http://www.globus.org/namespaces/2005/05/replica/replicator}status"Active
And,
% $GLOBUS_LOCATION/bin/wsrf-get-property -e myreplicator.epr"{http://www.globus.org/namespaces/2005/05/replica/replicator}count"10000
Find replication item status
$GLOBUS_LOCATION/bin/globus-replication-finditems -e myreplicator.epr -S finished -O 1 -L 2
7/28/2019 Gt k Install
42/42
Destroy replication resource
% $GLOBUS_LOCATION/bin/wsrf-destroy -e myreplicator.epr
Destroy operation was successful