Installing Globus ToolKit 2'4

1
Installing Globus ToolKit 2.4

• Dr. Itzhak Ben-Akiva (TAU)
• David Front (WI)

2
Agenda

• Globus Overview
• Distributions available
• Packaging tools available
• Installation overview
• Installation step-by-step
• Obtaining Certificates
• Testing the Installation
• Configuring the server daemons
• Last words

3
Globus Overview

• The Globus Project provides software tools that
  make it easier to build computational grids and
  grid-based applications. These tools are
  collectively called the Globus Toolkit(tm).
• The composition of the Globus Toolkit can be
  pictured as three pillars. Each pillar represents
  a primary component of the Globus Toolkit and
  makes use of a common foundation of security.

Data Management
Information Services
Resource Management
4
Globus Overview cont.

• GRAM implements a resource management protocol.
• MDS implements an information services protocol.
• GridFTP implements a data transfer protocol.
• They all use the GSI security protocol at the
  connection layer.Note A detailed explanation
  of each component was given by David Front

5
What is available?

• Globus is available in two different format for
  installation
• Binary distribution Build a Grid
  environment develop Grid-enabled
  Applications Use Grid Tools
• Source distribution Change Globus ToolKit
  Code Debug GTK code at source level Install GTK
  on a platform fr which precompiled binaries are
  not available

6
What bundles are available?

• Globus is available in three different bundles
• Client constains the necessary pieces to be a
  consumer of Grid services
• Server constains the necessary pieces to install
  the Gridservers (GridFTP, MDS, GateKeeper, etc)
• SDK contains the libraries and headers required
  to compileand link your application to Globus.
  If you developing against Globus, this package is
  certainly your choise.
• You can download the bundles from
  http//globus.org/gt2.4/download.html

7
Installation Overview

• The installation will follow these steps
• Create a user named globus (optional, but
  recommended)
• Create a location to install Globus
• Install GPT or VDT
• Use GPT to install the source or binary bundles
• Obtaining Certificates
• Creating grid-mapfile
• Configure the installation
• Testing your installation

8
Step 1 Create a user named globus

• It is recommended to create a user named globus
  andexecute the installation as this user.
• Exception to the above will happen when you have
  to set upserver services.

9
Step 2 Create location to install

• Create two directories, one where you want to
  install GTK and the other to install GPT. They
  should be owned by user globus.
• Set up the Globus environment variables csh
  setenv GLOBUS_LOCATION ltglobus_install_dirgt bash
  export GLOBUS_LOCATIONltglobus_install_dirgt
• Set up GPT environment variables csh setenv
  GPT_LOCATION ltgpt_install_dirgt bash export
  GPT_LOCATIONltgpt_install_dirgt

10
Step 3 Installing GPT

• What is GPT (Grid Packaging Tool)?- GPT is a
  multi-platform packaging system used to deploy
  Grid middleware, developed by NCSA.
• GPT was designed to re-implement the deployment
  requirements of Globus plus shared libraries.-
  Most of Globus is libraries.- Globus has
  deployment requirements for client tools, service
  daemons, and development/build
  environments.- Globus wants to release
  individual components separately.- Globus wants
  to add outside software (ie. openssl, openldap)
  to these deployments.- Globus wants to work on
  multiple platforms.
• More information can be found on
  http//www.ncsa.uiuc.edu/Divisions/ACES/GPT/

11
Step 3a Installating GPT cont.

• GPT requires Perl 5.005 or greater and GNU tar
  and GNU make.
• In the directory where you downloaded the
  tarballs, do the following1. tar -xzvf
  gpt-2.2.9-src.tar.gz2. cd gpt-2.2.93.
  ./build_gpt
• You are done!

12
Installing Globus and Condor w/ VDT

• Another option is to install Globus and Condor
  together through the packaging tool named VDT.
• For a detailed installation instruction on VDT,
  refer tohttp//www.lsc-group.phys.uwm.edu/vdt/ins
  tallation.html

13
Step 4 Binary Bundle Installation

• To install the binary bundle on Intel i686
  platform, run the following commands
• GPT_LOCATION/sbin/gpt-install \globus-all-2.4.0-
  i686-pc-linux-gnu-bin.tar.gz
• csh source GLOBUS_LOCATION/etc/globus-user-env.
  csh or
• sh . GLOBUS_LOCATION/etc/globus-user-env.s
  h
• GPT_LOCATION/sbin/gpt-postinstall
• If you install any sdk bundle, you have to run
  the following commandGPT_LOCATION/sbin/gpt-buil
  d ltflavorgt -nosrcNote The binary bundles
  contained on the download page use gcc32dbg as
  the build flavor for Linux.

14
Step 4a Source Bundle Installation

• You have to run the following command for each
  source bundle you downloaded
• GPT_LOCATION/sbin/gpt-build ltbundlegt ltflavorsgt
  \-logdirltlog directorygt

15
List of Source Bundles

• globus-data-management-client-2.4.0-src_bundle.tar
  .gz gcc32dbg
• globus-data-management-sdk-2.4.0-src_bundle.tar.gz
  gcc32dbg
• globus-data-management-server-2.4.0-src_bundle.tar
  .gz gcc32dbg
• globus-information-services-client-2.4.0-src_bundl
  e.tar.gz gcc32dbgpthr
• globus-information-services-sdk-2.4.0-src_bundle.t
  ar.gz gcc32dbgpthr
• globus-information-services-server-2.4.0-src_bundl
  e.tar.gz gcc32dbg
• globus-resource-management-client-2.4.0-src_bundle
  .tar.gz gcc32dbg
• globus-resource-management-sdk-2.4.0-src_bundle.ta
  r.gz gcc32dbg
• globus-resource-management-server-2.4.0-src_bundle
  .tar.gz gcc32dbg

globus-resource-management-server-2.4.0-src_bundle
.tar.gz gcc32dbg
16
Step 4b Source bundle installation

• You need to source the following file before we
  finish our install. To do so, run the following
  command depending on your shell
• csh source GLOBUS_LOCATION/etc/globus-user-env.
  csh
• sh . GLOBUS_LOCATION/etc/globus-user-env.sh
• Lastly, run the following commands
• GPT_LOCATION/sbin/gpt-postinstall

17
Installation Structure
programs
sbin
lib
libraries
libexec
gcc32 headers
include
GLOBUS_LOCATION
gcc32pthr headers
packaging metadata
etc
setup
18
Step 5 Configuring your installation

• Now, you have to become root to run the command
  to set up GSI.
• Run GLOBUS_LOCATION/setup/globus/setup-gsiThis
  will install GSI files into /etc/grid-security
• If you do not have root on the system, run
  GLOBUS_LOCATION/setup/globus/setup-gsi -nonroot
  to install the security information into
  GLOBUS_LOCATION/etc instead of
  /etc/grid-security. The -nonroot option is aimed
  at client-side installs.

19
Obtaining Certificates

• Security is at the heart of Globus. As such, you
  will not be able to test Globus until you get a
  certificate for yourself.
• Currently, Globus has three diferent types of
  certificates - User Certificate - Host
  Certificate - LDAP Certificate
• I will describe here how to obtain a Globus
  Certificate. However, be aware that there are CA,
  which will involve the configuration step of
  adding trusted CA into Globus.

20
Obtaining Globus Certificates

• Make sure you are running as your normal user
  account.
• Run grid-cert-request
• grid-cert-request will ask for a password to
  protect your key, and give you a set of
  instructions for how to mail your request to the
  CA.
• Three files will be generated into /.globus
  usercert_request.pem, userkey.pem and
  usercert.pem
• When you receive your certificate from Globus,
  place it into /.globus directory.

21
Create the grid-mapfile

• Once you get your user certificate, you must
  create the grid-mapfile, which must contain the
  pair subject name ans user account of all user
  allowed to access your Grid services.
• Run grid-proxy-init to create a user proxy and
  afterwards rungrid-proxy-info -subject to get
  your subject name.
• Become root. Create a file named
  /etc/grid-security/grid-mapfile and add an entry
  like this/OGrid/OGlobus/OUtau.ac.il/CNItzha
  k Ben-Akiva benakiva

22
Obtaining Host Certificate

• Very important The certificate must be for a
  machine that has a consistent name in the DNS it
  should not run on a machine where a different
  name could be assigned to it.
• Become root and run the following command -
  grid-cert-request -service host -host
  ltyour-hostname-heregt
• Then, using your regular, user mail agent, send
  an email to ca_at_globus.org and copy and paste the
  contents of the request into it.
  grid-cert-request will output the location of the
  request. Please do not include this file as an
  attachment. Do not send this mail from the root
  account.

23
Obtaining LDAP Certificates

• Become root and run the following command -
  grid-cert-request -service ldap -host ltFQDNgt
• Then, using your regular, user mail agent, send
  an email to ca_at_globus.org and copy and paste the
  contents of the request into it.
  grid-cert-request will output the location of the
  request. Please do not include this file as an
  attachment.
• When you receive the certificate, save the entire
  email to /etc/grid-security/ldap/ldapcert.pem and
  to /etc/grid-security/ldap/ldapkey.pem.

24
Testing your installation GRAM

• As your normal user run the following command to
  create a proxy grid-proxy-init -debug -verify
• Start your personal gatekeeper by running -
  globus-personal-gatekeeper -startThis will
  generate a contact string likealzt1.tau.ac.il39
  705/OGrid/OGlobus/OUtau.ac.il/CNbenakiva
• Run globus-job-run ltcontactgt /bin/date.
  Substitute the contact string by the one
  generated by globus-personal-gatekeeper
• Top the personal gatekeeper and destroy the proxy
  by running - globus-personal-gatekeeper
  -killall - grid-proxy-destroy

25
Testing your Installation MDS

• By default, MDS allows anonymous access, which we
  will use for the purpose of this test. For
  information on how to configure MDS for
  non-anonymous access, refer tohttp//globus.org/g
  t2.4/admin/guide-configure.htmlmds
• Start MDS by running the command GLOBUS_LOCATION
  /sbin/globus-mds start
• Send a test query on a local host by running the
  command GLOBUS_LOCATION/bin/grid-info-search
  -anonymous -L

26
Testing your Installation GridFTP

• First, create a user proxy - grid-proxy-init
• Create a file named /.gridmap and add an entry
  with your subject, like /OGrid/OGlobus/OUtau
  .ac.il/CNItzhak Ben-Akiva your-username
• Start the GridFTP server - GLOBUS_LOCATION/sbin
  /in.ftpd -S -p 5678 -S leaves the daemon in the
  background -p specify the port
• Create a file name /tmp/file1 and run the
  followinf command- globus-url-copy -s
  "grid-cert-info -subject" \ gsiftp//localhost
  5678/tmp/file1 file///tmp/file2
• Check to make sure that /tmp/file2 now exists.

27
Services Startup

• I showed before how to start your services
  manually. Howerver, you can configure them to
  start automatically with your system.
• We will learn how to configure the startup of the
  following services - GRAM - MDS - GridFTP

28
Starting GRAM

• All the following modifications must be done as
  root.
• In the file /etc/services add a new
  services gsigatekeeper 2119/tcp
  Globus Gatekeeper
• If you're running inetd add the following entry
  all in one line into the file /etc/inetd.conf gs
  igatekeeper stream tcp nowait root /usr/bin/env
  env LD_LIBRARY_PATHGLOBUS_LOCATION/lib GLOBUS_LO
  CATION/sbin/globus-gatekeeper -conf
  GLOBUS_LOCATION/etc/globus-gatekeeper.conf
• Be sure to replace GLOBUS_LOCATION below with the
  actual value of GLOBUS_LOCATION in your
  environment.
• Or, if you're running xinetd

29
Configuring xinetd

• Add a file named globus-gatekeeper to the
  /etc/xinetd.d/ directory with the following
  contentservice gatekeeper socket_type
  stream protocol tcp wait no user
  root env LD_LIBRARY_PATHGLOBUS_LOCATION/lib
  server GLOBUS_LOCATION/sbin/globus-gatekeeper
  server_args -conf GLOBUS_LOCATION/etc/globus-ga
  tekeeper.conf disable no
• Restart the service killall -HUP inetd or
  /etc/rc.d/init.d/xinetd restart

30
Starting MDS

• Start MDS 2.2 with the following command
  GLOBUS_LOCATION/sbin/globus-mds start
• Create a script calling this command and put it
  into /etc/rc.d/init.d/mds and a call to that
  script made in the appropriate /etc/rc.d/rc?.d
  (where ? is the default runlevel of your system,
  as specified in /etc/inittab)

31
Starting GridFTP

• All the following modifications must be done as
  root.
• Add an entry to /etc/services reading
  gsiftp 2811/tcp GridFTP Service
• For inetd, add the following entry, all on one
  line, to /etc/inetd.conf. Be sure to replace
  GLOBUS_LOCATION below with the actual value of
  GLOBUS_LOCATION in your environment gsiftp
  stream tcp nowait root /usr/bin/env env
  LD_LIBRARY_PATHGLOBUS_LOCATION/lib
  GLOBUS_LOCATION/sbin/in.ftpd -l -a -G
  GLOBUS_LOCATION
• Restarts inetd by running killall -HUP inetd

32
Configuring xinetd for GridFTP

• Add a file named grid-ftp to the /etc/xinetd.d/
  directory with the following contentservice
  gsiftp socket_type stream protocol
  tcp wait no user root env
  LD_LIBRARY_PATHGLOBUS_LOCATION/lib server
  GLOBUS_LOCATION/sbin/in.ftpd server_args -l
  -a -G GLOBUS_LOCATION log_on_success
  DURATION USERID log_on_failure
  USERID nice 10 disable no
• Restart the service by running /etc/rc.d/init.d/xi
  netd restart

33
Advanced Configuration

• On how to configure the server daemons beyond the
  default configuration, I will direct you to the
  following web pagehttp//globus.org/gt2.4/admin/g
  uide-configure.html
• By this time you're done with the configuration

34
Last words

• Globus is under constant development. Bugs fixes,
  security and enhancements are released
  frequently.
• As an advice, check frequently the advisory
  pagehttp//www-unix.globus.org/toolkit/2.4/advis
  ories/