How to install and configure a Globus Tookit 4 Site

In this tutorial we are considering the installation of Globus Toolkit version 4.2.1 This installation is based on CentOS release 5.5 (Final) Linux distribution on 64 bit.

1.  Required software


1.1  Globus Tookit

Download the Globus Toolkit installer, from Globus Toolkit download page: http://www.globus.org/toolkit/downloads/

1.2  Java

Make sure that java J2SE 1.5+ SDK is installed on your machine To try if java is installed please:

 java -version
 -bash: java: command not found

If you see output like this means that you don't have a java distribution on your host. The easiest way to do it is download and use the Linux RPM (self-extracting) file from: http://java.sun.com/j2se So in order to install it: Follow these instructions:

1. Become the root user by running the su command and entering the super-user password. At the terminal: Type:

su
Enter the root password.

2. Change to the directory in which you want to install. Type:

cd <directory>

For example, to install the software in the /usr/java/ directory, Type:

     
cd /usr/java

Note about root access: To install Java in a system-wide location such as/usr/local, you must login as the root user to gain the necessary permissions. If you do not have root access, install Java in your home directory or a subdirectory for which you have write permissions.

3. Change the permission of the file you downloaded to be executable. Type:

chmod a+x jre-6u<version>-linux-i586-rpm.bin

4. Start the installation process. Type:

./jre-6u<version>-linux-i586-rpm.bin

The license agreement is displayed. Review the agreement. Press the spacebar to display the next page. At the end, enter yes to proceed with the installation.

5. The installation file creates and runs the file jre-6<version>-linux-i586.rpm in the current directory.

6 Verify that the jre1.6.0_<version> sub-directory is listed under the current directory. Type:

ls

1.3  Ant 1.6.2

In order to install Ant it is recommended to use the jpackage form: http://www.jpackage.org/yum.php

yum clear all
yum update 
yum install ant.x86_64

Some error like this may occur: Error: Missing Dependency: /usr/bin/rebuild-security-providers is needed by package java-1.4.2-gcj-compat-1.4.2.0-40jpp.115.x86_64

In order to fix it download the rpm form: http://rpm.pbone.net/ the package has the following name jpackage-utils-1.7.3-1jpp.2.el5.noarch.rpm

Go in the

/var/cache/yum/jpackage-generic/packages

Download the package form one of the mirrors and install it with:

 
rpm -i jpackage-utils-1.7.3-1jpp.2.el5.noarch.rpm

Retry to install ant:

 
yum install ant.x86_64

Ant is complaining about missing xml-common-apis

 
yum install xml-commons-apis.x86_64

If some other dependency error occur we advice you to install Ant by yourself following the instructions on the following site:

http://ant.apache.org/manual/install.html#getBinary

1.4  C compiler. If gcc, avoid version 3.2. Versions 3.2.1 and 2.95.x are okay.

Check your version compiler con:

 
gcc -v

1.5  Other required software:

  • GNU tar
  • GNU sed
  • zlib1.1.4+
  • GNU Make
  • sudo
  • openssl
  • gpt-3.2autotools2004

2.  Installation


In order to install the Globus Toolkit distribution.

2.1  Torque/PBS installation

In order to get an interoperability between Globus Toolkit and Torque/PBS and permit wsgram-pbs configuration of the Toolkit a Torque client is needed to be installed on the host.

So 1. Download the TORQUE distribution form: http://clusterresources.com/downloads/torque

2. Extract the packaged file and navigate to the unpackaged directory.

tar -xzvf torque-2.3.4.tar.gz
cd torque-2.3.4/

3. Configure with the desired options:

./configure --disable-server --disable-mom

4. Compile and install the software:

make
make install

2.2  Globus Toolkit Installation

1. Create a user named "globus". This user will be used for performing all the administrative tasks, so be sure that the directory where the software is going to be installed have the right permissions.

You might need to create the target directory as root, then chown it to the globus user:

mkdir /usr/local/globus-4.2.1.1
chown globus:globus /usr/local/globus-4.2.1.1

2. Be sure that all the software required in the first session is correctly installed.

3. In this guide we will assume that you are installing to /usr/local/globus-4.2.1.1, but you may replace /usr/local/globus-4.2.1.1 with whatever directory you wish to install to.

As the globus user, run:

export GLOBUS_LOCATION=/usr/local/globus-4.2.1.1
export PBS_HOME=/dir/to/torque/installation
./configure --enable-prewsmds --enable-wsgram-pbs --prefix=$GLOBUS_LOCATION
./configure --prefix=$GLOBUS_LOCATION

3.  Globus Toolkit Configuration


In this section a general toolkit configuration will be done.

3.1  Environment variables configuration

In order for the system to know the location of the Globus Toolkit commands you just installed, you must set an environment variable and source the globus-user-env.sh script. It is recommended to create a script named globus.sh in your /etc/profile.d directory containing

export GLOBUS_LOCATION=/dir/to/globus-instalation
source $GLOBUS_LOCATION/etc/globus-user-env.sh

Do not forget to change the permissions of the file globus.sh and make the file an executable one.

3.2  Security Management

You must have X509 certificates to use the GT 4.2.1 software securely (referred to in this documentation as host certificates). Host certificates must:

    * consist of the following two files: hostcert.pem and hostkey.pem
    * be in the appropriate directory for secure services: /etc/grid-security/
    * be for a machine which has a consistent name in DNS; you should not run it 
      on a computer using DHCP where a different name could be assigned to your computer.

In the GridSeed working environment you could obtain the host certificate simply connecting to the master.grid.seed node and invoking:

createHostcert.sh globus4.grid.seed

links to the hostcert.pem and hostkey will be given to you, so turn back the host where globus is being installed, change to /etc/grid-security dir (create it if not present) and wget the files form the master. Be sure that the files have the following permissions:

-rw-r--r-- 1 root   root   5482 Sep 23 10:10 hostcert.pem
-r-------- 1 root   root   1679 Sep 23 10:10 hostkey.pem

The host key (/etc/grid-security/hostkey.pem) is only readable to root. The container (hosting environment provided by Java WS Core) will be running as a non-root user (probably the globus user) and in order to have a set of host credentials which are readable by the container, we need to copy the host certificate and key and change the ownership to the container user.

root# cd /etc/grid-security
root# cp hostkey.pem containerkey.pem
root# cp hostcert.pem containercert.pem
root# chown globus.globus containerkey.pem containercert.pem

Inside the /etc/grid-security create a directory named certificates, then do as follows:

cd /etc/grid-security/certificates
wget master.grid.seed/ca/pub/credential.tar.gz
tar -xzvf credential.tar.gz

In order to add authorization to specific user you must

1. Create /etc/grid-security/grid-mapfile as root.

2. You will also need the:

   * the user subject name
   * the account name it should map to

3. Once you've found this information you must do as root

grid-mapfile-add-entry \
-dn "/O=GRIDSEED/DC=seed/DC=grid/OU=Personal Certificate/CN=gridseed gridseed" -ln .gridseed

3.3  Starting Globus Toolkit service container

Try to see if your service container will start without problems Login as globus user

globus-start-container-detached

use this command to run the container in background, otherwise use the globus-start-container command.

in order to stop the container use:

globus-stop-container-detached

or globus-stop-container

4.  Installing and configuring GridFTP server.

4.1  Installation

GridFTP is built and installed as part of a default GT 4.2.1 installation, so if followed the instructions above you should have the server already installed on the host.

4.2  Configuration

For the GridFTP configuration you should create a gridftp.conf in one of the following directories:

  • $GLOBUS_LOCATION/etc/
  • /etc/grid-security/

Here: http://www.globus.org/toolkit/docs/4.2/4.2.1/data/gridftp/admin/#globus-gridftp-server you can find a complete list of all the possible configuration options and values

4.3  Run the server under xinetd

1. If not present install xinetd using yum.

2. Set up xinetd configuration file

vi /etc/xinetd.conf

and add the following rows.

service gsiftp
{
instances               = 10
socket_type             = stream
wait                    = no
user                    = root
env                     += GLOBUS_LOCATION=/usr/locatl/globus-4.2.1.1
env                     += LD_LIBRARY_PATH=/usr/local/globus-4.2.1.1/lib
server                  = /usr/local/globus-4.2.1.1/sbin/globus-gridftp-server
server_args             = -i
log_on_success          += DURATION
nice                    = 10
disable                 = no
}

3. At the end run:

service xinetd start

5.  RFT Installation and configuration

5.1  Installation

RFT is built and installed as part of a default GT 4.2.1 installation. No extra installation steps are required for this component.

5.2  Configuration

In order to configure properly RFT the following prerequisites must be respected:

  • Java WS Core - This is built and installed
  • A host certificate
  • GridFTP - GridFTP performs the actual file transfer and is built and installed
  • PostgreSQL - PostgreSQL is used to store the state of the transfer to allow for restart after failures.

The first tree must be already installed and configured properly on your host, so for the PostgreSQL installation please do as follows:

PostgreSQL (version 7.1 or greater) can be used with RFT.

1. In order to start postgres on boot of you machine with the desired options (-i) in order for the server to accept TCP/IP connections add the following string to your /etc/rc.local file: su -c 'postmaster -i -D /var/lib/pgsql/data -l serverlog' postgres

2. You will now need to create a PostgreSQL user that will connect to the database. This is usually the account under which the container is running. You can create a PostgreSQL user by running the following command:

su postgres
createuser globus

3. Now you need to set security on the database you are about to create. You can do it by following the steps below:

sudo vi /var/lib/pgsql/data/pg_hba.conf and append the following line to the file:
host rftDatabase "username" "host-ip" 255.255.255.255 md5

Note: use crypt instead of md5 if you are using PostgreSQL 7.3 or earlier.

as postgrs user

sudo /etc/init.d/postgresql stop
postmaster -i -D /var/lib/pgsql/data > serverlog 2>&1 &

4. To create the database that is used for RFT run (as user globus): createdb rftDatabase.

5. To populate the RFT database with the appropriate schemas run:

psql -d rftDatabase -f $GLOBUS_LOCATION/share/globus_wsrf_rft/rft_schema.sql. 

6. Open $GLOBUS_LOCATION/etc/globus_wsrf_rft/jndi-config.xml.

Find the dbConfiguration section under the ReliableFileTransferService <service> section.

Change the connectionString to point to the machine on which you installed PostgreSQL and to the name of the database you used in step 2. If you installed PostgreSQL on the same machine as your Globus install, the default should work fine for you.

Now that you have created a database to store RFT's state, the following steps configure RFT to find the database

7. Change the userName to the name of the user who owns/created the database and do the same for the password (it also depends on how you configured your database).

6.  PBS/Torque Configuration

6.1  Installation

In order to have the ability to submit PBS job on the CE (current gridseed Torque servers: ce-1.grid.seed and ce-2.grid.seed) through the Milu Interface you have to install a PBS/Torque client part on the globus host. Keep in mind that its version must be the same as that of the Torque server installed.

6.2  Configuration