gt k install

7/28/2019 Gt k Install

1/42

1. Introduction

This is a guide to Globus Toolkit 4.0.1 (GTK-4.0.1) installation. It deals with a basic

installation that installs Core and the following Base Services: a security infrastructure

(GSI), GridFTP, RFT, and DRS. After the installation and testing it looks into how touse the CA of one machine on a second one telling how to get the certificates of the

second machine signed by the CA and using the signed certificates. It also talks about

RLS and DRS configuration and testing.

Before going to the installation of the support softwares, create a .bash_profile

file in root user with the required CLASSPATH & PATH entries. The .bash profile

should look like the following:

# .bash_profile

# Get the aliases and functions

if [ -f ~/.bashrc ];

then

. ~/.bashrc

fi

# User specific environment and startup programs

ANT_HOME="/usr/local/apache-ant-1.6.2"

JAVA_HOME="/opt/SUNWappserver/jdk"

CATALINA_HOME="/opt/apache-tomcat-5.5.15"

CATALINA_BASE="/opt/apache-tomcat-5.5.15"

GLOBUS_LOCATION="/opt/globus-4.0.1"

GLOBUS_IODBC_PATH="/opt/globus-4.0.1"

ODBCINI="/opt/globus-4.0.1/var/odbc.ini"CLASSPATH=$CLASSPATH:/usr/local/apache-ant-1.6.2/lib/ant.jar

PATH=$PATH:$HOME/bin:$JAVA_HOME/bin:$ANT_HOME/bin:$GLOBUS_LOC

ATION/bin:$GLOBUS_LOCATION/sbin:


2/42

export PATH ANT_HOME JAVA_HOME CLASSPATH CATALINA_HOME

CATALINA_BASE GLOBUS_LOCATION GLOBUS_IODBC_PATH ODBCINI

unset USERNAME

if [ -e $GLOBUS_LOCATION/etc/globus-user-env.sh ];

then

. $GLOBUS_LOCATION/etc/globus-user-env.sh

fi

if [ -e $GLOBUS_LOCATION/etc/globus-devel-env.sh ];

then

. $GLOBUS_LOCATION/etc/globus-devel-env.sh

fi

After the creation of the .bash profile as root user execute the bash profile:

#. .bash_profile

Note : Give a hostname to your System by using neat command as a root

The /etc/hosts file

Entries made in the /etc/hosts should be strictly in this format. A sample /etc/hosts file

# Do not remove the following line, or various programs

# that require network functionality will fail.

10.160.2.45 localhost.localdomain localhost

10.160.2.45 gridproj1.ap.nic.in.in gridproj1

10.160.2.42 gridproject2. ap.nic.in.in gridproject2

10.160.2.43 gridproj3. ap.nic.in.in gridproj3

Special care should be taken with the first line mentioning localhost. The nextentries should be of the host machines IP addresses (one or more). After these shouldcome the entries of other systems.


3/42

NOTE: what ever the systems need to be connected those system entries should be

present in /etc/hosts file after the System name of the present globus installation

system.

2. Installing support softwares

GTK-4.0.1 requires various support softwares. These are required both for its

installation and its running. Their installation is discussed first

.2.1JAVA

GTK4.0.1 is completely written in java so, we want to install java. This

installation is also used for writing services in java. Before installing this java, remove

the pre installed java, which was installed along with O.S. Remove javac & java from

/usr/bin.

Install J2SE 1.4.2+ (+ means >= 1.4.2 version) SDK of SUN, IBM, BEA (do not

use GCJ).

Download Link: http://java.sun.com/j2se

Steps:

1. As root execute the binary j2sdk-1.4.2-nb-3.5-bin-linux.bin --

$ ./j2eesdk-1_4_02_2005Q2-linux.bin

This installs java in /opt/ SUNWappserver directory

2. Now test for which java being used with the command (as root user)

#which java

It should give the output as /opt/SUNWappserver/jdk/bin/java. This is shownonly when the pre-installed java is removed.

2.2Apache Ant

Ant is a Java-based build tool required for the GT4.0.1 installation. The toolkit is

composed of many Java classes that need to be combined or built to form a functioning


4/42

program. Ant is used to execute an Ant-based build script that automates the build

process (if the toolkit needs to be re-built at any point, Ant can skip actions that have

already been completed.)

Required for: Web services installation

Recommended Version: 1.6.1+

Download Link: http://jakarta.apache.org/ant

Steps:

Do the following as root.

1. To install Ant, copy the apache-ant-1.6.2-bin.tar.gz tar file in /usr/local

2. Untar this file --

tar -zxvf apache-ant-1.6.2-bin.tar.gz

3. A directory apache-ant-1.6.2 is created. This directory will be known as

ANT_HOME.

4. As root user run the command

# which ant

It gives which ant path the system is using, it must be the ANT_HOME path

otherwise you need to edit the /etc/bashrc file by adding the following lines

For further help http://ant.apache.org/manual/index.html can be visited.

2.3. C compiler

Required for compilation of C code. These things will come while installing

Operating system. We used Fedora Core 3 Operating systems. Avoid version 3.2, 3.2.1,

4.1.0. The versions can be downloaded from http://gcc.gnu.org

RPM used- gcc-3.4.2-6


5/42

2.4. GNU tar

Required for: Unpack aging software

Available at http://www.gnu.org/software/tar/tar.html

RPM used: tar-1.14-4

2.5. GNU Sed

Required for: scripts to edit text files

Available at http://www.gnu.org/software/sed/sed.html

RPM used: sed-4.1.2-4

2.6. Zlib

Required for: lossless data-compression library

Available at http://www.gzip.org/zlib/

Use zlib 1.1.4+

RPM used: zlib-1.2.1.2-1

2.7Make

Required for: Make is a tool, which controls the generation of executables and other

non-source files of a program from the program's source files.

Available at: www.gnu.org/software/make

RPM used: make-3.80-5

2.8. sudo

Required for: Allows administrator to give restricted root access.


6/42

Available at: www.courtesan.com/sudo/

RPM used: sudo-1.6.7p5-30.1

2.9. JDBC Complaint database

Required for: Database connectivity in java Environment.

We can use PostgreSQL7.1+

Available at: www.postgresql.org

RPM used: postgresql-7.4.6-1.FC3.1

This is available while installing O.S, or you can download it manually and install.

3.0 Additional users required:

1. To install GTK-4.0.1 the following users are needed on the machine.

User ID Group ID Description

root root Super user

globus globus Globus Toolkit environment. For

installation and execution of the Toolkit.

apuser apuser A user other than root or globus. End

user environment for job execution on

the Grid and testing the services

2. Steps of installation:

As root user, create globus user

[root@gridproj1 ~]# adduser globus

[root@gridproj1 ~]# passwd globus


7/42

3. Make the installation directory. This is where all the GT4 installation will reside. runas root user

[root@gridproj1 ~]# mkdir /opt/globus-4.0.1

4. Make a directory var in /opt/globus-4.0.1 and copy the odbc.ini file to that vardirectory.

5. Change the owner ship for this directory as globus. Run as root user

[root@gridproj1 ~]# chown R globus.globus /opt/globus-4.0.1

6. Download gt4.0.1-all-source-installer.tar.gz from

http://www.globus.org/toolkit/

3.2 Optional Software

3.2.1 IODBC

Required for: This is required for RLS

Download Link: http://www.iodbc.org/

NOTE: In this manual, postgresql 7.4.6 is used. Hence, the built-in odbc driver is usedin odbc.ini file. If any other version is used, install the concerned odbc driver and

mention that particular driver in odbc.ini file along with the path.

Steps:

To install IODBC, Do the following:

1. Copy libiodbc-3.52.4.tar.gz to /home/globus (as root user)

2. Untar this file with the command(as globus user)

[globus@gridproj1 ]#tar -zxvf libiodbc-3.52.4.tar.gz

3. A directory libiodbc-3.52.4 is created.

4. Change the directory to libiodbc-3.52.4 & run ./configure as the following


8/42

[globus@gridproj1 libiodbc-3.52.4]# ./configure --prefix

=$GLOBUS_IODBC_PATH --with-iodbcdir=$GLOBUS_LOCATION/var

checking for a BSD-compatible install... /opt/globus-4.0.1in/install -c

checking whether build environment is sane... yes

checking for gawk... gawk

checking whether make sets $(MAKE)... yes

.......................................................................

.........................................................................

config.status: creating include/config.h

config.status: executing depfiles commands

config.status: executing default commands

iODBC Driver Manager 3.52.4 configuration summary

Installation variables

layout default

prefix /opt/globus-4.0.1/

exec_prefix ${prefix}

Installation paths

programs ${exec_prefix}/bin

include files ${prefix}/include

libraries ${exec_prefix}/lib


9/42

manual pages ${prefix}/man

Configuration files

odbc.ini /etc/var

odbcinst.ini /etc/odbcinst.ini

Extensions

ODBC Version 3

GUI Extensions true

ThreadSafe true

5. Now run make

[globus@gridproj1 libiodbc-3.52.4]# make

6. Now run make install

[globus@gridproj1 libiodbc-3.52.4]#make install

3.2.2. Jakarta Tomcat

This is optional because the GT3 and above installation provides a standalone

web service container for testing purposes.

Recommended Version: 4.1.24 or above

Download Link: http://jakarta.apache.org/tomcat

Steps: As root do the following

1. Copy jakarta-tomcat-5.5.15.tar.gz to /opt/. Unpack it there.

$tar -zxvf jakarta-tomcat-5.5.15.tar.gz

4. Building the Toolkit


10/42

1. Copy the downloaded gt4.0.1-all-source-installer.tar.gz to the /home/globus.

2. Copy the roots bash profile to globus user home directory and execute it.

3. Run as globus user

[globus@gridproj1 ~]$ tar -xvzf gt4.0.1-all-source-installer.tar.gz

3. Change to gt4.0.1 installation directory

[globus@gridproj1 ~]$ cd gt4.0.1-all-source-installer

4. Run as user globus

[globus@gridproj1 gt4.0.1-all-source-installer]$ ./configure --

prefix=$GLOBUS_LOCATION --with-iodbc= $GLOBUS_LOCATION --enable-drs

checking build system type... i686-pc-linux-gnu

checking for javac... /opt/SUNWappserver/jdk/bin/javac

checking for ant... /usr/local/apache-ant-1.6.2/bin/ant

configure: creating ./config.status

config.status: creating Makefile

5. Make the installation

[globus@gridproj1 gt4.0.1-all-source-installer]$make

---------------------------------------------------------------------------------------------------

gpt-build ====> CHECKING BUILD DEPENDENCIES FOR

globus_c_wsrf_notification_test

gpt-build ====> Changing to /home/globus/gt4.0.1-all-source-installer/source-

trees/wsrf/c/core/notification/test

gpt-build ====> BUILDING FLAVOR gcc32dbg

gpt-build ====> Changing to /opt/globus-4.0.1/etc

gpt-build ====> REMOVING empty package globus_c_wsrf_notification_test-gcc32dbg-dev

gpt-build ====> REMOVING empty package globus_c_wsrf_notification_test-

gcc32dbg-pgm_static


gcc32dbg-rtl


11/42


noflavor-doc

/opt/globus-4.0.1/sbin/gpt-build -srcdir=source-trees/wsrf/c/core/providers/test_service

gcc32dbg

gpt-build ====> CHECKING BUILD DEPENDENCIES FOR

globus_c_wsrf_providers_test_service_bindings

gpt-build ====> Changing to /home/globus/gt4.0.1-all-source-installer/source-

trees/wsrf/c/core/providers/test_service

gpt-build ====> BUILDING FLAVOR gcc32dbg

gpt-build ====> Changing to /opt/globus-4.0.1/etc

gpt-build ====> REMOVING empty package

globus_c_wsrf_providers_test_service_bindings-gcc32dbg-pgm


globus_c_wsrf_providers_test_service_bindings-gcc32dbg-pgm_static


globus_c_wsrf_providers_test_service_bindings-noflavor-data

----------------------------------------------------------------

gpt-build ====> REMOVING empty package globus_rendezvous-noflavor-doc

echo "Your build completed successfully. Please run make install."

Your build completed successfully. Please run make install.make: Nothing to be done for `all'.

NOTE: This command may take around 2-4 hours depending upon the systemhardware dependents.

[globus@gridproj1 gt4.0.1-all-source-installer]$

5. Run make install now

[globus@gridproj1 gt4.0.1-all-source-installer]$ make install

/opt/globus-4.0.1/sbin/gpt-postinstall


12/42

running /opt/globus-4.0.1/setup/globus/setup-globus-common..[Changing to /opt/globus-

4.0.1/setup/globus ]

creating globus-sh-tools-vars.sh

creating globus-script-initializer

creating Globus::Core::Paths

checking globus-hostname

Done

..Done

running /opt/globus-4.0.1/setup/globus/setup-globus-rls-server..[Changing to

/opt/globus-4.0.1/setup/globus]

creating SXXrls

creating globus-rls-server.conf

creating rls-ldif.conf

Done

..Done

running /opt/globus-4.0.1/setup/globus/setup-globus-scheduler-provider-fork..[

Changing to /opt/globus-4.0.1/setup/globus ]

checking for touch... /bin/touch

find-fork-provider-tools: creating ./config.status

config.status: creating /opt/globus-4.0.1/libexec/globus-scheduler-provider-fork..Donerunning /opt/globus-4.0.1/setup/globus/setup-gram-service-common..[Changing to

/opt/globus-4.0.1/setup/globus ]

Running /opt/globus-4.0.1/setup/globus/setup-gram-service-common

Determining system information...

Buildfile: /opt/globus-4.0.1/setup/globus/build-gram-service-gar.xml

-------------------------------------------------------------------

If you wish to configure the optional GAA-based Globus Authorization

callouts, run the setup-globus-gaa-authz-callout setup script.

..Done


13/42

running /opt/globus-4.0.1/setup/globus/setup-globus-gatekeeper..[ Changing to


Creating gatekeeper configuration file...

Done

Creating grid services directory...

Done

..Done

running /opt/globus-4.0.1/setup/globus/setup-seg-fork.pl..[ Changing to /opt/globus-

4.0.1/setup/globus ]

..Done

running /opt/globus-4.0.1/setup/globus/setup-globus-gram-job-manager..[ Changing to


Creating state file directory.

Done.

Reading gatekeeper configuration file...

Warning: Host cert file: /etc/grid-security/hostcert.pem not found. Re-run

setup-globus-gram-job-manager after installing host cert file.

Determining system information...

Creating job manager configuration file...

Done..Done

running /opt/globus-4.0.1/setup/globus/setup-globus-job-manager-fork..[ Changing to


checking for mpiexec... /usr/bin/mpiexec

checking for mpirun... /usr/bin/mpirun

find-fork-tools: creating ./config.status

config.status: creating fork.pm

..Done

[globus@gridproj1 gt4.0.1-all-source-installer]$

4 Simple CA set-up: (First machine installation)

4.1 Setting up the simpleCA for the machine run as user globus


14/42

[globus@gridproj1 ~]$GLOBUS_LOCATION/setup/globus/setup-simple-ca

WARNING: GPT_LOCATION not set, assuming:GPT_LOCATION=/opt/globus-4.0.1

C e r t i f i c a t e A u t h o r i t y S e t u p

This script will setup a Certificate Authority for signing Globususers certificates. It will also generate a simple CA packagethat can be distributed to the users of the CA.

The CA information about the certificates it distributes willbe kept in:

/home/globus/.globus/simpleCA/

/usr/local/globus-4.0.1/setup/globus/setup-simple-ca: line 250:test: res: integer expression expected

The unique subject name for this CA is:cn=Globus Simple CA, ou=simpleCA-gridproj1.ap.nic.in, ou=GlobusTest,o=Grid

Do you want to keep this as the CA subject (y/n) [y]:y

Enter the email of the CA (this is the email where certificaterequests will be sent to be signed by the CA): [email protected]

The CA certificate has an expiration date. Keep in mind thatonce the CA certificate has expired, all the certificatessigned by that CA become invalid. A CA should regeneratethe CA certificate and start re-issuing ca-setup packagesbefore the actual CA certificate expires. This can be doneby re-running this setup script. Enter the number of DAYSthe CA certificate should last before it expires.[default: 5 years (1825 days)]:9000

Enter PEM pass phrase:Verifying - Enter PEM pass phrase:

/bin/sed: can't read /tmp//globus_tmp_ca_setup//pkgdata/pkg_data_src.gpt.tmpl:No such file or directory

creating CA config package...done.

A self-signed certificate has been generated


15/42

for the Certificate Authority with the subject:

/O=Grid/OU=GlobusTest/OU=simpleCA-gridproj1.ap.nic.in/CN=Globus SimpleCA

If this is invalid, rerun this script

/opt/globus-4.0.1/setup/globus/setup-simple-ca

and enter the appropriate fields.

-------------------------------------------------------------------

The private key of the CA is stored in/home/globus/.globus/simpleCA//private/cakey.pemThe public CA certificate is stored in/home/globus/.globus/simpleCA//cacert.pem

The distribution package built for this CA is stored in

/home/globus/.globus/simpleCA/globus_simple_ca_9e85453f_setup-0.18.tar.gz

This file must be distributed to any host wishing to requestcertificates from this CA.

CA setup complete.

4.2 The following commands will now be run to setup the securityconfiguration files for this CA:

$GLOBUS_LOCATION/sbin/gpt-build/home/globus/.globus/simpleCA/globus_simple_ca_9e85453f_setup-0.18.tar.gz

$GLOBUS_LOCATION/sbin/gpt-postinstall-------------------------------------------------------------------

setup-ssl-utils: Configuring ssl-utils packageRunning setup-ssl-utils-sh-scripts...

******************************************************************

Note: To complete setup of the GSI software you need to run thefollowing script as root to configure your security configurationdirectory:

/opt/globus-4.0.1/setup/globus_simple_ca_9e85453f_setup/setup-gsi


16/42

For further information on using the setup-gsi script, use the -helpoption. The -default option sets this security configuration to bethe default, and -nonroot can be used on systems where root access isnot available.

******************************************************************

setup-ssl-utils: Complete

4.3 If you have set GLOBUS_LOCATION in .bash_profile of root, then no need of

doing this otherwise you want to export GLOBUS_LOCATION

[root@gridproj1 ~]#export GLOBUS_LOCATION=/opt/globus-4.0.1

4.4 Now you want to make my machine trust that new CA, which I do by running the

following command as root.

[root@gridproj1 ~]# /opt/globus-4.0.1/setup/globus_simple_ca_9e85453f_setup/setup-gsi default

setup-gsi: Configuring GSI securityMaking /etc/grid-security...mkdir /etc/grid-securityMaking trusted certs directory: /etc/grid-security/certificates/mkdir /etc/grid-security/certificates/Installing /etc/grid-security/certificates//grid-security.conf.9e85453f...Running grid-security-config...Installing Globus CA certificate into trusted CA certificate directory...Installing Globus CA signing policy into trusted CA certificate directory...setup-gsi: Complete

4.5 Now that we've created a CA and trust it, we'll get a hostcert for the machine.Run

the following as root.

[root@localhost certificates]# grid-cert-request -host `hostname`Generating a 1024 bit RSA private key..............................++++++

.....++++++writing new private key to '/etc/grid-security/hostkey.pem'-----You are about to be asked to enter information that will be incorporatedinto your certificate request.What you are about to enter is what is called a Distinguished Name or a DN.There are quite a few fields but you can leave some blankFor some fields there will be a default value,


17/42

If you enter '.', the field will be left blank.-----Level 0 Organization [Grid]:Level 0 Organizational Unit [GlobusTest]:Level 1Organizational Unit [simpleCA-gridproj3.ap.nic.in]:Name (e.g., John M. Smith)[]:

A private host key and a certificate request has been generatedwith the subject:

/O=Grid/OU=GlobusTest/OU=simpleCA-gridproj1.ap.nic.in/CN=host/gridproj3.ap.nic.in

----------------------------------------------------------

The private key is stored in /etc/grid-security/hostkey.pemThe request is stored in /etc/grid-security/hostcert_request.pem

Please e-mail the request to the Globus Simple CA [email protected] may use a command similar to the following:

4.7 We need to sign the certificate using our simpleCA, as globus, If you are using your

own CA, run the following command as globus user. Other wise you want to send

hostcert_request.pem and get it signed. If you are using your own CA then copy the

/hostcert_request.pem to /home/globus.

[globus@localhost ~]$ grid-ca-sign -in hostcert_request.pem -out hostsigned.pemsTo sign the request

Please enter the password for the CA key:

The new signed certificate is at: /home/globus/.globus/simpleCA//newcerts/01.pem

4.8 A signed host certifi cate, named hostsigned.pem is written to the current directory.

When prompted for a pass phrase, enter the one you specified for the private key of

the CA certificate.

4.9 As root, move the signed host certificate to /etc/grid-security/hostcert.pem. The

certificate should be owned by root, and read-only for other users. The key should

be read-only by root.

4.10 Users also must request user certificates, which you will sign using the globus user.


18/42

If you not created a user create the user.

4.11 Requesting a user certificate

NOTE: copy the .bash_profile of globus user to .bash_profile of the user.

As your normal user account (not globus), run:

grid-cert-requestAfter you enter a passphrase, this creates ~$USER/.globus/usercert.pem (empty) ~$USER/.globus/userkey.pem ~$USER/.globus/usercert_request.pemEmail the usercert_request.pem file to the SimpleCA maintainer. Or if you areusing local SimpleCA send the usercert_request.pem to the maintainer

4.12 Sign the user certificate

1 copy the usercert_request.pem present in users (not the globususer from normal user) .globus directory to /home/globus/

2 As the SimpleCA owner globus , run in user globus :

grid-ca-sign -in usercert_request.pem -out signed.pem

3 When prompted for a password, enter the one you specified in for the private

key of the CA certificate.

4 Now send the signed copy (signed.pem ) back to the user who requested the

certifi cate.

5 As your normal user account (not globus ), copy the signed user certifi cate

into ~/.globus/ and rename it as usercert.pem , thus replacing the empty file. The

certifi cate should be owned by the user, and read-only for other users.

The key should be read-only by the owner.

4.13 Verify the SimpleCA certificate installation

To verify that the SimpleCA certificate is installed in /etc/grid-

security/certificates and that your certificate is in place with the correct

permissions, run as user:


19/42

user$ grid-proxy-init -debug verify

After entering your passphrase, successful output will look like:

[neel@gridproj1 ~]$grid-proxy-init -debug -verifyUser Cert File: /home/user/.globus/usercert.pemUser Key File: /home/user/.globus/userkey.pemTrusted CA Cert Dir: /etc/grid-security/certificatesOutput File: /tmp/x509up_u1817Your identity: \/O=Grid/OU=GlobusTest/OU=simpleCA-mayed.mcs.anl.gov/OU=mcs.anl.gov/CN=User \

NameEnter GRID pass phrase for this identity:

Creating proxy ..............................++++++++++++...............++++++++++++DoneProxy Verify OKYour proxy is valid until: Sat Feb 24 03:01:46 2007

4.14 Make the host credentials accessible by the container

The host key (/etc/grid-security/hostkey.pem) is only readable to root. The

container (hosting environment) will be running as a non-root user (probably the

globus user) and in order to have a set of host credentials, which are readable by

the container, we need to copy the host certificate and key and change the

ownership to the container user.

As root, run:

root# cd /etc/grid-securityroot# cp hostkey.pem containerkey.pemroot# cp hostcert.pem containercert.pemroot# chown globus.globus containerkey.pem containercert.pemAt this point the certifi cates in /etc/grid-security should look something like:root# ls -l *.pem-rw-r--r-- 1 globus globus 1785 Mar 07 14:47 containercert.pem-r-------- 1 globus globus 887 Mar 07 14:47 containerkey.pem-rw-r--r-- 1 root root 1785 Mar 07 14:42 hostcert.pem-r-------- 1 root root 887 Feb 27 09:59 hostkey.pem

4.15 Add authorization


20/42

Add authorizations for users:

Create /etc/grid-security/grid-mapfile as root.

You need two pieces of information:

the subject name of a user

the account name it should map to.

The syntax is one line per user, with the certifi cate subject followed by the user

account name.Run grid-cert-info to get your subject name, and whoami to get

the account name: run the following as user

[neel@gridproj1 .globus]$ grid-cert-info -subject/O=Grid/OU=GlobusTest/OU=simpleCA-gridproject2.ap.nic.in/OU=ap.nic.in/CN=neel

[neel@gridproj1 .globus]$ whoamineel

[neel@gridproj1 .globus]$

run the following as root

root# $GLOBUS_LOCATION/sbin/grid-mapfile-add-entry -dn \/O=Grid/OU=GlobusTest/OU=simpleCA-gridproj1.ap.nic.in/OU=ap.nic.in/CN=neel \-ln neel

The corresponding line in the grid-mapfile should look like:

"/O=Grid/OU=GlobusTest/OU=simpleCA-gridproj1.ap.nic.in/OU=ap.nic.in/CN=neel" neel

The quotes around the subject name are important, because it contains spaces.

5) Setting up your Second machine

5.1 Installation of GTK4.0.1 is the same as above until section 4.2

5.2 Setting up your second machine:

Copy the following tar.gz

home/globus/.globus/simpleCA/globus_simple_ca_9e85453f_setup-0.18.tar.gz


21/42

to the globus user home direcotory of the second machine. and do thefollowing steps instead of section 4.3 and continue from section 4.3. In step 4.4,take care of mentioning the tar file name i.e, it should be the same tar file namewhich is copied from first machine because multiple tar files will exist in secondmachine. In the following two commands below, the tar file name is the one thatis copied from first machine.

1 run as globus user

[globus@gridproj1 ~]$$GLOBUS_LOCATION/sbin/gpt-buildglobus_simple_ca_9e85453f_setup-0.18.tar.gz -force

gpt-build ====> CHECKING BUILD DEPENDENCIES FORglobus_simple_ca_9e85453f_setupgpt-build ====> Changing to

/sandbox/globus/BUILD/globus_simple_ca_ebb88ce5_setup-0.18/gpt-build ====> BUILDING globus_simple_ca_ebb88ce5_setupgpt-build ====> Changing to /sandbox/globus/BUILDgpt-build ====> REMOVING empty packageglobus_simple_ca_9e85453f_setup-noflavor-datagpt-build ====> REMOVING empty packageglobus_simple_ca_9e85453f_setup-noflavor-devgpt-build ====> REMOVING empty packageglobus_simple_ca_9e85453f_setup-noflavor-docgpt-build ====> REMOVING empty packageglobus_simple_ca_9e85453f_setup-noflavor-pgm_staticgpt-build ====> REMOVING empty packageglobus_simple_ca_9e85453f_setup-noflavor-rtl

2 run as globus user

[globus@gridproj1 ~]$$GLOBUS_LOCATION/sbin/gpt-postinstall -force

running /opt/globus-4.0.1/setup/globus/./setup-ssl-utils...[Changing to /opt/globus-4.0.1/setup/globus/. ]...setup-ssl-utils: Complete..Done

WARNING: The following packages were not set up correctly:globus_simple_ca_9e85453f_setup-noflavor-pgmCheck the package documentation or run postinstall -verbose to see whathappen

That installed the package, but the warning is letting us know that root

still needs to run the setup script.


22/42

1 Grid FTP Configuration under inetd or xinetd

Prerequisites

Before configuring a GridFTP server, you must have: a host certificate

appropriate users in the grid-mapfile

Configuring GridFTP server daemon

In order to use GridFTP, the machine should be configured to automatically start the

GridFTP server daemon.

1.1 As root, add the following entry to /etc/services:

gsiftp 2811/tcp

Notify Inetd or Xinetd that its configuration file has changed. To do this, follow theinstructions for the server as listed in 1.2 Configuring in /etc/Xinetd.d

For Xinetd, add a file called gridftp to the /etc/xinetd.d/ directory with the

following contents:

service gsiftp{

instances = 100socket_type = streamwait = nouser = rootenv += GLOBUS_LOCATION=/opt/globus-4.0.1env += LD_LIBRARY_PATH=/opt/globus-4.0.1/libserver = /opt/globus-4.0.1/sbin/globus-gridftp-serverserver_args = -ilog_on_success += DURATIONnice = 10disable = no}

1.3 Notify Inetd/Xinetd to the manual (man inetd or man xinetd). It will probably be

something like /etc/init.d/xinetd reload.

Testing GridFTP

It consists of the following steps:


23/42

Starting a GridFTP server (steps 2-3 above)

Creating a proxy (step 4)

Moving a test file (step 5)

1.4 Create a proxy certificate: as a user

[neel@gridproj1 ~]$grid-proxy-init -verify -debug

1.5 to find 2811 port is listening or not as a root run

[root@gridproj1 ~ /etc/grid-security]# netstat -an | grep 2811

tcp 0 0 0.0.0.0:2811 0.0.0.0:* LISTEN

1.6 run the following command as userThe file /etc/groups is copied to /tmp/test.copy

[neel@gridproj1 ~]$globus-url-copy gsiftp://gridproj1.ap.nic.in/etc/groupfile:///tmp/test.copy

1.7 compare the two copied files

[neel@gridproj1 ~]$diff /tmp/test/copy /etc/group

[neel@gridproj1 ~]$

7. starting the container:

1 as a user globus run

[globus@gridproj1 ~]$ globus-start-container

starting the container:

Initially we will get the rft errors as the rft service has been not configured

[globus@gridproj1 ~]$ globus-start-container

2007-02-19 11:54:04,244 ERROR service.ReliableFileTransferImpl [main,:68]

Unable to setup database driver with pooling.Connection refused. Check that the

hostname and port are correct and that the postmaster is accepting TCP/IP connections.


24/42

2007-02-19 11:54:04,924 WARN service.ReliableFileTransferHome

[main,initialize:97] All RFT requests will fail and all GRAM jobs that require file

staging will fail.Connection refused. Check that the hostname and port are correct and

that the postmaster is accepting TCP/IP connections.

Starting SOAP server at: https://127.0.0.1:8443/wsrf/services/

With the following services:

[1]: https://127.0.0.1:8443/wsrf/services/TriggerFactoryService

[2]: https://127.0.0.1:8443/wsrf/services/DelegationTestService

[3]: https://127.0.0.1:8443/wsrf/services/ReplicationService

[4]: https://127.0.0.1:8443/wsrf/services/SecureCounterService

[5]: https://127.0.0.1:8443/wsrf/services/IndexServiceEntry

[6]: https://127.0.0.1:8443/wsrf/services/DelegationService

[7]: https://127.0.0.1:8443/wsrf/services/InMemoryServiceGroupFactory

[8]: https://127.0.0.1:8443/wsrf/services/mds/test/execsource/IndexService

[9]: https://127.0.0.1:8443/wsrf/services/mds/test/subsource/IndexService

[10]: https://127.0.0.1:8443/wsrf/services/SubscriptionManagerService

[11]: https://127.0.0.1:8443/wsrf/services/TestServiceWrongWSDL

[12]: https://127.0.0.1:8443/wsrf/services/SampleAuthzService

[13]: https://127.0.0.1:8443/wsrf/services/WidgetNotificationService[14]: https://127.0.0.1:8443/wsrf/services/AdminService

[15]: https://127.0.0.1:8443/wsrf/services/DefaultIndexServiceEntry

[16]: https://127.0.0.1:8443/wsrf/services/CounterService

[17]: https://127.0.0.1:8443/wsrf/services/TestService

[18]: https://127.0.0.1:8443/wsrf/services/InMemoryServiceGroup

[19]: https://127.0.0.1:8443/wsrf/services/SecurityTestService

[20]: https://127.0.0.1:8443/wsrf/services/ContainerRegistryEntryService

[21]: https://127.0.0.1:8443/wsrf/services/NotificationConsumerFactoryService

[22]: https://127.0.0.1:8443/wsrf/services/TestServiceRequest

[23]: https://127.0.0.1:8443/wsrf/services/IndexFactoryService

[24]: https://127.0.0.1:8443/wsrf/services/ReliableFileTransferService

[25]: https://127.0.0.1:8443/wsrf/services/mds/test/subsource/IndexServiceEntry


25/42

[26]: https://127.0.0.1:8443/wsrf/services/Version

[27]: https://127.0.0.1:8443/wsrf/services/NotificationConsumerService

[28]: https://127.0.0.1:8443/wsrf/services/IndexService

[29]: https://127.0.0.1:8443/wsrf/services/NotificationTestService

[30]: https://127.0.0.1:8443/wsrf/services/ReliableFileTransferFactoryService

[31]: https://127.0.0.1:8443/wsrf/services/DefaultTriggerServiceEntry

[32]: https://127.0.0.1:8443/wsrf/services/TriggerServiceEntry

[33]: https://127.0.0.1:8443/wsrf/services/PersistenceTestSubscriptionManager

[34]: https://127.0.0.1:8443/wsrf/services/mds/test/execsource/IndexServiceEntry

[35]: https://127.0.0.1:8443/wsrf/services/DefaultTriggerService

[36]: https://127.0.0.1:8443/wsrf/services/TriggerService

[37]: https://127.0.0.1:8443/wsrf/services/gsi/AuthenticationService

[38]: https://127.0.0.1:8443/wsrf/services/TestRPCService

[39]: https://127.0.0.1:8443/wsrf/services/ManagedMultiJobService

[40]: https://127.0.0.1:8443/wsrf/services/RendezvousFactoryService

[41]: https://127.0.0.1:8443/wsrf/services/WidgetService

[42]: https://127.0.0.1:8443/wsrf/services/ManagementService

[43]: https://127.0.0.1:8443/wsrf/services/ManagedExecutableJobService

[44]: https://127.0.0.1:8443/wsrf/services/InMemoryServiceGroupEntry

[45]: https://127.0.0.1:8443/wsrf/services/AuthzCalloutTestService[46]: https://127.0.0.1:8443/wsrf/services/DelegationFactoryService

[47]: https://127.0.0.1:8443/wsrf/services/DefaultIndexService

[48]: https://127.0.0.1:8443/wsrf/services/ShutdownService

[49]: https://127.0.0.1:8443/wsrf/services/ContainerRegistryService

[50]: https://127.0.0.1:8443/wsrf/services/TestAuthzService

[51]: https://127.0.0.1:8443/wsrf/services/CASService

[52]: https://127.0.0.1:8443/wsrf/services/ManagedJobFactoryService

2007-02-19 11:54:33,221 INFO impl.DefaultIndexService [ServiceThread-10,

processConfigFile:107] Reading default registration configuration from file: /opt/globus-

4.0.1/etc/globus_wsrf_mds_index/hierarchy.xml

2007-02-19 11:54:34,449 ERROR impl.QueryAggregatorSource [Timer-

3,pollGetMultiple:149] Exception Getting Multiple Resource Properties from


26/42

https://127.0.0.1:8443/wsrf/services/ReliableFileTransferFactoryService:

java.rmi.RemoteException: Failed to serialize resource property

org.globus.transfer.reliable.service.factory.TotalNumberOfBytesTransferred@101ea1e;

nested exception is:

org.apache.commons.dbcp.DbcpException: Connection refused. Check that the

hostname and port are correct and that the postmaster is accepting TCP/IP connections.

2007-02-19 11:55:34,294 ERROR impl.QueryAggregatorSource [Timer-3,pollGetMultiple:149] Exception Getting Multiple Resource Properties fromhttps://127.0.0.1:8443/wsrf/services/ReliableFileTransferFactoryService:java.rmi.RemoteException: Failed to serialize resource property The RFTwarnings are expected right now because we haven't setup our database yet.

2.3 Edit $GLOBUS_LOCATION/etc/globus_wsrf_core/server-config.wsdd, add a

line

under the section.

For instance:

Testing the container

as a user run

1 first run grid-proxy-init in user and enter user passphrase when it asks

[neel@gridproj1 ~]$ grid-proxy-init

2 [neel@gridproj1 ~]$ counter-client -s

https://gridproj1.ap.nic.in:8443/wsrf/services/CounterService

Got notification with value: 3

Counter has value: 3

Got notification with value: 13

Configuring postgresql


27/42

If you not installed the PostgreSQL while installing the OS then you need to install

postgreSQL again.

After installing PostgreSQL then follow the below steps to install RFT.

3.1 The installation of PostgreSQL while installing OS it is in the location /var/lib/pgsql

if you are running for the first time then database is not initialized so initialize it by

running as root

[root@gridproj1 ~]# /etc/init.d/postgresql start

3.2. By running the above command the database got initialized and in /var/lib/pgsql you

find installed directories. Change your directory to data where PostgreSQL is

installed.

[root@gridproj1 ~]# cd /var/lib/pgsql/data/Now in the file POSTMASTER add the line postmaster_options=-i

3.3 Now in the file postgresql.conf file you want to uncomment the following things

tcpip_socket = truemax_connections = 100

3.4. Now in the file pg_hba.conf you want to add the following lines at the end of the

file host rftDatabase "globus" "System IP Address" 255.255.255.255 trust

example for the system wih IP Address 10.160.2.45 it looks like this

# Using sockets credentials for improved security. Not available everywhere,# but works on Linux, *BSD (and probably some others)host rftDatabase "globus" "10.160.2.45" 255.255.255.255 trustlocal all all ident sameuser

3.5. now you want to restart postgresql demon. run as root

[root@gridproj1 data]# /etc/init.d/postgresql restartStopping postgresql service: [OK]Starting postgresql service: [OK][root@gridproj1 data]#

3.6 Now you want to creat user globus in postgerSQL database. Run as a root

[root@gridproj1 ~]#su postgres -c "createuser -P globus"Enter password for new user: *****Enter it again: *****Shall the new user be allowed to create databases? (y/n) y


28/42

Shall the new user be allowed to create more new users? (y/n) nCREATE USER

3.7 now globus user can create an rftDatabase. Run as globus user

[globus@gridproj1 ~]$createdb rftDatabaseCREATE DATABASE

3.8 as globus user run the following command

[globus@gridproj1 ~]$psql -d rftDatabase -f$GLOBUS_LOCATION/share/globus_wsrf_rft/rft_schema.sql

psql:/opt/globus-4.0.1/share/globus_wsrf_rft/rft_schema.sql:6: NOTICE:CREATE TABLE / PRIMARY KEY will create implicit index "requestid_pkey"for table "requestid"CREATE TABLE

psql:/opt/globus-4.0.1/share/globus_wsrf_rft/rft_schema.sql:11: NOTICE:CREATE TABLE / PRIMARY KEY will create implicit index "transferid_pkey"for table "transferid"CREATE TABLEpsql:/opt/globus-4.0.1/share/globus_wsrf_rft/rft_schema.sql:30: NOTICE:CREATE TABLE / PRIMARY KEY will create implicit index "request_pkey"for table "request"CREATE TABLEpsql:/opt/globus-4.0.1/share/globus_wsrf_rft/rft_schema.sql:65: NOTICE:CREATE TABLE / PRIMARY KEY will create implicit index "transfer_pkey"for table "transfer"

CREATE TABLECREATE TABLECREATE TABLECREATE INDEX

Edit the below mentioned file and change the value of password (enclosed within tags) to the password of globus user in postgresql

[globus@gridproj2 ~]$ vi /opt/globus-4.0.1/etc/globus_wsrf_rft/jndi-config.xml[globus@gridproj2 ~]$ grep -C 3 password$GLOBUS_LOCATION/etc/globus_wsrf_rft/jndi-config.xml

password


29/42

demohq

[globus@gridproj2 ~]$

3.9 The database is setup an now we can start container now we wont get the rft errors.as a user globus run

[globus@gridproj1 ~]$ globus-start-container10. Starting the container after configuring postgres:

[globus@gridproj1 ~]$ globus-start-container Starting SOAP server at:

https://10.160.2.45:8443/wsrf/services/

With the following services:

[1]: https://10.160.2.45:8443/wsrf/services/TriggerFactoryService

[2]: https://10.160.2.45:8443/wsrf/services/DelegationTestService

[3]: https://10.160.2.45:8443/wsrf/services/ReplicationService

[4]: https://10.160.2.45:8443/wsrf/services/SecureCounterService

[5]: https://10.160.2.45:8443/wsrf/services/IndexServiceEntry

[6]: https://10.160.2.45:8443/wsrf/services/DelegationService

[7]: https://10.160.2.45:8443/wsrf/services/InMemoryServiceGroupFactory

[8]: https://10.160.2.45:8443/wsrf/services/mds/test/execsource/IndexService

[9]: https://10.160.2.45:8443/wsrf/services/mds/test/subsource/IndexService

[10]: https://10.160.2.45:8443/wsrf/services/SubscriptionManagerService

[11]: https://10.160.2.45:8443/wsrf/services/TestServiceWrongWSDL

[12]: https://10.160.2.45:8443/wsrf/services/SampleAuthzService

[13]: https://10.160.2.45:8443/wsrf/services/WidgetNotificationService

[14]: https://10.160.2.45:8443/wsrf/services/AdminService

[15]: https://10.160.2.45:8443/wsrf/services/DefaultIndexServiceEntry

[16]: https://10.160.2.45:8443/wsrf/services/CounterService

[17]: https://10.160.2.45:8443/wsrf/services/TestService

[18]: https://10.160.2.45:8443/wsrf/services/InMemoryServiceGroup

[19]: https://10.160.2.45:8443/wsrf/services/SecurityTestService


30/42

[20]: https://10.160.2.45:8443/wsrf/services/ContainerRegistryEntryService

[21]: https://10.160.2.45:8443/wsrf/services/NotificationConsumerFactoryService

[22]: https://10.160.2.45:8443/wsrf/services/TestServiceRequest

[23]: https://10.160.2.45:8443/wsrf/services/IndexFactoryService

[24]: https://10.160.2.45:8443/wsrf/services/ReliableFileTransferService

[25]: https://10.160.2.45:8443/wsrf/services/mds/test/subsource/IndexServiceEntry

[26]: https://10.160.2.45:8443/wsrf/services/Version

[27]: https://10.160.2.45:8443/wsrf/services/NotificationConsumerService

[28]: https://10.160.2.45:8443/wsrf/services/IndexService

[29]: https://10.160.2.45:8443/wsrf/services/NotificationTestService

[30]: https://10.160.2.45:8443/wsrf/services/ReliableFileTransferFactoryService

[31]: https://10.160.2.45:8443/wsrf/services/DefaultTriggerServiceEntry

[32]: https://10.160.2.45:8443/wsrf/services/TriggerServiceEntry

[33]: https://10.160.2.45:8443/wsrf/services/PersistenceTestSubscriptionManager

[34]: https://10.160.2.45:8443/wsrf/services/mds/test/execsource/IndexServiceEntry

[35]: https://10.160.2.45:8443/wsrf/services/DefaultTriggerService

[36]: https://10.160.2.45:8443/wsrf/services/TriggerService

[37]: https://10.160.2.45:8443/wsrf/services/gsi/AuthenticationService

[38]: https://10.160.2.45:8443/wsrf/services/TestRPCService

[39]: https://10.160.2.45:8443/wsrf/services/ManagedMultiJobService[40]: https://10.160.2.45:8443/wsrf/services/RendezvousFactoryService

[41]: https://10.160.2.45:8443/wsrf/services/WidgetService

[42]: https://10.160.2.45:8443/wsrf/services/ManagementService

[43]: https://10.160.2.45:8443/wsrf/services/ManagedExecutableJobService

[44]: https://10.160.2.45:8443/wsrf/services/InMemoryServiceGroupEntry

[45]: https://10.160.2.45:8443/wsrf/services/AuthzCalloutTestService

[46]: https://10.160.2.45:8443/wsrf/services/DelegationFactoryService

[47]: https://10.160.2.45:8443/wsrf/services/DefaultIndexService

[48]: https://10.160.2.45:8443/wsrf/services/ShutdownService

[49]: https://10.160.2.45:8443/wsrf/services/ContainerRegistryService

[50]: https://10.160.2.45:8443/wsrf/services/TestAuthzService

[51]: https://10.160.2.45:8443/wsrf/services/CASService


31/42

[52]: https://10.160.2.45:8443/wsrf/services/ManagedJobFactoryService

RFT TESTING

[root@gridproj2 ~]# more /tmp/rft.xfrtrue1600016000false1true1nullnullfalse10

gsiftp://gridproj2.ap.nic.in:2811/etc/groupgsiftp://gridproj2.ap.nic.in:2811/home/apuser/test.copygsiftp://gridproj2.ap.nic.in:2811/tmp/test2.copygsiftp://gridproj2.ap.nic.in:2811/tmp/rft.xfrgsiftp://gridproj2.ap.nic.in:2811/home/browse/test.copy

[browse@gridproj3 browse]$ rft -h gridproj3.ap.nic.in -f /tmp/rft.xfrNumber of transfers in this request: 2Subscribed for overall statusTermination time to set: 60 minutes

Overall status of transfer:Finished/Active/Failed/Retrying/Pending0/1/0/0/1



Overall status of transfer:Finished/Active/Failed/Retrying/Pending2/0/0/0/0All Transfers are completed

RLS CONFIGURATION AND TESTING


32/42

Creating the user and password

Create the database user (in our example, calleddbuser) and password that RLS willuse:

root@gridproj1~# su postgres -c createuser -P dbuser

Creating the database(s)[go to os user of dbuser and then do thefollowing]

For PostgreSQL, run:

createdb -O dbuser -U dbuser -W lrc1000createdb -O dbuser -U dbuser -W rli1000psql -W -U dbuser -d lrc1000 -f $GLOBUS_LOCATION/setup/globus/globus-rls-lrc-postgres.sqlpsql -W -U dbuser -d rli1000 -f $GLOBUS_LOCATION/setup/globus/globus-rls-rli-postgres.sql

Testing with iODBC, run:

$GLOBUS_IODBC_PATH/bin/iodbctestDSN=lrc1000;UID=dbuser;PWD=dbpassword"

iODBC Demonstration programThis program shows an interactive SQL processorDriver Manager: 03.52.0004Driver: 03.52.06

SQL>

The output of the above commands looks like the following. Dont execute anyof the below commands. That is just to show the output of the above commands. Moveto RLS server configuration below.

[root@gridproj2 ~]# su - postgres-bash-3.00$ createuser -P dbuserEnter password for new user:Enter it again:Shall the new user be allowed to create databases? (y/n) yShall the new user be allowed to create more new users? (y/n) n

CREATE USER-bash-3.00$ exitLogout

[root@gridproj2 etc]#


33/42

[dbuser@gridproj2 ~]$ psql -W -U dbuser -d lrc1000 -f$GLOBUS_LOCATION/setup/globus/globus-rls-lrc-postgres.sqlPassword:psql:/opt/globus-4.0.1/setup/globus/globus-rls-lrc-postgres.sql:5: NOTICE: CREATETABLE will create implicit sequence "t_lfn_id_seq" for "serial" column "t_lfn.id"psql:/opt/globus-4.0.1/setup/globus/globus-rls-lrc-postgres.sql:5: NOTICE: CREATETABLE / PRIMARY KEY will create implicit index "t_lfn_pkey" for table"t_lfn"CREATE TABLECREATE INDEXpsql:/opt/globus-4.0.1/setup/globus/globus-rls-lrc-postgres.sql:12: NOTICE: CREATETABLE will create implicit sequence "t_pfn_id_seq" for "serial" column "t_pfn.id"psql:/opt/globus-4.0.1/setup/globus/globus-rls-lrc-postgres.sql:12: NOTICE: CREATETABLE / PRIMARY KEY will create implicit index "t_pfn_pkey" for table "t_pfn"CREATE TABLECREATE INDEXCREATE TABLEpsql:/opt/globus-4.0.1/setup/globus/globus-rls-lrc-postgres.sql:19: NOTICE: ALTER

TABLE / ADD PRIMARY KEY will create implicit index "pk_map" for table"t_map"ALTER TABLECREATE INDEXpsql:/opt/globus-4.0.1/setup/globus/globus-rls-lrc-postgres.sql:26: NOTICE: CREATETABLE will create implicit sequence "t_rli_id_seq" for "serial" column "t_rli.id"psql:/opt/globus-4.0.1/setup/globus/globus-rls-lrc-postgres.sql:26: NOTICE: CREATETABLE / PRIMARY KEY will create implicit index "t_rli_pkey" for table "t_rli"CREATE TABLECREATE INDEXCREATE TABLEpsql:/opt/globus-4.0.1/setup/globus/globus-rls-lrc-postgres.sql:33: NOTICE: ALTERTABLE / ADD PRIMARY KEY will create implicit index "pk_rlipartition" for table"t_rlipartition"ALTER TABLECREATE INDEXpsql:/opt/globus-4.0.1/setup/globus/globus-rls-lrc-postgres.sql:41: NOTICE: CREATETABLE will create implicit sequence "t_attribute_id_seq" for "serial" column"t_attribute.id"psql:/opt/globus-4.0.1/setup/globus/globus-rls-lrc-postgres.sql:41: NOTICE: CREATETABLE / PRIMARY KEY will create implicit index "t_attribute_pkey" for table"t_attribute"CREATE TABLECREATE INDEX

CREATE TABLECREATE INDEXCREATE INDEXCREATE INDEXCREATE TABLECREATE INDEXCREATE INDEXCREATE INDEX


34/42

CREATE TABLECREATE INDEXCREATE INDEXCREATE INDEXCREATE TABLECREATE INDEXCREATE INDEXCREATE INDEX

[dbuser@gridproj2 ~]$ psql -W -U dbuser -d rli1000 -f$GLOBUS_LOCATION/setup/globus/globus-rls-rli-postgres.sqlPassword:psql:/opt/globus-4.0.1/setup/globus/globus-rls-rli-postgres.sql:5: NOTICE: CREATETABLE will create implicit sequence "t_lfn_id_seq" for "serial" column "t_lfn.id"psql:/opt/globus-4.0.1/setup/globus/globus-rls-rli-postgres.sql:5: NOTICE: CREATETABLE / PRIMARY KEY will create implicit index "t_lfn_pkey" for table

"t_lfn"CREATE TABLECREATE INDEXpsql:/opt/globus-4.0.1/setup/globus/globus-rls-rli-postgres.sql:12: NOTICE: CREATETABLE will create implicit sequence "t_lrc_id_seq" for "serial" column "t_lrc.id"psql:/opt/globus-4.0.1/setup/globus/globus-rls-rli-postgres.sql:12: NOTICE: CREATETABLE / PRIMARY KEY will create implicit index "t_lrc_pkey" for table "t_lrc"CREATE TABLECREATE INDEXpsql:/opt/globus-4.0.1/setup/globus/globus-rls-rli-postgres.sql:19: NOTICE: CREATETABLE will create implicit sequence "t_sender_id_seq" for "serial" column"t_sender.id"psql:/opt/globus-4.0.1/setup/globus/globus-rls-rli-postgres.sql:19: NOTICE: CREATETABLE / PRIMARY KEY will create implicit index "t_sender_pkey" for table"t_sender"CREATE TABLECREATE INDEXCREATE TABLEpsql:/opt/globus-4.0.1/setup/globus/globus-rls-rli-postgres.sql:28: NOTICE: ALTERTABLE / ADD PRIMARY KEY will create implicit index "pk_map" for table"t_map"ALTER TABLECREATE INDEXCREATE INDEXCREATE INDEX

psql:/opt/globus-4.0.1/setup/globus/globus-rls-rli-postgres.sql:37: NOTICE: CREATETABLE will create implicit sequence "t_rli_id_seq" for "serial" column "t_rli.id"psql:/opt/globus-4.0.1/setup/globus/globus-rls-rli-postgres.sql:37: NOTICE: CREATETABLE / PRIMARY KEY will create implicit index "t_rli_pkey" for table "t_rli"CREATE TABLECREATE INDEXCREATE TABLE


35/42

psql:/opt/globus-4.0.1/setup/globus/globus-rls-rli-postgres.sql:44: NOTICE: ALTERTABLE / ADD PRIMARY KEY will create implicit index "pk_rlipartition" for table"t_rlipartition"ALTER TABLECREATE INDEX[dbuser@gridproj2 ~]$

[dbuser@gridproj2 ~]$ $GLOBUS_IODBC_PATH/bin/iodbctest"DSN=lrc1000;UID=dbuser;PWD=demohcm"iODBC Demonstration programThis program shows an interactive SQL processorDriver Manager: 03.52.0405.0204Driver: 07.03.0200 (libpsqlodbc.so)SQL>select * from t_attribute;

id |name |objtype |type

-----------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------+-----------

result set 1 returned 0 rows.

SQL>select * from t_date_attr;

obj_id |attr_id |value-----------+-----------+--------------------------

result set 1 returned 0 rows.

SQL>quit

Have a nice day.[dbuser@gridproj2 ~]$

Configuring RLS server:

Before going to RLS configuration & testing, a patch is to be implemented for

the correct configuration of RLS server. Copy db.c file provided along with the toolkit tothe directory /home/globus/ gt4.0.1-all-source-installer/source-trees/replica/rls/server/and run the following commands below:

[globus@gridproj1 ]cd /home/globus/ gt4.0.1-all-source-installer/source-trees/replica/rls/server


36/42

[globus@gridproj1 server] $GLOBUS_LOCATION/sbin/gpt-build verbose forcegcc32dbgpthr

[globus@gridproj1 ] $GLOBUS_LOCATION/sbin/gpt-postinstall -force

Edit the below mentioned file and make sure that the following entries areuncommented:

update_immediate true # Propagate changes to RLI quicklyrlscertfile /etc/grid-security/hostcert.pemrlskeyfile /etc/grid-security/hostkey.pem

[root@gridproj2 etc]# more globus-rls-server.conf# Database connection options

db_user dbuserdb_pwd password of dbuserodbcini /etc/odbc.ini

update_immediate true # Propagate changes to RLI quickly

# LRC optionslrc_server truelrc_dbname lrc1000

# RLI optionsrli_server true # Indicates this is an RLI serverrli_dbname rli1000 # mysql-database-name

# Access control. There may be multiple acl options, each one# is a regular expression which is matched against the user's Distinguished# Name in is X.509 certificate, followed by a colon and a whitespace# separated list of privs, which are all, lrc_read, lrc_update, rli_read,# rli_update, stats and admin. If you use a grid-mapfile to map DNs to# local usernames you may specify those instead of DNs.acl .*: all

# Here are all the configuration options with default values:

# acl [no default]# authentication true# db_pwd changethis# db_user dbperson# idletimeout 900# loglevel 0# lrc_bloomfilter_numhash 3# lrc_bloomfilter_ratio 10


37/42

# lrc_dbname lrc1000# lrc_server false# maxbackoff 300# maxconnections 100# maxfreethreads 5# maxthreads 30# myurl rls://hostname:port# odbcini $GLOBUS_LOCATION/var/odbc.ini# pidfile $GLOBUS_LOCATION/var/.pid# port 39281# rli_bloomfilter false# rli_bloomfilter_dir none # Use "none", "default" or dir path# rli_dbname rli1000# rli_expire_int 28800# rli_expire_stale 86400# rli_server false# rlscertfile /etc/grid-security/hostcert.pem

# rlskeyfile /etc/grid-security/hostkey.pem# startthreads 3# timeout 30# update_bf_int 900# update_buftime 30# update_factor 10# update_immediate false# update_ll_int 86400# update_retry 300[root@gridproj2 etc]#

# Configure the database connection info

db_user dbuserdb_pwd dbpassword #give dbuser password here

# If the server is an LRC serverlrc_server truelrc_dbname lrc1000

# If the server is an RLI serverrli_server truerli_dbname rli1000 # Not needed if updated by Bloom filters

# Configure who can make requests of the serveracl .*: all

Execute the following command for the first time after starting the RLSserver.

$ $GLOBUS_LOCATION/bin/globus-rls-admin -a rls://gridproj3.ap.nic.inrls://gridproj3.ap.nic.in


38/42

Starting the RLS Server

Start the RLS Server by running from root

$GLOBUS_LOCATION/sbin/SXXrls start

Start the server in debug mode with the command:

$GLOBUS_LOCATION/bin/globus-rls-server -d -L 3

Stopping the RLS Server

Stop the RLS Server by running:

$GLOBUS_LOCATION/sbin/SXXrls stop

Testing

Ping the server using globus-rls-admin:

$GLOBUS_LOCATION/bin/globus-rls-admin -p rls://gridproj1.ap.nic.in

Generate a valid proxy for user

Before using any of the tools, a user must generate a valid user proxy. Use grid-proxy-init.

% $GLOBUS_LOCATION/bin/grid-proxy-initYour identity:/O=Grid/OU=GlobusTest/OU=simpleCA.mymachine/OU=mymachine/CN=John DoeEnter GRID pass phrase for this identity:

Ping the server

To check whether server is active

% $GLOBUS_LOCATION/bin/globus-rls-admin -p rls://localhostping rls://localhost: 0 seconds

Creating replica location mappings

$GLOBUS_LOCATION/bin/globus-rls-cli create aplfn1gsiftp://gridproj1.ap.nic.in/etc/group rls://gridproj1.ap.nic.in

Here the lfns created will be updated in lrc1000 database andrli1000 database. Incase, if you cannot see the lfns present in boththe databases, try out with restarting RLS server or restartingpostgresql server or querying the database.


39/42

Adding replica location mappings

To map additional target names to a logical name created by the previously describedcreate command, use the globus-rls-cli(1) addcommand.

$GLOBUS_LOCATION/bin/globus-rls-cli add aplfn1

gsiftp://gridproj1.ap.nic/tmp/test rls://gridproj1.ap.nic.in

Querying replica location mappings

Once your RLS server is populated with replica location mappings, you can query theserver for useful information using the globus-rls-cli(1) query command.

$GLOBUS_LOCATION/bin/globus-rls-cli query lrc lfn aplfn1rls://localhostaplfn1: gsiftp://gridproj1.ap.nic.in/etc/groupaplfn1: gsiftp://gridproj1.ap.nic.in/tmp/test

Deleting replica location mappings

To remove unwanted replica location mappings from your RLS server, use the globus-rls-cli(1) delete command.

% $GLOBUS_LOCATION/bin/globus-rls-cli delete my-logical-name-1 url-for-target-name-1 rls://localhost

% $GLOBUS_LOCATION/bin/globus-rls-cli query lrc lfn my-logical-name-1rls://localhost

my-logical-name-1: url-for-target-name-2% $GLOBUS_LOCATION/bin/globus-rls-cli delete my-logical-name-1 url-for-target-name-2 rls://localhost% $GLOBUS_LOCATION/bin/globus-rls-cli query lrc lfn my-logical-name-1rls://localhostglobus_rls_client: LFN doesn't exist: my-logical-name-1

Using bulk operations

The globus-rls-cli(1) supports a variety of bulk operations that enhance productivity forusers and reduce network connection overhead from making multiple, separateinvocations of the client.

% $GLOBUS_LOCATION/bin/globus-rls-cli bulk create aplfn1gsiftp://gridproj1.ap.nic.in/etc/group aplfn2gsiftp://gridproj3.ap.nic.in/tmp/test.copy rls://gridproj1.ap.nic.in

$GLOBUS_LOCATION/bin/globus-rls-cli bulk query lrc lfn aplfn1 aplfn2rls://gridproj1.ap.nic.in

aplfn1:gsiftp://gridproj1.ap.nic.in/etc/groupaplfn2:gsiftp://gridproj3.ap.nic.in/tmp/test


40/42

DRS:

Configuration overview

The DRS requires certain JNDI settings to be properly configured. The installed JNDIconfiguration file may be found at$GLOBUS_LOCATION/etc/globus_wsrf_replicator/jndi-config.xml.

Syntax of the interface

The settings are structured as name-value pairs. For example:

defaultIndexUrlrls://127.0.0.1:39281

Generate a valid proxy

Before using any of the tools, a user must generate a valid user proxy. Use grid-proxy-init.

% $GLOBUS_LOCATION/bin/grid-proxy-initYour identity:/O=Grid/OU=GlobusTest/OU=simpleCA.mymachine/OU=mymachine/CN=John DoeEnter GRID pass phrase for this identity:Creating proxy ................................. DoneYour proxy is valid until: Tue Oct 26 01:33:42 2004

Delegate user credentials

$GLOBUS_LOCATION/bin/globus-credential-delegate -h gridproj1.ap.nic.in-p 8443 mycredential.eprEPR will be written to: mycredential.eprDelegated credential EPR:Address: https://128.9.72.118:8443/wsrf/services/DelegationServiceReference property[0]:3b6cb210-e9b2-11d9-ab74-f7fa10f094cd


41/42

Replication request file

A key parameter for any replication request is the request file. The replication requestfile is a text file containing CRLF-terminated rows of tab-delimited pairs of LogicalFilename (LFN) names and destination (URL) locations. An example of such a file is

shown.% vi /tmp/testrun.reqtestrun-1 gsiftp://gridproj2.ap.nic.in/tmp/testtestrun-2 gsiftp://gridproj3.ap.nic.in/tmp/testing

Create replication resource

$GLOBUS_LOCATION/bin/globus-replication-create -shttps://gridproj1.ap.nic.in:8443/wsrf/services/ReplicationService -Cmycredential.epr -V myreplicator.epr file:///tmp/testrun.req

Start replication

Once a replication resource has been create, the replication activities may be started.

$GLOBUS_LOCATION/bin/globus-replication-start -e myreplicator.epr

Get replication resource properties

% $GLOBUS_LOCATION/bin/wsrf-get-property -e myreplicator.epr"{http://www.globus.org/namespaces/2005/05/replica/replicator}status"Active

And,

% $GLOBUS_LOCATION/bin/wsrf-get-property -e myreplicator.epr"{http://www.globus.org/namespaces/2005/05/replica/replicator}count"10000

Find replication item status

$GLOBUS_LOCATION/bin/globus-replication-finditems -e myreplicator.epr -S finished -O 1 -L 2


42/42

Destroy replication resource

% $GLOBUS_LOCATION/bin/wsrf-destroy -e myreplicator.epr

Destroy operation was successful

gt k install

Documents