FusionGrid Globus/MDSplus server
FusionGrid Globus/MDSplus server
Install a FusionGrid Globus/MDSplus server on a RedHat 5 32-bit system.
Directory will be /usr/local/fusiongrid.
Note: All this is in the downloaded mdsplus source. The difference
here is the fusiongrid stuff is in one place and some slight changes
in where MDSPLUS_DIR is defined. Also required certificate information
is given.
Sections:
- Description of Linux system
- Could install sybase
- Make local and system directories for build
- Download globus and mdsplus
- Build globus and myproxy-get-delegation
- Open firewall
- Check globus client software
- Set up globus server without ROAM
- Test globus server without ROAM
- Add roam access and mdsplus
- Update mdsplus specific files
- Use PPPL tdi/roam hacks
- Add roam connection to /etc/grid-security
- Make gatekeeper script and gridftp script
- FIX UP xinetd gsigatekeeper and xinetd gsiftp
- Handle ports for MDSplus with ROAM
- Update mdsipd / mdsipsd for ROAM
- Test
o Description of Linux system
CDROM: rhel-client-5.3-i386-dvd.iso
Red Hat Enterprise Linux Desktop (v.5 for 32-bit x86)
RHEL Desktop Supplementary
RHEL Desktop Workstation
Red Hat Network Tools for RHEL Client
yum -y install java-1.6.0-openjdk-devel
yum -y install libXp-devel
yum -y install xinetd
yum -y install openmotif-devel
o Note: Could install sybase
Download ase1503_linuxx86.tgz from
http://www.sybase.com/linux/ase
Custom build
Check Connectivity/Open Client/Common dblib files
English Language Module
Install Express Edition of Sybase Adaptive Server Enterprise Suite
Then copy to /usr/local/sybase
o Make local and system directories for build
/bin/mkdir ~/fusiongrid
# As root
/bin/mkdir /usr/local/fusiongrid
/bin/chown randerso:randerso /usr/local/fusiongrid
o Download globus and mdsplus
cd ~/fusiongrid
GLOBUS_VERSION=globus_4_0_2
export GLOBUS_VERSION
cvs -q -d :pserver:anonymous@cvs.globus.org:/home/globdev/CVS/globus-packages co -r $GLOBUS_VERSION packaging
cvs -q -d :pserver:MDSguest:MDSguest@www.mdsplus.org:/mdsplus/repos co mdsplus
o Build globus and myproxy-get-delegation
cd packaging
./make-packages.pl --bundles=globus-gram,globus-gridftp --install=/usr/local/fusiongrid --deps --anonymous --flavor=gcc32 --gt2-tag $GLOBUS_VERSION --gt3-tag $GLOBUS_VERSION gt4-tag $GLOBUS_VERSION
./make-packages.pl --packages=globus_xio --install=/usr/local/fusiongrid --deps --anonymous --flavor=gcc32pthr --gt2-tag $GLOBUS_VERSION --gt3-tag $GLOBUS_VERSION --gt4-tag $GLOBUS_VERSION
cd ..
GLOBUS_LOCATION=/usr/local/fusiongrid
GPT_LOCATION=/usr/local/fusiongrid
export GLOBUS_LOCATION
export GPT_LOCATION
$GPT_LOCATION/sbin/gpt-build --disable-version-checking --installdir=$GLOBUS_LOCATION mdsplus/rpm/myproxy-1.16.tar.gz gcc32
$GPT_LOCATION/sbin/gpt-postinstall --force
o Create /etc/grid-security
cd ~/fusiongrid
url=https://pki1.doegrids.org/Other/doegrids.tar
wget --no-check-certificate $url
# As root
/bin/mkdir --parent /etc/grid-security/certificates
cd /etc/grid-security
/bin/tar xpf ~randerso/fusiongrid/doegrids.tar
S=/etc/grid-security/doegrids
T=/etc/grid-security/certificates
cd $S
/bin/cp -ip 1c3f2ca8.{0,signing_policy} *.1c3f2ca8 d1b603c3.{0,signing_policy} $T
# Check dates
export GLOBUS_LOCATION=/usr/local/fusiongrid
$GLOBUS_LOCATION/bin/grid-cert-info -file 1c3f2ca8.0 -sd -ed
Dec 5 08:00:00 2002 GMT
Jan 25 08:00:00 2013 GMT
$GLOBUS_LOCATION/bin/grid-cert-info -file d1b603c3.0 -sd -ed
Oct 8 07:00:00 2002 GMT
Oct 26 07:00:00 2022 GMT
unset GLOBUS_LOCATION
/etc/grid-security/doegrids/doegrids-hash-check
. . .
# Put in dummy files
/bin/cat > /etc/grid-security/globus-host-ssl.conf <<'END'
#!/bin/bash
echo "This file ($0) is a dummy file" 1>&2
exit 1
END
/bin/chmod 0744 /etc/grid-security/globus-host-ssl.conf
/bin/cp -ip /etc/grid-security/globus-{host,user}-ssl.conf
# As root on randerson-lt.pppl.gov
# Get host certificate
cd /etc/grid-security
export GLOBUS_LOCATION=/usr/local/fusiongrid
/etc/grid-security/doegrids/doegrids-cert-request -host randerson-lt.pppl.gov
. . .
The private key is stored in /etc/grid-security/hostkey.pem
The request is stored in /etc/grid-security/hostcert_request.pem
Please go to https://pki1.doegrids.org and choose the
"Grid or SSL Server" menu item on the Enrollment page
Then and cut and paste the file
/etc/grid-security/hostcert_request.pem into the PKCS#10 text field.
To install this host certificate, follow the URL link in the
message sent to you by the CA, and cut and paste the
"Base64 encoded certificate" into the /etc/grid-security/hostcert.pem
. . .
/etc/grid-security/doegrids/verify-chain-for-ee-cert hostcert.pem
Checking CApath /etc/grid-security/certificates
hostcert.pem: OK
o Add fusiongrid support to certificates
cd ~randerso/fusiongrid
url=http://www.fusiongrid.org/certs.tar
wget $url
cd /etc/grid-security/certificates
/bin/tar xpf ~randerso/fusiongrid/certs.tar 304672b7.0 304672b7.signing_policy
o Open firewall
System->Administration>Security Level and Firewall
2119/tcp
2811/tcp
50000-50009/tcp
60000-60009/tcp
o Check globus client software
export GLOBUS_LOCATION=/usr/local/fusiongrid
export PATH=$GLOBUS_LOCATION/bin:$PATH
myproxy-get-delegation -s cert.fusiongrid.org -l lranderson
globus-job-submit transpgrid.pppl.gov /bin/date
globus-url-copy file:///etc/redhat-release gsiftp://transpgrid.pppl.gov/tmp/lew_101.txt
globus-url-copy gsiftp://transpgrid.pppl.gov/tmp/lew_101.txt file:///tmp/lew_102.txt
export GLOBUS_TCP_PORT_RANGE=50000,50009
globus-job-run transpgrid.pppl.gov /bin/date
o Set up globus server without ROAM
/bin/cat > /etc/xinetd.d/gsiftp <<'END'
service gsiftp
{
instances = 100
socket_type = stream
wait = no
user = root
env += GLOBUS_TCP_PORT_RANGE=60000,60009
env += GLOBUS_LOCATION=/usr/local/fusiongrid
env += LD_LIBRARY_PATH=/usr/local/fusiongrid/lib
server = /usr/local/fusiongrid/sbin/globus-gridftp-server
server_args = -i
log_on_success += DURATION
nice = 10
disable = no
}
END
/bin/cat > /etc/xinetd.d/gsigatekeeper<<'END
service gsigatekeeper
{
socket_type = stream
protocol = tcp
wait = no
user = root
env += GLOBUS_TCP_PORT_RANGE=60000,60009
env += LD_LIBRARY_PATH=/usr/local/fusiongrid/lib
server = /usr/local/fusiongrid/sbin/globus-gatekeeper
server_args = -conf /usr/local/fusiongrid/etc/globus-gatekeeper.conf
disable = no
}
/sbin/service xinetd.d reload
# For test purposes, should remove before ROAM tests
/bin/cat >> /etc/grid-security/grid-mapfile <<'END'
"/DC=org/DC=FusionGrid/OU=People/CN=Lewis Elvin Randerson 210592" randerso
END
o Test globus server without ROAM
# On sunfire03 as randerso
module load globus
export MYPROXY_SERVER_DN="/DC=org/DC=doegrids/OU=Services/CN=cert.fusiongrid.org"
myproxy-get-delegation -s cert.fusiongrid.org -l lranderson
glbus-job-run randerson-lt /bin/date
globus-url-copy file:///etc/redhat-release gsiftp://randerson-lt.pppl.gov/tmp/lew_201.txt
globus-url-copy gsiftp://randerson-lt.pppl.gov/tmp/lew_201.txt file:///tmp/lew_202.txt
o Add roam access and mdsplus
export GLOBUS_LOCATION=/usr/local/fusiongrid
export LD_LIBRARY_PATH=/usr/local/fusiongrid/lib
cd /home/randerso/fusiongrid
cd mdsplus
./configure --exec_prefix=/usr/local/fusiongrid --with-xio=/usr/local/fusiongrid:gcc32 1>log.configure_stdout 2>log.configure_stderr
find . -name makefile-header -exec rm -f {} \;
/usr/bin/make 1>log.make_stdout 2>log.make_stderr
/bin/cp -ip rpm/fglogin /usr/local/fusiongrid/bin
/usr/bin/make install 1>log.make_install_stdout 2>log.make_install_stderr
o Update mdsplus specific files
/usr/local/fusiongrid/
setup.sh
setup.csh
etc/envsyms
local/envsyms
local/roam.env
MDSPLUS_DIR=/usr/local/fusiongrid
echo "GLOBUS_LOCATION $MDSPLUS_DIR" >> $MDSPLUS_DIR/etc/envsyms
echo "include $MDSPLUS_DIR/local/roam.env" > $MDSPLUS_DIR/local/envsyms
echo "MYPROXY_SERVER cert.fusiongrid.org" >> $MDSPLUS_DIR/local/envsyms
echo "ROAM_SERVER roam.fusiongrid.org" > $MDSPLUS_DIR/local/roam.env
echo "ROAM_SITE_RESOURCE PPPL" >> $MDSPLUS_DIR/local/roam.env
echo "ROAM_MDSIPS_RESOURCE MYDATA" >> $MDSPLUS_DIR/local/roam.env
echo "ROAM_GRIDFTP_RESOURCE TRANSP" >> $MDSPLUS_DIR/local/roam.env
echo "ROAM_JOBMANAGER_RESOURCE TRANSP" >> $MDSPLUS_DIR/local/roam.env
echo "ROAM_GRIDFTP_GUEST_ACCOUNT nobody" >> $MDSPLUS_DIR/local/roam.env
echo "ROAM_MDSIP_RESOURCE TRANSP" >> $MDSPLUS_DIR/local/roam.env
echo "ROAM_MDSIP_GUEST_ACCOUNT" >> $MDSPLUS_DIR/local/roam.env
o Use PPPL tdi/roam hacks
(If you setup ROAM correctly for your site, this is not needed.)
S=/home/randerso/roam
T=/usr/local/fusiongrid/tdi/roam
FILES="check_access_mdsips.fun check_access_jobmanager.fun check_access_file.fun"
for f in $FILES ; do
/bin/cp -ip $T/$f{,.org}
/bin/cp -ip $S/$f $T/$f
done
o Add roam connection to /etc/grid-security
# As randerso on randerson-lt
MDSPLUS_DIR=/usr/local/fusiongrid
source /usr/local/fusiongrid/setup.sh
/bin/mkdir callout
/usr/local/fusiongrid/setup/globus/setup-globus-gaa-authz-callout -d callout
# As root on randerson-lt
/bin/cp -i ~randerso/callout/gsi*.conf /etc/grid-security
file=/etc/grid-security/gsi-authz.conf
line="globus_mapping /usr/local/fusiongrid/lib/libRoam roam_gridmap_callout"
echo "$line" >> $file
o Make gatekeeper script and gridftp script
/bin/cat /usr/local/fusiongrid/sbin/globus-gatekeeper-sh
#!/bin/sh
MDSPLUS_DIR=/usr/local/fusiongrid
. $MDSPLUS_DIR/setup.sh
$MDSPLUS_DIR/sbin/globus-gatekeeper -conf $MDSPLUS_DIR/etc/globus-gatekeeper.conf
/bin/cat /usr/local/fusiongrid/sbin/globus-gridftp-server-sh
#!/bin/sh
MDSPLUS_DIR=/usr/local/fusiongrid
. $MDSPLUS_DIR/setup.sh
$MDSPLUS_DIR/sbin/globus-gridftp-server -log-module syslog -log-level ALL -i
o FIX UP xinetd gsigatekeeper and xinetd gsiftp
/bin/cat /etc/xinetd.d/gsigatekeeper
service gsigatekeeper
{
socket_type = stream
protocol = tcp
wait = no
user = root
env += GLOBUS_TCP_PORT_RANGE=60000,60009
server = /usr/local/fusiongrid/sbin/globus-gatekeeper-sh
disable = no
}
service gsiftp
{
instances = 100
socket_type = stream
wait = no
user = root
env += GLOBUS_TCP_PORT_RANGE=60000,60009
server = /usr/local/fusiongrid/sbin/globus-gridftp-server-sh
log_on_success += DURATION
nice = 10
disable = no
}
o Handle ports for MDSplus with ROAM
/bin/cat >> /etc/services <<'END'
mdsip 8000/tcp # Added for MDSplus
mdsips 8200/tcp # Added for MDSplus
END
System->Administration>Security Level and Firewall
8000
8200
o Update mdsipd / mdsipsd for ROAM
file=/usr/local/fusiongrid/bin/mdsipd
/bin/sed -i.org 's#MDSPLUS_DIR=.*#MDSPLUS_DIR=/usr/local/fusiongrid#' $file
file=/usr/local/fusiongrid/bin/mdsipsd
/bin/sed -i.org 's#MDSPLUS_DIR=.*#MDSPLUS_DIR=/usr/local/fusiongrid#' $file
file=/usr/local/fusiongrid/bin/mdsipsd
/bin/cat > /etc/xinetd.d/mdsip <<'END'
service mdsip
{
socket_type = stream
instances = UNLIMITED
cps = 1000 5
wait = no
user = root
server = /usr/local/fusiongrid/bin/mdsipd
}
END
/bin/cat > /etc/xinetd.d/mdsips <<'END'
service mdsips
{
socket_type = stream
instances = UNLIMITED
cps = 1000 5
wait = no
user = root
server = /usr/local/fusiongrid/bin/mdsipsd
}
END
/sbin/service xinetd reload
2009-07-20 -- Test
# on portal.pppl.gov
module load mdsplus
myproxy-get-delegation -s cert.fusiongrid.org -l lranderson
idl
idl>mdsconnect, "_randerson-lt.pppl.gov"