Globus 2.4 configuration
From Research Computing
This page refers to the installation of software that is now obsolete, apart from the certificate authority. As of the end of April, the Research Computing group plans to upgrade to the Globus Toolkit version 4.
| Table of contents |
[edit]
Download and install the GPT package from www.globus.org
This requires PERL 5 or greater. The instructions from www.globus.org require no additional comment.
Unzip and untar the file:
% gzip -dc gpt-*.tar.gz | tar xf -
This will create a directory named "gpt-version/". cd into the directory:
% cd gpt-*
Run build_gpt. This will install GPT into $GPT_LOCATION.
% ./build_gpt
[edit]
Install the globus server binaries for linux.
[root@monad globus2.4]# $GPT_LOCATION/sbin/gpt-install globus-all-server-2.4.0-i686-pc-linux-gnu-bin.tar.gz
globus_common-gcc32dbg-rtl ver: 3.10 cmp id: 3.10.0 successfully installed. globus_common-gcc32dbgpthr-rtl ver: 3.10 cmp id: 3.10.0 successfully installed. globus_data_conversion-gcc32dbg-rtl ver: 2.0 cmp id: 2.0.0 successfully installed. globus_duct_common-gcc32dbg-rtl ver: 2.0 cmp id: 2.0.0 successfully installed. globus_gatekeeper_setup-noflavor-pgm ver: 2.0 cmp id: 2.0.0 successfully installed. globus_gram_job_manager-noflavor-data ver: 3.12 cmp id: 3.12.0 successfully installed. globus_gram_job_manager_setup-noflavor-doc ver: 3.2 cmp id: 3.2.0 successfully installed. globus_gram_job_manager_setup-noflavor-pgm ver: 3.2 cmp id: 3.2.0 successfully installed. globus_gram_job_manager_setup_fork-noflavor-pgm ver: 1.1 cmp id: 1.1.0 successfully installed. globus_gram_protocol-noflavor-data ver: 5.0 cmp id: 5.0.2 successfully installed. globus_gram_protocol-noflavor-doc ver: 5.0 cmp id: 5.0.2 successfully installed. globus_gram_reporter-noflavor-data ver: 2.0 cmp id: 2.0.0 successfully installed. globus_gram_reporter_setup_fork-noflavor-pgm ver: 1.0 cmp id: 1.0.0 successfully installed. globus_libtool-gcc32dbgpthr-rtl ver: 1.4.2 cmp id: 0.3.0 successfully installed. globus_mds_common_setup-noflavor-pgm ver: 2.4 cmp id: 2.4.0 successfully installed. globus_mds_gris-gcc32dbgpthr-pgm ver: 2.5 cmp id: 2.5.0 successfully installed. globus_mp-gcc32dbg-rtl ver: 2.0 cmp id: 2.0.0 successfully installed. globus_openssl-gcc32dbg-rtl ver: 0.15 cmp id: 0.15.0 successfully installed. globus_openssl-gcc32dbgpthr-pgm ver: 0.15 cmp id: 0.15.0 successfully installed. globus_openssl-gcc32dbgpthr-rtl ver: 0.15 cmp id: 0.15.0 successfully installed. globus_user_env-noflavor-data ver: 2.2 cmp id: 2.2.0 successfully installed. globus_common-gcc32dbgpthr-pgm ver: 3.10 cmp id: 3.10.0 successfully installed. globus_gass_cache-gcc32dbg-rtl ver: 5.0 cmp id: 5.0.0 successfully installed. globus_gram_job_manager-noflavor-doc ver: 3.12 cmp id: 3.12.0 successfully installed. globus_gsi_cert_utils-gcc32dbg-pgm ver: 0.8 cmp id: 0.8.0 successfully installed. globus_gsi_proxy_ssl-gcc32dbg-rtl ver: 1.0 cmp id: 1.0.0 successfully installed. globus_gsi_proxy_ssl-gcc32dbgpthr-rtl ver: 1.0 cmp id: 1.0.0 successfully installed. globus_rsl-gcc32dbg-rtl ver: 3.0 cmp id: 3.0.1 successfully installed. globus_common_setup-noflavor-pgm ver: 2.2 cmp id: 2.2.0 successfully installed. globus_gram_reporter-gcc32dbg-rtl ver: 2.0 cmp id: 2.0.0 successfully installed. globus_gss_assist-gcc32dbg-pgm ver: 3.5 cmp id: 3.5.0 successfully installed. globus_openssl_module-gcc32dbg-rtl ver: 0.3 cmp id: 0.3.0 successfully installed. globus_openssl_module-gcc32dbgpthr-rtl ver: 0.3 cmp id: 0.3.0 successfully installed. globus_rsl_assist-gcc32dbg-rtl ver: 2.0 cmp id: 2.0.0 successfully installed. globus_trusted_ca_42864e48_setup-noflavor-pgm ver: 0.5 cmp id: 0.5.0 successfully installed. globus_gram_reporter-gcc32dbg-pgm ver: 2.0 cmp id: 2.0.0 successfully installed. globus_gsi_openssl_error-gcc32dbg-rtl ver: 0.4 cmp id: 0.4.0 successfully installed. globus_gsi_openssl_error-gcc32dbgpthr-rtl ver: 0.4 cmp id: 0.4.0 successfully installed. globus_gsi_cert_utils-gcc32dbg-rtl ver: 0.8 cmp id: 0.8.0 successfully installed. globus_gsi_cert_utils-gcc32dbgpthr-rtl ver: 0.8 cmp id: 0.8.0 successfully installed. globus_gsi_sysconfig-gcc32dbg-rtl ver: 0.6 cmp id: 0.6.0 successfully installed. globus_gsi_sysconfig-gcc32dbgpthr-rtl ver: 0.6 cmp id: 0.6.0 successfully installed. globus_gsi_callback-gcc32dbg-rtl ver: 0.7 cmp id: 0.7.0 successfully installed. globus_gsi_callback-gcc32dbgpthr-rtl ver: 0.7 cmp id: 0.7.0 successfully installed. globus_gsi_credential-gcc32dbg-rtl ver: 0.8 cmp id: 0.8.0 successfully installed. globus_gsi_credential-gcc32dbgpthr-rtl ver: 0.8 cmp id: 0.8.0 successfully installed. globus_gsi_proxy_core-gcc32dbg-rtl ver: 0.5 cmp id: 0.5.0 successfully installed. globus_gsi_proxy_core-gcc32dbgpthr-rtl ver: 0.5 cmp id: 0.5.0 successfully installed. globus_gssapi_gsi-gcc32dbg-rtl ver: 3.11 cmp id: 3.11.0 successfully installed. globus_gssapi_gsi-gcc32dbgpthr-rtl ver: 3.11 cmp id: 3.11.0 successfully installed. globus_proxy_utils-gcc32dbg-pgm ver: 0.6 cmp id: 0.6.0 successfully installed. globus_gss_assist-gcc32dbg-rtl ver: 3.5 cmp id: 3.5.0 successfully installed. globus_gss_assist-gcc32dbgpthr-rtl ver: 3.5 cmp id: 3.5.0 successfully installed. globus_sasl_gssapi_gsi-gcc32dbgpthr-rtl ver: 0.2 cmp id: 0.2.0 successfully installed. globus_cyrus-sasl-gcc32dbgpthr-rtl ver: 1.5.27 cmp id: 0.4.0 successfully installed. globus_gatekeeper-gcc32dbg-pgm ver: 2.4 cmp id: 2.4.0 successfully installed. globus_io-gcc32dbg-rtl ver: 4.0 cmp id: 4.0.1 successfully installed. globus_ftp_control-gcc32dbg-rtl ver: 1.8 cmp id: 1.8.0 successfully installed. globus_gass_transfer-gcc32dbg-rtl ver: 2.4 cmp id: 2.4.0 successfully installed. globus_gram_protocol-gcc32dbg-rtl ver: 5.0 cmp id: 5.0.2 successfully installed. globus_nexus-gcc32dbg-rtl ver: 6.2 cmp id: 6.2.0 successfully installed. globus_openldap-gcc32dbgpthr-rtl ver: 2.0.22 cmp id: 0.6.0 successfully installed. globus_duct_control-gcc32dbg-rtl ver: 2.0 cmp id: 2.0.0 successfully installed. globus_ftp_client-gcc32dbg-rtl ver: 1.9 cmp id: 1.9.0 successfully installed. globus_gass_server_ez-gcc32dbg-rtl ver: 2.3 cmp id: 2.3.0 successfully installed. globus_gram_client-gcc32dbg-rtl ver: 4.1 cmp id: 4.1.1 successfully installed. globus_gridftp_server-gcc32dbg-pgm ver: 1.6 cmp id: 1.6.0 successfully installed. globus_ldapmodules-gcc32dbgpthr-rtl ver: 0.11 cmp id: 0.11.0 successfully installed. globus_mds_back_giis-gcc32dbgpthr-rtl ver: 0.9 cmp id: 0.9.0 successfully installed. globus_openldap-gcc32dbgpthr-pgm ver: 2.0.22 cmp id: 0.6.0 successfully installed. globus_gass_copy-gcc32dbg-rtl ver: 2.9 cmp id: 2.9.0 successfully installed. globus_gass_server_ez-gcc32dbg-pgm ver: 2.3 cmp id: 2.3.0 successfully installed. globus_mds_common-gcc32dbgpthr-pgm ver: 2.5 cmp id: 2.5.0 successfully installed. globus_mds_gris_setup-noflavor-pgm ver: 2.9 cmp id: 2.9.0 successfully installed. globus_gass_cache_program-gcc32dbg-pgm ver: 2.6 cmp id: 2.6.0 successfully installed. globus_gass_copy-gcc32dbg-pgm ver: 2.9 cmp id: 2.9.0 successfully installed. globus_gram_job_manager-gcc32dbg-pgm ver: 3.12 cmp id: 3.12.0 successfully installed.
[edit]
Install the globus client binaries for linux
[root@monad globus2.4]# $GPT_LOCATION/sbin/gpt-install globus-all-client-2.4.0-i686-pc-linux-gnu-bin.tar.gz globus_proxy_wrapper-noflavor-pgm ver: 0.1 cmp id: 0.1.0 successfully installed. globus_duroc_common-gcc32dbg-rtl ver: 2.0 cmp id: 2.0.0 successfully installed. globus_duroc_control-gcc32dbg-rtl ver: 2.0 cmp id: 2.0.0 successfully installed. globus_hostname2contacts-gcc32dbgpthr-pgm ver: 1.0 cmp id: 1.0.0 successfully installed. globus_gram_client_tools-gcc32dbg-pgm ver: 3.5 cmp id: 3.5.1 successfully installed. [root@monad globus2.4]# $GPT_LOCATION/sbin/gpt-build globus_simple_ca_bundle-latest.tar.gz gcc32dbg gpt-build ====> Changing to /root/globus2.4/globus_core-2.13/ gpt-build ====> BUILDING FLAVOR gcc32dbg gpt-build ====> Changing to /root/globus2.4 gpt-build ====> REMOVING empty package globus_core-gcc32dbg-pgm_static gpt-build ====> REMOVING empty package globus_core-noflavor-doc gpt-build ====> CHECKING BUILD DEPENDENCIES FOR globus_simple_ca gpt-build ====> Changing to /root/globus2.4/BUILD/globus_simple_ca-0.8/ gpt-build ====> BUILDING FLAVOR gcc32dbg gpt-build ====> Changing to /root/globus2.4 gpt-build ====> REMOVING empty package globus_simple_ca-gcc32dbg-dev gpt-build ====> REMOVING empty package globus_simple_ca-gcc32dbg-pgm_static gpt-build ====> REMOVING empty package globus_simple_ca-gcc32dbg-rtl gpt-build ====> REMOVING empty package globus_simple_ca-noflavor-data gpt-build ====> REMOVING empty package globus_simple_ca-noflavor-doc gpt-build ====> CHECKING BUILD DEPENDENCIES FOR globus_simple_ca_setup gpt-build ====> Changing to /root/globus2.4/BUILD/globus_simple_ca_setup-0.12/ gpt-build ====> BUILDING FLAVOR gpt-build ====> Changing to /root/globus2.4 gpt-build ====> REMOVING empty package globus_simple_ca_setup-noflavor-data gpt-build ====> REMOVING empty package globus_simple_ca_setup-noflavor-dev gpt-build ====> REMOVING empty package globus_simple_ca_setup-noflavor-doc gpt-build ====> REMOVING empty package globus_simple_ca_setup-noflavor-pgm_static gpt-build ====> REMOVING empty package globus_simple_ca_setup-noflavor-rtl
[edit]
Run the postinstall command
[root@monad globus2.4]# $GPT_LOCATION/sbin/gpt-postinstall running /opt/gt2/setup/globus/setup-globus-common... creating globus-sh-tools-vars.sh creating globus-script-initializer creating Globus::Core::Paths checking globus-hostname Done running /opt/gt2/setup/globus/setup-globus-gatekeeper... Creating gatekeeper configuration file... Done Creating gatekeeper log directory... Done Creating grid services directory... Done running /opt/gt2/setup/globus/setup-globus-mds-common... Creating... /opt/gt2/etc/grid-info.conf Done running /opt/gt2/setup/globus/setup-globus-mds-gris... Creating... /opt/gt2/sbin/SXXgris /opt/gt2/libexec/grid-info-script-initializer /opt/gt2/libexec/grid-info-mds-core /opt/gt2/libexec/grid-info-common /opt/gt2/libexec/grid-info-cpu* /opt/gt2/libexec/grid-info-fs* /opt/gt2/libexec/grid-info-mem* /opt/gt2/libexec/grid-info-net* /opt/gt2/libexec/grid-info-platform* /opt/gt2/libexec/grid-info-os* /opt/gt2/etc/grid-info-resource-ldif.conf /opt/gt2/etc/grid-info-resource-register.conf /opt/gt2/etc/grid-info-resource.schema /opt/gt2/etc/grid.gridftpperf.schema /opt/gt2/etc/gridftp-resource.conf /opt/gt2/etc/gridftp-perf-info /opt/gt2/etc/grid-info-slapd.conf /opt/gt2/etc/grid-info-site-giis.conf /opt/gt2/etc/grid-info-site-policy.conf /opt/gt2/etc/grid-info-server-env.conf /opt/gt2/etc/grid-info-deployment-comments.conf Done
[edit]
Run the simple ca setup to create the simple CA
If the simple CA has been set up on another host and you have received a package file from your local grid CA of the form:
globus_simple_ca_[CA-HASH]_setup.tar.gz
where [CA-HASH] is a set of numbers/letters which uniquely identify the CA, then skip to step 6.
$GPT_LOCATION/sbin/gpt_build globus_simple_ca_bundle-latest.tar.gz gcc32dbg
$GPT_LOCATION/sbin/gpt-postinstall
running /opt/gt2/setup/globus/setup-simple-ca...
C e r t i f i c a t e A u t h o r i t y S e t u p
This script will setup a Certificate Authority for signing Globus users’ certificates. It will also generate a
simple CA package that can be distributed to the users of the CA.
The CA information about the certificates it distributes will be kept in:
/root/.globus/simpleCA/
ERROR: It looks like a CA has already been setup at this location. Do you want to overwrite this CA? (y/n) [n]:y
The unique subject name for this CA is:
cn=Globus Simple CA, ou=simpleCA-monad.gc.cuny.edu, ou=GlobusTest, o=Grid
Do you want to keep this as the CA subject (y/n) [y]:n
Enter a unique subject name for this CA:cn=CunyGridCA, ou=GraduateCenterGrid, o=CUNY
Enter the email of the CA (this is the email where certificate requests will be sent to be signed by the
CA):flengyel@gc.cuny.edu
The CA certificate has an expiration date. Keep in mind that once the CA certificate has expired, all the
certificates signed by that CA become invalid. A CA should regenerate the CA certificate and start re-issuing
ca-setup packages before the actual CA certificate expires. This can be done by re-running this setup script.
Enter the number of DAYS
the CA certificate should last before it expires.[default: 5 years (1825 days)]:
Using configuration from /root/.globus/simpleCA//grid-ca-ssl.conf
Generating a 1024 bit RSA private key .......................++++++ ........++++++ writing new private key to
'/root/.globus/simpleCA//private/cakey.pem'
Enter PEM pass phrase:
Verifying password - Enter PEM pass phrase:
-----
You are about to be asked to enter information that will be incorporated into your certificate request. What you
are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave
some blank For some fields there will be a default value, If you enter '.', the field will be left blank.
-----
Level 0 Organization [CUNY]:Level 0 Organizational Unit [GraduateCenterGrid]:Name (e.g., John M. Smith) []:
creating CA config package...creating cache ./config.cache checking whether to enable maintainer-specific
portions of Makefiles... no Dependencies Complete checking for a BSD compatible install... /usr/bin/install -c
checking whether build environment is sane... yes checking whether make sets ${MAKE}... yes checking for working
aclocal... found checking for working autoconf... found checking for working automake... found checking for
working autoheader... found checking for working makeinfo... found checking for gnutar... no checking for gtar...
/bin/gtar updating cache ./config.cache creating ./config.status creating Makefile creating pkgdata/Makefile
creating pkgdata/pkg_data_src.gpt rm -rf globus_simple_ca_844eb767_setup-0.12
mkdir globus_simple_ca_844eb767_setup-0.12
chmod 777 globus_simple_ca_844eb767_setup-0.12
for subdir in pkgdata; do if test "$subdir" = .; then :; else test -d
globus_simple_ca_844eb767_setup-0.12/$subdir || mkdir globus_simple_ca_844eb767_setup-0.12/$subdir || exit 1;
chmod 777 globus_simple_ca_844eb767_setup-0.12/$subdir; (cd $subdir && make
top_distdir=../globus_simple_ca_844eb767_setup-0.12 distdir=../globus_simple_ca_844eb767_setup-0.12/$subdir
distdir) || exit 1; fi; done
make[1]: Entering directory `/tmp/root_tmp_ca_setup/pkgdata'
make[1]: Leaving directory `/tmp/root_tmp_ca_setup/pkgdata' make
top_distdir="globus_simple_ca_844eb767_setup-0.12" distdir="globus_simple_ca_844eb767_setup-0.12" dist-hook
make[1]: Entering directory `/tmp/root_tmp_ca_setup' /opt/gpt/sbin/gpt_create_automake_rules --excludes=doxygen
-srcdir=globus_simple_ca_844eb767_setup-0.12
make[1]: Leaving directory `/tmp/root_tmp_ca_setup'
chmod -R a+r globus_simple_ca_844eb767_setup-0.12
GZIP=--best /bin/gtar chozf globus_simple_ca_844eb767_setup-0.12.tar.gz globus_simple_ca_844eb767_setup-0.12
rm -rf globus_simple_ca_844eb767_setup-0.12
done.
A self-signed certificate has been generated for the Certificate Authority with the subject:
/O=CUNY/OU=GraduateCenterGrid/CN=CunyGridCA
If this is invalid, rerun this script
/opt/gt2/setup/globus/setup-simple-ca
and enter the appropriate fields.
The private key of the CA is stored in /root/.globus/simpleCA//private/cakey.pem
The public CA certificate is stored in /root/.globus/simpleCA//cacert.pem
The distribution package built for this CA is stored in
/root/.globus/simpleCA//globus_simple_ca_844eb767_setup-0.12.tar.gz
This file must be distributed to any host wishing to request certificates from this CA.
CA setup complete.
The following commands will now be run to setup the security configuration files for this CA:
$GPT_LOCATION/sbin/gpt-build -install-only \ /root/.globus/simpleCA//globus_simple_ca_844eb767_setup-0.12.tar.gz
$GPT_LOCATION/sbin/gpt-postinstall
gpt-build ====> CHECKING BUILD DEPENDENCIES FOR globus_simple_ca_844eb767_setup gpt-build ====> Changing to
/opt/gt2/setup/globus/BUILD/globus_simple_ca_844eb767_setup-0.12/
gpt-build ====> BUILDING FLAVOR
make distclean
make: *** No rule to make target `distclean'. Stop.
gpt-build ====> Changing to /opt/gt2/setup/globus
gpt-build ====> REMOVING empty package globus_simple_ca_844eb767_setup-noflavor-data
gpt-build ====> REMOVING empty package globus_simple_ca_844eb767_setup-noflavor-dev
gpt-build ====> REMOVING empty package globus_simple_ca_844eb767_setup-noflavor-doc
gpt-build ====> REMOVING empty package globus_simple_ca_844eb767_setup-noflavor-pgm_static
gpt-build ====> REMOVING empty package globus_simple_ca_844eb767_setup-noflavor-rtl
setup-ssl-utils: Configuring ssl-utils package
Running setup-ssl-utils-sh-scripts...
Note: To complete setup of the GSI software you need to run the following script as root to configure your
security configuration directory:
/opt/gt2/setup/globus_simple_ca_844eb767_setup/setup-gsi
For further information on using the setup-gsi script, use the -help option. The -default option sets this
security configuration to be the default, and -nonroot can be used on systems where root access is not available.
setup-ssl-utils: Complete
running /opt/gt2/setup/globus/setup-ssl-utils...
setup-ssl-utils: Configuring ssl-utils package
Running setup-ssl-utils-sh-scripts...
Note: To complete setup of the GSI software you need to run the following script as root to configure your
security configuration
directory:
/opt/gt2/setup/globus/setup-gsi
For further information on using the setup-gsi script, use the -help option. The -nonroot can be used on systems
where root access is not available.
setup-ssl-utils: Complete
running /opt/gt2/setup/globus/setup-globus-gram-job-manager...
Creating state file directory.
Done.
Reading gatekeeper configuration file...
Warning: Host cert file: /etc/grid-security/hostcert.pem not found. Re-run
setup-globus-gram-job-manager after installing host cert file. Determining system information... Creating job
manager configuration file... Done running /opt/gt2/setup/globus/setup-globus-job-manager-fork...
loading cache ./config.cache
checking for mpirun... /usr/pgi/linux86/bin/mpirun
updating cache ./config.cache
creating ./config.status
creating fork.pm
running /opt/gt2/setup/globus/setup-globus-gram-reporter-fork...
Setting up fork gram reporter in MDS
Done
[edit]
Install the CA setup tarball
# $GPT_LOCATION/sbin/gpt-build -install-only globus_simple_ca_844eb767_setup-0.12.tar.gz
gpt-build ====> CHECKING BUILD DEPENDENCIES FOR globus_simple_ca_844eb767_setup gpt-build ====> Changing to /root/globus2.4/BUILD/globus_simple_ca_844eb767_setup-0.12/ gpt-build ====> BUILDING FLAVOR make distclean make: *** No rule to make target `distclean'. Stop. gpt-build ====> Changing to /root/globus2.4 gpt-build ====> REMOVING empty package globus_simple_ca_844eb767_setup-noflavor-data gpt-build ====> REMOVING empty package globus_simple_ca_844eb767_setup-noflavor-dev gpt-build ====> REMOVING empty package globus_simple_ca_844eb767_setup-noflavor-doc gpt-build ====> REMOVING empty package globus_simple_ca_844eb767_setup-noflavor-pgm_static gpt-build ====> REMOVING empty package globus_simple_ca_844eb767_setup-noflavor-rtl
[edit]
Run the postinstall
[root@grid globus2.4]# $GPT_LOCATION/sbin/gpt-postinstall
running /opt/gt2/setup/globus/./setup-ssl-utils.844eb767... setup-ssl-utils: Configuring ssl-utils package Running setup-ssl-utils-sh-scripts... Note: To complete setup of the GSI software you need to run the following script as root to configure your security configuration directory: /opt/gt2/setup/globus_simple_ca_844eb767_setup/setup-gsi For further information on using the setup-gsi script, use the -help option. The -default option sets this security configuration to be the default, and -nonroot can be used on systems where root access is not available. setup-ssl-utils: Complete running /opt/gt2/setup/globus/setup-ssl-utils... setup-ssl-utils: Configuring ssl-utils package Running setup-ssl-utils-sh-scripts... Note: To complete setup of the GSI software you need to run the following script as root to configure your security configuration directory: /opt/gt2/setup/globus/setup-gsi For further information on using the setup-gsi script, use the -help option. The -nonroot can be used on systems where root access is not available. setup-ssl-utils: Complete
[edit]
Run the ca setup distribution package with the default option
/opt/gt2/setup/globus_simple_ca_844eb767_setup/setup-gsi -default
[edit]
Install the SGE job manager and job reporter modules
$GPT_LOCATION/sbin/gpt-build globus_gram_job_manager_setup_sge-0.9.tar.gz $GPT_LOCATION/sbin/gpt-postinstall $GPT_LOCATION/sbin/gpt-build globus_gram_reporter_setup_sge-0.8.tar.gz $GPT_LOCATION/sbin/gpt-postinstall
[edit]
Generate and sign host, LDAP and user certificates
a. generate the host certificate
cd /etc/grid-security grid-cert-request -service host –host monad.gc.cuny.edu
b. sign the certificate
$GLOBUS_LOCATION/bin/grid-ca-sign –in hostcert_request.pem –out hostcert.pem
c. generate the LDAP certificate
grid-cert-request -service ldap –host monad.gc.cuny.edu
This creates the LDAP certificate request in /etc/grid-security/ldap.
d. Sign the certificate
cd /etc/grid-security grid-cert-request -service host –host monad.gc.cuny.edu $GLOBUS_LOCATION/bin/grid-ca-sign –in ldapcert_request.pem –out ldapcert.pem
e. User certificates are generated and signed following the procedure in the IBM Grid Toolbox system administration guide.
User setup will be documented elsewhere.
[edit]
Add services to /etc/services
# Local services gsigatekeeper 2119/tcp # Globus Gatekeeper gsiftp 2811/tcp # Globus GridFTP
[edit]
Add configurations files to /etc/xinetd.d and restart xinetd
a. Create a file /etc/xinetd.d/globus-gatekeeper with the following contents (note that the configuration for the IBM Globus Toolbox works for the Globus Toolkit, version 2.4):
service gsigatekeeper
{
socket_type = stream
protocol = tcp
wait = no
user = root
env = LD_LIBRARY_PATH=/opt/gt2/lib
server = /opt/gt2/sbin/globus-gatekeeper
server_args = -conf /opt/gt2/etc/globus-gatekeeper.conf
disable = no
env = GLOBUS_TCP_PORT_RANGE=40000,40500
}
b. Create a file /etc/xinetd.d/globus-gatekeeper with the following contents:
service gsiftp
{
instances = 1000
socket_type = stream
wait = no
user = root
env = LD_LIBRARY_PATH=/opt/gt2/lib
server = /opt/gt2/sbin/in.ftpd
server_args = -l -a -G /opt/gt2
log_on_success += DURATION USERID
log_on_failure += USERID
nice = 10
disable = no
env = GLOBUS_TCP_PORT_RANGE=40000,40500
}
