Disclosure: this tutorial is intended for legacy applications which mandatory need the version 4.0.x of Globus Toolkit. If you don’t have an impelling reason to install that particular version, it is highly recommended that you install the latest version available of Globus Toolkit from its official web site and follow the installation guide of the official documentation.
To install Ubuntu 10.04 server, download its iso from here and create a startup USB drive using UNetbootin (don’t use Startup Disk Creator, its latest version is not compatible with Ubuntu 10.04). Once booted from the USB drive, at the Unetbootin grub menu, scroll down to the same “Install Ubuntu server” option and press TAB. Bring your cursor to the end of this line and press space once, enter
cdrom-detect/try-usb=true
and press enter to start the installation.
- (1) if you want to build Globus Toolkit download gt4.0.8-all-source-installer from:
http://www.globus.org/toolkit/downloads/4.0.8/
alternatively, if you want to save about one hour, you can use the prebuilt binary installer: you can find it in the right menu of this page. Either way proceed with the next step;
root@host:~#
apt-get update
apt-get install vim ant build-essential libpod-* postgresql
xinetd zlib1g-dev libiodbc2 libiodbc2-dev libxml-parser-perl libxml2-dev
export JAVA_HOME=/usr/lib/jvm/jdk1.6.0_34
export ANT_HOME=/usr/share/ant
export GLOBUS_LOCATION=/usr/local/globus-4.0.8
export GLOBUS_OPTIONS="-Xms512M -Xmx2048M"
source $GLOBUS_LOCATION/etc/globus-user-env.sh
export PATH=$ANT_HOME/bin:$JAVA_HOME/bin:$PATH:$GLOBUS_LOCATION/bin
then log out and back in;
root@host:~# service postgresql start
- (6) open “/etc/postgresql/8.4/main/postgresql.conf”, uncomment the line beginning with “listen_addresses” and set it to listen to all addresses in the following way:
listen_addresses = '*'
- (7) open “/etc/postgresql/8.4/main/pg_hba.conf” and add the following line at the bottom:
host rftDatabase "globus" "x.x.x.x" 255.255.255.255 md5
where “x.x.x.x” is your public IP address;
- (8) add a non-privilged user with “globus” as username by runnng:
root@host:~# adduser globus
then add the globus group to all the users you want to use the globus container from:
root@host:~# adduser username globus
then log out and back in;
root@host:~# service postgresql restart
- (10) if you have downloaded the binary installer then extract it into /usr/local/ and run:
root@host:~# chown globus. -R /usr/local/globus-4.0.8/
globus@host:~$ $GLOBUS_LOCATION/sbin/gpt-postinstall
and jump to step (17); if you have downloaded the source installer then proceed with the next step;
root@host:~#
mkdir /usr/local/globus-4.0.8/
chown globus. /usr/local/globus-4.0.8/
- (12) extract the content of gt4.0.8-all-source-installer you have downloaded into globus’ home directory;
- (13) log in as globus user or run from terminal “su – globus”;
- (14) enter the directory where you extracted the content of gt4.0.8-all-source-installer and run:
globus@host:~$
./configure --prefix=/usr/local/globus-4.0.8/ --with-iodbc=/usr/lib
make | tee installer.log
this process may take a few hours, depending on your hardware configuration (about one hour on an Intel Core 2 Duo CPU T6500 at 2.10GHz);
- (15) make a tarfile of /usr/local/globus-4.0.8/ so that you won’t have to rebuild it to install it on other machines; you can untar it on other machines and run $GLOBUS_LOCATION/sbin/gpt-postinstall
- (16) run:
globus@host:~$ make install
- (17) get the “distribution package” (a tar.gz file) from your Certification Authority (CA). If you don’t have one you will need to set up a CA in one of your machine following these instructions. Once you have the distribution package copy it on all your server machines and run the following four commands:
root@host:~#
$GLOBUS_LOCATION/sbin/gpt-build your_ca.tar.gz
$GLOBUS_LOCATION/sbin/gpt-postinstall
$GLOBUS_LOCATION/setup/your_ca/setup-gsi
$GLOBUS_LOCATION/bin/grid-default-ca
All the grid nodes on which you want to be able to submit jobs must have installed the public key file (e.g. 0a298c77.0) and the policy file (e.g. 0a298c77.signing_policy) of the CA into the directory /etc/grid-security/certificates;
root@host:~#
cd /etc/grid-security/
cp hostcert.pem containercert.pem
cp hostkey.pem containerkey.pem
chown globus. container*
chown root. hostcert.pem hostkey.pem
chmod 644 containercert.pem hostcert.pem
chmod 400 containerkey.pem hostkey.pem
- (19) still in the /etc/grid-security/ directory create a file named “grid-mapfile” and paste into it the users and hosts of your grid, like in the following example:
"/O=Grid/OU=Monty Python/CN=Graham Chapman" graham
"/O=Grid/OU=Monty Python/CN=John Cleese" john
"/O=Grid/OU=Monty Python/CN=Terry Gilliam" terry
"/O=Grid/OU=Monty Python/CN=Eric Idle" eric
"/O=Grid/OU=Monty Python/CN=Terry Jones" terry
"/O=Grid/OU=Monty Python/CN=Michael Palin" michael
"/O=Grid/CN=host/mercury.domain.com" globus
"/O=Grid/CN=host/venus.domain.com" globus
"/O=Grid/CN=host/earth.domain.com" globus
"/O=Grid/CN=host/mars.domain.com" globus
then run:
root@host:~#
chown globus. /etc/grid-security/grid-mapfile
chmod 660 /etc/grid-security/grid-mapfile
grid-mapfile-check-consistency
- (20) make sure your hostname is associated with your public IP. The following entry which is created by default in your /etc/hosts:
127.0.1.1 hostname
should be removed, if your hostname is already mapped to an IP in your DNS server; if it’s not mapped then it should be modified into:
x.x.x.x hostname
where x.x.x.x is your public IP. Furthermore, make sure your parent domain is listed and your DNS servers are properly set in your /etc/resolv.conf
- (21) create the file /etc/xinetd.d/gridftp and paste into it the following code:
service gsiftp
{
instances = 100
socket_type = stream
wait = no
user = root
env += GLOBUS_LOCATION=/usr/local/globus-4.0.8
env += LD_LIBRARY_PATH=/usr/local/globus-4.0.8/lib
env += GLOBUS_TCP_PORT_RANGE=50000,55000
server = /usr/local/globus-4.0.8/sbin/globus-gridftp-server
server_args = -i
log_on_success += DURATION
nice = 10
disable = no
}
root@host:~# service xinetd restart
- (23) now to configure RFT run:
root@host:~# su postgres -c "createuser -P globus"
enter the globus user password when prompted and then answer in the following way to the following questions:
Shall the new role be a superuser? (y/n) n
Shall the new role be allowed to create databases? (y/n) y
Shall the new role be allowed to create more new roles? (y/n) n
globus@host:~$
createdb rftDatabase
psql -d rftDatabase -f $GLOBUS_LOCATION/share/globus_wsrf_rft/rft_schema.sql
- (25) open $GLOBUS_LOCATION/etc/globus_wsrf_rft/jndi-config.xml (if it’s missing run as user globus the command $GLOBUS_LOCATION/sbin/gpt-postinstall). Look into the “dbConfiguration” section: make sure the userName value is not “root” but “globus”, then change the content of “password” from “foo” to the password for the globus user you have previously set in postgres. Also ensure that “connectionString” contains the fully qualified domain name of your host (e.g. “jdbc:postgresql://your.host.full.domain.com/rftDatabase”).
- (26) to check whether RFT is working, start a globus container with:
globus@host:~$ globus-start-container
and leave it running. In a separate terminal run:
user@host:~$ vim /tmp/rft.xfr
Copy and paste the following code, making sure to modify “container.hostname” with your container hostname or IP:
true
16000
16000
false
1
true
1
null
null
false
10
gsiftp://container.hostname:2811/etc/group
gsiftp://container.hostname:2811/tmp/rftTest_Done.tmp
then run:
user@host:~$
grid-proxy-init
rft -h container.hostname -f /tmp/rft.xfr
To check whether the transfer has been correctly performed run:
user@host:~$ diff /etc/group /tmp/rftTest_Done.tmp
- (27) now to configure GRAM run:
globus@host:~$
vim /usr/local/globus-4.0.8/lib/perl/Globus/GRAM/ExtensionsHandler.pm
and remove the % character in front of $attributes at lines 161 and 174.
- (28) to give the user globus the privileges to run tasks on behalf of another user run:
root@host:~# visudo
and paste at the bottom the following two lines:
globus ALL=(username1,username2) NOPASSWD:
/usr/local/globus-4.0.8/libexec/globus-gridmap-and-execute -g
/etc/grid-security/grid-mapfile
/usr/local/globus-4.0.8/libexec/globus-job-manager-script.pl *
globus ALL=(username1,username2) NOPASSWD:
/usr/local/globus-4.0.8/libexec/globus-gridmap-and-execute -g
/etc/grid-security/grid-mapfile
/usr/local/globus-4.0.8/libexec/globus-gram-local-proxy-tool *
where the user names “username1” and “username2” are to be substituted with a comma-separated list of usernames that you actually want the user “globus” to be able to sudo to (that is all the users of your grid). Also, make sure these two entries are each on a single line. If there are any line breaks within an entry then it won’t work;
- (29) to check whether GRAM is working, start a globus container with:
globus@host:~$ globus-start-container
and leave it running. In a separate terminal run:
user@host:~$ globusrun-ws -submit -c /bin/true
Submitting job...Done.
Job ID: uuid:3304e3f2-55f2-11da-8b8f-00d0b7b7c0bc
Termination time: 11/16/2005 16:09 GMT
Current job state: Active
Current job state: CleanUp
Current job state: Done
Destroying job...Done.
user@host:~$ echo $?
0
user@host:~$ globusrun-ws -submit -c /bin/false
Submitting job...Done.
Job ID: uuid:456b7c9a-55f2-11da-9b0d-00d0b7b7c0bc
Termination time: 11/16/2005 16:09 GMT
Current job state: Active
Current job state: CleanUp
Current job state: Done
Destroying job...Done.
user@host:~$ echo $?
1