+
Disclosure: this tutorial is intended for legacy applications which mandatory need the version 4.0.x of Globus Toolkit. If you don’t have an impelling reason to install that particular version, it is highly recommended that you install the latest version available of Globus Toolkit from its official web site and follow the installation guide of the official documentation.
- Install Sun JDK 1.6 following these instructions;
- install Perl XML Parser:
root:# yum -y install perl-XML-Parser
- install and configure PostgreSQL 7.1+:
root:# yum install -y postgresql-server postgresql-odbc root:# service postgresql start root:# ntsysv
scroll down the list of services until you reach postgresql, select the checkbox beside it and press OK in order to automatically load the service at every boot;
root:# vim /var/lib/pgsql/data/postgresql.conf
uncomment the line beginning with “listen_addresses” by removing the initial #, and set it to listen_addresses = ‘*’
root:# vim /var/lib/pgsql/data/pg_hba.conf
add the following line to the bottom of the file, replacing the “160.100.100.111” with the public external IP:
host rftDatabase "globus" "160.100.100.111" 255.255.255.255 md5
then run:
root:# service postgresql restart
- create the ant environment variables:
root:# mkdir /usr/share/java/lib root:# cp /usr/share/java/ant-1.6.5.jar /usr/share/java/lib root:# cp /usr/share/java/ant-launcher-1.6.5.jar /usr/share/java/lib
- create the file /etc/profile.d/ant.sh and paste into it:
export ANT_HOME=/usr/share/java export JAVA_HOME=/usr/lib/jvm/java-1.6.0-sun-1.6.0.11 export PATH=${PATH}:${ANT_HOME}/bin
then run:
root:# chmod +x /etc/profile.d/ant.sh root:# source /etc/profile.d/ant.sh
note: when you change your java virtual machine (JVM) version through the alternatives system remember you need to edit the ant.sh accordingly, that is you must replace “jdk1.6.0_06” with the name of the directory of the new JVM version you switched to, and then you must log out and log back in in order to make the changes have effect;
- create the globus environment variables:
root:# vim /etc/profile.d/globus.sh
and paste into it the following lines:
export GLOBUS_LOCATION=/usr/local/globus-4.0.8 export GLOBUS_OPTIONS=-Xmx1024m PATH=$PATH:$GLOBUS_LOCATION/bin source $GLOBUS_LOCATION/etc/globus-user-env.sh
Note: by default on Sun JVMs a 64MB maximum heap size is used. It is recommended to increase the maximum heap size of the JVM when running the container. Above we have set the maximum JVM heap size to 1024MB with the GLOBUS_OPTIONS=-Xmx1024m. To figure out a reasonable -Xmx you should ensure that the total of the -Xmx settings does not exceed the “spare” memory on your server. You can figure your “spare” memory by stopping your Java processes and starting up everything else that is normally running on your server. By running “free -m” you may know how much memory you are using. If you subtract that value from your total memory and then subtract a bit more (for safety) that will be the maximum you should allocate with -Xmx.
Then run:
root:# chmod +x /etc/profile.d/globus.sh
- create a user named “globus”:
root:# useradd globus root:# passwd globus
- now for the Globus Toolkit installation you can choose between either procedure (1) (which will take several hours to complete) or procedure (2) (quicker).
- Install from the official Globus Toolkit source installer (as globus user):
- download the Full Toolkit Source Installer from here and place it in your globus user home directory;
- do not apply the Java 1.6 patch: despite the fact that the software prerequisites of the Globus Toolkit 4.0.x installation guide states that in order to install the toolkit from the source installer using Java 6 you must apply a given patch, unofficial sources from the gt-user mailing-list, together with our own experience, suggest that Globus Toolkit 4.0.8 doesn’t actually need this patch, because it already supports Java 6.
- run the following commands:
root:# mkdir /usr/local/globus-4.0.8/ root:# chown globus. /usr/local/globus-4.0.8/ root:# source /etc/profile.d/globus.sh
- enter the directory where you have downloaded the installer, then run:
globus:$ tar xjvf gt4.0.8-all-source-installer.tar.bz2 globus:$ cd gt4.0.8-all-source-installer globus:$ ./configure --prefix=/usr/local/globus-4.0.8/ --with-iodbc=/usr/lib globus:$ make | tee installer.log
…
(time for a coffee break here, the build will take over an hour, possibly longer depending on how fast your machine is)
… - if everything went fine in the end you should see “Your build completed successfully. Please run make install”; so now run:
globus:$ make install
- Install from the unofficial Globus Toolkit binaries compiled by me for CentOS 5.2:
- as root, download the Globus Toolkit CentOS 5.2 binaries from here;
- move the downloaded file in your /user/local/ directory;
- enter that directory and run:
root:# tar xzvf gt4.0.8-x86_centos_5.2-installer.tar.gz root:# source /etc/profile.d/globus.sh root:# chown globus. -R globus-4.0.8/
- then as globus user run:
globus:$GLOBUS_LOCATION/sbin/gpt-postinstall
- Install from the official Globus Toolkit source installer (as globus user):
- if your machine is under a DHCP server then you must add an entry to your /etc/hosts file putting the IP address and full the hostname of the machine (e.g. 160.100.100.11 hostname.example.com)
- run:
root:# vim /etc/grid-security/grid-mapfile
copy and paste into the grid-mapfile all the distinguished names of the users and machines which are going to use your container; for example:
"/O=Grid/OU=Monty Python/CN=Graham Chapman" graham "/O=Grid/OU=Monty Python/CN=John Cleese" john "/O=Grid/OU=Monty Python/CN=Terry Gilliam" terry "/O=Grid/OU=Monty Python/CN=Eric Idle" eric "/O=Grid/OU=Monty Python/CN=Terry Jones" terry "/O=Grid/OU=Monty Python/CN=Michael Palin" michael "/O=Grid/CN=host/mercury.domain.com" globus "/O=Grid/CN=host/venus.domain.com" globus "/O=Grid/CN=host/earth.domain.com" globus "/O=Grid/CN=host/mars.domain.com" globus
- do the Security set up by following these instructions;
- at the end of the procedure your certificates should be inside the /etc/grid-security directory and they should have the following permissions and owners:
-rw-r--r-- 1 globus globus 2710 2005-11-15 07:48 containercert.pem -r-------- 1 globus globus 887 2005-11-15 07:48 containerkey.pem -rw-r--r-- 1 root root 2710 2005-11-15 07:47 hostcert.pem -r-------- 1 root root 887 2005-11-15 07:40 hostkey.pem
where containercert.pem is a copy of hostcert.pem, and containerkey.pem is a copy of hostkey.pem. If the permissions or owners are not as indicated above then you can change them by running:
root:# chown globus. containercert.pem containerkey.pem root:# chown root. hostcert.pem hostkey.pem root:# chmod 644 containercert.pem hostcert.pem root:# chmod 400 containerkey.pem hostkey.pem
- install GridFTP:
- run:
root:# yum install -y xinetd
- create the file /etc/xinetd.d/gridftp and paste into it:
service gsiftp { instances = 100 socket_type = stream wait = no user = root env += GLOBUS_LOCATION=/usr/local/globus-4.0.8 env += LD_LIBRARY_PATH=/usr/local/globus-4.0.8/lib env += GLOBUS_TCP_PORT_RANGE=50000,55000 server = /usr/local/globus-4.0.8/sbin/globus-gridftp-server server_args = -i log_on_success += DURATION nice = 10 disable = no }
- run:
root:# service xinetd start
- run:
- configure RFT:
- run:
root:# su postgres -c "createuser -P globus"
when prompted answer to the questions in the following way:
Shall the new role be a superuser? (y/n) n Shall the new role be allowed to create databases? (y/n) y Shall the new role be allowed to create more new roles? (y/n) n
- run:
globus:$ createdb rftDatabase globus:$ psql -d rftDatabase -f $GLOBUS_LOCATION/share/globus_wsrf_rft/rft_schema.sql
- open the file $GLOBUS_LOCATION/etc/globus_wsrf_rft/jndi-config.xml
- look for the “dbConfiguration” resource and:
- change the “password” parameter from “foo” to the one you entered when creating the user globus in PostgresSQL;
- also check that the value of the “connectionString” parameter contains the full address of your machine (e.g. “jdbc:postgresql://machine.domain.org/rftDatabase”).
- run:
- configure GRAM:
- run:
root:# visudo
and add the two following lines:
globus ALL=(username1,username2) NOPASSWD: /usr/local/globus-4.0.8/libexec/globus-gridmap-and-execute -g /etc/grid-security/grid-mapfile /usr/local/globus-4.0.8/libexec/globus-job-manager-script.pl * globus ALL=(username1,username2) NOPASSWD: /usr/local/globus-4.0.8/libexec/globus-gridmap-and-execute -g /etc/grid-security/grid-mapfile /usr/local/globus-4.0.8/libexec/globus-gram-local-proxy-tool *
where the user names “username1” and “username2” are to be substituted with a comma-separated list of usernames that you actually want the user “globus” to be able to sudo to (i.e. “jack,tom”). Also, make sure these two entries are each on a single line. If there are any line breaks within an entry then it won’t work.
- to check whether GRAM is working run as normal user:
user:$ globusrun-ws -submit -c /bin/touch touched_it
if everything is working fine you should see something like this:
Submitting job...Done. Job ID: uuid:6adb70fa-62d1-11dc-92fe-0013d46f2605 Termination time: 09/15/2007 14:47 GMT Current job state: Active Current job state: CleanUp Current job state: Done Destroying job...Done.
- run:
- configure your firewall according to this extensive documentation.
- Essentially you need to set up both the firewall of the machine where you installed Globus Toolkit and the router to which the machine is connected in order to accept traffic on ports 8443 (for the Globus Container), 2811 (for Gridftp) 8080 (for the Globus Container with no security) plus the port range set in the GLOBUS_TCP_PORT_RANGE variable in the Gridftp script (we used 50000-55000 in this tutorial). You can do that either by accepting all traffic to those ports or accepting only the one coming from known machines.
- To see the rules currently enforced by your firewall run:
root:# cat /etc/sysconfig/iptables
- if the client and server of your application resides on different networks, you may get an error like the following:
org.globus.common.ChainedIOException: Authentication failed [Caused by: Operation unauthorized (Mechanism level: Authorization failed. Expected "/CN=host/192.168.0.50" target but received "/O=KGrid/CN=host/your.globus.machine.domain.net")]
then you need to add the following line to your /etc/hosts file
192.168.0.50 your.globus.machine.domain.net
where 192.168.0.50 is the local IP address of the LAN where the Globus machine is connected.
Errors reports and suggestions are more than welcome. Please leave a comment if you have faced and solved a problem which is not mentioned here or even only to say whether this tutorial has been of any help to you.
Some other installation notes for globus on CentOS can be found at this page.