Category Archives: HowTos

Globus Toolkit 4.0.x troubleshooting

Disclosure: this troubleshooting is intended for legacy applications which mandatory need the version 4.0.x of Globus Toolkit. If you don’t have an impelling reason to install that particular version, it is highly recommended that you install the latest version available of Globus Toolkit from its official web site and follow the installation guide of the official documentation.

See also the official Globus Toolkit admin guide troubleshooting.

~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~

ERROR service.ReliableFileTransferImpl [main,<init>:76] Unable to setup database driver with pooling.Connection refused. Check that the hostname and port are correct and that the postmaster is accepting TCP/IP connections

  • open /etc/postgresql/X.Y/main/postgresql.conf(where X.Y is current PostgreSQL version) and check that the line beginning with “listen_addresses” is not commented (i.e. the line should not begin with a #) and is set to listen to all addresses, in the following way:
    listen_addresses = '*'
  • open /etc/postgresql/X.Y/main/pg_hba.conf” and check that the last line looks like:
    host rftDatabase "globus" "x.x.x.x" 255.255.255.255 md5

    where “x.x.x.x” is your public IP address. If you are using Globus Toolkit on your local machine for testing purposes then using 127.0.0.1 should be fine, although in this case you won’t be able to access Globus services outside your machine;

  • check that PostgreSQL is up and running and on which port:
    sudo netstat -tulpn | grep postgres
  • PostgreSQL should run on port 5432. The default port number may be automatically changed (usually to 5433) as result of a version upgrade. To change it back to 5432 edit the /etc/postgresql/X.Y/main/postgresql.conf and the stop and start the service (warning: a restart won’t be enough) with:
    sudo service postgresql stop
    sudo service postgresql start
  • to check whether PostgreSQL is running properly on the 5432 port run:
    telnet localhost 5432
  • the message “telnet: Unable to connect to remote host: Connection refused” would mean either PostgreSQL is not running, or is running on the wrong port. If you get “Connected to localhost.localdomain. Escape character is ‘^]’.” then PostgreSQL is fine.

~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~

ERROR service.ReliableFileTransferImpl [main,<init>:76] Unable to setup database driver with pooling.A connection error has occurred: FATAL:  password authentication failed for user “root”

  • open $GLOBUS_LOCATION/etc/globus_wsrf_rft/jndi-config.xmland look into the “dbConfiguration” section:
    • make sure the userName value is not “root” but “globus”;
    • make sure the “password” value is not “foo” but the password for the globus user you have previously set in postgres;
    • make sure the “connectionString” value contains the fully qualified domain name of your host (e.g. “jdbc:postgresql://your.host.full.domain.com/rftDatabase”).
  • make sure you are running globus-start-container as globus user.

~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~

ERROR service.ReliableFileTransferImpl [main,<init>:76] Unable to setup database driver with pooling.A connection error has occurred: FATAL:  password authentication failed for user “globus”

  • you may have forgotten to create the globus user in postgres. To fix it follow the steps 22 and 23 on this tutorial.
~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~

/O=YourCA/CN=Name Surname” is not authorized to use operation: http://www.globus.org/08/2004/delegationService}requestSecurityToken on this service

  • ensure that in your /etc/grid-security/grid-mapfile there is a line containing the Subject of your usercert.pem (note that you need to change the ‘, ‘ with ‘/’), followed by a user on the server machine (you can use globus if you don’t have a user account on that machine). For example:
    "O=YourCA/CN=Name Surname" globus

    Stop and restart your Globus container for changes to take effect.

~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~

client.GramJob keeps displaying annoying INFO

  • edit /usr/local/globus-4.0.8/container-log4j.properties and set the log4j.category.org.globus variable to WARN so that it will look this way:
    log4j.category.org.globus=WARN

~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~

exec.StateMachine [RunQueueThread_2,createFaultFromErrorCode:3181] Unhandled fault code 201

Job … failed. Description: Error code: 201 Cause: org.globus.exec.generated.FaultType: Error code: 201 caused by [0: org.oasis.wsrf.faults.BaseFaultType: Script stderr:

Can’t locate Globus/GRAM/JobManager/fork.pm in @INC (@INC contains: /etc/perl /usr/local/lib/perl/5.12.4 /usr/local/share/perl/5.12.4 /usr/lib/perl5 /usr/share/perl5 /usr/lib/perl/5.12 /usr/share/perl/5.12 /usr/local/lib/site_perl . /usr/local/globus-4.0.8/lib/perl) at (eval 1) line 2.]

  • you have probably missed one step during the installation of Globus Toolkit. To fix that, run the following command as globus user:
    $GLOBUS_LOCATION/sbin/gpt-postinstall

~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~

exec.StateMachine [RunQueueThread_2,createFaultFromErrorCode:3181] Unhandled fault code 201

Job … failed. Description: Error code: 201 Cause: org.globus.exec.generated.FaultType: Error code: 201 caused by [0: org.oasis.wsrf.faults.BaseFaultType: Script stderr:

Using a hash as a reference is deprecated at /usr/local/globus-4.0.8/lib/perl/Globus/GRAM/ExtensionsHandler.pm line 161.Using a hash as a reference is deprecated at /usr/local/globus-4.0.8/lib/perl/Globus/GRAM/ExtensionsHandler.pm line 174.]

  • there seems to be a bug in Perl 5.x, or some kind of incompatibility issue between Perl 5.x and Globus Toolkit 4.0.x. To fix that, you need to edit the file lib/perl/Globus/GRAM/ExtensionsHandler.pm and remove the % character in front of $attributes at lines 161 and 174.

~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~

The file $GLOBUS_LOCATION/etc/globus_wsrf_rft/jndi-config.xml is missing

  • you have probably missed one step during the installation of Globus Toolkit. To fix that, run the following command as globus user:
    $GLOBUS_LOCATION/sbin/gpt-postinstall

~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~

My client application does not receive any notification from the server.

  • make sure the client and the server nodes resides in the same local area network and that there is no interference by a firewall or NAT router. To avoid NAT router problems try adding in the /etc/hosts of each one of your server nodes the following entry:
    x.x.x.x hostname fully.qualified.hostname

    where x.x.x.x is the server public IP.

~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~

java.lang.RuntimeException: File map configuration file /usr/local/globus-4.0.8/etc/gram-service/globus_gram_fs_map_config.xml has no mappings.
at org.globus.exec.service.exec.utils.FileMapping.<init>(FileMapping.java:66).

  • your /usr/local/globus/etc/gram-service/globus_gram_fs_map_config.xml is corrupted or wasn’t created during the Globus Toolkit installation as it was supposed to. Download this file (right click and choose save as), put it in /usr/local/globus/etc/gram-service/ and replace ????? with the hostname of your machine.

~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~

Authentication failed [Caused by: Operation unauthorized (Mechanism level: Authorization failed.
Expected “/CN=host/localhost” target but received “/O=…/OU=…/CN=host/…”)]

  • The /etc/grid-security/grid-mapfile of your server machine may be misconfigured. Make sure the values of O, OU e CN are the same as those of your user’s usercert.pem certificate file.

Install Globus Toolkit 4.0.8 on Ubuntu 10.04 LTS

Ubuntu 10.04

Disclosure: this tutorial is intended for legacy applications which mandatory need the version 4.0.x of Globus Toolkit. If you don’t have an impelling reason to install that particular version, it is highly recommended that you install the latest version available of Globus Toolkit from its official web site and follow the installation guide of the official documentation.

To install Ubuntu 10.04 server, download its iso from here and create a startup USB drive using UNetbootin (don’t use Startup Disk Creator, its latest version is not compatible with Ubuntu 10.04). Once booted from the USB drive, at the Unetbootin grub menu, scroll down to the same “Install Ubuntu server” option and press TAB. Bring your cursor to the end of this line and press space once, enter

cdrom-detect/try-usb=true

and press enter to start the installation.

  • (1) if you want to build Globus Toolkit download gt4.0.8-all-source-installer from:

http://www.globus.org/toolkit/downloads/4.0.8/

alternatively, if you want to save about one hour, you can use the prebuilt binary installer: you can find it in the right menu of this page. Either way proceed with the next step;

  • (2) run:
root@host:~#
apt-get update

apt-get install vim ant build-essential libpod-* postgresql 
xinetd zlib1g-dev libiodbc2 libiodbc2-dev libxml-parser-perl libxml2-dev
export JAVA_HOME=/usr/lib/jvm/jdk1.6.0_34
export ANT_HOME=/usr/share/ant
export GLOBUS_LOCATION=/usr/local/globus-4.0.8
export GLOBUS_OPTIONS="-Xms512M -Xmx2048M"
source $GLOBUS_LOCATION/etc/globus-user-env.sh
export PATH=$ANT_HOME/bin:$JAVA_HOME/bin:$PATH:$GLOBUS_LOCATION/bin

then log out and back in;

  • (5) run:
root@host:~# service postgresql start
  • (6) open “/etc/postgresql/8.4/main/postgresql.conf”, uncomment the line beginning with “listen_addresses” and set it to listen to all addresses in the following way:
listen_addresses = '*'
  • (7) open “/etc/postgresql/8.4/main/pg_hba.conf” and add the following line at the bottom:
host rftDatabase "globus" "x.x.x.x" 255.255.255.255 md5

where “x.x.x.x” is your public IP address;

  • (8) add a non-privilged user with “globus” as username by runnng:
root@host:~# adduser globus

then add the globus group to all the users you want to use the globus container from:

root@host:~# adduser username globus

then log out and back in;

  • (9) run:
root@host:~# service postgresql restart
  • (10) if you have downloaded the binary installer then extract it into /usr/local/ and run:
root@host:~# chown globus. -R /usr/local/globus-4.0.8/
globus@host:~$ $GLOBUS_LOCATION/sbin/gpt-postinstall

and jump to step (17); if you have downloaded the source installer then proceed with the next step;

  • (11) run:
root@host:~# 
mkdir /usr/local/globus-4.0.8/
chown globus. /usr/local/globus-4.0.8/
  • (12) extract the content of gt4.0.8-all-source-installer you have downloaded into globus’ home directory;
  • (13) log in as globus user or run from terminal “su – globus”;
  • (14) enter the directory where you extracted the content of gt4.0.8-all-source-installer and run:
globus@host:~$ 
./configure --prefix=/usr/local/globus-4.0.8/ --with-iodbc=/usr/lib
make | tee installer.log

this process may take a few hours, depending on your hardware configuration (about one hour on an Intel Core 2 Duo CPU T6500 at 2.10GHz);

  • (15) make a tarfile of /usr/local/globus-4.0.8/ so that you won’t have to rebuild it to install it on other machines; you can untar it on other machines and run $GLOBUS_LOCATION/sbin/gpt-postinstall
  • (16) run:
globus@host:~$ make install
  • (17) get the “distribution package” (a tar.gz file) from your Certification Authority (CA). If you don’t have one you will need to set up a CA in one of your machine following these instructions. Once you have the distribution package copy it on all your server machines and run the following four commands:
root@host:~#
$GLOBUS_LOCATION/sbin/gpt-build your_ca.tar.gz
$GLOBUS_LOCATION/sbin/gpt-postinstall
$GLOBUS_LOCATION/setup/your_ca/setup-gsi
$GLOBUS_LOCATION/bin/grid-default-ca

All the grid nodes on which you want to be able to submit jobs must have installed the public key file (e.g. 0a298c77.0) and the policy file (e.g. 0a298c77.signing_policy) of the CA into the directory /etc/grid-security/certificates;

  • (18) run:
root@host:~#
cd /etc/grid-security/
cp hostcert.pem containercert.pem
cp hostkey.pem containerkey.pem
chown globus. container*
chown root. hostcert.pem hostkey.pem
chmod 644 containercert.pem hostcert.pem
chmod 400 containerkey.pem hostkey.pem
  • (19) still in the /etc/grid-security/ directory create a file named “grid-mapfile” and paste into it the users and hosts of your grid, like in the following example:
"/O=Grid/OU=Monty Python/CN=Graham Chapman" graham
"/O=Grid/OU=Monty Python/CN=John Cleese" john
"/O=Grid/OU=Monty Python/CN=Terry Gilliam" terry
"/O=Grid/OU=Monty Python/CN=Eric Idle" eric
"/O=Grid/OU=Monty Python/CN=Terry Jones" terry
"/O=Grid/OU=Monty Python/CN=Michael Palin" michael

"/O=Grid/CN=host/mercury.domain.com" globus
"/O=Grid/CN=host/venus.domain.com" globus
"/O=Grid/CN=host/earth.domain.com" globus
"/O=Grid/CN=host/mars.domain.com" globus

then run:

root@host:~# 
chown globus. /etc/grid-security/grid-mapfile
chmod 660 /etc/grid-security/grid-mapfile
grid-mapfile-check-consistency
  • (20) make sure your hostname is associated with your public IP. The following entry which is created by default in your /etc/hosts:
127.0.1.1 hostname

should be removed, if your hostname is already mapped to an IP in your DNS server; if it’s not mapped then it should be modified into:

x.x.x.x hostname

where x.x.x.x is your public IP. Furthermore, make sure your parent domain is listed and your DNS servers are properly set in your /etc/resolv.conf

  • (21) create the file /etc/xinetd.d/gridftp and paste into it the following code:
service gsiftp
{
instances       = 100
socket_type     = stream
wait            = no
user            = root
env             += GLOBUS_LOCATION=/usr/local/globus-4.0.8
env             += LD_LIBRARY_PATH=/usr/local/globus-4.0.8/lib
env             += GLOBUS_TCP_PORT_RANGE=50000,55000
server          = /usr/local/globus-4.0.8/sbin/globus-gridftp-server
server_args     = -i
log_on_success  += DURATION
nice            = 10
disable         = no
}
  • (22) run:
root@host:~# service xinetd restart
  • (23) now to configure RFT run:
root@host:~# su postgres -c "createuser -P globus"

enter the globus user password when prompted and then answer in the following way to the following questions:

Shall the new role be a superuser? (y/n) n
Shall the new role be allowed to create databases? (y/n) y
Shall the new role be allowed to create more new roles? (y/n) n
  • (24) run:
globus@host:~$
createdb rftDatabase
psql -d rftDatabase -f $GLOBUS_LOCATION/share/globus_wsrf_rft/rft_schema.sql
  • (25) open $GLOBUS_LOCATION/etc/globus_wsrf_rft/jndi-config.xml (if it’s missing run as user globus the command $GLOBUS_LOCATION/sbin/gpt-postinstall). Look into the “dbConfiguration” section:  make sure the userName value is not “root” but “globus”, then change the content of “password” from “foo” to the password for the globus user you have previously set in postgres. Also ensure that “connectionString” contains the fully qualified domain name of your host (e.g. “jdbc:postgresql://your.host.full.domain.com/rftDatabase”).
  • (26) to check whether RFT is working, start a globus container with:
globus@host:~$ globus-start-container

and leave it running. In a separate terminal run:

user@host:~$ vim /tmp/rft.xfr

Copy and paste the following code, making sure to modify “container.hostname” with your container hostname or IP:

true
16000
16000
false
1
true
1
null
null
false
10
gsiftp://container.hostname:2811/etc/group
gsiftp://container.hostname:2811/tmp/rftTest_Done.tmp

then run:

user@host:~$
grid-proxy-init
rft -h container.hostname -f /tmp/rft.xfr

To check whether the transfer has been correctly performed run:

user@host:~$ diff /etc/group /tmp/rftTest_Done.tmp
  • (27) now to configure GRAM run:
globus@host:~$
vim /usr/local/globus-4.0.8/lib/perl/Globus/GRAM/ExtensionsHandler.pm

and remove the % character in front of $attributes at lines 161 and 174.

  • (28) to give the user globus the privileges to run tasks on behalf of another user run:
root@host:~# visudo

and paste at the bottom the following two lines:

globus  ALL=(username1,username2) NOPASSWD: 
/usr/local/globus-4.0.8/libexec/globus-gridmap-and-execute -g 
/etc/grid-security/grid-mapfile 
/usr/local/globus-4.0.8/libexec/globus-job-manager-script.pl *

globus  ALL=(username1,username2) NOPASSWD: 
/usr/local/globus-4.0.8/libexec/globus-gridmap-and-execute -g 
/etc/grid-security/grid-mapfile 
/usr/local/globus-4.0.8/libexec/globus-gram-local-proxy-tool *

where the user names “username1” and “username2” are to be substituted with a comma-separated list of usernames that you actually want the user “globus” to be able to sudo to (that is all the users of your grid). Also, make sure these two entries are each on a single line. If there are any line breaks within an entry then it won’t work;

  • (29) to check whether GRAM is working, start a globus container with:
globus@host:~$ globus-start-container

and leave it running. In a separate terminal run:

user@host:~$ globusrun-ws -submit -c /bin/true
Submitting job...Done.
Job ID: uuid:3304e3f2-55f2-11da-8b8f-00d0b7b7c0bc
Termination time: 11/16/2005 16:09 GMT
Current job state: Active
Current job state: CleanUp
Current job state: Done
Destroying job...Done.

user@host:~$ echo $? 
0

user@host:~$ globusrun-ws -submit -c /bin/false
Submitting job...Done.
Job ID: uuid:456b7c9a-55f2-11da-9b0d-00d0b7b7c0bc
Termination time: 11/16/2005 16:09 GMT
Current job state: Active
Current job state: CleanUp
Current job state: Done
Destroying job...Done.

user@host:~$ echo $? 
1

Useful Linux howtos

Applications

  • to install Oracle Java JDK follow these instructions;
  • to compare files or directories use “Meld Diff Viewer”. You can install it by running:
    sudo apt-get install meld
  • to install Microsoft’s Core Font package run:
    sudo apt-get install ttf-mscorefonts-installer
  • to synchronize folders, files and make backups use “Conduit Synchronizer”. You can install it by running:
    sudo apt-get install conduit
  • to change grub settings (e.g. to change your default operating system, etc) install “StartUp Manager” by running:
    sudo apt-get install startupmanager
  • to automatically mount at boot your NTFS partitions install “Storage Device Manager” by running:
    sudo apt-get install pysdm
  • to set up a repository cache on your network so that once a package is downloaded from an official repository, all other machines will download it from your local area network, install squid-deb-proxy (and its client so the server downloaded updates get cached by the squid proxy and will also allow the server to install already-fetched updates via the proxy) on your server machine by running:
    sudo apt-get install squid-deb-proxy squid-deb-proxy-client

    then reboot your server machine. Clients can auto-discover caching-enabled machines in the local network by having the squid-deb-proxy-client package installed. To do that simply run:

    sudo apt-get install squid-deb-proxy-client

Information

  • to know your IP address:
    ifconfig | grep Bcast
  • to know your hardware details and save them in an html page run:
    lshw -html > your-file-name.html

    (a good idea is to generate one for each of your computers and save them up for future reference)

  • to check whether a certain package is installed:
    dpkg -l | grep packagename
  • to know whether you need to reboot a machine after updating the system via terminal check if the following file exists:
    /var/run/reboot-required
  • to test the speed of your hard drive run:
    sudo hdparm -t /dev/sd?
  • to list running services run:
    sudo netstat -tulpn
  • to check RAM speed, size and frequency:
    sudo dmidecode --type 17 | more
  • to know your processor details run:
    cat /proc/cpuinfo | grep name
  • to know the bios version of your motherboard run:
    sudo apt-get install smbios-utils
    sudo smbios-sys-info
  • to know the name of the Linux distribution installed on your machine run:
    lsb_release -a

    or, if that doesn’t work then run:

    cat /etc/issue
  • to have some system information of your machine run:
    uname -a
  • to see if your operating system architecture is 32-bit or 64-bit run:
    file /sbin/init
  • to list all users in your system from terminal, run:
    cat /etc/passwd | grep "/home" |cut -d: -f1

Operations

  • to configure your terminal commands history add one or more of the following lines to your ~/.bashrc file:
    • to change name of the file in which command history is saved:
      export HISTFILE=

      (the default value is ~/.bash_history)

    • to not save in the history certain command lines add them as a colon-separated list:
      export HISTIGNORE=
    • to not save a line matching any other previous entry in the history:
      export HISTCONTROL=ignoreboth
    • to change the number of commands to remember in the command history:
      export HISTSIZE=500

      (the default value is 500)

  • to add aliases system-wide you need to edit the file /etc/bash.bashrc For example, the following alias will provide a comprehensive update and clean operation:
    alias apt-update='sudo apt-get -f install
    && sudo apt-get autoremove -y
    && sudo apt-get autoclean -y
    && sudo apt-get clean -y
    && sudo apt-get update 
    && sudo apt-get upgrade -y --fix-missing'
  • to boot in text mode instead of graphical mode (GUI) open the /etc/default/grub file, locate the following line:
    GRUB_CMDLINE_LINUX_DEFAULT=”quiet splash“

    and change it to:

    GRUB_CMDLINE_LINUX_DEFAULT=”quiet splash text“

    and don’t forget to run ‘update-grub’ afterwards to update. If you need the graphical interface you can still have it by simply running “startx” once logged in.

  • to keep your computer’s time accurate follow these instructions;
  • to install fonts for system-wide run:
    mkdir /usr/share/fonts/truetype/myfonts
    cp [fonts] /usr/share/fonts/truetype/myfonts
    fc-cache -f -v
  • to add a new user via terminal run:
    sudo adduser username
  • to add a group to a userrun:
    sudo adduser username groupname
  • to modify the groups of a userrun:
    sudo usermod -G comma,separated,list,of,groupnames username
  • some useful command line shortcuts:
    • Ctrl-D: exit from the current session;
    • Ctrl-R: searching through the command history;
    • Ctrl-A: moves the cursor to the beginning of the command line;
    • Ctrl-E: moves the cursor to the end of the command line;
    • Ctrl-W: deletes the word immediately before the cursor;
    • Ctrl-K: deletes everything immediately after the cursor;
    • Ctrl-Y: undo a deletion.
  • to start a terminal maximized use the command
    gnome-terminal --window --maximize
  • to start a terminal in full screen use the command
    gnome-terminal --full-screen
  • to copy multiple files using scp use it like showed below:
    scp {file1,file2,file3} user@destination:~/
  • to speed up the ssh connection add “UseDNS no” (without quotation marks) at the end of your /etc/ssh/sshd_config and then run:
    sudo /etc/init.d/ssh reload
  • to add a new resolution to your monitor/display/screen run (assuming you want to add 1600×900):
    cvt 1600 900

    that will output something like this:

    Modeline "1600x900_60.00" 118.25 1600 1696 1856 2112 900 903 908 934 -hsync +vsync

    Copy the text following Modeline and paste it in the following command:

    xrandr --newmode "1600x900_60.00" 118.25 1600 1696 1856 2112 900 903 908 934 -hsync +vsync

    Then run the command xrandr alone:

    xrandr

    and note down the connected primary video source (should something like VGA-0, or VGA1). Supposing it’s VGA-0 then run:

    xrandr --addmode VGA-0 "1600x900_60.00"
  • to open/extract an eml file install munpack:
    sudo apt-get install mpack

    then run:

    munpack filename.eml -t
  • to chmod 775 sub-directories, files excluded:
    find /path/to/base/dir -type d -exec chmod 775 {} +

    to chmod 664 files recursively, sub-directories excluded:

    find /path/to/base/dir -type f -exec chmod 664 {} +

Develop Globus grid services with Eclipse

  • Windows – Preferences:
    • Java – Build Path – User Libraries :
      • press the “New…” button;
      • type “globus” as user library name and press OK;
      • press the “Add JARs…” button;
      • select all the JARs in your $GLOBUS_LOCATION/lib directory and press OK.
  • Run – Run Configurations…
    • under Java Application select your application (if you don’t see it in the list then try launching it once first);
    • select the Arguments tab;
      • in the VM arguments text box type:
        -DGLOBUS_LOCATION=${env_var:GLOBUS_LOCATION}

        (This will solve the “Failed to acquire notification consumer home instance from registry” problem)

    • select the Classpath tab;
      • select User Entries;
      • press the Advanced… button;
      • select Add Variable String;
      • press the Variables button;
      • choose env_var;
      • in the Argument field type in GLOBUS_LOCATION
      • press OK and OK.
        (This will solve the “No client transport named ‘https’ found!” problem)

Deployment scripts

In order to be able to develop and test our grid services as easily and quickly as possible, we will need to have:

  1. the full version of Globus Toolkit installed on your development machine;
  2. access to the globus and root users.

[ … under construction … ]

Tips & Tricks

When testing your application with services running on several different machines, it might be handy to:

  • open the terminals inside the same window using tabs (CTRL+SHIFT+T or File/Open Tab);
  • use authentication keys for ssh authentication in order to avoid having to type the same password over and over again. To do so run ‘ssh-keygen’ on your client machine, then copy your ~/.ssh/id_rsa.pub to the ~/.ssh/ directory of every user of every machine you need to frequently log in to;
  • use CTRL+R to search your command history when you need to run a command you have previously run;
  • use CTRL+SHIFT+C and CTRL+SHIFT+V to copy and paste text in terminal;

Install Sun JDK 1.6 on CentOS

CentOS logo

If you want to create the RPMs by yourself follow all the 3 steps, otherwise you can download the RPMs I created (thisthis and this) and skip the first 2 steps.

 

  1. as root run:
    root:# yum install -y rpm-build gcc gcc-c++ redhat-rpm-config
  2.  
     

  3. as normal user:
    • download from the JPackage archive the latest nosrc.rpm file (at the time of writing it is java-1.6.0-sun-1.6.0.11-1jpp.nosrc.rpm) and place it in your user home directory;
    •  

    • create the RPM building environment by running the two commands below:
      user:$ mkdir -p ~/rpmbuild/{BUILD,RPMS,SOURCES,SPECS,SRPMS}
      user:$ echo '%_topdir %(echo $HOME)/rpmbuild' > ~/.rpmmacros
    •  

    • download Sun JDK 1.6 update xx from here choosing the same version of the nosrc.rpm file you downloaded in the previous step (don’t get the rpm one) and place it in your ~/rpmbuild/SOURCES directory;
    •  

    • go in your home directory and rebuild the packages by running:
      user:$ rpmbuild --rebuild java-1.6.0-sun-1.6.0.11-1jpp.nosrc.rpm
  4.  
     

  5. as root:
    • go in your user’s ~/rpmbuild/RPMS/i586/ and run the following commands:
      root:# yum --nogpgcheck localinstall -y java-1.6.0-sun-1.6.0.11-1jpp.i586.rpm
      root:# yum --nogpgcheck localinstall -y java-1.6.0-sun-devel-1.6.0.11-1jpp.i586.rpm
      root:# yum --nogpgcheck localinstall -y java-1.6.0-sun-plugin-1.6.0.11-1jpp.i586.rpm
    •  

    • configure the Alternatives system and choose the JDK you want:
      root:# alternatives --config java

Install Globus Toolkit 4.0.x on CentOS

+

CentOS logo

Disclosure: this tutorial is intended for legacy applications which mandatory need the version 4.0.x of Globus Toolkit. If you don’t have an impelling reason to install that particular version, it is highly recommended that you install the latest version available of Globus Toolkit from its official web site and follow the installation guide of the official documentation.

  1. Install Sun JDK 1.6 following these instructions;
  2. install Perl XML Parser:
    root:# yum -y install perl-XML-Parser
  3. install and configure PostgreSQL 7.1+:
    root:# yum install -y postgresql-server postgresql-odbc
    root:# service postgresql start
    root:# ntsysv

    scroll down the list of services until you reach postgresql, select the checkbox beside it and press OK in order to automatically load the service at every boot;

    root:# vim /var/lib/pgsql/data/postgresql.conf

    uncomment the line beginning with “listen_addresses” by removing the initial #, and set it to listen_addresses = ‘*’

    root:# vim /var/lib/pgsql/data/pg_hba.conf

    add the following line to the bottom of the file, replacing the “160.100.100.111” with the public external IP:

    host rftDatabase "globus" "160.100.100.111" 255.255.255.255 md5

    then run:

    root:# service postgresql restart
  4. create the ant environment variables:
    root:# mkdir /usr/share/java/lib
    root:# cp /usr/share/java/ant-1.6.5.jar /usr/share/java/lib
    root:# cp /usr/share/java/ant-launcher-1.6.5.jar /usr/share/java/lib
  5. create the file /etc/profile.d/ant.sh and paste into it:
    export ANT_HOME=/usr/share/java
    export JAVA_HOME=/usr/lib/jvm/java-1.6.0-sun-1.6.0.11
    export PATH=${PATH}:${ANT_HOME}/bin

    then run:

    root:# chmod +x /etc/profile.d/ant.sh
    root:# source /etc/profile.d/ant.sh

    note: when you change your java virtual machine (JVM) version through the alternatives system remember you need to edit the ant.sh accordingly, that is you must replace “jdk1.6.0_06” with the name of the directory of the new JVM version you switched to, and then you must log out and log back in in order to make the changes have effect;

  6. create the globus environment variables:
    root:# vim /etc/profile.d/globus.sh

    and paste into it the following lines:

    export GLOBUS_LOCATION=/usr/local/globus-4.0.8
    export GLOBUS_OPTIONS=-Xmx1024m
    PATH=$PATH:$GLOBUS_LOCATION/bin
    source $GLOBUS_LOCATION/etc/globus-user-env.sh

    Note: by default on Sun JVMs a 64MB maximum heap size is used. It is recommended to increase the maximum heap size of the JVM when running the container. Above we have set the maximum JVM heap size to 1024MB with the GLOBUS_OPTIONS=-Xmx1024m. To figure out a reasonable -Xmx you should ensure that the total of the -Xmx settings does not exceed the “spare” memory on your server. You can figure your “spare” memory by stopping your Java processes and starting up everything else that is normally running on your server. By running “free -m” you may know how much memory you are using. If you subtract that value from your total memory and then subtract a bit more (for safety) that will be the maximum you should allocate with -Xmx.

    Then run:

    root:# chmod +x /etc/profile.d/globus.sh
  7. create a user named “globus”:
    root:# useradd globus
    root:# passwd globus
  8. now for the Globus Toolkit installation you can choose between either procedure (1) (which will take several hours to complete) or procedure (2) (quicker).
    1. Install from the official Globus Toolkit source installer (as globus user):
      • download the Full Toolkit Source Installer from here and place it in your globus user home directory;
      • do not apply the Java 1.6 patch: despite the fact that the software prerequisites of the Globus Toolkit 4.0.x installation guide states that in order to install the toolkit from the source installer using Java 6 you must apply a given patch, unofficial sources from the gt-user mailing-list, together with our own experience, suggest that Globus Toolkit 4.0.8 doesn’t actually need this patch, because it already supports Java 6.
      • run the following commands:
        root:# mkdir /usr/local/globus-4.0.8/
        root:# chown globus. /usr/local/globus-4.0.8/
        root:# source /etc/profile.d/globus.sh
      • enter the directory where you have downloaded the installer, then run:
        globus:$ tar xjvf gt4.0.8-all-source-installer.tar.bz2
        globus:$ cd gt4.0.8-all-source-installer
        globus:$ ./configure --prefix=/usr/local/globus-4.0.8/
                                                          --with-iodbc=/usr/lib
        globus:$ make | tee installer.log


        (time for a coffee break here, the build will take over an hour, possibly longer depending on how fast your machine is)

      • if everything went fine in the end you should see “Your build completed successfully. Please run make install”; so now run:
        globus:$ make install
    2. Install from the unofficial Globus Toolkit binaries compiled by me for CentOS 5.2:
      • as root, download the Globus Toolkit CentOS 5.2 binaries from here;
      • move the downloaded file in your /user/local/ directory;
      • enter that directory and run:
        root:# tar xzvf gt4.0.8-x86_centos_5.2-installer.tar.gz
        root:# source /etc/profile.d/globus.sh
        root:# chown globus. -R globus-4.0.8/
      • then as globus user run:
        globus:$GLOBUS_LOCATION/sbin/gpt-postinstall
  9. if your machine is under a DHCP server then you must add an entry to your /etc/hosts file putting the IP address and full the hostname of the machine (e.g. 160.100.100.11 hostname.example.com)
  10. run:
    root:# vim /etc/grid-security/grid-mapfile

    copy and paste into the grid-mapfile all the distinguished names of the users and machines which are going to use your container; for example:

    "/O=Grid/OU=Monty Python/CN=Graham Chapman" graham
    "/O=Grid/OU=Monty Python/CN=John Cleese" john
    "/O=Grid/OU=Monty Python/CN=Terry Gilliam" terry
    "/O=Grid/OU=Monty Python/CN=Eric Idle" eric
    "/O=Grid/OU=Monty Python/CN=Terry Jones" terry
    "/O=Grid/OU=Monty Python/CN=Michael Palin" michael
    
    "/O=Grid/CN=host/mercury.domain.com" globus
    "/O=Grid/CN=host/venus.domain.com" globus
    "/O=Grid/CN=host/earth.domain.com" globus
    "/O=Grid/CN=host/mars.domain.com" globus
  11. do the Security set up by following these instructions;
  12. at the end of the procedure your certificates should be inside the /etc/grid-security directory and they should have the following permissions and owners:
    -rw-r--r--  1 globus globus 2710 2005-11-15 07:48 containercert.pem
    -r--------  1 globus globus  887 2005-11-15 07:48 containerkey.pem
    -rw-r--r--  1 root   root   2710 2005-11-15 07:47 hostcert.pem
    -r--------  1 root   root    887 2005-11-15 07:40 hostkey.pem

    where containercert.pem is a copy of hostcert.pem, and containerkey.pem is a copy of hostkey.pem. If the permissions or owners are not as indicated above then you can change them by running:

    root:# chown globus. containercert.pem containerkey.pem
    root:# chown root. hostcert.pem hostkey.pem
    root:# chmod 644 containercert.pem hostcert.pem
    root:# chmod 400 containerkey.pem hostkey.pem
  13. install GridFTP:
    • run:
      root:# yum install -y xinetd
    • create the file /etc/xinetd.d/gridftp and paste into it:
      service gsiftp
      {
      instances       = 100
      socket_type     = stream
      wait            = no
      user            = root
      env             += GLOBUS_LOCATION=/usr/local/globus-4.0.8
      env             += LD_LIBRARY_PATH=/usr/local/globus-4.0.8/lib
      env             += GLOBUS_TCP_PORT_RANGE=50000,55000
      server          = /usr/local/globus-4.0.8/sbin/globus-gridftp-server
      server_args     = -i
      log_on_success  += DURATION
      nice            = 10
      disable         = no
      }
    • run:
      root:# service xinetd start
  14. configure RFT:
    • run:
      root:# su postgres -c "createuser -P globus"

      when prompted answer to the questions in the following way:

      Shall the new role be a superuser? (y/n) n
      Shall the new role be allowed to create databases? (y/n) y
      Shall the new role be allowed to create more new roles? (y/n) n
    • run:
      globus:$ createdb rftDatabase
      globus:$ psql -d rftDatabase -f
                          $GLOBUS_LOCATION/share/globus_wsrf_rft/rft_schema.sql
    • open the file $GLOBUS_LOCATION/etc/globus_wsrf_rft/jndi-config.xml
    • look for the “dbConfiguration” resource and:
      • change the “password” parameter from “foo” to the one you entered when creating the user globus in PostgresSQL;
      • also check that the value of the “connectionString” parameter contains the full address of your machine (e.g. “jdbc:postgresql://machine.domain.org/rftDatabase”).
  15. configure GRAM:
    • run:
      root:# visudo

      and add the two following lines:

      globus  ALL=(username1,username2) NOPASSWD:
      /usr/local/globus-4.0.8/libexec/globus-gridmap-and-execute -g
      /etc/grid-security/grid-mapfile
      /usr/local/globus-4.0.8/libexec/globus-job-manager-script.pl *
      
      globus  ALL=(username1,username2) NOPASSWD:
      /usr/local/globus-4.0.8/libexec/globus-gridmap-and-execute -g
      /etc/grid-security/grid-mapfile
      /usr/local/globus-4.0.8/libexec/globus-gram-local-proxy-tool *

      where the user names “username1” and “username2” are to be substituted with a comma-separated list of usernames that you actually want the user “globus” to be able to sudo to (i.e. “jack,tom”). Also, make sure these two entries are each on a single line. If there are any line breaks within an entry then it won’t work.

    • to check whether GRAM is working run as normal user:
      user:$ globusrun-ws -submit -c /bin/touch touched_it

      if everything is working fine you should see something like this:

      Submitting job...Done.
      Job ID: uuid:6adb70fa-62d1-11dc-92fe-0013d46f2605
      Termination time: 09/15/2007 14:47 GMT
      Current job state: Active
      Current job state: CleanUp
      Current job state: Done
      Destroying job...Done.
  16. configure your firewall according to this extensive documentation.
    • Essentially you need to set up both the firewall of the machine where you installed Globus Toolkit and the router to which the machine is connected in order to accept traffic on ports 8443 (for the Globus Container), 2811 (for Gridftp) 8080 (for the Globus Container with no security) plus the port range set in the GLOBUS_TCP_PORT_RANGE variable in the Gridftp script (we used 50000-55000 in this tutorial). You can do that either by accepting all traffic to those ports or accepting only the one coming from known machines.
    • To see the rules currently enforced by your firewall run:
      root:# cat /etc/sysconfig/iptables
    • if the client and server of your application resides on different networks, you may get an error like the following:
      org.globus.common.ChainedIOException: Authentication failed
      [Caused by: Operation unauthorized (Mechanism level: Authorization failed.
      Expected "/CN=host/192.168.0.50" target but received "/O=KGrid/CN=host/your.globus.machine.domain.net")]

      then you need to add the following line to your /etc/hosts file

      192.168.0.50 your.globus.machine.domain.net

      where 192.168.0.50 is the local IP address of the LAN where the Globus machine is connected.

Errors reports and suggestions are more than welcome. Please leave a comment if you have faced and solved a problem which is not mentioned here or even only to say whether this tutorial has been of any help to you.

Some other installation notes for globus on CentOS can be found at this page.

Useful CentOS howtos

CentOS logo

Community ENTerprise Operating System (CentOS), is a GNU/Linux enterprise distribution, based on the freely available sources of Red Hat Enterprise Linux (RHEL) and, just as RHEL or Debian stable, CentOS is focused on stability and security.

CentOS delivers a long-term support, stable APIs and ABIs for your own software, integration of modern security technologies, backported security fixes so that updating doesn’t break anything. A new release comes out every 18 to 24 months, and each release is supported for around 7 years. With these characteristics, CentOS is an excellent desktop and server operating system for people who want a robust system that just works. Due to its heritage, CentOS is also an excellent migration path for former Fedora legacy users.

All these characteristics make CentOS the perfect operating system for University computer labs and for setting up a test Grid for educational and/or development purposes.

How to

 

  • disable the system beep edit /etc/inputrc and uncomment following line:
    # do not bell on tab-completion
    set bell-style none

    Then run:

    root:# rmmod pcspkr
  •  
     

  • install Flash Player:
    • visit http://get.adobe.com/it/flashplayer/
    • choose “YUM for Linux”;
    • click on “Accept and install now”;
    • choose to open with “Software installer”;
    • after installation go to Applications / Add/Remove Software;
    • search for “flash”;
    • check on “flash-plugin-etc…” and press “Apply”.
  •  
     

  • disable all the not necessary services (such as bluetooth, isdn, etc) run:
    root:# ntsysv
  •  
     

  • make your machine not boot in graphical mode (highly recommended if you are planning to use the machine as server only):
    root:# vim /etc/inittab

    and change the id:5:initdefault: line with id:3:initdefault:
    To start the windows manager simply run “startx” once logged in;

  •  
     

  • configure name server lookups edit your /etc/resolv.conf and add to the right of the “search” option the list of domain names to be tried separated by spaces or tabs;
  •  
     

  • to make your machine automatically install security updates with a daily basis:
    root:# vim /etc/cron.daily/yumupdate

    and paste into it

    yum update -y

    save and change its permission to:

    root:# chmod +x /etc/cron.daily/yumupdate

    this will make your machine do the update every day at 4:02am, provided it’s turned on at that time;

  •  
     

  • keep your machine system clock accurate by synchronizing it over the Internet with a daily basis:
    root:# vim /etc/cron.daily/ntpdate

    and paste into it

    ntpdate -u ntp1.inrim.it ntp2.inrim.it

    replace “ntp1.ien.it” and “ntp2.ien.it” with other NTP public servers geographically near to your machine: you can choose them here. Save and change its permission to:

    root:# chmod +x /etc/cron.daily/ntpdate

    this will make your machine do the update every day at 4:02am, provided it’s turned on at that time;

  •  
     

  • install RPMForge following these instructions;
  •  
     

  • install RAR you need to install RPMForge first, then run:
    root:# yum install -y rar
  •  
     

  • install a good LaTeX editor:
    root:# yum install tetex tetex-latex kdegraphics kile