Documenting here, steps followed in installing Globus Toolkit - 4.0.

8 version on
cheaha.uabgrid.uab.edu
=== Software Pre-requisites ===
{{{
[root@cheaha opt]# rpm -qa | grep java
java3d-1.5.1-0
rocks-java-5.0-0
java-1.4.2-gcj-compat-1.4.2.0-40jpp.112
javacc-4.0-3jpp.3
[root@cheaha opt]# rpm -qa | grep zlib
zlib-1.2.3-3
zlib-devel-1.2.3-3
zlib-1.2.3-3
[root@cheaha ~]# ant -version
Apache Ant version 1.6.5 compiled on June 2 2005
[root@cheaha ~]# gcc --version
gcc (GCC) 4.1.2 20070626 (Red Hat 4.1.2-14)
[root@cheaha ~]# g++ --version
g++ (GCC) 4.1.2 20070626 (Red Hat 4.1.2-14)
[root@cheaha ~]# tar --version
tar (GNU tar) 1.15.1
[root@cheaha ~]# make --version
GNU Make 3.81
[root@cheaha ~]# sed --version
GNU sed version 4.1.5
[root@cheaha ~]# perl --version
This is perl, v5.8.8 built for x86_64-linux-thread-multi
[root@cheaha ~]# sudo -V
Sudo version 1.6.8p12
[root@cheaha ~]# rpm -qa | grep mysql
mysql-5.0.22-2.2.el5_1.1
php-mysql-5.1.6-15.el5
mysql-5.0.22-2.2.el5_1.1
foundation-mysql-5.0.37-0
mysql-server-5.0.22-2.2.el5_1.1
mysql-devel-5.0.22-2.2.el5_1.1
mysql-devel-5.0.22-2.2.el5_1.1
[root@cheaha ~]# rpm -qa | grep postgresql
postgresql-libs-8.1.11-1.el5_1.1
}}}
=== Building the Toolkit ===
* As '''root''' do the following
{{{
mkdir /opt/gt-4.0.8
cd /opt
ln -s globus-4.0.8 globus
chown globus:globus /opt/gt-4.0.8/
}}}
* As '''globus''' user do the following
{{{
[ppreddy@cheaha ~]$ sudo su - globus
Password:
It doesn't appear that you have set up your ssh key.
This process will make the files:
/opt/globus/.ssh/id_rsa.pub
/opt/globus/.ssh/id_rsa
/opt/globus/.ssh/authorized_keys
Generating public/private rsa key pair.
Enter file in which to save the key (/opt/globus/.ssh/id_rsa):
Created directory '/opt/globus/.ssh'.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /opt/globus/.ssh/id_rsa.
Your public key has been saved in /opt/globus/.ssh/id_rsa.pub.
The key fingerprint is:
c7:82:6b:8c:cf:75:e3:89:81:b5:7d:0d:c9:73:c3:aa globus@cheaha.uabgrid.uab.edu
mkdir src dist
cd dist
wget http://www-unix.globus.org/ftppub/gt4/4.0/4.0.8/installers/src/gt4.0.8-all-
source-installer.tar.bz2
cd ../src/
bunzip2 ../dist/gt4.0.8-all-source-installer.tar.bz2
tar -xvf ../dist/gt4.0.8-all-source-installer.tar
}}}
* Before building the toolkit, check build environment i.e., check for PATH and
LD_LIBRARY_PATH environment variables
{{{
PATH=$JAVA_HOME/bin:$ANT_HOME/bin:/bin:/usr/bin
unset LD_LIBRARY_PATH
export GLOBUS_LOCATION=/opt/globus
}}}
* Now we are ready to begin the build
{{{
cd ~src/gt4.0.8-all-source-installer/
./configure --prefix=$GLOBUS_LOCATION
make | tee build.log
make install | tee install.log
}}}
* The last few lines of '''install.log'''
{{{
Reading gatekeeper configuration file...
Warning: Host cert file: /etc/grid-security/hostcert.pem not found. Re-run
setup-globus-gram-job-manager after installing host cert file.
Determining system information...
Creating job manager configuration file...
Done
..Done
running /opt/globus/setup/globus/setup-globus-job-manager-fork..[ Changing to /o
pt/globus/setup/globus ]
find-fork-tools: WARNING: "Cannot locate mpiexec"
find-fork-tools: WARNING: "Cannot locate mpirun"
checking for mpiexec... no
checking for mpirun... no
find-fork-tools: creating ./config.status
config.status: creating fork.pm
..Done
}}}
As given in http://dev.uabgrid.uab.edu/uabgrid-stage/wiki/BuildTheStage#InstallG
lobus, ignoring the above two warnings, but should do the following suggested st
ep after creation of/etc/grid-security/hostcert.pem '''Re-run setup-globus-gram-
job-manager after installing host cert file'''.
=== Security Configuration of Globus ===
* Ref: http://www.globus.org/toolkit/docs/4.0/admin/docbook/ch06.html
1. As root, set GLOBUS_LOCATION and source $GLOBUS_LOCATION/etc/globus-user-env
.sh
{{{
[root@cheaha ~]# export GLOBUS_LOCATION=/opt/globus
[root@cheaha ~]# . $GLOBUS_LOCATION/etc/globus-user-env.sh
[root@cheaha ~]# echo $GLOBUS_LOCATION
/opt/globus
[root@cheaha ~]# globus-version
4.0.8
}}}
2. Obtain host certificate: [http://www.globus.org/toolkit/docs/4.0/admin/docbo
ok/ch06.html#s-basic-host]. Host certificates must:
* consist of the following two files: hostcert.pem and hostkey.pem
* be in the appropriate directory for secure services: /etc/grid-security/
* be for a machine which has a consistent name in DNS; you should not run it o
n a computer using DHCP where a different name could be assigned to your compute
r.[[BR]]
The available options are:
* Request a certificate from an existing CA
* SimpleCA
* Low-trust certificate[[BR]]
As given in http://dev.uabgrid.uab.edu/uabgrid-stage/wiki/BuildTheStage#HostId
entity, UABGrid has an established CA.[[BR]]
So, following steps from http://uabgrid.uab.edu/node/25 in setting up the host
identity. First created an openssl.conf file (just copied the contents within t
he page) on my $HOME dir. Then created a '''stage.uabgrid.uab.edu.csr''' with th
e command mentioned in the same page. By executing the openssl command, '''hostk
ey.pem''' file will be generated. Changed the permissions on hostkey.pem to 400.
[[BR]]
So, now we need '''hostcert.pem''', which is issued by ''jpr@uab.edu'' for UAB
Grid CA. So, mailing him the '''stage.uabgrid.uab.edu.csr''', received the '''ho
stcert.pem''' back. Now as '''root''' copied these to /etc/grid-security
{{{
mkdir -p /etc/grid-security/certificates/
mv /home/ppreddy/hostkey.pem /etc/grid-security
mv home/ppreddy/hostcert.pem /etc/grid-security
chown root.root /etc/grid-security/hostkey.pem /etc/grid-security/hostcert.pem
chmod 400 /etc/grid-security/hostkey.pem
chmod 444 /etc/grid-security/hostcert.pem
}}}
* Once the Host identity is in place a /etc/grid-security, its time to make th
e host credentials accessible by the container [http://www.globus.org/toolkit/do
cs/4.0/admin/docbook/ch06.html#s-basic-containercert]. As root run
{{{
cd /etc/grid-security
cp hostkey.pem containerkey.pem
cp hostcert.pem containercert.pem
chown globus.globus containerkey.pem containercert.pem
}}}
3. Adding Authorization [http://www.globus.org/toolkit/docs/4.0/admin/docbook/c
h06.html#s-basic-gridmap]
* As root, created /etc/grid-security/grid-mapfile and entered the following l
ines for user ''ppreddy''
{{{
"/C=US/ST=Alabama/L=Birmingham/O=University of Alabama at Birmingham/OU=UABgrid/
CN=ppreddy@uab.edu/Email=ppreddy@uab.edu" ppreddy
"/C=US/ST=Alabama/L=Birmingham/O=University of Alabama at Birmingham/OU=UABgrid/
CN=ppreddy@uab.edu/emailAddress=ppreddy@uab.edu" ppreddy
"/C=US/ST=Alabama/L=Birmingham/O=University of Alabama at Birmingham/OU=UABgrid/
CN=ppreddy@uab.edu/E=ppreddy@uab.edu" ppreddy
}}}
* The email address in the last line conforms to the latest Globus Toolkit - 4.
2 version.
* Installed usercert.pem and userkey.pem certificates in '''$HOME/.globus''' di
r by
* Trusting the UABGrid certificate http://docs.uabgrid.uab.edu/index.php/Trust
_UABgrid_CA
* Registering with UABGrid http://vo.uabgrid.uab.edu/sympa
* Getting the personal certificate https://ca.uabgrid.uab.edu/user/custom_requ
est_cert.php
* Downloading the personal certificate https://ca.uabgrid.uab.edu/user/manage_
cert.php
* Next downloaded the UAB bridge certificate from https://www.pki.virginia.edu/
nmi-bridge/certs/
{{{
As root
cd /etc/grid-security/certificates
wget https://www.pki.virginia.edu/nmi-bridge/certs/UAB-root.crt
wget https://www.pki.virginia.edu/nmi-bridge/certs/56498486.signing_policy
cp UAB-root.crt 56498486.0
}}}
After doing the above steps, was able to create a user proxy successfully with
grid-proxy-init command
{{{
[ppreddy@cheaha ~]$ grid-proxy-init -verify -debug
User Cert File: /home/ppreddy/.globus/usercert.pem
User Key File: /home/ppreddy/.globus/userkey.pem
Trusted CA Cert Dir: /etc/grid-security/certificates
Output File: /tmp/x509up_u2018
Your identity: /C=US/ST=Alabama/L=Birmingham/O=University of Alabama at Birmingh
am/OU=UABgrid/CN=ppreddy@uab.edu/emailAddress=ppreddy@uab.edu
Enter GRID pass phrase for this identity:
Creating proxy .........++++++++++++
...........++++++++++++
Done
Proxy Verify OK
Your proxy is valid until: Fri Oct 3 03:18:09 2008
}}}
=== User environment configuration ===
* Added the following lines to /etc/profile.d/globus.sh and /etc/profile.d/glob
us.csh
{{{
export GLOBUS_HOSTNAME=`hostname --fqdn`
export GLOBUS_TCP_PORT_RANGE=45000,45999
export GPT_LOCATION=/opt/globus
}}}
* As root create /etc/profile.d/myproxy.sh with
{{{
export MYPROXY_SERVER=myproxy.uabgrid.uab.edu
}}}
=== System Services Configuration ===
* Ref: http://dev.uabgrid.uab.edu/uabgrid-stage/wiki/BuildTheStage#SystemServ
icesConfiguration

=== References ===

* http://globus.org/toolkit/downloads/4.0.8/
* http://globus.org/toolkit/docs/4.0/admin/docbook/index.html
* http://globus.org/toolkit/docs/4.0/admin/docbook/quickstart.html#q-intro