-
Copied all the EDG packages from the package repository at
http://marianne.in2p3.fr/datagrid/testbed1/repositories/pkg-repository.html. Actually, I took the packages from the directory
on booder.nikhef.nl:
scp -r -p davidg@booder.nikhef.nl:/opt/local/linux/6.2/RPMS/\* .
All packages ended up in /var/scratch/grid/edg/RPMS/.
The version of Globus there is EDG-beta21 (that's Globus 2.0 beta1 with
extra patches from the Globus team and with slight modifications by
Anders W. and Andrew McNab for dynamic account creation etc.
See changelog at
http://marianne.in2p3.fr/datagrid/testbed1/globus/globus-2.0-b21.html.
A local copy of the changelog is here, it the other one goes away:
docs/changelog-edg-globus-beta21.
-
The core globus packages (from the globus2_beta21 directory) do
not seem to conflict with the packages already installed on fs2.
This in contrast to many of the packages in the "external" tree,
i.e. the packages that are needed to run the EDG extensions like
FTree, R-GMA, GDMP, etc.
Almost all of the Globus stuff will end up in /opt/globus/,
also the versions of OpenSSL, etc. Some startup scripts will
go in /etc/rc.d/init.d.
The globus2_config directory contains the special
"/etc/globus.conf" setup from EDG. This will go in /etc.
Gatekeeper will be configured to run as a deamon, so as not
to interfere with (x)inetd config's. Also, this is the
only way that the /etc/globus.conf thingy will work.
-
A no-conflicts.txt file lists all packages from Globus-beta-21
that should be installed. The file is
docs/noconflicts-beta21.txt.
[sysadm@fs2 globus2_beta21]$ rpm -vi --test `cat noconflicts-21.txt`
Preparing packages for installation...
[sysadm@fs2 globus2_beta21]$
The packages from globus2_config only require Globus packages:
[sysadm@fs2 globus2_config]$ rpm -vi --test *.rpm
error: failed dependencies:
globus_common-anyflavor_anypgm is needed by globus_common-edgconfig-0.13-1
globus_core-anyflavor_anypgm is needed by globus_core-edgconfig-0.13-1
globus_core-anyflavor_anypgm is needed by globus_gatekeeper-edgconfig-0.13-1
globus_common-anyflavor_anypgm is needed by globus_gatekeeper-edgconfig-0.13-1
globus_gatekeeper-anyflavor_anypgm is needed by globus_gatekeeper-edgconfig-0.13-1
globus_gram_job_manager-anyflavor_anypgm is needed by globus_gatekeeper-edgconfig-0.13-1
globus_gsi_wuftpd-anyflavor_anypgm is needed by globus_gsi_wuftpd-edgconfig-0.13-1
globus_common-anyflavor_anypgm is needed by globus_mds-edgconfig-0.13-1
globus_user_env-anyflavor_data is needed by globus_profile-edgconfig-0.13-2
[sysadm@fs2 globus2_config]$
-
So there we go, on Thu Jan 10 12:31:41 CET 2002
Oops, now it's already Thu Jan 10 16:22:09 CET 2002
First try it gentlky with one package:
rpm -iv globus_core-noflavor_data-2.1-21.i386.rpm
Preparing packages for installation...
globus_core-noflavor_data-2.1-21
[root@fs2 globus2_beta21]# ls -l /opt/globus/
[root@fs2 globus2_beta21]# df -k /opt/globus/
Filesystem 1k-blocks Used Available Use% Mounted on
/dev/sda2 4134932 250388 3674496 7% /
And now for real:
[root@fs2 globus2_beta21]# pwd
/var/scratch/grid/edg/RPMS/globus2_beta21
[root@fs2 globus2_beta21]# rpm -qa | grep globus
globus_core-noflavor_data-2.1-21
[root@fs2 globus2_beta21]# rpm -e globus_core-noflavor_data-2.1-21
[root@fs2 globus2_beta21]# rpm -iv `cat ./noconflicts-21.txt`
output log see here: docs/install-log-globus-beta21
-
Now for the EDG config packages. The list is in docs/noconflicts-config-edg.txt:
[root@fs2 globus2_config]# rpm -iv --test `cat ./noconflicts.txt`
Preparing packages for installation...
[root@fs2 globus2_config]# rpm -iv `cat ./noconflicts.txt`
Preparing packages for installation...
globus_common-edgconfig-0.13-1
globus_core-edgconfig-0.13-1
globus_doc-edgconfig-0.13-1
globus_gatekeeper-edgconfig-0.13-1
globus_gsi_wuftpd-edgconfig-0.13-1
globus_mds-edgconfig-0.13-1
globus_profile-edgconfig-0.13-2
Now, we should have all kinds of files in /etc/rc.d/init.d:
[root@fs2 globus2_config]# ls -lctr /etc/rc.d/init.d
....
-rwxr-xr-x 1 root root 16350 Jan 10 15:35 globus-mds
-rwxr-xr-x 1 root root 2477 Jan 10 15:35 globus-gsi_wuftpd
-rwxr-xr-x 1 root root 10329 Jan 10 15:35 globus-gatekeeper
[root@fs2 globus2_config]# ls -lctr /etc/xinetd.d/
....
-rw-r--r-- 1 root root 400 Jan 10 15:35 globus-gatekeeper
[root@fs2 globus2_config]# ls -ltrc /etc
....
drwxr-xr-x 2 ntp ntp 4096 Jan 10 15:14 ntp
drwxr-xr-x 2 root root 4096 Jan 10 15:35 mrtg
drwxr-xr-x 2 root root 4096 Jan 10 15:35 xinetd.d
drwxr-xr-x 2 root root 4096 Jan 10 15:35 profile.d
[root@fs2 globus2_config]# ls -ltrc /etc/profile.d/
....
-rwxr-xr-x 1 root root 344 Jan 10 15:35 globus.sh
-rwxr-xr-x 1 root root 736 Jan 10 15:35 globus.csh
(Remember that the globus-gatekeeper entry in (x)inetd is not used,
because it would ignore the /etc/globus.conf file).
-
The default /etc/globus.conf file that you get from the packages
is stored in /opt/globus/share/doc/globus.conf.template.
-
Now some very basic EDG utilities (mkgridmap et al.):
[root@fs2 WP6]# cat noconflicts.txt
edg-mkgridmap-1.0.5-1.i386.rpm
edg-user-env-0.1-1.noarch.rpm
edg-utils-1.0.11-1.noarch.rpm
[root@fs2 WP6]# rpm -iv `cat ./noconflicts.txt`
error: failed dependencies:
perl(Convert::ASN1) is needed by edg-mkgridmap-1.0.5-1
perl(Net::SSLeay) is needed by edg-mkgridmap-1.0.5-1
perl(Net::LDAP) is needed by edg-mkgridmap-1.0.5-1
perl(Net::LDAPS) is needed by edg-mkgridmap-1.0.5-1
perl(IO::Socket::SSL) is needed by edg-mkgridmap-1.0.5-1
So first some new perl packages:
[root@fs2 external]# cat core-perl.txt
perl-Convert-ASN1-0.07-10.i386.rpm
perl-Net_SSLeay-1.08-1.i386.rpm
perl-perl-ldap-0.22-10.i386.rpm
perl-IO-Socket-SSL-0.76-10.i386.rpm
[root@fs2 external]# rpm -iv `cat ./core-perl.txt`
Preparing packages for installation...
perl-Convert-ASN1-0.07-10
perl-Net_SSLeay-1.08-1
perl-perl-ldap-0.22-10
perl-IO-Socket-SSL-0.76-10
And again:
[root@fs2 WP6]# rpm -iv `cat ./noconflicts.txt`
Preparing packages for installation...
edg-mkgridmap-1.0.5-1
edg-user-env-0.1-1
edg-utils-1.0.11-1
[root@fs2 WP6]#
[root@fs2 WP6]# ls -ltrc /etc/rc.d/init.d/
....
-rwxr-xr-x 1 root root 997 Jan 10 16:02 edg-gridmapfile-upgraded
-rwxr-xr-x 1 root root 906 Jan 10 16:02 edg-crl-upgraded
-
Now the CA certificates and signing files:
[root@fs2 security]# rpm -iv `cat noconflicts.txt`
Preparing packages for installation...
ca_CERN-0.4-1
ca_CESNET-0.4-1
ca_CNRS-0.4-1
ca_CNRS-DataGrid-0.4-1
ca_CNRS-Projets-0.4-1
ca_Grid-Ireland-0.4-1
ca_GridPP-0.4-1
ca_INFN-0.4-1
ca_LIP-0.4-1
ca_NIKHEF-0.4-1
ca_NorduGrid-0.4-1
ca_Russia-0.4-1
ca_Spain-0.4-1
And merge all the signing-policy files for legacy apps:
[root@fs2 security]# cd /etc/grid-security/certificates
[root@fs2 certificates]# cat *signing_policy > ca-signing-policy.conf
-
create directory for "gridmapdir" style leased accounts.
This directory will be shared by all systems that accept
GSI incoming connections. There are no accounts to be configured, yet.
[root@fs2 grid-security]# mkdir gridmapdir
But we also add some local users in /opt/edg/etc/grid-mapfile-local:
"/O=dutchgrid/O=users/O=nikhef/CN=David Groep" sysadmin
And modify /opt/edg/etc/mkgridmap.conf
to process this local file.
Since the perl modules ended up in the wrong place (5.005 instead of 5.6.0),
I temporarily added to the environment:
export PERL5LIB=/usr/lib/perl5/site_perl/5.005/i386-linux:/usr/lib/perl5/site_perl/5.005
If you would run it "as is", all kinds of local user names get generated
base don the subject name. For now, I disable all VO's.
I ran "/opt/edg/sbin/edg-gridmapfile-upgrade" and interrupted it after
writing the first mapfile.
-
Host certificate: in directory /var/scratch/grid/certs/host,
put the generated script makecert.sh.
Requested a cert at ca@nikhef.nl, got it back and copied
the three files (with proper permissions) to /opt/globus/etc/.
Made symlinks to those from /etc/grid-security.
-
Tried to run a job from triode on fs2, but now the time
setting is not correct (globus-gatekeeper.log complains).
You MUST run ntp.
So, added on the top of /etc/ntp.conf:
server frodo.nikhef.nl
server bilbo.nikhef.nl
and restarted ntpd using /etc/rc.d/init.d/ntpd restart.
Had to set time by hand first:
[root@fs2 grid-security]# date
Thu Jan 10 17:07:51 CET 2002
[root@fs2 grid-security]# ntpdate -u bilbo.nikhef.nl
10 Jan 18:13:59 ntpdate[15661]: step time server 192.16.199.131 offset 3953.026382 sec
[root@fs2 grid-security]# ntpdate -u bilbo.nikhef.nl
10 Jan 18:14:04 ntpdate[15662]: adjust time server 192.16.199.131 offset 0.000827 sec
[root@fs2 grid-security]# date
Thu Jan 10 18:14:07 CET 2002
[root@fs2 grid-security]# less /etc/sysconfig/clock
[root@fs2 grid-security]# hwclock --systohc
-
Again:
triode:davidg:1006$ globus-job-run fs2.das2.nikhef.nl /usr/bin/id -a
GRAM Job submission failed because the gatekeeper failed to run the job manager (error code 47)
triode:davidg:1007$
and in the gatekeeper log:
GRAM contact: fs2.das2.nikhef.nl:2119:/O=dutchgrid/O=hosts/OU=nikhef.nl/CN=fs2.das2.nikhef.nl
Notice: 6: Got connection 192.16.199.115 at Thu Jan 10 18:15:35 2002
Notice: 5: Authenticated globus user: /O=dutchgrid/O=users/O=nikhef/CN=David Groep
Notice: 0: GRID_SECURITY_HTTP_BODY_FD=6
Notice: 5: Requested service: jobmanager
Notice: 5: Authorized as local user: sysadmin
Failure: getpwname() failed to find sysadmin
Failure: getpwname() failed to find sysadmin
So, there's a type in the grid-mapfile. Corrected it now in /opt/edg/....
and run the mkgridmap again.
And a new try yields:
triode:davidg:1007$ globus-job-run fs2.das2.nikhef.nl /usr/bin/id -a
uid=500(sysadm) gid=500(sysadm) groups=500(sysadm)
So this works!
-
Continue tomorrow......
The current globus.conf is globus.conf-20010110.