[Go to Home]

DAS2-UvA Grid
Index
The DAS-2 Grid
Logbook (part 1)
Logbook (part 2)
Install overview
UvA DAS-2 usage

Back


Log of installing Globus and EDG services on DAS2 (fs2)

This series of steps is in chronological order. Some info that you see might be in error, but corrected in a later stage of the process. Use this information with care...

  • Copied all the EDG packages from the package repository at http://marianne.in2p3.fr/datagrid/testbed1/repositories/pkg-repository.html. Actually, I took the packages from the directory on booder.nikhef.nl:
    scp -r -p davidg@booder.nikhef.nl:/opt/local/linux/6.2/RPMS/\* .
    
    All packages ended up in /var/scratch/grid/edg/RPMS/.
    The version of Globus there is EDG-beta21 (that's Globus 2.0 beta1 with extra patches from the Globus team and with slight modifications by Anders W. and Andrew McNab for dynamic account creation etc. See changelog at http://marianne.in2p3.fr/datagrid/testbed1/globus/globus-2.0-b21.html.
    A local copy of the changelog is here, it the other one goes away: docs/changelog-edg-globus-beta21.
  • The core globus packages (from the globus2_beta21 directory) do not seem to conflict with the packages already installed on fs2. This in contrast to many of the packages in the "external" tree, i.e. the packages that are needed to run the EDG extensions like FTree, R-GMA, GDMP, etc.
    Almost all of the Globus stuff will end up in /opt/globus/, also the versions of OpenSSL, etc. Some startup scripts will go in /etc/rc.d/init.d.

    The globus2_config directory contains the special "/etc/globus.conf" setup from EDG. This will go in /etc. Gatekeeper will be configured to run as a deamon, so as not to interfere with (x)inetd config's. Also, this is the only way that the /etc/globus.conf thingy will work.

  • A no-conflicts.txt file lists all packages from Globus-beta-21 that should be installed. The file is docs/noconflicts-beta21.txt.
    [sysadm@fs2 globus2_beta21]$ rpm -vi --test `cat noconflicts-21.txt`
    Preparing packages for installation...
    [sysadm@fs2 globus2_beta21]$ 
    

    The packages from globus2_config only require Globus packages:

    [sysadm@fs2 globus2_config]$ rpm -vi --test *.rpm                   
    error: failed dependencies:
    	globus_common-anyflavor_anypgm is needed by globus_common-edgconfig-0.13-1
    	globus_core-anyflavor_anypgm is needed by globus_core-edgconfig-0.13-1
    	globus_core-anyflavor_anypgm is needed by globus_gatekeeper-edgconfig-0.13-1
    	globus_common-anyflavor_anypgm is needed by globus_gatekeeper-edgconfig-0.13-1
    	globus_gatekeeper-anyflavor_anypgm is needed by globus_gatekeeper-edgconfig-0.13-1
    	globus_gram_job_manager-anyflavor_anypgm is needed by globus_gatekeeper-edgconfig-0.13-1
    	globus_gsi_wuftpd-anyflavor_anypgm is needed by globus_gsi_wuftpd-edgconfig-0.13-1
    	globus_common-anyflavor_anypgm is needed by globus_mds-edgconfig-0.13-1
    	globus_user_env-anyflavor_data is needed by globus_profile-edgconfig-0.13-2
    [sysadm@fs2 globus2_config]$ 
    
  • So there we go, on Thu Jan 10 12:31:41 CET 2002
    Oops, now it's already Thu Jan 10 16:22:09 CET 2002
    First try it gentlky with one package:
    rpm -iv globus_core-noflavor_data-2.1-21.i386.rpm
    Preparing packages for installation...
    globus_core-noflavor_data-2.1-21
    [root@fs2 globus2_beta21]# ls -l /opt/globus/
    [root@fs2 globus2_beta21]# df -k /opt/globus/
    Filesystem           1k-blocks      Used Available Use% Mounted on
    /dev/sda2              4134932    250388   3674496   7% /
    
    And now for real:
    [root@fs2 globus2_beta21]# pwd
    /var/scratch/grid/edg/RPMS/globus2_beta21
    [root@fs2 globus2_beta21]# rpm -qa | grep globus
    globus_core-noflavor_data-2.1-21
    [root@fs2 globus2_beta21]# rpm -e globus_core-noflavor_data-2.1-21
    [root@fs2 globus2_beta21]# rpm -iv `cat ./noconflicts-21.txt`
    output log see here: docs/install-log-globus-beta21
    
  • Now for the EDG config packages. The list is in docs/noconflicts-config-edg.txt:
    [root@fs2 globus2_config]# rpm -iv --test `cat ./noconflicts.txt`
    Preparing packages for installation...
    [root@fs2 globus2_config]# rpm -iv `cat ./noconflicts.txt`
    Preparing packages for installation...
    globus_common-edgconfig-0.13-1
    globus_core-edgconfig-0.13-1
    globus_doc-edgconfig-0.13-1
    globus_gatekeeper-edgconfig-0.13-1
    globus_gsi_wuftpd-edgconfig-0.13-1
    globus_mds-edgconfig-0.13-1
    globus_profile-edgconfig-0.13-2
    

    Now, we should have all kinds of files in /etc/rc.d/init.d:

    [root@fs2 globus2_config]# ls -lctr /etc/rc.d/init.d
    ....
    -rwxr-xr-x    1 root     root        16350 Jan 10 15:35 globus-mds
    -rwxr-xr-x    1 root     root         2477 Jan 10 15:35 globus-gsi_wuftpd
    -rwxr-xr-x    1 root     root        10329 Jan 10 15:35 globus-gatekeeper
    [root@fs2 globus2_config]# ls -lctr /etc/xinetd.d/   
    ....
    -rw-r--r--    1 root     root          400 Jan 10 15:35 globus-gatekeeper
    [root@fs2 globus2_config]# ls -ltrc /etc
    ....
    drwxr-xr-x    2 ntp      ntp          4096 Jan 10 15:14 ntp
    drwxr-xr-x    2 root     root         4096 Jan 10 15:35 mrtg
    drwxr-xr-x    2 root     root         4096 Jan 10 15:35 xinetd.d
    drwxr-xr-x    2 root     root         4096 Jan 10 15:35 profile.d
    [root@fs2 globus2_config]# ls -ltrc /etc/profile.d/
    ....
    -rwxr-xr-x    1 root     root          344 Jan 10 15:35 globus.sh
    -rwxr-xr-x    1 root     root          736 Jan 10 15:35 globus.csh
    
    (Remember that the globus-gatekeeper entry in (x)inetd is not used, because it would ignore the /etc/globus.conf file).
  • The default /etc/globus.conf file that you get from the packages is stored in /opt/globus/share/doc/globus.conf.template.
  • Now some very basic EDG utilities (mkgridmap et al.):
    [root@fs2 WP6]# cat noconflicts.txt 
    edg-mkgridmap-1.0.5-1.i386.rpm
    edg-user-env-0.1-1.noarch.rpm
    edg-utils-1.0.11-1.noarch.rpm
    [root@fs2 WP6]# rpm -iv `cat ./noconflicts.txt` 
    error: failed dependencies:
    	perl(Convert::ASN1) is needed by edg-mkgridmap-1.0.5-1
    	perl(Net::SSLeay) is needed by edg-mkgridmap-1.0.5-1
    	perl(Net::LDAP) is needed by edg-mkgridmap-1.0.5-1
    	perl(Net::LDAPS) is needed by edg-mkgridmap-1.0.5-1
    	perl(IO::Socket::SSL) is needed by edg-mkgridmap-1.0.5-1
    
    So first some new perl packages:
    [root@fs2 external]# cat core-perl.txt
    perl-Convert-ASN1-0.07-10.i386.rpm
    perl-Net_SSLeay-1.08-1.i386.rpm
    perl-perl-ldap-0.22-10.i386.rpm
    perl-IO-Socket-SSL-0.76-10.i386.rpm
    [root@fs2 external]# rpm -iv `cat ./core-perl.txt`
    Preparing packages for installation...
    perl-Convert-ASN1-0.07-10
    perl-Net_SSLeay-1.08-1
    perl-perl-ldap-0.22-10
    perl-IO-Socket-SSL-0.76-10
    
    And again:
    [root@fs2 WP6]# rpm -iv `cat ./noconflicts.txt`
    Preparing packages for installation...
    edg-mkgridmap-1.0.5-1
    edg-user-env-0.1-1
    edg-utils-1.0.11-1
    [root@fs2 WP6]# 
    [root@fs2 WP6]# ls -ltrc /etc/rc.d/init.d/
    ....
    -rwxr-xr-x    1 root     root          997 Jan 10 16:02 edg-gridmapfile-upgraded
    -rwxr-xr-x    1 root     root          906 Jan 10 16:02 edg-crl-upgraded
    
  • Now the CA certificates and signing files:
    [root@fs2 security]# rpm -iv `cat noconflicts.txt`
    Preparing packages for installation...
    ca_CERN-0.4-1
    ca_CESNET-0.4-1
    ca_CNRS-0.4-1
    ca_CNRS-DataGrid-0.4-1
    ca_CNRS-Projets-0.4-1
    ca_Grid-Ireland-0.4-1
    ca_GridPP-0.4-1
    ca_INFN-0.4-1
    ca_LIP-0.4-1
    ca_NIKHEF-0.4-1
    ca_NorduGrid-0.4-1
    ca_Russia-0.4-1
    ca_Spain-0.4-1
    
    And merge all the signing-policy files for legacy apps:
    [root@fs2 security]# cd /etc/grid-security/certificates
    [root@fs2 certificates]# cat *signing_policy > ca-signing-policy.conf
    
  • create directory for "gridmapdir" style leased accounts. This directory will be shared by all systems that accept GSI incoming connections. There are no accounts to be configured, yet.
    [root@fs2 grid-security]# mkdir gridmapdir
    
    But we also add some local users in /opt/edg/etc/grid-mapfile-local:
    "/O=dutchgrid/O=users/O=nikhef/CN=David Groep" sysadmin
    
    And modify /opt/edg/etc/mkgridmap.conf to process this local file.

    Since the perl modules ended up in the wrong place (5.005 instead of 5.6.0), I temporarily added to the environment:

    export PERL5LIB=/usr/lib/perl5/site_perl/5.005/i386-linux:/usr/lib/perl5/site_perl/5.005
    
    If you would run it "as is", all kinds of local user names get generated base don the subject name. For now, I disable all VO's. I ran "/opt/edg/sbin/edg-gridmapfile-upgrade" and interrupted it after writing the first mapfile.
  • Host certificate: in directory /var/scratch/grid/certs/host, put the generated script makecert.sh. Requested a cert at ca@nikhef.nl, got it back and copied the three files (with proper permissions) to /opt/globus/etc/. Made symlinks to those from /etc/grid-security.
  • Tried to run a job from triode on fs2, but now the time setting is not correct (globus-gatekeeper.log complains). You MUST run ntp. So, added on the top of /etc/ntp.conf:
    server frodo.nikhef.nl
    server bilbo.nikhef.nl
    
    and restarted ntpd using /etc/rc.d/init.d/ntpd restart. Had to set time by hand first:
    [root@fs2 grid-security]# date
    Thu Jan 10 17:07:51 CET 2002
    [root@fs2 grid-security]# ntpdate -u bilbo.nikhef.nl
    10 Jan 18:13:59 ntpdate[15661]: step time server 192.16.199.131 offset 3953.026382 sec
    [root@fs2 grid-security]# ntpdate -u bilbo.nikhef.nl
    10 Jan 18:14:04 ntpdate[15662]: adjust time server 192.16.199.131 offset 0.000827 sec
    [root@fs2 grid-security]# date
    Thu Jan 10 18:14:07 CET 2002
    [root@fs2 grid-security]# less /etc/sysconfig/clock 
    [root@fs2 grid-security]# hwclock --systohc
    
  • Again:
    triode:davidg:1006$ globus-job-run fs2.das2.nikhef.nl /usr/bin/id -a
    GRAM Job submission failed because the gatekeeper failed to run the job manager (error code 47)
    triode:davidg:1007$ 
    
    and in the gatekeeper log:
    GRAM contact: fs2.das2.nikhef.nl:2119:/O=dutchgrid/O=hosts/OU=nikhef.nl/CN=fs2.das2.nikhef.nl
    Notice: 6: Got connection 192.16.199.115 at Thu Jan 10 18:15:35 2002
    
    Notice: 5: Authenticated globus user: /O=dutchgrid/O=users/O=nikhef/CN=David Groep
    Notice: 0: GRID_SECURITY_HTTP_BODY_FD=6
    Notice: 5: Requested service: jobmanager 
    Notice: 5: Authorized as local user: sysadmin
    Failure: getpwname() failed to find sysadmin
    Failure: getpwname() failed to find sysadmin
    
    So, there's a type in the grid-mapfile. Corrected it now in /opt/edg/.... and run the mkgridmap again.

    And a new try yields:

    triode:davidg:1007$ globus-job-run fs2.das2.nikhef.nl /usr/bin/id -a
    uid=500(sysadm) gid=500(sysadm) groups=500(sysadm)
    
    So this works!
  • Continue tomorrow...... The current globus.conf is globus.conf-20010110.


Comments to David Groep