The DAS-2 Grid
Logbook (part 1)
Logbook (part 2)
UvA DAS-2 usage
Installing Globus and EDG services on DAS2 (fs2)
Follow this series of steps to install core Globus and EDG services
on a DAS2 frontend (file server).
If you have problems when installing globus or have comments/suggestions
regarding this quick-guide, please contact
David Groep <firstname.lastname@example.org>.
Get all relevant RPMS from the repository. A snapshot of the full WP6 RPM
repository (which is maintained on marianne.in2p3.fr) can be
found in this directory
and from the release-bundle overview.
The directory contains all RPMS that were installed on fs2.das2.nikhef.nl to
get the Grid software running. All files are collapsed into one directory.
The RPMs in the repository are grouped into five sets:
These rpmlists can also be found in the repository directory.
- EDG certification authorities
- Perl5 modules needed to run the EDG utilities
- EDG WP6 utilities to generate grid-mapfiles and CRL updates
- Globus 2.0 EDG-beta-21
- EDG Globus configuration tools and globus.conf
Install the RPM sets in the following order:
If you are installing these on a "plain" RedHat 7.2 system, you will
also need the "old" ncurses rpm
If you want to build Globus-based applications on this system
using the makefile generator provided by GPT, also install
the GPT rpm (i386 and
Create a directory /etc/grid-security if is does not already exist.
chown root:root grid-security
chown root:root grid-security/certificates
Create the compatibility signing-policy file for Globus 1.1.3. This
has to be done every time a CA policy changes or a new CA RPM
cat *signing_policy > ca-signing-policy.conf
Generate a directory for leased accounts. This directory as to be
global within the administrative domain in which the leased accounts
are used. If you have multiple front-end nodes, you must export
this directory using NFS:
chown root:root /etc/grid-security/gridmapdir
and generate empty files named after all your leased accounts. E.g.
if you would have accounts "test001", "test002",...,"test020", you
or something a bit more clever (make a script).
Configure your mkgridmap utility. The configuration file is
Please modify the example provided for your own administrative domain.
To test it, add the relevant PERL modules to your path and run
If you are happy with this service, add the PERL environment to
If you have "local" users to add to your grid-mapfile, do su
in mkgridmap.conf using the gmf_local directive.
Also configure any VO groups that you want to give access to your
resources. If you use the AUTO login-name generation,
names will the concatanation of all initials in the user's
certificate subject, followed by the complete surname. So,
"David Groep" will be local user "dgroep". This behaviour can
be modified in the "subject2user" script.
Add the perl line also to the top in
/etc/rc.d/init.d/edg-crl-upgraded. This script will
periodically retrieve the latest CRLs from the CA repositories.
Make sure your system clock is synchronized with the rest of the world,
preferably using (x)ntpd. Pick a local, reliable time server and
ntpdate -u timehost.mydomain
hwclock --systohc [--utc]
Acquire a host certificate for your gatekeeper and GridFTP service.
The subject name (DN) should be something like
O=dutchgrid, O=hosts, OU=nikhef.nl, CN=fs2.das2.nikhef.nl.
Go to the DutchGrid CA site at
and request a "host" certificate appropriate for your domain.
Please follow the instructions there about requesting a cert, mailing the
request and submitting to authorization of your request. The
private key you generate must be kep secure, so immediately
set the umask to 400 and ownership to root if it is not like that
After authentication, you will receive a signed host certificate.
You put both key (mode 400) and host cert (mode 444) in
the directory /opt/globus/etc/, named "hostkey.pem" and
Then, make symlinks from the /etc/grid-security directory:
ln -s /opt/globus/etc/hostcert.pem
ln -s /opt/globus/etc/hostkey.pem
Configure your Globus install using /etc/globus.conf. The template
for this file is already on your system and can be found at
The main entries required for a full
globus service (gatekeeper, GridFTP, MDS/GIS) are in
in this example.
Modify at least the following variables to reflext your local situation:
GLOBUS_HOST_DN="hn=fs2.das2.nikhef.nl, dc=das2, dc=nikhef, dc=nl, o=Grid"
GLOBUS_ORG_DN="dc=das2, dc=nikhef, dc=nl, o=Grid"
Remember that a local user called "globus" must exist; the MDS
services will be run by this user.
You will be configuring a "fork" and "pbs" job manager, a gsi-wuftpd
GridFTP service and a GRIS service registering (anonymously) to the central
GIIS at fs2.das2.nikhef.nl.
Add the Globus and EDG services to the system startup sequence:
chkconfig globus-mds on
chkconfig globus-gatekeeper on
chkconfig globus-gsi_wuftpd on
chkconfig edg-gridmapfile-upgraded on
chkconfig edg-crl-upgraded on
and start all these services from /etc/rc.d/init.d/....
- Test the setup from a remote system using your own grid credentials.
Add your subjectname to the grid-mapfile if necessary for testing.
Comments to David Groep