GRID storage access tools installation

:!: Several sections in this page are deprecated or obsolete. In particular, users are advised to avoid SRM clients and globus client software and instead look into using the gfal client library and command line tools. SURF provides good documentation on usage of grid storage client software.

This page describes the procedure to set up the tools for working directly on the srm storage. You may want to consider using the staging and download services provided by Astron if you just want to retrieve data from the archive: following documentation was developed for the installation of a GRID tools and certificates on an Ubuntu 12.04 system using a bash shell (using .bashrc as a configuration script). We have not tested the installation using csh derivatives but it is to be expected that not all scripts will work. Thanks to Martin van den Akker for providing notes of his installation procedure.

Sites that provide packages and further information on installation of grid middleware on linux based systems:

NB We have tested the installation as described below only on Ubuntu 12 and CentOS 7. Please let us know if you have feedback or if you can contribute instructions on installations in different environments. You might also first need to obtain a GRID certificate.

Note: all installations require root permissions.

The file transfer tools from the Globus package are needed, most importantly globus-url-copy:


sudo apt-get install globus-gass-copy-progs


sudo yum install globus-gass-copy-progs

The VOMS tools for logging in and user account management:


sudo apt-get install voms-clients


sudo yum install voms-clients-cpp

Execute the following commands to install the certificates from the site of the European Grid Infrastructure (EGI) (root permissions are required).


Note 2021-05-19: newer versions of Ubuntu require to first add the appropriate GPG key for the EGI repository:

wget -q -O - | sudo apt-key add -
sudo add-apt-repository 'deb egi-igtf core'
sudo apt-get update
sudo apt-get install ca-policy-egi-core


sudo mv EGI-trustanchors.repo /etc/yum.repos.d/
sudo yum install ca-policy-egi-core

The SRM tools are needed to communicate with the storage management system.

  1. Download srmtools
  2. Extract and install the srmtools, e.g. in /opt/
    This will create a subdirectory, e.g. srmclient-2.6.28, containing the required files.
    Note that the srm package may be installed anywhere (e.g. in your home directory).
  3. Set the relevant environment path variables, e.g. in .bashrc (modify version number if applicable):
    export SRM_PATH=<Install Directory>/srmclient-2.6.28/usr/share/srm
    export PATH=<Install Directory>/srmclient-2.6.28/usr/bin:$PATH

NB The srm client tools depend on JAVA. There is a known issue with openjava version 7. If you have this version of JAVA installed, or otherwise get JAVA exceptions when running an srm command, please install another JAVA VM. Java-7-oracle is known to work. It is possible to have multiple JAVA VM installations and it is thus not required to replace an existing installation: if the default VM installation does not work with srm, another VM may be configured to be used by setting the following environment parameter:

export JAVA_HOME=/usr/lib/jvm/java-7-oracle/jre

The JAVA VM used by default in Ubuntu and CentOS can be selected using the following command:

sudo update-alternatives --config java

The fetch-crl tool retrieves Certificate Revocation Lists.


sudo apt-get install fetch-crl


sudo yum install fetch-crl

NB This is not required unless you intend to allow others to access your system by providing their grid certificate.

Add the following string for the LOFAR Virtual Organization (VO) to the vomses file (any filename is fine).

"lofar" "" "30019" "/O=dutchgrid/O=hosts/" "lofar"

You can find this string also on the following website in the text block under VOMSES string for this VO
The vomses file should be placed in one of the following default locations: /etc/vomses, $HOME/.voms/vomses, $HOME/.glite/vomses

Put the following strings:

/C=NL/O=NIKHEF/CN=NIKHEF medium-security certification auth

in the file (root permissions required):


NB If this step is skipped or nor configured correctly voms-proxy-init will work but finish with warnings.

You may want to provide the following settings in .bashrc or another initialisation/startup script if the relevant files are not in the default locations (defaults provided below).

export X509_USER_CERT=$HOME/.globus/usercert.pem
export X509_USER_KEY=$HOME/.globus/userkey.pem
export X509_CERT_DIR=/etc/grid-security/certificates
export X509_VOMS_DIR=/etc/grid-security/vomsdir
export X509_USER_PROXY=$HOME/.proxy
export VOMS_USERCONF=$HOME/.glite

Note: For (t)csh, use *.csh init scripts and 'setenv <key> <value>' instead of 'export <key>=<value>'.

You may want to create a cron job to automatically retrieve certificate revocation lists (CRLs) by invoking the fetch-crl tool at regular intervals (at least once a year).

This creates a proxy (valid for 48 hours, increase if needed) in your home directory:

voms-proxy-init -valid 48:00 -voms lofar:/lofar/user -out ~/.proxy

You can test that everything works by copying this file from surfsara to your working directory:

srmcp -server_mode=passive srm:// file://`pwd`/file1M

If your firewall allows incoming connections to non-standard ports, you can try this command without the server_mode option which will enable utilization of multiple streams to increase performance.

If you have the gridftp client software installed and in your path, it provides superior performance as compared to the native JAVA gridftp client that is provided by srmcp. In order to utilize this, download, unzip it and use the command:

srmcp -use_urlcopy_script=true -urlcopy=./ -server_mode=passive srm:// file://`pwd`/file1M

Note: You may have to force the use of TLS, (export GLOBUS_GSSAPI_FORCE_TLS=1 or in /etc/grid-security/gsi.conf set FORCE_TLS=true) to make this work.

  • Last modified: 2024-05-10 12:14
  • by Hanno Holties