Differences
This shows you the differences between two versions of the page.
Both sides previous revision Previous revision Next revision | Previous revision | ||
public:grid_srm_software_installation [2012-12-09 21:12] – Hanno Holties | public:grid_srm_software_installation [2021-05-19 12:27] (current) – [Certificates for the Grid Certificate Authorities (CA)] Hanno Holties | ||
---|---|---|---|
Line 1: | Line 1: | ||
====== GRID storage access tools installation ====== | ====== GRID storage access tools installation ====== | ||
+ | |||
+ | //This page describes the procedure to set up the tools for working directly on the srm storage. You may want to consider using the staging and download services provided by Astron if you just want to retrieve data from the archive: [[http:// | ||
+ | |||
+ | //You might also be interested in the [[public: | ||
The following documentation was developed for the installation of a GRID tools and certificates on an Ubuntu 12.04 system using a bash shell (using .bashrc as a configuration script). We have not tested the installation using csh derivatives but it is to be expected that not all scripts will work. Thanks to Martin van den Akker for providing notes of his installation procedure. | The following documentation was developed for the installation of a GRID tools and certificates on an Ubuntu 12.04 system using a bash shell (using .bashrc as a configuration script). We have not tested the installation using csh derivatives but it is to be expected that not all scripts will work. Thanks to Martin van den Akker for providing notes of his installation procedure. | ||
Line 10: | Line 14: | ||
* [[http:// | * [[http:// | ||
- | NB Only the Ubuntu 12 installation described below has been tested by us. Please let us know if you have feedback or if you can contribute instructions on installations in different environments. | + | NB We have tested |
- | + | You might also first need to obtain | |
- | ===== 1 Installation of certificates ===== | + | ===== Installation of software packages ===== |
- | + | ||
- | ==== 1.1 Obtaining | + | |
- | + | ||
- | * Request a user certificate via the [[https:// | + | |
- | * Install the certificate by following the instructions provided by your certificate authority. Typically this involves: | + | |
- | - Save the mail with the signed certificate as '' | + | |
- | - Load the certificate into your web browser. See e.g. http:// | + | |
- | - Apply for authorization to use LOFAR resources: | + | |
- | * https:// | + | |
- | - NB If appropriate, | + | |
- | * https:// | + | |
- | * https:// | + | |
- | + | ||
- | ===== 2 Installation of software packages ===== | + | |
Note: all installations require root permissions. | Note: all installations require root permissions. | ||
- | ==== 2.1 globus client software ==== | + | ==== globus client software ==== |
The file transfer tools from the Globus package are needed, most importantly globus-url-copy: | The file transfer tools from the Globus package are needed, most importantly globus-url-copy: | ||
+ | Ubuntu | ||
sudo apt-get install globus-gass-copy-progs | sudo apt-get install globus-gass-copy-progs | ||
- | ==== 2.2 voms client software ==== | + | CentOS |
+ | sudo yum install globus-gass-copy-progs | ||
+ | |||
+ | ==== voms client software ==== | ||
The VOMS tools for logging in and user account management: | The VOMS tools for logging in and user account management: | ||
+ | Ubuntu | ||
sudo apt-get install voms-clients | sudo apt-get install voms-clients | ||
- | ==== 2.3 Certificates for the Grid Certificate Authorities (CA) ==== | + | CentOS |
+ | sudo yum install voms-clients-cpp | ||
- | Execute | + | ==== Certificates for the Grid Certificate Authorities |
- | site of the European | + | |
- | required). | + | |
- | sudo add-repository 'deb http:// | + | Execute the following commands to install the certificates from the site of the European Grid Infrastructure (EGI) (root permissions are required). |
- | sudo apt-get update | + | |
- | sudo apt-get install ca-policy-egi-core | + | |
- | ==== 2.4 srmtools ==== | + | Ubuntu |
+ | |||
+ | Note 2021-05-19: newer versions of Ubuntu require to first add the appropriate GPG key for the EGI repository: | ||
+ | |||
+ | < | ||
+ | wget -q -O - https:// | ||
+ | |||
+ | </ | ||
+ | < | ||
+ | |||
+ | sudo add-apt-repository 'deb http:// | ||
+ | sudo apt-get update | ||
+ | sudo apt-get install ca-policy-egi-core | ||
+ | |||
+ | </ | ||
+ | |||
+ | CentOS | ||
+ | |||
+ | < | ||
+ | wget http:// | ||
+ | sudo mv EGI-trustanchors.repo / | ||
+ | sudo yum install ca-policy-egi-core | ||
+ | |||
+ | </ | ||
+ | |||
+ | |||
+ | ==== srmtools ==== | ||
The SRM tools are needed to communicate with the storage management system. | The SRM tools are needed to communicate with the storage management system. | ||
- Download srmtools | - Download srmtools | ||
- | * {{:public:srm.tar.gz|srm.tar.gz}} | + | * {{public:srmclient-2.6.28.tar.gz|srmclient-2.6.28.tar.gz}} |
- | - Extract and install the srmtools, e.g. in ''/ | + | * {{public:srmclient-2.2.25.tar.gz|srmclient-2.2.25.tar.gz}} |
- | - Set the relevant environment path variables, e.g. in .bashrc:\\ '' | + | - Extract and install the srmtools, e.g. in ''/ |
+ | - Set the relevant environment path variables, e.g. in .bashrc | ||
- | NB The srm client tools depend on JAVA. There is a known issue with openjava version 7. If you have this version of JAVA installed, or otherwise get JAVA exceptions when running an srm command, please install another JAVA VM. java-6-openjdk | + | NB The srm client tools depend on JAVA. There is a known issue with openjava version 7. If you have this version of JAVA installed, or otherwise get JAVA exceptions when running an srm command, please install another JAVA VM. Java-7-oracle |
- | export JAVA_HOME=/ | + | export JAVA_HOME=/ |
- | ==== 2.5 Certificate Revocation List retrieval (optional) ==== | + | The JAVA VM used by default in Ubuntu and CentOS can be selected using the following command: |
+ | |||
+ | sudo update-alternatives --config java | ||
+ | |||
+ | ==== Certificate Revocation List retrieval (optional) ==== | ||
The fetch-crl tool retrieves Certificate Revocation Lists. | The fetch-crl tool retrieves Certificate Revocation Lists. | ||
+ | Ubuntu | ||
sudo apt-get install fetch-crl | sudo apt-get install fetch-crl | ||
+ | |||
+ | CentOS | ||
+ | sudo yum install fetch-crl | ||
NB This is not required unless you intend to allow others to access your system by providing their grid certificate. | NB This is not required unless you intend to allow others to access your system by providing their grid certificate. | ||
- | ===== 3 Additional configuration ===== | + | ===== Additional configuration ===== |
- | ==== 3.1 VOMSES file for LOFAR ==== | + | ==== VOMSES file for LOFAR ==== |
- | Add the following string for the LOFAR Virtual Organization (VO) to the vomses file. | + | Add the following string for the LOFAR Virtual Organization (VO) to the vomses file (any filename is fine). |
" | " | ||
Line 83: | Line 110: | ||
You can find this string also on the following website https:// | You can find this string also on the following website https:// | ||
- | ==== 3.2 List of certificates for voms.grid.sara.nl.lsc ==== | + | ==== List of certificates for voms.grid.sara.nl.lsc ==== |
Put the following strings: | Put the following strings: | ||
Line 96: | Line 123: | ||
NB If this step is skipped or nor configured correctly '' | NB If this step is skipped or nor configured correctly '' | ||
- | ==== 3.3 Environment (optional) ==== | + | ==== Environment (optional) ==== |
You may want to provide the following settings in '' | You may want to provide the following settings in '' | ||
Line 104: | Line 131: | ||
export X509_CERT_DIR=/ | export X509_CERT_DIR=/ | ||
export X509_VOMS_DIR=/ | export X509_VOMS_DIR=/ | ||
+ | export X509_USER_PROXY=$HOME/ | ||
export VOMS_USERCONF=$HOME/ | export VOMS_USERCONF=$HOME/ | ||
+ | |||
+ | **Note:** For (t)csh, use *.csh init scripts and ' | ||
==== CRL cron job (optional) ==== | ==== CRL cron job (optional) ==== | ||
- | You may want to create a cron job to automatically retrieve certificate revocation lists (CRLs) by incoking | + | You may want to create a cron job to automatically retrieve certificate revocation lists (CRLs) by invoking |
+ | |||
+ | ===== Usage ===== | ||
+ | |||
+ | This creates a proxy (valid for 48 hours, increase if needed) in your home directory: | ||
+ | < | ||
+ | voms-proxy-init -valid 48:00 -voms lofar:/ | ||
+ | </ | ||
+ | |||
+ | You can test that everything works by copying this file from surfsara to your working directory: | ||
+ | < | ||
+ | srmcp -server_mode=passive srm:// | ||
+ | </ | ||
+ | |||
+ | If your firewall allows incoming connections to non-standard ports, you can try this command without the server_mode option which will enable utilization of multiple streams to increase performance. | ||
+ | |||
+ | If you have the [[public: | ||
+ | < | ||
+ | srmcp -use_urlcopy_script=true -urlcopy=./ | ||
+ | </ | ||
+ | **Note:** You may have to force the use of TLS, (export GLOBUS_GSSAPI_FORCE_TLS=1 or in / |