Differences
This shows you the differences between two versions of the page.
Next revision | Previous revision | ||
public:grid_srm_software_installation [2012-11-29 14:14] – created Adriaan Renting | public:grid_srm_software_installation [2021-05-19 12:27] (current) – [Certificates for the Grid Certificate Authorities (CA)] Hanno Holties | ||
---|---|---|---|
Line 1: | Line 1: | ||
- | ====== GRID srm installation ====== | + | ====== GRID storage access tools installation ====== |
- | The following documentation was developed for the installation of a | + | //This page describes |
- | grid certificate | + | |
- | .bashrc as a configuration script) Thanks goes to Martin van den Akker for providing most of this information. | + | |
- | ===== 1 Installation of software packages ===== | + | //You might also be interested in the [[public: |
+ | |||
+ | The following documentation was developed for the installation of a GRID tools and certificates on an Ubuntu 12.04 system using a bash shell (using .bashrc as a configuration script). We have not tested the installation using csh derivatives but it is to be expected that not all scripts will work. Thanks to Martin van den Akker for providing notes of his installation procedure. | ||
+ | |||
+ | Sites that provide packages and further information on installation of grid middleware on linux based systems: | ||
+ | |||
+ | * [[http:// | ||
+ | * [[http:// | ||
+ | * [[http:// | ||
+ | |||
+ | NB We have tested the installation as described below only on Ubuntu 12 and CentOS 7. Please let us know if you have feedback or if you can contribute instructions on installations in different environments. | ||
+ | You might also first need to obtain a [[GRID certificate]]. | ||
+ | ===== Installation of software packages ===== | ||
Note: all installations require root permissions. | Note: all installations require root permissions. | ||
- | ==== 1.1 globus ==== | + | ==== globus |
- | sudo apt-get install | + | The file transfer tools from the Globus package are needed, most importantly |
+ | Ubuntu | ||
+ | sudo apt-get install globus-gass-copy-progs | ||
- | ==== 1.2 voms ==== | + | CentOS |
+ | sudo yum install globus-gass-copy-progs | ||
+ | ==== voms client software ==== | ||
+ | |||
+ | The VOMS tools for logging in and user account management: | ||
+ | |||
+ | Ubuntu | ||
sudo apt-get install voms-clients | sudo apt-get install voms-clients | ||
- | ==== 1.3 srmtools ==== | + | CentOS |
+ | sudo yum install voms-clients-cpp | ||
- | * download srmtools | + | ==== Certificates for the Grid Certificate Authorities (CA) ==== |
- | e.g. http:// | + | |
- | * extract and install | + | |
- | this will create a subdirectory srm under /opt/ | + | |
- | * add the path to the srmtools to .bashrc: | + | |
- | export SRM_PATH=/opt/srm | + | |
- | export PATH=$SRM_PATH/ | + | |
- | ===== 2 Installation of certificates | + | Execute the following commands to install the certificates |
+ | Ubuntu | ||
- | ====2.1 Personal certificate ==== | + | Note 2021-05-19: newer versions of Ubuntu require to first add the appropriate GPG key for the EGI repository: |
+ | < | ||
+ | wget -q -O - https:// | ||
- | * Request a user certificate using jGridstart | + | </code> |
- | http:// | + | <code> |
- | and follow the instructions | + | |
- | * Install the certificate as described in the certificate e-mail | + | |
- | - Save this entire mail as " | + | |
- | that the " | + | |
- | As these *.pem files are strictly personal their permissions should be set properly | + | |
- | by the following command: | + | |
- | | + | |
- | - Load the certificate into your web browser on your own | + | |
- | system. See [http:// | + | |
- | Installation can also be done using the jGridstart tool (see above). | + | |
- | - [optional] Apply for authorization to use resources or services. Please consult | + | |
- | your service provider or help desk for more information, | + | |
- | [mailto: | + | |
- | * for access to DEISA HPC Grid resources | + | |
- | https:// | + | |
- | * for Grid communities hosted in the Netherlands | + | |
- | https:// | + | |
- | * for all Grid communities registred in Europe by discipline | + | |
- | ==== 2.2 Additional certificates from the site of the European Grid Infrastructure (EGI). ==== | + | sudo add-apt-repository 'deb http:// |
+ | sudo apt-get update | ||
+ | sudo apt-get install ca-policy-egi-core | ||
- | Execute the following commands to install the certificates from the | + | </ |
- | site of the European Grid Infrastructure (EGI) (root permissions are | + | |
- | required). | + | |
- | > sudo add-repository 'deb http:// | + | CentOS |
- | > sudo apt-get update | + | |
- | > sudo apt-get install ca-policy-egi-core | + | |
+ | < | ||
+ | wget http:// | ||
+ | sudo mv EGI-trustanchors.repo / | ||
+ | sudo yum install ca-policy-egi-core | ||
- | ===== 3 Additional configuration ===== | + | </ |
- | ==== 3.1 Add the vomses string for the LOFAR Virtual Organization (VO) to the vomses file ==== | ||
- | You can find this string on the following website | + | ==== srmtools ==== |
- | https:// | + | |
- | in the text block under " | + | |
- | The string should be copied to the following file: $HOME/ | + | |
+ | The SRM tools are needed to communicate with the storage management system. | ||
- | ==== 3.2 List of certificates | + | - Download srmtools |
+ | * {{public: | ||
+ | * {{public: | ||
+ | - Extract and install the srmtools, e.g. in ''/ | ||
+ | - Set the relevant environment path variables, e.g. in .bashrc (modify version number if applicable): | ||
- | Put the following string (without | + | NB The srm client tools depend on JAVA. There is a known issue with openjava version 7. If you have this version of JAVA installed, or otherwise get JAVA exceptions when running an srm command, please install another JAVA VM. Java-7-oracle is known to work. It is possible to have multiple JAVA VM installations and it is thus not required to replace an existing installation: |
- | "/ | + | |
+ | |||
+ | The JAVA VM used by default in Ubuntu and CentOS can be selected using the following command: | ||
+ | |||
+ | sudo update-alternatives --config java | ||
+ | |||
+ | ==== Certificate Revocation List retrieval (optional) ==== | ||
+ | |||
+ | The fetch-crl tool retrieves Certificate Revocation Lists. | ||
+ | |||
+ | Ubuntu | ||
+ | sudo apt-get install fetch-crl | ||
+ | |||
+ | CentOS | ||
+ | sudo yum install fetch-crl | ||
+ | |||
+ | NB This is not required unless you intend to allow others to access your system by providing their grid certificate. | ||
+ | |||
+ | ===== Additional configuration ===== | ||
+ | |||
+ | ==== VOMSES file for LOFAR ==== | ||
+ | |||
+ | Add the following string for the LOFAR Virtual Organization (VO) to the vomses file (any filename is fine). | ||
+ | |||
+ | " | ||
+ | |||
+ | You can find this string also on the following website https:// | ||
+ | |||
+ | ==== List of certificates for voms.grid.sara.nl.lsc ==== | ||
+ | |||
+ | Put the following strings: | ||
+ | |||
+ | / | ||
+ | / | ||
in the file (root permissions required): | in the file (root permissions required): | ||
Line 87: | Line 121: | ||
/ | / | ||
+ | NB If this step is skipped or nor configured correctly '' | ||
- | ==== 3.3 Add the following settings to .bashrc | + | ==== Environment (optional) |
- | | + | You may want to provide the following settings in '' |
- | export | + | |
+ | | ||
+ | export | ||
+ | export X509_CERT_DIR=/ | ||
export X509_VOMS_DIR=/ | export X509_VOMS_DIR=/ | ||
+ | export X509_USER_PROXY=$HOME/ | ||
export VOMS_USERCONF=$HOME/ | export VOMS_USERCONF=$HOME/ | ||
+ | | ||
+ | **Note:** For (t)csh, use *.csh init scripts and ' | ||
+ | ==== CRL cron job (optional) ==== | ||
+ | |||
+ | You may want to create a cron job to automatically retrieve certificate revocation lists (CRLs) by invoking the fetch-crl tool at regular intervals (at least once a year). | ||
+ | |||
+ | ===== Usage ===== | ||
+ | This creates a proxy (valid for 48 hours, increase if needed) in your home directory: | ||
+ | < | ||
+ | voms-proxy-init -valid 48:00 -voms lofar:/ | ||
+ | </ | ||
+ | You can test that everything works by copying this file from surfsara to your working directory: | ||
+ | < | ||
+ | srmcp -server_mode=passive srm:// | ||
+ | </ | ||
+ | If your firewall allows incoming connections to non-standard ports, you can try this command without the server_mode option which will enable utilization of multiple streams to increase performance. | ||
+ | If you have the [[public: | ||
+ | < | ||
+ | srmcp -use_urlcopy_script=true -urlcopy=./ | ||
+ | </ | ||
+ | **Note:** You may have to force the use of TLS, (export GLOBUS_GSSAPI_FORCE_TLS=1 or in / |