public:grid_srm_software_installation

This is an old revision of the document!


GRID storage access tools installation

The following documentation was developed for the installation of a GRID tools and certificates on an Ubuntu 12.04 system using a bash shell (using .bashrc as a configuration script). We have not tested the installation using csh derivatives but it is to be expected that not all scripts will work. Thanks to Martin van den Akker for providing notes of his installation procedure.

Sites that provide packages and further information on installation of grid middleware on linux based systems:

NB Only the Ubuntu 12 installation described below has been tested by us. Please let us know if you have feedback or if you can contribute instructions on installations in different environments.

  • Request a user certificate via the Terena eScience portal (federated European organisations) or jGridstart (other Dutch organisations) and follow the instructions. A good starting point for finding your certificate authority if not available from these sites is: https://www.eugridpma.org/members/worldmap/ (Europe) or http://www.igtf.net/ (World wide). Contact Science Support if none of the above works.
  • Install the certificate by following the instructions provided by your certificate authority. Typically this involves:
  1. Save the mail with the signed certificate as $HOME/.globus/usercert.pem and make sure that the userkey.pem file in that directory contains the pricate key that matches this certificate. As these *.pem files are strictly personal, their permissions should be set properly by the following command:
    > chmod 600 *.pem
  2. Load the certificate into your web browser. See e.g. http://ca.dutchgrid.nl/info/browser for instructions. Installation can also be done using the jGridstart tool (see above) for supported browsers.
  3. Apply for authorization to use LOFAR resources:
  4. NB If appropriate, you may be interested in applying for membership of other communities, e.g.:
  5. It's possible that on OSX Lion or Mountain Lion the jGridStart does not work. This is due to the java support for OSX moving from Apple to Oracle directly. To fix this check the following article http://support.apple.com/kb/HT5559 to get javaws on the commandline so you can use it like this: http://ca.dutchgrid.nl/start/jgridstart.jnlp. You can also download the latest java for OSX from Oracle and open /System/Library/CoreServices after that to update your CoreServices (you will just see a new Finder window, nothing seems to happen).

Note: all installations require root permissions.

The file transfer tools from the Globus package are needed, most importantly globus-url-copy:

sudo apt-get install globus-gass-copy-progs

The VOMS tools for logging in and user account management:

sudo apt-get install voms-clients

Execute the following commands to install the certificates from the site of the European Grid Infrastructure (EGI) (root permissions are required).

sudo add-repository 'deb http://repository.egi.eu/sw/production/cas/1/current egi-igtf core'
sudo apt-get update
sudo apt-get install ca-policy-egi-core

The SRM tools are needed to communicate with the storage management system.

  1. Download srmtools
  2. Extract and install the srmtools, e.g. in /opt/
    This will create a subdirectory srm containing the required files.
    Note that the srm package may be installed anywhere (e.g. in your home directory).
  3. Set the relevant environment path variables, e.g. in .bashrc:
    export SRM_PATH=<Install Directory>/srm
    export PATH=$SRM_PATH/bin:$PATH

NB The srm client tools depend on JAVA. There is a known issue with openjava version 7. If you have this version of JAVA installed, or otherwise get JAVA exceptions when running an srm command, please install another JAVA VM. java-6-openjdk is known to work. It is possible to have multiple JAVA VM installations and it is thus not required to replace an existing installation: if the default VM installation does not work with srm, another VM may be configured to be used by setting the following environment parameter:

export JAVA_HOME=/usr/lib/jvm/java-6-openjdk-i386/jre

The fetch-crl tool retrieves Certificate Revocation Lists.

sudo apt-get install fetch-crl

NB This is not required unless you intend to allow others to access your system by providing their grid certificate.

Add the following string for the LOFAR Virtual Organization (VO) to the vomses file.

"lofar" "voms.grid.sara.nl" "30019" "/O=dutchgrid/O=hosts/OU=sara.nl/CN=voms.grid.sara.nl" "lofar"

You can find this string also on the following website https://voms.grid.sara.nl:8443/voms/lofar/configuration/configuration.action in the text block under VOMSES string for this VO
The vomses file should be placed in one of the following default locations: /etc/vomses, $HOME/.voms/vomses, $HOME/.glite/vomses

Put the following strings:

/O=dutchgrid/O=hosts/OU=sara.nl/CN=voms.grid.sara.nl
/C=NL/O=NIKHEF/CN=NIKHEF medium-security certification auth

in the file (root permissions required):

/etc/grid-security/vomsdir/lofar/voms.grid.sara.nl.lsc

NB If this step is skipped or nor configured correctly voms-proxy-init will work but finish with warnings.

You may want to provide the following settings in .bashrc or another initialisation/startup script if the relevant files are not in the default locations (defaults provided below).

export X509_USER_CERT=$HOME/.globus/usercert.pem
export X509_USER_KEY=$HOME/.globus/userkey.pem
export X509_CERT_DIR=/etc/grid-security/certificates
export X509_VOMS_DIR=/etc/grid-security/vomsdir
export VOMS_USERCONF=$HOME/.glite

You may want to create a cron job to automatically retrieve certificate revocation lists (CRLs) by incoking the fetch-crl tool at regular intervals (at least once a year).

  • Last modified: 2013-06-04 08:17
  • by Adriaan Renting