Differences
This shows you the differences between two versions of the page.
Both sides previous revision Previous revision Next revision | Previous revision | ||
public:grid_srm_software_installation [2013-06-04 08:22] – [1.1 Obtaining a personal grid certificate] Adriaan Renting | public:grid_srm_software_installation [2021-05-19 12:27] (current) – [Certificates for the Grid Certificate Authorities (CA)] Hanno Holties | ||
---|---|---|---|
Line 1: | Line 1: | ||
====== GRID storage access tools installation ====== | ====== GRID storage access tools installation ====== | ||
+ | |||
+ | //This page describes the procedure to set up the tools for working directly on the srm storage. You may want to consider using the staging and download services provided by Astron if you just want to retrieve data from the archive: [[http:// | ||
+ | |||
+ | //You might also be interested in the [[public: | ||
The following documentation was developed for the installation of a GRID tools and certificates on an Ubuntu 12.04 system using a bash shell (using .bashrc as a configuration script). We have not tested the installation using csh derivatives but it is to be expected that not all scripts will work. Thanks to Martin van den Akker for providing notes of his installation procedure. | The following documentation was developed for the installation of a GRID tools and certificates on an Ubuntu 12.04 system using a bash shell (using .bashrc as a configuration script). We have not tested the installation using csh derivatives but it is to be expected that not all scripts will work. Thanks to Martin van den Akker for providing notes of his installation procedure. | ||
Line 10: | Line 14: | ||
* [[http:// | * [[http:// | ||
- | NB Only the Ubuntu 12 installation described below has been tested by us. Please let us know if you have feedback or if you can contribute instructions on installations in different environments. | + | NB We have tested |
+ | You might also first need to obtain a [[GRID certificate]]. | ||
+ | ===== Installation of software packages ===== | ||
- | ===== 1 Installation of certificates ===== | + | Note: all installations require root permissions. |
- | ==== 1.1 Obtaining a personal grid certificate | + | ==== globus client software |
- | * Request a user certificate via the [[https:// | + | The file transfer tools from the Globus package |
- | * Install the certificate by following the instructions provided by your certificate authority. Typically this involves: | + | |
- | - Save the mail with the signed certificate as '' | + | |
- | | + | |
- | | + | |
- | * https:// | + | |
- | - NB If appropriate, | + | |
- | * https:// | + | |
- | * https:// | + | |
- | === Notes on jGridStart usage === | + | Ubuntu |
+ | sudo apt-get install globus-gass-copy-progs | ||
- | * It's possible that on OSX Lion or Mountain Lion the jGridStart does not work. This is due to the java support for OSX moving from Apple to Oracle directly. To fix this check the following article http:// | + | CentOS |
- | | + | |
- | ===== 2 Installation of software | + | ==== voms client |
- | Note: all installations require root permissions. | + | The VOMS tools for logging in and user account management: |
- | ==== 2.1 globus client software ==== | + | Ubuntu |
+ | sudo apt-get install voms-clients | ||
- | The file transfer tools from the Globus package are needed, most importantly globus-url-copy: | + | CentOS |
+ | sudo yum install voms-clients-cpp | ||
- | sudo apt-get install globus-gass-copy-progs | + | ==== Certificates for the Grid Certificate Authorities (CA) ==== |
- | ==== 2.2 voms client software ==== | + | Execute the following commands to install the certificates from the site of the European Grid Infrastructure (EGI) (root permissions are required). |
- | The VOMS tools for logging in and user account management: | + | Ubuntu |
- | sudo apt-get install voms-clients | + | Note 2021-05-19: newer versions of Ubuntu require to first add the appropriate GPG key for the EGI repository: |
- | ==== 2.3 Certificates for the Grid Certificate Authorities (CA) ==== | + | < |
+ | wget -q -O - https:// | ||
- | Execute the following commands to install the certificates from the | + | </ |
- | site of the European Grid Infrastructure (EGI) (root permissions are | + | < |
- | required). | + | |
- | | + | sudo add-apt-repository 'deb http:// |
- | sudo apt-get update | + | sudo apt-get update |
- | sudo apt-get install ca-policy-egi-core | + | sudo apt-get install ca-policy-egi-core |
- | ==== 2.4 srmtools ==== | + | </ |
+ | |||
+ | CentOS | ||
+ | |||
+ | < | ||
+ | wget http:// | ||
+ | sudo mv EGI-trustanchors.repo / | ||
+ | sudo yum install ca-policy-egi-core | ||
+ | |||
+ | </ | ||
+ | |||
+ | |||
+ | ==== srmtools ==== | ||
The SRM tools are needed to communicate with the storage management system. | The SRM tools are needed to communicate with the storage management system. | ||
- Download srmtools | - Download srmtools | ||
- | * {{:public:srm.tar.gz|srm.tar.gz}} | + | * {{public:srmclient-2.6.28.tar.gz|srmclient-2.6.28.tar.gz}} |
- | - Extract and install the srmtools, e.g. in ''/ | + | * {{public:srmclient-2.2.25.tar.gz|srmclient-2.2.25.tar.gz}} |
- | - Set the relevant environment path variables, e.g. in .bashrc:\\ '' | + | - Extract and install the srmtools, e.g. in ''/ |
+ | - Set the relevant environment path variables, e.g. in .bashrc | ||
- | NB The srm client tools depend on JAVA. There is a known issue with openjava version 7. If you have this version of JAVA installed, or otherwise get JAVA exceptions when running an srm command, please install another JAVA VM. java-6-openjdk | + | NB The srm client tools depend on JAVA. There is a known issue with openjava version 7. If you have this version of JAVA installed, or otherwise get JAVA exceptions when running an srm command, please install another JAVA VM. Java-7-oracle |
- | export JAVA_HOME=/ | + | export JAVA_HOME=/ |
- | ==== 2.5 Certificate Revocation List retrieval (optional) ==== | + | The JAVA VM used by default in Ubuntu and CentOS can be selected using the following command: |
+ | |||
+ | sudo update-alternatives --config java | ||
+ | |||
+ | ==== Certificate Revocation List retrieval (optional) ==== | ||
The fetch-crl tool retrieves Certificate Revocation Lists. | The fetch-crl tool retrieves Certificate Revocation Lists. | ||
+ | Ubuntu | ||
sudo apt-get install fetch-crl | sudo apt-get install fetch-crl | ||
+ | |||
+ | CentOS | ||
+ | sudo yum install fetch-crl | ||
NB This is not required unless you intend to allow others to access your system by providing their grid certificate. | NB This is not required unless you intend to allow others to access your system by providing their grid certificate. | ||
- | ===== 3 Additional configuration ===== | + | ===== Additional configuration ===== |
- | ==== 3.1 VOMSES file for LOFAR ==== | + | ==== VOMSES file for LOFAR ==== |
- | Add the following string for the LOFAR Virtual Organization (VO) to the vomses file. | + | Add the following string for the LOFAR Virtual Organization (VO) to the vomses file (any filename is fine). |
" | " | ||
Line 88: | Line 110: | ||
You can find this string also on the following website https:// | You can find this string also on the following website https:// | ||
- | ==== 3.2 List of certificates for voms.grid.sara.nl.lsc ==== | + | ==== List of certificates for voms.grid.sara.nl.lsc ==== |
Put the following strings: | Put the following strings: | ||
Line 101: | Line 123: | ||
NB If this step is skipped or nor configured correctly '' | NB If this step is skipped or nor configured correctly '' | ||
- | ==== 3.3 Environment (optional) ==== | + | ==== Environment (optional) ==== |
You may want to provide the following settings in '' | You may want to provide the following settings in '' | ||
Line 109: | Line 131: | ||
export X509_CERT_DIR=/ | export X509_CERT_DIR=/ | ||
export X509_VOMS_DIR=/ | export X509_VOMS_DIR=/ | ||
+ | export X509_USER_PROXY=$HOME/ | ||
export VOMS_USERCONF=$HOME/ | export VOMS_USERCONF=$HOME/ | ||
+ | |||
+ | **Note:** For (t)csh, use *.csh init scripts and ' | ||
==== CRL cron job (optional) ==== | ==== CRL cron job (optional) ==== | ||
- | You may want to create a cron job to automatically retrieve certificate revocation lists (CRLs) by incoking | + | You may want to create a cron job to automatically retrieve certificate revocation lists (CRLs) by invoking |
+ | |||
+ | ===== Usage ===== | ||
+ | |||
+ | This creates a proxy (valid for 48 hours, increase if needed) in your home directory: | ||
+ | < | ||
+ | voms-proxy-init -valid 48:00 -voms lofar:/ | ||
+ | </ | ||
+ | |||
+ | You can test that everything works by copying this file from surfsara to your working directory: | ||
+ | < | ||
+ | srmcp -server_mode=passive srm:// | ||
+ | </ | ||
+ | |||
+ | If your firewall allows incoming connections to non-standard ports, you can try this command without the server_mode option which will enable utilization of multiple streams to increase performance. | ||
+ | |||
+ | If you have the [[public: | ||
+ | < | ||
+ | srmcp -use_urlcopy_script=true -urlcopy=./ | ||
+ | </ | ||
+ | **Note:** You may have to force the use of TLS, (export GLOBUS_GSSAPI_FORCE_TLS=1 or in / |