Differences
This shows you the differences between two versions of the page.
Both sides previous revision Previous revision Next revision | Previous revision | ||
public:grid_srm_software_installation [2014-09-03 20:30] – Hanno Holties | public:grid_srm_software_installation [2021-05-19 12:27] (current) – [Certificates for the Grid Certificate Authorities (CA)] Hanno Holties | ||
---|---|---|---|
Line 14: | Line 14: | ||
* [[http:// | * [[http:// | ||
- | NB Only the Ubuntu 12 installation described below has been tested by us. Please let us know if you have feedback or if you can contribute instructions on installations in different environments. | + | NB We have tested |
You might also first need to obtain a [[GRID certificate]]. | You might also first need to obtain a [[GRID certificate]]. | ||
===== Installation of software packages ===== | ===== Installation of software packages ===== | ||
Line 24: | Line 24: | ||
The file transfer tools from the Globus package are needed, most importantly globus-url-copy: | The file transfer tools from the Globus package are needed, most importantly globus-url-copy: | ||
+ | Ubuntu | ||
sudo apt-get install globus-gass-copy-progs | sudo apt-get install globus-gass-copy-progs | ||
+ | |||
+ | CentOS | ||
+ | sudo yum install globus-gass-copy-progs | ||
==== voms client software ==== | ==== voms client software ==== | ||
Line 30: | Line 34: | ||
The VOMS tools for logging in and user account management: | The VOMS tools for logging in and user account management: | ||
+ | Ubuntu | ||
sudo apt-get install voms-clients | sudo apt-get install voms-clients | ||
+ | |||
+ | CentOS | ||
+ | sudo yum install voms-clients-cpp | ||
==== Certificates for the Grid Certificate Authorities (CA) ==== | ==== Certificates for the Grid Certificate Authorities (CA) ==== | ||
- | Execute the following commands to install the certificates from the | + | Execute the following commands to install the certificates from the site of the European Grid Infrastructure (EGI) (root permissions are required). |
- | site of the European Grid Infrastructure (EGI) (root permissions are | + | |
- | required). | + | Ubuntu |
+ | |||
+ | Note 2021-05-19: newer versions of Ubuntu require to first add the appropriate GPG key for the EGI repository: | ||
+ | |||
+ | < | ||
+ | wget -q -O - https:// | ||
+ | |||
+ | </ | ||
+ | < | ||
+ | |||
+ | sudo add-apt-repository 'deb http:// | ||
+ | sudo apt-get update | ||
+ | sudo apt-get install ca-policy-egi-core | ||
+ | |||
+ | </ | ||
+ | |||
+ | CentOS | ||
+ | |||
+ | < | ||
+ | wget http:// | ||
+ | sudo mv EGI-trustanchors.repo / | ||
+ | sudo yum install ca-policy-egi-core | ||
+ | |||
+ | </ | ||
- | sudo add-apt-repository 'deb http:// | ||
- | sudo apt-get update | ||
- | sudo apt-get install ca-policy-egi-core | ||
==== srmtools ==== | ==== srmtools ==== | ||
Line 47: | Line 75: | ||
- Download srmtools | - Download srmtools | ||
- | * {{public: | + | * {{public: |
* {{public: | * {{public: | ||
- Extract and install the srmtools, e.g. in ''/ | - Extract and install the srmtools, e.g. in ''/ | ||
Line 56: | Line 84: | ||
export JAVA_HOME=/ | export JAVA_HOME=/ | ||
- | The JAVA VM used by default in Ubuntu can be selected using the following command: | + | The JAVA VM used by default in Ubuntu |
sudo update-alternatives --config java | sudo update-alternatives --config java | ||
+ | |||
==== Certificate Revocation List retrieval (optional) ==== | ==== Certificate Revocation List retrieval (optional) ==== | ||
The fetch-crl tool retrieves Certificate Revocation Lists. | The fetch-crl tool retrieves Certificate Revocation Lists. | ||
+ | Ubuntu | ||
sudo apt-get install fetch-crl | sudo apt-get install fetch-crl | ||
+ | |||
+ | CentOS | ||
+ | sudo yum install fetch-crl | ||
NB This is not required unless you intend to allow others to access your system by providing their grid certificate. | NB This is not required unless you intend to allow others to access your system by providing their grid certificate. | ||
Line 71: | Line 104: | ||
==== VOMSES file for LOFAR ==== | ==== VOMSES file for LOFAR ==== | ||
- | Add the following string for the LOFAR Virtual Organization (VO) to the vomses file. | + | Add the following string for the LOFAR Virtual Organization (VO) to the vomses file (any filename is fine). |
" | " | ||
Line 101: | Line 134: | ||
export VOMS_USERCONF=$HOME/ | export VOMS_USERCONF=$HOME/ | ||
| | ||
+ | **Note:** For (t)csh, use *.csh init scripts and ' | ||
==== CRL cron job (optional) ==== | ==== CRL cron job (optional) ==== | ||
- | You may want to create a cron job to automatically retrieve certificate revocation lists (CRLs) by incoking | + | You may want to create a cron job to automatically retrieve certificate revocation lists (CRLs) by invoking |
===== Usage ===== | ===== Usage ===== | ||
- | This creates a proxy (usually | + | This creates a proxy (valid for 48 hours, increase if needed) in your home directory: |
< | < | ||
- | voms-proxy-init -voms lofar:/ | + | voms-proxy-init |
</ | </ | ||
You can test that everything works by copying this file from surfsara to your working directory: | You can test that everything works by copying this file from surfsara to your working directory: | ||
< | < | ||
- | srmcp -server_mode=passive srm:// | + | srmcp -server_mode=passive srm:// |
</ | </ | ||
If your firewall allows incoming connections to non-standard ports, you can try this command without the server_mode option which will enable utilization of multiple streams to increase performance. | If your firewall allows incoming connections to non-standard ports, you can try this command without the server_mode option which will enable utilization of multiple streams to increase performance. | ||
- | If you have the [[public: | + | If you have the [[public: |
< | < | ||
- | srmcp -use_urlcopy_script=true -urlcopy=./ | + | srmcp -use_urlcopy_script=true -urlcopy=./lta-url-copy.sh -server_mode=passive srm:// |
</ | </ | ||
- | + | **Note:** You may have to force the use of TLS, (export GLOBUS_GSSAPI_FORCE_TLS=1 or in / |