Globus Toolkit 4.0.7 Manoj Soni SENG, CDAC 1
What is Globus Toolkit? The Globus Toolkit is an open source software toolkit used for building Grid systems and applications. It is being developed by the Globus Alliance and many others all over the world. Globus allows people to share computing power, databases, and other tools securely online across corporate, institutions, and across geographic boundaries. 2
Popular Middlewares Globus Globus Alliance GridBus University of Melbourne UNICORE - Uniform Interface to Computing Resource glite CERN / EGEE 3
Components of Globus Toolkit Security: Grid Security Infrastructure (GSI) Data Management: Grid File Transfer Protocol (RFT/Gridftp) Information Services: Monitoring and Discovery Services (MDS/wsrf) Resource Management: Grid Resource Allocation Management (WSGRAM) 4
Globus Toolkit installer, from Globus Prerequisites J2SE 1.5+ SDK from Sun, IBM, HP or BEA (Do not use GCJ). Ant 1.6+(1.6.1+ if using java 1.5). C Compiler. If gcc, avoid version 3.2. 3.2.1 and 2.95.X are okay. gcc4.1 has a bug that will trigger during the build of WS C. C++ compiler. Use the version corresponding to your C compiler from the previous. GNU tar Required before even extracting the installer. GNU sed,gnu make Zlib 1.1.4+ - for building GSI-Openssh Perl 5.8.5 or later Sudo JDBC compliant database for instance, PostgreSQL 7.1+ PBS 5
Installation and Configuration Set the following environment variables: export GLOBUS_LOCATION=<PATH to GLOBUS> export ANT_HOME=<PATH_TO_ANT> export JAVA_HOME=<PATH_TO_JAVA> export PATH=$ANT_HOME/bin:$JAVA_HOME/bin:$PATH export LD_LIBRARY_PATH=$GLOBUS_LOCATION/lib:$LD_LIBRARY_PATH export PBS_HOME=<PATH_WHERE_PBS_INSTALLED> 6
Building the package # mkdir /usr/local/garuda # chown garuda:garuda GARUDA # tar xvzf gt4.0.7 all source installer.tar.gz # cd gt4.0.7 all source installer #./configure prefix=$globus_location enable prewsmds enablewsgram pbs enable gridway with flavor=gcc32dbg # make tee installer.log # make install # source $GLOBUS_LOCATION/etc/globus user env.sh 7
Installation and Configuration For the CA use the GARUDA CA certificates, place 5 files below listed on to /etc/gridsecurity/certificates/ directory. 88e04bd9.0 88e04bd9.signing_policy globus host ssl.conf.88e04bd9 globus user ssl.conf.88e04bd9 grid security.conf.88e04bd9 /etc/grid security# ln s globus host ssl.conf /etc/grid security/certificates/ globus hostssl.conf.88e04bd9 /etc/grid security# ln s globus user ssl.conf /etc/grid security/certificates/ globus userssl.conf.88e04bd9 /etc/grid security# ln s grid security.conf /etc/grid security/certificates/ gridsecurity.conf.88e04bd9 Note: Generate the Host Certificates, get signed from the GARUDA CA Authority and place it onto /etc/grid security/ directory. 8
GARUDA NTP Setup NTP sync. #ntpdate u <IP_addr> GARUDA NTP server - 10.1.0.11 #ntpdate u 10.1.0.11 9
GARUDA DNS Setup DNS sync Edit /etc/resolve.conf #vi /etc/resolve.conf Add the below configuration: Nameserver 10.192.0.11 (Primary Server) Nameserver 10.1.0.11 (Secondary Server) 10
Setting FQDN Set proper FQDN (Fully Qualified Domain Name) Edit /etc/hosts accordingly Verify by executing below command # hostname -f 11
Setup GridFTP Create the /etc/xinetd/gridftp /etc/xinetd.d# cat gridftp service gsiftp { instances = 100 socket_type = stream wait = no user = root env += GLOBUS_LOCATION=/usr/local/GARUDA/GLOBUS-4.0.7 env += LD_LIBRARY_PATH=/usr/local/GARUDA/GLOBUS-4.0.7/lib server = /usr/local/garuda/globus-4.0.7/sbin/globus-gridftp-server server_args = -i log_on_success += DURATION nice = 10 disable = no } 12
Set Up Grid FTP # vim /etc/services #Local Services gsiftp2811/tcp /etc/xinetd.d# /etc/init.d/xinetd reload Testing the service : /etc/xinetd.d# netstat an grep 2811 tcp 0 0 0.0.0.0:2811 0.0.0.0:* LISTEN 13
Starting Webservice container $ vim $GLOBUS_LOCATION/start-stop #! /bin/sh set -e export GLOBUS_LOCATION=/usr/local/globus-4.0.1 export JAVA_HOME=/usr/java/j2sdk1.4.2_10/ export ANT_HOME=/usr/local/apache-ant-1.6.5 export GLOBUS_OPTIONS="-Xms256M -Xmx512M". $GLOBUS_LOCATION/etc/globus-user-env.sh cd $GLOBUS_LOCATION case "$1" in start) $GLOBUS_LOCATION/sbin/globus-start-container detached -p 8443 ;; stop) $GLOBUS_LOCATION/sbin/globus-stop-container-detached ;; *) echo "Usage: globus {start stop}" >&2 exit 1 ;; esac exit 0 $ chmod +x $GLOBUS_LOCATION/start-stop 14
Container start up script # vim /etc/init.d/globus-4.0.7 #!/bin/sh -e case "$1" in start) su - globus /usr/local/globus-4.0.1/start-stop start ;; stop) su - globus /usr/local/globus-4.0.1/start-stop stop ;; restart) $0 stop sleep 1 $0 start ;; *) printf "Usage: $0 {start stop restart}\n" >&2 exit 1 ;; esac exit 0 # chmod +x /etc/init.d/globus-4.0.7 15
Setting up WS GRAM: # vi /etc/sudoers garuda ALL=(ALL) NOPASSWD: $GLOBUS_LOCATION/libexec/globus-gridmapand-execute -g /etc/grid-security/grid-mapfile$globus_location/libexec/globusjob-manager-script.pl * garuda ALL=(ALL) NOPASSWD: $GLOBUS_LOCATION/libexec/globus-gridmapand-execute-g /etc/grid-security/grid-mapfile $GLOBUS_LOCATION/libexec/globusgram-local-proxy-tool * 16
Container Certificate #cp hostcert.pem containercert.pem #cp hostkey.pem containerkey.pem #chown globus:globus containercet.pem #chown globus:globus containerkey.pem 17
Creating grid-map file #vim /etc/grid-security/grid-mapfile <distinguished_name> <local_user_account> /C=IN/O=C-DAC KP /OU=CTSF/OU=ctsf.cdac.org.in/CN=santhosh santhosh Generate the Proxy for the user garuda using the above command and enter the passphrase $ grid-proxy-init Now we can start the container: # /etc/init.d/globus-4.0.7 start 18
Job Submission Interface globusrun-ws :web-service based submission #globusrun-ws -s -submit -c <executable> 19
RFT Configuration Create the database with the name rftdatabase Run the command: psql -d rftdatabase -f $GLOBUS_LOCATION/share/globus_wsrf_rft/rft_sche ma.sql Edit the file: $GLOBUS_LOCATION/etc/globus_wsrf_rft/jndiconfig.xml 20
Data Management Data Transfer Management GridFTP Grid File Transfer Protocol Secure, efficient, flexible data transfer Based on FTP Data management tools globus url copy 21
Data Management Local to remote server globus-url-copy file:/home/globus/test gsiftp://gridfs/tmp/testing_gridftp Remote server to local globus-url-copy gsiftp://gridfs/tmp/testing_gridftp file:/home/globus/test Third-party transfer globus-url-copy gsiftp://che01/tmp/testing_gridftp gsiftp://hyd01/tmp/testing_gridftp 22
MDS # wsrf-query -s https://fqdn:8443/wsrf/services/defaultindexservice 23
Resource Management GRAM - Grid Resource Allocation Management GRAM protocol allows to run programs on remote servers despite local heterogeneity Resource Specification Language (RSL) is used to communicate requirements 24
Grid Security Infrastructure-GSI GSI contains Tools (Certification, Proxy Mgt), Libraries and Protocols used in Globus to allow Users & applications to securely access resources Motivations Secure Communication Security across Organizational boundaries Support Single Sign-On 25
Continued. Based on PKI Private and Public Keys Certificates Features for Single-Sign on Proxy Credentials Delegation 26
Generate host certificate Host certificate is must for any machine that wish to participate in grid. # grid-cert-request host <FQDN of Host> Requested certificate will be placed in /etc/gridsecurity/hostcert_request.pem The Host Certificates has to be mailed to the CA manager for signing. For GARUDA CA you need to mail to grid-help@cdacb.ernet.in Once it is signed you will get hostcert.pem which you need to put in the /etc/grid-security/ directory 27
User Certificate User certificate has to be requested from GARUDA CA http://192.168.60.40/purse 28
Conclusion Globus is the most widely used Grid M/W (open source) Enhancements and support available from a large open source community Deployment support from http://gridsupport.garudaindia.in 29
Thank you 30