Home > Articles

  • Print
  • + Share This
Like this article? We recommend

Globus Toolkit Installation

After you have met all of the prerequisites, proceed with the Globus Toolkit version 3.x installation. It is recommended that you create a special system account (for example, globus) to own the Globus Toolkit version 3.x files, then perform the installation as this user. The Globus Toolkit tries to minimize the usage of super-user privileges to avoid security problems.

This section documents all Globus Toolkit 3.x installation steps. The installation steps are not specific to the Solaris OS platform, but are common to all UNIX operating systems.

Phase 1: Installing Globus Toolkit 3.x Core

The following steps guide you through the process of installing the Globus Toolkit version 3.x core.

To Install Globus Toolkit 3.x Core

  1. Set the JAVA_HOME environment variable to point to your JDK distribution; add $JAVA_HOME/bin to your PATH environment variable.

  2. Set the ANT_HOME environment variable to point to your Ant distribution; add $ANT_HOME/bin to the PATH environment variable.

  3. Download the Globus Toolkit version 3.x source installation bundle from http://www-unix.globus.org/ftppub/gt3/3.0/3.0.2/gt3.0.2-source-installer.tar.gz, and extract it to your preferred location, which is referred to as <GLOBUS_SOURCE_INSTALLER> from here on.

  4. Choose an installation directory for Globus Toolkit version 3.x.

  5. This directory is different than the source distribution directory and from here on is referred to as <GLOBUS_LOCATION>.

  6. Change directory to the <GLOBUS_SOURCE_INSTALLER> directory, and run the install-gt3 installation script.

  7. It is recommended that you edit the install-gt3 script and append \ -verbose to the definitions of the GPT_BUILD and GPT_INSTALL variables. This increases verbosity. You should capture the installation log to a file as follows:

    $ ./install-gt3 <GLOBUS_LOCATION> 2>&1| tee install.log
  8. After the script exits, check the log for errors:

  9. $ grep ERROR install.log

    If there are no errors, continue with the installation. Otherwise, check the log file to find the cause of the installation error.

  10. Change directory to the <GLOBUS_LOCATION> directory and run ant setup.

  11. Log in as super-user, change directory to the <GLOBUS_LOCATION> directory, and run the following commands:

  12. # mkdir <JAVA_HOME>/jre/lib/endorsed
    # cp endorsed/xalan.jar <JAVA_HOME>/jre/lib/endorse

    where <JAVA_HOME> is the directory of your Java distribution.

Phase 2: Installing Certificate Authority (CA) and Issuing Certificates

Security is one of the main concerns of Globus Toolkit 3.x. The Globus Toolkit is built upon the Grid Security Infrastructure (GSI) layer. GSI provides authentication, access control, and confidentiality of data. It uses PKI and digital certificates to authenticate grid entities.

You need a host certificate for your host, an LDAP certificate for your directory service, and a user certificate for each grid user. A trusted Certificate Authority (CA) must sign all these certificates. You can use your own existing CA, you can use the Globus CA, or you can install your own simple CA with basic functionality for testing purposes.

The first option is not always available. The second one is quite impractical because there is a delay of approximately two days between the time you request a signed certificate, and the time it is sent to you by the Globus CA. Thus, for testing purposes, it is recommended that you install your own CA.

To Install Your Own CA

  1. Download the Globus Toolkit CA bundle from ftp://ftp.globus.org/pub/gsi/simple_ca/globus_simple_ca_bundle-latest.tar.gz.

  2. Copy the simple CA bundle to the <GLOBUS_SOURCE_INSTALLER> directory, then issue the following commands from the account you are using to install Globus Toolkit 3.x:

  3. $ export <GLOBUS_LOCATION>=/path/to/globus/installation
    $ $<GLOBUS_LOCATION>/sbin/gpt-build \
     globus_simple_ca_bundle-latest.tar.gz <flavor>
    $ $<GLOBUS_LOCATION>/sbin/gpt-postinstall

    where flavor is the platform for which you want to install. For more information on flavors, consult the Globus Toolkit 3 Administration Guide. Examples of flavors are gcc32, gcc32dbg, and gcc32pthr.

    NOTE

    During the post-installation phase, you will be prompted to provide information about the newly created CA; make sure this information is valid.

    In the $HOME/.globus directory of the user account you want to use to perform the installation, you can now find the simple CA directory where the CA has been installed. The cacert.pem file represents the CA public key. Also in this directory, you can find a tarball named globus_simple_ca_<CA-HASH>_setup.tar.gz where CA-HASH represents the hashcode for the CA certificate (cacert.pem).

  4. Compute the hashcode for your certificate using the following command:

  5. $ openssl x509 -in <certificate_file> -hash –noout

    This tarball can then be distributed to other hosts that want to be clients for your CA, or trust your CA. They can install it using gpt. Your CA certificate file with other needed configuration files will be installed on the client machines.

  6. To setup the grid security for your installation, log in as root, and run the following command:

  7. # $<GLOBUS_LOCATION>/setup/globus_simple_ca_<hashcode>_setup/setup-gsi

    This configures the security infrastructure to use the newly created CA and create the proper directory structure under the /etc/grid-security directory.

To Install a Globus Toolkit CA

  • If you choose to install and set up the Globus Toolkit CA instead of your own CA, run the setup-gsi script under the $<GLOBUS_LOCATION>/setup directory.

  • Under the $<GLOBUS_LOCATION>/setup directory is the globus directory that contains the data needed to install the Globus CA as your trusted CA.

To Issue Certificates

NOTE

After setting up grid security, you must create certificates for your grid host, for your directory service LDAP server, and for your users. The tools to create and sign the certificate are located in $<GLOBUS_LOCATION>/bin.

  1. Add the $<GLOBUS_LOCATION>/bin location to the PATH environment variable.

  2. To create a certificate request for your host, use the following command syntax:

  3. $ grid-cert-request -service host -host <hostname>

    For example:

    $ grid-cert-request -service host -host \ solaris.ddns.comp.nus.edu.sg

    This certificate is used by the GRAM and GridFTP services.

  4. To create a certificate for your LDAP server, use the following command syntax:

  5. $ grid-cert-request -service ldap –host <hostname>

    For example:

    $ grid-cert-request -service ldap –host \ solaris.ddns.comp.nus.edu.sg
  6. To create a certificate request for your user, use following command syntax:

  7. $ grid-cert-request

    After you create your certificates, you must sign them using your CA. You can sign the certificates using the grid-ca-sign utility.

  8. Sign the certificates using the grid-ca-sign utility.

  9. $ grid-ca-sign –in <certificate_request.pem> -out <certificate.pem>
  10. Obtain the signed certificates from the CA, and copy them to the proper locations:

    • /etc/grid-security for the host certificate

    • /etc/grid-security/ldap for your LDAP certificate

    • $HOME/.globus for the user certificate

    Ensure that the certificates for the trusted CA are saved in the directory /etc/grid-security/certificates/. For example, the file 42864e48.0 is the trusted certificate for Globus Certification Authority.

    After installing the host certificate, proceed with the next phase of installation, installing the Master Managed Job Factory Service (MMJFS), as described in the next section.

Phase 3: Installing Master Managed Job Factory Service

After you have the host certificate in place, install the Master Managed Job Factory Service (MMJFS), logged in as the user you performed the core installation as.

To Install MMJFS

  1. Change directory to the <GLOBUS_SOURCE_INSTALLER> directory, and run the install-gt3-mmjfs installation script.

  2. It is recommended that you edit the install-gt3-mmjfs script and append \ -verbose to the definitions of the GPT_BUILD and GPT_INSTALL variables.

    This recommendation increases verbosity. It is recommended that you capture the installation log to a file as follows:

    $ ./install-gt3-mmjfs <GLOBUS_LOCATION> 2>&1| tee install-mmjfs.log
  3. After the script exits, check the log for errors:

  4. $ grep ERROR install-mmjfs.log

    If there are no errors, continue with the installation. Otherwise, check the log file to find the cause of the installation error.

  5. Log in as the super-user, and run the script setperms.sh:

  6. # $<GLOBUS_LOCATION>/bin/setperms.sh

    Proceed to the next section for configuration and testing.

  • + Share This
  • 🔖 Save To Your Account