Home > Articles

  • Print
  • + Share This
Like this article? We recommend

Globus Toolkit Configuration and Testing

This section describes how to configure and test the Globus Toolkit software.

Configuring Files

The Globus Toolkit 3.x services and service container have a large set of configuration files, most of them stored under the $<GLOBUS_LOCATION> and $<GLOBUS_LOCATION>/etc directories.

The following two configuration files need to be set up to achieve a minimal working configuration: /etc/grid-security/grid-mapfile and /etc/grid-security/grim-port-type.xml.

The grid-mapfile file contains the mappings between grid users and local user accounts. A grid user is identified by a digital certificate, signed by a trusted CA. The grid-mapfile contains mappings between X509 distinguished names (DNs), representing subjects of certificates, and local user account names. When a grid user requests to submit a job, it is first authenticated based on its certificate. After that, the job is started as the local user mapped to the grid user's x509 distinguished name (DN) in the grid-mapfile.

To Configure Grid Services

  1. To be able to access grid services provided by your host, edit the grid-mapfile and add a line such as the following:

  2. "<DN certificate subject>" localuser

    for each grid user, where the DN can be obtained by running the grid-cert-info –subject –file <certificate-file> command as a user that has obtained a certificate from the CA. An example entry is as follows:

    "/O=Grid/OU=GlobusTest/CN=Gabriel Ghinita" globus
  3. To configure the MMJFS, edit the grim-port-type.xml file to tell it which local account the MMJFS should be used when it is invoked through the web-service container.

  4. Its content should be similar to the following:

    <authorized_port_types>
    <port_type username="globus">http://www.globus.org/namespaces/managed_job/
    managed_job/ManagedJobPortType
    </port_type>
    </authorized_port_types>

Configuring Globus Toolkit Services

To complete the Globus Toolkit configuration, you need to configure Globus Toolkit services to start automatically at system startup.

  • If using Globus Toolkit 2.4, you need to start GRAM and GridFTP through the inetd daemon and GRIS as a standalone daemon. Use the instructions that follow for configuring GRAM, MDs, and GridFTP.

  • If using Globus Toolkit 3.x, you only need to start the grid services container.

To Configure GRAM

  1. Add the following line to the /etc/services file on your system:

  2. gsigatekeeper   2119/tcp # Globus Gatekeeper
  3. Add the following line to the /etc/inetd.conf file on your system:

  4. gsigatekeeper stream tcp nowait root
    /usr/bin/env env LD_LIBRARY_PATH=<GLOBUS_LOCATION>/lib <GLOBUS_LOCATION>/sbin/globus-gatekeeper 
    -conf <GLOBUS_LOCATION>/etc/globus-gatekeeper.conf

    where <GLOBUS_LOCATION> is the actual location of Globus Toolkit on your system.

  5. Restart the inetd daemon pkill –HUP inetd.

To Configure MDS

  1. Create the /etc/init.d/mds script and edit it to read as follows:

  2. <GLOBUS_LOCATION>/sbin/globus-mds start

    where <GLOBUS_LOCATION> is the actual location of Globus Toolkit on your system.

  3. Create a symbolic link to the MDS script from the location corresponding to your default run-level.

  4. For example:

    # ln –s /etc/init.d/mds /etc/rc3.d/S90mds

    The GRIS daemon will start on the default port 2135.

To Configure GridFTP

  1. Add the following line to the /etc/services file on your system:

  2. gsiftp 2811/tcp # Grid FTP service
  3. Add the following line to the /etc/inetd.conf file on your system:

  4. gsiftp stream tcp   nowait root 
    /usr/bin/env env LD_LIBRARY_PATH=<GLOBUS_LOCATION>/lib <GLOBUS_LOCATION>/sbin/in.ftpd -l 
    -Z <GLOBUS_LOCATION>/var/globus-gsiftp.log 
    -a -G <GLOBUS_LOCATION>

    where <GLOBUS_LOCATION> is the actual location of Globus Toolkit on your system. The –Z flag turns on the logging facility.

  5. Restart the inetd daemon pkill –HUP inetd.

To Configure the Grid Services Container

  1. To start the web services container as a service at system startup, create an /etc/init.d/globus-container script, then edit it to read as follows:

  2. <GLOBUS_LOCATION>/bin/globus-start-container –p 8080 >container.log 2>&1 &

    where <GLOBUS_LOCATION> is the actual location of Globus Toolkit on your system.

    You can change container.log to the path where you want to keep your container log file, and you can change the port number the container runs on (from the default of 8080).

  3. Create a symlink to the globus-container script from the location corresponding to your default run-level, for example:

  4. # ln –s /etc/init.d/globus-container /etc/rc3.d/S92globus-container
  • + Share This
  • 🔖 Save To Your Account