Globus Toolkit v2.0 alpha Installation and Setup

by Stefano Barale (University and INFN TO), Daniele Mura (INFN CA)

1. Abstract

What follows is a brief description of the steps we did to properly install and setup the Globus Toolkit v2.0 alpha on a Linux RedHat 7.1 machine.
With a few corrections (included) it *should* work even on older versions (RH 6.1, 6.2).

2. Installation

1) We downloaded the source tarballs from this page .
2) We modified the script build_from_source_tarballs to make it point to the new version of the following files:

globus_core-2.1.tar.gz instead of globus_core-2.0.tar.gz
globus_gram_job_manager-2.1.tar.gz ...
globus_ssl_utils-2.1.tar.gz ...
globus_user_env-2.1.tar.gz ...

3) We built the package using the modified script.

3. Setup

1) Our globus directory was /opt/globus, so we put the gatekeeper certificates (globus-gatekeeper.cert and globus-gatekeeper.key: read here for instructions on how to get INFN-CA signed host certificates) in /opt/globus/etc

2) We put the certification authority signing policy files into /etc/grid-security/certificates, following the new CA signing policy schema (the file ca-signing-policy.conf is no longer used).

3) We put the user certificate in the directory /home/username/.globus.

4) At this stage grid-proxy-init should work.

5) We edited globus-gatekeeper.conf and filled in the correct values for each entry.
You can take some 'inspiration' from this template:

-home /opt/globus/ -e /opt/globus/libexec
-grid_services /opt/globus/etc/grid-services
-gridmap /etc/grid-security/grid-mapfile
-port 2119 -inetd
-x509_cert_dir /etc/grid-security/certificates
-x509_user_cert /opt/globus/etc/globus-gatekeeper.cert
-x509_user_key /opt/globus/etc/globus-gatekeeper.key
-logfile /opt/globus/var/globus-gatekeeper.log

6) We edited /etc/services adding the following line:
globus-gatekeeper 2119/tcp

7) At this stage we created a new service putting the following file in /etc/xinit.d/:

# default: on
# description: The telnet server serves telnet sessions; it uses
# unencrypted username/password pairs for authentication.
service globus-gatekeeper
log_type = FILE /var/log/gateservicelog
log_on_success = HOST PID
log_on_failure = HOST RECORD
socket_type = stream
protocol = tcp
wait = no
user = root
server = /opt/globus/sbin/globus-gatekeeper
server_args = -conf /opt/globus/etc/globus-gatekeeper.conf
env =
LD_LIBRARY_PATH = /opt/globus/lib
GLOBUS_LOCATION = /opt/globus
disable = no

if you use a pre-RedHat 7 Linux Box you should edit /etc/inetd.conf, instead, adding the following line:
globus-gatekeeper stream tcp nowait root ${YOUR_GLOBUS_LOCATION}/sbin/globus-gatekeeper -conf ${YOUR_GLOBUS_LOCATION}/etc/globus-gatekeeper.conf

8) We restarted the inetd daemon (netstat -an | grep 2119 to control that globus is actually up and listening)

9) We tested the gatekeeper getting:

[root@mafalda /root]# /opt/globus/sbin/globus-gatekeeper -conf /opt/globus/etc/globus-gatekeeper.conf -test
Testing gatekeeper
Local user id (uid) : root
Home directory : /opt/globus
Libexec directory : /opt/globus/libexec
Gatekeeper subject name :
Gatekeeper test complete : Success!

Gatekeeper shutting down!

10) We edited the new file globus-job-manager.conf as follows:

-home /opt/globus/
-e /opt/globus/libexec
-globus-org-dn 'dc=ca, dc=infn, dc=it, o=Grid'
-globus-gatekeeper-host ''
-globus-gatekeeper-port '2119'
-globus-host-dn ', dc=ca, dc=infn, dc=it, o=Grid'
-globus-host-cputype i686
-globus-host-manufacturer unknown
-globus-host-osname Linux

11) If you're working with old RedHat versions you should need to add the line:
at the end of /etc/ to make sure globus finds its libraries.

P.S.: If you haven't set them in the profile.d you should enter:

Mail to Stefano Barale | Mail to Daniele Mura