$ ./configure --prefix=$GLOBUS_LOCATION && make | tee make.log && make install | tee make_install.log
(2 hours estimated)
## Installation of CA packages
@ earth
globus@earth:~/gt4.2.1-all-source-installer$ /usr/local/globus-4.2.1/setup/globus/setup-simple-ca
@ venus
## Setting up security in each grid node
$ scp earth:/home/globus/.globus/simpleCA/globus_simple* ~ && /usr/local/gt4.2.1/sbin/gpt-build globus_simple_ca_bb771705_setup-0.20.tar.gz gcc32dbg && /usr/local/gt4.2.1/sbin/gpt-postinstall
(as a root user)
# /usr/local/gt4.2.1/setup/globus_simple_ca_bb771705_setup/setup-gsi -default
## obtain n sign a host certificate
# grid-cert-request -host `hostname -f` && scp /etc/grid-security/hostcert_request.pem globus@earth:~
globus@earth:~$ grid-ca-sign -in hostcert_request.pem -out hostcert.pem && scp hostcert.pem venus:~
root@venus:~# cp hostcert.pem /etc/grid-security -v
## obtain n sign a user certificate
root@venus:~# adduser auser1
root@venus:~# grid-cert-request && scp /home/auser1/.globus/usercert_request.pem globus@earth:~
globus@earth:~$ grid-ca-sign -in usercert_request.pem -out usercert.pem && scp usercert.pem auser1@venus:/home/auser1/.globus
auser1@venus:~$ grid-proxy-init -debug -verify
[...you can copy the user certificate...]
auser1@venus:~/.globus$ scp * mercury:~/.globus
## obtain n sign a user certificate
auser1@venus:~$ mkdir .globus
[after DO this "auser1@venus:~/.globus$ scp * mercury:~/.globus"]
auser1@venus:~$ grid-proxy-init -debug -verify
## Setting mapping information between a grid user and a local user
auser1@venus:~/.globus$ grid-cert-info -subject -f /home/auser1/.globus/usercert.pem
/O=Grid/OU=GlobusTest/OU=simpleCA-earth.gcl.if.its.ac.id/OU=gcl.if.its.ac.id/CN=chika tambun
root@venus:~# grid-cert-info -subject -f /home/auser1/.globus/usercert.pem
/O=Grid/OU=GlobusTest/OU=simpleCA-earth.gcl.if.its.ac.id/OU=gcl.if.its.ac.id/CN=chika tambun
root@venus:~# grid-mapfile-add-entry -dn "`grid-cert-info -subject -f /home/auser1/.globus/usercert.pem`" -ln auser1
Modifying /etc/grid-security/grid-mapfile ...
/etc/grid-security/grid-mapfile does not exist... Attempting to create /etc/grid-security/grid-mapfile
New entry:
"/O=Grid/OU=GlobusTest/OU=simpleCA-earth.gcl.if.its.ac.id/OU=gcl.if.its.ac.id/CN=chika tambun" auser1
(1) entry added
root@venus:~/gt4.2.1-all-source-installer# cat /etc/grid-security/grid-mapfile
root@venus:~/gt4.2.1-all-source-installer# grid-mapfile-check-consistency
Checking /etc/grid-security/grid-mapfile grid mapfile
Verifying grid mapfile existence...OK
Checking for duplicate entries...OK
Checking for valid user names...OK
## Configuration of Java WS Core
root@venus:/etc/grid-security# cp hostcert.pem containercert.pem && cp hostkey.pem containerkey.pem && chown globus:globus container*
globus@venus:~ $ globus-start-container
[...unrelated output...]
[67]: https://10.151.35.201:8443/wsrf/services/mds/test/usefulrp/IndexService
[68]: https://10.151.35.201:8443/wsrf/services/mds/test/usefulrp/IndexServiceEntry
2010-09-04T12:27:58.080+07:00 INFO impl.DefaultIndexService [ServiceThread-58,performDefaultRegistrations:261] guid=2d523400-b7e5-11df-ad3f-89afa9801644 event=org.globus.mds.index.performDefaultRegistrations.end status=0
## Executing Counter sample program
## GridFTP configuration
root@mercury:/etc/grid-security# cat /etc/services
# Local services
gsiftp 2811/tcp
root@mercury:/etc/grid-security# cat /etc/xinetd.d/gsiftp
service gsiftp
{
instances = 100
socket_type = stream
wait = no
user = root
env += GLOBUS_LOCATION=/usr/local/gt4.2.1
env += LD_LIBRARY_PATH=/usr/local/gt4.2.1/lib
server = /usr/local/gt4.2.1/sbin/globus-gridftp-server
server_args = -i
log_on_success += DURATION
disable = no
}
auser1@mercury:~$ globus-url-copy gsiftp://mercury.gcl.if.its.ac.id/tmp/message gsiftp://venus.gcl.if.its.ac.id/tmp/message.1
error: globus_ftp_client: the server responded with an error
530 530-Login incorrect. : globus_gss_assist: Gridmap lookup failure: Could not map /O=Grid/OU=GlobusTest/OU=simpleCA-earth.gcl.if.its.ac.id/OU=gcl.if.its.ac.id/CN=chika tambun
530-
530 End.
Solution: add entry mercury gridmapfile to venus gridmapfile
root@mercury:~# vi /etc/sudoers
# /etc/sudoers
#
# This file MUST be edited with the 'visudo' command as root.
#
# See the man page for details on how to write a sudoers file.
#
Defaults env_reset
# Host alias specification
# User alias specification
# Cmnd alias specification
# User privilege specification
root ALL=(ALL) ALL
# Allow members of group sudo to execute any command after they have
# provided their password
# (Note that later entries override this, so you might need to move
# it further down)
%sudo ALL=(ALL) ALL
#
#includedir /etc/sudoers.d
# Members of the admin group may gain root privileges
%admin ALL=(ALL) ALL
# Globus GRAM entries
Runas_Alias GLOBUSUSERS = ALL, !root;
globus ALL=(GLOBUSUSERS) NOPASSWD: /usr/local/gt4.2.1/libexec/globus-gridmap-and-execute -g /etc/grid-security/grid-mapfile /usr/local/gt4.2.1/libexec/globus-job-manager-script.pl *
globus ALL=(GLOBUSUSERS) NOPASSWD: /usr/local/gt4.2.1/libexec/globus-gridmap-and-execute -g /etc/grid-security/grid-mapfile /usr/local/gt4.2.1/libexec/globus-gram-local-proxy-tool *
## WS GRAM Configuration
globus@mercury:~$ globusrun-ws -submit -c /bin/touch /tmp/createdFile
Submitting job...Failed.
A proxy is required to submit a job, but no valid proxy credential was found.
globus@mercury:~$ su auser1
Password:
auser1@mercury:/home/globus$ globusrun-ws -submit -c /bin/touch /tmp/createdFile
Submitting job...Done.
Job ID: uuid:f6d60a66-b7f6-11df-95b7-0018fe645851
Termination time: 09/04/3010 07:35 GMT
Current job state: Active
Current job state: CleanUp
Current job state: Done
Destroying job...Done.
auser1@mercury:~$ cat echo_job.xml
auser1@venus:~$ globusrun-ws -submit -f echo_job.xml
Submitting job...Done.
Job ID: uuid:c686299e-b7f7-11df-a3be-0018fe645a69
Termination time: 09/04/3010 07:41 GMT
Current job state: Active
Current job state: CleanUp
Current job state: Done
Destroying job...Done.
The Monitoring and Discovery System (MDS) is a suite of web services to monitor and discover resources and services on Grids.
auser1@mercury:~$ wsrf-query -s https://10.151.35.201:8443/wsrf/services/DefaultIndexService "//*" > MDS4_mercury.txt
<
@ mercury
## Setting up security in each grid node
$ scp earth:/home/globus/.globus/simpleCA/globus_simple* ~ && /usr/local/gt4.2.1/sbin/gpt-build globus_simple_ca_bb771705_setup-0.20.tar.gz gcc32dbg && /usr/local/gt4.2.1/sbin/gpt-postinstall
(as a root user)
# /usr/local/gt4.2.1/setup/globus_simple_ca_bb771705_setup/setup-gsi -default
## obtain n sign a host certificate
# grid-cert-request -host `hostname -f` && scp /etc/grid-security/hostcert_request.pem globus@earth:~
globus@earth:~$ grid-ca-sign -in hostcert_request.pem -out hostcert.pem && scp hostcert.pem mercury:~
root@mercury:~# cp hostcert.pem /etc/grid-security -v
auser@abox:~$ grid-ca-sign -in hostcert_request.pem -out hostcert.pem && scp hostcert.pem venus:~
ReplyDeleteTo sign the request
please enter the password for the CA key:
ERROR running command:
/usr/local/globus-4.2.1/bin/openssl ca -passin stdin \
-batch -config /home/globus/.globus/simpleCA//grid-ca-ssl.conf \
-in /tmp/tmp_cert_req.pem.16008 -out /tmp/tmp_cert.pem.16008
========== ERROR MESSAGES FROM OPENSSL ==========
Using configuration from /home/globus/.globus/simpleCA//grid-ca-ssl.conf
Check that the request matches the signature
Signature ok
The Subject's Distinguished Name is as follows
organizationName :PRINTABLE:'Grid'
organizationalUnitName:PRINTABLE:'GlobusTest'
organizationalUnitName:PRINTABLE:'simpleCA-earth.gcl.if.its.ac.id'
commonName :PRINTABLE:'host/venus.gcl.if.its.ac.id'
Certificate is to be certified until Sep 4 04:00:31 2011 GMT (365 days)
failed to update database
TXT_DB error number 2
===============================================
auser@abox:~$ vi .globus/simpleCA/index.txt
delete the containign but realted