Globus Online for HPSS: Difference between revisions

From Lsdf
Jump to navigationJump to search
No edit summary
No edit summary
Line 1: Line 1:
This is a guide on setup the Globus Online service to storge data on HPSS.
This is a guide on setup the Globus Online service to storge data on HPSS at KIT.

== Components ==
GridFTP Server connected to HPSS-DSI
myProxy Server for managing and creating user proxies
OAuth Server for User logins to the globus-Online Endpoint at KIT.
[https://www.globus.org/ Globus Online] Web Interface.
The GridFTP SErver ist connected to a HPSS-DSI


== Requirements ==
== Requirements ==
Line 26: Line 34:


== Configuration ==
== Configuration ==
Adapt the config files
* Adapt the config files. Both files contain detailed information on configuration. Please check!
/etc/globus-connect-server.conf
/etc/globus-connect-server.conf
/var/lib/globus-connect-server/myproxy-server.conf
/var/lib/globus-connect-server/myproxy-server.conf

Revision as of 14:51, 19 June 2015

This is a guide on setup the Globus Online service to storge data on HPSS at KIT.

Components

GridFTP Server connected to HPSS-DSI myProxy Server for managing and creating user proxies OAuth Server for User logins to the globus-Online Endpoint at KIT. Globus Online Web Interface.

The GridFTP SErver ist connected to a HPSS-DSI

Requirements

  • A working HPSS Frontend with HPSS Client software installed and configured.
  • A working GridFTP Server with a valid Grid Host certificate. (GridKa Host certificate)
  • A working HPSS-GridFTP-DSI compiled package
    • Notice: a HPSS-Fuse instead of DSI would also work.
  • A working Connection to an LDAP Server to authorized the user locally on the GridFTP server.
  • A Globus Online account if not already exists.
  • A valid Grid User certificate.

Installation

Hostname: archive-tgftp.lsdf.kit.edu OS: SL 6.4

  • Download and install Globus Connect server repository
# curl -LOs http://toolkit.globus.org/ftppub/globus-connect-server/globus-connect-server-repo-latest.noarch.rpm
# rpm --import http://www.globus.org/ftppub/globus-connect-server/RPM-GPG-KEY-Globus
# yum install globus-connect-server-repo-latest.noarch.rpm
  • Install
# yum install globus-connect-server

Configuration

  • Adapt the config files. Both files contain detailed information on configuration. Please check!
/etc/globus-connect-server.conf
/var/lib/globus-connect-server/myproxy-server.conf
  • globus-connect-server.conf
[Globus]
User = %(GLOBUS_USER)s
Password = %(GLOBUS_PASSWORD)s
[Endpoint]
Name = bwda-go-1
Public = True
DefaultDirectory = /~/
[Security]
FetchCredentialFromRelay =  False
CertificateFile = /etc/grid-security/hostcert.pem
KeyFile = /etc/grid-security/hostkey.pem
TrustedCertificateDirectory = /etc/grid-security/certificates
IdentityMethod = OAuth
AuthorizationMethod = MyProxyGridmapCallout
[GridFTP]
Server = archive-tgftp.lsdf.kit.edu
IncomingPortRange = 50000,51000
OutgoingPortRange = 50000,51000
RestrictPaths = RW~,R/hpss/fs/GFTP/public (!! to check)
# still not working, needs registration
Sharing = True
SharingRestrictPaths = R/hpss/fs/GFTP/public
SharingStateDir = /var/globusonline/sharing/$USER
[MyProxy]
Server = %(HOSTNAME)s
ServerBehindNAT = False
CADirectory = /var/lib/globus-connect-server/myproxy-ca
ConfigFile = /var/lib/globus-connect-server/myproxy-server.conf
[OAuth]
Server = %(HOSTNAME)s
  • myproxy-server.conf
authorized_retrievers      "*"
default_retrievers         "*"
authorized_renewers        "*"
default_renewers           "none"
default_key_retrievers     "none"
trusted_retrievers         "*"
default_trusted_retrievers "none"
accepted_credentials       "*"            
certificate_issuer_cert "/var/lib/globus-connect-server/myproxy-ca/cacert.pem"
certificate_issuer_key "/var/lib/globus-connect-server/myproxy-ca/private/cakey.pem"
certificate_issuer_key_passphrase "globus"
certificate_serialfile "/var/lib/globus-connect-server/myproxy-ca/serial"
certificate_out_dir "/var/lib/globus-connect-server/myproxy-ca/newcerts"
certificate_issuer_subca_certfile "/var/lib/globus-connect-server/myproxy-ca/cacert.pem"
max_cert_lifetime 168
cert_dir /etc/grid-security/certificates
pam  "required"
pam_id "login"
certificate_mapapp /var/lib/globus-connect-server/myproxy-ca/mapapp
accepted_credentials_mapapp /usr/local/bin/myproxy-accepted-credentials-mapapp

Endpoint Creation

Now setup your Frontend GridFTP Server as an Endpoint for globus Online

# globus-connect-server-setup
  • The globus-connect-server-setup asks you for your Globus Online account name and password.
  • If you run globus-connect-server-setup many times you get this error message:
"You are not an admin of the MyProxy Delegation Service"
    • Solution: run as root:
# rm /var/lib/myproxy-oauth/myproxy-oauth.db