Globus Online for HPSS: Difference between revisions
From Lsdf
Jump to navigationJump to search
No edit summary |
No edit summary |
||
Line 1: | Line 1: | ||
This is a guide on setup the Globus Online service to storge data on HPSS. |
This is a guide on setup the Globus Online service to storge data on HPSS at KIT. |
||
== Components == |
|||
GridFTP Server connected to HPSS-DSI |
|||
myProxy Server for managing and creating user proxies |
|||
OAuth Server for User logins to the globus-Online Endpoint at KIT. |
|||
[https://www.globus.org/ Globus Online] Web Interface. |
|||
The GridFTP SErver ist connected to a HPSS-DSI |
|||
== Requirements == |
== Requirements == |
||
Line 26: | Line 34: | ||
== Configuration == |
== Configuration == |
||
Adapt the config files |
* Adapt the config files. Both files contain detailed information on configuration. Please check! |
||
/etc/globus-connect-server.conf |
/etc/globus-connect-server.conf |
||
/var/lib/globus-connect-server/myproxy-server.conf |
/var/lib/globus-connect-server/myproxy-server.conf |
Revision as of 14:51, 19 June 2015
This is a guide on setup the Globus Online service to storge data on HPSS at KIT.
Components
GridFTP Server connected to HPSS-DSI myProxy Server for managing and creating user proxies OAuth Server for User logins to the globus-Online Endpoint at KIT. Globus Online Web Interface.
The GridFTP SErver ist connected to a HPSS-DSI
Requirements
- A working HPSS Frontend with HPSS Client software installed and configured.
- A working GridFTP Server with a valid Grid Host certificate. (GridKa Host certificate)
- A working HPSS-GridFTP-DSI compiled package
- Notice: a HPSS-Fuse instead of DSI would also work.
- A working Connection to an LDAP Server to authorized the user locally on the GridFTP server.
- A Globus Online account if not already exists.
- A valid Grid User certificate.
Installation
Hostname: archive-tgftp.lsdf.kit.edu OS: SL 6.4
- Download and install Globus Connect server repository
# curl -LOs http://toolkit.globus.org/ftppub/globus-connect-server/globus-connect-server-repo-latest.noarch.rpm # rpm --import http://www.globus.org/ftppub/globus-connect-server/RPM-GPG-KEY-Globus # yum install globus-connect-server-repo-latest.noarch.rpm
- Install
# yum install globus-connect-server
Configuration
- Adapt the config files. Both files contain detailed information on configuration. Please check!
/etc/globus-connect-server.conf /var/lib/globus-connect-server/myproxy-server.conf
- globus-connect-server.conf
[Globus] User = %(GLOBUS_USER)s Password = %(GLOBUS_PASSWORD)s [Endpoint] Name = bwda-go-1 Public = True DefaultDirectory = /~/ [Security] FetchCredentialFromRelay = False CertificateFile = /etc/grid-security/hostcert.pem KeyFile = /etc/grid-security/hostkey.pem TrustedCertificateDirectory = /etc/grid-security/certificates IdentityMethod = OAuth AuthorizationMethod = MyProxyGridmapCallout [GridFTP] Server = archive-tgftp.lsdf.kit.edu IncomingPortRange = 50000,51000 OutgoingPortRange = 50000,51000 RestrictPaths = RW~,R/hpss/fs/GFTP/public (!! to check) # still not working, needs registration Sharing = True SharingRestrictPaths = R/hpss/fs/GFTP/public SharingStateDir = /var/globusonline/sharing/$USER [MyProxy] Server = %(HOSTNAME)s ServerBehindNAT = False CADirectory = /var/lib/globus-connect-server/myproxy-ca ConfigFile = /var/lib/globus-connect-server/myproxy-server.conf [OAuth] Server = %(HOSTNAME)s
- myproxy-server.conf
authorized_retrievers "*" default_retrievers "*" authorized_renewers "*" default_renewers "none" default_key_retrievers "none" trusted_retrievers "*" default_trusted_retrievers "none" accepted_credentials "*" certificate_issuer_cert "/var/lib/globus-connect-server/myproxy-ca/cacert.pem" certificate_issuer_key "/var/lib/globus-connect-server/myproxy-ca/private/cakey.pem" certificate_issuer_key_passphrase "globus" certificate_serialfile "/var/lib/globus-connect-server/myproxy-ca/serial" certificate_out_dir "/var/lib/globus-connect-server/myproxy-ca/newcerts" certificate_issuer_subca_certfile "/var/lib/globus-connect-server/myproxy-ca/cacert.pem" max_cert_lifetime 168 cert_dir /etc/grid-security/certificates pam "required" pam_id "login" certificate_mapapp /var/lib/globus-connect-server/myproxy-ca/mapapp accepted_credentials_mapapp /usr/local/bin/myproxy-accepted-credentials-mapapp
Endpoint Creation
Now setup your Frontend GridFTP Server as an Endpoint for globus Online
# globus-connect-server-setup
- The globus-connect-server-setup asks you for your Globus Online account name and password.
- If you run globus-connect-server-setup many times you get this error message:
"You are not an admin of the MyProxy Delegation Service"
- Solution: run as root:
# rm /var/lib/myproxy-oauth/myproxy-oauth.db