Difference between revisions of "Globus Online for HPSS"

This is a guide on setup the Globus Online service to storge data on HPSS.

Requirements

• A working HPSS Frontend with HPSS Client software installed and configured.
• A working GridFTP Server with a valid Grid Host certificate. (GridKa Host certificate)
• A working HPSS-GridFTP-DSI compiled package
  • Notice: a HPSS-Fuse instead of DSI would also work.
• A working Connection to an LDAP Server to authorized the user locally on the GridFTP server.
• A Globus Online account if not already exists.
• A valid Grid User certificate.

Installation

Hostname: archive-tgftp.lsdf.kit.edu OS: SL 6.4

• Download and install Globus Connect server repository

# curl -LOs http://toolkit.globus.org/ftppub/globus-connect-server/globus-connect-server-repo-latest.noarch.rpm
# rpm --import http://www.globus.org/ftppub/globus-connect-server/RPM-GPG-KEY-Globus
# yum install globus-connect-server-repo-latest.noarch.rpm

• Install

# yum install globus-connect-server

Configuration

Adapt the config files

/etc/globus-connect-server.conf
/var/lib/globus-connect-server/myproxy-server.conf

• globus-connect-server.conf

[Globus]
User = %(GLOBUS_USER)s
Password = %(GLOBUS_PASSWORD)s
[Endpoint]
Name = bwda-go-1
Public = True
DefaultDirectory = /~/
[Security]
FetchCredentialFromRelay =  False
CertificateFile = /etc/grid-security/hostcert.pem
KeyFile = /etc/grid-security/hostkey.pem
TrustedCertificateDirectory = /etc/grid-security/certificates
IdentityMethod = OAuth
AuthorizationMethod = MyProxyGridmapCallout
[GridFTP]
Server = archive-tgftp.lsdf.kit.edu
IncomingPortRange = 50000,51000
OutgoingPortRange = 50000,51000
RestrictPaths = RW~,R/hpss/fs/GFTP/public (!! to check)
# still not working, needs registration
Sharing = True
SharingRestrictPaths = R/hpss/fs/GFTP/public
SharingStateDir = /var/globusonline/sharing/$USER
[MyProxy]
Server = %(HOSTNAME)s
ServerBehindNAT = False
CADirectory = /var/lib/globus-connect-server/myproxy-ca
ConfigFile = /var/lib/globus-connect-server/myproxy-server.conf
[OAuth]
Server = %(HOSTNAME)s

• myproxy-server.conf

authorized_retrievers      "*"
default_retrievers         "*"
authorized_renewers        "*"
default_renewers           "none"
default_key_retrievers     "none"
trusted_retrievers         "*"
default_trusted_retrievers "none"
accepted_credentials       "*"            
certificate_issuer_cert "/var/lib/globus-connect-server/myproxy-ca/cacert.pem"
certificate_issuer_key "/var/lib/globus-connect-server/myproxy-ca/private/cakey.pem"
certificate_issuer_key_passphrase "globus"
certificate_serialfile "/var/lib/globus-connect-server/myproxy-ca/serial"
certificate_out_dir "/var/lib/globus-connect-server/myproxy-ca/newcerts"
certificate_issuer_subca_certfile "/var/lib/globus-connect-server/myproxy-ca/cacert.pem"
max_cert_lifetime 168
cert_dir /etc/grid-security/certificates
pam  "required"
pam_id "login"
certificate_mapapp /var/lib/globus-connect-server/myproxy-ca/mapapp
accepted_credentials_mapapp /usr/local/bin/myproxy-accepted-credentials-mapapp

Endpoint Creation

Now setup your Frontend GridFTP Server as an Endpoint for globus Online

# globus-connect-server-setup

• The globus-connect-server-setup asks you for your Globus Online account name and password.
• If you run globus-connect-server-setup many times you get this error message:

"You are not an admin of the MyProxy Delegation Service"

• • Solution: run as root:

# rm /var/lib/myproxy-oauth/myproxy-oauth.db