Professional Documents
Culture Documents
tkGlobusToolkit5 0
tkGlobusToolkit5 0
#----------------------------------------------------
# CAU HINH IP
# IP Address=192.168.1.10
# Gateway=192.168.1.1
#----------------------------------------------------
# Debian su dung lenh apt-get install <=> yum install
vi /etc/apt/sources.list
apt-get install ssh
Dung Puty login vao Debian
/usr/sbin/adduser globus
#----------------------------------------------------
#----------------------------------------------------
*) break;;
esac
echo -n "Press any key to continue"; read
done
exit 0
}
#--------------------------------------------------------------------
# 1.1. Pre-requisites
#--------------------------------------------------------------------
tkSoftwarePrerequisites(){
#--------------------------------------------------------------------
# Download the software Pre-requisites
#--------------------------------------------------------------------
tkInstallSoftware(){
cd /usr/local
mv /home/globus/jdk-6u18-linux-i586.bin /usr/local
chmod u+x jdk-6u18-linux-i586.bin && ./jdk-6u18-linux-i586.bin
mv /home/globus/junit4.8.1.zip /usr/local
unzip junit4.8.1.zip
mv /home/globus/apache-ant-1.8.0-bin.zip /usr/local
unzip apache-ant-1.8.0-bin.zip
rm /usr/local/apache-ant-1.8.0-bin.zip
rm /usr/local/junit4.8.1.zip
rm /usr/local/jdk-6u18-linux-i586.bin
}
#--------------------------------------------------------------------
# 1. Tao account globus
#--------------------------------------------------------------------
tkCreateGlobusAccount(){
adduser globus
adduser globus11
export GLOBUS_LOCATION=/usr/local/globus
rm -rf $GLOBUS_LOCATION
mkdir $GLOBUS_LOCATION
chown globus:globus $GLOBUS_LOCATION
ls -lF /usr/local/
su -l globus
mv /home/globus/.bashrc /home/globus/.bashrc_old
cp /home/globus/.bashrc_globus /home/globus/.bashrc
cat /home/globus/.bashrc
----------------------------------------------------------
# .bashrc
. $GLOBUS_LOCATION/etc/globus-user-env.sh
. $GLOBUS_LOCATION/etc/globus-dev-env.sh
# Source global definitions
if [ -f /etc/bashrc ]; then
. /etc/bashrc
fi # Source global definitions
if [ -f /etc/bashrc ]; then
. /etc/bashrc
fi
#--------------------------------------------------------------------
# 1.2. Building the Toolkit
#--------------------------------------------------------------------
tkBuildingGlobusToolkit(){
su globus
cd
cd gt5.0.2-all-source-installer
./configure --prefix=$GLOBUS_LOCATION
#--------------------------------------------------------------------
# 1.3. Setting up security on your first machine bk10.edu.vn
# Creating a Certificate Authority
#--------------------------------------------------------------------
tkSetupSecurity(){
echo ">>> CHU Y : Login root <<<"
su
cd
rm /root/.globus/.simplecapass
export GLOBUS_LOCATION=/usr/local/globus
source $GLOBUS_LOCATION/etc/globus-user-env.sh
cd ~globus/gt5.0.2-all-source-installer/quickstart
perl gt-server-ca.pl -y
ls ~/.globus/
ls ~/.globus/simpleCA/
cd
rm -rf /etc/grid-security
mkdir /etc/grid-security
chown globus:globus /etc/grid-security
mv $GLOBUS_LOCATION/etc/host*.pem /etc/grid-security/
cp -r $GLOBUS_LOCATION/share/certificates/ /etc/grid-security/
#====================================================================
# 1.4. Creating a MyProxy server
#====================================================================
tkCreateMyProxyServer(){
echo ">>> CHU Y : Login root <<<"
read
cd
export GLOBUS_LOCATION=/usr/local/globus
cp $GLOBUS_LOCATION/share/myproxy/myproxy-server.config /etc
vim /etc/myproxy-server.config
cp $GLOBUS_LOCATION/share/myproxy/etc.xinetd.myproxy /etc/xinetd.d/myproxy
vim /etc/xinetd.d/myproxy
cat /etc/xinetd.d/myproxy
-------------------------------------------------------------------------
service myproxy-server
{
socket_type = stream
protocol = tcp
wait = no
user = root
server = /usr/local/globus/sbin/myproxy-server
env = GLOBUS_LOCATION=/usr/local/globus LD_LIBRARY_PATH=/usr/local/globus/lib
disable = no
}
-------------------------------------------------------------------------
/etc/init.d/xinetd reload
netstat -an | grep 7512
-------------------------------------------------------------------------
tcp 0 0 0.0.0.0:7512 0.0.0.0:* LISTEN
-------------------------------------------------------------------------
export GLOBUS_LOCATION=/usr/local/globus
source $GLOBUS_LOCATION/etc/globus-user-env.sh
-------------------------------------------------------------------------
/O=Grid/OU=GlobusTest/OU=simpleCA-bkserver.edu.vn/OU=edu.vn/CN=globus11
-------------------------------------------------------------------------
-------------------------------------------------------------------------
/O=Grid/OU=GlobusTest/OU=simpleCA-bkserver.edu.vn/OU=edu.vn/CN=globus12
-------------------------------------------------------------------------
vim /etc/grid-security/grid-mapfile
cat /etc/grid-security/grid-mapfile
-------------------------------------------------------------------------
"/O=Grid/OU=GlobusTest/OU=simpleCA-bkserver/OU=edu.vn/CN=globus11" globus11
"/O=Grid/OU=GlobusTest/OU=simpleCA-bkserver/OU=edu.vn/CN=globus12" globus12
-------------------------------------------------------------------------
}
#====================================================================
# 1.5. Set up GridFTP
#====================================================================
tkSetupGridFTP(){
cd
vim /etc/xinetd.d/gridftp
cat /etc/xinetd.d/gridftp
----------------------------------------------------
service gsiftp
{
instances = 100
socket_type = stream
wait = no
user = root
env += GLOBUS_LOCATION=/usr/local/globus
env += LD_LIBRARY_PATH=/usr/local/globus/lib
server = /usr/local/globus/sbin/globus-gridftp-server
server_args = -i
log_on_success += DURATION
disable = no
}
----------------------------------------------------
vim /etc/services
tail /etc/services
/etc/init.d/xinetd reload
netstat -an | grep 2811
----------------------------------------------------
tcp 0 0 0.0.0.0:2811 0.0.0.0:* LISTEN
----------------------------------------------------
export GLOBUS_LOCATION=/usr/local/globus
source $GLOBUS_LOCATION/etc/globus-user-env.sh
myproxy-logon -s bkserver.edu.vn
----------------------------------------------------
Enter MyProxy pass phrase:
A credential has been received for user globus11 in /tmp/x509up_u1002.
----------------------------------------------------
}
#====================================================================
# 1.6. Setting up GRAM5 at BKServer
#====================================================================
tkStartWebServices(){
echo ">>> CHU Y : Login root <<<"
su
----------------------------------------------------
service gsigatekeeper
{
socket_type = stream
protocol = tcp
wait = no
user = root
env = LD_LIBRARY_PATH=/usr/local/globus/lib
server = /usr/local/globus/sbin/globus-gatekeeper
server_args = -conf /usr/local/globus/etc/globus-gatekeeper.conf
disable = no
}
----------------------------------------------------
/etc/init.d/xinetd reload
netstat -an | grep 2119
----------------------------------------------------
tcp 0 0 0.0.0.0:2119 0.0.0.0:* LISTEN
----------------------------------------------------
export GLOBUS_LOCATION=/usr/local/globus
source $GLOBUS_LOCATION/etc/globus-user-env.sh
myproxy-logon -s bkserver.edu.vn
----------------------------------------------------
Enter MyProxy pass phrase:
A credential has been received for user globus11 in /tmp/x509up_u1003.
----------------------------------------------------
}
#====================================================================
#====================================================================
# Cai dat GridMain thanh cong luc 12h ngay 27/07/2010
#====================================================================
#====================================================================
#====================================================================
# 2. Setting up your second machine : bk11.edu.vn
#====================================================================
# 2.3. Setting up your second machine: Security
#====================\===============================================
export GLOBUS_LOCATION=/usr/local/globus
scp -r bkserver:/usr/local/globus/share/certificates $GLOBUS_LOCATION/share
----------------------------------------------------
The authenticity of host 'bk11 (192.168.1.11)' can't be established.
RSA key fingerprint is c2:f7:51:dc:4d:14:05:0b:11:2e:cb:86:f8:d0:53:43.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'bk11,192.168.1.11' (RSA) to the list of known hosts.
globus@bk11's password:
globus-user-ssl.conf.9a9a9968 100% 2816 2.8KB/s 00:00
globus-host-ssl.conf.9a9a9968 100% 2710 2.7KB/s 00:00
9a9a9968.0 100% 928 0.9KB/s 00:00
grid-security.conf.9a9a9968 100% 1334 1.3KB/s 00:00
9a9a9968.signing_policy 100% 1339 1.3KB/s 00:00
----------------------------------------------------
===================================================
>> Tai may bkserver.edu.vn
echo ">>> CHU Y : Login root <<<"
export GLOBUS_LOCATION=/usr/local/globus
source $GLOBUS_LOCATION/etc/globus-user-env.sh
----------------------------------------------------
/O=Grid/OU=GlobusTest/OU=simpleCA-bkserver.edu.vn/OU=edu.vn/CN=globus11
----------------------------------------------------
----------------------------------------------------
/O=Grid/OU=GlobusTest/OU=simpleCA-bkserver.edu.vn/OU=edu.vn/CN=globus12
----------------------------------------------------
====================\===============================
export GLOBUS_LOCATION=/usr/local/globus
source $GLOBUS_LOCATION/etc/globus-user-env.sh
rm /etc/grid-security/*.pem
----------------------------------------------------
Enter MyProxy pass phrase:
Credentials for globus11 have been stored in
/etc/grid-security/hostcert.pem and
/etc/grid-security/hostkey.pem.
----------------------------------------------------
cd /etc/grid-security
cp hostcert.pem containercert.pem
cp hostkey.pem containerkey.pem
chown globus:globus container*.pem
ls -l *.pem
----------------------------------------------------
-rw------- 1 root root 867 2010-07-31 23:57 hostcert.pem
-rw------- 1 root root 887 2010-07-31 23:57 hostkey.pem
----------------------------------------------------
cd
myproxy-destroy -s bkserver.edu.vn -k globus11 -l globus11
vim /etc/grid-security/grid-mapfile
cat /etc/grid-security/grid-mapfile
----------------------------------------------------
"/O=Grid/OU=GlobusTest/OU=simpleCA-bkserver.edu.vn/OU=edu.vn/CN=globus11" globus11
"/O=Grid/OU=GlobusTest/OU=simpleCA-bkserver.edu.vn/OU=edu.vn/CN=globus12" globus12
----------------------------------------------------
#====================================================================
# 2.4. Setting up your second machine: GridFTP
#====================================================================
vim /etc/xinetd.d/gridftp
----------------------------------------------------
service gsiftp
{
instances = 100
socket_type = stream
wait = no
user = root
env += GLOBUS_LOCATION=/usr/local/globus
env += LD_LIBRARY_PATH=/usr/local/globus/lib
server = /usr/local/globus/sbin/globus-gridftp-server
server_args = -i
log_on_success += DURATION
disable = no
}
----------------------------------------------------
cat /etc/xinetd.d/gridftp
----------------------------------------------------
# Local services
gsiftp 2811/tcp
----------------------------------------------------
/etc/init.d/xinetd reload
netstat -an | grep 2811
----------------------------------------------------
tcp 0 0 0.0.0.0:2811 0.0.0.0:* LISTEN
----------------------------------------------------
export GLOBUS_LOCATION=/usr/local/globus
source $GLOBUS_LOCATION/etc/globus-user-env.sh
myproxy-logon -s bkserver.edu.vn
----------------------------------------------------
Enter MyProxy pass phrase:
A credential has been received for user globus11 in /tmp/x509up_u1003.
----------------------------------------------------
globus11@bk11:~$globus-url-copy gsiftp://bkserver.edu.vn/etc/ntkhoi.txt file:///tmp/ntkhoi11.doc
globus11@bk11:~$cat /tmp/ntkhoi11.doc
----------------------------------------------------
error: globus_ftp_control: gss_init_sec_context failed
GSS Major Status: Unexpected Gatekeeper or Service Name
globus_gsi_gssapi: Authorization denied: The expected name for the remote host (host@bk11.edu.vn) does not match the authenticated name of the
remote host (globus11). This happens when the name in the host certificate does not match the information obtained from DNS and is often a DNS
configuration problem.
----------------------------------------------------
export GLOBUS_LOCATION=/usr/local/globus
source $GLOBUS_LOCATION/etc/globus-user-env.sh
-----------------------------------------------------
Checking /etc/grid-security/grid-mapfile grid mapfile
Verifying grid mapfile existence...
WARNING: Grid mapfile /etc/grid-security/grid-mapfile is not writable
OK
Checking for duplicate entries...OK
Checking for valid user names...OK
-----------------------------------------------------
#====================================================================
# 2.5. Setting up your second machine: GRAM5
#====================================================================
globus11@bk11:~$vim a.rsl
globus11@bk11:~$cat a.rsl
globus11@bk11:~$globusrun -f a.rsl -s -r bkserver.edu.vn:2119/jobmanager-fork
----------------------------------------------------
-rw-r--r-- 1 globus11 globus11 24228 Aug 5 12:46 /tmp/my_echo
----------------------------------------------------
visudo
----------------------------------------------------
#Globus GRAM entries
globus ALL = (yeilho) NOPASSWD: /usr/local/globus/libexec/globus-gridmap-and-execute -g /etc/grid-security/grid-mapfile
/usr/local/globus/libexec/globus-job-manager-script.pl *
globus ALL = (yeilho) NOPASSWD: /usr/local/globus/libexec/globus-gridmap-and-execute -g /etc/grid-security/grid-mapfile
/usr/local/globus/libexec/globus-gram-local-proxy-tool *
----------------------------------------------------
#====================================================================
# Time synchronization
# As we set up a certificate autority (CA), it is important to synchronize the system time of all the machines
#====================================================================
----------------------------------------------------
server sundial.columbia.edu
server ntp0.cornell.edu
server 192.168.1.10
----------------------------------------------------
ntpq -pn
#====================================================================
# Globus Container Setup
#====================================================================
----------------------------------------------------
#! /bin/sh
set -e
export GLOBUS_LOCATION=/usr/local/globus
export JAVA_HOME=/usr/local/jdk1.6.0_18
export ANT_HOME=/usr/local/apache-ant-1.8.0
export GLOBUS_OPTIONS="-Xms256M -Xmx512M"
. $GLOBUS_LOCATION/etc/globus-user-env.sh
cd $GLOBUS_LOCATION
case "$1" in
start)
$GLOBUS_LOCATION/sbin/globus-start-container-detached -p 8443
;;
stop)
$GLOBUS_LOCATION/sbin/globus-stop-container-detached
;;
*)
echo "Usage: globus {start|stop}" >&2
exit 1
;;
esac
exit 0
----------------------------------------------------
chmod +x $GLOBUS_LOCATION/start-stop
vim /etc/init.d/globus
cat /etc/init.d/globus
----------------------------------------------------
#!/bin/sh -e
case "$1" in
start)
su - globus /usr/local/globus/start-stop start
;;
stop)
su - globus /usr/local/globus/start-stop stop
;;
restart)
$0 stop
sleep 1
$0 start
;;
*)
printf "Usage: $0 {start|stop|restart}\n" >&2
exit 1
;;
esac
exit 0
----------------------------------------------------
chmod +x /etc/init.d/globus
/etc/init.d/globus start
chkconfig globus on
---------------------------------------------------------
????
# $GLOBUS_LOCATION/sbin/SXXsshd star
# $GLOBUS_LOCATION/bin/grid-proxy-init
#====================================================================
# Obtain the distribution files: Java WS Core Source Download
globus@bk11:~$ wget http://www-unix.globus.org/ftppub/gt4/4.2.1/ws-core/src/ws-core-4.2.1-src.tar.gz
--------------------------------------------------
#====================================================================
root@bk11:~# cd /usr/local
root@bk11:~# tar -xvzf apache-tomcat-7.0.0.tar.gz
root@bk11:~# rm /usr/local/apache-tomcat-7.0.0/bin/*.bat
root@bk11:~# chown -R globus:globus /usr/local/apache-tomcat-7.0.0
root@bk11:~# cd /etc/grid-security/
root@bk11:/etc/grid-security# ln -sf $GLOBUS_LOCATION/share/certificates certificates
To enable the Tomcat manager, you need to modify /usr/local/jakarta-tomcat-4.1.8/conf/tomcat-users.xml add a user »admin« or with the role
»manager«. The result should look like this:<?xml version='1.0' encoding='utf-8'?>
<tomcat-users>
<role rolename="manager"/>
<role rolename="tomcat"/>
<role rolename="role1"/>
<user username="admin" password="secret" roles="manager"/>
<user username="tomcat" password="tomcat" roles="tomcat"/>
<user username="role1" password="tomcat" roles="role1"/>
<user username="both" password="tomcat" roles="tomcat,role1"/>
</tomcat-users>
http://192.168.1.11:8080/
http://192.168.1.11:8080/webmds/
#====================================================================
# Using the Webmin APT repository
#====================================================================
echo "deb http://download.webmin.com/download/repository sarge contrib" >> /etc/apt/sources.list
# You should also fetch and install my GPG key with which the repository is signed, with the commands :
wget http://www.webmin.com/jcameron-key.asc
apt-key add jcameron-key.asc
apt-get update
apt-get install webmin
https://localhost:10000.
#====================================================================
TOOL DNSERVER
/etc/init.d/xinetd reload
cat /etc/xinetd.d/myproxy
netstat -an | grep 7512
cat /etc/xinetd.d/gridftp
netstat -an | grep 2811
cat /etc/xinetd.d/gsigatekeeper
netstat -an | grep 2119
cat /etc/grid-security/grid-mapfile
#====================================================================