Differences
This shows you the differences between two versions of the page.
Both sides previous revision Previous revision Next revision | Previous revision | ||
public:grid_srm_software_installation [2012-12-09 21:12] – Hanno Holties | public:grid_srm_software_installation [2024-05-10 12:14] (current) – Hanno Holties | ||
---|---|---|---|
Line 1: | Line 1: | ||
- | |||
====== GRID storage access tools installation ====== | ====== GRID storage access tools installation ====== | ||
- | The following documentation was developed for the installation of a GRID tools and certificates on an Ubuntu 12.04 system using a bash shell (using .bashrc as a configuration script). We have not tested the installation using csh derivatives but it is to be expected that not all scripts will work. Thanks to Martin van den Akker for providing notes of his installation procedure. | + | **//:!: Several sections in this page are deprecated or obsolete. In particular, users are advised to avoid SRM clients and globus client software and instead look into using the [[https:// |
+ | |||
+ | //This page describes the procedure to set up the tools for working directly on the srm storage. You may want to consider using the staging and download services provided by Astron if you just want to retrieve data from the archive: [[http:// | ||
Sites that provide packages and further information on installation of grid middleware on linux based systems: | Sites that provide packages and further information on installation of grid middleware on linux based systems: | ||
* [[http:// | * [[http:// | ||
- | * [[http:// | ||
- | * [[http:// | ||
- | NB Only the Ubuntu 12 installation described below has been tested by us. Please let us know if you have feedback or if you can contribute instructions on installations in different environments. | + | NB We have tested |
- | ===== 1 Installation of certificates | + | ===== Installation of software packages |
- | ==== 1.1 Obtaining a personal grid certificate ==== | + | Note: all installations require root permissions. |
- | * Request a user certificate via the [[https:// | + | ==== globus |
- | * Install the certificate by following the instructions provided by your certificate authority. Typically this involves: | + | |
- | - Save the mail with the signed certificate as '' | + | |
- | - Load the certificate into your web browser. See e.g. http:// | + | |
- | - Apply for authorization to use LOFAR resources: | + | |
- | * https:// | + | |
- | - NB If appropriate, | + | |
- | * https:// | + | |
- | * https:// | + | |
- | ===== 2 Installation of software packages ===== | + | The file transfer tools from the Globus package are needed, most importantly globus-url-copy: |
- | Note: all installations require root permissions. | + | Ubuntu |
+ | < | ||
- | ==== 2.1 globus | + | sudo apt-get install |
- | The file transfer tools from the Globus package are needed, most importantly | + | </ |
+ | |||
+ | CentOS | ||
+ | |||
+ | < | ||
+ | sudo yum install | ||
- | sudo apt-get install globus-gass-copy-progs | + | </ |
- | ==== 2.2 voms client software ==== | + | ==== voms client software ==== |
The VOMS tools for logging in and user account management: | The VOMS tools for logging in and user account management: | ||
- | sudo apt-get install voms-clients | + | Ubuntu |
- | ==== 2.3 Certificates for the Grid Certificate Authorities (CA) ==== | + | < |
+ | sudo apt-get install voms-clients | ||
- | Execute the following commands to install the certificates from the | + | </ |
- | site of the European Grid Infrastructure (EGI) (root permissions are | + | |
- | required). | + | |
- | sudo add-repository 'deb http:// | + | CentOS |
- | sudo apt-get update | + | |
- | sudo apt-get install ca-policy-egi-core | + | |
- | ==== 2.4 srmtools ==== | + | < |
+ | sudo yum install voms-clients-cpp | ||
+ | |||
+ | </ | ||
+ | |||
+ | ==== Certificates for the Grid Certificate Authorities (CA) ==== | ||
+ | |||
+ | Execute the following commands to install the certificates from the site of the European Grid Infrastructure (EGI) (root permissions are required). | ||
+ | |||
+ | Ubuntu | ||
+ | |||
+ | Note 2021-05-19: newer versions of Ubuntu require to first add the appropriate GPG key for the EGI repository: | ||
+ | |||
+ | < | ||
+ | wget -q -O - https:// | ||
+ | |||
+ | </ | ||
+ | < | ||
+ | |||
+ | sudo add-apt-repository 'deb http:// | ||
+ | sudo apt-get update | ||
+ | sudo apt-get install ca-policy-egi-core | ||
+ | |||
+ | </ | ||
+ | |||
+ | CentOS | ||
+ | |||
+ | < | ||
+ | wget http:// | ||
+ | sudo mv EGI-trustanchors.repo / | ||
+ | sudo yum install ca-policy-egi-core | ||
+ | |||
+ | </ | ||
+ | |||
+ | ==== srmtools ==== | ||
The SRM tools are needed to communicate with the storage management system. | The SRM tools are needed to communicate with the storage management system. | ||
- Download srmtools | - Download srmtools | ||
- | | + | |
- | - Extract and install the srmtools, e.g. in ''/ | + | * {{:public:srmclient-2.2.25.tar.gz|srmclient-2.2.25.tar.gz}} |
- | - Set the relevant environment path variables, e.g. in .bashrc:\\ '' | + | - Extract and install the srmtools, e.g. in ''/ |
+ | - Set the relevant environment path variables, e.g. in .bashrc | ||
- | NB The srm client tools depend on JAVA. There is a known issue with openjava version 7. If you have this version of JAVA installed, or otherwise get JAVA exceptions when running an srm command, please install another JAVA VM. java-6-openjdk | + | NB The srm client tools depend on JAVA. There is a known issue with openjava version 7. If you have this version of JAVA installed, or otherwise get JAVA exceptions when running an srm command, please install another JAVA VM. Java-7-oracle |
+ | < | ||
- | | + | export JAVA_HOME=/ |
- | ==== 2.5 Certificate Revocation List retrieval (optional) ==== | + | </ |
+ | |||
+ | The JAVA VM used by default in Ubuntu and CentOS can be selected using the following command: | ||
+ | |||
+ | < | ||
+ | sudo update-alternatives --config java | ||
+ | |||
+ | </ | ||
+ | |||
+ | ==== Certificate Revocation List retrieval (optional) ==== | ||
The fetch-crl tool retrieves Certificate Revocation Lists. | The fetch-crl tool retrieves Certificate Revocation Lists. | ||
- | | + | Ubuntu |
+ | |||
+ | < | ||
+ | sudo apt-get install fetch-crl | ||
+ | |||
+ | </ | ||
+ | |||
+ | CentOS | ||
+ | |||
+ | < | ||
+ | sudo yum install fetch-crl | ||
+ | |||
+ | </ | ||
NB This is not required unless you intend to allow others to access your system by providing their grid certificate. | NB This is not required unless you intend to allow others to access your system by providing their grid certificate. | ||
- | ===== 3 Additional configuration ===== | + | ===== Additional configuration ===== |
- | ==== 3.1 VOMSES file for LOFAR ==== | + | ==== VOMSES file for LOFAR ==== |
- | Add the following string for the LOFAR Virtual Organization (VO) to the vomses file. | + | Add the following string for the LOFAR Virtual Organization (VO) to the vomses file (any filename is fine). |
- | | + | < |
+ | " | ||
- | You can find this string also on the following website https:// | + | </code> |
- | ==== 3.2 List of certificates for voms.grid.sara.nl.lsc ==== | + | You can find this string also on the following website [[https:// |
+ | |||
+ | ==== List of certificates for voms.grid.sara.nl.lsc ==== | ||
Put the following strings: | Put the following strings: | ||
+ | < | ||
+ | |||
+ | / | ||
+ | / | ||
- | | + | </code> |
- | / | + | |
in the file (root permissions required): | in the file (root permissions required): | ||
- | | + | < |
+ | / | ||
- | NB If this step is skipped or nor configured correctly '' | + | </ |
- | ==== 3.3 Environment (optional) ==== | + | NB If this step is skipped or nor configured correctly '' |
- | You may want to provide the following settings in '' | + | ==== Environment |
- | | + | You may want to provide the following settings in '' |
- | export X509_USER_KEY=$HOME/ | + | |
- | export X509_CERT_DIR=/ | + | < |
- | export X509_VOMS_DIR=/ | + | export X509_USER_CERT=$HOME/ |
- | export VOMS_USERCONF=$HOME/ | + | export X509_USER_KEY=$HOME/ |
+ | export X509_CERT_DIR=/ | ||
+ | export X509_VOMS_DIR=/ | ||
+ | export X509_USER_PROXY=$HOME/ | ||
+ | export VOMS_USERCONF=$HOME/ | ||
+ | |||
+ | </ | ||
+ | |||
+ | **Note: | ||
==== CRL cron job (optional) ==== | ==== CRL cron job (optional) ==== | ||
- | You may want to create a cron job to automatically retrieve certificate revocation lists (CRLs) by incoking | + | You may want to create a cron job to automatically retrieve certificate revocation lists (CRLs) by invoking |
+ | |||
+ | ===== Usage ===== | ||
+ | |||
+ | This creates a proxy (valid for 48 hours, increase if needed) in your home directory: | ||
+ | |||
+ | < | ||
+ | voms-proxy-init -valid 48:00 -voms lofar:/ | ||
+ | |||
+ | </ | ||
+ | |||
+ | You can test that everything works by copying this file from surfsara to your working directory: | ||
+ | |||
+ | < | ||
+ | srmcp -server_mode=passive srm:// | ||
+ | |||
+ | </ | ||
+ | |||
+ | If your firewall allows incoming connections to non-standard ports, you can try this command without the server_mode option which will enable utilization of multiple streams to increase performance. | ||
+ | |||
+ | If you have the [[: | ||
+ | < | ||
+ | |||
+ | srmcp -use_urlcopy_script=true -urlcopy=./ | ||
+ | |||
+ | </ | ||
+ | |||
+ | **Note: | ||
+ |