This is an old revision of the document!
GRID storage access tools installation
The following documentation was developed for the installation of a GRID tools and certificates on an Ubuntu 12.04 system using a bash shell (using .bashrc as a configuration script). We have not tested the installation using csh derivatives but it is to be expected that not all scripts will work. Thanks to Martin van den Akker for providing notes of his installation procedure.
Sites that provide packages and further information on installation on linux based systems:
- Home of the gLite software suite (gLite UI provides a typical client installation)
NB Only the Ubuntu 12 installation described below has been tested by us. Please let us know if you have feedback or if you can contribute instructions on installations in different environments.
1 Installation of certificates
1.1 Obtaining a personal grid certificate
- Request a user certificate via the Terena eScience portal (federated European organisations) or jGridstart (other Dutch organisations) and follow the instructions. A good starting point for finding your certificate authority if not available from these sites is: https://www.eugridpma.org/members/worldmap/ (Europe) or http://www.igtf.net/ (World wide). Contact Science Support if none of the above works.
- Install the certificate by following the instructions provided by your certificate authority. Typically this involves:
- Save the mail with the signed certificate as
$HOME/.globus/usercert.pem
and make sure that theuserkey.pem
file in that directory contains the pricate key that matches this certificate. As these*.pem
files are strictly personal, their permissions should be set properly by the following command:
> chmod 600 *.pem
- Load the certificate into your web browser. See e.g. http://ca.dutchgrid.nl/info/browser for instructions. Installation can also be done using the jGridstart tool (see above) for supported browsers.
- Apply for authorization to use LOFAR resources:
- https://voms.grid.sara.nl:8443/voms/lofar for access to the LOFAR LTA storage.
- NB If appropriate, you may be interested in applying for membership of other communities, e.g.:
- https://voms.grid.sara.nl:8443/vomses for other GRID communities hosted in the Netherlands.
- https://cic.gridops.org/index.php?section=home&page=volist for all Grid communities registered in Europe by discipline.
2 Installation of software packages
Note: all installations require root permissions.
2.1 globus client software
The file transfer tools from the Globus package are needed, most importantly globus-url-copy:
sudo apt-get install globus-gass-copy-progs globus-common-progs globus-core
2.2 voms client software
The VOMS tools for logging in and user account management:
sudo apt-get install voms-clients
2.3 Certificates for the Grid Certificate Authorities (CA)
Execute the following commands to install the certificates from the site of the European Grid Infrastructure (EGI) (root permissions are required).
sudo add-repository 'deb http://repository.egi.eu/sw/production/cas/1/current egi-igtf core' sudo apt-get update sudo apt-get install ca-policy-egi-core
2.4 srmtools
The SRM tools are needed to communicate with the storage management system.
- Download srmtools
- Extract and install the srmtools, e.g. in
/opt/
This will create a subdirectorysrm
containing the required files.\\Note that the srm package may be installed anywhere (e.g. in your home directory). - Set the relevant environment path variables, e.g. in .bashrc:
export SRM_PATH=<Install Directory>/srm
export PATH=$SRM_PATH/bin:$PATH
NB The srm client tools depend on JAVA. There is a known issue with openjava version 7. If you have this version of JAVA installed, or otherwise get JAVA exceptions when running an srm command, please install another JAVA VM. java-6-openjdk is known to work. It is possible to have multiple JAVA VM installations and thus not required to fully replace an existing installation: if the default VM installation does not work with srm, another VM may be configured to be used by setting the following environment parameter:
export JAVA_HOME=/usr/lib/jvm/java-6-openjdk-i386/jre
2.5 Certificate Revocation List retrieval (optional)
The fetch-crl tool retrieves Certificate Revocation Lists.
sudo apt-get install fetch-crl
NB This is not required unless you intend to allow others to access your system by providing their grid certificate.
3 Additional configuration
3.1 VOMSES file for LOFAR
Add the vomses string for the LOFAR Virtual Organization (VO) to the vomses file. You can find this string on the following website https://voms.grid.sara.nl:8443/voms/lofar/configuration/configuration.action in the text block under VOMSES string for this VO
The string should be copied to one of the following default locations: /etc/vomses
, $HOME/.voms/vomses
, $HOME/.glite/vomses
3.2 List of certificates for voms.grid.sara.nl.lsc
Put the following strings:
/O=dutchgrid/O=hosts/OU=sara.nl/CN=voms.grid.sara.nl /C=NL/O=NIKHEF/CN=NIKHEF medium-security certification auth
in the file (root permissions required):
/etc/grid-security/vomsdir/lofar/voms.grid.sara.nl.lsc
NB If this step is skipped or nor configured correctly voms-proxy-init
will work but finish with warnings.
3.3 Environment (optional)
You may want to provide the following settings in .bashrc
or another initialisation/startup script if the relevant files are not in the default locations (defaults provided below).
export X509_USER_CERT=$HOME/.globus/usercert.pem export X509_USER_KEY=$HOME/.globus/userkey.pem export X509_CERT_DIR=/etc/grid-security/certificates export X509_VOMS_DIR=/etc/grid-security/vomsdir export VOMS_USERCONF=$HOME/.glite
CRL cron job (optional)
You may want to create a cron job to automatically retrieve certificate revocation lists (CRLs) by incoking the fetch-crl tool at regular intervals (at least once a year).