IS&T Home

 

ACS Home
Research
Publications
Communications
Proposals
Agendas
Grants
ITR Project

Related Links:

 

 

Advanced Campus Services
Information Systems & Technology
Georgia State University
P. O. Box 3968
Atlanta, Georgia 30302-3968
Phone +1 404 463 9685
Email: avandenberg@gsu.edu

Cosmic Ray Lab / IS&T, ACS Support: GRID Install of R4
Draft 1

We initially tried to install R4 from the NMI website, and soon found the documentation to be incomplete. After much debugging from the NMI R4 instructions, we found a set of steps that work for both Linux and Solaris.

Quick Start:

  1. Install the prerequisites Apache Ant, Java, "PERL", JUnit and create a condor user.
  2. Install GPT from "Source" not "Using Solaris Packages." This is very important because the binary bundles are flawed.
  3. Install the NMI_All bundle as instructed, as well as the setup-gsi command.
  4. Install the Globus Certificate Service (GCS) from the Globus website, globus.org (this is required for installing the certificates from the Globus website).
  5. Download the configuration package from globus.org : globus_gcs_b38b4d8c_setup-0.1.tar.gz - see link on http://gcs.globus.org:8080/gcs/setup_ca.html and install.
  6. Use gpt-postinstall instead of globus-postinstall.sh (globus-postinstall.sh does not exist on an NMI system).
  7. From $GLOBUS_LOCATION/setup/globus_gcs_b38b4d8c_setup/ run setup-gsi (NOTE: you must run this file from within the globus_gcs_b38b4d8c_setup directory as it contains the correct signing policy configurations for the online CA).
  8. Go to /etc/grid-security/certificates and move all files that reference any other CA other than the one whose hash cert value is b38b4d8c (you will see the CA's public key is named b38b4d8c.0 - all files referencing this CA will have the b38b4d8c value somewhere in their name).
  9. Go to /etc/grid-security and remove and replace the symbolic linked files for: globus-host-ssl.conf, globus-user-ssl.conf, and grid-security.conf to point to the corresponding files in the certificates folder below them.
  10. NOW request the host certificate first, then the ldap certificate.
  11. Exit from root and as a user request the user certificate.
  12. Log back into root and create a file named grid-mapfile. Put the user-cert subject in quotes along with the user id from where you requested the user certificates.
  13. Add the service entries in /etc/services and /etc/inetd.conf as well as copy over the startup scripts for Condor and MDS.
  14. "Punch" the firewall holes as needed.
  15. Bounce the server.
  16. SUCCESS!

Last Updated: March 2, 2006