文章仅供大家参考,所有评论, 错误报告, 其他信息以及批评, 请邮寄到 Jeffery.Lee AT gmail.com 或者访问我的个人blog同我交流( http://ibuddie.spaces.live.com/ )。本文遵从GNU 的自由文档许可证(Free Document License)的条款,欢迎转载,如若修改、散布,请注明文章原始出处和来源。
Globus Toolkit 4(GT4)安装手册
Version. 0.1
Jeffery Lee@SEU
更新日期 2007-01-22
前言
本手册内主要参考Globus Toolkit(以下简称GT)安装包中的“quick start”一文,并在Debian 3.1r4 (Sarge) X86平台上面完成GT4.03的安装。文章仅供大家参考,所有评论, 错误报告, 其他信息以及批评, 请邮寄到 Jeffery.Lee AT gmail.com 或者访问我的个人主页同我交流( http://jeffery.lee.googlepages.com/ )。本文遵从GNU 的自由文档许可证(Free Document License)的条款,欢迎转载,如若修改、散布,请注明文章原始出处和来源。
安装配置第一台机器
先期准备
1. 安装Debian 3.1(Sarge)
Debian的安装过程不在本文讨论范围内,你可以去http://debian.cn99.com/获得关于Debian的一切资源。本文写作时最新发布的是Debian 3.1r4,建议下载binary-1的镜像刻盘安装。具体安装过程这里略过,可以参考以下链接获得更多信息:
Debian手册
Debian Sarge 安装手册(中文)
Debian的官方安装手册
《Debian无痛起步法》v2
《Debian无痛起步法》v1
The Debian GNU/Linux FAQ
Debian 安全手册
Debian 参考手册(网络最新版)
Debian新维护人员手册
dselect初学者指南
APT HOW TO
2.编译环境搭建
Globus官方网站提供了许多平台的GT4安装包,我们可以根据自己的实际情况选择相应的安装包,那样无疑更方便和快捷。而这里我打算编译GT4.03源代码来实现Globus的安装,所以首先必须仔细检查当前系统的编译环境是否满足编译要求。软件环境要求如下:
· Globus Toolkit installer, from Globus Toolkit 4.0 download page
· J2SE 1.4.2+ SDK from Sun, IBM, HP, or BEA (do not use GCJ).
· Ant 1.6+ (1.6.1+ if using Java 1.5). If you are using the ant shipped with Fedora Core or RedHat, please see the “Fedora Core”
· The above two requirements suffice for the Core-only download. However, the rest of this guide does not apply to that download. Please see the Java WS Core Admin Guide if you are using a core-only source/binary downlaod.
· C compiler. If gcc, avoid version 3.2. 3.2.1 and 2.95.x are okay. gcc 4.1 has a bug that will trigger during the build of WS C (bug 4315). You can recompile the globus_js package from the advisories page, then run make again.
· C++ compiler. Use the version corresponding to your C compiler from the previous bullet.
· GNU tar
· GNU sed
· GNU Make
· Perl 5.005 or newer
· sudo
· JDBC compliant database. For instance, PostgreSQL 7.1+
· gpt-3.2autotools2004 (shipped with the installers, but required if building standalone GPT bundles/packages)
首先,我检查用作GSI-OpenSSH的zlib开发库是否安装:
jeffery% dpkg --list | grep zlib
ii zlib-bin 1.2.2-4.sarge. compression library - sample programs
ii zlib1g 1.2.2-4.sarge. compression library - runtime
ii zlib1g-dev 1.2.2-4.sarge. compression library - development
我这里已经默认安装了zlib,可以编译GSI-OpenSSH。如果你的系统没有安装,请通过APT来安装相应内容。例如:apt-get install zlib1g-dev。
Note
非Debian系统的包名可能不同,例如RPM相应包的名字是zlib-devel。
接下来,我们安装Java,即J2SE SDK。
root@jeffery:/usr/java# ./j2sdk-1_4_2_12-linux-i586.bin
Sun Microsystems, Inc.
Binary Code License Agreement
for the
JAVATM 2 SOFTWARE DEVELOPMENT KIT (J2SDK), STANDARD EDITION,
...
Creating j2sdk1.4.2_12/jre/lib/plugin.jar
Creating j2sdk1.4.2_12/jre/javaws/javaws.jar
Done.
下面我们安装ant(http://apache.justdn.org/ant/binaries/apache-ant-1.6.5-bin.tar.gz):
root@jeffery:/usr/local# tar xzf apache-ant-1.6.5-bin.tar.gz
root@jeffery:/usr/local# ls apache-ant-1.6.5
bin INSTALL LICENSE LICENSE.xerces TODO
docs KEYS LICENSE.dom NOTICE welcome.html
etc lib LICENSE.sax README WHATSNEW
Note
以上过程在我的Debian上面运行无误,因为之前并没有安装ant。大多数RedHat和Fedora Core却已经包含了ant,但它被配置成用来适用gcj,而我们并不想用gcj!对于这种情况,我们查找一下是否有一个/etc/ant.conf文件,如果有的话,把它重命名为/etc/ant.conf.orig文件看能否解决问题。
我的系统当前已经有C/C++编译器
jeffery % gcc --version
gcc (GCC) 3.3.5 (Debian 1:3.3.5-13)
Copyright (C) 2003 Free Software Foundation, Inc.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
jeffery % g++ --version
g++ (GCC) 3.3.5 (Debian 1:3.3.5-13)
Copyright (C) 2003 Free Software Foundation, Inc.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
tar/make/sed的GNU 版本:
jeffery % tar --version
tar (GNU tar) 1.14
Copyright (C) 2004 Free Software Foundation, Inc.
This program comes with NO WARRANTY, to the extent permitted by law.
You may redistribute it under the terms of the GNU General Public License;
see the file named COPYING for details.
Written by John Gilmore and Jay Fenlason.
jeffery % sed --version
GNU sed version 4.1.2
Copyright (C) 2003 Free Software Foundation, Inc.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE,
to the extent permitted by law.
jeffery % make --version
GNU Make 3.80
Copyright (C) 2002 Free Software Foundation, Inc.
This is free software; see the source for copying conditions.
There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A
PARTICULAR PURPOSE.
jeffery % perl --version
This is perl, v5.8.4 built for i386-linux-thread-multi
Copyright 1987-2004, Larry Wall
Perl may be copied only under the terms of either the Artistic License or the
GNU General Public License, which may be found in the Perl 5 source kit.
Complete documentation for Perl, including FAQ lists, should be found on
this system using `man perl' or `perldoc perl'. If you have access to the
Internet, point your browser at http://www.perl.com/, the Perl Home Page.
确定可以使用sudo:
jeffery % sudo -V
Sudo version 1.6.8p7
(没有的话,运行apt-get install sudo安装)
检查一下postgres安装情况:
jeffery % dpkg --list | grep postgres
ii postgresql-cli 7.4.7-6sarge1 front-end programs for PostgreSQL
jeffery % dpkg --list | grep psql
jeffery %
postgresql-cli只是前台程序, 并非postgresql的服务端程序。在Debian中我们可以很方便的安装它
root@jeffery:/usr/local# apt-get install postgresql
Reading Package Lists... Done
Building Dependency Tree... Done
Suggested packages:
libpg-perl libpgjava libpgtcl postgresql-doc postgresql-dev
postgresql-contrib pidentd ident-server pgdocs pgaccess
The following NEW packages will be installed:
postgresql
...
安装成功后,数据库服务端应该会自动运行。如果没有,你也可以通过下面的方法运行它。
/etc/init.d/postgresql start
稍后我们在涉及RFT时再编译相应的数据库配置文件,现在安装成功就足够了。
为了保持完整,我也将同时安装IODBC,作为RLS的一个可选前提要求。
root@jeffery:/root# apt-get install libiodbc2 libiodbc2-dev
Reading Package Lists... Done
Building Dependency Tree... Done
The following NEW packages will be installed:
libiodbc2 libiodbc2-dev
...
Setting up libiodbc2 (3.52.2-3) ...
Setting up libiodbc2-dev (3.52.2-3) ...
root@jeffery:/root#
编译Globus Toolkit
完成先期准备工作后,我们终于可以下载并编译源代码包了。这部分最详细的讲解请参见Installing Admin Guide.
root@cognito:~#adduser globus
Adding user `globus'...
Adding new group `globus' (1023).
Adding new user `globus' (1023) with group `globus'.
Creating home directory `/home/globus'.
Copying files from `/etc/skel'
Enter new UNIX password:********
Retype new UNIX password:********
passwd: password updated successfully
Changing the user information for globus
Enter the new value, or press ENTER for the default
Full Name []: Globus
Room Number []:
Work Phone []:
Home Phone []:
Other []:
Is the information correct? [y/N] y
root@jeffery:/etc/init.d#mkdir /usr/local/globus-4.0.3/
root@jeffery:/etc/init.d#chown globus:globus /usr/local/globus-4.0.3/
好了,我们成功创建了一个globus用户
globus@database-group:~$tar xzf gt4.0.3-all-source-installer.tar.gz
globus@database-group:~$cd gt4.0.3-all-source-installer
globus@database-group:~/gt4.0.3-all-source-installer$./configure --prefix=/usr/local/globus-4.0.3/ /
--with-iodbc=/usr/lib
checking build system type... i686-pc-linux-gnu
checking for javac... no
configure: WARNING: A Java compiler is needed for some parts of the toolkit
![1]()
configure: WARNING: This message can be ignored if you are only building the C parts of the toolkit
checking for ant... no
configure: WARNING: ant is needed for some parts of the toolkit
configure: WARNING: If you know you will not need one
configure: creating ./config.status
config.status: creating Makefile
晕,我居然忘记配置两个重要的环境变量JAVA_HOME和ANT_HOME ,难怪无法编译呢。重新配置JAVA环境如下:
globus@jeffery:~/gt4.0.3-all-source-installer$export ANT_HOME=/usr/local/apache-ant-1.6.5
globus@jeffery:~/gt4.0.3-all-source-installer$export JAVA_HOME=/usr/java/j2sdk1.4.2_12/
globus@jeffery:~/gt4.0.3-all-source-installer$export PATH=$ANT_HOME/bin:$JAVA_HOME/bin:$PATH
globus@jeffery:~/gt4.0.3-all-source-installer$./configure --prefix=/usr/local/globus-4.0.3/ /
--with-iodbc=/usr/lib
checking build system type... i686-pc-linux-gnu
checking for javac... /usr/java/j2sdk1.4.2_12//bin/javac
checking for ant... /usr/local/apache-ant-1.6.5/bin/ant
configure: creating ./config.status
config.status: creating Makefile
问题解决了。
终于到了build GT4的激动人心的一刻了
globus@jeffery:~/gt4.0.3-all-source-installer$make | tee installer.log
cd gpt-3.2autotools2004 && OBJECT_MODE=32 ./build_gpt
build_gpt ====> installing GPT into /usr/local/globus-4.0.3/
...
现在你可以出去吃个饭或者打场球,因为build的时间是比较漫长的,究竟有多长取决于你机器的配置情况。
……
直到出现“Your build completed successfully. Please run make install”。恭喜你build GT4成功,下面可以安装了。
globus@jeffery:~/gt4.0.3-all-source-installer$make install
/usr/local/globus-4.0.3//sbin/gpt-postinstall
...
..Done
globus@jeffery:~/gt4.0.3-all-source-installer$
在第一台机器上进行安全配置
完成GT4的安装后,机器还需要完成安全认证的工作。对机器而言需要hostcerts,对用户而言需要usercert。我们可以利用随toolkit一起发布的SimpleCA来完成这些工作。一下就是建立认证的过程。(参见SimpleCA Admin的介绍)
globus@database-group:~$export GLOBUS_LOCATION=/usr/local/globus-4.0.3
globus@database-group:~$source $GLOBUS_LOCATION/etc/globus-user-env.sh
globus@database-group:~$$GLOBUS_LOCATION/setup/globus/setup-simple-ca
WARNING: GPT_LOCATION not set, assuming:
GPT_LOCATION=/usr/local/globus-4.0.3
C e r t i f i c a t e A u t h o r i t y S e t u p
This script will setup a Certificate Authority for signing Globus
users certificates. It will also generate a simple CA package
that can be distributed to the users of the CA.
The CA information about the certificates it distributes will
be kept in:
/home/globus/.globus/simpleCA/
The unique subject name for this CA is:
cn=Globus Simple CA, ou=simpleCA-database-group.seu.edu.cn, ou=GlobusTest, o=Grid
Do you want to keep this as the CA subject (y/n) [y]:
y
Enter the email of the CA (this is the email where certificate
requests will be sent to be signed by the CA): Jeffery.Lee@gmail.com
The CA certificate has an expiration date. Keep in mind that
once the CA certificate has expired, all the certificates
signed by that CA become invalid. A CA should regenerate
the CA certificate and start re-issuing ca-setup packages
before the actual CA certificate expires. This can be done
by re-running this setup script. Enter the number of DAYS
the CA certificate should last before it expires.
[default: 5 years (1825 days)]:RETURN
Enter PEM pass phrase:******
Verifying - Enter PEM pass phrase:******
creating CA config package...
A self-signed certificate has been generated
for the Certificate Authority with the subject:
/O=Grid/OU=GlobusTest/OU= simpleCA-database-group.seu.edu.cn/CN=Globus Simple CA
If this is invalid, rerun this script
/usr/local/globus-4.0.3/setup/globus/setup-simple-ca
and enter the appropriate fields.
-------------------------------------------------------------------
The private key of the CA is stored in /home/globus/.globus/simpleCA//private/cakey.pem
The public CA certificate is stored in /home/globus/.globus/simpleCA//cacert.pem
The distribution package built for this CA is stored in
/home/globus/.globus/simpleCA//globus_simple_ca_615e4021_setup-0.18.tar.gz
This file must be distributed to any host wishing to request
certificates from this CA.
CA setup complete.
The following commands will now be run to setup the security
configuration files for this CA:
$GLOBUS_LOCATION/sbin/gpt-build /
/home/globus/.globus/simpleCA//globus_simple_ca_615e4021_setup-0.18.tar.gz
$GLOBUS_LOCATION/sbin/gpt-postinstall
-------------------------------------------------------------------
setup-ssl-utils: Configuring ssl-utils package
Running setup-ssl-utils-sh-scripts...
***************************************************************************
Note: To complete setup of the GSI software you need to run the
following script as root to configure your security configuration
directory:
/usr/local/globus-4.0.3/setup/globus_simple_ca_615e4021_setup/setup-gsi
For further information on using the setup-gsi script, use the -help
option. The -default option sets this security configuration to be
the default, and -nonroot can be used on systems where root access is
not available.
***************************************************************************
setup-ssl-utils: Complete
globus@database-group:~$
屏幕输入相当多的信息,那究竟发生了什么事情呢?我们不妨看看:
globus@database-group:~$ls ~/.globus/
simpleCA
globus@database-group:~$ls ~/.globus/simpleCA/
cacert.pem globus_simple_ca_615e4021_setup-0.18.tar.gz newcerts
certs grid-ca-ssl.conf private
crl index.txt serial
可见,.globus目录保存了已经创建好的simpleCA。现在我需要让我的机器对新的CA进去确认操作。以下操作将以root用户身份进行:
root@database-group:~#export GLOBUS_LOCATION=/usr/local/globus-4.0.3
root@database-group:~#$GLOBUS_LOCATION/setup/globus_simple_ca_615e4021_setup/setup-gsi -default
setup-gsi: Configuring GSI security
Making /etc/grid-security...
mkdir /etc/grid-security
Making trusted certs directory: /etc/grid-security/certificates/
mkdir /etc/grid-security/certificates/
Installing /etc/grid-security/certificates//grid-security.conf.615e4021...
Running grid-security-config...
Installing Globus CA certificate into trusted CA certificate directory...
Installing Globus CA signing policy into trusted CA certificate directory...
setup-gsi: Complete
root@database-group:~#ls /etc/grid-security/
certificates globus-host-ssl.conf globus-user-ssl.conf grid-security.conf
root@database-group:~#ls /etc/grid-security/certificates/
615e4021.0 globus-user-ssl.conf.615e4021
615e4021.signing_policy grid-security.conf.615e4021
globus-host-ssl.conf.615e4021
这些都是Globus Toolkit建立simpleCA信任的配置文件。注意哈希值615e4021与我的SimplceCA哈希值匹配。这些文件详细的说明参见Security Admin。
现在我们已经创建一个CA并完成了认证,我们下面将获得到这台机器的hostcert:
root@database-group:~#source $GLOBUS_LOCATION/etc/globus-user-env.sh
root@database-group:~#grid-cert-request -host `hostname`
Generating a 1024 bit RSA private key
..++++++
...................................................++++++
writing new private key to '/etc/grid-security/hostkey.pem'
..ho.
Your certificate will be mailed to you within two working days.
If you receive no response, contact Globus Simple CA at Jeffery.Lee@gmail.com
我们需要用globus用户自己的simpleCA来进行签证:
globus@database-group:~$grid-ca-sign -in /etc/grid-security/hostcert_request.pem -out hostsigned.pem
To sign the request
please enter the password for the CA key:******
The new signed certificate is at: /home/globus/.globus/simpleCA//newcerts/01.pem
我们最后一步要做的就是复制那个认证过的证书到/etc目录下:
root@database-group:~#cp ~globus/hostsigned.pem /etc/grid-security/hostcert.pem
hostcert和hostkey为root用户所有,它们将被GridFTP服务器使用。因为Web服务容器(webservices container)被非root用户运行,所以我们需要一个为globus用户拥有的证书。简而言之,我们需要一个root用户拥有的host certificate/key和一个globus用户拥有的host certificate/key。我们可以通过简单的文件拷贝实现以上需求:
root@database-group:/etc/grid-security#cp hostcert.pem containercert.pem
root@database-group:/etc/grid-security#cp hostkey.pem containerkey.pem
root@database-group:/etc/grid-security#chown globus:globus container*.pem
root@database-group:/etc/grid-security#ls -l *.pem
-r-------- 1 globus globus 887 2007-01-21 07:48 containerkey.pem
-rw-r--r-- 1 globus globus 2710 2007-01-21 07:48 containercert.pem
-rw-r--r-- 1 root root 2710 2007-01-21 07:47 hostcert.pem
-rw-r--r-- 1 root root 1404 2007-01-21 07:40 hostcert_request.pem
-r-------- 1 root root 887 2007-01-21 07:40 hostkey.pem
现在我们拥有了一个jeffery用户的usercert,接下来这个例子我运行在tcsh下,显示globus-user-env版本取决于当前的shell。
jeffery% setenv GLOBUS_LOCATION /usr/local/globus-4.0.3/
jeffery% source $GLOBUS_LOCATION/etc/globus-user-env.csh
jeffery% grid-cert-request
A certificate request and private key is being created.
You will be asked to enter a PEM pass phrase.
This pass phrase is akin to your account password,
and is used to protect your key file.
If you forget your pass phrase, you will need to
obtain a new certificate.
Generating a 1024 bit RSA private key
.........................................................++++++
.........................++++++
unable to write 'random state'
writing new private key to '/home/bacon/.globus/userkey.pem'
Enter PEM pass phrase: ****
Verifying - Enter PEM pass phrase: ****
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
-----
Level 0 Organization [Grid]:
Level 0 Organizational Unit [GlobusTest]:
Level 1 Organizational Unit [simpleCA-jeffery.mcs.anl.gov]:
Level 2 Organizational Unit [mcs.anl.gov]:
Name (e.g., John M. Smith) []:
A private key and a certificate request has been generated with the subject:
/O=Grid/OU=GlobusTest/OU=simpleCA-database-group.seu.edu.cn /OU=seu.edu.cn /CN= Jeffery Lee
If the CN=Jeffery Lee is not appropriate, rerun this
script with the -force -cn "Common Name" options.
Your private key is stored in /home/Jeffery/.globus/userkey.pem
Your request is stored in /home/jeffery/.globus/usercert_request.pem
Please e-mail the request to the Globus Simple CA Jeffery.Lee@gmail.com
You may use a command similar to the following:
cat /home/bacon/.globus/usercert_request.pem | mail Jeffery.Lee@gmail.com
Only use the above if this machine can send AND receive e-mail. if not, please
mail using some other method.
Your certificate will be mailed to you within two working days.
If you receive no response, contact Globus Simple CA at Jeffery.Lee@gmail.com
现在我需要向globus用户提出证书请求,以求能够被认证,然后将认证过的证书发送给jeffery:
jeffery %cat /home/jeffery/.globus/usercert_request.pem | mail globus
这里由于是在一台机器上面进行认证,所以我利用Debian提供的Exim邮件服务器来在不同用户之间发送请求。globus用户利用mail命令可以查看jeffery用户发来的证书请求,并将其保存为request.pem,然后再对其进行认证操作:
globus@database-group:~$grid-ca-sign -in request.pem -out signed.pem
To sign the request
please enter the password for the CA key: ******
The new signed certificate is at: /home/globus/.globus/simpleCA//newcerts/02.pem
globus@database-group:~$cat signed.pem | mail jeffery
现在jeffery用户可以查看他的邮件,并且复制证书到它合适的位置:
如果邮件无法正确保存的话,其实更方便的办法是直接将globus下生成的signed.pem文件用root用户chown后复制到jeffery相应目录下
jeffery %cp signed.pem ~/.globus/usercert.pem
jeffery %ls -l ~/.globus/
total 12
-rw-r--r-- 1 jeffery jeffery 895 2007-01-21 07:57 usercert.pem
-rw-r--r-- 1 jeffery jeffery 1426 2007-01-21 07:51 usercert_request.pem
-r-------- 1 jeffery jeffery 963 2007-01-21 07:51 userkey.pem
我们最后再以root用户创建一个grid-mapfile,方便以后授权服务:
root@database-group:/etc/grid-security#vim /etc/grid-security/grid-mapfile
root@database-group:/etc/grid-security#cat /etc/grid-security/grid-mapfile
“/O=Grid/OU=GlobusTest/OU=simpleCA-database-group.seu.edu.cn/OU=seu.edu.cn/CN=Jeffery Lee”jeffery
Note
globus用户不需要进行用户认证!它只是一个被我们用来拥有GLOBUS_LOCATION的哑用户。当我们启动container时,它将使用containercert。只有真正的用户才需要user certs。
搭建GridFTP
现在我们自己的安全认证机制已经准备就绪,我们启动一个服务。以下安装说明来GridFTP Admin Guide.
root@database-group:/etc/grid-security#vim /etc/xinetd.d/gridftp![1]()
root@database-group:/etc/grid-security#cat /etc/xinetd.d/gridftp
service gsiftp
{
instances = 100
socket_type = stream
wait = no
user = root
env += GLOBUS_LOCATION=/usr/local/globus-4.0.1
env += LD_LIBRARY_PATH=/usr/local/globus-4.0.1/lib
![2]()
server = /usr/local/globus-4.0.1/sbin/globus-gridftp-server
server_args = -i
log_on_success += DURATION
nice = 10
disable = no
}
root@database-group:/etc/grid-security#vim /etc/services
root@database-group:/etc/grid-security#tail /etc/services
vboxd 20012/udp
binkp 24554/tcp # binkp fidonet protocol
asp 27374/tcp # Address Search Protocol
asp 27374/udp
dircproxy 57000/tcp # Detachable IRC Proxy
tfido 60177/tcp # fidonet EMSI over telnet
fido 60179/tcp # fidonet EMSI over TCP
# Local services
gsiftp 2811/tcp
root@database-group:/etc/grid-security#/etc/init.d/xinetd reload
Reloading internet superserver configuration: xinetd.
root@database-group:/etc/grid-security#netstat -an | grep 2811
tcp 0 0 0.0.0.0:2811 0.0.0.0:* LISTEN
我之前已经安装了xinetd:
jeffery@database-group:~$ dpkg --list xinetd
Desired=Unknown/Install/Remove/Purge/Hold
| Status=Not/Installed/Config-files/Unpacked/Failed-config/Half-installed
|/ Err?=(none)/Hold/Reinst-required/X=both-problems (Status,Err: uppercase=bad)
||/ Name Version Description
+++-==============-==============-============================================
ii xinetd 2.3.13-3 replacement for inetd with many enhancements
你可以用inetd代替,更多细节参见GridFTP xinetd/inetd examples,当然最简单的方法还是apt-get install xinetd.
现在gridftp服务器已经在等待请求了,于是我们启动一个客户端并且发送一个文件:
jeffery %grid-proxy-init -verify -debug
User Cert File: /home/bacon/.globus/usercert.pem
User Key File: /home/bacon/.globus/userkey.pem
Trusted CA Cert Dir: /etc/grid-security/certificates
Output File: /tmp/x509up_u1817
Your identity: /O=Grid/OU=GlobusTest/OU=simpleCA-choate.mcs.anl.gov/OU=mcs.anl.gov/CN=Charles Bacon
Enter GRID pass phrase for this identity: ****
Creating proxy .....++++++++++++
..++++++++++++
Done
Proxy Verify OK
Your proxy is valid until: Tue Nov 15 20:15:46 2005
jeffery% globus-url-copy gsiftp://database-group.seu.edu.cn/etc/group file:///tmp/jeffery.test.copy
jeffery% diff /tmp/jeffery.test.copy /etc/group
jeffery%
(TODO 我这里运行globus-url-copy gsiftp://database-group.seu.edu.cn/etc/group file:///tmp/jeffery.test.copy居然没有响应,可能2811端口已经被使用了)
如果无误的话,证明GridFTP已经运转正常。如果你遇到问题,参见GridFTP Troubleshooting。如果问题有关安全认证方面,请检查安全方面的文档Security Troubleshooting。下面我们将进入下一步,启动webservices container。
启动Webservices Container
我们首先将安装把webservices container添加到/etc/init.d。你可以从Container Admin Guide.获得更多关于container的细节。
globus@database-group:~$vim $GLOBUS_LOCATION/start-stop
globus@database-group:~$cat $GLOBUS_LOCATION/start-stop
#! /bin/sh
set -e
export GLOBUS_LOCATION=/usr/local/globus-4.0.3
export JAVA_HOME=/usr/java/j2sdk1.4.2_12/
export ANT_HOME=/usr/local/apache-ant-1.6.5
export GLOBUS_OPTIONS="-Xms256M -Xmx512M"
![1]()
. $GLOBUS_LOCATION/etc/globus-user-env.sh
cd $GLOBUS_LOCATION
case "$1" in
start)
$GLOBUS_LOCATION/sbin/globus-start-container-detached -p 8443
;;
stop)
$GLOBUS_LOCATION/sbin/globus-stop-container-detached
;;
*)
echo "Usage: globus {start|stop}" >&2
exit 1
;;
esac
exit 0
globus@database-group:~$chmod +x $GLOBUS_LOCATION/start-stop
GLOBUS_OPTIONS 将被用来向JVM发送选项。这里我们可以按照Admin Guide的推荐来设置堆的大小。、
现在以root用户登录,我们将创建一个/etc/init.d脚本去调用globus用户的start-stop脚本。
root@database-group:~#vim /etc/init.d/globus-4.0.3
root@database-group:~#cat /etc/init.d/globus-4.0.3
#!/bin/sh -e
case "$1" in
start)
su - globus /usr/local/globus-4.0.3/start-stop start
;;
stop)
su - globus /usr/local/globus-4.0.3/start-stop stop
;;
restart)
$0 stop
sleep 1
$0 start
;;
*)
printf "Usage: $0 {start|stop|restart}/n" >&2
exit 1
;;
esac
exit 0
root@database-group:~#chmod +x /etc/init.d/globus-4.0.3
root@database-group:~#/etc/init.d/globus-4.0.3 start
Note
如果运行出错,请查看$GLOBUS_LOCATION/var/container.log文件。
2007-01-22 12:49:29,108 INFO exec.RunQueue [main,initialize:68] Starting state machine with 18 run queues.
2007-01-22 12:49:31,548 ERROR service.ReliableFileTransferImpl [main,<init>:68] Unable to setup database driver with pooling.A connection error has occurred: FATAL: no pg_hba.conf entry for host "10.3.5.48", user "globus", database "rftDatabase", SSL off
2007-01-22 12:49:32,718 WARN service.ReliableFileTransferHome [main,initialize:97] All RFT requests will fail and all GRAM jobs that require file staging will fail.A connection error has occurred: FATAL: no pg_hba.conf entry for host "10.3.5.48", user "globus", database "rftDatabase", SSL off
Starting SOAP server at: https://10.3.5.48:8443/wsrf/services/
With the following services:
[1]: https://10.3.5.48:8443/wsrf/services/AdminService
[2]: https://10.3.5.48:8443/wsrf/services/AuthzCalloutTestService
[3]: https://10.3.5.48:8443/wsrf/services/CASService
[4]: https://10.3.5.48:8443/wsrf/services/ContainerRegistryEntryService
[5]: https://10.3.5.48:8443/wsrf/services/ContainerRegistryService
[6]: https://10.3.5.48:8443/wsrf/services/CounterService
[7]: https://10.3.5.48:8443/wsrf/services/DefaultIndexService
[8]: https://10.3.5.48:8443/wsrf/services/DefaultIndexServiceEntry
[9]: https://10.3.5.48:8443/wsrf/services/DefaultTriggerService
[10]: https://10.3.5.48:8443/wsrf/services/DefaultTriggerServiceEntry
[11]: https://10.3.5.48:8443/wsrf/services/DelegationFactoryService
[12]: https://10.3.5.48:8443/wsrf/services/DelegationService
[13]: https://10.3.5.48:8443/wsrf/services/DelegationTestService
[14]: https://10.3.5.48:8443/wsrf/services/InMemoryServiceGroup
[15]: https://10.3.5.48:8443/wsrf/services/InMemoryServiceGroupEntry
[16]: https://10.3.5.48:8443/wsrf/services/InMemoryServiceGroupFactory
[17]: https://10.3.5.48:8443/wsrf/services/IndexFactoryService
[18]: https://10.3.5.48:8443/wsrf/services/IndexService
[19]: https://10.3.5.48:8443/wsrf/services/IndexServiceEntry
[20]: https://10.3.5.48:8443/wsrf/services/ManagedExecutableJobService
[21]: https://10.3.5.48:8443/wsrf/services/ManagedJobFactoryService
[22]: https://10.3.5.48:8443/wsrf/services/ManagedMultiJobService
[23]: https://10.3.5.48:8443/wsrf/services/ManagementService
[24]: https://10.3.5.48:8443/wsrf/services/NotificationConsumerFactoryService
[25]: https://10.3.5.48:8443/wsrf/services/NotificationConsumerService
[26]: https://10.3.5.48:8443/wsrf/services/NotificationTestService
[27]: https://10.3.5.48:8443/wsrf/services/PersistenceTestSubscriptionManager
[28]: https://10.3.5.48:8443/wsrf/services/ReliableFileTransferFactoryService
[29]: https://10.3.5.48:8443/wsrf/services/ReliableFileTransferService
[30]: https://10.3.5.48:8443/wsrf/services/RendezvousFactoryService
[31]: https://10.3.5.48:8443/wsrf/services/SampleAuthzService
[32]: https://10.3.5.48:8443/wsrf/services/SecureCounterService
[33]: https://10.3.5.48:8443/wsrf/services/SecurityTestService
[34]: https://10.3.5.48:8443/wsrf/services/ShutdownService
[35]: https://10.3.5.48:8443/wsrf/services/SubscriptionManagerService
[36]: https://10.3.5.48:8443/wsrf/services/TestAuthzService
[37]: https://10.3.5.48:8443/wsrf/services/TestRPCService
[38]: https://10.3.5.48:8443/wsrf/services/TestService
[39]: https://10.3.5.48:8443/wsrf/services/TestServiceRequest
[40]: https://10.3.5.48:8443/wsrf/services/TestServiceWrongWSDL
[41]: https://10.3.5.48:8443/wsrf/services/TriggerFactoryService
[42]: https://10.3.5.48:8443/wsrf/services/TriggerService
[43]: https://10.3.5.48:8443/wsrf/services/TriggerServiceEntry
[44]: https://10.3.5.48:8443/wsrf/services/Version
[45]: https://10.3.5.48:8443/wsrf/services/WidgetNotificationService
[46]: https://10.3.5.48:8443/wsrf/services/WidgetService
[47]: https://10.3.5.48:8443/wsrf/services/gsi/AuthenticationService
[48]: https://10.3.5.48:8443/wsrf/services/mds/test/execsource/IndexService
[49]: https://10.3.5.48:8443/wsrf/services/mds/test/execsource/IndexServiceEntry
[50]: https://10.3.5.48:8443/wsrf/services/mds/test/subsource/IndexService
[51]: https://10.3.5.48:8443/wsrf/services/mds/test/subsource/IndexServiceEntry
2007-01-22 12:49:59,920 INFO impl.DefaultIndexService [ServiceThread-10,processConfigFile:107] Reading default registration configuration from file: /usr/local/globus-4.0.3/etc/globus_wsrf_mds_index/hierarchy.xml
2007-01-22 12:50:01,234 ERROR impl.QueryAggregatorSource [Thread-12,pollGetMultiple:149] Exception Getting Multiple Resource Properties from https://10.3.5.48:8443/wsrf/services/ReliableFileTransferFactoryService: java.rmi.RemoteException: Failed to serialize resource property org.globus.transfer.reliable.service.factory.TotalNumberOfBytesTransferred@4f71a3; nested exception is:
org.apache.commons.dbcp.DbcpException: A connection error has occurred: FATAL: no pg_hba.conf entry for host "10.3.5.48", user "globus", database "rftDatabase", SSL off
2007-01-22 12:51:01,214 ERROR impl.QueryAggregatorSource [Thread-12,pollGetMultiple:149] Exception Getting Multiple Resource Properties from https://10.3.5.48:8443/wsrf/services/ReliableFileTransferFactoryService: java.rmi.RemoteException: Failed to serialize resource property org.globus.transfer.reliable.service.factory.TotalNumberOfBytesTransferred@4f71a3; nested exception is:
org.apache.commons.dbcp.DbcpException: A connection error has occurred: FATAL: no pg_hba.conf entry for host "10.3.5.48", user "globus", database "rftDatabase", SSL off
RFT的警告是在预料之中的,因为我们还没有安装配置数据库,否则的话一切都会很完美的。
10.3.5.48是我的IP地址。如果你发现你那边显示的是“127.0.0.1”的话,你可以这样修改:
编辑$GLOBUS_LOCATION/etc/globus_wsrf_core/server-config.wsdd和 client-server-config.wsdd,添加一行<parameter name="logicalHost" value="10.3.5.48 " /> 到<globalConfiguration>部分. 例如:
<globalConfiguration>
<parameter name="logicalHost" value="10.3.5.48" />
你也可以通过以上方法为多个主机选择发布接口。参考Global Configuration可以获得关于容器配置的更多选项信息。
我门下面可以通过一个简单的clients/services来与容器进行交互操作。
jeffery% setenv JAVA_HOME /usr/java/j2sdk1.4.2_12/
jeffery% setenv ANT_HOME /usr/local/apache-ant-1.6.5/
jeffery% setenv PATH $ANT_HOME/bin:$JAVA_HOME/bin:$PATH
jeffery% counter-client –s https://database-group.seu.edu.cn:8443/wsrf/services/CounterService
Got notification with value: 3
Counter has value: 3
Got notification with value: 13
(TODO 提示找不到counter-client命令,未解决)
这正是我们期望的输出,所以可见container已经起来并且正在运行。接下来我们将为RFT配置数据库以便消除那些烦人的警告,并且我们现在可以使用GridFTP来放心的传送文件了。
(未完待续)
扫一扫
6116
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
