Home -> Toolkit -> 3.0 -> Ogsa -> Docs -> Admin

GT3 Configuration

Security Configuration

If you already have GT2 certificates and have /etc/grid-security configured, you may skip this step.

Update: Please follow the instructions at the GCS homepage to acquire certificates.

MMJFS Configuration

1. After you have hostcerts, run install-gt3-mmjfs in the installer directory
2. After installing MMJFS, go to /path/to/install and run setperms.sh as root. This sets up the two setuid binaries (launch_uhe_setuid and globus-grim) required by the GT3 GRAM service. It is important that the account under which you plan to run the GRAM master managed job factory is a member of the group that owns the launch_uhe_setuid program. This group defaults to the default group of the installing user and should only contain privileged members.
3. With the server configuration and setuid in place, we need to add authorizations for who will be allowed to submit jobs.
   1. First, create a /etc/grid-security/grid-mapfile. The syntax is to have one line per user, with the certificate subject followed by the user account name, like the following:
      

      "/O=Grid/O=Globus/OU=mcs.anl.gov/CN=Charles Bacon" bacon

   2. Then, create /etc/grid-security/grim-port-type.xml
      <authorized_port_types>
<port_type username="bacon">http://www.globus.org/namespaces/managed_job/managed_job/ManagedJobPortType</port_type>
</authorized_port_types>

4. Now that users can authorize to your server, it's time to start it up. You don't have to specify -p if you want 8080, but you can specify an alternate port if you need to.
   • globus$ export GLOBUS_LOCATION=`pwd`
   • globus$ bin/globus-start-container -p 8080
5. With the container running, a client can submit a job.
   • bacon$ grid-proxy-init
   • bacon$ bin/managed-job-globusrun -factory http://140.221.57.75:8080/ogsa/services/base/gram/MasterForkManagedJobFactoryService -file etc/test.xml
   • Note: your -factory URI will be different, including your own IP address and port. You can see the list of services in the output of globus-start-container. If you do not see MasterForkManagedJobFactoryService, you might have skipped install-gt3-mmjfs.
6. Note that etc/test.xml may output to both ~/stdout and ~/stderr. A successful run will append a line to the stdout file.
7. In order to stop the container, issue the following 2 commands in another terminal window, as the user who started the container. These will have the effect of issuing a controlled stop command.
   • export X509_USER_PROXY=/tmp/x509cp_`whoami`_grim
   • globus-stop-container -secure soft

---

For support, please see the Support Page

Charles Bacon

Last modified: Mon Dec 22 17:37:35 CDT 2003