GT3 Admin Guide - Configuration
Security Configuration
If you already have GT2 certificates and have /etc/grid-security configured, you may skip this step.
Update: Please follow the instructions at the GCS homepage to acquire certificates.
MMJFS Configuration
- After you have hostcerts, run
install-gt3-mmjfsin the installer directory - After installing MMJFS, go to /path/to/install and run setperms.sh as root. This sets up the two setuid binaries (launch_uhe_setuid and globus-grim) required by the GT3 GRAM service. It is important that the account under which you plan to run the GRAM master managed job factory is a member of the group that owns the launch_uhe_setuid program. This group defaults to the default group of the installing user and should only contain privileged members.
- With the server configuration and setuid in place, we need to add
authorizations for who will be allowed to submit jobs.
- First, create a /etc/grid-security/grid-mapfile. The syntax is to
have one line per user, with the certificate subject followed by the
user account name, like the following:
"/O=Grid/O=Globus/OU=mcs.anl.gov/CN=Charles Bacon" bacon
- Then, create /etc/grid-security/grim-port-type.xml
<authorized_port_types>
<port_type username="bacon">http://www.globus.org/namespaces/managed_job/managed_job/ManagedJobPortType</port_type>
</authorized_port_types>
- First, create a /etc/grid-security/grid-mapfile. The syntax is to
have one line per user, with the certificate subject followed by the
user account name, like the following:
- Now that users can authorize to your server, it's time to start it
up. You don't have to specify -p if you want 8080, but
you can specify an alternate port if you need to.
globus$ export GLOBUS_LOCATION=`pwd`globus$ bin/globus-start-container -p 8080
- With the container running, a client can submit a job.
bacon$ grid-proxy-initbacon$ bin/managed-job-globusrun -factory http://140.221.57.75:8080/ogsa/services/base/gram/MasterForkManagedJobFactoryService -file etc/test.xml- Note: your -factory URI will be different, including your own IP address and port. You can see the list of services in the output of globus-start-container. If you do not see MasterForkManagedJobFactoryService, you might have skipped install-gt3-mmjfs.
- Note that etc/test.xml may output to both ~/stdout and ~/stderr. A successful run will append a line to the stdout file.
- In order to stop the container, issue the
following 2 commands in another terminal window, as the user who started the
container. These will have the effect of issuing a controlled
stop command.
-
export X509_USER_PROXY=/tmp/x509cp_`whoami`_grim -
globus-stop-container -secure soft
-
For support, please see the Support Page [UPDATE: Version 3.0 is no longer supported. Please upgrade to 3.2 or 4.0.]
Charles Bacon Last modified: Mon Dec 22 17:37:35 CDT 2003