High Performance Computing
High End Visualization
About CCR Contact Us Events Facilities Faculty Project Highlights History Job Opportunities News Partners Staff
Bioinformatics Consulting Services Grid Computing Visualization
Accounts Application Software Consulting Getting Started Hardware Resources Frequently Asked Questions Machine Status MyCCR MyStats Overview Request Help Storage Resources Training/Courses Web Portals
Access Grid Training Outreach
Events Logos Media News Photo Album Videos
Contact Information Directions

nysgrid-docs-submit-host

OSG Client Installation on Debian 5
Author: Michael J. Reale
Date: 07-15-2009

INTRODUCTION

This the procedure I went through to install the OSG client on a
Debian 5 (64-bit) machine.

Note that this is a non-root install, and the software is assumed to be in
someone's home directory. For example, all software could be installed under:

	export NYSGRID=/home/mreale/nysgrid

However, some of these instructions will require root access.

BEFORE INSTALLATION

You will need to get libssl-dev, so run:

	sudo apt-get install libssl-dev

You will also need to create two users: "globus" and "condor" (each with their
own home directories).

Start by creating your "nysgrid" directory:

	export NYSGRID=/home/mreale/nysgrid
	mkdir nysgrid
	cd nysgrid

At present, you need to use an older version of Perl (5.8.9) for
the OSG client software. Therefore, we will install a local version
and set the PATH variable later:

	mkdir oldperl
	mkdir download
	cd download
	wget http://www.cpan.org/src/perl-5.8.9.tar.gz
	gunzip perl-5.8.9.tar.gz
	tar -xvf perl-5.8.9.tar
	cd perl-5.8.9
	sh Configure -de -Dprefix=/home/mreale/nysgrid/oldperl
	make
	make install
	cd ..
	cd ..

Now we need to install Pacman:

	mkdir pacman
	cd pacman
	wget http://physics.bu.edu/pacman/sample_cache/tarballs/pacman-3.26.tar.gz
	tar --no-same-owner -xzvf pacman-3.26.tar.gz
	cd pacman-3.26
	source setup.sh
	cd ..

We are now ready to install the OSG client.

INSTALLATION

Create the directory and start the installation. Note that Debian 5 (64-bit)
is an unsupported platform, so we need to set VDT_ALLOW_UNSUPPORTED to 1.
Apart from the Perl PATH redirection (explained before), the other
environment variable changes were made to address various problems I
encountered during the installation (for example, there is a point
where a program in vdt/sbin needs to be called, but the system
cannot find it because it isn't in the PATH). In theory, these
should not have to be here.

	mkdir osg-client
	cd osg-client

	export VDT_ALLOW_UNSUPPORTED=1
	export VDTSETUP_ACCEPT_PLATFORM=y
	export PATH=$NYSGRID/osg-client/vdt/sbin:$PATH
	export VDT_LOCATION=$NYSGRID/osg-client
	export PATH=$NYSGRID/oldperl/bin:$PATH
	export LD_LIBRARY_PATH=/usr/lib:$LD_LIBRARY_PATH
	pacman -pretend-platform linux-debian-4 -get OSG:client

Answer "yall", "y", and "l" to the questions that come up.

Globus-Base-Info-Essentials and Globus-Base-Info-Client may come up as
"not supported on this platform." The software seems to work well
regardless, so ignore these for now.

You will probably get an error at this point, claiming that
globus/sbin/SXXsshd does not exist. There is, however, a
sshd in that folder. Against my better judgment, the quick
fix is to create a link.

	ln -s ./sshd globus/sbin/SXXsshd

Then, call:

	pacman -get OSG:client

The software should then install. Check to make sure everything
is OK by typing:

	source setup.sh
	vdt-version

POST-INSTALLATION

You will have to turn certain services on:

	
	source setup.sh
	vdt-control --on

This will require root privileges.

You will also need to install the CA certificate chain:

gedit $VDT_LOCATION/vdt/etc/vdt-update-certs.conf

	# Uncomment one of the addresses
	$VDT_LOCATION/vdt-questions.sh; $VDT_LOCATION/vdt/sbin/vdt-setup-ca-certificates

	vdt-control --enable vdt-update-certs
	vdt-control --on vdt-update-certs

Any user that wants to use the OSG client will have to create a
".globus" directory in their $HOME (with permissions set to 755).
They will also need to create their usercert.pem and userkey.pem
files in that directory:

	openssl pkcs12 -in MyCertificate.pfx -clcerts -nokeys -out $HOME/.globus/usercert.pem
	openssl pkcs12 -in MyCertificate.pfx -nocerts -out $HOME/.globus/userkey.pem
	chmod 600 $HOME/.globus/usercert.pem
	chmod 600 $HOME/.globus/userkey.pem

The server certificate and key needs to be set up as well. Assuming you
decide to use your own for this purpose (and you have root privileges):

	sudo mkdir /etc/grid-security
	cd /etc/grid-security
	
	sudo ln -s /var/work/home/nysgrid/osg-client/globus/share/certificates certificates
	
	sudo cp /home/mreale/.globus/usercert.pem ./hostcert.pem
	sudo cp /home/mreale/.globus/userkey.pem ./hostkey.pem
	sudo chmod 444 hostcert.pem
	sudo chmod 400 hostkey.pem
	
	sudo cp hostcert.pem containercert.pem
	sudo cp hostkey.pem containerkey.pem
	sudo chown nysgrid: *.pem

The following lines should be added to the end of osg-client/setup.sh:

	export GLOBUS_HOSTNAME=<IP-address>
	GLOBUS_TCP_PORT_RANGE=<start-port>,<end-port>
	export GLOBUS_TCP_PORT_RANGE

where <IP-address> is the address of the machine the client is installed on,
and <start-port>/<end-port> represent the port range open in your firewall.

Also, a line pointing to the old version of Perl should be added to
osg-client/vdt/sbin/vdt-update-certs-wrapper (the cron job):

	export PATH=$NYSGRID/oldperl/bin:$PATH

This should be inserted before the call to vdt-update-certs in the script.

Enter labels to add to this page:
Please wait 
Looking for a label? Just start typing.