Main BLOGGER
Google
WWW THIS BLOG
Thursday, March 30, 2006
 
GT4, get started, in simple CA mode

Resources:

http://www.nesc.ac.uk/talks/519/mon/5-JavaWSCoreAdmin.pdf

http://www.globus.org/toolkit/docs/4.0/admin/docbook/ch06.html

http://www.globus.org/mail_archive/discuss/2005/07/maillist.html

 

 

For general cluster machines

Use account 'pliu' for example

 

1. download gt4 core binary

gt4.0.1-ia32_debian_3.1-binary-installer.tar.gz

from http://www.globus.org/toolkit/downloads/4.0.0/#debian

choose Debian Sarge Binary Installer

 

2. copy it to your local ~/gt4_src

run "tar -xzvf gt4.0.1-ia32_debian_3.1-binary-installer.tar.gz"

cd gt4.0.1-ia32_debian_3.1-binary-installer

setenv GLOBUS_LOCATION  /home/pliu/gt4

./configure --prefix=/home/pliu/gt4

make

make install

 

 

3. run $GLOBUS_LOCATION/setup/globus/setup-simple-ca

 unique subject name =

cn=Globus Simple CA, ou=simpleCA-rommel.cs.binghamton.edu, ou=GlobusTest, o=Grid

 

4. The passphrase of the CA certificate will be used only when signing certificates

666666

 

5. follow the instruction and run

$GLOBUS_LOCATION/setup/globus_simple_ca_d78b7896_setup/setup-gsi -nonroot -default

 

6. Host Certificates

6.1 create request

$GLOBUS_LOCATION/bin/grid-cert-request -host 'rommel.cs.binghamton.edu'

It will create

   $GLOBUS_LOCATION/etc/hostkey.pem

   $GLOBUS_LOCATION/etc/hostcert_request.pem

    (an empty) $GLOBUS_LOCATION/etc/hostcert.pem

6.2 sign it

$GLOBUS_LOCATION/bin/grid-ca-sign -in $GLOBUS_LOCATION/etc/hostcer

t_request.pem -out $GLOBUS_LOCATION/etc/grid-security/hostsigned.pem

 

The new signed certificate is at: /home/pliu/.globus/simpleCA//newcerts/01.pem

cp /home/pliu/.globus/simpleCA//newcerts/01.pem  $GLOBUS_LOCATION/etc/grid-security/hostsigned.pem

 

7. User certificates

7.1 create request with user password

$GLOBUS_LOCATION/bin/grid-cert-request

A certificate request and private key is being created.

You will be asked to enter a PEM pass phrase.

This pass phrase is akin to your account password,

and is used to protect your key file.

PEM=88888888

 

7.2 sign it

go to ~/.globus and run

$GLOBUS_LOCATION/bin/grid-ca-sign -in usercert_request.pem -out signed.pem

 

The new signed certificate is at: /home/pliu/.globus/simpleCA//newcerts/02.pem

cp /home/pliu/.globus/simpleCA//newcerts/02.pem /home/pliu/.globus/usercert.pem

 

8. copy host key and certification to container key

 

cp $GLOBUS_LOCATION/etc/hostkey.pem $GLOBUS_LOCATION/etc/grid-security/containerkey.pem

cp $GLOBUS_LOCATION/etc/grid-security/hostsigned.pem $GLOBUS_LOCATION/etc/grid-security/containercert.pem

 

 

9. add map

run

$GLOBUS_LOCATION/bin/grid-cert-info -subject

 

/O=Grid/OU=GlobusTest/OU=simpleCA-rommel.cs.binghamton.edu/OU=cs.binghamton.edu/CN=Pu Liu

 

associate it with users

run

$GLOBUS_LOCATION/sbin/grid-mapfile-add-entry -f ~/.gridmap -dn "/O=Grid/OU=GlobusTest/OU=simpleCA-rommel.cs.binghamton.edu/OU=cs.binghamton.edu/CN=Pu Liu" -ln pliu

 

10. change default wsrf security settings

vi ../etc/globus_wsrf_core/global_security_descriptor.xml

 

<?xml version="1.0" encoding="UTF-8"?>

<securityConfig xmlns="http://www.globus.org">

    <credential>

        <key-file value="/home/pliu/gt4/etc/grid-security/containerkey.pem"/>

        <cert-file value="/home/pliu/gt4/etc/grid-security/containercert.pem"/>

    </credential>

    <gridmap value="/home/pliu/.gridmap"/>

</securityConfig>

 

 

11. start container 

source $GLOBUS_LOCATION/etc/globus-user-env.csh

$GLOBUS_LOCATION/bin/globus-start-container -nonsec

 

In case the default port 8843 is used, you can specify -p <port>.

trouble shooting for step 10

in bash

strace $GLOBUS_LOCATION/bin/globus-start-container 2>&1 |grep containercert

grep -ri containercert.pem ..


- posted by Pop @ 4:11 PM


<< Home

Powered by Blogger

Google
WWW THIS BLOG