Context Navigation

Changes between Version 123 and Version 124 of client_installation_guide_rpm

Timestamp:: 06/13/13 09:34:45 (11 years ago)
Author:: piontek
Comment:: --

Legend:

: Unmodified
: Added
: Removed
: Modified

client_installation_guide_rpm

v123	v124
9	9	* '''PL-Grid LDAP integration (PL-Grid only)''' - the machine where the client is to be installed has to be configured to allow users to log in to the their "plg*" accounts.
10	10	* '''Packages requirements''' - all packages required by the QCG-Client will be automatically installed by YUM during the installation of qcg-broker-client package.
11		* ''Java (>= 1.6)''\\
12	11	* '''GridFTP server''' - the GridFTP server providing access to user's data for staging them in/out. It can be installed on the client machine (see the "Optional steps" section) or be any other instance of server having access to the data (e.g. if UI `/home` directory is shared with the QCG-Computing machine then installing gridFTP server on the UI is optional).
13	12
14		= Mandatory steps =
15		The installation and configuration of the QCG-Client consists of two mandatory steps:
16		* installation of set of trusted Certificate Authorities certificates,
17		* installation of the client itself.
	13	= Preparation of the environment =
18	14
19	15	== Certificate authorities ==
…	…
21	17	To install CA certificates please follow the instruction: [[https://www.qoscosgrid.org/trac/qcg/wiki/CA%20certificates \| CA certificates installation]]
22	18
	19	== Software repositories ==
	20	To install QCG client please configure your system with [[http://www.qoscosgrid.org/trac/qcg/wiki/Software%20repositories \| QCG Software Repositories]]
23	21
24	22
25	23
26	24
27		=~~= QCG-Client =~~=
	25	= QCG-Client Installation =
28	26
29		=== Software repositories ===
30		To install QCG client please configure your system with [[http://www.qoscosgrid.org/trac/qcg/wiki/Software%20repositories \| QCG Software Repositories]]
	27	== Installation ==
31	28
32		=== Installation ===
33		* install QCG-Client using YUM Package Manager:
	29	* install QCG-Client using YUM Package Manager (as root):
34	30	{{{
35	31	#!div style="font-size: 90%"
…	…
45	41
46	42
47		==~~= Configuration =~~==
	43	== Configuration ==
48	44	* To configure the client please edit the ''/etc/qcg/qcg-broker-client/qcg-broker-client.conf'' file.
49	45
…	…
112	108
113	109
114		= Optional ~~steps~~ =
115		The optional steps consider installation and configuration of the GridFTP server as well installation and configuration of the !GridMapFileGenerator tool ~~being responsible for periodic creation of grid-map-file used by the server for authoris~~ation and mapping users to physical accounts.
	110	= Optional Components Installation =
	111	The optional steps consider installation and configuration of the GridFTP server as well installation and configuration of the !GridMapFileGenerator tool (PLGrid Only) being responsible for periodic creation of grid-map-file used by the server for authorization and mapping users to physical accounts.
116	112
117	113	The steps are for the case when there is no other GridFTP server providing access to user's data on the client machine and the dedicated instance of the server has to be installed.
…	…
120	116
121	117	== GridFTP server ==
122		For the user convenience QCG-client is able to stage in input data accessible from the host where it is installed and also to stage out output data there. The functionality requires the data to be accessible via GridFTP server. The GridFTP server can be installed on the client machine or it can be any GridFTP server having access to the data on client machine. The simplest and the most popular solution is to mount the same shared network file system on both machines. The mount point must be exact the same. Paths to data have to be exactly the same on both machines.
	118	For the user convenience QCG-Client is able to stage in input data accessible from the host where it is installed and also to stage out output data there. The functionality requires the data to be accessible via GridFTP server. The GridFTP server can be installed on the client machine or it can be any GridFTP server having access to the data on client machine. The simplest and the most popular solution is to mount the same shared network file system on both machines. The mount point must be exact the same. Paths to data have to be exactly the same on both machines.
123	119
124		* install grid-ftp server using the YUM Package Manager:
125		It is recommended to take the gridFTP server from the IGE (Initiative for Globus in Europe) repository.
126		Please configure IGE repositories
127		{{{
128		#!div style="font-size: 90%"
129		{{{#!sh
130		cat > /etc/yum.repos.d/IGE.repo << EOF
131		[IGE]
132		name=IGE
133		baseurl=http://repo-rpm.ige-project.eu/sl/sl5/x86_64/
134		enabled=1
135		gpgcheck=1
136		gpgkey=http://repo-rpm.ige-project.eu/RPM-GPG-KEY-IGE
137		EOF
138		}}}
139		}}}
140
141		{{{
142		#!div style="font-size: 90%"
143		{{{#!sh
144		cat > /etc/yum.repos.d/IGE-updates.repo << EOF
145		[IGE-updates]
146		name=IGE - Updates
147		baseurl=http://repo-rpm.ige-project.eu/sl/updates/sl5/x86_64/
148		enabled=1
149		gpgcheck=1
150		gpgkey=http://repo-rpm.ige-project.eu/RPM-GPG-KEY-IGE
151		}}}
152		}}}
153
154		'''IMPORTANT:''' If for any reason you do not want to use IGE repos, you can alternatively configure the system to use EPEL (Extra Packages for Enterprise Linux) repository.
155		* The configuration can be done by installation of yum-conf-epel.noarch package using the YUM Package Manager.
156		{{{
157		#!div style="font-size: 90%"
158		{{{#!sh
159		yum install yum-conf-epel.noarch
160		}}}
161		}}}
162
163		Install the gridFTP server package:
164		{{{
165		#!div style="font-size: 90%"
166		{{{#!sh
167		yum install globus-gridftp-server-progs.x86_64
168		}}}
169		}}}
170
171
172		The grid-ftp server requires the X.509 certificate and key to be present in the following locations
173		* ''/etc/grid-security/hostcert.pem''
174		* ''/etc/grid-security/hostkey.pem''
175
176		The GridFTP server has to be configured to know the range of opened ports for connections.
177		Please edit the /etc/xinetd.d/gsiftp file and set the GLOBUS_TCP_PORT_RANGE environment variable.
178
179		{{{
180		#!div style="font-size: 90%"
181		{{{#!sh
182		service gsiftp
183		{
184		instances = 100
185		per_source = 50
186		socket_type = stream
187		wait = no
188		user = root
189		env += GLOBUS_TCP_PORT_RANGE=20000,25000
190		server = /usr/sbin/globus-gridftp-server
191		server_args = -i -l /var/log/globus-gridftp.log
192		server_args += -d ERROR,WARN
193		log_on_success += DURATION
194		nice = 10
195		disable = no
196		}
197
198
199		}}}
200		}}}
201
202		* If needed please install the xinetd tool first
203		{{{
204		#!div style="font-size: 90%"
205		{{{#!sh
206		yum install xinetd.x86_64
207		}}}
208		}}}
209
210		IMPORTANT: Do not forget to start or reload xinetd service.
211		{{{
212		#!div style="font-size: 90%"
213		{{{#!default
214		service xinetd reload
215		}}}
216		}}}
217
218		{{{
219		#!div style="font-size: 90%"
220		{{{#!default
221		service xinetd start
222		}}}
223		}}}
224
225		If you plan to transfer large files we advice you to adjust system wide TCP keepalive: parameters:
226		{{{
227		echo "600" > /proc/sys/net/ipv4/tcp_keepalive_time
228		echo "75" > /proc/sys/net/ipv4/tcp_keepalive_intvl
229		echo "9" > /proc/sys/net/ipv4/tcp_keepalive_probes
230		}}}
231		In order to make the changes persistent add it also to the `/etc/sysctl.conf`
	120	To install and configure the gridFTP server please follow the [[http://apps.man.poznan.pl/trac/qcg/wiki/gridftp%20server \| guide]]
232	121
233	122
…	…
245	134
246	135	=== LDAP generated grid mapfile (PL-Grid only)===
247		* Create the ''qcg-dev'' group - this group is allowed to read the configuration and log files.
248		{{{
249		#!div style="font-size: 90%"
250		{{{#!default
251		groupadd -r qcg-dev
252		}}}
253		}}}
254
255		* Install qcg grid-mapfile generator
256		{{{
257		#!div style="font-size: 90%"
258		{{{#!default
259		yum install qcg-gridmapfilegenerator
260		}}}
261		}}}
262
263		* Configure gridmapfilegenerator - remember to change
264		* url property to your local ldap replica
265		* search base
266		* filter expression
267		* security context
268		{{{
269		#!div style="font-size: 90%"
270		{{{#!default
271		vim /opt/plgrid/qcg/etc/qcg-comp/plggridmapfilegenerator.conf
272		}}}
273		}}}
274
275		* Run the gridmapfile generator in order to generate gridmapfile now
276		{{{
277		#!div style="font-size: 90%"
278		{{{#!default
279		/opt/plgrid/qcg/sbin/qcg-gridmapfilegenerator.sh
280		}}}
281		}}}
282
283		After installing and running this tool one can find three files:
284		* /etc/grid-security/grid-mapfile.local - here you can put list of DNs and local unix account names that will be merged with data acquired from the local LDAP server
285		* /etc/grid-security/grid-mapfile.deny - here you can put list od DN's (only DNs!) that you want to deny access to the GridFTP server
286		* /etc/grid-security/grid-mapfile - the final gridmap file generated using the above two files and information available in local LDAP server. Do not edit this file as it is generated automatically!
287
288		This gridmapfile generator script is run every 10 minutes. Moreover its issues `su - $USERNAME -c 'true' > /dev/null` for every new user that do not have yet home directory (thus triggering pam_mkhomedir if installed).
	136	To install and configure the gridmap-file-generator tool please follow the [[http://apps.man.poznan.pl/trac/qcg/wiki/gridmap-file-generator \| guide]]
289	137
290	138	= Verification of installation =
…	…
306	154	}}}
307	155	}}}
308
	156
309	157	'''IMPORTANT:''' For more details concerning usage of the QCG-Client please visit [[https://docs.plgrid.pl/qcg \| the QCG User Guide (Polish only)]].