124 | | * install grid-ftp server using the YUM Package Manager: |
125 | | It is recommended to take the gridFTP server from the IGE (Initiative for Globus in Europe) repository. |
126 | | Please configure IGE repositories |
127 | | {{{ |
128 | | #!div style="font-size: 90%" |
129 | | {{{#!sh |
130 | | cat > /etc/yum.repos.d/IGE.repo << EOF |
131 | | [IGE] |
132 | | name=IGE |
133 | | baseurl=http://repo-rpm.ige-project.eu/sl/sl5/x86_64/ |
134 | | enabled=1 |
135 | | gpgcheck=1 |
136 | | gpgkey=http://repo-rpm.ige-project.eu/RPM-GPG-KEY-IGE |
137 | | EOF |
138 | | }}} |
139 | | }}} |
140 | | |
141 | | {{{ |
142 | | #!div style="font-size: 90%" |
143 | | {{{#!sh |
144 | | cat > /etc/yum.repos.d/IGE-updates.repo << EOF |
145 | | [IGE-updates] |
146 | | name=IGE - Updates |
147 | | baseurl=http://repo-rpm.ige-project.eu/sl/updates/sl5/x86_64/ |
148 | | enabled=1 |
149 | | gpgcheck=1 |
150 | | gpgkey=http://repo-rpm.ige-project.eu/RPM-GPG-KEY-IGE |
151 | | }}} |
152 | | }}} |
153 | | |
154 | | '''IMPORTANT:''' If for any reason you do not want to use IGE repos, you can alternatively configure the system to use EPEL (Extra Packages for Enterprise Linux) repository. |
155 | | * The configuration can be done by installation of yum-conf-epel.noarch package using the YUM Package Manager. |
156 | | {{{ |
157 | | #!div style="font-size: 90%" |
158 | | {{{#!sh |
159 | | yum install yum-conf-epel.noarch |
160 | | }}} |
161 | | }}} |
162 | | |
163 | | Install the gridFTP server package: |
164 | | {{{ |
165 | | #!div style="font-size: 90%" |
166 | | {{{#!sh |
167 | | yum install globus-gridftp-server-progs.x86_64 |
168 | | }}} |
169 | | }}} |
170 | | |
171 | | |
172 | | The grid-ftp server requires the X.509 certificate and key to be present in the following locations |
173 | | * ''/etc/grid-security/hostcert.pem'' |
174 | | * ''/etc/grid-security/hostkey.pem'' |
175 | | |
176 | | The GridFTP server has to be configured to know the range of opened ports for connections. |
177 | | Please edit the /etc/xinetd.d/gsiftp file and set the GLOBUS_TCP_PORT_RANGE environment variable. |
178 | | |
179 | | {{{ |
180 | | #!div style="font-size: 90%" |
181 | | {{{#!sh |
182 | | service gsiftp |
183 | | { |
184 | | instances = 100 |
185 | | per_source = 50 |
186 | | socket_type = stream |
187 | | wait = no |
188 | | user = root |
189 | | env += GLOBUS_TCP_PORT_RANGE=20000,25000 |
190 | | server = /usr/sbin/globus-gridftp-server |
191 | | server_args = -i -l /var/log/globus-gridftp.log |
192 | | server_args += -d ERROR,WARN |
193 | | log_on_success += DURATION |
194 | | nice = 10 |
195 | | disable = no |
196 | | } |
197 | | |
198 | | |
199 | | }}} |
200 | | }}} |
201 | | |
202 | | * If needed please install the xinetd tool first |
203 | | {{{ |
204 | | #!div style="font-size: 90%" |
205 | | {{{#!sh |
206 | | yum install xinetd.x86_64 |
207 | | }}} |
208 | | }}} |
209 | | |
210 | | IMPORTANT: Do not forget to start or reload xinetd service. |
211 | | {{{ |
212 | | #!div style="font-size: 90%" |
213 | | {{{#!default |
214 | | service xinetd reload |
215 | | }}} |
216 | | }}} |
217 | | |
218 | | {{{ |
219 | | #!div style="font-size: 90%" |
220 | | {{{#!default |
221 | | service xinetd start |
222 | | }}} |
223 | | }}} |
224 | | |
225 | | If you plan to transfer large files we advice you to adjust system wide TCP keepalive: parameters: |
226 | | {{{ |
227 | | echo "600" > /proc/sys/net/ipv4/tcp_keepalive_time |
228 | | echo "75" > /proc/sys/net/ipv4/tcp_keepalive_intvl |
229 | | echo "9" > /proc/sys/net/ipv4/tcp_keepalive_probes |
230 | | }}} |
231 | | In order to make the changes persistent add it also to the `/etc/sysctl.conf` |
| 120 | To install and configure the gridFTP server please follow the [[http://apps.man.poznan.pl/trac/qcg/wiki/gridftp%20server | guide]] |
247 | | * Create the ''qcg-dev'' group - this group is allowed to read the configuration and log files. |
248 | | {{{ |
249 | | #!div style="font-size: 90%" |
250 | | {{{#!default |
251 | | groupadd -r qcg-dev |
252 | | }}} |
253 | | }}} |
254 | | |
255 | | * Install qcg grid-mapfile generator |
256 | | {{{ |
257 | | #!div style="font-size: 90%" |
258 | | {{{#!default |
259 | | yum install qcg-gridmapfilegenerator |
260 | | }}} |
261 | | }}} |
262 | | |
263 | | * Configure gridmapfilegenerator - remember to change |
264 | | * url property to your local ldap replica |
265 | | * search base |
266 | | * filter expression |
267 | | * security context |
268 | | {{{ |
269 | | #!div style="font-size: 90%" |
270 | | {{{#!default |
271 | | vim /opt/plgrid/qcg/etc/qcg-comp/plggridmapfilegenerator.conf |
272 | | }}} |
273 | | }}} |
274 | | |
275 | | * Run the gridmapfile generator in order to generate gridmapfile now |
276 | | {{{ |
277 | | #!div style="font-size: 90%" |
278 | | {{{#!default |
279 | | /opt/plgrid/qcg/sbin/qcg-gridmapfilegenerator.sh |
280 | | }}} |
281 | | }}} |
282 | | |
283 | | After installing and running this tool one can find three files: |
284 | | * /etc/grid-security/grid-mapfile.local - here you can put list of DNs and local unix account names that will be merged with data acquired from the local LDAP server |
285 | | * /etc/grid-security/grid-mapfile.deny - here you can put list od DN's (only DNs!) that you want to deny access to the GridFTP server |
286 | | * /etc/grid-security/grid-mapfile - the final gridmap file generated using the above two files and information available in local LDAP server. Do not edit this file as it is generated automatically! |
287 | | |
288 | | This gridmapfile generator script is run every 10 minutes. Moreover its issues `su - $USERNAME -c 'true' > /dev/null` for every new user that do not have yet home directory (thus triggering pam_mkhomedir if installed). |
| 136 | To install and configure the gridmap-file-generator tool please follow the [[http://apps.man.poznan.pl/trac/qcg/wiki/gridmap-file-generator | guide]] |