Changes between Version 32 and Version 33 of client_installation_guide_rpm

Show
Ignore:
Timestamp:
10/02/12 08:49:43 (12 years ago)
Author:
piontek
Comment:

--

Legend:

Unmodified
Added
Removed
Modified

  • client_installation_guide_rpm

    v32 v33  
    55 
    66= Requirements = 
     7* '''PL-Grid LDAP integration''' 
     8 The machine where the client is to be installed has to be configured to allow users to log in to the their "plg" accounts. 
    79* '''Packages requirements'''.  
    810 All packages required by QCG-Broker client will be automatically installed by YUM during the installation of qcg-broker-client package. 
    911 * '''Java (>= 1.5)'''\\ 
    1012* '''The X.509 certificate and key (signed by the Polish Grid CA''' 
    11  The certificate is needed in case when the dedicated gridFTP service is installed for the QCG client. 
     13 The certificate is optional and it is needed in the case when the dedicated gridFTP service is installed for the QCG client. 
    1214* '''trusted CA certificates''' 
    1315 To enable secure communication between client and QCG-Broker service set of trusted CA certificates must be copied either into the `/etc/grid-security/certificates` directory or configured for every user. 
     16 
    1417 
    1518For the PL-Grid project: Install Polish Grid and PL-Grid Simple-CA certificates: 
     
    132135}}} 
    133136 
    134 * configuation of grid-ftp server 
    135  
    136137The grid-ftp server requires the X.509 certificate and key to be present in following locations 
    137138* ''/etc/grid-security/hostcert.pem'' 
    138139* ''/etc/grid-security/hostkey.pem'' 
     140 
     141== the Grid Mapfile == 
     142This tutorial assumes that the QCG-Computing service is configured in such way, that every authenticated user must be authorized against the `grid-mapfile`. This file can be created manually by an administrator (if the service is run in "test mode") or generated automatically based on the LDAP directory service. 
     143=== Manually created grid mapfile (for testing purpose only) === 
     144{{{ 
     145#!div style="font-size: 90%" 
     146{{{#!default 
     147#for test purpose only add mapping for your account 
     148echo '"MyCertDN" myaccount' >> /etc/grid-security/grid-mapfile 
     149}}} 
     150}}} 
     151=== LDAP generated grid mapfile === 
     152{{{ 
     153#!div style="font-size: 90%" 
     154{{{#!default 
     155# 
     156# 1. install qcg grid-mapfile generator 
     157# 
     158yum install qcg-gridmapfilegenerator 
     159# 
     160# 2.  configure gridmapfilegenerator - remember to change  
     161# * url property to your local ldap replica 
     162# * search base 
     163# * filter expression 
     164# * security context 
     165vim  /opt/plgrid/qcg/etc/qcg-comp/plggridmapfilegenerator.conf  
     166# 
     167# 3. run the gridmapfile generator in order to generate gridmapfile now 
     168# 
     169/opt/plgrid/qcg/sbin/qcg-gridmapfilegenerator.sh  
     170}}} 
     171}}} 
     172 
     173After installing and running this tool one can find three files: 
     174 * /etc/grid-security/grid-mapfile.local - here you can put list of DN and local unix accounts name that will be merged with data acquired from local LDAP server 
     175 * /etc/grid-security/grid-mapfile.deny - here you can put list od DN's (only DNs!) that you want to deny access to the QCG-Computing service 
     176 * /etc/grid-security/grid-mapfile - the final gridmap file generated using the above two files and information available in local LDAP server. Do not edit this file as it is generated automatically! 
     177 
     178This gridmapfile generator script is run every 10 minutes. Moreover its issues  `su - $USERNAME -c 'true' > /dev/null`  for every new user that do not have yet home directory (thus triggering pam_mkhomedir if installed). 
    139179 
    140180* install QCG-Broker client using YUM Package Manager: