Changes between Version 94 and Version 95 of client_installation_guide_rpm
- Timestamp:
- 10/03/12 10:34:48 (12 years ago)
Legend:
- Unmodified
- Added
- Removed
- Modified
-
client_installation_guide_rpm
v94 v95 1 = QCG BrokerClient Installation =1 = QCG-Client Installation = 2 2 3 3 [[PageOutline]] 4 5 '''The QCG-Client is the command-line java based client to the QCG-Broker service.''' 4 6 5 7 6 8 = Requirements = 7 9 * '''PL-Grid LDAP integration''' - the machine where the client is to be installed has to be configured to allow users to log in to the their "plg*" accounts. 8 * '''Packages requirements''' - all packages required by the QCG- Broker client will be automatically installed by YUM during the installation of qcg-broker-client package.10 * '''Packages requirements''' - all packages required by the QCG-Client will be automatically installed by YUM during the installation of qcg-broker-client package. 9 11 * ''Java (>= 1.6)''\\ 10 * ''' gridFTP server''' - the gridFTP server providing access to user's data for staging them in/out. It can be installed on the client machine (see Optional steps) or be any other instance of server having access to the data.12 * '''GridFTP server''' - the GridFTP server providing access to user's data for staging them in/out. It can be installed on the client machine (see Optional steps) or be any other instance of server having access to the data. 11 13 12 14 = Mandatory steps = 13 The installation and configuration of QCG-Broker client consists of two mandatory steps:15 The installation and configuration of the QCG-Client consists of two mandatory steps: 14 16 * installation of set of trusted Certificate Authorities certificates, 15 17 * installation of the client itself. 18 16 19 == Certificate authorities == 17 18 To enable mutual authentication and secure communication between client and QCG-Broker service set of trusted CA certificates must be copied either into the /etc/grid-security/certificates directory or configured for every user. 20 To enable mutual authentication and secure communication between the client and the QCG-Broker service set of trusted CA certificates must be copied either into the /etc/grid-security/certificates directory or configured individually for every user. 21 19 22 === EGI IGTF CAs === 20 23 Install EGI Accepted CA certificates (this also install the Polish Grid CA) … … 45 48 46 49 === PL-Grid Simpla-CA certificate (not part of IGTF) === 47 * Add appropriate YUM repositor ies50 * Add appropriate YUM repository 48 51 {{{ 49 52 #!div style="font-size: 90%" … … 103 106 }}} 104 107 105 * Install cron job for it108 * Install cron job for fetching CRLs 106 109 {{{ 107 110 #!div style="font-size: 90%" … … 125 128 126 129 127 == QCG-Broker client == 130 == QCG-Client == 131 128 132 === Software repositories === 129 The packages are designed for Scientific Linux 5.x 133 '''The packages are designed for Scientific Linux 5.x 134 130 135 The installation process requires root privileges. 131 132 * Install PL-Grid or/and QCG repositories: 133 * Official PL-Grid repository 136 ''' 137 138 * Add PL-Grid or/and QCG repositories: 139 * Official PL-Grid repository (recommended) 134 140 {{{ 135 141 #!div style="font-size: 90%" … … 138 144 }}} 139 145 }}} 140 * !QosCosGrid testingrepository146 * Official !QosCosGrid repository 141 147 {{{ 142 148 #!div style="font-size: 90%" … … 151 157 }}} 152 158 }}} 153 * !QosCosGrid developing repository (not recommended - only for testing purposes)159 * !QosCosGrid developing repository (not recommended - mainly for developers and testers) 154 160 {{{ 155 161 #!div style="font-size: 90%" … … 166 172 167 173 === Installation === 168 * install QCG- Broker client using YUM Package Manager:174 * install QCG-Client using YUM Package Manager: 169 175 {{{ 170 176 #!div style="font-size: 90%" … … 193 199 * QCG_URL_DEFAULT - the URL of QCG-Broker service 194 200 * QCG_DN_DEFAULT - the Distinguished Name of the QCG-Broker service 195 * QCG_CLIENT_LOCATION_DEFAULT - the location o t the client. This value is set during the installation procedure and196 197 Optionally it is possible to configure the host and port of GridFTP service which will be used by client tostaging input/output files198 * GFTP_HOSTNAME - hostname of the host where the gridFTP server is installed. If the property is not set the default value is hostname of the host where the client is installed,199 * GFTP_PORT - port which the gridFTP server is listening on. If the property is not set the default value is "2811".201 * QCG_CLIENT_LOCATION_DEFAULT - the location of the client. This value is set during the installation procedure and shouldn't be modified. 202 203 Optionally it is possible to configure the host and port of the GridFTP server which will be used by client for staging input/output files 204 * GFTP_HOSTNAME - hostname of the host where the GridFTP server is installed. If the property is not set the default value is hostname of the host where the client is installed, 205 * GFTP_PORT - port which the GridFTP server is listening on. If the property is not set the default value is "2811". 200 206 201 207 Additionally it is possible to configure also the settings responsible for defining the policy for creation and refreshing of user's proxy. 202 * QCG_PROXY_DURATION_DEFAULT - default length in hours of the created proxy203 * QCG_PROXY_DURATION_MIN - minimal acceptable lifetime of the proxy. If the remaining lifetime of the proxy is smaller then the value, the proxy will beautomatically recreated.208 * QCG_PROXY_DURATION_DEFAULT - default length in hours of the proxy created by QCG-Client, 209 * QCG_PROXY_DURATION_MIN - minimal acceptable lifetime of the proxy. If the remaining lifetime of the proxy is smaller then the given value, the proxy is automatically recreated. 204 210 205 211 … … 222 228 223 229 '''IMPORTANT:''' 224 To configure the client to contact the official, production instance of QCG-Broker service deployed on PLGrid infrastructure please use the following values:230 To configure the client to contact the official, production instance of the QCG-Broker service deployed on PLGrid infrastructure please use the following values: 225 231 {{{ 226 232 #!div style="font-size: 110%" … … 232 238 233 239 == Site configuration == 234 235 240 * Configure the site to display "the message of the day" for QCG-Client. 236 241 The path to the motd file is ''/usr/share/qcg/qcg-broker-client/doc/motd''. 237 242 * Configure the site for "nightly yum updates" to automatically install new versions of the client. 243 244 238 245 = Optional steps = 239 240 The optional steps consider installation and configuration of gridFTP server as well installation and configuration of the !GridMapFileGenerator tool being responsible for periodic creation of grid-map-file used by the server for authorisation and mapping users to physical accounts. 241 242 The steps are for the case when there is no other gridFTP server providing access to user's data on the client machine and the dedicated instance of the server has to be installed. 243 244 '''IMPORTANT:''' In most cases it should be possible to configure QCG-client to use the gridFTP server installed on the QCG-Computing site. Such configuration is recommended as it reduces number of software components that have to be maintained. 246 The optional steps consider installation and configuration of the GridFTP server as well installation and configuration of the !GridMapFileGenerator tool being responsible for periodic creation of grid-map-file used by the server for authorisation and mapping users to physical accounts. 247 248 The steps are for the case when there is no other GridFTP server providing access to user's data on the client machine and the dedicated instance of the server has to be installed. 249 250 '''IMPORTANT:''' In most cases it should be possible to configure QCG-client to use the GridFTP server installed on the QCG-Computing site. Such configuration is recommended as it reduces number of software components that have to be maintained. 251 245 252 == GridFTP server == 246 For the user convenience QCG client is able to stage in input data accessible from the host where it is installed and also to stage out output data there. The functionality requires the data to be accessible via gridFTP server. The gridFTP server can be installed on the client machine or it can be any gridFTP server having access to the data on client machine. The simplest and the most popular solution is to mount the same shared network file system on both machines. The mount point must be exact the same. Paths to data have to be exactly the same on both machines.253 For the user convenience QCG-client is able to stage in input data accessible from the host where it is installed and also to stage out output data there. The functionality requires the data to be accessible via GridFTP server. The GridFTP server can be installed on the client machine or it can be any GridFTP server having access to the data on client machine. The simplest and the most popular solution is to mount the same shared network file system on both machines. The mount point must be exact the same. Paths to data have to be exactly the same on both machines. 247 254 248 255 … … 255 262 }}} 256 263 257 The grid-ftp server requires the X.509 certificate and key to be present in following locations264 The grid-ftp server requires the X.509 certificate and key to be present in the following locations 258 265 * ''/etc/grid-security/hostcert.pem'' 259 266 * ''/etc/grid-security/hostkey.pem'' 260 267 261 The gridFTP server has to be configured to know the range of opened ports for connections.268 The GridFTP server has to be configured to know the range of opened ports for connections. 262 269 Please edit the /etc/xinetd.d/gsiftp file and set the GLOBUS_TCP_PORT_RANGE environment variable. 263 270 … … 305 312 306 313 == Grid Mapfile == 307 To have access do data every authenticated user must be authorized by gridFTP server against the `grid-mapfile`. This file can be created manually by an administrator (if the service is run in "test mode") or generated automatically based on the LDAP directory service. 314 To have access do data every authenticated user must be authorized by GridFTP server against the `grid-mapfile`. This file can be created manually by an administrator (if the service is run in "test mode") or generated automatically based on the LDAP directory service. 315 308 316 === Manually created grid mapfile (for testing purpose only) === 309 317 {{{ … … 314 322 }}} 315 323 }}} 324 316 325 === LDAP generated grid mapfile === 317 * Create the ''qcg-dev'' group - this grou is allowed to read the configuration and log files.326 * Create the ''qcg-dev'' group - this group is allowed to read the configuration and log files. 318 327 {{{ 319 328 #!div style="font-size: 90%" … … 352 361 353 362 After installing and running this tool one can find three files: 354 * /etc/grid-security/grid-mapfile.local - here you can put list of DN and local unix accounts name that will be merged with data acquired fromlocal LDAP server355 * /etc/grid-security/grid-mapfile.deny - here you can put list od DN's (only DNs!) that you want to deny access to the QCG-Computing service363 * /etc/grid-security/grid-mapfile.local - here you can put list of DNs and local unix account names that will be merged with data acquired from the local LDAP server 364 * /etc/grid-security/grid-mapfile.deny - here you can put list od DN's (only DNs!) that you want to deny access to the GridFTP server 356 365 * /etc/grid-security/grid-mapfile - the final gridmap file generated using the above two files and information available in local LDAP server. Do not edit this file as it is generated automatically! 357 366