mintelong
- 浏览: 396232 次
- 性别:
- 来自: 上海
-
文章分类
最新评论
-
lalaeye:
学习一下,明天再看。
android框架设计 -
418702610:
...
Collections.synchronizedMap(new LinkedHashMap()) -
mao_lu:
给个代码下载吧,谢谢
在Android中创建和使用数据库 -
lyltiger:
那就是说单纯的android测试还不能进行!
Android单元测试 -
貌似掉线:
貌似是我想要的。。先标记一下,明天起来看。。
Android单元测试
我们是实验环境,所以用SimpleCA来进行加密认证。
在这里,我采用了本机+虚拟机的安装方式,把本机作为主节点,虚拟机作为子节点。这里的IP地址是我直接从实验室拷贝过来的。
我们就是要确保主机的名称不是默认的localhost.localdomain localhost
本机[xx1.com]:
ip:211.67.141.181
mask:255.255.255.0
gateway:211.67.141.1
虚拟机[xx2.com]:
ip:211.67.141.189
mask:255.255.255.0
gateway:211.67.141.1
我们首先查看一下本机:
[root@xx1 globus]# vi /etc/sysconfig/network
NETWORKING=yes
NETWORKING_IPV6=yes
HOSTNAME=xx1.com
这个主机名字,大家最好修改一下,把这两个节点弄成一个域下面的。
例如:我在实验室用的是
gridnodeone.hnufe.edu.cn
gridnodetwo.hnufe.edu.cn
这里的xx1.com和xx2.com是随便填写的,这样会比较麻烦,尤其是用gridftp进行文件拷贝的时候。
[这一小段大家可能暂时看不明白什么意思,可以跳过]
当大家使用如下命令,进行文件拷贝的时候
globus-url-copy gsiftp://xx1.com/etc/group gsiftp:///xx2.com/test.copy
,可能解析不到域名,或者提示域名跟IP地址不对应,应该就是这里出问题了,大概解决思路就是这个方向。
我也没有利用DNS服务[因为我不懂],后来我一个同学告诉我,直接利用/etc/hosts文件就可以了。
所以我把/etc/hosts文件修改如下:
[root@xx1 globus]# more /etc/hosts
127.0.0.1 localhost.localdomain localhost
211.67.141.181 xx1.com xx1
211.67.141.189 xx2.com xx2
然后,我在查看主机名称是不是正确
[root@xx1 globus]# more /etc/sysconfig/network
NETWORKING=yes
NETWORKING_IPV6=yes
HOSTNAME=xx1.com
修改主机名称之后,我们可以安装SimpleCA了
切换到如下目录
[globus@xx1 globus]$ pwd
/usr/local/globus/setup/globus
运行安装程序,如果出了下列提示,说明GLOBUS_LOCATION没有设置
[globus@xx1 globus]$ ./setup-simple-ca
WARNING: GLOBUS_LOCATION not set, assuming:
GLOBUS_LOCATION=/usr/local/globus/setup/globus//setup-simple-ca
WARNING: GPT_LOCATION not set, assuming:
GPT_LOCATION=/usr/local/globus/setup/globus//setup-simple-ca
ERROR: Your globus install has not been setup correctly
/usr/local/globus/setup/globus//setup-simple-ca/libexec/globus-script-initializer not found
You most likely need to run gpt-postinstall for this globus install
我建议把GLOBUS_LOCATION写入/etc/profile,因为以后调试容器需要这个变量,每次都用export命令到处,特别麻烦。
这里我们直接导出
[globus@xx1 globus]$ export GLOBUS_LOCATION=/usr/local/globus/
再次运行命令:
[globus@xx1 globus]$ ./setup-simple-ca
WARNING: GPT_LOCATION not set, assuming:
GPT_LOCATION=/usr/local/globus/
C e r t i f i c a t e A u t h o r i t y S e t u p
This script will setup a Certificate Authority for signing Globus
users certificates. It will also generate a simple CA package
that can be distributed to the users of the CA.
The CA information about the certificates it distributes will
be kept in:
/home/globus/.globus/simpleCA/
The unique subject name for this CA is:
cn=Globus Simple CA, ou=simpleCA-xx1.com, ou=GlobusTest, o=Grid
Do you want to keep this as the CA subject (y/n) [y]:
大家可以看到,本机作为主节点,ou=simpleCA-xx1.com,这就对应了上边让大家修改主机名称的作用。
直接回车键即可,然后又提示让电邮,这里可以随便填写,这是让别人向你索取证书的地址。
Enter the email of the CA (this is the email where certificate
requests will be sent to be signed by the CA):
接着,就是证书过期日期,默认五年,直接回车:
The CA certificate has an expiration date. Keep in mind that
once the CA certificate has expired, all the certificates
signed by that CA become invalid. A CA should regenerate
the CA certificate and start re-issuing ca-setup packages
before the actual CA certificate expires. This can be done
by re-running this setup script. Enter the number of DAYS
the CA certificate should last before it expires.
[default: 5 years (1825 days)]:
又提示给打开证书提供一个密码,并且确认
Enter PEM pass phrase:
Verifying - Enter PEM pass phrase:
接着,又是一堆输出,我们可以看到公钥和私玥放在什么地方了,还有分发包放在那里[分发包可以用来配置自节点]:
-------------------------------------------------------------------
The private key of the CA is stored in /home/globus/.globus/simpleCA//private/cakey.pem
The public CA certificate is stored in /home/globus/.globus/simpleCA//cacert.pem
The distribution package built for this CA is stored in
/home/globus/.globus/simpleCA//globus_simple_ca_b62cb8c1_setup-0.19.tar.gz
This file must be distributed to any host wishing to request
certificates from this CA.
CA setup complete.
The following commands will now be run to setup the security
configuration files for this CA:
$GLOBUS_LOCATION/sbin/gpt-build /home/globus/.globus/simpleCA//globus_simple_ca_b62cb8c1_setup-0.19.tar.gz
$GLOBUS_LOCATION/sbin/gpt-postinstall
-------------------------------------------------------------------
最后,终于完成了,SimpleCA生成了,但是我们也得到提示,还有一步:
Note: To complete setup of the GSI software you need to run the
following script as root to configure your security configuration
directory:
/usr/local/globus//setup/globus_simple_ca_b62cb8c1_setup/setup-gsi
For further information on using the setup-gsi script, use the -help
option. The -default option sets this security configuration to be
the default, and -nonroot can be used on systems where root access is
not available.
***************************************************************************
setup-ssl-utils: Complete
我们查看一下,是不是真的生成了分发包:
[globus@xx1 globus]$ ls ~/.globus/simpleCA/
cacert.pem crl grid-ca-ssl.conf newcerts serial
certs globus_simple_ca_b62cb8c1_setup-0.19.tar.gz index.txt private
接下来,我们要让我们的本机[xx1.com],信任我们的globus的证书,那么我们要切换到root
[globus@xx1 globus]$ su - root
口令:
执行最后一步命令
[root@xx1 ~]# export GLOBUS_LOCATION=/usr/local/globus/
[root@xx1 ~]# /usr/local/globus/setup/globus_simple_ca_b62cb8c1_setup/setup-gsi -default
setup-gsi: Configuring GSI security
Making /etc/grid-security...
mkdir /etc/grid-security
Making trusted certs directory: /etc/grid-security/certificates/
mkdir /etc/grid-security/certificates/
Installing /etc/grid-security/certificates//grid-security.conf.b62cb8c1...
Running grid-security-config...
Installing Globus CA certificate into trusted CA certificate directory...
Installing Globus CA signing policy into trusted CA certificate directory...
setup-gsi: Complete
根据上面的输出,我们看看相应的目录下面是不是多了什么。
[root@xx1 ~]# ls /etc/grid-security/certificates/
b62cb8c1.0 globus-host-ssl.conf.b62cb8c1 grid-security.conf.b62cb8c1
b62cb8c1.signing_policy globus-user-ssl.conf.b62cb8c1
[root@xx1 ~]# ls /etc/grid-security/
certificates globus-host-ssl.conf globus-user-ssl.conf grid-security.conf
这些都是SimpleCA的配置文件,它们的具体总用,可以参考相应的文档。
现在,我们需要让本机请求证书并得到SimpleCA的认证。
如果你自己配置,需要把xx1.com改成你自己主节点的名称
[root@xx1 bin]# ./grid-cert-request -host xx1.com
Generating a 1024 bit RSA private key
.++++++
..........................++++++
writing new private key to '/etc/grid-security/hostkey.pem'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Level 0 Organization [Grid]:Level 0 Organizational Unit [GlobusTest]:Level 1 Organizational Unit [simpleCA-xx1.com]:Name (e.g., John M. Smith) []:
A private host key and a certificate request has been generated
with the subject:
/O=Grid/OU=GlobusTest/OU=simpleCA-xx1.com/CN=host/xx1.com
----------------------------------------------------------
The private key is stored in /etc/grid-security/hostkey.pem
The request is stored in /etc/grid-security/hostcert_request.pem
Please e-mail the request to the Globus Simple CA cy_xiaoxiao@yahoo.com.cn
You may use a command similar to the following:
cat /etc/grid-security/hostcert_request.pem | mail cy_xiaoxiao@yahoo.com.cn
Only use the above if this machine can send AND receive e-mail. if not, please
mail using some other method.
Your certificate will be mailed to you within two working days.
If you receive no response, contact Globus Simple CA at cy_xiaoxiao@yahoo.com.cn
[root@xx1 grid-security]# pwd
/etc/grid-security
运行完成后会产生以下几个文件:
/etc/grid-security/hostkey.pem
/etc/grid-security/hostcert_request.pem
/etc/grid-security/hostcert.pem (空文件)
我们查看一下,是不是这样
[root@xx1 grid-security]# ls -la *pem
-rw-r--r-- 1 root root 0 07-04 23:16 hostcert.pem
-rw-r--r-- 1 root root 1377 07-04 23:16 hostcert_request.pem
-r-------- 1 root root 887 07-04 23:16 hostkey.pem
下一步,我们要做的,就是转换为SimpleCA的角色,签署一下我们本机的认证请求。
我们首先拷贝请求文件到/usr/local/globus/bin下
[root@xx1 ~]# cp /etc/grid-security/hostcert_request.pem /usr/local/globus/bin/
转换到globus下,因为我们本机是用globus用户产生的SimpleCA
[root@xx1 ~]# su - globus
[globus@xx1 ~]$ cd /usr/local/globus/bin
签署证书
[globus@xx1 bin]$ ./grid-ca-sign -in hostcert_request.pem -out hostcert.pem
To sign the request
please enter the password for the CA key:
The new signed certificate is at: /home/globus/.globus/simpleCA//newcerts/01.pem
把签署过的证书复制回去,覆盖原来的空文件
[globus@xx1 bin]$ su - root
口令:
[root@xx1 ~]# cp /usr/local/globus/bin/hostcert.pem /etc/grid-security/
cp:是否覆盖“/etc/grid-security/hostcert.pem”? yes
看一下,已经没有空文件了
[root@xx1 ~]# ls /etc/grid-security/*pem -la
-rw-r--r-- 1 root root 2632 07-04 23:32 /etc/grid-security/hostcert.pem
-rw-r--r-- 1 root root 1377 07-04 23:16 /etc/grid-security/hostcert_request.pem
-r-------- 1 root root 887 07-04 23:16 /etc/grid-security/hostkey.pem
这三个文件属主都是root,但是我们的gridftp要用到它们,并且我们要采用globus用户启动web容器,所以我们就得有
两套认证的证书,一套归root使用,另一套归globus
[root@xx1 grid-security]# cp hostcert.pem containercert.pem
[root@xx1 grid-security]# cp hostkey.pem containerkey.pem
[root@xx1 grid-security]# chown globus.globus container*.pem
[root@xx1 grid-security]# ls -la *pem
-rw-r--r-- 1 globus globus 2632 07-04 23:38 containercert.pem
-rw-r--r-- 1 globus globus 887 07-04 23:38 containerkey.pem
-rw-r--r-- 1 root root 2632 07-04 23:32 hostcert.pem
-rw-r--r-- 1 root root 1377 07-04 23:16 hostcert_request.pem
-r-------- 1 root root 887 07-04 23:16 hostkey.pem
下面我们用来给一个普通的可以提交作业的用户签署证书,该过程和给网格容器签署证书类似
[root@xx1 ~]# tail /etc/passwd
sshd:x:74:74:Privilege-separated SSH:/var/empty/sshd:/sbin/nologin
netdump:x:34:34:Network Crash Dump user:/var/crash:/bin/bash
pcap:x:77:77::/var/arpwatch:/sbin/nologin
xfs:x:43:43:X Font Server:/etc/X11/fs:/sbin/nologin
beaglidx:x:58:58:User for Beagle indexing:/var/cache/beagle:/sbin/nologin
ntp:x:38:38::/etc/ntp:/sbin/nologin
apache:x:48:48:Apache:/var/www:/sbin/nologin
gdm:x:42:42::/var/gdm:/sbin/nologin
zx:x:500:500::/home/zx:/bin/bash
globus:x:501:501::/home/globus:/bin/bash
首先查看GLOBUS_LOCATION环境变量是否已经设置
[zx@xx1 ~]$ $GLOBUS_LOCATION
-bash: /usr/local/globus: is a directory
切换到相应目录
[zx@xx1 ~]$ cd /usr/local/globus/bin
执行相应的命令,请求生成一个认证证书
[zx@xx1 bin]$ ./grid-cert-request
Enter your name, e.g., John Smith: zx
A certificate request and private key is being created.
You will be asked to enter a PEM pass phrase.
This pass phrase is akin to your account password,
and is used to protect your key file.
If you forget your pass phrase, you will need to
obtain a new certificate.
Generating a 1024 bit RSA private key
..++++++
............++++++
writing new private key to '/home/zx/.globus/userkey.pem'
Enter PEM pass phrase:
Verifying - Enter PEM pass phrase:
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Level 0 Organization [Grid]:Level 0 Organizational Unit [GlobusTest]:Level 1 Organizational Unit [simpleCA-xx1.com]:Level 2 Organizational Unit [com]:Name (e.g., John M. Smith) []:
A private key and a certificate request has been generated with the subject:
/O=Grid/OU=GlobusTest/OU=simpleCA-xx1.com/OU=com/CN=zx
If the CN=zx is not appropriate, rerun this
script with the -force -cn "Common Name" options.
Your private key is stored in /home/zx/.globus/userkey.pem
Your request is stored in /home/zx/.globus/usercert_request.pem
Please e-mail the request to the Globus Simple CA cy_xiaoxiao@yahoo.com.cn
You may use a command similar to the following:
cat /home/zx/.globus/usercert_request.pem | mail cy_xiaoxiao@yahoo.com.cn
Only use the above if this machine can send AND receive e-mail. if not, please
mail using some other method.
Your certificate will be mailed to you within two working days.
If you receive no response, contact Globus Simple CA at cy_xiaoxiao@yahoo.com.cn
我们从上面可以看到,私钥的存储位置为/home/zx/.globus/userkey.pem
请求证书放在/home/zx/.globus/usercert_request.pem
接下来,我们给签署这个普通用户zx的证书,所以,我们把用户的请求证书文件拷贝到/usr/local/globus/bin
[root@xx1 ~]# cp /home/zx/.globus/usercert_request.pem /usr/local/globus/bin
然后,切换到globus用户下面,签署证书
[globus@xx1 ~]$ cd /usr/local/globus/bin
[globus@xx1 bin]$ ./grid-ca-sign -in usercert_request.pem -out usercert.pem
To sign the request
please enter the password for the CA key:
The new signed certificate is at: /home/globus/.globus/simpleCA//newcerts/02.pem
然后,以root用户把生成的认证文件拷贝回去,覆盖那个空的文件。
[globus@xx1 bin]$ su - root
口令:
[root@xx1 ~]# cp /usr/local/globus/bin/usercert.pem /home/zx/.globus/
cp:是否覆盖“/home/zx/.globus/usercert.pem”? y
然后,切换回普通用户zx,执行生成证书的脚本
[zx@xx1 bin]$ ./grid-proxy-init -valid 24000:0
./grid-proxy-init: error while loading shared libraries: libglobus_gsi_proxy_core_gcc32.so.0: cannot open shared object file: No such file or directory
显然,上面报错了,我们就需要再执行一个环境变量的脚本
[zx@xx1 bin]$ source /usr/local/globus/etc/globus-user-env.sh
再次执行,我加上一个参数valid,就是因为刚开始每次这个作业用户的证书都是一天过期,后来发现忘记带参数了。具体使用方法大家可以看脚本的帮助
[zx@xx1 bin]$ ./grid-proxy-init -valid 24000:0
Your identity: /O=Grid/OU=GlobusTest/OU=simpleCA-xx1.com/OU=com/CN=zx
Enter GRID pass phrase for this identity:
Creating proxy .................................................... Done
Warning: your certificate and proxy will expire Fri Jul 4 11:20:07 2008
which is within the requested lifetime of the proxy
下面我们生成一个映射文件,他的作用就是将远端的证书映射到本地用户,远端拥有该证书的用户提交的信息可以由本地映射的用户代为提交
[root@xx1 ~]# cd /etc/grid-security/
[root@xx1 grid-security]# vi grid-mapfile
[root@xx1 grid-security]# cat grid-mapfile
"/O=Grid/OU=GlobusTest/OU=simpleCA-xx1.com/OU=com/CN=zx" zx
其中的grid-mapfile文件中的前一部分,就是刚才我们请求证书的Your identity信息。
这样,主节点[也就是我们的本机]上面的globus tookit 就安装完成了,运行
/usr/local/globus/bin/globus-start-container 可启动启动容器
我们发现,容器能够启动,但是报错了。这是因为我们没有安装ReliableFileTransferFTP的原因。
[globus@xx1 ~]$ /usr/local/globus/bin/globus-start-container
2007-07-05 11:39:19,111 ERROR monitoring.SchedulerEventGenerator [Thread-2,run:198] SEG Terminated with /usr/local/globus/libexec/globus-scheduler-event-generator: error while loading shared libraries: libglobus_scheduler_event_generator_gcc32.so.0: cannot open shared object file: No such file or directory
2007-07-05 11:39:19,562 ERROR monitoring.SchedulerEventGenerator [Thread-5,run:198] SEG Terminated with /usr/local/globus/libexec/globus-scheduler-event-generator: error while loading shared libraries: libglobus_scheduler_event_generator_gcc32.so.0: cannot open shared object file: No such file or directory
2007-07-05 11:39:21,467 ERROR service.ReliableFileTransferImpl [main,<init>:69] Unable to setup database driver with pooling.Connection refused. Check that the hostname and port are correct and that the postmaster is accepting TCP/IP connections.
2007-07-05 11:39:22,543 WARN service.ReliableFileTransferHome [main,initialize:97] All RFT requests will fail and all GRAM jobs that require file staging will fail.Connection refused. Check that the hostname and port are correct and that the postmaster is accepting TCP/IP connections.
Starting SOAP server at: https://211.67.141.181:8443/wsrf/services/
With the following services:
[1]: https://211.67.141.181:8443/wsrf/services/AdminService
[2]: https://211.67.141.181:8443/wsrf/services/AuthzCalloutTestService
[3]: https://211.67.141.181:8443/wsrf/services/CASService
[4]: https://211.67.141.181:8443/wsrf/services/ContainerRegistryEntryService
[5]: https://211.67.141.181:8443/wsrf/services/ContainerRegistryService
[6]: https://211.67.141.181:8443/wsrf/services/CounterService
[7]: https://211.67.141.181:8443/wsrf/services/DefaultIndexService
[8]: https://211.67.141.181:8443/wsrf/services/DefaultIndexServiceEntry
[9]: https://211.67.141.181:8443/wsrf/services/DefaultTriggerService
[10]: https://211.67.141.181:8443/wsrf/services/DefaultTriggerServiceEntry
[11]: https://211.67.141.181:8443/wsrf/services/DelegationFactoryService
[12]: https://211.67.141.181:8443/wsrf/services/DelegationService
[13]: https://211.67.141.181:8443/wsrf/services/DelegationTestService
[14]: https://211.67.141.181:8443/wsrf/services/InMemoryServiceGroup
[15]: https://211.67.141.181:8443/wsrf/services/InMemoryServiceGroupEntry
[16]: https://211.67.141.181:8443/wsrf/services/InMemoryServiceGroupFactory
[17]: https://211.67.141.181:8443/wsrf/services/IndexFactoryService
[18]: https://211.67.141.181:8443/wsrf/services/IndexService
[19]: https://211.67.141.181:8443/wsrf/services/IndexServiceEntry
[20]: https://211.67.141.181:8443/wsrf/services/ManagedExecutableJobService
[21]: https://211.67.141.181:8443/wsrf/services/ManagedJobFactoryService
[22]: https://211.67.141.181:8443/wsrf/services/ManagedMultiJobService
[23]: https://211.67.141.181:8443/wsrf/services/ManagementService
[24]: https://211.67.141.181:8443/wsrf/services/NotificationConsumerFactoryService
[25]: https://211.67.141.181:8443/wsrf/services/NotificationConsumerService
[26]: https://211.67.141.181:8443/wsrf/services/NotificationTestService
[27]: https://211.67.141.181:8443/wsrf/services/PersistenceTestSubscriptionManager
[28]: https://211.67.141.181:8443/wsrf/services/ReliableFileTransferFactoryService
[29]: https://211.67.141.181:8443/wsrf/services/ReliableFileTransferService
[30]: https://211.67.141.181:8443/wsrf/services/RendezvousFactoryService
[31]: https://211.67.141.181:8443/wsrf/services/SampleAuthzService
[32]: https://211.67.141.181:8443/wsrf/services/SecureCounterService
[33]: https://211.67.141.181:8443/wsrf/services/SecurityTestService
[34]: https://211.67.141.181:8443/wsrf/services/ShutdownService
[35]: https://211.67.141.181:8443/wsrf/services/SubscriptionManagerService
[36]: https://211.67.141.181:8443/wsrf/services/TestAuthzService
[37]: https://211.67.141.181:8443/wsrf/services/TestRPCService
[38]: https://211.67.141.181:8443/wsrf/services/TestService
[39]: https://211.67.141.181:8443/wsrf/services/TestServiceRequest
[40]: https://211.67.141.181:8443/wsrf/services/TestServiceWrongWSDL
[41]: https://211.67.141.181:8443/wsrf/services/TriggerFactoryService
[42]: https://211.67.141.181:8443/wsrf/services/TriggerService
[43]: https://211.67.141.181:8443/wsrf/services/TriggerServiceEntry
[44]: https://211.67.141.181:8443/wsrf/services/Version
[45]: https://211.67.141.181:8443/wsrf/services/WidgetNotificationService
[46]: https://211.67.141.181:8443/wsrf/services/WidgetService
[47]: https://211.67.141.181:8443/wsrf/services/gsi/AuthenticationService
[48]: https://211.67.141.181:8443/wsrf/services/mds/test/execsource/IndexService
[49]: https://211.67.141.181:8443/wsrf/services/mds/test/execsource/IndexServiceEntry
[50]: https://211.67.141.181:8443/wsrf/services/mds/test/subsource/IndexService
[51]: https://211.67.141.181:8443/wsrf/services/mds/test/subsource/IndexServiceEntry
所以,我们必须安装postgreSQL
首先添加一个postgre用户,用来启动数据库
[root@xx1 postgresql-8.0.7]# adduser postgre -p mypostgre
[root@xx1 ~]# cp /mnt/win/globus/postgresql-8.0.7.tar.gz /usr/local/
[root@xx1 ~]# cd /usr/local/
[root@xx1 local]# tar -zxvf postgresql-8.0.7.tar.gz
[root@xx1 local]# cd postgresql-8.0.7
[root@xx1 postgresql-8.0.7]# ls
aclocal.m4 configure contrib doc HISTORY Makefile src
config configure.in COPYRIGHT GNUmakefile.in INSTALL README
关于如何安装,我们可以查看一下INSTALL文件。这里,我按照自己喜欢的方式安装
[root@xx1 postgresql-8.0.7]# ./configure
./configure不加prefix参数,默认安装到/usr/local/pgsql目录下。
[root@xx1 postgresql-8.0.7]# mkdir /usr/local/pgsql/data
[root@xx1 postgresql-8.0.7]# chown postgre.postgre !$
chown postgre.postgre /usr/local/pgsql/data
[root@xx1 postgresql-8.0.7]# su - postgre
[postgre@xx1 ~]$ cd /usr/local/pgsql/
[postgre@xx1 pgsql]$ cd bin
[postgre@xx1 bin]$ ./initdb -D /usr/local/pgsql/data
The files belonging to this database system will be owned by user "postgre".
This user must also own the server process.
The database cluster will be initialized with locale zh_CN.UTF-8.
The default database encoding has accordingly been set to UNICODE.
fixing permissions on existing directory /usr/local/pgsql/data ... ok
creating directory /usr/local/pgsql/data/global ... ok
creating directory /usr/local/pgsql/data/pg_xlog ... ok
creating directory /usr/local/pgsql/data/pg_xlog/archive_status ... ok
creating directory /usr/local/pgsql/data/pg_clog ... ok
creating directory /usr/local/pgsql/data/pg_subtrans ... ok
creating directory /usr/local/pgsql/data/base ... ok
creating directory /usr/local/pgsql/data/base/1 ... ok
creating directory /usr/local/pgsql/data/pg_tblspc ... ok
selecting default max_connections ... 100
selecting default shared_buffers ... 1000
creating configuration files ... ok
creating template1 database in /usr/local/pgsql/data/base/1 ... ok
initializing pg_shadow ... ok
enabling unlimited row size for system tables ... ok
initializing pg_depend ... ok
creating system views ... ok
loading pg_description ... ok
creating conversions ... ok
setting privileges on built-in objects ... ok
creating information schema ... ok
vacuuming database template1 ... ok
copying template1 to template0 ... ok
WARNING: enabling "trust" authentication for local connections
You can change this by editing pg_hba.conf or using the -A option the
next time you run initdb.
Success. You can now start the database server using:
./postmaster -D /usr/local/pgsql/data
or
./pg_ctl -D /usr/local/pgsql/data -l logfile start
[root@xx1 postgresql-8.0.7]# su - postgre
[postgre@xx1 ~]$ cd /usr/local/pgsql/
[postgre@xx1 pgsql]$ bin/createuser globus
Shall the new user be allowed to create databases? (y/n) y
Shall the new user be allowed to create more new users? (y/n) y
CREATE USER
[postgre@xx1 pgsql]$ cd bin
[postgre@xx1 bin]$ ./createdb rftDatabase
CREATE DATABASE
[postgre@xx1 bin]$ ./psql -d rftDatabase -f $GLOBUS_LOCATION/share/globus_wsrf_rft/rft_schema.sql
psql:/usr/local/globus/share/globus_wsrf_rft/rft_schema.sql:6: NOTICE: CREATE TABLE / PRIMARY KEY will create implicit index "requestid_pkey" for table "requestid"
CREATE TABLE
psql:/usr/local/globus/share/globus_wsrf_rft/rft_schema.sql:11: NOTICE: CREATE TABLE / PRIMARY KEY will create implicit index "transferid_pkey" for table "transferid"
CREATE TABLE
psql:/usr/local/globus/share/globus_wsrf_rft/rft_schema.sql:30: NOTICE: CREATE TABLE / PRIMARY KEY will create implicit index "request_pkey" for table "request"
CREATE TABLE
psql:/usr/local/globus/share/globus_wsrf_rft/rft_schema.sql:65: NOTICE: CREATE TABLE / PRIMARY KEY will create implicit index "transfer_pkey" for table "transfer"
CREATE TABLE
psql:/usr/local/globus/share/globus_wsrf_rft/rft_schema.sql:71: NOTICE: CREATE TABLE / PRIMARY KEY will create implicit index "restart_pkey" for table "restart"
CREATE TABLE
CREATE TABLE
CREATE INDEX
首先启动postgresql
[postgre@xx1 bin]$ /usr/local/pgsql/bin/postmaster -i -D /usr/local/pgsql/data
然后,我们启动globus容器,切换到/usr/local/globus/bin下
[globus@xx1 bin]$ ./globus-start-container
2007-07-05 12:27:37,140 ERROR monitoring.SchedulerEventGenerator [Thread-2,run:198] SEG Terminated with /usr/local/globus/libexec/globus-scheduler-event-generator: error while loading shared libraries: libglobus_scheduler_event_generator_gcc32.so.0: cannot open shared object file: No such file or directory
2007-07-05 12:27:38,248 ERROR monitoring.SchedulerEventGenerator [Thread-5,run:198] SEG Terminated with /usr/local/globus/libexec/globus-scheduler-event-generator: error while loading shared libraries: libglobus_scheduler_event_generator_gcc32.so.0: cannot open shared object file: No such file or directory
2007-07-05 12:27:40,660 ERROR service.ReliableFileTransferImpl [main,<init>:69] Unable to setup database driver with pooling.A connection error has occurred: FATAL: no pg_hba.conf entry for host "211.67.141.181", user "globus", database "rftDatabase"
2007-07-05 12:27:41,794 WARN service.ReliableFileTransferHome [main,initialize:97] All RFT requests will fail and all GRAM jobs that require file staging will fail.A connection error has occurred: FATAL: no pg_hba.conf entry for host "211.67.141.181", user "globus", database "rftDatabase"
Starting SOAP server at: https://211.67.141.181:8443/wsrf/services/
With the following services:
[1]: https://211.67.141.181:8443/wsrf/services/AdminService
...................................................................
...................................................................
...................................................................
...................................................................
这里首先报了两个错误,一个是找不到库文件,另一个是连接不到211.67.141.184也就是我们的主节点。
解决方法第一步:
[globus@xx1 bin]$ source /usr/local/globus/etc/globus-user-env.sh
能够帮助找到库文件
第二步
[root@xx1 data]# pwd
/usr/local/pgsql/data
把本机添加到信任区域里面。
[root@xx1 data]# tail pg_hba.conf
# TYPE DATABASE USER CIDR-ADDRESS METHOD
# "local" is for Unix domain socket connections only
local all all trust
# IPv4 local connections:
host all all 127.0.0.1/32 trust
# IPv6 local connections:
host all all ::1/128 trust
# IPv4 local connections:
host all all 211.67.141.181/32 trust
再次启动容器,已经没有错误了。
[globus@xx1 bin]$ ./globus-start-container
Starting SOAP server at: https://211.67.141.181:8443/wsrf/services/
With the following services:
[1]: https://211.67.141.181:8443/wsrf/services/AdminService
[2]: https://211.67.141.181:8443/wsrf/services/AuthzCalloutTestService
[3]: https://211.67.141.181:8443/wsrf/services/CASService
[4]: https://211.67.141.181:8443/wsrf/services/ContainerRegistryEntryService
[5]: https://211.67.141.181:8443/wsrf/services/ContainerRegistryService
[6]: https://211.67.141.181:8443/wsrf/services/CounterService
[7]: https://211.67.141.181:8443/wsrf/services/DefaultIndexService
[8]: https://211.67.141.181:8443/wsrf/services/DefaultIndexServiceEntry
[9]: https://211.67.141.181:8443/wsrf/services/DefaultTriggerService
[10]: https://211.67.141.181:8443/wsrf/services/DefaultTriggerServiceEntry
[11]: https://211.67.141.181:8443/wsrf/services/DelegationFactoryService
[12]: https://211.67.141.181:8443/wsrf/services/DelegationService
[13]: https://211.67.141.181:8443/wsrf/services/DelegationTestService
[14]: https://211.67.141.181:8443/wsrf/services/InMemoryServiceGroup
[15]: https://211.67.141.181:8443/wsrf/services/InMemoryServiceGroupEntry
[16]: https://211.67.141.181:8443/wsrf/services/InMemoryServiceGroupFactory
[17]: https://211.67.141.181:8443/wsrf/services/IndexFactoryService
[18]: https://211.67.141.181:8443/wsrf/services/IndexService
[19]: https://211.67.141.181:8443/wsrf/services/IndexServiceEntry
[20]: https://211.67.141.181:8443/wsrf/services/ManagedExecutableJobService
[21]: https://211.67.141.181:8443/wsrf/services/ManagedJobFactoryService
[22]: https://211.67.141.181:8443/wsrf/services/ManagedMultiJobService
[23]: https://211.67.141.181:8443/wsrf/services/ManagementService
[24]: https://211.67.141.181:8443/wsrf/services/NotificationConsumerFactoryService
[25]: https://211.67.141.181:8443/wsrf/services/NotificationConsumerService
[26]: https://211.67.141.181:8443/wsrf/services/NotificationTestService
[27]: https://211.67.141.181:8443/wsrf/services/PersistenceTestSubscriptionManager
[28]: https://211.67.141.181:8443/wsrf/services/ReliableFileTransferFactoryService
[29]: https://211.67.141.181:8443/wsrf/services/ReliableFileTransferService
[30]: https://211.67.141.181:8443/wsrf/services/RendezvousFactoryService
[31]: https://211.67.141.181:8443/wsrf/services/SampleAuthzService
[32]: https://211.67.141.181:8443/wsrf/services/SecureCounterService
[33]: https://211.67.141.181:8443/wsrf/services/SecurityTestService
[34]: https://211.67.141.181:8443/wsrf/services/ShutdownService
[35]: https://211.67.141.181:8443/wsrf/services/SubscriptionManagerService
[36]: https://211.67.141.181:8443/wsrf/services/TestAuthzService
[37]: https://211.67.141.181:8443/wsrf/services/TestRPCService
[38]: https://211.67.141.181:8443/wsrf/services/TestService
[39]: https://211.67.141.181:8443/wsrf/services/TestServiceRequest
[40]: https://211.67.141.181:8443/wsrf/services/TestServiceWrongWSDL
[41]: https://211.67.141.181:8443/wsrf/services/TriggerFactoryService
[42]: https://211.67.141.181:8443/wsrf/services/TriggerService
[43]: https://211.67.141.181:8443/wsrf/services/TriggerServiceEntry
[44]: https://211.67.141.181:8443/wsrf/services/Version
[45]: https://211.67.141.181:8443/wsrf/services/WidgetNotificationService
[46]: https://211.67.141.181:8443/wsrf/services/WidgetService
[47]: https://211.67.141.181:8443/wsrf/services/gsi/AuthenticationService
[48]: https://211.67.141.181:8443/wsrf/services/mds/test/execsource/IndexService
[49]: https://211.67.141.181:8443/wsrf/services/mds/test/execsource/IndexServiceEntry
[50]: https://211.67.141.181:8443/wsrf/services/mds/test/subsource/IndexService
[51]: https://211.67.141.181:8443/wsrf/services/mds/test/subsource/IndexServiceEntry
2007-07-05 12:34:27,240 INFO impl.DefaultIndexService [ServiceThread-10,processConfigFile:107] Reading default registration configuration from file: /usr/local/globus/etc/globus_wsrf_mds_index/hierarchy.xml
现在我们配置GridFTP
首先,查询是不是安装了xinet
[root@xx1 xinetd.d]# rpm -aq | grep xinet
结果没有,我就从硬盘的镜像里面抠出来安装程序,安装一下
[root@xx1 xinetd.d]# rpm -ivh /mnt/win/xinetd-2.3.14-8.i386.rpm
warning: /mnt/win/xinetd-2.3.14-8.i386.rpm: Header V3 DSA signature: NOKEY, key ID 4f2a6fd2
Preparing... ########################################### [100%]
1:xinetd ########################################### [100%]
[root@xx1 xinetd.d]# vi gridftp
[root@xx1 xinetd.d]# cat gridftp
service gsiftp
{
instances = 100
socket_type = stream
wait = no
user = root
env += GLOBUS_LOCATION=/usr/local/globus
env += LD_LIBRARY_PATH=/usr/local/globus/lib
server = /usr/local/globus/sbin/globus-gridftp-server
server_args = -i
log_on_success += DURATION
nice = 10
disable = no
}
编辑/etc/services文件,给local下添加一个gsiftp
[root@xx1 xinetd.d]# vi /etc/services
[root@xx1 xinetd.d]# tail !$
tail /etc/services
nimhub 48002/tcp # Nimbus Hub
nimhub 48002/udp # Nimbus Hub
nimgtw 48003/tcp # Nimbus Gateway
nimgtw 48003/udp # Nimbus Gateway
com-bardac-dw 48556/tcp # com-bardac-dw
com-bardac-dw 48556/udp # com-bardac-dw
iqobject 48619/tcp # iqobject
iqobject 48619/udp # iqobject
# Local services
gsiftp 2811/tcp
让xinetd重新载入,出错了。
[root@xx1 xinetd.d]# /etc/init.d/xinetd reload
重新载入配置: [失败]
原来我还没有启动,现加入到服务里面再说,这样,我们就不用每次手动启动GridFTP了。
[root@xx1 xinetd.d]# cd /etc/init.d/
[root@xx1 init.d]# chkconfig --add xinetd
[root@xx1 init.d]# ./xinetd start
启动 xinetd: [确定]
看一下gsiftp起来没有
[root@xx1 init.d]# netstat -at | grep gsiftp
tcp 0 0 *:gsiftp *:* LISTEN
呵呵,已经起来了。
下面,让我们看看GridFTP是不是真正的启动起来了。
[root@xx1 ~]# cp /usr/local/globus/share/globus_wsrf_rft_test/transfer.xfr /tmp/rft.xfr
[root@xx1 ~]# cat /tmp/rft.xfr
true
16000
16000
false
1
true
1
null
null
false
10
gsiftp://xx1.com:2811/etc/group
gsiftp://xx1.com:2811/tmp/rftTest_Done.tmp
对于这个rft.xfr文件,目前我还不是很懂,估计就是个传送任务文件,里面含有配置信息,据我实验的结果,应该就是把倒数第二行的文件传送到最后一行。
我用那个普通用户zx,来进行测验。
[zx@xx1 ~]$ rft -h xx1.com -f /tmp/rft.xfr
Number of transfers in this request: 1
Subscribed for overall status
Termination time to set: 60 minutes
Overall status of transfer:
Finished/Active/Failed/Retrying/Pending
0/1/0/0/0
Overall status of transfer:
Finished/Active/Failed/Retrying/Pending
1/0/0/0/0
All Transfers are completed
这说明,GridFTP不仅仅启动了,而且能够传送文件了。
我们查看一下,看看是不是传送过来了。
[root@xx1 ~]# ls /tmp/rft* -la
-rw-r--r-- 1 zx zx 649 07-08 14:53 /tmp/rftTest_Done.tmp
-rw-r--r-- 1 zx zx 126 07-08 14:53 /tmp/rft.xfr
下面,我们可以安装GRAM了。具体GRAM是来干什么的呢?下面,我引用文档中的资料:
The Globus Toolkit provides both a suite of web services and a "pre-web services" Unix server suite to submit, monitor,
and cancel jobs on Grid computing resources. Both systems are known under the moniker "GRAM", while "WS
GRAM" refers only to the web service implementation.
所以,我们首先来编辑sudo文件,在这里,我对sudo命令仍然不是十分了解,但是我通过man,知道应该是让一个用户切换到另一个用户去执行命令。
本来的这个配置文件在/etc/sudoers下面,但是我们用vi编辑的时候,会发现无法保存,出现以下信息:
E45: 'readonly' option is set (add ! to override)
因为这个文件十分重要,系统不允许你随意更改,就是怕你把格式些错了,所以要用visudo命令来修改
我们在最后,添加三行,一行注释,两行配置信息,注意啊,后两行很长,我把他们分开写了。
# Globus GRAM Entities
globus ALL=(zx) NOPASSWD: /usr/local/globus/libexec/globus-gridmap-and-execute -g /etc/grid-security/grid-mapfile /usr/local/globus/libexec/globus-job-manager-script.pl *
globus ALL=(zx) NOPASSWD: /usr/local/globus/libexec/globus-gridmap-and-execute -g /etc/grid-security/grid-mapfile /usr/local/globus/libexec/globus-gram-local-proxy-tool *
我们可以看到,上面配置信息,就是globus用户可以切换到zx用户的身份运行程序/usr/local/globus/libexec/globus- gridmap-and-execute,(后面的-g是个参数,-g之后跟的是网格安全配置文件的位置等参数),而无须输入密码
你也可以相应的修改参数,例如ALL=(zx,wz,xx)等,就是你希望globus用户可以切换到zx,wz,xx等下面。
如果大家不清楚可以参考文档man sudoers
我们提交下面这个命令,看看能否执行。
[zx@xx1 ~]$ globusrun-ws -submit -c /bin/true
Submitting job...Done.
Job ID: uuid:8877fe7c-2d24-11dc-9268-000ae66aa0b9
Termination time: 07/09/2007 07:26 GMT
Current job state: Failed
Destroying job...Done.
globusrun-ws: Job failed: Error code: 200
Sudo is misconfigured to run the globus-job-manager-script.pl script for user zx.
如果出现,上面这种情况,那么说明,肯定是sudo文件错误了,你必须仔细检查。
核对文件,之后,我们再次执行,发现任务已经可以完成了。
[zx@xx1 ~]$ globusrun-ws -submit -c /bin/true
Submitting job...Done.
Job ID: uuid:e50b6f20-2d24-11dc-954c-000ae66aa0b9
Termination time: 07/09/2007 07:28 GMT
Current job state: Active
Current job state: CleanUp
Current job state: Done
Destroying job...Done.
同时,在Globus Container的终端上,有输出显示命令运行成功了。他的JobID与上面是相同的
2007-07-08 15:29:03,799 INFO exec.StateMachine [RunQueueThread_13,logJobSucceeded:3204] Job e50b6f20-2d24-11dc-954c-000ae66aa0b9 finished successfully
下面,我们拷贝一个文件看看
[zx@xx1 ~]$ globus-url-copy file:///tmp/rft.xfr gsiftp://xx1.com/home/zx/test.copy
哈哈,有了吧,我们还可以把xx1.com换成211.67.141.181,测试一下,看看能不成成功。
[zx@xx1 ~]$ ls
Desktop test.copy
到这里,我们的主机节点就配置完毕了。
在这里,我采用了本机+虚拟机的安装方式,把本机作为主节点,虚拟机作为子节点。这里的IP地址是我直接从实验室拷贝过来的。
我们就是要确保主机的名称不是默认的localhost.localdomain localhost
本机[xx1.com]:
ip:211.67.141.181
mask:255.255.255.0
gateway:211.67.141.1
虚拟机[xx2.com]:
ip:211.67.141.189
mask:255.255.255.0
gateway:211.67.141.1
我们首先查看一下本机:
[root@xx1 globus]# vi /etc/sysconfig/network
NETWORKING=yes
NETWORKING_IPV6=yes
HOSTNAME=xx1.com
这个主机名字,大家最好修改一下,把这两个节点弄成一个域下面的。
例如:我在实验室用的是
gridnodeone.hnufe.edu.cn
gridnodetwo.hnufe.edu.cn
这里的xx1.com和xx2.com是随便填写的,这样会比较麻烦,尤其是用gridftp进行文件拷贝的时候。
[这一小段大家可能暂时看不明白什么意思,可以跳过]
当大家使用如下命令,进行文件拷贝的时候
globus-url-copy gsiftp://xx1.com/etc/group gsiftp:///xx2.com/test.copy
,可能解析不到域名,或者提示域名跟IP地址不对应,应该就是这里出问题了,大概解决思路就是这个方向。
我也没有利用DNS服务[因为我不懂],后来我一个同学告诉我,直接利用/etc/hosts文件就可以了。
所以我把/etc/hosts文件修改如下:
[root@xx1 globus]# more /etc/hosts
127.0.0.1 localhost.localdomain localhost
211.67.141.181 xx1.com xx1
211.67.141.189 xx2.com xx2
然后,我在查看主机名称是不是正确
[root@xx1 globus]# more /etc/sysconfig/network
NETWORKING=yes
NETWORKING_IPV6=yes
HOSTNAME=xx1.com
修改主机名称之后,我们可以安装SimpleCA了
切换到如下目录
[globus@xx1 globus]$ pwd
/usr/local/globus/setup/globus
运行安装程序,如果出了下列提示,说明GLOBUS_LOCATION没有设置
[globus@xx1 globus]$ ./setup-simple-ca
WARNING: GLOBUS_LOCATION not set, assuming:
GLOBUS_LOCATION=/usr/local/globus/setup/globus//setup-simple-ca
WARNING: GPT_LOCATION not set, assuming:
GPT_LOCATION=/usr/local/globus/setup/globus//setup-simple-ca
ERROR: Your globus install has not been setup correctly
/usr/local/globus/setup/globus//setup-simple-ca/libexec/globus-script-initializer not found
You most likely need to run gpt-postinstall for this globus install
我建议把GLOBUS_LOCATION写入/etc/profile,因为以后调试容器需要这个变量,每次都用export命令到处,特别麻烦。
这里我们直接导出
[globus@xx1 globus]$ export GLOBUS_LOCATION=/usr/local/globus/
再次运行命令:
[globus@xx1 globus]$ ./setup-simple-ca
WARNING: GPT_LOCATION not set, assuming:
GPT_LOCATION=/usr/local/globus/
C e r t i f i c a t e A u t h o r i t y S e t u p
This script will setup a Certificate Authority for signing Globus
users certificates. It will also generate a simple CA package
that can be distributed to the users of the CA.
The CA information about the certificates it distributes will
be kept in:
/home/globus/.globus/simpleCA/
The unique subject name for this CA is:
cn=Globus Simple CA, ou=simpleCA-xx1.com, ou=GlobusTest, o=Grid
Do you want to keep this as the CA subject (y/n) [y]:
大家可以看到,本机作为主节点,ou=simpleCA-xx1.com,这就对应了上边让大家修改主机名称的作用。
直接回车键即可,然后又提示让电邮,这里可以随便填写,这是让别人向你索取证书的地址。
Enter the email of the CA (this is the email where certificate
requests will be sent to be signed by the CA):
接着,就是证书过期日期,默认五年,直接回车:
The CA certificate has an expiration date. Keep in mind that
once the CA certificate has expired, all the certificates
signed by that CA become invalid. A CA should regenerate
the CA certificate and start re-issuing ca-setup packages
before the actual CA certificate expires. This can be done
by re-running this setup script. Enter the number of DAYS
the CA certificate should last before it expires.
[default: 5 years (1825 days)]:
又提示给打开证书提供一个密码,并且确认
Enter PEM pass phrase:
Verifying - Enter PEM pass phrase:
接着,又是一堆输出,我们可以看到公钥和私玥放在什么地方了,还有分发包放在那里[分发包可以用来配置自节点]:
-------------------------------------------------------------------
The private key of the CA is stored in /home/globus/.globus/simpleCA//private/cakey.pem
The public CA certificate is stored in /home/globus/.globus/simpleCA//cacert.pem
The distribution package built for this CA is stored in
/home/globus/.globus/simpleCA//globus_simple_ca_b62cb8c1_setup-0.19.tar.gz
This file must be distributed to any host wishing to request
certificates from this CA.
CA setup complete.
The following commands will now be run to setup the security
configuration files for this CA:
$GLOBUS_LOCATION/sbin/gpt-build /home/globus/.globus/simpleCA//globus_simple_ca_b62cb8c1_setup-0.19.tar.gz
$GLOBUS_LOCATION/sbin/gpt-postinstall
-------------------------------------------------------------------
最后,终于完成了,SimpleCA生成了,但是我们也得到提示,还有一步:
Note: To complete setup of the GSI software you need to run the
following script as root to configure your security configuration
directory:
/usr/local/globus//setup/globus_simple_ca_b62cb8c1_setup/setup-gsi
For further information on using the setup-gsi script, use the -help
option. The -default option sets this security configuration to be
the default, and -nonroot can be used on systems where root access is
not available.
***************************************************************************
setup-ssl-utils: Complete
我们查看一下,是不是真的生成了分发包:
[globus@xx1 globus]$ ls ~/.globus/simpleCA/
cacert.pem crl grid-ca-ssl.conf newcerts serial
certs globus_simple_ca_b62cb8c1_setup-0.19.tar.gz index.txt private
接下来,我们要让我们的本机[xx1.com],信任我们的globus的证书,那么我们要切换到root
[globus@xx1 globus]$ su - root
口令:
执行最后一步命令
[root@xx1 ~]# export GLOBUS_LOCATION=/usr/local/globus/
[root@xx1 ~]# /usr/local/globus/setup/globus_simple_ca_b62cb8c1_setup/setup-gsi -default
setup-gsi: Configuring GSI security
Making /etc/grid-security...
mkdir /etc/grid-security
Making trusted certs directory: /etc/grid-security/certificates/
mkdir /etc/grid-security/certificates/
Installing /etc/grid-security/certificates//grid-security.conf.b62cb8c1...
Running grid-security-config...
Installing Globus CA certificate into trusted CA certificate directory...
Installing Globus CA signing policy into trusted CA certificate directory...
setup-gsi: Complete
根据上面的输出,我们看看相应的目录下面是不是多了什么。
[root@xx1 ~]# ls /etc/grid-security/certificates/
b62cb8c1.0 globus-host-ssl.conf.b62cb8c1 grid-security.conf.b62cb8c1
b62cb8c1.signing_policy globus-user-ssl.conf.b62cb8c1
[root@xx1 ~]# ls /etc/grid-security/
certificates globus-host-ssl.conf globus-user-ssl.conf grid-security.conf
这些都是SimpleCA的配置文件,它们的具体总用,可以参考相应的文档。
现在,我们需要让本机请求证书并得到SimpleCA的认证。
如果你自己配置,需要把xx1.com改成你自己主节点的名称
[root@xx1 bin]# ./grid-cert-request -host xx1.com
Generating a 1024 bit RSA private key
.++++++
..........................++++++
writing new private key to '/etc/grid-security/hostkey.pem'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Level 0 Organization [Grid]:Level 0 Organizational Unit [GlobusTest]:Level 1 Organizational Unit [simpleCA-xx1.com]:Name (e.g., John M. Smith) []:
A private host key and a certificate request has been generated
with the subject:
/O=Grid/OU=GlobusTest/OU=simpleCA-xx1.com/CN=host/xx1.com
----------------------------------------------------------
The private key is stored in /etc/grid-security/hostkey.pem
The request is stored in /etc/grid-security/hostcert_request.pem
Please e-mail the request to the Globus Simple CA cy_xiaoxiao@yahoo.com.cn
You may use a command similar to the following:
cat /etc/grid-security/hostcert_request.pem | mail cy_xiaoxiao@yahoo.com.cn
Only use the above if this machine can send AND receive e-mail. if not, please
mail using some other method.
Your certificate will be mailed to you within two working days.
If you receive no response, contact Globus Simple CA at cy_xiaoxiao@yahoo.com.cn
[root@xx1 grid-security]# pwd
/etc/grid-security
运行完成后会产生以下几个文件:
/etc/grid-security/hostkey.pem
/etc/grid-security/hostcert_request.pem
/etc/grid-security/hostcert.pem (空文件)
我们查看一下,是不是这样
[root@xx1 grid-security]# ls -la *pem
-rw-r--r-- 1 root root 0 07-04 23:16 hostcert.pem
-rw-r--r-- 1 root root 1377 07-04 23:16 hostcert_request.pem
-r-------- 1 root root 887 07-04 23:16 hostkey.pem
下一步,我们要做的,就是转换为SimpleCA的角色,签署一下我们本机的认证请求。
我们首先拷贝请求文件到/usr/local/globus/bin下
[root@xx1 ~]# cp /etc/grid-security/hostcert_request.pem /usr/local/globus/bin/
转换到globus下,因为我们本机是用globus用户产生的SimpleCA
[root@xx1 ~]# su - globus
[globus@xx1 ~]$ cd /usr/local/globus/bin
签署证书
[globus@xx1 bin]$ ./grid-ca-sign -in hostcert_request.pem -out hostcert.pem
To sign the request
please enter the password for the CA key:
The new signed certificate is at: /home/globus/.globus/simpleCA//newcerts/01.pem
把签署过的证书复制回去,覆盖原来的空文件
[globus@xx1 bin]$ su - root
口令:
[root@xx1 ~]# cp /usr/local/globus/bin/hostcert.pem /etc/grid-security/
cp:是否覆盖“/etc/grid-security/hostcert.pem”? yes
看一下,已经没有空文件了
[root@xx1 ~]# ls /etc/grid-security/*pem -la
-rw-r--r-- 1 root root 2632 07-04 23:32 /etc/grid-security/hostcert.pem
-rw-r--r-- 1 root root 1377 07-04 23:16 /etc/grid-security/hostcert_request.pem
-r-------- 1 root root 887 07-04 23:16 /etc/grid-security/hostkey.pem
这三个文件属主都是root,但是我们的gridftp要用到它们,并且我们要采用globus用户启动web容器,所以我们就得有
两套认证的证书,一套归root使用,另一套归globus
[root@xx1 grid-security]# cp hostcert.pem containercert.pem
[root@xx1 grid-security]# cp hostkey.pem containerkey.pem
[root@xx1 grid-security]# chown globus.globus container*.pem
[root@xx1 grid-security]# ls -la *pem
-rw-r--r-- 1 globus globus 2632 07-04 23:38 containercert.pem
-rw-r--r-- 1 globus globus 887 07-04 23:38 containerkey.pem
-rw-r--r-- 1 root root 2632 07-04 23:32 hostcert.pem
-rw-r--r-- 1 root root 1377 07-04 23:16 hostcert_request.pem
-r-------- 1 root root 887 07-04 23:16 hostkey.pem
下面我们用来给一个普通的可以提交作业的用户签署证书,该过程和给网格容器签署证书类似
[root@xx1 ~]# tail /etc/passwd
sshd:x:74:74:Privilege-separated SSH:/var/empty/sshd:/sbin/nologin
netdump:x:34:34:Network Crash Dump user:/var/crash:/bin/bash
pcap:x:77:77::/var/arpwatch:/sbin/nologin
xfs:x:43:43:X Font Server:/etc/X11/fs:/sbin/nologin
beaglidx:x:58:58:User for Beagle indexing:/var/cache/beagle:/sbin/nologin
ntp:x:38:38::/etc/ntp:/sbin/nologin
apache:x:48:48:Apache:/var/www:/sbin/nologin
gdm:x:42:42::/var/gdm:/sbin/nologin
zx:x:500:500::/home/zx:/bin/bash
globus:x:501:501::/home/globus:/bin/bash
首先查看GLOBUS_LOCATION环境变量是否已经设置
[zx@xx1 ~]$ $GLOBUS_LOCATION
-bash: /usr/local/globus: is a directory
切换到相应目录
[zx@xx1 ~]$ cd /usr/local/globus/bin
执行相应的命令,请求生成一个认证证书
[zx@xx1 bin]$ ./grid-cert-request
Enter your name, e.g., John Smith: zx
A certificate request and private key is being created.
You will be asked to enter a PEM pass phrase.
This pass phrase is akin to your account password,
and is used to protect your key file.
If you forget your pass phrase, you will need to
obtain a new certificate.
Generating a 1024 bit RSA private key
..++++++
............++++++
writing new private key to '/home/zx/.globus/userkey.pem'
Enter PEM pass phrase:
Verifying - Enter PEM pass phrase:
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Level 0 Organization [Grid]:Level 0 Organizational Unit [GlobusTest]:Level 1 Organizational Unit [simpleCA-xx1.com]:Level 2 Organizational Unit [com]:Name (e.g., John M. Smith) []:
A private key and a certificate request has been generated with the subject:
/O=Grid/OU=GlobusTest/OU=simpleCA-xx1.com/OU=com/CN=zx
If the CN=zx is not appropriate, rerun this
script with the -force -cn "Common Name" options.
Your private key is stored in /home/zx/.globus/userkey.pem
Your request is stored in /home/zx/.globus/usercert_request.pem
Please e-mail the request to the Globus Simple CA cy_xiaoxiao@yahoo.com.cn
You may use a command similar to the following:
cat /home/zx/.globus/usercert_request.pem | mail cy_xiaoxiao@yahoo.com.cn
Only use the above if this machine can send AND receive e-mail. if not, please
mail using some other method.
Your certificate will be mailed to you within two working days.
If you receive no response, contact Globus Simple CA at cy_xiaoxiao@yahoo.com.cn
我们从上面可以看到,私钥的存储位置为/home/zx/.globus/userkey.pem
请求证书放在/home/zx/.globus/usercert_request.pem
接下来,我们给签署这个普通用户zx的证书,所以,我们把用户的请求证书文件拷贝到/usr/local/globus/bin
[root@xx1 ~]# cp /home/zx/.globus/usercert_request.pem /usr/local/globus/bin
然后,切换到globus用户下面,签署证书
[globus@xx1 ~]$ cd /usr/local/globus/bin
[globus@xx1 bin]$ ./grid-ca-sign -in usercert_request.pem -out usercert.pem
To sign the request
please enter the password for the CA key:
The new signed certificate is at: /home/globus/.globus/simpleCA//newcerts/02.pem
然后,以root用户把生成的认证文件拷贝回去,覆盖那个空的文件。
[globus@xx1 bin]$ su - root
口令:
[root@xx1 ~]# cp /usr/local/globus/bin/usercert.pem /home/zx/.globus/
cp:是否覆盖“/home/zx/.globus/usercert.pem”? y
然后,切换回普通用户zx,执行生成证书的脚本
[zx@xx1 bin]$ ./grid-proxy-init -valid 24000:0
./grid-proxy-init: error while loading shared libraries: libglobus_gsi_proxy_core_gcc32.so.0: cannot open shared object file: No such file or directory
显然,上面报错了,我们就需要再执行一个环境变量的脚本
[zx@xx1 bin]$ source /usr/local/globus/etc/globus-user-env.sh
再次执行,我加上一个参数valid,就是因为刚开始每次这个作业用户的证书都是一天过期,后来发现忘记带参数了。具体使用方法大家可以看脚本的帮助
[zx@xx1 bin]$ ./grid-proxy-init -valid 24000:0
Your identity: /O=Grid/OU=GlobusTest/OU=simpleCA-xx1.com/OU=com/CN=zx
Enter GRID pass phrase for this identity:
Creating proxy .................................................... Done
Warning: your certificate and proxy will expire Fri Jul 4 11:20:07 2008
which is within the requested lifetime of the proxy
下面我们生成一个映射文件,他的作用就是将远端的证书映射到本地用户,远端拥有该证书的用户提交的信息可以由本地映射的用户代为提交
[root@xx1 ~]# cd /etc/grid-security/
[root@xx1 grid-security]# vi grid-mapfile
[root@xx1 grid-security]# cat grid-mapfile
"/O=Grid/OU=GlobusTest/OU=simpleCA-xx1.com/OU=com/CN=zx" zx
其中的grid-mapfile文件中的前一部分,就是刚才我们请求证书的Your identity信息。
这样,主节点[也就是我们的本机]上面的globus tookit 就安装完成了,运行
/usr/local/globus/bin/globus-start-container 可启动启动容器
我们发现,容器能够启动,但是报错了。这是因为我们没有安装ReliableFileTransferFTP的原因。
[globus@xx1 ~]$ /usr/local/globus/bin/globus-start-container
2007-07-05 11:39:19,111 ERROR monitoring.SchedulerEventGenerator [Thread-2,run:198] SEG Terminated with /usr/local/globus/libexec/globus-scheduler-event-generator: error while loading shared libraries: libglobus_scheduler_event_generator_gcc32.so.0: cannot open shared object file: No such file or directory
2007-07-05 11:39:19,562 ERROR monitoring.SchedulerEventGenerator [Thread-5,run:198] SEG Terminated with /usr/local/globus/libexec/globus-scheduler-event-generator: error while loading shared libraries: libglobus_scheduler_event_generator_gcc32.so.0: cannot open shared object file: No such file or directory
2007-07-05 11:39:21,467 ERROR service.ReliableFileTransferImpl [main,<init>:69] Unable to setup database driver with pooling.Connection refused. Check that the hostname and port are correct and that the postmaster is accepting TCP/IP connections.
2007-07-05 11:39:22,543 WARN service.ReliableFileTransferHome [main,initialize:97] All RFT requests will fail and all GRAM jobs that require file staging will fail.Connection refused. Check that the hostname and port are correct and that the postmaster is accepting TCP/IP connections.
Starting SOAP server at: https://211.67.141.181:8443/wsrf/services/
With the following services:
[1]: https://211.67.141.181:8443/wsrf/services/AdminService
[2]: https://211.67.141.181:8443/wsrf/services/AuthzCalloutTestService
[3]: https://211.67.141.181:8443/wsrf/services/CASService
[4]: https://211.67.141.181:8443/wsrf/services/ContainerRegistryEntryService
[5]: https://211.67.141.181:8443/wsrf/services/ContainerRegistryService
[6]: https://211.67.141.181:8443/wsrf/services/CounterService
[7]: https://211.67.141.181:8443/wsrf/services/DefaultIndexService
[8]: https://211.67.141.181:8443/wsrf/services/DefaultIndexServiceEntry
[9]: https://211.67.141.181:8443/wsrf/services/DefaultTriggerService
[10]: https://211.67.141.181:8443/wsrf/services/DefaultTriggerServiceEntry
[11]: https://211.67.141.181:8443/wsrf/services/DelegationFactoryService
[12]: https://211.67.141.181:8443/wsrf/services/DelegationService
[13]: https://211.67.141.181:8443/wsrf/services/DelegationTestService
[14]: https://211.67.141.181:8443/wsrf/services/InMemoryServiceGroup
[15]: https://211.67.141.181:8443/wsrf/services/InMemoryServiceGroupEntry
[16]: https://211.67.141.181:8443/wsrf/services/InMemoryServiceGroupFactory
[17]: https://211.67.141.181:8443/wsrf/services/IndexFactoryService
[18]: https://211.67.141.181:8443/wsrf/services/IndexService
[19]: https://211.67.141.181:8443/wsrf/services/IndexServiceEntry
[20]: https://211.67.141.181:8443/wsrf/services/ManagedExecutableJobService
[21]: https://211.67.141.181:8443/wsrf/services/ManagedJobFactoryService
[22]: https://211.67.141.181:8443/wsrf/services/ManagedMultiJobService
[23]: https://211.67.141.181:8443/wsrf/services/ManagementService
[24]: https://211.67.141.181:8443/wsrf/services/NotificationConsumerFactoryService
[25]: https://211.67.141.181:8443/wsrf/services/NotificationConsumerService
[26]: https://211.67.141.181:8443/wsrf/services/NotificationTestService
[27]: https://211.67.141.181:8443/wsrf/services/PersistenceTestSubscriptionManager
[28]: https://211.67.141.181:8443/wsrf/services/ReliableFileTransferFactoryService
[29]: https://211.67.141.181:8443/wsrf/services/ReliableFileTransferService
[30]: https://211.67.141.181:8443/wsrf/services/RendezvousFactoryService
[31]: https://211.67.141.181:8443/wsrf/services/SampleAuthzService
[32]: https://211.67.141.181:8443/wsrf/services/SecureCounterService
[33]: https://211.67.141.181:8443/wsrf/services/SecurityTestService
[34]: https://211.67.141.181:8443/wsrf/services/ShutdownService
[35]: https://211.67.141.181:8443/wsrf/services/SubscriptionManagerService
[36]: https://211.67.141.181:8443/wsrf/services/TestAuthzService
[37]: https://211.67.141.181:8443/wsrf/services/TestRPCService
[38]: https://211.67.141.181:8443/wsrf/services/TestService
[39]: https://211.67.141.181:8443/wsrf/services/TestServiceRequest
[40]: https://211.67.141.181:8443/wsrf/services/TestServiceWrongWSDL
[41]: https://211.67.141.181:8443/wsrf/services/TriggerFactoryService
[42]: https://211.67.141.181:8443/wsrf/services/TriggerService
[43]: https://211.67.141.181:8443/wsrf/services/TriggerServiceEntry
[44]: https://211.67.141.181:8443/wsrf/services/Version
[45]: https://211.67.141.181:8443/wsrf/services/WidgetNotificationService
[46]: https://211.67.141.181:8443/wsrf/services/WidgetService
[47]: https://211.67.141.181:8443/wsrf/services/gsi/AuthenticationService
[48]: https://211.67.141.181:8443/wsrf/services/mds/test/execsource/IndexService
[49]: https://211.67.141.181:8443/wsrf/services/mds/test/execsource/IndexServiceEntry
[50]: https://211.67.141.181:8443/wsrf/services/mds/test/subsource/IndexService
[51]: https://211.67.141.181:8443/wsrf/services/mds/test/subsource/IndexServiceEntry
所以,我们必须安装postgreSQL
首先添加一个postgre用户,用来启动数据库
[root@xx1 postgresql-8.0.7]# adduser postgre -p mypostgre
[root@xx1 ~]# cp /mnt/win/globus/postgresql-8.0.7.tar.gz /usr/local/
[root@xx1 ~]# cd /usr/local/
[root@xx1 local]# tar -zxvf postgresql-8.0.7.tar.gz
[root@xx1 local]# cd postgresql-8.0.7
[root@xx1 postgresql-8.0.7]# ls
aclocal.m4 configure contrib doc HISTORY Makefile src
config configure.in COPYRIGHT GNUmakefile.in INSTALL README
关于如何安装,我们可以查看一下INSTALL文件。这里,我按照自己喜欢的方式安装
[root@xx1 postgresql-8.0.7]# ./configure
./configure不加prefix参数,默认安装到/usr/local/pgsql目录下。
[root@xx1 postgresql-8.0.7]# mkdir /usr/local/pgsql/data
[root@xx1 postgresql-8.0.7]# chown postgre.postgre !$
chown postgre.postgre /usr/local/pgsql/data
[root@xx1 postgresql-8.0.7]# su - postgre
[postgre@xx1 ~]$ cd /usr/local/pgsql/
[postgre@xx1 pgsql]$ cd bin
[postgre@xx1 bin]$ ./initdb -D /usr/local/pgsql/data
The files belonging to this database system will be owned by user "postgre".
This user must also own the server process.
The database cluster will be initialized with locale zh_CN.UTF-8.
The default database encoding has accordingly been set to UNICODE.
fixing permissions on existing directory /usr/local/pgsql/data ... ok
creating directory /usr/local/pgsql/data/global ... ok
creating directory /usr/local/pgsql/data/pg_xlog ... ok
creating directory /usr/local/pgsql/data/pg_xlog/archive_status ... ok
creating directory /usr/local/pgsql/data/pg_clog ... ok
creating directory /usr/local/pgsql/data/pg_subtrans ... ok
creating directory /usr/local/pgsql/data/base ... ok
creating directory /usr/local/pgsql/data/base/1 ... ok
creating directory /usr/local/pgsql/data/pg_tblspc ... ok
selecting default max_connections ... 100
selecting default shared_buffers ... 1000
creating configuration files ... ok
creating template1 database in /usr/local/pgsql/data/base/1 ... ok
initializing pg_shadow ... ok
enabling unlimited row size for system tables ... ok
initializing pg_depend ... ok
creating system views ... ok
loading pg_description ... ok
creating conversions ... ok
setting privileges on built-in objects ... ok
creating information schema ... ok
vacuuming database template1 ... ok
copying template1 to template0 ... ok
WARNING: enabling "trust" authentication for local connections
You can change this by editing pg_hba.conf or using the -A option the
next time you run initdb.
Success. You can now start the database server using:
./postmaster -D /usr/local/pgsql/data
or
./pg_ctl -D /usr/local/pgsql/data -l logfile start
[root@xx1 postgresql-8.0.7]# su - postgre
[postgre@xx1 ~]$ cd /usr/local/pgsql/
[postgre@xx1 pgsql]$ bin/createuser globus
Shall the new user be allowed to create databases? (y/n) y
Shall the new user be allowed to create more new users? (y/n) y
CREATE USER
[postgre@xx1 pgsql]$ cd bin
[postgre@xx1 bin]$ ./createdb rftDatabase
CREATE DATABASE
[postgre@xx1 bin]$ ./psql -d rftDatabase -f $GLOBUS_LOCATION/share/globus_wsrf_rft/rft_schema.sql
psql:/usr/local/globus/share/globus_wsrf_rft/rft_schema.sql:6: NOTICE: CREATE TABLE / PRIMARY KEY will create implicit index "requestid_pkey" for table "requestid"
CREATE TABLE
psql:/usr/local/globus/share/globus_wsrf_rft/rft_schema.sql:11: NOTICE: CREATE TABLE / PRIMARY KEY will create implicit index "transferid_pkey" for table "transferid"
CREATE TABLE
psql:/usr/local/globus/share/globus_wsrf_rft/rft_schema.sql:30: NOTICE: CREATE TABLE / PRIMARY KEY will create implicit index "request_pkey" for table "request"
CREATE TABLE
psql:/usr/local/globus/share/globus_wsrf_rft/rft_schema.sql:65: NOTICE: CREATE TABLE / PRIMARY KEY will create implicit index "transfer_pkey" for table "transfer"
CREATE TABLE
psql:/usr/local/globus/share/globus_wsrf_rft/rft_schema.sql:71: NOTICE: CREATE TABLE / PRIMARY KEY will create implicit index "restart_pkey" for table "restart"
CREATE TABLE
CREATE TABLE
CREATE INDEX
首先启动postgresql
[postgre@xx1 bin]$ /usr/local/pgsql/bin/postmaster -i -D /usr/local/pgsql/data
然后,我们启动globus容器,切换到/usr/local/globus/bin下
[globus@xx1 bin]$ ./globus-start-container
2007-07-05 12:27:37,140 ERROR monitoring.SchedulerEventGenerator [Thread-2,run:198] SEG Terminated with /usr/local/globus/libexec/globus-scheduler-event-generator: error while loading shared libraries: libglobus_scheduler_event_generator_gcc32.so.0: cannot open shared object file: No such file or directory
2007-07-05 12:27:38,248 ERROR monitoring.SchedulerEventGenerator [Thread-5,run:198] SEG Terminated with /usr/local/globus/libexec/globus-scheduler-event-generator: error while loading shared libraries: libglobus_scheduler_event_generator_gcc32.so.0: cannot open shared object file: No such file or directory
2007-07-05 12:27:40,660 ERROR service.ReliableFileTransferImpl [main,<init>:69] Unable to setup database driver with pooling.A connection error has occurred: FATAL: no pg_hba.conf entry for host "211.67.141.181", user "globus", database "rftDatabase"
2007-07-05 12:27:41,794 WARN service.ReliableFileTransferHome [main,initialize:97] All RFT requests will fail and all GRAM jobs that require file staging will fail.A connection error has occurred: FATAL: no pg_hba.conf entry for host "211.67.141.181", user "globus", database "rftDatabase"
Starting SOAP server at: https://211.67.141.181:8443/wsrf/services/
With the following services:
[1]: https://211.67.141.181:8443/wsrf/services/AdminService
...................................................................
...................................................................
...................................................................
...................................................................
这里首先报了两个错误,一个是找不到库文件,另一个是连接不到211.67.141.184也就是我们的主节点。
解决方法第一步:
[globus@xx1 bin]$ source /usr/local/globus/etc/globus-user-env.sh
能够帮助找到库文件
第二步
[root@xx1 data]# pwd
/usr/local/pgsql/data
把本机添加到信任区域里面。
[root@xx1 data]# tail pg_hba.conf
# TYPE DATABASE USER CIDR-ADDRESS METHOD
# "local" is for Unix domain socket connections only
local all all trust
# IPv4 local connections:
host all all 127.0.0.1/32 trust
# IPv6 local connections:
host all all ::1/128 trust
# IPv4 local connections:
host all all 211.67.141.181/32 trust
再次启动容器,已经没有错误了。
[globus@xx1 bin]$ ./globus-start-container
Starting SOAP server at: https://211.67.141.181:8443/wsrf/services/
With the following services:
[1]: https://211.67.141.181:8443/wsrf/services/AdminService
[2]: https://211.67.141.181:8443/wsrf/services/AuthzCalloutTestService
[3]: https://211.67.141.181:8443/wsrf/services/CASService
[4]: https://211.67.141.181:8443/wsrf/services/ContainerRegistryEntryService
[5]: https://211.67.141.181:8443/wsrf/services/ContainerRegistryService
[6]: https://211.67.141.181:8443/wsrf/services/CounterService
[7]: https://211.67.141.181:8443/wsrf/services/DefaultIndexService
[8]: https://211.67.141.181:8443/wsrf/services/DefaultIndexServiceEntry
[9]: https://211.67.141.181:8443/wsrf/services/DefaultTriggerService
[10]: https://211.67.141.181:8443/wsrf/services/DefaultTriggerServiceEntry
[11]: https://211.67.141.181:8443/wsrf/services/DelegationFactoryService
[12]: https://211.67.141.181:8443/wsrf/services/DelegationService
[13]: https://211.67.141.181:8443/wsrf/services/DelegationTestService
[14]: https://211.67.141.181:8443/wsrf/services/InMemoryServiceGroup
[15]: https://211.67.141.181:8443/wsrf/services/InMemoryServiceGroupEntry
[16]: https://211.67.141.181:8443/wsrf/services/InMemoryServiceGroupFactory
[17]: https://211.67.141.181:8443/wsrf/services/IndexFactoryService
[18]: https://211.67.141.181:8443/wsrf/services/IndexService
[19]: https://211.67.141.181:8443/wsrf/services/IndexServiceEntry
[20]: https://211.67.141.181:8443/wsrf/services/ManagedExecutableJobService
[21]: https://211.67.141.181:8443/wsrf/services/ManagedJobFactoryService
[22]: https://211.67.141.181:8443/wsrf/services/ManagedMultiJobService
[23]: https://211.67.141.181:8443/wsrf/services/ManagementService
[24]: https://211.67.141.181:8443/wsrf/services/NotificationConsumerFactoryService
[25]: https://211.67.141.181:8443/wsrf/services/NotificationConsumerService
[26]: https://211.67.141.181:8443/wsrf/services/NotificationTestService
[27]: https://211.67.141.181:8443/wsrf/services/PersistenceTestSubscriptionManager
[28]: https://211.67.141.181:8443/wsrf/services/ReliableFileTransferFactoryService
[29]: https://211.67.141.181:8443/wsrf/services/ReliableFileTransferService
[30]: https://211.67.141.181:8443/wsrf/services/RendezvousFactoryService
[31]: https://211.67.141.181:8443/wsrf/services/SampleAuthzService
[32]: https://211.67.141.181:8443/wsrf/services/SecureCounterService
[33]: https://211.67.141.181:8443/wsrf/services/SecurityTestService
[34]: https://211.67.141.181:8443/wsrf/services/ShutdownService
[35]: https://211.67.141.181:8443/wsrf/services/SubscriptionManagerService
[36]: https://211.67.141.181:8443/wsrf/services/TestAuthzService
[37]: https://211.67.141.181:8443/wsrf/services/TestRPCService
[38]: https://211.67.141.181:8443/wsrf/services/TestService
[39]: https://211.67.141.181:8443/wsrf/services/TestServiceRequest
[40]: https://211.67.141.181:8443/wsrf/services/TestServiceWrongWSDL
[41]: https://211.67.141.181:8443/wsrf/services/TriggerFactoryService
[42]: https://211.67.141.181:8443/wsrf/services/TriggerService
[43]: https://211.67.141.181:8443/wsrf/services/TriggerServiceEntry
[44]: https://211.67.141.181:8443/wsrf/services/Version
[45]: https://211.67.141.181:8443/wsrf/services/WidgetNotificationService
[46]: https://211.67.141.181:8443/wsrf/services/WidgetService
[47]: https://211.67.141.181:8443/wsrf/services/gsi/AuthenticationService
[48]: https://211.67.141.181:8443/wsrf/services/mds/test/execsource/IndexService
[49]: https://211.67.141.181:8443/wsrf/services/mds/test/execsource/IndexServiceEntry
[50]: https://211.67.141.181:8443/wsrf/services/mds/test/subsource/IndexService
[51]: https://211.67.141.181:8443/wsrf/services/mds/test/subsource/IndexServiceEntry
2007-07-05 12:34:27,240 INFO impl.DefaultIndexService [ServiceThread-10,processConfigFile:107] Reading default registration configuration from file: /usr/local/globus/etc/globus_wsrf_mds_index/hierarchy.xml
现在我们配置GridFTP
首先,查询是不是安装了xinet
[root@xx1 xinetd.d]# rpm -aq | grep xinet
结果没有,我就从硬盘的镜像里面抠出来安装程序,安装一下
[root@xx1 xinetd.d]# rpm -ivh /mnt/win/xinetd-2.3.14-8.i386.rpm
warning: /mnt/win/xinetd-2.3.14-8.i386.rpm: Header V3 DSA signature: NOKEY, key ID 4f2a6fd2
Preparing... ########################################### [100%]
1:xinetd ########################################### [100%]
[root@xx1 xinetd.d]# vi gridftp
[root@xx1 xinetd.d]# cat gridftp
service gsiftp
{
instances = 100
socket_type = stream
wait = no
user = root
env += GLOBUS_LOCATION=/usr/local/globus
env += LD_LIBRARY_PATH=/usr/local/globus/lib
server = /usr/local/globus/sbin/globus-gridftp-server
server_args = -i
log_on_success += DURATION
nice = 10
disable = no
}
编辑/etc/services文件,给local下添加一个gsiftp
[root@xx1 xinetd.d]# vi /etc/services
[root@xx1 xinetd.d]# tail !$
tail /etc/services
nimhub 48002/tcp # Nimbus Hub
nimhub 48002/udp # Nimbus Hub
nimgtw 48003/tcp # Nimbus Gateway
nimgtw 48003/udp # Nimbus Gateway
com-bardac-dw 48556/tcp # com-bardac-dw
com-bardac-dw 48556/udp # com-bardac-dw
iqobject 48619/tcp # iqobject
iqobject 48619/udp # iqobject
# Local services
gsiftp 2811/tcp
让xinetd重新载入,出错了。
[root@xx1 xinetd.d]# /etc/init.d/xinetd reload
重新载入配置: [失败]
原来我还没有启动,现加入到服务里面再说,这样,我们就不用每次手动启动GridFTP了。
[root@xx1 xinetd.d]# cd /etc/init.d/
[root@xx1 init.d]# chkconfig --add xinetd
[root@xx1 init.d]# ./xinetd start
启动 xinetd: [确定]
看一下gsiftp起来没有
[root@xx1 init.d]# netstat -at | grep gsiftp
tcp 0 0 *:gsiftp *:* LISTEN
呵呵,已经起来了。
下面,让我们看看GridFTP是不是真正的启动起来了。
[root@xx1 ~]# cp /usr/local/globus/share/globus_wsrf_rft_test/transfer.xfr /tmp/rft.xfr
[root@xx1 ~]# cat /tmp/rft.xfr
true
16000
16000
false
1
true
1
null
null
false
10
gsiftp://xx1.com:2811/etc/group
gsiftp://xx1.com:2811/tmp/rftTest_Done.tmp
对于这个rft.xfr文件,目前我还不是很懂,估计就是个传送任务文件,里面含有配置信息,据我实验的结果,应该就是把倒数第二行的文件传送到最后一行。
我用那个普通用户zx,来进行测验。
[zx@xx1 ~]$ rft -h xx1.com -f /tmp/rft.xfr
Number of transfers in this request: 1
Subscribed for overall status
Termination time to set: 60 minutes
Overall status of transfer:
Finished/Active/Failed/Retrying/Pending
0/1/0/0/0
Overall status of transfer:
Finished/Active/Failed/Retrying/Pending
1/0/0/0/0
All Transfers are completed
这说明,GridFTP不仅仅启动了,而且能够传送文件了。
我们查看一下,看看是不是传送过来了。
[root@xx1 ~]# ls /tmp/rft* -la
-rw-r--r-- 1 zx zx 649 07-08 14:53 /tmp/rftTest_Done.tmp
-rw-r--r-- 1 zx zx 126 07-08 14:53 /tmp/rft.xfr
下面,我们可以安装GRAM了。具体GRAM是来干什么的呢?下面,我引用文档中的资料:
The Globus Toolkit provides both a suite of web services and a "pre-web services" Unix server suite to submit, monitor,
and cancel jobs on Grid computing resources. Both systems are known under the moniker "GRAM", while "WS
GRAM" refers only to the web service implementation.
所以,我们首先来编辑sudo文件,在这里,我对sudo命令仍然不是十分了解,但是我通过man,知道应该是让一个用户切换到另一个用户去执行命令。
本来的这个配置文件在/etc/sudoers下面,但是我们用vi编辑的时候,会发现无法保存,出现以下信息:
E45: 'readonly' option is set (add ! to override)
因为这个文件十分重要,系统不允许你随意更改,就是怕你把格式些错了,所以要用visudo命令来修改
我们在最后,添加三行,一行注释,两行配置信息,注意啊,后两行很长,我把他们分开写了。
# Globus GRAM Entities
globus ALL=(zx) NOPASSWD: /usr/local/globus/libexec/globus-gridmap-and-execute -g /etc/grid-security/grid-mapfile /usr/local/globus/libexec/globus-job-manager-script.pl *
globus ALL=(zx) NOPASSWD: /usr/local/globus/libexec/globus-gridmap-and-execute -g /etc/grid-security/grid-mapfile /usr/local/globus/libexec/globus-gram-local-proxy-tool *
我们可以看到,上面配置信息,就是globus用户可以切换到zx用户的身份运行程序/usr/local/globus/libexec/globus- gridmap-and-execute,(后面的-g是个参数,-g之后跟的是网格安全配置文件的位置等参数),而无须输入密码
你也可以相应的修改参数,例如ALL=(zx,wz,xx)等,就是你希望globus用户可以切换到zx,wz,xx等下面。
如果大家不清楚可以参考文档man sudoers
我们提交下面这个命令,看看能否执行。
[zx@xx1 ~]$ globusrun-ws -submit -c /bin/true
Submitting job...Done.
Job ID: uuid:8877fe7c-2d24-11dc-9268-000ae66aa0b9
Termination time: 07/09/2007 07:26 GMT
Current job state: Failed
Destroying job...Done.
globusrun-ws: Job failed: Error code: 200
Sudo is misconfigured to run the globus-job-manager-script.pl script for user zx.
如果出现,上面这种情况,那么说明,肯定是sudo文件错误了,你必须仔细检查。
核对文件,之后,我们再次执行,发现任务已经可以完成了。
[zx@xx1 ~]$ globusrun-ws -submit -c /bin/true
Submitting job...Done.
Job ID: uuid:e50b6f20-2d24-11dc-954c-000ae66aa0b9
Termination time: 07/09/2007 07:28 GMT
Current job state: Active
Current job state: CleanUp
Current job state: Done
Destroying job...Done.
同时,在Globus Container的终端上,有输出显示命令运行成功了。他的JobID与上面是相同的
2007-07-08 15:29:03,799 INFO exec.StateMachine [RunQueueThread_13,logJobSucceeded:3204] Job e50b6f20-2d24-11dc-954c-000ae66aa0b9 finished successfully
下面,我们拷贝一个文件看看
[zx@xx1 ~]$ globus-url-copy file:///tmp/rft.xfr gsiftp://xx1.com/home/zx/test.copy
哈哈,有了吧,我们还可以把xx1.com换成211.67.141.181,测试一下,看看能不成成功。
[zx@xx1 ~]$ ls
Desktop test.copy
到这里,我们的主机节点就配置完毕了。
分享到:
发表评论
相关推荐
在本文中,我们将深入探讨如何搭建Elasticsearch的主节点,以及与之相关的配置和依赖。Elasticsearch是一个分布式、开源的搜索和分析引擎,常用于实时数据分析和大规模日志处理。在这个场景中,我们专注于搭建一个由...
在压缩包文件名列表中,“LIN-主节点功能全”可能包含了完整的源代码、头文件、配置文件、示例应用、文档和其他相关资源。开发人员可以利用这些资源了解如何在Freescale 16位单片机上实现一个完整的LIN主节点功能。...
Masternode配置工具,您可以通过此Web工具配置主节点
# 节点名称 node.name: rick node.master: true node.data: false network.bind_host: 192.168.1.24 network.host: 192.168.1.25 http.port: 9200 transport.tcp.port: 9300 discovery.zen.ping.unicast.hosts: [...
Mysql集群部署主节点配置文件
Spark 是一个分布式计算框架,由 Apache 开发,它...总的来说,搭建 Spark 主节点需要细心配置环境、修改配置文件,并正确启动服务。理解这些步骤有助于构建一个稳定、高效的 Spark 集群,以支持大规模数据处理任务。
飞思卡尔LIN主节点与从节点源码是针对汽车行业LIN(Local Interconnect Network)总线通信协议的一个软件实现。LIN总线是一种经济高效的串行通信协议,常用于汽车内部的子系统之间,如车窗控制、座椅调节、灯光管理...
采用虚拟机的方式,先配置好Hadoop的主节点,然后通过克隆的方式创建Slave节点,实现3节点的HDFS集群 任务二: 实验一:使用任务一搭建的集群,编程实现合并文件MergeFile的功能: 将数据集trec06p\_sample中的...
角色名称这里是角色的简要说明。要求Ansible本身或角色未涵盖的任何前提条件都应在此处提及。 例如,如果角色使用EC2模块,则在本节中提到需要boto软件包可能是个好主意。角色变量此角色的可设置变量的描述应在此处...
《Weblogic基本安装及节点配置详解》 在IT领域,Weblogic是一款广泛使用的Java应用服务器,主要用于部署和管理企业级的Java应用程序。本文将详细阐述Weblogic的基本安装和节点配置流程,帮助读者深入理解Weblogic的...
mha管理节点的主配置文件,app1.cnf配置文件配置了管理节点和数据节点的数据。
在哨兵模式下,每个Redis实例都需要一个这样的配置文件,无论是主节点、从节点还是哨兵节点。 2. **sentinel.conf**:这是Redis Sentinel的配置文件,用于定义哨兵系统的运行规则。在这里,你需要指定哨兵的监听...
- **conf/masters**(主节点):列出所有的主节点,通常是NameNode和JobTracker。 - **conf/slaves**(主节点):列出所有的从节点,即DataNode和TaskTracker。 - **conf/*-site.xml**(所有机器):配置Hadoop的...
二、配置 Redis 主节点 1. 配置文件:首先,我们需要编辑 Redis 的配置文件 `redis.conf`。找到 `bind` 参数,确保其允许从节点连接(通常设置为 `0.0.0.0`)。然后,开启复制功能,将 `replicaof` 参数设置为 `no...
在虚拟机软件VMWare Workstation中创建一台服务器,作为集群主节点,服务器主要硬件配置:2CPU、2G内存、20G硬盘,网络模式:NAT。 安装CentOS操作系统。在master 主节点服务器上安装CentOS 7操作系统,设置超级用户...
#### 二、配置节点管理器步骤 ##### 1. 配置Machines 若在创建Cluster Domain时未配置Machines,则需按以下步骤进行: - 登录至Weblogic控制台,通过网址`http://192.168.0.1:8001/console`访问。 - 进入“环境”...
- 重启已关闭的节点node后,系统显示有两个主节点,这可能是因为node2尚未被配置为发现节点。 - 关闭并重启node2后,系统能够正常识别并连接到node2。 5. **最终状态**: - Node2成为有效的主节点,集群恢复正常...
总之,RocketMQ的双主双从配置是通过创建两个主节点和两个从节点,实现消息的冗余存储和高可用性。正确配置和部署这套架构,可以确保在单个节点故障时,服务不会中断,保证了业务的连续性。在实际操作中,务必按照...
配置文件my.cnf是MySQL服务器的主配置文件,其中包含了服务器的启动参数。在这个场景中,我们需要在每个管理节点上创建并编辑my.cnf,添加如下的配置段: ```ini [mysqld] ndbcluster=1 socket=/var/run/mysqld/...