文章仅供大家参考，所有评论,错误报告其他信息以及批评请邮寄到 Jeffery.Lee AT gmail.com 或者访问我的个人blog同我交流( http://ibuddie.spaces.live.com/ )。本文遵从GNU 的自由文档许可证(Free Document License)的条款，欢迎转载，如若修改、散布，请注明文章原始出处和来源。

Globus Toolkit 4（GT4）安装手册

Version. 0.1

Jeffery Lee@SEU

更新日期 2007-01-22

前言

本手册内主要参考Globus Toolkit（以下简称GT）安装包中的“quick start”一文，并在Debian 3.1r4 (Sarge) X86平台上面完成GT4.03的安装。文章仅供大家参考，所有评论,错误报告,其他信息以及批评,请邮寄到 Jeffery.Lee AT gmail.com 或者访问我的个人主页同我交流( http://jeffery.lee.googlepages.com/ )。本文遵从GNU 的自由文档许可证(Free Document License)的条款，欢迎转载，如若修改、散布，请注明文章原始出处和来源。

安装配置第一台机器

先期准备

1. 安装Debian 3.1(Sarge)

Debian的安装过程不在本文讨论范围内，你可以去http://debian.cn99.com/获得关于Debian的一切资源。本文写作时最新发布的是Debian 3.1r4，建议下载binary-1的镜像刻盘安装。具体安装过程这里略过，可以参考以下链接获得更多信息：

Debian手册
Debian Sarge 安装手册(中文)
Debian的官方安装手册
 《Debian无痛起步法》v2
《Debian无痛起步法》v1
The Debian GNU/Linux FAQ
Debian 安全手册
 Debian 参考手册(网络最新版)
Debian新维护人员手册
 dselect初学者指南
 APT HOW TO

2.编译环境搭建

Globus官方网站提供了许多平台的GT4安装包，我们可以根据自己的实际情况选择相应的安装包，那样无疑更方便和快捷。而这里我打算编译GT4.03源代码来实现Globus的安装，所以首先必须仔细检查当前系统的编译环境是否满足编译要求。软件环境要求如下：

· Globus Toolkit installer,from Globus Toolkit 4.0 download page

· J2SE 1.4.2+ SDK from Sun,IBM,HP,or BEA (do not use GCJ).

· Ant 1.6+ (1.6.1+ if using Java 1.5). If you are using the ant shipped with Fedora Core or RedHat,please see the “Fedora Core”

· The above two requirements suffice for the Core-only download. However,the rest of this guide does not apply to that download. Please see the Java WS Core Admin Guide if you are using a core-only source/binary downlaod.

· C compiler. If gcc,avoid version 3.2. 3.2.1 and 2.95.x are okay. gcc 4.1 has a bug that will trigger during the build of WS C (bug 4315). You can recompile the globus_js package from the advisories page,then run make again.

· C++ compiler. Use the version corresponding to your C compiler from the previous bullet.

· GNU tar

· GNU sed

· zlib 1.1.4+

· GNU Make

· Perl 5.005 or newer

· sudo

· JDBC compliant database. For instance,PostgreSQL 7.1+

· gpt-3.2autotools2004 (shipped with the installers,but required if building standalone GPT bundles/packages)

首先，我检查用作GSI-OpenSSH的zlib开发库是否安装：

 
  
  jeffery% dpkg --list | grep zlib

ii zlib-bin 1.2.2-4.sarge. compression library - sample programs

ii zlib1g 1.2.2-4.sarge. compression library - runtime

ii zlib1g-dev 1.2.2-4.sarge. compression library - development

我这里已经默认安装了zlib，可以编译GSI-OpenSSH。如果你的系统没有安装，请通过APT来安装相应内容。例如：apt-get install zlib1g-dev。

Note

非Debian系统的包名可能不同，例如RPM相应包的名字是zlib-devel。

接下来，我们安装Java，即J2SE SDK。

root@jeffery:/usr/java# ./j2sdk-1_4_2_12-linux-i586.bin

Sun Microsystems,Inc.

 Binary Code License Agreement

 for the

JAVATM 2 SOFTWARE DEVELOPMENT KIT (J2SDK),STANDARD EDITION,

...

Creating j2sdk1.4.2_12/jre/lib/plugin.jar

Creating j2sdk1.4.2_12/jre/javaws/javaws.jar

Done.

下面我们安装ant（http://apache.justdn.org/ant/binaries/apache-ant-1.6.5-bin.tar.gz）:

root@jeffery:/usr/local# tar xzf apache-ant-1.6.5-bin.tar.gz

root@jeffery:/usr/local# ls apache-ant-1.6.5

bin INSTALL LICENSE LICENSE.xerces TODO

docs KEYS LICENSE.dom NOTICE welcome.html

etc lib LICENSE.sax README WHATSNEW

Note

以上过程在我的Debian上面运行无误，因为之前并没有安装ant。大多数RedHat和Fedora Core却已经包含了ant，但它被配置成用来适用gcj，而我们并不想用gcj！对于这种情况，我们查找一下是否有一个/etc/ant.conf文件，如果有的话，把它重命名为/etc/ant.conf.orig文件看能否解决问题。

我的系统当前已经有C/C++编译器

jeffery % gcc --version

gcc (GCC) 3.3.5 (Debian 1:3.3.5-13)

Copyright (C) 2003 Free Software Foundation,0);">This is free software; see the source for copying conditions. There is NO

warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

jeffery % g++ --version

g++ (GCC) 3.3.5 (Debian 1:3.3.5-13)

warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

tar/make/sed的GNU 版本:

jeffery % tar --version

tar (GNU tar) 1.14

Copyright (C) 2004 Free Software Foundation,0);">This program comes with NO WARRANTY,to the extent permitted by law.

You may redistribute it under the terms of the GNU General Public License;

see the file named COPYING for details.

Written by John Gilmore and Jay Fenlason.

jeffery % sed --version

GNU sed version 4.1.2

warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE,0);">to the extent permitted by law.

jeffery % make --version

GNU Make 3.80

Copyright (C) 2002 Free Software Foundation,0);">This is free software; see the source for copying conditions.

There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A

PARTICULAR PURPOSE.

jeffery % perl --version

This is perl,v5.8.4 built for i386-linux-thread-multi

Copyright 1987-2004,Larry Wall

Perl may be copied only under the terms of either the Artistic License or the

GNU General Public License,which may be found in the Perl 5 source kit.

Complete documentation for Perl,including FAQ lists,should be found on

this system using `man perl' or `perldoc perl'. If you have access to the

Internet,point your browser at http://www.perl.com/,the Perl Home Page.

确定可以使用sudo:

jeffery % sudo -V

Sudo version 1.6.8p7

（没有的话，运行apt-get install sudo安装）

检查一下postgres安装情况：

jeffery % dpkg --list | grep postgres

ii postgresql-cli 7.4.7-6sarge1 front-end programs for PostgreSQL

jeffery % dpkg --list | grep psql

jeffery %

postgresql-cli只是前台程序,并非postgresql的服务端程序。在Debian中我们可以很方便的安装它

root@jeffery:/usr/local# apt-get install postgresql

Reading Package Lists... Done

Building Dependency Tree... Done

Suggested packages:

 libpg-perl libpgjava libpgtcl postgresql-doc postgresql-dev

 postgresql-contrib pidentd ident-server pgdocs pgaccess

The following NEW packages will be installed:

 postgresql

...

安装成功后，数据库服务端应该会自动运行。如果没有，你也可以通过下面的方法运行它。

 /etc/init.d/postgresql start

稍后我们在涉及RFT时再编译相应的数据库配置文件，现在安装成功就足够了。

为了保持完整，我也将同时安装IODBC，作为RLS的一个可选前提要求。

root@jeffery:/root# apt-get install libiodbc2 libiodbc2-dev

 libiodbc2 libiodbc2-dev

Setting up libiodbc2 (3.52.2-3) ...

Setting up libiodbc2-dev (3.52.2-3) ...

root@jeffery:/root#

编译Globus Toolkit

完成先期准备工作后，我们终于可以下载并编译源代码包了。这部分最详细的讲解请参见Installing Admin Guide.

root@cognito:~#adduser globus

Adding user `globus'...

Adding new group `globus' (1023).

Adding new user `globus' (1023) with group `globus'.

Creating home directory `/home/globus'.

Copying files from `/etc/skel'

Enter new UNIX password:
  
  ********

Retype new UNIX password:
  
  ********

passwd: password updated successfully

Changing the user information for globus

Enter the new value,or press ENTER for the default

Full Name []: Globus

Room Number []:

Work Phone []:

Home Phone []:

Other []:

Is the information correct? [y/N] 
  
  y

root@jeffery:/etc/init.d#mkdir /usr/local/globus-4.0.3/

root@jeffery:/etc/init.d#chown globus:globus /usr/local/globus-4.0.3/

好了，我们成功创建了一个globus用户

globus@database-group:~$tar xzf gt4.0.3-all-source-installer.tar.gz

globus@database-group:~$cd gt4.0.3-all-source-installer

globus@database-group:~/gt4.0.3-all-source-installer$./configure --prefix=/usr/local/globus-4.0.3/ /


  
   --with-iodbc=/usr/lib

checking build system type... i686-pc-linux-gnu

checking for javac... no

configure: WARNING: A Java compiler is needed for some parts of the toolkit

configure: WARNING: This message can be ignored if you are only building the C parts of the toolkit

checking for ant... no

configure: WARNING: ant is needed for some parts of the toolkit

configure: WARNING: If you know you will not need one

configure: creating ./config.status

config.status: creating Makefile

晕，我居然忘记配置两个重要的环境变量JAVA_HOME和ANT_HOME ，难怪无法编译呢。重新配置JAVA环境如下：

globus@jeffery:~/gt4.0.3-all-source-installer$export ANT_HOME=/usr/local/apache-ant-1.6.5

globus@jeffery:~/gt4.0.3-all-source-installer$export JAVA_HOME=/usr/java/j2sdk1.4.2_12/

globus@jeffery:~/gt4.0.3-all-source-installer$export PATH=$ANT_HOME/bin:$JAVA_HOME/bin:$PATH

globus@jeffery:~/gt4.0.3-all-source-installer$./configure --prefix=/usr/local/globus-4.0.3/ /

 
  
  --with-iodbc=/usr/lib

checking for javac... /usr/java/j2sdk1.4.2_12//bin/javac

checking for ant... /usr/local/apache-ant-1.6.5/bin/ant

config.status: creating Makefile

问题解决了。

终于到了build GT4的激动人心的一刻了

globus@jeffery:~/gt4.0.3-all-source-installer$make | tee installer.log

cd gpt-3.2autotools2004 && OBJECT_MODE=32 ./build_gpt

build_gpt ====> installing GPT into /usr/local/globus-4.0.3/

...

现在你可以出去吃个饭或者打场球，因为build的时间是比较漫长的，究竟有多长取决于你机器的配置情况。

……

直到出现“Your build completed successfully. Please run make install”。恭喜你build GT4成功，下面可以安装了。

globus@jeffery:~/gt4.0.3-all-source-installer$make install

/usr/local/globus-4.0.3//sbin/gpt-postinstall

...

..Done

globus@jeffery:~/gt4.0.3-all-source-installer$

在第一台机器上进行安全配置

完成GT4的安装后，机器还需要完成安全认证的工作。对机器而言需要hostcerts，对用户而言需要usercert。我们可以利用随toolkit一起发布的SimpleCA来完成这些工作。一下就是建立认证的过程。（参见SimpleCA Admin的介绍）

globus@database-group:~$export GLOBUS_LOCATION=/usr/local/globus-4.0.3

globus@database-group:~$source $GLOBUS_LOCATION/etc/globus-user-env.sh

globus@database-group:~$$GLOBUS_LOCATION/setup/globus/setup-simple-ca

WARNING: GPT_LOCATION not set,assuming:

 GPT_LOCATION=/usr/local/globus-4.0.3

 C e r t i f i c a t e A u t h o r i t y S e t u p

This script will setup a Certificate Authority for signing Globus

users certificates. It will also generate a simple CA package

that can be distributed to the users of the CA.

The CA information about the certificates it distributes will

be kept in:

/home/globus/.globus/simpleCA/

The unique subject name for this CA is:

cn=Globus Simple CA,ou=simpleCA-database-group.seu.edu.cn,ou=GlobusTest,o=Grid

Do you want to keep this as the CA subject (y/n) [y]:

Enter the email of the CA (this is the email where certificate

requests will be sent to be signed by the CA): 
  
  Jeffery.Lee@gmail.com

The CA certificate has an expiration date. Keep in mind that

once the CA certificate has expired,all the certificates

signed by that CA become invalid. A CA should regenerate

the CA certificate and start re-issuing ca-setup packages

before the actual CA certificate expires. This can be done

by re-running this setup script. Enter the number of DAYS

the CA certificate should last before it expires.

[default: 5 years (1825 days)]:
  
  RETURN

Enter PEM pass phrase:
  
  ******

Verifying - Enter PEM pass phrase:
  
  ******

creating CA config package...

A self-signed certificate has been generated

for the Certificate Authority with the subject:

/O=Grid/OU=GlobusTest/OU= simpleCA-database-group.seu.edu.cn/CN=Globus Simple CA

If this is invalid,rerun this script

/usr/local/globus-4.0.3/setup/globus/setup-simple-ca

and enter the appropriate fields.

-------------------------------------------------------------------

The private key of the CA is stored in /home/globus/.globus/simpleCA//private/cakey.pem

The public CA certificate is stored in /home/globus/.globus/simpleCA//cacert.pem

The distribution package built for this CA is stored in

/home/globus/.globus/simpleCA//globus_simple_ca_615e4021_setup-0.18.tar.gz

This file must be distributed to any host wishing to request

certificates from this CA.

CA setup complete.

The following commands will now be run to setup the security

configuration files for this CA:

$GLOBUS_LOCATION/sbin/gpt-build /

 /home/globus/.globus/simpleCA//globus_simple_ca_615e4021_setup-0.18.tar.gz

$GLOBUS_LOCATION/sbin/gpt-postinstall

setup-ssl-utils: Configuring ssl-utils package

Running setup-ssl-utils-sh-scripts...

***************************************************************************

Note: To complete setup of the GSI software you need to run the

following script as root to configure your security configuration

directory:

/usr/local/globus-4.0.3/setup/globus_simple_ca_615e4021_setup/setup-gsi

For further information on using the setup-gsi script,use the -help

option. The -default option sets this security configuration to be

the default,and -nonroot can be used on systems where root access is

not available.

setup-ssl-utils: Complete


  
  globus@database-group:~$

屏幕输入相当多的信息，那究竟发生了什么事情呢？我们不妨看看:

globus@database-group:~$ls ~/.globus/

simpleCA

globus@database-group:~$ls ~/.globus/simpleCA/

cacert.pem globus_simple_ca_615e4021_setup-0.18.tar.gz newcerts

certs grid-ca-ssl.conf private

crl index.txt serial

可见，.globus目录保存了已经创建好的simpleCA。现在我需要让我的机器对新的CA进去确认操作。以下操作将以root用户身份进行：

root@database-group:~#export GLOBUS_LOCATION=/usr/local/globus-4.0.3

root@database-group:~#$GLOBUS_LOCATION/setup/globus_simple_ca_615e4021_setup/setup-gsi -default

setup-gsi: Configuring GSI security

Making /etc/grid-security...

mkdir /etc/grid-security

Making trusted certs directory: /etc/grid-security/certificates/

mkdir /etc/grid-security/certificates/

Installing /etc/grid-security/certificates//grid-security.conf.615e4021...

Running grid-security-config...

Installing Globus CA certificate into trusted CA certificate directory...

Installing Globus CA signing policy into trusted CA certificate directory...

setup-gsi: Complete

root@database-group:~#ls /etc/grid-security/

certificates globus-host-ssl.conf globus-user-ssl.conf grid-security.conf

root@database-group:~#ls /etc/grid-security/certificates/

615e4021.0 globus-user-ssl.conf.615e4021

615e4021.signing_policy grid-security.conf.615e4021

globus-host-ssl.conf.615e4021

这些都是Globus Toolkit建立simpleCA信任的配置文件。注意哈希值615e4021与我的SimplceCA哈希值匹配。这些文件详细的说明参见Security Admin。

现在我们已经创建一个CA并完成了认证，我们下面将获得到这台机器的hostcert：

root@database-group:~#source $GLOBUS_LOCATION/etc/globus-user-env.sh

root@database-group:~#grid-cert-request -host `hostname`

Generating a 1024 bit RSA private key

..++++++

...................................................++++++

writing new private key to '/etc/grid-security/hostkey.pem'

..ho.

Your certificate will be mailed to you within two working days.

If you receive no response,contact Globus Simple CA at Jeffery.Lee@gmail.com

我们需要用globus用户自己的simpleCA来进行签证：

globus@database-group:~$grid-ca-sign -in /etc/grid-security/hostcert_request.pem -out hostsigned.pem

To sign the request

please enter the password for the CA key:
  
  ******

The new signed certificate is at: /home/globus/.globus/simpleCA//newcerts/01.pem

我们最后一步要做的就是复制那个认证过的证书到/etc目录下：

root@database-group:~#cp ~globus/hostsigned.pem /etc/grid-security/hostcert.pem

hostcert和hostkey为root用户所有，它们将被GridFTP服务器使用。因为Web服务容器（webservices container）被非root用户运行，所以我们需要一个为globus用户拥有的证书。简而言之，我们需要一个root用户拥有的host certificate/key和一个globus用户拥有的host certificate/key。我们可以通过简单的文件拷贝实现以上需求：

root@database-group:/etc/grid-security#cp hostcert.pem containercert.pem

root@database-group:/etc/grid-security#cp hostkey.pem containerkey.pem

root@database-group:/etc/grid-security#chown globus:globus container*.pem

root@database-group:/etc/grid-security#ls -l *.pem

-r-------- 1 globus globus 887 2007-01-21 07:48 containerkey.pem

-rw-r--r-- 1 globus globus 2710 2007-01-21 07:48 containercert.pem

-rw-r--r-- 1 root root 2710 2007-01-21 07:47 hostcert.pem

-rw-r--r-- 1 root root 1404 2007-01-21 07:40 hostcert_request.pem

-r-------- 1 root root 887 2007-01-21 07:40 hostkey.pem

现在我们拥有了一个jeffery用户的usercert，接下来这个例子我运行在tcsh下,显示globus-user-env版本取决于当前的shell。

jeffery% setenv GLOBUS_LOCATION /usr/local/globus-4.0.3/

jeffery% source $GLOBUS_LOCATION/etc/globus-user-env.csh

jeffery% grid-cert-request

A certificate request and private key is being created.

You will be asked to enter a PEM pass phrase.

This pass phrase is akin to your account password,0);">and is used to protect your key file.

If you forget your pass phrase,you will need to

obtain a new certificate.

.........................................................++++++

.........................++++++

unable to write 'random state'

writing new private key to '/home/bacon/.globus/userkey.pem'

Enter PEM pass phrase: 
  
  ****

Verifying - Enter PEM pass phrase: 
  
  ****

-----

You are about to be asked to enter information that will be incorporated

into your certificate request.

What you are about to enter is what is called a Distinguished Name or a DN.

There are quite a few fields but you can leave some blank

Level 0 Organization [Grid]:

Level 0 Organizational Unit [GlobusTest]:

Level 1 Organizational Unit [simpleCA-jeffery.mcs.anl.gov]:

Level 2 Organizational Unit [mcs.anl.gov]:

Name (e.g.,John M. Smith) []:

A private key and a certificate request has been generated with the subject:

/O=Grid/OU=GlobusTest/OU=simpleCA-database-group.seu.edu.cn /OU=seu.edu.cn /CN= Jeffery Lee

If the CN=Jeffery Lee is not appropriate,rerun this

script with the -force -cn "Common Name" options.

Your private key is stored in /home/Jeffery/.globus/userkey.pem

Your request is stored in /home/jeffery/.globus/usercert_request.pem

Please e-mail the request to the Globus Simple CA Jeffery.Lee@gmail.com

You may use a command similar to the following:

 cat /home/bacon/.globus/usercert_request.pem | mail Jeffery.Lee@gmail.com

Only use the above if this machine can send AND receive e-mail. if not,please

mail using some other method.

现在我需要向globus用户提出证书请求，以求能够被认证，然后将认证过的证书发送给jeffery：

jeffery %cat /home/jeffery/.globus/usercert_request.pem | mail globus

这里由于是在一台机器上面进行认证，所以我利用Debian提供的Exim邮件服务器来在不同用户之间发送请求。globus用户利用mail命令可以查看jeffery用户发来的证书请求，并将其保存为request.pem,然后再对其进行认证操作：

globus@database-group:~$grid-ca-sign -in request.pem -out signed.pem

please enter the password for the CA key: 
  
  ******

The new signed certificate is at: /home/globus/.globus/simpleCA//newcerts/02.pem

globus@database-group:~$cat signed.pem | mail jeffery

现在jeffery用户可以查看他的邮件，并且复制证书到它合适的位置：

如果邮件无法正确保存的话，其实更方便的办法是直接将globus下生成的signed.pem 文件用root用户chown后复制到jeffery相应目录下

jeffery %cp signed.pem ~/.globus/usercert.pem

jeffery %ls -l ~/.globus/

total 12

-rw-r--r-- 1 jeffery jeffery 895 2007-01-21 07:57 usercert.pem

-rw-r--r-- 1 jeffery jeffery 1426 2007-01-21 07:51 usercert_request.pem

-r-------- 1 jeffery jeffery 963 2007-01-21 07:51 userkey.pem

我们最后再以root用户创建一个grid-mapfile，方便以后授权服务：

root@database-group:/etc/grid-security#vim /etc/grid-security/grid-mapfile

root@database-group:/etc/grid-security#cat /etc/grid-security/grid-mapfile

“/O=Grid/OU=GlobusTest/OU=simpleCA-database-group.seu.edu.cn/OU=seu.edu.cn/CN=Jeffery Lee”jeffery

Note

globus用户不需要进行用户认证！它只是一个被我们用来拥有GLOBUS_LOCATION的哑用户。当我们启动container时，它将使用containercert。只有真正的用户才需要user certs。

搭建GridFTP

现在我们自己的安全认证机制已经准备就绪，我们启动一个服务。以下安装说明来GridFTP Admin Guide.

   
      
      
     
  
  root@database-group:/etc/grid-security#vim /etc/xinetd.d/gridftp

root@database-group:/etc/grid-security#cat /etc/xinetd.d/gridftp

service gsiftp

instances = 100

socket_type = stream

wait = no

user = root

env += GLOBUS_LOCATION=/usr/local/globus-4.0.1

env += LD_LIBRARY_PATH=/usr/local/globus-4.0.1/lib

server = /usr/local/globus-4.0.1/sbin/globus-gridftp-server

server_args = -i

log_on_success += DURATION

nice = 10

disable = no

root@database-group:/etc/grid-security#vim /etc/services

root@database-group:/etc/grid-security#tail /etc/services

vboxd 20012/udp

binkp 24554/tcp # binkp fidonet protocol

asp 27374/tcp # Address Search Protocol

asp 27374/udp

dircproxy 57000/tcp # Detachable IRC Proxy

tfido 60177/tcp # fidonet EMSI over telnet

fido 60179/tcp # fidonet EMSI over TCP

# Local services

gsiftp 2811/tcp

root@database-group:/etc/grid-security#/etc/init.d/xinetd reload

Reloading internet superserver configuration: xinetd.

root@database-group:/etc/grid-security#netstat -an | grep 2811

tcp 0 0 0.0.0.0:2811 0.0.0.0:* LISTEN

我之前已经安装了xinetd：

jeffery@database-group:~$ dpkg --list xinetd

Desired=Unknown/Install/Remove/Purge/Hold

| Status=Not/Installed/Config-files/Unpacked/Failed-config/Half-installed

|/ Err?=(none)/Hold/Reinst-required/X=both-problems (Status,Err: uppercase=bad)

||/ Name Version Description

+++-==============-==============-============================================

ii xinetd 2.3.13-3 replacement for inetd with many enhancements

你可以用inetd代替，更多细节参见GridFTP xinetd/inetd examples，当然最简单的方法还是apt-get install xinetd.

现在gridftp服务器已经在等待请求了，于是我们启动一个客户端并且发送一个文件:

jeffery %grid-proxy-init -verify -debug

User Cert File: /home/bacon/.globus/usercert.pem

User Key File: /home/bacon/.globus/userkey.pem

Trusted CA Cert Dir: /etc/grid-security/certificates

Output File: /tmp/x509up_u1817

Your identity: /O=Grid/OU=GlobusTest/OU=simpleCA-choate.mcs.anl.gov/OU=mcs.anl.gov/CN=Charles Bacon

Enter GRID pass phrase for this identity: 
  
  ****

Creating proxy .....++++++++++++

..++++++++++++

 Done

Proxy Verify OK

Your proxy is valid until: Tue Nov 15 20:15:46 2005

jeffery% globus-url-copy gsiftp://database-group.seu.edu.cn/etc/group file:///tmp/jeffery.test.copy

jeffery% diff /tmp/jeffery.test.copy /etc/group

 
  
  jeffery%

(TODO 我这里运行globus-url-copy gsiftp://database-group.seu.edu.cn/etc/group file:///tmp/jeffery.test.copy居然没有响应，可能2811端口已经被使用了)

如果无误的话，证明GridFTP已经运转正常。如果你遇到问题，参见GridFTP Troubleshooting。如果问题有关安全认证方面，请检查安全方面的文档Security Troubleshooting。下面我们将进入下一步，启动webservices container。

启动Webservices Container

我们首先将安装把webservices container添加到/etc/init.d。你可以从Container Admin Guide.获得更多关于container的细节。

globus@database-group:~$vim $GLOBUS_LOCATION/start-stop

globus@database-group:~$cat $GLOBUS_LOCATION/start-stop

#! /bin/sh

set -e

export GLOBUS_LOCATION=/usr/local/globus-4.0.3

export JAVA_HOME=/usr/java/j2sdk1.4.2_12/

export ANT_HOME=/usr/local/apache-ant-1.6.5

export GLOBUS_OPTIONS="-Xms256M -Xmx512M"

. $GLOBUS_LOCATION/etc/globus-user-env.sh

cd $GLOBUS_LOCATION

case "$1" in

 start)

 $GLOBUS_LOCATION/sbin/globus-start-container-detached -p 8443

;;

 stop)

 $GLOBUS_LOCATION/sbin/globus-stop-container-detached

*)

 echo "Usage: globus {start|stop}" >&2

 exit 1

esac

exit 0

 globus@database-group:~$chmod +x $GLOBUS_LOCATION/start-stop

GLOBUS_OPTIONS 将被用来向JVM发送选项。这里我们可以按照Admin Guide的推荐来设置堆的大小。、

现在以root用户登录，我们将创建一个/etc/init.d脚本去调用globus用户的start-stop脚本。

root@database-group:~#vim /etc/init.d/globus-4.0.3

root@database-group:~#cat /etc/init.d/globus-4.0.3

#!/bin/sh -e

 su - globus /usr/local/globus-4.0.3/start-stop start

 su - globus /usr/local/globus-4.0.3/start-stop stop

 restart)

 $0 stop

 sleep 1

 $0 start

 printf "Usage: $0 {start|stop|restart}/n" >&2

root@database-group:~#chmod +x /etc/init.d/globus-4.0.3

root@database-group:~#/etc/init.d/globus-4.0.3 start

Note


  
  如果运行出错，请查看$GLOBUS_LOCATION/var/container.log文件。

2007-01-22 12:49:29,108 INFO exec.RunQueue [main,initialize:68] Starting state machine with 18 run queues.

2007-01-22 12:49:31,548 ERROR service.ReliableFileTransferImpl [main,<init>:68] Unable to setup database driver with pooling.A connection error has occurred: FATAL: no pg_hba.conf entry for host "10.3.5.48",user "globus",database "rftDatabase",SSL off

2007-01-22 12:49:32,718 WARN service.ReliableFileTransferHome [main,initialize:97] All RFT requests will fail and all GRAM jobs that require file staging will fail.A connection error has occurred: FATAL: no pg_hba.conf entry for host "10.3.5.48",0);">Starting SOAP server at: https://10.3.5.48:8443/wsrf/services/

With the following services:

[1]: https://10.3.5.48:8443/wsrf/services/AdminService

[2]: https://10.3.5.48:8443/wsrf/services/AuthzCalloutTestService

[3]: https://10.3.5.48:8443/wsrf/services/CASService

[4]: https://10.3.5.48:8443/wsrf/services/ContainerRegistryEntryService

[5]: https://10.3.5.48:8443/wsrf/services/ContainerRegistryService

[6]: https://10.3.5.48:8443/wsrf/services/CounterService

[7]: https://10.3.5.48:8443/wsrf/services/DefaultIndexService

[8]: https://10.3.5.48:8443/wsrf/services/DefaultIndexServiceEntry

[9]: https://10.3.5.48:8443/wsrf/services/DefaultTriggerService

[10]: https://10.3.5.48:8443/wsrf/services/DefaultTriggerServiceEntry

[11]: https://10.3.5.48:8443/wsrf/services/DelegationFactoryService

[12]: https://10.3.5.48:8443/wsrf/services/DelegationService

[13]: https://10.3.5.48:8443/wsrf/services/DelegationTestService

[14]: https://10.3.5.48:8443/wsrf/services/InMemoryServiceGroup

[15]: https://10.3.5.48:8443/wsrf/services/InMemoryServiceGroupEntry

[16]: https://10.3.5.48:8443/wsrf/services/InMemoryServiceGroupFactory

[17]: https://10.3.5.48:8443/wsrf/services/IndexFactoryService

[18]: https://10.3.5.48:8443/wsrf/services/IndexService

[19]: https://10.3.5.48:8443/wsrf/services/IndexServiceEntry

[20]: https://10.3.5.48:8443/wsrf/services/ManagedExecutableJobService

[21]: https://10.3.5.48:8443/wsrf/services/ManagedJobFactoryService

[22]: https://10.3.5.48:8443/wsrf/services/ManagedMultiJobService

[23]: https://10.3.5.48:8443/wsrf/services/ManagementService

[24]: https://10.3.5.48:8443/wsrf/services/NotificationConsumerFactoryService

[25]: https://10.3.5.48:8443/wsrf/services/NotificationConsumerService

[26]: https://10.3.5.48:8443/wsrf/services/NotificationTestService

[27]: https://10.3.5.48:8443/wsrf/services/PersistenceTestSubscriptionManager

[28]: https://10.3.5.48:8443/wsrf/services/ReliableFileTransferFactoryService

[29]: https://10.3.5.48:8443/wsrf/services/ReliableFileTransferService

[30]: https://10.3.5.48:8443/wsrf/services/RendezvousFactoryService

[31]: https://10.3.5.48:8443/wsrf/services/SampleAuthzService

[32]: https://10.3.5.48:8443/wsrf/services/SecureCounterService

[33]: https://10.3.5.48:8443/wsrf/services/SecurityTestService

[34]: https://10.3.5.48:8443/wsrf/services/ShutdownService

[35]: https://10.3.5.48:8443/wsrf/services/SubscriptionManagerService

[36]: https://10.3.5.48:8443/wsrf/services/TestAuthzService

[37]: https://10.3.5.48:8443/wsrf/services/TestRPCService

[38]: https://10.3.5.48:8443/wsrf/services/TestService

[39]: https://10.3.5.48:8443/wsrf/services/TestServiceRequest

[40]: https://10.3.5.48:8443/wsrf/services/TestServiceWrongWSDL

[41]: https://10.3.5.48:8443/wsrf/services/TriggerFactoryService

[42]: https://10.3.5.48:8443/wsrf/services/TriggerService

[43]: https://10.3.5.48:8443/wsrf/services/TriggerServiceEntry

[44]: https://10.3.5.48:8443/wsrf/services/Version

[45]: https://10.3.5.48:8443/wsrf/services/WidgetNotificationService

[46]: https://10.3.5.48:8443/wsrf/services/WidgetService

[47]: https://10.3.5.48:8443/wsrf/services/gsi/AuthenticationService

[48]: https://10.3.5.48:8443/wsrf/services/mds/test/execsource/IndexService

[49]: https://10.3.5.48:8443/wsrf/services/mds/test/execsource/IndexServiceEntry

[50]: https://10.3.5.48:8443/wsrf/services/mds/test/subsource/IndexService

[51]: https://10.3.5.48:8443/wsrf/services/mds/test/subsource/IndexServiceEntry

2007-01-22 12:49:59,920 INFO impl.DefaultIndexService [ServiceThread-10,processConfigFile:107] Reading default registration configuration from file: /usr/local/globus-4.0.3/etc/globus_wsrf_mds_index/hierarchy.xml

2007-01-22 12:50:01,234 ERROR impl.QueryAggregatorSource [Thread-12,pollGetMultiple:149] Exception Getting Multiple Resource Properties from https://10.3.5.48:8443/wsrf/services/ReliableFileTransferFactoryService: java.rmi.RemoteException: Failed to serialize resource property org.globus.transfer.reliable.service.factory.TotalNumberOfBytesTransferred@4f71a3; nested exception is:

org.apache.commons.dbcp.DbcpException: A connection error has occurred: FATAL: no pg_hba.conf entry for host "10.3.5.48",0);">2007-01-22 12:51:01,214 ERROR impl.QueryAggregatorSource [Thread-12,SSL off

RFT的警告是在预料之中的，因为我们还没有安装配置数据库，否则的话一切都会很完美的。

10.3.5.48是我的IP地址。如果你发现你那边显示的是“127.0.0.1”的话，你可以这样修改：

编辑$GLOBUS_LOCATION/etc/globus_wsrf_core/server-config.wsdd和 client-server-config.wsdd，添加一行<parameter name="logicalHost" value="10.3.5.48 " /> 到<globalConfiguration>部分. 例如:

<globalConfiguration>

 <parameter name="logicalHost" value="10.3.5.48" />

你也可以通过以上方法为多个主机选择发布接口。参考Global Configuration可以获得关于容器配置的更多选项信息。

我门下面可以通过一个简单的clients/services来与容器进行交互操作。

jeffery% setenv JAVA_HOME /usr/java/j2sdk1.4.2_12/

jeffery% setenv ANT_HOME /usr/local/apache-ant-1.6.5/

jeffery% setenv PATH $ANT_HOME/bin:$JAVA_HOME/bin:$PATH

jeffery% counter-client –s https://database-group.seu.edu.cn:8443/wsrf/services/CounterService

Got notification with value: 3

Counter has value: 3

Got notification with value: 13

(TODO 提示找不到counter-client命令，未解决)

这正是我们期望的输出，所以可见container已经起来并且正在运行。接下来我们将为RFT配置数据库以便消除那些烦人的警告，并且我们现在可以使用GridFTP来放心的传送文件了。

(未完待续)

Globus Toolkit 4 (GT4) 完全安装手册

Globus Toolkit 4（GT4）安装手册

前言

安装配置第一台机器

先期准备

1. 安装Debian 3.1(Sarge)

2.编译环境搭建

编译Globus Toolkit

在第一台机器上进行安全配置

搭建GridFTP

启动Webservices Container

相关推荐