GT4 Admin Guide
   Next

GT4 Admin Guide

November 2005

Table of Contents

1. Introduction
2. Before you begin
3. Software Prerequisites
1. Required software
2. Optional software
3. Platform Notes
3.1. Apple MacOS X
3.2. Debian/Ubuntu
3.3. Fedora Core
3.4. FreeBSD
3.5. HP/UX
3.6. IBM AIX
3.7. Red Hat
3.8. SGI Altix (IA64 running Red Hat)
3.9. Sun Solaris
3.10. SuSE Linux
3.11. Tru64 Unix
3.12. Windows
4. Installing GT 4.0
5. Pre-WS Authentication & Authorization Admin Guide
1. Configuring
1.1. Configuring Globus to Trust a Particular Certificate Authority
1.2. Configuring Globus to Create Appropriate Certificate Requests
1.3. Requesting Service Certificates
1.4. Specifying Identity Mapping Information
1.5. Configuring Certificate Revocation Lists (CRLs)
1.6. GSI File Permissions Requirements
2. Deploying
3. Testing
4. Security Considerations
5. Troubleshooting
5.1. Credential Errors
5.2. Some tools to validate certificate setup
5.3. Grid map errors
6. Environment variable interface
6.1. Credentials
6.2. Gridmap file
6.3. Trusted CAs directory
6.4. GSI authorization callout configuration file
6.5. GAA (Generic Authorization and Access control) configuration file
6.6. Grid security directory
6. Basic Security Configuration
1. Set environment variables
2. Obtain host certificates
2.1. Request a certificate from an existing CA
2.2. SimpleCA
2.3. Low-trust certificate
3. Make the host credentials accessible by the container
4. Add authorization
5. Verify Basic Security
6. Firewall configuration
7. Syslog logging
7. SimpleCA Admin Guide
1. Building and Installing
1.1. Create users
1.2. Run the setup script
1.3. Host certificates
1.4. User certificates
2. Configuring
2.1. Configure SimpleCA for multiple machines
3. Deploying
4. Testing
5. Security Considerations
6. Troubleshooting
8. GridFTP Admin Guide
1. Building and Installing
1.1. Building only GridFTP and Utilities
1.2. Building only the GridFTP server
1.3. Building only the GridFTP client
1.4. Building only the GridFTP SDK
1.5. Building a combination of GridFTP elements
1.6. Building and Installing a static GridFTP server
2. Configuring
2.1. GridFTP server configuration overview
2.2. GridFTP server configuration options
2.3. Configuring the GridFTP server to run under xinetd/inetd
2.4. Configuring GridFTP to run with the Community Authorization Service (CAS)
3. Deploying the GridFTP Server: globus-gridftp-server
3.1. Running in daemon mode
3.2. Running under inetd or xinetd
3.3. Remote data-nodes and striped operation
3.4. Separation of Processes
4. Testing
5. Security Considerations
5.1. Two ways to configure your server
5.2. New authentication options
5.3. Firewall requirements
6. Troubleshooting
6.1. Establish control channel connection
6.2. Try running globus-url-copy
6.3. If your server starts...
7. Usage statistics collection by the Globus Alliance
9. Java WS Core Admin Guide
1. Building and Installing
1.1. Building from source
1.2. Installing Core-only binary distribution
2. Configuring
2.1. Configuration overview
2.2. Syntax of the interface:
3. Deploying
3.1. Java WS Core container
3.2. Deploying into Tomcat
4. Testing
5. Security Considerations
5.1. Permissions of service configuration files
5.2. Permissions of persistent data
5.3. Invocation of non-public service functions
6. Troubleshooting
6.1. globus-stop-container fails with an authorization error
6.2. globus-start-container hangs during startup
6.3. Programs fail with java.lang.NoClassDefFoundError: javax/security/... errors
6.4. ConcurrentModificationException in Tomcat 5.0.x
6.5. java.net.SocketException: Invalid argument or cannot assign requested address
6.6. General troubleshooting information
7. Usage statistics collection by the Globus Alliance
10. RFT Admin Guide
1. Building and Installing
2. Configuring
2.1. Configuration overview
2.2. Syntax of the interface
2.3. Required configuration: configuring the PostgreSQL database
2.4. RFT auto-registration with default WS MDS Index Service
2.5. Registering RFT manually with default WS MDS Index Service
3. Using MySQL
4. Deploying
4.1. Deploying into Tomcat
5. Testing
6. Security Considerations
6.1. Permissions of service configuration files
6.2. Access of information stored in the database
6.3. Permissions of persistent data
7. Troubleshooting
7.1. PostgreSQL not configured
7.2. More verbose error messages
7.3. RFT fault-tolerance and recovery
8. Usage statistics collection by the Globus Alliance
11. WS GRAM Admin Guide
1. Building and Installing
1.1. Installation Requirements
2. Configuring
2.1. Typical Configuration
2.2. Non-default Configuration
2.3. Locating configuration files
2.4. Web service deployment configuration
2.5. JNDI application configuration
2.6. Security descriptor
2.7. GRAM and GridFTP file system mapping
2.8. Scheduler-Specific Configuration Files
2.9. WS GRAM auto-registration with default WS MDS Index Service
2.10. Registering WS GRAM manually with default WS MDS Index Service
2.11. Configuring support for SoftEnv
2.12. Job Description Document Substitution Variables
2.13. Audit Logging
3. Deploying
3.1. Deploying in Tomcat
4. Job Description Extensions Support
4.1. Requirements for Extensions Support
4.2. Supported Extension Constructs
4.3. Customizing Extensions Support
5. Testing
6. Security Considerations
7. Troubleshooting
8. Usage statistics collection by the Globus Alliance
12. GSI-OpenSSH Admin Guide
1. Building and Installing
1.1. Optional Build-Time Configuration
1.2. Building and Installing only GSI-OpenSSH
2. Configuring
3. Deploying
4. Testing
5. Security Considerations
6. Troubleshooting
13. MyProxy Admin Guide
1. Building and Installing
1.1. Building and Installing only MyProxy
2. Configuring
3. Deploying
4. Testing
5. Security Considerations
6. Troubleshooting
14. CAS Admin Guide
1. Building and Installing
2. Configuring
2.1. Configuration overview
2.2. Loading the CAS service at start up
2.3. Changing the maximum assertion lifetime
2.4. Configuring database backend
2.5. Configuring security descriptor
2.6. Configuring with a GridFTP Server
2.7. CAS auto-registration with default WS MDS Index Service
2.8. Registering CAS manually with default WS MDS Index Service
3. Deploying
3.1. Obtaining credentials for the CAS service
3.2. Database installation and configuration
3.3. Deploying into Tomcat
4. Testing
4.1. Testing the back end database module
4.2. Testing the CAS service module
5. Example of CAS Server Administration
5.1. Adding a user group
5.2. Adding a trust anchor
5.3. Adding users
5.4. Adding users to a user group
5.5. Adding a new FTP server
5.6. Creating an object group
5.7. Adding members to an object group
5.8. Adding service types
5.9. Adding action mappings
5.10. Granting permissions
6. Security Considerations
7. Troubleshooting
7.1. Database connectivity errors
7.2. Credential Errors
7.3. Some tools to validate certificate setup
15. RLS Admin Guide
1. Building and Installing
2. Configuring
2.1. Configuration overview
2.2. Syntax of the interface
3. Deploying
4. Testing
5. Security Considerations
6. Troubleshooting
7. Usage statistics collection by the Globus Alliance
A. Building and Installing RLS
1. Requirements
2. Setting environment variables
3. Installing iODBC
3.1. Run the install commands
3.2. Create the odbc.ini file
3.3. Changing how clients connect to the server (for MySQL only)
4. Installing the relational database
4.1. Using PostgreSQL
4.2. Using MySQL
5. Installing the RLS Server
6. Configuring the RLS Database
6.1. Creating a user and password
6.2. Choosing database for RLS server
6.3. Configuring database schema
6.4. Creating the database(s)
7. Configuring the RLS Server
8. Starting the RLS Server
8.1. Notes on RLS Initialization
9. Stopping the RLS Server
10. Configuring the RLS Server for the MDS2 GRIS
11. Configuring the RLS Server for the WS MDS Index Service
12. RedHat 9 Incompatibility
12.1. Probable cause
12.2. Suggested workaround
B. Packaging details
1. The makefile
2. The Grid Packaging Toolkit
3. Picking a flavor for a source installation
4. Using globus-makefile-header with a binary distribution
Java WS Core Glossary
Security Glossary
GridFTP Glossary
RLS Glossary
MDS4 Glossary
WS GRAM Glossary

List of Tables

5.1. CA files
5.2. Certificate request configuration files
5.3. Certificate request files
7.1. CA Name components
8.1. Informational Options
8.2. Modes of Operation
8.3. Authentication, Authorization, and Security Options
8.4. Logging Options
8.5. Single and Striped Remote Data Node Options
8.6. Disk Options
8.7. Network Options
8.8. Timeouts
8.9. User Messages
8.10. Module Options
8.11. Other
9.1. General configuration parameters
9.2. Standalone/embedded container-specific configuration parameters
9.3. Default container thread pool settings
9.4. Default container thread pool settings (GT 4.0.3+ only)
9.5. Axis Standard Parameters
9.6. Java WS Core Parameters
9.7. ResourceHomeImpl parameters
11.1. Scheduler-Specific Configuration Files
12.1. GSI-OpenSSH build arguments
13.1. myproxy-server.config lines
14.1. Database parameters
14.2. Command line options
14.3. Test database properties
14.4. Test properties
15.1. Settings
A.1. RLS Build Environment Variables
   Next
   Chapter 1. Introduction