Table of Contents
This guide contains advanced configuration information for system administrators working with GTCP. It provides references to information on procedures typically performed by system administrators, including installation, configuring, deploying, and testing the installation.
Important | |
---|---|
This information is in addition to the basic Globus Toolkit prerequisite, overview, installation, security configuration instructions in the GT 4.0 System Administrator's Guide. Read through this guide before continuing! |
To install GTCP:
Install the Globus Toolkit by doing one of the following:
- If you do not want to use any other Globus services, install the Globus Core source or binary distribution, following the directions in the GT4.0 Java WS Core System Administrator's Guide.
- If you want to use other Globus services, install the full Globus Toolkit, following the directions in the GT4.0 System Administrator's Guide.
- Set your GLOBUS_LOCATION environment variable to the directory in which the Globus Toolkit has been installed.
Install GTCP, either from a distribution file or from source:
To install from a distribution file (the GTCP distribution file can be found in the "contrib" directory in the full Globus distribution), run:
$GLOBUS_LOCATION/sbin/gpt-build gt4-gtcp-0.1-src_bundle.tar.gz
To install from CVS, do the following:
setenv CVSROOT :pserver:[email protected]:/home/globdev/CVS/globus-packages cvs co playground/telecontrol cd playground/telecontrol/gtcp ant
The following parameters, set in
$GLOBUS_LOCATION/etc/globus_telecontrol_gtcp_service/server-config.wsdd
, are used to configure GTCP:
Table 1. GTCP configuration parameters
Name | Meaning |
---|---|
gtcpBackendFactory | Name of the desired GTCP plugin class. |
isSecure | If true , GTCP will allow only users in the gridmap file to perform operations that change system state. |
gridMapFile | Name of the gridmap file to be used if isSecure is set. |
If you wish to run GTCP completely without security, then you must follow two steps:
In the file
$GLOBUS_LOCATION/etc/globus_telecontrol_gtcp_service/server-config.wsdd
, make sure that theisSecure
is set tofalse
and that thesecurityDescriptor
is set toetc/globus_telecontrol_gtcp_service/security_descriptor_nosec.xml
. In other words, change:<!-- For insecure operation, set "isSecure" to "false" and uncomment the securityDescriptor line. --> <parameter name="isSecure" value="true"/> <!-- <parameter name="securityDescriptor" value="etc/globus_telecontrol_gtcp_service/security_descriptor_nosec.xml"/> -->
to:
<!-- For insecure operation, set "isSecure" to "false" and uncomment the securityDescriptor line. --> <parameter name="isSecure" value="false"/> <parameter name="securityDescriptor" value="etc/globus_telecontrol_gtcp_service/security_descriptor_nosec.xml"/>
When you run globus-start-container, use the -nosec option, to tell Globus not to do transport-level security:
globus-start-container -nosec
Versions before 4.0.3 do not come with the global_security_descriptor
file. In those versions, the easiest way to run without security is to make sure that the isSecure
parameter is set to false
as described above, and to make sure there is no global security descriptor set.
To make sure there is no global security descriptor set,
look at the file
$GLOBUS_LOCATION/etc/globus_wsrf_core/server-config.wsdd
.
If you see an entry that looks like this:
<parameter name="containerSecDesc" value="etc/globus_wsrf_core/global_security_descriptor.xml"/>then you should comment it out:
<!--<parameter name="containerSecDesc" value="etc/globus_wsrf_core/global_security_descriptor.xml"/>-->
Then restart the container with the -nosec
flag as described above.
To run the GTCP tests, make sure that $GLOBUS_LOCATION is set and, if you're running with security, that you have a valid proxy certificate. Then start the GTCP server and run the unit tests:
To start the GTCP server, do the following:
cd $GLOBUS_LOCATION bin/globus-start-container
You may also want to use one or more of these command-line options
Table 2. Server command-line options
Option Effect -nosec Tells the Globus container not to do transport-level security -p 1234 Tells the Globus container to listen on port 1234 instead of the default port (which is 8443 if the -nosec option is specified, 8080 otherwise). Note: the GTCP server will continue to run in the foreground. You can also redirect the output to a file and run it in the background if you wish.
To run the unit tests, in another window, make sure that $GLOBUS_LOCATION is set correctly and run:
ant -f ${GLOBUS_LOCATION}/etc/globus_telecontrol_gtcp_service/build.xml \ -Dweb.server.url=your_container_base_url \ test-installed
where your_container_base_url is the base url of your Globus container (for example,
https://127.0.0.1:8443/wsrf/services/
).
If the test output ends with:
[junit] Tests run: 2, Failures: 0, Errors: 0, Time elapsed: 16.556 sec
then the tests have passed. Note: because the test code checks that illegal requests fail, it may print some error messages and cause the container to print some error messages and/or stack traces. This is normal; as long as the test output reports that it ran 2 tests with 0 failures and 0 errors, the tests have passed.
In some applications, control of physical equipment carries the risk of serious property damage or injury. These applications should implement operational security procedures and not rely solely on software security.