Hawkgrid - Finalize Configuration

1. The Globus server tools require the following ports to be open

  • 2119 - Globus Gatekeeper
  • 2811 - Globus Gridftp
  • 2135 - Globus Informational Services (optional install from install page)
  • An ephemeral (short-lived) range for individual job and data connections
    (an analogous range would be data connections for an FTP server)
    • This port range is the environment variable $GLOBUS_TCP_PORT_RANGE
  • Depending on your setup you may need to configure
    • For iptables based firewalls see iptables documentation
    • For tcp_wrappers the following programs need to be inserted into /etc/hosts.allow
    • (note that if you already run a seperate non-globus in.ftpd or slapd, follow these instuctions for a fix)
      • globus-gatekeeper : <your_preffered_ip_address_range> :ALLOW
      • in.ftpd : <your_preffered_ip_address_range> :ALLOW
      • slapd : <your_preffered_ip_address_range> :ALLOW

2. Edit /etc/setvices to add gatekeeper and gsiftp as local services

gsigatekeeper 2119/tcp
gsiftp 2811/tcp

3. Add xinitd service for gatekeeper

Add a file called “gsigatekeeper” to the /etc/xinetd.d/ directory that has the following contents

(Be sure to replace GLOBUS_LOCATION below with the actual value of GLOBUS_LOCATION in your environment and 20000,25000 with your GLOBUS_TCP_PORT_RANGE)

service gsigatekeeper
{
  socket_type = stream
  protocol = tcp
  wait = no
  user = root
  env = LD_LIBRARY_PATH=GLOBUS_LOCATION/lib
  env += GLOBUS_TCP_PORT_RANGE=20000,25000
  server = GLOBUS_LOCATION/sbin/globus-gatekeeper
  server_args = -conf GLOBUS_LOCATION/etc/globus-gatekeeper.conf
  disable = no
}

4. Add xinitd service for gridftp

Add a file called “gsiftp” to the /etc/xinetd.d/ directory that has the following contents

(Be sure to replace GLOBUS_LOCATION below with the actual value of GLOBUS_LOCATION in your environment and 20000,25000 with your GLOBUS_TCP_PORT_RANGE)

service gsiftp
{
  instances = 1000
  socket_type = stream
  wait = no
  user = root
  env = LD_LIBRARY_PATH=GLOBUS_LOCATION/lib
  env += GLOBUS_TCP_PORT_RANGE=20000,25000
  server = GLOBUS_LOCATION/sbin/in.ftpd
  server_args = -l -a -G GLOBUS_LOCATION
  instances = 1000
  log_on_success += DURATION USERID
  log_on_failure += USERID
  nice = 10
  disable = no
}

5. To turn on the services, execute

    % /sbin/chkconfig gsiftp on
    % /sbin/chkconfig gsigatekeeper on

6. Restart xinitd

    % /etc/init.d/xinetd restart

7. If you installed the optional information serverices run

    % /etc/init.d/gris start

8. Add needed users to system

The users may request their user certificates using HawkGridCA.

Add distinguished name of users to the /etc/grid-security/grid-mapfile in the following format

"DN" localusername

(for example to map the user /O=grid/OU=UIowa/OU=HawkGrid/OU=eng.uiowa.edu/CN=Jesse Walters to the local user jwalters, insert the following line)

"/O=grid/OU=UIowa/OU=HawkGrid/OU=eng.uiowa.edu/CN=Jesse Walters" jwalters