John Kewley

CCLRC Daresbury Laboratory

NW-GRID Training Event

25th January 2007

Accessing the NW-GRID(from Linux)

John KewleyGrid Technology Group

E-Science CentreCCLRC Daresbury Laboratory

j.kewley@dl.ac.uk

John Kewley

CCLRC Daresbury Laboratory

NW-GRID Training Event

25th January 2007

Talk outlineTalk outline

1. Requirements for using the NW-GRID

2. GROWL Scripts

3. Installing client middleware (for Linux)

4. Certificate manipulation

5. Problems with firewalls

6. Registering for NW-GRID

John Kewley

CCLRC Daresbury Laboratory

NW-GRID Training Event

25th January 2007

Requirements for accessRequirements for access

To access the NW-Grid, you will need:

1. Client-side middleware on the accessing computer (unless you intend using only browser/portal technology)

2. An e-science certificate in an appropriate format

3. No firewalls "in the way" between your client and the grid resource

4. The Distinguished Name (DN) from your certificate registered with the NW-Grid machine

GROWL can help with the first two of these

John Kewley

CCLRC Daresbury Laboratory

NW-GRID Training Event

25th January 2007

GROWL ScriptsGROWL Scripts

GROWL tries to address the three barriers that newcomers find when using the Grid for the first time:

1. Setting up the client-side middleware

2. Handling of certificates

3. Job submission in the presence of firewalls

We will only concern ourselves with the first 2 of these for now.

John Kewley

CCLRC Daresbury Laboratory

NW-GRID Training Event

25th January 2007

Client Middleware: ProblemsClient Middleware: Problems

• Typically need to be root to install• Software must be downloaded from various

locations (unless software stacks such as OMII / VDT is used)

• There are many choices for type of installation (too many options?)

John Kewley

CCLRC Daresbury Laboratory

NW-GRID Training Event

25th January 2007

Installing Grid middlewareInstalling Grid middleware

GROWL scripts provide an alternative way of installing Grid middleware on your client Linux machine to that given on the NGS website:

Advantages:

• Don't need to be a privileged user

• Will download client middleware packages for your system (assuming it is supported)

• Minimal setup/configuration

• About 10–15 mins (if all goes well !)

John Kewley

CCLRC Daresbury Laboratory

NW-GRID Training Event

25th January 2007

VDTVDT

The Virtual Data Toolkit (VDT) is an easy to install and configure ensemble of grid middleware.

http://vdt.cs.wisc.edu

GROWL Scripts installs the globus client from VDT, as well as gsi-enabled openssl and all well-trusted CA certificates.

John Kewley

CCLRC Daresbury Laboratory

NW-GRID Training Event

25th January 2007

Installing Grid middlewareInstalling Grid middleware

1. Download GROWL Scripts

cd

wget http://www.growl.org.uk/Growl.tar.gz

2. Install into home directory

tar -zxvf Growl.tar.gz

3. Build VDT client (a software distribution that includes globus)

cd Growl; make VDT

4. Before using any GROWL Scripts, use

source ~/Growl/setup.sh

John Kewley

CCLRC Daresbury Laboratory

NW-GRID Training Event

25th January 2007

Certificate installationCertificate installation

1. Download certificate into your browser

2. Export certificate as .p12 (on Linux) or .pfx (on Windows) format and move to the Grid client machine (Linux for now)

3. Convert certificate to correct format using openssl, change file permissions and install into correct directory

John Kewley

CCLRC Daresbury Laboratory

NW-GRID Training Event

25th January 2007

GROWL Scripts + CertificatesGROWL Scripts + Certificates

Certificate manipulation

• Hard to remember openssl commands are wrapped for you

– Fewer passwords to be entered

– Correct file and directory permissions are applied

John Kewley

CCLRC Daresbury Laboratory

NW-GRID Training Event

25th January 2007

Use of Use of mk-certmk-cert$ openssl pkcs12 –in \ mykey.p12 \ -clcerts –nokeys \ -out usercert.pem <Pass1> <Pass2> <Pass2> [confirm]

$ openssl pkcs12 –in \ mykey.p12 –nocerts \ -out userkey.pem <Pass1>

$ chmod 444 usercert.pem$ chmod 400 userkey.pem

$ mv userkey.pem ~/.globus$ mv usercert.pem ~/.globus$ chmod 700 ~/.globus

$ mk-cert mykey.p12 <Pass1> [<Pass2>]

John Kewley

CCLRC Daresbury Laboratory

NW-GRID Training Event

25th January 2007

Globus + FirewallsGlobus + Firewalls

Client Grid Resource

globus-job-run

Results

gsiscp

jobmanager

sshd

globus-job-run

gsissh /gsissh-term

John Kewley

CCLRC Daresbury Laboratory

NW-GRID Training Event

25th January 2007

Registering to use NW-GRIDRegistering to use NW-GRID

There is a web registration form for NW-GRID. This will :

• give you a common username (e.g. nwdljk)

• register your DN

/C=UK/O=eScience/OU=CLRC/L=DL/CN=john kewley

• open firewalls for your client machine(s) to access the NW-GRID nodes.

http://www.nw-grid.ac.uk/?q=nwguser/regForm

John Kewley

CCLRC Daresbury Laboratory

NW-GRID Training Event

25th January 2007

Requirements for access - SummaryRequirements for access - Summary

To access the NW-Grid, you will need:

1. Client-side middleware on the accessing computer (unless you intend using only browser/portal technology)

2. An e-science certificate in an appropriate format

3. No firewalls "in the way" between your client and the grid resource

4. The Distinguished Name (DN) from your certificate registered with the NW-Grid machine

GROWL can help with the first two of these