John Kewley CCLRC Daresbury Laboratory NW-GRID Training Event 25 th January 2007 Accessing the...
-
Upload
anna-lanman -
Category
Documents
-
view
213 -
download
0
Transcript of John Kewley CCLRC Daresbury Laboratory NW-GRID Training Event 25 th January 2007 Accessing the...
John Kewley
CCLRC Daresbury Laboratory
NW-GRID Training Event
25th January 2007
Accessing the NW-GRID(from Linux)
John KewleyGrid Technology Group
E-Science CentreCCLRC Daresbury Laboratory
John Kewley
CCLRC Daresbury Laboratory
NW-GRID Training Event
25th January 2007
Talk outlineTalk outline
1. Requirements for using the NW-GRID
2. GROWL Scripts
3. Installing client middleware (for Linux)
4. Certificate manipulation
5. Problems with firewalls
6. Registering for NW-GRID
John Kewley
CCLRC Daresbury Laboratory
NW-GRID Training Event
25th January 2007
Requirements for accessRequirements for access
To access the NW-Grid, you will need:
1. Client-side middleware on the accessing computer (unless you intend using only browser/portal technology)
2. An e-science certificate in an appropriate format
3. No firewalls "in the way" between your client and the grid resource
4. The Distinguished Name (DN) from your certificate registered with the NW-Grid machine
GROWL can help with the first two of these
John Kewley
CCLRC Daresbury Laboratory
NW-GRID Training Event
25th January 2007
GROWL ScriptsGROWL Scripts
GROWL tries to address the three barriers that newcomers find when using the Grid for the first time:
1. Setting up the client-side middleware
2. Handling of certificates
3. Job submission in the presence of firewalls
We will only concern ourselves with the first 2 of these for now.
John Kewley
CCLRC Daresbury Laboratory
NW-GRID Training Event
25th January 2007
Client Middleware: ProblemsClient Middleware: Problems
• Typically need to be root to install• Software must be downloaded from various
locations (unless software stacks such as OMII / VDT is used)
• There are many choices for type of installation (too many options?)
John Kewley
CCLRC Daresbury Laboratory
NW-GRID Training Event
25th January 2007
Installing Grid middlewareInstalling Grid middleware
GROWL scripts provide an alternative way of installing Grid middleware on your client Linux machine to that given on the NGS website:
Advantages:
• Don't need to be a privileged user
• Will download client middleware packages for your system (assuming it is supported)
• Minimal setup/configuration
• About 10–15 mins (if all goes well !)
John Kewley
CCLRC Daresbury Laboratory
NW-GRID Training Event
25th January 2007
VDTVDT
The Virtual Data Toolkit (VDT) is an easy to install and configure ensemble of grid middleware.
http://vdt.cs.wisc.edu
GROWL Scripts installs the globus client from VDT, as well as gsi-enabled openssl and all well-trusted CA certificates.
John Kewley
CCLRC Daresbury Laboratory
NW-GRID Training Event
25th January 2007
Installing Grid middlewareInstalling Grid middleware
1. Download GROWL Scripts
cd
wget http://www.growl.org.uk/Growl.tar.gz
2. Install into home directory
tar -zxvf Growl.tar.gz
3. Build VDT client (a software distribution that includes globus)
cd Growl; make VDT
4. Before using any GROWL Scripts, use
source ~/Growl/setup.sh
John Kewley
CCLRC Daresbury Laboratory
NW-GRID Training Event
25th January 2007
Certificate installationCertificate installation
1. Download certificate into your browser
2. Export certificate as .p12 (on Linux) or .pfx (on Windows) format and move to the Grid client machine (Linux for now)
3. Convert certificate to correct format using openssl, change file permissions and install into correct directory
John Kewley
CCLRC Daresbury Laboratory
NW-GRID Training Event
25th January 2007
GROWL Scripts + CertificatesGROWL Scripts + Certificates
Certificate manipulation
• Hard to remember openssl commands are wrapped for you
– Fewer passwords to be entered
– Correct file and directory permissions are applied
John Kewley
CCLRC Daresbury Laboratory
NW-GRID Training Event
25th January 2007
Use of Use of mk-certmk-cert$ openssl pkcs12 –in \ mykey.p12 \ -clcerts –nokeys \ -out usercert.pem <Pass1> <Pass2> <Pass2> [confirm]
$ openssl pkcs12 –in \ mykey.p12 –nocerts \ -out userkey.pem <Pass1>
$ chmod 444 usercert.pem$ chmod 400 userkey.pem
$ mv userkey.pem ~/.globus$ mv usercert.pem ~/.globus$ chmod 700 ~/.globus
$ mk-cert mykey.p12 <Pass1> [<Pass2>]
John Kewley
CCLRC Daresbury Laboratory
NW-GRID Training Event
25th January 2007
Globus + FirewallsGlobus + Firewalls
Client Grid Resource
globus-job-run
Results
gsiscp
jobmanager
sshd
globus-job-run
gsissh /gsissh-term
John Kewley
CCLRC Daresbury Laboratory
NW-GRID Training Event
25th January 2007
Registering to use NW-GRIDRegistering to use NW-GRID
There is a web registration form for NW-GRID. This will :
• give you a common username (e.g. nwdljk)
• register your DN
/C=UK/O=eScience/OU=CLRC/L=DL/CN=john kewley
• open firewalls for your client machine(s) to access the NW-GRID nodes.
http://www.nw-grid.ac.uk/?q=nwguser/regForm
John Kewley
CCLRC Daresbury Laboratory
NW-GRID Training Event
25th January 2007
Requirements for access - SummaryRequirements for access - Summary
To access the NW-Grid, you will need:
1. Client-side middleware on the accessing computer (unless you intend using only browser/portal technology)
2. An e-science certificate in an appropriate format
3. No firewalls "in the way" between your client and the grid resource
4. The Distinguished Name (DN) from your certificate registered with the NW-Grid machine
GROWL can help with the first two of these