Notes on installing Globus Toolkit - 4.2 on $HOME dir of cheaha.uabgrid.uab.edu
Following instructions from

• http://globus.org/toolkit/docs/4.2/4.2.0/admin/quickstart/index.html
• http://globus.org/toolkit/docs/4.2/4.2.0/admin/install/index.html
• http://dev.uabgrid.uab.edu/uabgrid-stage/wiki/BuildTheStage#InstallGlobus

Software Prerequisites

Ref: http://globus.org/toolkit/docs/4.2/4.2.0/admin/install/gtadmin-prereq.html#gtadmin-prereq-required

Required Software

The following components are required software. Listed beside each component the command to check existence of the component on cheaha.uabgrid.uab.edu

• Globus Toolkit installer. I have downloaded the source distribution of Globus Toolkit-4.2 from http://www-unix.globus.org/toolkit/survey/index.php?download=gt4.2.0-all-source-installer.tar.bz2 onto $HOME/dist
• Make sure Java is installed

  [ppreddy@cheaha ~]$ echo $JAVA_HOME
  /usr/java/jdk1.5.0_10 
  

• Ant 1.6.2+

  [ppreddy@cheaha ~]$ echo $ANT_HOME
  /opt/rocks
  [ppreddy@cheaha ~]$ ant -version
  Apache Ant version 1.6.5 compiled on June 2 2005
  

• C/C++ compilers

  [ppreddy@cheaha ~]$ which gcc
  /usr/bin/gcc
  [ppreddy@cheaha ~]$ gcc -v
  gcc version 4.1.2 20070626 (Red Hat 4.1.2-14)
  [ppreddy@cheaha ~]$ which g++
  /usr/bin/g++
  [ppreddy@cheaha ~]$ g++ -v
  gcc version 4.1.2 20070626 (Red Hat 4.1.2-14)
  

• tar/make/sed utilities

  [ppreddy@cheaha ~]$ tar --version
  tar (GNU tar) 1.15.1
  [ppreddy@cheaha ~]$ make --version
  GNU Make 3.81
  Copyright (C) 2006  Free Software Foundation, Inc.
  This is free software; see the source for copying conditions.
  There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A
  PARTICULAR PURPOSE.
  
  This program built for x86_64-redhat-linux-gnu
  [ppreddy@cheaha ~]$ sed --version
  GNU sed version 4.1.5
  Copyright (C) 2003 Free Software Foundation, Inc.
  This is free software; see the source for copying conditions.  There is NO
  warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE,
  to the extent permitted by law.
  

• zlib - compression/decompression library

  [ppreddy@cheaha ~]$ rpm -qa | grep zlib
  zlib-1.2.3-3
  zlib-devel-1.2.3-3
  zlib-1.2.3-3
  

• sudo and XML parser for GRAM

  [ppreddy@cheaha ~]$ sudo -V
  Sudo version 1.6.8p12
  [ppreddy@cheaha ~]$ rpm -qa | grep Parser
  perl-XML-Parser-2.34-6.1.2.2.1
  foundation-perl-HTML-Parser-3.55-1
  foundation-perl-XML-Parser-2.34-1
  

• openssl

  [ppreddy@cheaha ~]$ openssl version
  OpenSSL 0.9.8b 04 May 2006
  

• gpt-3.2autotools2004 - shipped with GT-4.2 installer

Basic Installation

Ref: http://globus.org/toolkit/docs/4.2/4.2.0/admin/install/gtadmin-install.html#id2540808

• Renamed the original unpacked globus install directory from gt4.2.0-all-source-installer to globus-4.2.0
• Set the environment variable, GLOBUS_LOCATION as:

  [ppreddy@cheaha globus-4.2.0]$ export GLOBUS_LOCATION=/home/ppreddy/src/globus-4.2.0
  [ppreddy@cheaha globus-4.2.0]$
  

• Globus configure (with destination dir as /home/ppreddy/src/globus-4.2.0)

  [ppreddy@cheaha globus-4.2.0]$ ./configure --prefix=/home/ppreddy/src/globus-4.2.0
  checking build system type... x86_64-unknown-linux-gnu
  checking for javac... /usr/java/jdk1.5.0_10/bin/javac
  checking for ant... /opt/rocks/bin/ant
  configure: creating ./config.status
  config.status: creating Makefile
  

• Run make and make install

  [ppreddy@cheaha globus-4.2.0]$ make | tee build.log
  [ppreddy@cheaha globus-4.2.0]$ make install | tee install.log
  

  The above two builds being successful, proceeded to certificate creation

Obtain Host Certificates

Ref: http://globus.org/toolkit/docs/4.2/4.2.0/admin/install/gtadmin-basic-security.html#gtadmin-basic-host

• As this is a $HOME dir installation, creating a SimpleCA for now. Ref: http://globus.org/toolkit/docs/4.2/4.2.0/admin/install/gtadmin-simpleca.html#gtadmin-simpleca-usercert. Just followed the steps given in this link.

  [ppreddy@cheaha globus-4.2.0]$ $GLOBUS_LOCATION/setup/globus/setup-simple-ca
  
  WARNING: GPT_LOCATION not set, assuming:
           GPT_LOCATION=/home/ppreddy/src/globus-4.2.0
  
      C e r t i f i c a t e    A u t h o r i t y    S e t u p
  
  This script will setup a Certificate Authority for signing Globus
  users certificates.  It will also generate a simple CA package
  that can be distributed to the users of the CA.
  
  The CA information about the certificates it distributes will
  be kept in:
  
  /home/ppreddy/.globus/simpleCA/
  
  The unique subject name for this CA is:
  
  cn=Globus Simple CA, ou=simpleCA-cheaha.uabgrid.uab.edu, ou=GlobusTest, o=Grid
  
  Do you want to keep this as the CA subject (y/n) [y]:y
  
  Enter the email of the CA (this is the email where certificate
  requests will be sent to be signed by the CA):ppreddy@uab.edu
  
  The CA certificate has an expiration date. Keep in mind that
  once the CA certificate has expired, all the certificates
  signed by that CA become invalid.  A CA should regenerate
  the CA certificate and start re-issuing ca-setup packages
  before the actual CA certificate expires.  This can be done
  by re-running this setup script.  Enter the number of DAYS
  the CA certificate should last before it expires.
  [default: 5 years (1825 days)]:
  
  Enter PEM pass phrase:
  Verifying - Enter PEM pass phrase:
  
  creating CA config package...done.
  
  A self-signed certificate has been generated
  for the Certificate Authority with the subject:
  
  /O=Grid/OU=GlobusTest/OU=simpleCA-cheaha.uabgrid.uab.edu/CN=Globus Simple CA
  
  If this is invalid, rerun this script
  
  /home/ppreddy/src/globus-4.2.0/setup/globus/setup-simple-ca
  
  and enter the appropriate fields.
  
  -------------------------------------------------------------------
  
  The private key of the CA is stored in /home/ppreddy/.globus/simpleCA//private/cakey.pem
  The public CA certificate is stored in /home/ppreddy/.globus/simpleCA//cacert.pem
  
  The distribution package built for this CA is stored in
  
  /home/ppreddy/.globus/simpleCA//globus_simple_ca_d12b7303_setup-0.20.tar.gz
  
  This file must be distributed to any host wishing to request
  certificates from this CA.
  
  CA setup complete.
  
  The following commands will now be run to setup the security
  configuration files for this CA:
  
  $GLOBUS_LOCATION/sbin/gpt-build /home/ppreddy/.globus/simpleCA//globus_simple_ca_d12b7303_setup-0.20.tar.gz
  
  $GLOBUS_LOCATION/sbin/gpt-postinstall
  -------------------------------------------------------------------
  
  setup-ssl-utils: Configuring ssl-utils package
  Running setup-ssl-utils-sh-scripts...
  
  ***************************************************************************
  
  Note: To complete setup of the GSI software you need to run the
  following script as root to configure your security configuration
  directory:
  
  /home/ppreddy/src/globus-4.2.0/setup/globus_simple_ca_d12b7303_setup/setup-gsi
  
  For further information on using the setup-gsi script, use the -help
  option.  The -default option sets this security configuration to be
  the default, and -nonroot can be used on systems where root access is
  not available.
  
  ***************************************************************************
  
  setup-ssl-utils: Complete
  
  [ppreddy@cheaha globus-4.2.0]$ /home/ppreddy/src/globus-4.2.0/setup/globus_simple_ca_d12b7303_setup/setup-gsi -default -nonroot
  setup-gsi: Configuring GSI security
  Making trusted certs directory: /home/ppreddy/src/globus-4.2.0/share/certificates/
  mkdir /home/ppreddy/src/globus-4.2.0/share/certificates/
  Installing /home/ppreddy/src/globus-4.2.0/share/certificates//grid-security.conf.d12b7303...
  Running grid-security-config...
  Installing Globus CA certificate into trusted CA certificate directory...
  Installing Globus CA signing policy into trusted CA certificate directory...
  setup-gsi: Complete
  

• Request and sign Host certificate

  [ppreddy@cheaha globus-4.2.0]$ grid-cert-request -host cheaha.uabgrid.uab.edu
  Generating a 1024 bit RSA private key
  ...++++++
  ................++++++
  writing new private key to '/home/ppreddy/src/globus-4.2.0/etc/hostkey.pem'
  -----
  You are about to be asked to enter information that will be incorporated
  into your certificate request.
  What you are about to enter is what is called a Distinguished Name or a DN.
  There are quite a few fields but you can leave some blank
  For some fields there will be a default value,
  If you enter '.', the field will be left blank.
  -----
  
  A private host key and a certificate request has been generated
  with the subject:
  
  /O=Grid/OU=GlobusTest/OU=simpleCA-cheaha.uabgrid.uab.edu/CN=host/cheaha.uabgrid.uab.edu
  
  ----------------------------------------------------------
  
  The private key is stored in /home/ppreddy/src/globus-4.2.0/etc/hostkey.pem
  The request is stored in /home/ppreddy/src/globus-4.2.0/etc/hostcert_request.pem
  
  Please e-mail the request to the Globus Simple CA ppreddy@uab.edu
  You may use a command similar to the following:
  
   cat /home/ppreddy/src/globus-4.2.0/etc/hostcert_request.pem | mail ppreddy@uab.edu
  
  Only use the above if this machine can send AND receive e-mail. if not, please
  mail using some other method.
  
  Your certificate will be mailed to you within two working days.
  If you receive no response, contact Globus Simple CA at ppreddy@uab.edu
  [ppreddy@cheaha globus-4.2.0]$ cat /home/ppreddy/src/globus-4.2.0/etc/hostcert_request.pem | mail ppreddy@uab.edu
  
  [ppreddy@cheaha globus-4.2.0]$ grid-ca-sign -in ./etc/hostcert_request.pem -out ./etc/hostsigned.pem
  
  To sign the request
  please enter the password for the CA key:
  
  The new signed certificate is at: /home/ppreddy/.globus/simpleCA//newcerts/01.pem
  

• Request and sign User certificates

  [ppreddy@cheaha globus-4.2.0]$ grid-cert-request
  A certificate request and private key is being created.
  You will be asked to enter a PEM pass phrase.
  This pass phrase is akin to your account password,
  and is used to protect your key file.
  If you forget your pass phrase, you will need to
  obtain a new certificate.
  
  Generating a 1024 bit RSA private key
  ..............++++++
  ..........................++++++
  writing new private key to '/home/ppreddy/.globus/userkey.pem'
  Enter PEM pass phrase:
  Verifying - Enter PEM pass phrase:
  -----
  You are about to be asked to enter information that will be incorporated
  into your certificate request.
  What you are about to enter is what is called a Distinguished Name or a DN.
  There are quite a few fields but you can leave some blank
  For some fields there will be a default value,
  If you enter '.', the field will be left blank.
  -----
  Level 0 Organization [Grid]:Level 0 Organizational Unit [GlobusTest]:Level 1 Organizational Unit [simpleCA-cheaha.uabgrid.uab.edu]:Level 2 Organizational Unit [uabgrid.uab.edu]:Name (e.g., John M. Smith) []:
  
  A private key and a certificate request has been generated with the subject:
  
  /O=Grid/OU=GlobusTest/OU=simpleCA-cheaha.uabgrid.uab.edu/OU=uabgrid.uab.edu/CN=Poornima Pochana
  
  If the CN=Poornima Pochana is not appropriate, rerun this
  script with the -force -cn "Common Name" options.
  
  Your private key is stored in /home/ppreddy/.globus/userkey.pem
  Your request is stored in /home/ppreddy/.globus/usercert_request.pem
  
  Please e-mail the request to the Globus Simple CA ppreddy@uab.edu
  You may use a command similar to the following:
  
    cat /home/ppreddy/.globus/usercert_request.pem | mail ppreddy@uab.edu
  
  Only use the above if this machine can send AND receive e-mail. if not, please
  mail using some other method.
  
  Your certificate will be mailed to you within two working days.
  If you receive no response, contact Globus Simple CA at ppreddy@uab.edu
  
  [ppreddy@cheaha globus-4.2.0]$ cat /home/ppreddy/.globus/usercert_request.pem | mail ppreddy@uab.edu
  
  [ppreddy@cheaha globus-4.2.0]$ grid-ca-sign -in ~/.globus/usercert_request.pem -out signed.pem
  
  To sign the request
  please enter the password for the CA key:
  
  The new signed certificate is at: /home/ppreddy/.globus/simpleCA//newcerts/02.pem
  
  [ppreddy@cheaha globus-4.2.0]$ cp signed.pem ~/.globus/usercert.pem
  
  

• Verify the SimpleCA certificate installation

  [ppreddy@cheaha globus-4.2.0]$ grid-proxy-init -debug -verify
  
  User Cert File: /home/ppreddy/.globus/usercert.pem
  User Key File: /home/ppreddy/.globus/userkey.pem
  
  Trusted CA Cert Dir: /home/ppreddy/src/globus-4.2.0/share/certificates
  
  Output File: /tmp/x509up_u2018
  Your identity: /O=Grid/OU=GlobusTest/OU=simpleCA-cheaha.uabgrid.uab.edu/OU=uabgrid.uab.edu/CN=Poornima Pochana
  Enter GRID pass phrase for this identity:
  Creating proxy ...................++++++++++++
  .......................++++++++++++
   Done
  Proxy Verify OK
  Your proxy is valid until: Fri Sep 12 00:31:48 2008
  

Globus Services Configuration

• At this point, logged out, logged into cheaha.uabgrid.uab.edu and verified the Globus environment

  >$GLOBUS_LOCATION/bin/grid-cert-info
  >$GLOBUS_LOCATION/bin/grid-proxy-info