|
|
|
|
Globus Socket Configuration
- Client-side Globus socket configuration
Client program is run using DOEGrids Personal Certificate.
If you plan on running your client program using your DOEGrids Personal
Certificate, please make sure you have already applied and retrieved your
certificate first.
Please visit
iVDGL Registration Authority web site or follow this
link
directly for further instructions on how to apply and retrieve your DOEGrids
personal certificates.
Once you're completed the above step, then you should place your
usercert.pem
and userkey.pem in your
.globus directory on your
Globus home machine.
Please make sure that you have access to the CA certificates and
associated file trusted by the Globus installation. Depending on your
Globus installation method, they are stored in the following
directory:
- /etc/grid-security/certificates
Or, in your .globus directory on your Globus home
machine.
For LDAS, the certificates directory should contain the following files:
-rw-r--r-- 1 ldas ldas 2289 Jan 31 09:58 d1b603c3.signing_policy
-rw-r--r-- 1 ldas ldas 42 Jan 31 09:58 d1b603c3.crl_url
-rw-r--r-- 1 ldas ldas 1448 Jan 31 09:58 d1b603c3.0
-rw-r--r-- 1 ldas ldas 2314 Jan 31 09:58 1c3f2ca8.signing_policy
-rw-r--r-- 1 ldas ldas 44 Jan 31 09:58 1c3f2ca8.ldap
-rw-r--r-- 1 ldas ldas 41 Jan 31 09:58 1c3f2ca8.crl_url
-rw-r--r-- 1 ldas ldas 1436 Jan 31 09:58 1c3f2ca8.0
Client program is run using DOEGrids Service Certificate.
If you are planning to run your client program using your DOEGrids Service
Certificate, please make sure you check with your site system administrator
whether or not the service certificate for the host machine has been
generated. Normally, the service certificate is stored in the following
directory:
- /etc/grid-security
In the case of LDAS, LDAS service certificate consists of
ldascert.pem which is the public key and ldaskey.pem
which is the private key and the certificate is stored in the following
directory:
- /ldas_outgoing/grid-security/
Please make sure that you have access to the CA certificates and
associated file trusted by the Globus installation. Depending on your
Globus installation method, they are stored in the following
directory:
- /etc/grid-security/certificates
Or, in the case of LDAS, the certificates directory is in the following
directory:
- /ldas_outgoing/grid-security/certificates
and should contain the following files:
-rw-r--r-- 1 ldas ldas 2289 Jan 31 09:58 d1b603c3.signing_policy
-rw-r--r-- 1 ldas ldas 42 Jan 31 09:58 d1b603c3.crl_url
-rw-r--r-- 1 ldas ldas 1448 Jan 31 09:58 d1b603c3.0
-rw-r--r-- 1 ldas ldas 2314 Jan 31 09:58 1c3f2ca8.signing_policy
-rw-r--r-- 1 ldas ldas 44 Jan 31 09:58 1c3f2ca8.ldap
-rw-r--r-- 1 ldas ldas 41 Jan 31 09:58 1c3f2ca8.crl_url
-rw-r--r-- 1 ldas ldas 1436 Jan 31 09:58 1c3f2ca8.0
LDAS Note:
Please make sure you define the following Tcl variables and set them
appropriately:
- ::X509_CERT_DIR: /ldas_outgoing/grid-security/certificates.
- ::X509_USER_CERT: /ldas_outgoing/grid-security/ldascert.pem.
- ::X509_USER_KEY: /ldas_outgoing/grid-security/ldaskey.pem.
Make sure a Tcl variable named ::SERVICE_NAME is set when running LDAS.
-
::SERVICE_NAME: ldas.
Note:
If you do not define the variable, then your client program is going to use
host certificate for GSI authentication.
Make sure GSI socket option is enabled.
For example, the following command creates GSI-enabled Globus
client socket:
set socket [ gt_xio_socket -gsi_auth_enabled \
ldas-dev.ligo.caltech.edu 35000 ]
Make sure your LDAS server node name defined as
fully-qualified domain name (FQDN) including the domain
(eg. xxx.ligo.caltech.edu)
Normally the gateway host on which the managerAPI and cntlmonAPI reside
is the one that needs to be referred to via FQDN node name.
- Server-side Globus socket configuration
Make sure host credentials are in place.
If you plan on running Globus-enabled server programs on your host
machine, you will need to have host credentials installed.
Please check with your site administrator whether or not the server
machine has host credentials.
Host credentials are the combination of a host certificate called
hostcert.pem and its corresponding private key called
hostkey.pem. Normally, the files are stored in the following
directory:
- /etc/grid-security
LDAS Note:
In the case of LDAS, LDAS uses service credentials instead of host
credentials. LDAS service credentials consist of a service certificate
called ldascert.pem and its corresponding private key called
ldaskey.pem. The files must be placed in the following
directory:
- /ldas_outgoing/grid-security
and they must be defined as Tcl variables in order for LDAS to be able to
use them.
- ::X509_USER_KEY: /ldas_outgoing/grid-security/ldaskey.pem
- ::X509_USER_CERT: /ldas_outgoing/grid-security/ldascert.pem
Make sure the CA certificates and and associated file
trusted by the Globus installation are also in place.
Please make sure that you have access to the CA certificates and
associated file trusted by the Globus installation. Depending on your
Globus installation method, they are stored in the following
directory:
- /etc/grid-security/certificates
Or, in the case of LDAS, the certificates directory is in the following
directory:
- /ldas_outgoing/grid-security/certificates
and should contain the following files:
-rw-r--r-- 1 ldas ldas 2289 Jan 31 09:58 d1b603c3.signing_policy
-rw-r--r-- 1 ldas ldas 42 Jan 31 09:58 d1b603c3.crl_url
-rw-r--r-- 1 ldas ldas 1448 Jan 31 09:58 d1b603c3.0
-rw-r--r-- 1 ldas ldas 2314 Jan 31 09:58 1c3f2ca8.signing_policy
-rw-r--r-- 1 ldas ldas 44 Jan 31 09:58 1c3f2ca8.ldap
-rw-r--r-- 1 ldas ldas 41 Jan 31 09:58 1c3f2ca8.crl_url
-rw-r--r-- 1 ldas ldas 1436 Jan 31 09:58 1c3f2ca8.0
LDAS Note:
Please define a Tcl variable and set it to the above
directory as follows:
::X509_CERT_DIR: /ldas_outgoing/grid-security/certificates
Make sure -gsi_auth_enabled option is used to enable GSI authentication.
For example, the following command creates GSI-enabled Globus
listening socket:
set listenSocket [ gt_xio_socket -server Accept -gsi_auth_enabled \
-myaddr localhost 35000 ]
|
|
|