_________________________________________________________________________________________________________
___________________________________________________________________________________________________________
Download the following files from www.globus.org into the directory ~/gridftp:
gpt-2.2.9-src.tar.gz
globus_data_management_client-2.4.0-src_bundle.tar.gz
globus_data_management_server-2.4.0-src_bundle.tar.gz
Create the following directories in /opt
datatag_gpt
datatag_globus
datatag_log
datatag_log/client
datatag_log/server
These are the directories where GridFTP will be installed
Before starting to install GridFTP the following environment variables have to be set up as root.
> export GLOBUS_LOCATION =/opt/datatag_globus
> export GPT_LOCATION=/opt/datatag_gpt
In the directory ~/gridftp first build gpt using the following commands:
> gzip –dc gpt-2.2.9-src.tar.gz | tar xf –
> cd gpt-2.2.9
> ./build_gpt
This will automatically build gpt in /opt/datatag_gpt
First build the Data-Manager client using the following command in the ~/gridftp directory (have to build client first):
> $GPT_LOCATION/sbin/gpt-build globus-data-management-client-2.4.0-src_bundle.tar.gz gcc32dbg -logdir=/opt/log/client
Then build the server using the following command in the ~/gridftp directory:
> $GPT_LOCATION/sbin/gpt-build globus-data-management-server-2.4.0-src_bundle.tar.gz gcc32dbg -logdir=/opt/log/server
gcc32dbg is called the flavour.
The last part of the commands (-logdir=/opt/log/name) is optional , it will put installation logs for the client and the server in the /opt/log directory.
Building Globus GridFTP will take 10 to 15 minutes maybe even longer depending on the machine being used.
To complete installation do the following commands:
> . $GLOBUS_LOCATION/etc/globus-user-env.sh
> $GPT_LOCATION/sbin/gpt-postinstall
> $GLOBUS_LOCATION/setup/globus/setup-gsi
> $GPT_LOCATION/sbin/gpt-verify
> . $GLOBUS_LOCATION/etc/globus-user-env.sh
Before running GridFTP the user has to acquire user-certificate, user-key for himself and host-certificates for each of the computers that GridFTP will run on. I acquired my certificates from CERN Certificate authority. The method of acquiring certificates from CERN CA is described below:
These are the steps to follow to issue a request for a new CERN CA user certificate:
> ssh -l username testbed001.cern.ch
> grid-cert-request
userkey.pem, usercert_request.pem
> mail cern-globus-ca@cern.ch -s "Certificate request" < /afs/cern.ch/user/a/afsuser/.globus/usercert_request.pem
The user-certificate will be sent to the user via email.
These are the steps to follow to issue a request for a new CERN CA host certificate:
> ssh -l afsuser testbed001.cern.ch
> grid-cert-request -host hostname.cern.ch -dir hostdir
userkey.pem, usercert_request.pem, usercert.pem
> mail cern-globus-ca@cern.ch -s "Certificate request" < hostdir/usercert_request.pem
The host-certificate will be sent to the user via email.
For more information on certificates visit the CERN CA website.
Once the certificates have been sent via email, change the name of the user-certificate to usercert.pem and the host-certificate to hostcert.pem.
A directory called .globus has to be built in the home directory of the user and then usercert.pem and userkey.pem must be copied into that directory, check that usercert.pem has access rights (-rw-r--r--) and userkey.pem has access rights (-r--------)..
The hostcert.pem has to be copied into the /etc/grid-security directory, check that hostcert.pem has the correct access rights (-rw-r--r--).
Now the latest CRL (Certificate Revocation List) list has to be downloaded into the directory /etc/grid-security/certificates. The latest CRL can be found on the website: http://datagrid.in2p3.fr/autobuild/rh6.2/rpmlist/, from here click on the latest alpha version (normally the top one in the alpha column) and then click on ca on the UI row. On top of the current page it will show the exact command to download the CRL, this commad will be something like :
Once this has been downloaded into the /etc/grid-security/certificates directory the CERN rpm package has to be installed by using the command:
> rpm --install ca_CERN-(version).noarch.rpm
In the /etc/grid-security directory in the file grid-mapfile the following has to be added (with the name changed):
“/O=Grid/O=CERN/OU=cern.ch/CN=Shakib Mostafa” shakib
The syntax matters, uppercases and spaces are vital.
A file called .gridmap has to be created in the users home directory, this file should contain the above line aswell.
Every single step with the certificates has to be done very carefully, it's very easy to forget one step and equally difficult to notice the mistake. To test that the certificates are set up properly, run the command:
> grid-proxy-init -debug -verify
This will ask for the pass phrase that was submitted when the user-certificate was requested. If all is well then a proxy certificate will be set up and the confirmation will be given.
GridFTP has to be run as the user not as root.
First set up the environment variables:
> export GLOBUS_LOCATION =/opt/datatag_globus
> export GPT_LOCATION=/opt/datatag_gpt
> . $GLOBUS_LOCATION/etc/globus-user-env.sh
Then grid-proxy-init has to be run to acquire proxy certificate.
> grid-proxy-init -debug -verify
Then start up the GridFTP server using the following command:
> $GLOBUS_LOCATION/sbin/in.ftpd -S -p 5678
5678 is the port to be dedicated to GridFTP.
To transfer files using GridFTP use the following commands:
> globus-url-copy -s "`grid-cert-info -subject`" gsiftp://localhost:5678/tmp/file1 file:///tmp/file2
or
> globus-url-copy -s "`grid-cert-info -subject`" file:///tmp/file2 gsiftp://192.91.239.5:5678/tmp/file3
or
> globus-url-copy -s "`grid-cert-info -subject`" file:///tmp/file3 gsiftp://localhost:5678/tmp/file4
file:// means a local file
gsiftp://localhost:portNo means file from the local host
gsiftp://hostIP:portNo is for transferring to other machines.
“`grid-cert-info –subject`” gives the cert path i.e. the user information written in grid-mapfile.
Once the GridFTP server has been started it will run until it is manually stopped: The way I used to do it is to log in as root to get the PID for the GridFTP server and stop it manually:
> su
> password:
> netstat -tnap
Proto Recv-Q Send-Q Local Address Foreign Adress State PID/Program name
tcp 0 0 0.0.0.0:1990 0.0.0.0:* Listen 1990/xinetd
tcp 0 0 0.0.0.0:5678 0.0.0.0:* Listen 2783/ftpd.acceptin
tcp 0 0 192.91.22.3 123.32.43.2 Established 1717/sshd
...
> kill 2783
Globus GridFTP software is build from the zipped bundles using GTP software. Hence to modify the code of GridFTP first unzip the bundle on which the changes are required to be made, then make the modifications, and then zip back the bundle and use GTP to build the modified zipped bundle.
For example when i needed to modify server/globus_io-4.0/library/globus_io_read.c, i did the following:
> rm globus_data_management_client_src_bundle-2.4.0.tar.gz
> cd globus_data_management_client_src_bundle-2.4.0/globus_io-4.0/library/
Make the necessary changes to globus_io_read.c.
> cd ../../..
> tar -zcvf globus_data_management_client_src_bundle-2.4.0 globus_data_management_client_src_bundle-2.4.0.tar.gz
Then I uninstalled the previously installed GridFTP software, and used GPT to build GridFTP with the new modified globus_data_management_client_src_bundle-2.4.0.tar.gz bundle.
In order to uninstall GridFTP delete the contents of the following folders:
I came across a few specific error messages while trying to install or run GridFTP. Some error messages are specific to specific mistakes. Please have a look at my tips for handling some common mistakes that cause specific error massages.