Document 181833

Convert the public key of your certificate to the pem-format:
3.4 File Transfer
openssl pkcs12 -in cert yourname.p12 -out usercert.pem
-clcerts -nokeys
To transfer files to a Globus server:
Copy the keys to a .globus directory in your home directory:
mkdir -p $HOME/.globus
mv userkey.pem usercert.pem $HOME/.globus/
Protect your certificate files:
chmod -c 700 $HOME/.globus
chmod -c 600 $HOME/.globus/user*
Obtain and include CA certificates:
mkdir -p $HOME/.globus/certificates
cd $HOME/.globus/certificates
wget http://www.eugridpma.info/distribution/igtf/current/
accredited/igtf-preinstalled-bundle-classic.tar.gz
tar xvzf igtf-preinstalled-bundle-classic.tar.gz
gsiscp -P 2222 local file servername:
To fetch files from a Globus server:
gsiscp -P 2222 servername:remote file .
Alternatives and more examples:
3.5 Other Possibilties
Use the Java-based tool GSISSH-Term (preparation step
3.1 is also required):
http://www.grid.lrz.de/de/mware/globus/client/gsissh term.html
3.2 Environment (for each session)
Set your environment variables:
4.1 Grid Certificate
export GLOBUS LOCATION=/var/adm/acount/gt/4.0.8
Before your Grid certifacte expires you receive an e-mail
from DFN. To obtain a new certifacte, visit again the DFN
Grid CA page of the University of Heidelberg and create a
new request with exactly the same e-mail, name and institution (first 3 entries) as for your old certificate. Print
the request, sign it and send it to the URZ Infoservice. You
do not need to come in person. Wait for the e-mail with your
new certifcate and install it in your browser.
export GLOBUS LOCATION=/opt/system/gt/4.0.8
(for bwgrid.uni-heidelberg.de)
source $GLOBUS LOCATION/etc/globus-user-env.sh
Create a grid-proxy-certificate:
grid-proxy-init
The grid-proxy-certificate expires after 12 hours. To inquire
an existing grid-proxy-certificate:
grid-proxy-info
• a DFN Grid certificate,
gsissh -p 2222 servername
bwGRiD compute resources:
Stuttgart:
gridway.dgrid.hlrs.de
Ulm(Konstanz):
koios.rz.uni-ulm.de
Mannheim/Heidelberg:
gtbw.grid.uni-mannheim.de
Tubingen:
gt4.uni-tuebingen.de
¨
Freiburg:
globus.bfg.uni-freiburg.de
Karlsruhe:
sccbwgrid1.fzk.de
Esslingen:
grid01.hs-esslingen.de
bwGRiD central storage:
Karlsruhe:
bwgrid-se.scc.kit.edu
• a membership in the VO bwGRiD and
• a middleware client.
Frankfurt
4.2 VO Membership
Before your VO membership expires you will receive an email from VOMRS. Follow the link in the e-mail and resign
the use policy.
3.3 Connection
To connect to a Globus toolkit server:
How to access bwGRiD
In order to access bwGRiD resources with a Grid account,
you need
4. Renewal
(for kde04/kde05.urz.uni-heidelberg.de) or
Heidelberg University
http://www.bw-grid.de/
allgemeine-informationen/standorte/storage/
Mannheim
(interconnected
to a single cluster)
Heidelberg
Further Information
Karlsruhe
DFN: http://www.pki.dfn.de/
Stuttgart
Esslingen
bwGRiD: http://www.bw-grid.de/
D-Grid: http://www.d-grid.de/
Tübingen
Ulm
(joint cluster
with Konstanz)
Grid User Support: http://helpdesk.ngi-de.eu/
Globus Alliance: http://www.globus.org/
Freiburg
S. Richling
[email protected]
September 27, 2010
München
1. DFN Grid certificate
A certificate is like a digital ID card. For bwGRiD you need
a special user certificate of security level ”Grid”. The procedure to obtain a Grid certificate is described in detail on this
page:
http://www.urz.uni-heidelberg.de/security/nutzer/gridzert.html
1.1 Prepare your web browser
Set a master password in your web browser to protect your
certificates (Firefox: Edit → Preferences → Security → Use
a master password).
1.3 Identify yourself
Print the request, fill in the missing data and bring it along
with your identity card to the URZ Infoservice, Im Neuenheimer Feld 293, Room 015.
1.4 Install certificate
Wait for an e-mail from DFN and install the certificate in your
web browser as explained in the e-mail. You have to use the
same web browser in which you created the request.
2. Membership in the VO bwGRiD
1.2 Create a request
Go to the DFN Grid CA page of the University of Heidelberg:
https://pki.pca.dfn.de/grid-user-ca/cgi-bin/pub/
pki?cmd=getStaticPage&name=index&RA ID=143
If the Grid certificate is installed in your web browser, you
can apply for a membership in the Virtual Organization (VO)
bwGRiD. Go to the D-Grid page
Viewing the list select the VO ”bwgrid” and click on the arrow in the column ”Member Registration”. The registration
proceeds in two phases:
Click to ”Registration (Phase I)” and fill in the form with the
same data you used for the certificate. At ”Select Representative” you can choose: Rolf Bogus, Sabine Richling or
Steffen Hau. Submit your application and wait for an e-mail
from VOMRS (Virtual Organization Membership Registration Service).
Follow the link in this e-mail and apply for a membership in the Root-VO ”/bwgrid” and the Sub-VO ”/bwgrid/uniheidelberg”. Do not select any other Sub-VO! Read
and accept the use policy. After that your representative will
contact you. Finally, you will receive an e-mail confirming
your membership in ”/bwgrid” and a second e-mail indicating
that your were added to the group ”/bwgrid/uniheidelberg”.
http://www.d-grid.de/index.php?id=246
3. Middleware client
Grid access is now possible via a so-called Grid middleware.
In the first instance, the bwGRiD clusters will provide the Grid middleware Globus Toolkit
4.
Download the recommended version 4.0.8 from
http://www.globus.org/toolkit/downloads and install at least
the Globus Toolkit client commands on your own computer.
click to “Nutzerzertifikat” and fill in all required data.
Alternatively, you can use the Globus Toolkit installation on
the Linux servers (URZ account required)
and click the link to the list with the available VOs. Now you
have to authenticate with your certificate and confirm this
several times.
kde04.urz.uni-heidelberg.de
kde05.urz.uni-heidelberg.de
or on the local frontend server of the bwGRiD cluster in Heidelberg (URZ account and bwGRiD activation required)
bwgrid.uni-heidelberg.de
(see module help system/gt/4.0.8 for online information)
From there, bwGRiD resources can be accessed the following way:
3.1 Preparations (one-time actions)
Export your PKCS12 certificate from your browser. You will
get a file named cert yourname.p12 for instance. Take care
of this file and save it on a secure place. Copy it to a Linux
server or to the frontend server.
Convert the private key of your certificate to the pem-format:
Click to “Weiter” and send the request.
openssl pkcs12 -in cert yourname.p12 -out userkey.pem
-nocerts