Convert the public key of your certificate to the pem-format: 3.4 File Transfer openssl pkcs12 -in cert yourname.p12 -out usercert.pem -clcerts -nokeys To transfer files to a Globus server: Copy the keys to a .globus directory in your home directory: mkdir -p $HOME/.globus mv userkey.pem usercert.pem $HOME/.globus/ Protect your certificate files: chmod -c 700 $HOME/.globus chmod -c 600 $HOME/.globus/user* Obtain and include CA certificates: mkdir -p $HOME/.globus/certificates cd $HOME/.globus/certificates wget http://www.eugridpma.info/distribution/igtf/current/ accredited/igtf-preinstalled-bundle-classic.tar.gz tar xvzf igtf-preinstalled-bundle-classic.tar.gz gsiscp -P 2222 local file servername: To fetch files from a Globus server: gsiscp -P 2222 servername:remote file . Alternatives and more examples: 3.5 Other Possibilties Use the Java-based tool GSISSH-Term (preparation step 3.1 is also required): http://www.grid.lrz.de/de/mware/globus/client/gsissh term.html 3.2 Environment (for each session) Set your environment variables: 4.1 Grid Certificate export GLOBUS LOCATION=/var/adm/acount/gt/4.0.8 Before your Grid certifacte expires you receive an e-mail from DFN. To obtain a new certifacte, visit again the DFN Grid CA page of the University of Heidelberg and create a new request with exactly the same e-mail, name and institution (first 3 entries) as for your old certificate. Print the request, sign it and send it to the URZ Infoservice. You do not need to come in person. Wait for the e-mail with your new certifcate and install it in your browser. export GLOBUS LOCATION=/opt/system/gt/4.0.8 (for bwgrid.uni-heidelberg.de) source $GLOBUS LOCATION/etc/globus-user-env.sh Create a grid-proxy-certificate: grid-proxy-init The grid-proxy-certificate expires after 12 hours. To inquire an existing grid-proxy-certificate: grid-proxy-info • a DFN Grid certificate, gsissh -p 2222 servername bwGRiD compute resources: Stuttgart: gridway.dgrid.hlrs.de Ulm(Konstanz): koios.rz.uni-ulm.de Mannheim/Heidelberg: gtbw.grid.uni-mannheim.de Tubingen: gt4.uni-tuebingen.de ¨ Freiburg: globus.bfg.uni-freiburg.de Karlsruhe: sccbwgrid1.fzk.de Esslingen: grid01.hs-esslingen.de bwGRiD central storage: Karlsruhe: bwgrid-se.scc.kit.edu • a membership in the VO bwGRiD and • a middleware client. Frankfurt 4.2 VO Membership Before your VO membership expires you will receive an email from VOMRS. Follow the link in the e-mail and resign the use policy. 3.3 Connection To connect to a Globus toolkit server: How to access bwGRiD In order to access bwGRiD resources with a Grid account, you need 4. Renewal (for kde04/kde05.urz.uni-heidelberg.de) or Heidelberg University http://www.bw-grid.de/ allgemeine-informationen/standorte/storage/ Mannheim (interconnected to a single cluster) Heidelberg Further Information Karlsruhe DFN: http://www.pki.dfn.de/ Stuttgart Esslingen bwGRiD: http://www.bw-grid.de/ D-Grid: http://www.d-grid.de/ Tübingen Ulm (joint cluster with Konstanz) Grid User Support: http://helpdesk.ngi-de.eu/ Globus Alliance: http://www.globus.org/ Freiburg S. Richling [email protected] September 27, 2010 München 1. DFN Grid certificate A certificate is like a digital ID card. For bwGRiD you need a special user certificate of security level ”Grid”. The procedure to obtain a Grid certificate is described in detail on this page: http://www.urz.uni-heidelberg.de/security/nutzer/gridzert.html 1.1 Prepare your web browser Set a master password in your web browser to protect your certificates (Firefox: Edit → Preferences → Security → Use a master password). 1.3 Identify yourself Print the request, fill in the missing data and bring it along with your identity card to the URZ Infoservice, Im Neuenheimer Feld 293, Room 015. 1.4 Install certificate Wait for an e-mail from DFN and install the certificate in your web browser as explained in the e-mail. You have to use the same web browser in which you created the request. 2. Membership in the VO bwGRiD 1.2 Create a request Go to the DFN Grid CA page of the University of Heidelberg: https://pki.pca.dfn.de/grid-user-ca/cgi-bin/pub/ pki?cmd=getStaticPage&name=index&RA ID=143 If the Grid certificate is installed in your web browser, you can apply for a membership in the Virtual Organization (VO) bwGRiD. Go to the D-Grid page Viewing the list select the VO ”bwgrid” and click on the arrow in the column ”Member Registration”. The registration proceeds in two phases: Click to ”Registration (Phase I)” and fill in the form with the same data you used for the certificate. At ”Select Representative” you can choose: Rolf Bogus, Sabine Richling or Steffen Hau. Submit your application and wait for an e-mail from VOMRS (Virtual Organization Membership Registration Service). Follow the link in this e-mail and apply for a membership in the Root-VO ”/bwgrid” and the Sub-VO ”/bwgrid/uniheidelberg”. Do not select any other Sub-VO! Read and accept the use policy. After that your representative will contact you. Finally, you will receive an e-mail confirming your membership in ”/bwgrid” and a second e-mail indicating that your were added to the group ”/bwgrid/uniheidelberg”. http://www.d-grid.de/index.php?id=246 3. Middleware client Grid access is now possible via a so-called Grid middleware. In the first instance, the bwGRiD clusters will provide the Grid middleware Globus Toolkit 4. Download the recommended version 4.0.8 from http://www.globus.org/toolkit/downloads and install at least the Globus Toolkit client commands on your own computer. click to “Nutzerzertifikat” and fill in all required data. Alternatively, you can use the Globus Toolkit installation on the Linux servers (URZ account required) and click the link to the list with the available VOs. Now you have to authenticate with your certificate and confirm this several times. kde04.urz.uni-heidelberg.de kde05.urz.uni-heidelberg.de or on the local frontend server of the bwGRiD cluster in Heidelberg (URZ account and bwGRiD activation required) bwgrid.uni-heidelberg.de (see module help system/gt/4.0.8 for online information) From there, bwGRiD resources can be accessed the following way: 3.1 Preparations (one-time actions) Export your PKCS12 certificate from your browser. You will get a file named cert yourname.p12 for instance. Take care of this file and save it on a secure place. Copy it to a Linux server or to the frontend server. Convert the private key of your certificate to the pem-format: Click to “Weiter” and send the request. openssl pkcs12 -in cert yourname.p12 -out userkey.pem -nocerts
© Copyright 2024