The CE is installed on our grid node, grow-grid.its.uiowa.edu.
[root@grow-prod dsquires]# vi /etc/sudoers
Cmnd_Alias SRM_CMD = /bin/rm, /bin/mkdir, /bin/rmdir, /bin/mv, /bin/cp, /bin/ls Runas_Alias SRM_USR = ALL, !root bestman ALL=(SRM_USR) NOPASSWD: SRM_CMD
Then proagate sudoers to all other nodes by running:
[root@grow-prod dsquires]# ssh-agent $SHELL
[root@grow-prod dsquires]# ssh-add
Identity added: /root/.ssh/id_rsa (/root/.ssh/id_rsa)
[root@grow-prod dsquires]# rocks sync users
[root@grow-prod dsquires]# rocks sync config
The SE will need both a host certificate, and a bestman certificate. Instructions to obtain these are below.
We have the CE and SE on the same nodes so the first steps have already been completed, if following this tutorial and you have already installed the CE, skip to here to begin, therwise follow from the beginning.
[root@grow-grid ~]# cd /etc/yum.repos.d [root@grow-grid yum.repos.d]# rpm -Uvh http://dl.fedoraproject.org/pub/epel/5/i386/epel-release-5-4.noarch.rpm
[root@grow-grid yum.repos.d]# yum install yum-priorities
Add the following line to /etc/yum.conf in the “Main” section.
[root@grow-grid yum.repos.d]# vi /etc/yum.conf
plugins=1
[root@grow-grid yum.repos.d]# rpm -Uvh http://repo.grid.iu.edu/osg-el5-release-latest.rpm
[root@grow-grid yum.repos.d]# yum install osg-ca-certs
[root@grow-grid yum.repos.d]# yum install osg-se-bestman
We use gridmap for authentication instead of GUMS.
Generate a gridmap file manually.
[root@grow-grid ~]# edg-mkgridmap
Enable gridmap to run.
[root@grow-grid ~]# /sbin/service edg-mkgridmap start [root@grow-grid ~]# /sbin/chkconfig edg-mkgridmap on
Change some settings for bestman.
[root@grow-grid ~]# vi /etc/bestman2/conf/bestman2.rc
Make sure these settings are as follows.
localPathListAllowed=/tmp;/data CertFileName=/etc/grid-security/bestman/bestmancert.pem KeyFileName=/etc/grid-security/bestman/bestmankey.pem GridMapFileName=/etc/grid-security/grid-mapfile
[root@grow-grid ~]# vi /etc/sysconfig/bestman2Change the BESTMAN_GUMS_ENABLED flag to no if it is set to yes and make sure it is not commented out.
BESTMAN_GUMS_ENABLED=no
[root@grow-prod ~]# vi /etc/sudoersModify /etc/sudoers by comment the following line and adding the last three lines to the end of the file.
#Defaults requiretty Cmnd_Alias SRM_CMD = /bin/rm, /bin/mkdir, /bin/rmdir, /bin/mv, /bin/cp, /bin/ls Runas_Alias SRM_USR = ALL, !root bestman ALL=(SRM_USR) NOPASSWD: SRM_CMD
This Dokuwiki page is maintained by:
Daniel Squires
University of Iowa
Department of Computer Science
Email: daniel-squires@uiowa.edu