We want user jane to be able to run jobs from nodeA on nodeB that involve transferring files to and from nodeA and nodeB. For example we may want to stage input files for a job from nodeA to nodeB, then when the job is completed we may want to move output files from nodeB back to nodeA.

In order for this to work we need to run a globus-gridftp-server on nodeA so that the RFT service and move the files automatically as part of the GRAM WS request.

The easiest way to enable the server on nodeA is to run it as root (though it could be run as user jane). In order to run the server on nodeA as root we need to have host credentials for nodeA.

As the root user on nodeA we begin by requesting a host certificate:

[root@nodeA ~]# export GLOBUS_LOCATION=/opt/globus-4.0.1
[root@nodeA ~]# source $GLOBUS_LOCATION/etc/globus-user-env.sh
[root@nodeA ~]# grid-cert-request -host nodea.ps.univa.com -dir $GLOBUS_LOCATION/etc
Generating a 1024 bit RSA private key
...................++++++
...........................++++++
writing new private key to '/root/hostkey.pem'

You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank. For some fields there will be a default value, If you enter '.', the field will be left blank.

Level 0 Organization [Grid]:Level 0 Organizational Unit [GlobusTest]:Name (e.g., John M. Smith) []:
A private host key and a certificate request has been generated with the subject:
/O=Grid/OU=GlobusTest/CN=host/nodea.ps.univa.com

The private key is stored in /opt/globus-4.0.1/hostkey.pem
The request is stored in /opt/globus-4.0.1/hostcert_request.pem

Please e-mail the request to the Test01 root@nodeb.ps.univa.com

You may use a command similar to the following:
cat /opt/globus-4.0.1/hostcert_request.pem | mail root@nodeb.ps.univa.com

Only use the above if this machine can send AND receive e-mail. if not, please mail using some other method.

Your certificate will be mailed to you within two working days. If you receive no response, contact Test01 at root@nodeb.ps.univa.com

Now go to nodeB and as the globus user copy the certificate request from nodeA to nodeB so that it can be signed:

[globus@nodeB simpleCA]$ scp root@nodea:/opt/globus-4.0.1/etc/hostcert_request.pem .
root@nodea's password:
hostcert_request.pem 100% 1319 1.3KB/s 00:00

Use the 'grid-ca-sign' command to sign the host request for nodeA. When prompted enter the password for the CA:

[globus@nodeB simpleCA]$ grid-ca-sign -in ./hostcert_request.pem -out ./hostcert.pem

To sign the request please enter the password for the CA key:

The new signed certificate is at: /home/globus/.globus/simpleCA//newcerts/03.pem

Copy the signed certificate into place back on nodeA:

[globus@nodeB simpleCA]$ scp hostcert.pem root@nodea:/opt/globus-4.0.1/etc/hostcert.pem
root@nodea's password:
hostcert.pem 100% 2518 2.5KB/s 00:00

Back on nodeA make sure that the permissions and ownership of the files is correct:

[root@nodeA ~]# ls -alh /opt/globus-4.0.1/etc/host*.pem
-rw-r--r-- 1 root root 2.5K Feb 23 13:38 /opt/globus-4.0.1/etc/hostcert.pem
-r-------- 1 root root 891 Feb 23 13:33 /opt/globus-4.0.1/etc/hostkey.pem

< Back Next >