Improved Globus Endpoint Setup

Overview

Several aspects of my previous article on a “Quick Globus Endpoint Setup” are now deprecated.

Thus, the following quick procedure has been tested on CentOS/RHEL 7.x with success.

PLEASE NOTE: It is important to install “yum-plugin-priorities” so that the myproxy-server compatible setup/version is installed to work in-concert with Globus. If you install myproxy-server from the standard CentOS/RHEL repository, you ARE going to run into trouble!

Procedure

  1. Install repo and import GPG key:
    curl -LOs http://toolkit.globus.org/ftppub/globus-connect-server/globus-connect-server-repo-latest.noarch.rpm
    rpm --import http://www.globus.org/ftppub/globus-connect-server/RPM-GPG-KEY-Globus
  2. Install Globus packages:
    yum install globus-connect-server-repo-latest.noarch.rpm
    yum install yum-plugin-priorities
    yum install globus-connect-server
  3. Assuming you already have a Globus account, sign-in and go to “Manage Data→Manage Ednpoints→Add Endpoint”. Create your endpoint and assign it a name.
  4. Edit the file – ‘/etc/globus-connect-server.conf’. Change as follows:
    [Endpoint]
    Name = myendpointname
    Public = True
  5. Now run:
    globus-connect-server-setup
  6. When prompted, enter your Globus/Globus-ID account username and password. This will start the “myproxy-server” daemon.
  7. From the step above, you will get something like the following (copy everything to the right of the “DN:”, you will need it to activate):
    CA DN: /C=US/O=Globus Consortium/OU=Globus Connect Service/CN=555678c1c-eeea-11e4-ab4a-212334566ec
  8. Start the following services:
    /etc/init.d/globus-gridftp-server start
    /etc/init.d/globus-gridftp-sshftp start
  9. Make sure you open the necessary firewall ports to allow Globus to connect. An example using iptables:
    iptables -I INPUT 2 -p tcp --dport 7512 -j ACCEPT
    iptables -I INPUT 2 -p tcp --dport 2811 -j ACCEPT
    iptables -I INPUT 2 -p tcp --dport 50000:51000 -j ACCEPT
    iptables -I INPUT 2 -p tcp --dport 5001 -j ACCEPT
    /etc/init.d/iptables save
  10. Go back to your Globus account, find the endpoint you created previously and click it to expand the entry. The click “Server” and enter the “CA DN” value you recorded from the proxy start above into the box labeled “Subject DN”. For example:
    globus screen
  11. Save your changes from the last step, and then click “Activate”
  12. Assuming all goes well, click “Transfer Files” to test it out

Cleanup/Upgrade

To cleanup an old version of Globus either for removal or upgrade, perform the following:

globus-connect-server-cleanup
yum remove \*globus\*
yum remove \*myproxy\*
rm /etc/globus-connect-server.conf
rm -rf /etc/grid-security
rm -rf /var/lib/globus-connect-server
rm -f /etc/gridftp.conf

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.