0. enable edg or gums
vdt-control --enable edg-mkgridmap
vdt-control --on edg-mkgridmap
//The following command creates a gridmap-file, it actually contacts all the VOMS server and gets a list of DNs from the voms server
/opt/osg-1.0.1/edg/sbin/edg-mkgridmap >> /opt/osg-1.0.1/edg/log/edg-mkgridmap.log 2>&1
//see the conf file, and it has the conf used by edg-mkgridmap
cat opt/osg-1.0.1/edg/etc/edg-mkgridmap.conf
//see the content of grid-mapfile
/etc/grid-security/grid-mapfile
grid-proxy-init -cert /etc/grid-security/hostcert.pem -key /etc/grid-security/hostkey.pem Your identity: /DC=CN/DC=Grid/DC=SDG/CN=osg.cnic.cn Creating proxy ...................................................................... Done Your proxy is valid until: Fri Jul 3 08:53:43 2009
edg-mkgridmap that runs from crontab overwrote the gridmap file, now i have made permanent arrangements so that your and kaichaos certificate will work
1. add user to grid-map file
vi /etc/grid-security/grid-mapfile
"/DC=CN/DC=Grid/DC=SDG/CN=Zheng*** X** (zh***@***.cn)" zhx** (maybe same as account name as linux)
"/DC=CN/DC=Grid/DC=SDG/CN=Kai*** W* (w**@***)" k**ch**
notice that this file may be overwrited by crontab.
2. open the needed ports and make sure DNS is ok (notice reverse address resolution)
# service name of the above ports: smtp,http,globus-gatekeeper,gsiftp,webcache,postgres,5901(vnc=5900+1)
#GLOBUS_TCP_SOURCE_RANGE=49000,49150
#GLOBUS_TCP_PORT_RANGE=49000,49150 defined in "/opt/osg/vdt/etc/vdt-local-setup.sh"
#9618:condor collector
3. Enabling userkey
~zhxue/.globus/userkey.pem
~zhxue/.globus/usercert.pem
%chown -R zhxue:zhxue ~zhxue/.globus
%chmod 400 ~zhxue/.globus/userkey*
%chmod 644 ~zhxue/.globus/usercert.pem
4. simple test
Try out the following simple test:
1) Login to osg.cnic.cn using your own account
2) Run %source osg/setup.sh
This will add all the necessary environment variables to the path. This
is critical or none of the other commands will be found.
3) Run %grid-proxy-init
Type in the passwd of your certificate when prompted.
This command will instantiate a short lived (default 12 hrs) proxy
that will be sent to sites along with your job.
4) Run the following jobs on d229.csdb.cn
%globus-job-run d229.csdb.cn/jobmanager-fork /bin/hostname
%globus-job-run d229.csdb.cn/jobmanager-condor /usr/bin/whoami
The first command runs as a fork job, while the second submits it to a
condor batch system (currently on d229.csdb.cn the batch system has only
one node, but in practice this job could go to a worker node)
5) Run the following test jobs on everest.cigi.uiuc.edu (our gatekeeper)
%globus-job-run everest.cigi.uiuc.edu/jobmanager-fork /bin/hostname
%globus-job-run everest.cigi.uiuc.edu/jobmanager-pbs /bin/hostname
Here the first job will run as a fork job on the head node while the
second one will run on the worker node. The outputs will clearly show
the difference.
6) Uploading input data using gsiftp. Example
%globus-url-copy file:///home/k**ch**/gsiftp-test
gsiftp://d229.csdb.cn/cigi/data-grid/app/k**ch**/
% ls -l /cigi/data-grid/app/k**ch**/
(The globus-url-copy copies the data from your local filesystem to
remote site using the gsiftp protocol)
遇到的问题
更新cert后,grid-proxy-init
globus-job-run osg.cnic.cn/jobmanager-fork /bin/hostname
遇到code7的问题,只要在/etc/grid-security/g j加入如下行即可:
"/DC=org/DC=doegrids/OU=People/CN=Zhenghua Xue **不方便**" cigi
# "/DC=org/DC=doegrids/OU=People/CN=Zhenghua Xue **不方便**" zhxue ( 必须是cigi其他的都不对)
"/DC=org/DC=doegrids/OU=People/CN=Zhenghua Xue **不方便**" ( 必须是cigi其他的都不对)
参考如下: