简单测试环境的搭建
Nimbus(workspace.globus.org)是基于Globus()网格软件包GT中的java core(ws-core)组件而开发的IaaS平台软件。
这里为了搭建一个简单的环境,我们选取了三台机器:
|
Role |
Hostname |
IP |
OS |
User |
Software |
|
nimbus client |
wang135.hrwang.com |
172.20.86.135 |
RHEL5.2/CentOS5.2 |
nimbus |
jdk-1_5_0_17-linux nimbus-cloud-client-011.tar.gz |
|
nimbus server |
wang136.hrwang.com |
172.20.86.136 |
RHEL5.2/CentOS5.2 |
globus nimbus |
jdk-1_5_0_17-linux apache-ant- XML-Parser-2.36.tar.gz gt nimbus-TP2.2.tar.gz |
|
VMM |
cloud.jsgl.com |
172.20.86.174 |
RHEL5.2/CentOS5.2 |
globus |
dhcpd python2.3+ sudo ebtables-v nimbus-controls-TP2.2.tar.gz |
结合上面的结构图,wang135.hrwang.com可以当做cloud-client; wang136.hrwang.com可以当做Workspace Service+Repository; node可以当做VMMs。
下面以#开头的命令是root用户执行的,以$开头的命令是普通用户执行的。
首先确保,每台机器的/etc/hosts内容都如下:
172.20.86.135 wang135.hrwang.com wang135
172.20.86.136 wang136.hrwang.com wang136
172.20.86.169 cloud.jsgl.com cloud
另外将相应的用户在相应的机器上创建起来。
nimbus server进行安装部署
安装java和apache-ant,及XML-Parser
[root@wang136 opt]# pwd
/opt
[root@wang136 opt]# ./jdk-1_5_0_17-linux-amd64.bin 解压安装
[root@wang136 opt]# tar zxvf apache-ant-
[root@wang136 opt]# vi /etc/profile 在文件末添加环境变量
export ANT_HOME=/opt/apache-ant-
PATH=/opt/apache-ant-
JAVA_HOME=/opt/jdk
CLASSPATH=/opt/jdk
export PATH
export JAVA_HOME
export CLASSPATH
[root@wang136 opt]# source /etc/profile 生效环境变量
[root@wang136 opt]# java –version 验证
java version "
Java(TM) 2 Runtime Environment, Standard Edition (build
Java HotSpot(TM) 64-Bit Server VM (build
[root@wang136 opt]# ant -version
Apache Ant version
[root@wang136 opt]# tar zxvf XML-Parser-2.36.tar.gz 安这个包是为了以后装GRAM
[root@wang136 opt]# cd XML-Parser-2.36
[root@wang136 XML-Parser-2.36]# perl Makefile.PL
[root@wang136 XML-Parser-2.36]# make
[root@wang136 XML-Parser-2.36]# make install
安装GT
[root@wang136 ~]# useradd globus 创建globus用户
[root@wang136 ~]# passwd globus
[root@wang136 ~]# mkdir /usr/local/globus-
[root@wang136 ~]# chown -R globus:globus /usr/local/globus-
[root@wang136 ~]# cd /opt/ 软件放在opt目录下
[root@wang136 opt]# tar jxvf gt
[root@wang136 opt]# chown -R globus:globus gt
切换到globus登陆的终端
[globus@wang136 gt
/opt/gt
[globus@wang136 gt
[globus@wang136 gt
[globus@wang136 gt
[globus@wang136 gt
创建配置证书
创建CA
使用globus用户执行下面的操作
[globus@wang136 gt
[globus@wang136 globus-
将下面这行添加到/home/globus/.bash_profile的末尾:
source /usr/local/globus-
[globus@wang136 globus-
WARNING: GPT_LOCATION not set, assuming:
GPT_LOCATION=/usr/local/globus-
C e r t i f i c a t e A u t h o r i t y S e t u p
This script will setup a Certificate Authority for signing Globus
users certificates. It will also generate a simple CA package
that can be distributed to the users of the CA.
The CA information about the certificates it distributes will
be kept in:
/home/globus/.globus/simpleCA/
The unique subject name for this CA is:
cn=Globus Simple CA, ou=simpleCA-wang136.hrwang.com, ou=GlobusTest, o=Grid
Do you want to keep this as the CA subject (y/n) [y]:y
Enter the email of the CA (this is the email where certificate
requests will be sent to be signed by the CA):wanghongrui@ceopen.cn
The CA certificate has an expiration date. Keep in mind that
once the CA certificate has expired, all the certificates
signed by that CA become invalid. A CA should regenerate
the CA certificate and start re-issuing ca-setup packages
before the actual CA certificate expires. This can be done
by re-running this setup script. Enter the number of DAYS
the CA certificate should last before it expires.
[default: 5 years (1825 days)]:
Enter PEM pass phrase:
Verifying - Enter PEM pass phrase:
creating CA config package...done.
A self-signed certificate has been generated
for the Certificate Authority with the subject:
/O=Grid/OU=GlobusTest/OU=simpleCA-wang136.hrwang.com/CN=Globus Simple CA
If this is invalid, rerun this script
./setup/globus/setup-simple-ca
and enter the appropriate fields.
-------------------------------------------------------------------
The private key of the CA is stored in /home/globus/.globus/simpleCA//private/cakey.pem
The public CA certificate is stored in /home/globus/.globus/simpleCA//cacert.pem
The distribution package built for this CA is stored in
/home/globus/.globus/simpleCA//globus_simple_ca_
This file must be distributed to any host wishing to request
certificates from this CA.
CA setup complete.
The following commands will now be run to setup the security
configuration files for this CA:
$GLOBUS_LOCATION/sbin/gpt-build /home/globus/.globus/simpleCA//globus_simple_ca_
$GLOBUS_LOCATION/sbin/gpt-postinstall
-------------------------------------------------------------------
setup-ssl-utils: Configuring ssl-utils package
Running setup-ssl-utils-sh-scripts...
***************************************************************************
Note: To complete setup of the GSI software you need to run the
following script as root to configure your security configuration
directory:
/usr/local/globus-
For further information on using the setup-gsi script, use the -help
option. The -default option sets this security configuration to be
the default, and -nonroot can be used on systems where root access is
not available.
***************************************************************************
setup-ssl-utils: Complete
注1: 上面选择的都是默认答案,只有邮箱和密码根据情况填写。
)配置CA
使用root执行:
[root@wang136 opt]# export GLOBUS_LOCATION=/usr/local/globus-
[root@wang136 opt]# /usr/local/globus-
setup-gsi: Configuring GSI security
Making /etc/grid-security...
mkdir /etc/grid-security
Making trusted certs directory: /etc/grid-security/certificates/
mkdir /etc/grid-security/certificates/
Installing /etc/grid-security/certificates//grid-security.conf
Running grid-security-config...
Installing
Installing
setup-gsi: Complete