NorduGrid client installation instructions

This is a short client installation description. For more detailed instructions, please consult the relevant sections of the NorduGrid User Manual.

Pre-requisite: You are logged into a Linux 2.x machine (RH6.2 and above, Mandrake 8.x and above, Debian 3.0, SuSE 8.1 and above, Fedora Core 1 have all been tested). NB! Your host name must be set properly, i.e., it must resolve to a proper IP address.

Option 1:

Installing the standalone client locally (as non-root user)

The NorduGrid standalone client contains the required Globus components and does all the necessary initial configuration and setup.

Below, the numbers in brackets "< >" should be substituted with the actual version numbers depending on the distribution you downloaded.

Installation procedure:

1. Get the pre-compiled standalone binary tarball from the NorduGrid Downloads area: use the "Quick start" button and select your platform.
2. Put the tarball in a directory of your choice and execute tar xvzf nordugrid-standalone-<x.y.z>.tgz This will create a new directory nordugrid-standalone-<x.y.z> and the tarball can hereafter safely be removed.
3. enter the NorduGrid directory: cd nordugrid-standalone-<x.y.z>
4. Setup the environment by executing one of the following:
   for bash or zsh: source setup.sh for csh or tcsh: source setup.csh for ksh or any other shell where the source command is not defined: . ./setup.sh Upon first execution, this will print a lot of informational output. Make sure there are no "error" or "failure" messages. Always use the source command or ., because the setup script has to affect variables in your current shell!
5. Make sure you have a personal Globus certificate (typically located at $HOME/.globus/usercert.pem) and a private key ($HOME/.globus/userkey.pem). If you do not have such, you must contact your local Certificate Autority (CA). If you are a resident of a Nordic country (Denmark, Finland, Norway, Iceland or Sweden), you can generate the key and request the certificate using the following tool: grid-cert-request -int -ca DO NOT run grid-cert-request without the -int flag, as it will cause failure. NorduGrid standalone distribution is designed to request only NorduGrid certificates, which requires interactive request procedure. If you want to request a certificate from another country authority, contact them about the procedure.
   Normally, you can only request a NorduGrid certificate using this installation. Although it is technically possible to request a certificate from any other CA, it is strongly advised to follow that CA procedures and NOT to use the NorduGrid distribution for this. IMPORTANT: The NorduGrid software is based on the Globus toolkit. This means that it uses PKI for authentication between clients and services. Hence you need the credentials of that certificate authority (CA) which signed, or will sign, your personal certificate. Also, you need the credentials of all the CAs which certified the services you want to use. For example, if your personal certificate is issued by a German CA, and you are going to access files in France, using CPUs in Sweden, you need the German, French and NorduGrid CA credentials. Many such credentials are included in the NorduGrid standalone client installation, under
   nordugrid-standalone-<x.y.z>/share/certificates.
   Most of important certificates are also available at the NorduGrid Downloads area (look for "CA certificates"). For more information about certificates and related things read "Grid Certificate Mini How-to".
6. Fire up your certificate with grid-proxy-init NB: The NorduGrid standalone installation is distributed with most known CA certificates. However, you should always check whether the certificate of your issuing authority is present, as well as those of the resources you intend to use. If any of these are absent, please take care to install missing certificates in nordugrid-standalone-<x.y.z>/share/certificates/.
7. For a quick check of your installation, issue an ngtest command: e.g.

   ngtest -t 7

8. Have fun on the Grid!

---

Option 2:

Installing the NorduGrid client from an RPM on a Linux 2.x box (with no prior Globus installation)

You are going to install pre-compiled Globus and NorduGrid binary RPMs. If you are not a system administrator, read our "RPM for everybody" guide.

Installation procedure:

You will need to install 5 packages:

• gpt
• globus
• nordugrid-client
• ca_NorduGrid or similar
• ca_NorduGrid-certrequest-config or similar If you are a resident of a Nordic country (Denmark, Finland, Iceland, Norway or Sweden), get ca_NorduGrid-certrequest-config. Otherwise, contact your local Certification Authority for certificate details.

The installation order and other instructions are presented below.

1. Install Globus (preferably the latest release) on your system by getting and installing the following RPMs in this order:
   1. Grid Packaging Tools (GPT)
   2. Globus Toolkit 2
   To do this, go to the NorduGrid Downloads area and under "External software" choose "gpt" and "globus".
2. Check that the variables GLOBUS_LOCATION, GPT_LOCATION are set according to your Globus installation: unless you forced installation in a specific location, the default locations should be /opt/globus and /opt/gpt respectively.
3. get and install the NorduGrid client binary RPM for your system (nordugrid-client-<x.y.z-1>.i386.rpm). It is available via the NorduGrid Downloads area, "NorduGrid middleware" section, "releases" or "tags" – "client" link.
4. Get and install the necessary Certificate Authority (CA) RPMs from the NorduGrid Downloads area, "CA certificates" section. You need the credentials of that certificate authority (CA) which signed or will sign your personal certificate. Also, you need the credentials of all the CAs which have certified the services you want to use. For example, if your personal certificate is issued by a German CA, and you are going to access files in France, using CPUs in Sweden, you need the German, French and NorduGrid CA credentials.
5. Login into your user account, or, if you are being logged in, type source /etc/profile.d/nordugrid.sh to setup the correct environment. If you are in a C-shell, use *.csh counterpart of the script above. If the source command is not defined in your shell, use . /etc/profile.d/nordugrid.sh Always use the source command or ., because the setup-scripts has to affect variables in your current shell!
6. Make sure you have a personal Globus certificate (typically located at $HOME/.globus/usercert.pem) and a private key ($HOME/.globus/userkey.pem). If you do not have such, you must contact your local Certificate Autority (CA). If you are a resident of a Nordic country (Denmark, Finland, Norway, Iceland or Sweden), download and install the configuration package from the NorduGrid Downloads area, "CA certificates" section, "certrequest-config". After doing this, generate the key and request the certificate with grid-cert-request -int -ca If you request a NorduGrid certificate, DO NOT run grid-cert-request without the -int flag, as it will cause failure. If you want to request a certificate from another country authority, contact them about the procedure. In general, it is always recommended to use the interactive procedure.
7. If you plan to use the Virtual Organisation Membership Service (VOMS), follow the instructions on VOMS installation and usage.
8. Fire up your certificate with grid-proxy-init or, if you installed VOMS clients, voms-proxy-init
9. For a quick check, issue an ngtest command: e.g. ngtest -t 7
10. Have fun on the Grid!

---

Option 3:

Installing the NorduGrid client as root on your Linux 2.x box on top of an existing Globus installation

You should preferably have the latest Globus Toolkit 2 ^(TM) version on your machine. The NorduGrid middleware has to be re-built against this Globus installation.

Build and installation procedure:

See also detailed instructions on how to build the NorduGrid ARC middleware.

1. Check that the variables GLOBUS_LOCATION, GPT_LOCATION are set according to your Globus installation: unless you forced installation in a specific location, default locations should be /opt/globus and /opt/gpt respectively.
2. Get from the NorduGrid Downloads area, "NorduGrid middleware" section, "releases" or "tags" – "source" the NorduGrid source RPM nordugrid-<x.y.z-1>.src.rpm and rebuild it: rpm --rebuild nordugrid-<x.y.z-1>.src.rpm Note: this will rebuild the entire NorduGrid middleware -- not only the client.
3. Install the created binary RPMs (for a client, you only need the nordugrid-client RPM)
4. Alternatively, you can grab a tarball containing the Nordugrid source-code nordugrid-<x.y.z>.tar.gz and follow the usual procedure: tar xvzf nordugrid-<x.y.z>.tar.gz
   cd nordugrid-<x.y.z>
   ./configure
   make
   make install WARNING: this will install the entire NorduGrid suite – not only the client.
5. Make sure you have a personal Globus certificate (typically located at $HOME/.globus/usercert.pem) and a private key ($HOME/.globus/userkey.pem). If you do not have such, you must contact your local Certificate Autority (CA). If you are a resident of a Nordic country (Denmark, Finland, Norway, Iceland or Sweden), download and install the configuration package from the NorduGrid Downloads area, "CA certificates" section, "certrequest-config". After doing this, generate the key and request the certificate with grid-cert-request -int -ca If you request a NorduGrid certificate, DO NOT run grid-cert-request without the -int flag, as it will cause failure. If you want to request a certificate from another country authority, contact them about the procedure. In general, it is always recommended to use the interactive procedure.
6. If you plan to use the Virtual Organisation Membership Service (VOMS), follow the instructions on VOMS installation and usage.
7. Fire up your certificate with grid-proxy-init or, if you installed VOMS clients, voms-proxy-init
8. For a quick check, issue an ngtest command: e.g. ngtest -t 7
9. Have fun on the Grid!