NORDUGRID-MANUAL-19
replaces
NORDUGRID-MANUAL-3

ARC client installation instructions

These instructions are primarily valid for ARC 12.05 client tools (as in EMI 2 Matterhorn), but are also applicable for ARC 11.05 (as in EMI 1 Kebnekaise).

Download ~ Install ~ Configure ~ Use

Download

ARC client is distributed in many ways for a variety of platforms by several distributors:

	Linux (rpm, deb)	Linux (standalone)	MS Windows installer	Mac OS X	source tarball
NorduGrid
EMI						SL5, SL6 and Debian 6
EGI						SL5, SL6 and Debian 6

Pre-requisite: Grid CA certificates

Every Grid tool, including ARC client, requires installation of public certificates of Certificate Authorities (CA). In case you do not have such installed yet, obtain them from either of the following providers:

EGI
IGTF (original distributor)
NorduGrid repositories (many Linux systems)

These certificates are necessary to use international Grid infrastructures. Make sure your national CA certificates are always present. If your project makes use of own internal certificates, install them as well (contact your project support team for details). If there are some CAs that are banned by your local policies, make sure to remove their certificates from your computer.

Linux repositories

For Linux users with system administrator privileges, recommended installation method is via use of repositories. The reason for this is complex dependencies of packages, which are best handled by repositories. The following repositories are relevant:

For CA certificates (see also notes above):
- EGI IGTF release (recommended), or
- NorduGrid repositories (more Linux systems)
For certain external dependencies:
- EPEL repository (only needed for RedHat-based distributions)
For ARC middleware:
- EMI releases (so far SL5/SL6 Linux YUM, Debian 6 APT repositories), or
- UMD releases (recommended if you are an EGI site), or
- NorduGrid repositories (many Linux systems)

Linux binary tarballs (standalone)

Standalone packages so far exist only for ARC 11.05u2

For Linux users without privileges, NorduGrid provides pre-compiled standalone binary client packages, which can be obtained from the NorduGrid downloads site for a large number of systems.

Linux packages, source code

Although rpm- and deb-packages, as well as source tarballs, can be downloaded individually from repositories listed above, it is not recommended to attempt installation from these, unless you have suficient expertise and a very good reason not to use YUM, APT or standalone. Contact Grid support in case you need assistance in installing ARC client from source code or individual Linux packages.

Install

Upgrading from legacy client using Linux repositories

In case you have previously installed ARC client that provided ngsub, ngget, ngcp and other ng* tools, please remove it in order to avoid potential conflicts and confusion!

Metapackage nordugrid-arc-client-tools conveniently provides both legacy and new ARC client. If you need both, configure YUM or APT repository for ARC, EMI or EGI UMD, and execute: yum install nordugrid-arc-client-tools or apt-get install nordugrid-arc-client-tools depending on your system.

If you chose to upgrade nordugrid-arc-client package without removing it, always make sure you install also the following:

nordugrid-arc-plugins-globus - to work with GridFTP storage and production ARC systems
IGTF CA packages ca_policy_igtf-classic, ca_policy_igtf-mics and ca_policy_igtf-slcs, see below

Fresh installation from Linux repositories

Once you configured YUM or APT repository for ARC, EMI or EGI UMD, execute: yum install nordugrid-arc-client-tools or apt-get install nordugrid-arc-client-tools depending on your system.

Depending on version of the above metapackages, you may need to install IGTF CA certificates (some versions install them automatically). If you install IGTF CA certificates from a YUM repository (recommended), do

yum install ca_policy_igtf-classic ca_policy_igtf-mics ca_policy_igtf-slcs

NorduGrid repositories have these packages also for Debian and Ubuntu, albeit with a slightly different names (note absent underscores):

apt-get install ca-policy-igtf-classic ca-policy-igtf-mics ca-policy-igtf-slcs

From standalone tarball

Standalone packages so far exist only for ARC 11.05u2

Standalone tarball contains not just ARC client tools, but also a number of external tools, utilities and libraries needed for successful work on Grid. It also comes complete with the CA certificates. The list below outlines contents of the tarball:

ARC client
Some Globus tools (e.g. grid-cert-request)
VOMS client
LFC client
CA certificates by IGTF

Put the downloaded tarball in a directory of your choice and execute tar xvzf nordugrid-arc-standalone-<version->.tgz This will create a new directory nordugrid-arc-standalone-<version> and the tarball can hereafter safely be removed.

Enter the unpacked directory: cd nordugrid-arc-standalone-<version> and set up the environment by executing one of the following:
for bash or zsh: source setup.sh for csh or tcsh: source setup.csh for ksh or any other shell where the source command is not defined: . ./setup.sh Upon first execution, this will print a lot of informational output. Make sure there are no "error" or "failure" messages.

Configure

Each user must edit configuration file in: $HOME/.arc/client.conf Initial contents of this file can be copied from either the common configuration at /etc/arc/client.conf or from the template in <standalone-path>/etc/arc/client.conf depending whether you installed the client from Linux repositories or from the standalone tarball.

IMPORTANT! Always specify your Grid infrastructure entry point in [registry/<alias>] block (ARC 12.05) or defaultservices attribute of [common] block (ARC 11.05)!

Different Grid infrastructures or Virtual Organisations have different entry points, not known to ARC developers. Ask your local Grid expert what is the correct value in your case.

In ARC 12.05, Grid entry points are described in [registry/<alias>] blocks, one block per entry point. An example of a working block in ARC 12.05 is:

[registry/index2]
url = ldap://index2.nordugrid.org:2135/Mds-Vo-name=NorduGrid,o=grid
registryinterface = org.nordugrid.ldapegiis
default = yes

In ARC 11.05, Grid entry points are denoted with index prefix. An example of a working [common] block in ARC 11.05 is:

[common]
defaultservices=index:ARC0:ldap://index1.nordugrid.org:2135/Mds-Vo-name=NorduGrid,o=grid index:ARC0:ldap://index2.nordugrid.org:2135/Mds-Vo-name=NorduGrid,o=grid index:ARC0:ldap://index3.nordugrid.org:2135/Mds-Vo-name=NorduGrid,o=grid index:ARC0:ldap://index4.nordugrid.org:2135/Mds-Vo-name=NorduGrid,o=grid index:ARC0:ldap://index1.ndgf.org:2135/Mds-Vo-name=NDGF,o=grid index:ARC0:ldap://index2.ndgf.org:2135/Mds-Vo-name=NDGF,o=grid index:ARC0:ldap://arc-emi.grid.upjs.sk:2135/Mds-Vo-name=ARC-EMI,o=grid index:ARC1:http://asimov.grid.niif.hu:60002/isis computing:ARC1:https://knowarc1.grid.niif.hu:60000/arex computing:CREAM:ldap://cream.grid.upjs.sk:2170/o=grid computing:UNICORE:https://testbed5.grid.upjs.sk:8080/KnowARC-testbed/services/BESFactory?res=default_bes_factory

Please read the client manual for explanation of configuration options.

Use

Grid security, access

In order to use Grid client tools to access Grid services, you must be properly authorised. In brief, the following steps are necessary:

Obtain personal Grid certificate from your national Certificate Authority
Obtain membership in a relevant Virtual Organisation

Make sure you have a valid personal Grid certificate, typically located in $HOME/.globus/usercert.pem and a private key $HOME/.globus/userkey.pem

usercert.pem must be world-readable (Linux file access permissions 644), while userkey.pem must be readable only by the owner (mode 400).

Acceptable certificates are issued by the national Certificate Authorities (CA) endorsed by the International Grid Trust Federation (IGTF). In case you have no certificate, find your respective authority through the IGTF Web site and contact them for instructions on how to obtain the certificate.

For more information about certificates and related things read "Grid Certificate Mini How-to".

Every Virtual Organisation (VO) has own procedures and policies. Please contact your VO support team for membership instructions

Simple test tasks

Create Grid login - proxy certificate - with arcproxy

For a quick check of your installation, use arctest command: e.g. arctest -J 1 Allow for a couple of minutes for the job to find its place on the Grid, and check its status by using: arcstat -a Once status suggests the job has finished, do: arccat -a If everything works, you will see "hello, grid" message!

More information

The following documents are necessary for all ARC users:

XRSL manual explaining how to describe Grid jobs
ARC clients manual giving details of ARC CLI tools (closely follows man-pages)

ARC distribution also offers arcjobtool - a graphical interface for ARC, still in development, but offering most of the necessary functionality. Install it as: yum install arcjobtool or apt-get install arcjobtool depending on your system.

You can monitor your jobs via ARC Grid Monitor on the Web, if your infrastructure has this Monitor installed. See the Grid Monitor manual for more details.

User support

For questions, suggestions, feature requests and bug reports, use the Global Grid Support System.