Lab Exercise: Getting Started

Purpose:

This lab will:

  1. Verify Network Connectivity
  2. Setup Environment
  3. Initialize a Proxy Certificate
  4. Sample .bash_profile  snippet

Verify Network Connectivity

  1. Network connectivity with the LSC DataGrid server should be verified at this point.  This will be done by simply issuing a ping command. 
$ ping ldas-grid.ligo-la.caltech.edu

PING ldas-grid.ligo-la.caltech.edu (130.39.245.243) 56(84) bytes of data.
From lsubr-laNoc.LEARN.la.net (162.75.0.10) icmp_seq=6 Packet filtered
From lsubr-laNoc.LEARN.la.net (162.75.0.10) icmp_seq=9 Packet filtered
From lsubr-laNoc.LEARN.la.net (162.75.0.10) icmp_seq=10 Packet filtered
From lsubr-laNoc.LEARN.la.net (162.75.0.10) icmp_seq=12 Packet filtered

If you are seeing this output, type Ctrl-C to terminate ping.


Setup Environment

  1. This lab defines <LDG Home Directory> as the directory location of the LSC client software.  For example, if the software was installed according to the instructions found at http://www.lsc-group.phys.uwm.edu/lscdatagrid/doc/installclient.html  then <LDG Home Directory> would be /home/<userid>/ldg-3.0

Check to see if your environment is set up correctly.  We will do this by simply checking to see if the $GLOBUS_LOCATION environment variable is set.

$ echo $GLOBUS_LOCATION

/home/<userid>/ldg-3.0/globus

If the value is NOT already set, or you do not have a value echoed to the screen, perform the following setup script.  If the LSC DataGrid Client software was installed to a location other than ~/ldg-3.0, adjust this command accordingly:

$ source ~/ldg-3.0/setup.sh
 

 

Initialize Proxy Certificate

  1. The next set will be to check security and generate a proxy certificate.  You should already have generated a user certificate and stored that certificate in the correct location as part of the install of the client toolkit (hint:  ~/.globus/usercert.pem and ~/.globus/userkey.pem). 

A valid proxy certificate is required in order to use the various grid-related software tools and utilities.  Proxy certificates are generated from user certificates using the grid-proxy-init command.

This following command will generate such a proxy.  The -verify option will check to make sure the your user certificate is valid and that security is set up correctly on the client machine. 

When prompted, enter your passphrase for your user certificate.

$ grid-proxy-init -debug -verify

User Cert File: /home/mfreemon/.globus/usercert.pem
User Key File: /home/mfreemon/.globus/userkey.pem

Trusted CA Cert Dir: /home/mfreemon/ldg-3.0//globus/TRUSTED_CA

Output File: /tmp/x509up_u502
Your identity: /C=US/O=National Center for Supercomputing Applications/CN=Mike Freemon

Enter GRID pass phrase for this identity:

Creating proxy ..++++++++++++
....++++++++++++
Done
Proxy Verify OK
Your proxy is valid until: Wed Nov 24 03:03:10 2004
$
  1. There may be occasions when you have trouble SSHing into a server, and the debug messages from ssh -vvv don't help much.  In cases like this (such as clock synchronization problems between the client and server machines), it is helpful to be able to see the entire proxy certificate.  Paradoxically, the  -all option will not do this.  Use the -text option as follows:
$ grid-proxy-info -text

Certificate:
Data:
Version: 3 (0x2)
Serial Number: 746 (0x2ea)
Signature Algorithm: md5WithRSAEncryption
Issuer: C=US, O=National Center for Supercomputing Applications, CN=Mike Freemon
Validity
Not Before: Feb 25 19:03:57 2005 GMT
Not After : Feb 26 07:08:57 2005 GMT
Subject: C=US, O=National Center for Supercomputing Applications, CN=Mike Freemon, CN=proxy
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public Key: (512 bit)
Modulus (512 bit):
00:ae:f5:fb:7d:79:fb:a0:15:16:78:d2:ee:9d:b1:
e1:8d:0d:bb:06:a0:1e:c5:48:ff:d8:6e:b7:b5:bd:
e7:9e:2c:c3:0a:f3:83:24:6b:c7:9f:e3:f8:58:b4:
36:ce:27:66:26:6a:f5:0b:7f:4e:40:0b:51:4f:1b:
cb:58:f6:1f:d9
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Key Usage: critical
Digital Signature, Key Encipherment, Data Encipherment
Signature Algorithm: md5WithRSAEncryption
3e:dc:b8:9a:f6:ad:b3:d7:04:09:1b:16:3f:ed:19:38:44:e7:
b0:86:21:8d:36:49:f6:00:be:7b:ac:56:92:db:4f:16:51:fa:
fe:44:c4:ba:8a:13:a5:c3:49:31:b2:a7:52:ee:d7:b1:53:66:
20:1b:37:6f:93:d4:44:e0:df:2f:44:a2:4e:6a:38:c3:8c:c8:
b5:53:8a:e2:2c:b3:e9:06:f8:92:65:3f:a9:59:2b:4b:bc:41:
ef:99:c6:ae:25:1f:e2:e7:47:20:b3:c2:9c:3e:72:01:49:3b:
2f:7a:2a:e9:81:44:14:bc:16:7d:97:d6:72:4d:df:30:92:81:
ab:95:3e:ab:b5:eb:fb:36:53:4d:57:79:05:06:f4:dc:b9:d4:
21:aa:a1:d8:00:78:c0:3e:55:63:14:d3:23:ad:55:32:66:05:
33:3f:bb:a4:ec:76:04:0d:e0:a1:b2:f7:40:50:43:e9:84:1b:
da:6b:98:2f:5e:ff:4c:72:3f:16:c0:ce:59:3e:79:8c:e6:57:
23:f2:fb:41:b9:21:93:88:46:b9:bc:d3:77:17:cb:f7:9d:13:
c3:f1:b5:28:9a:4c:8c:3c:21:e6:51:19:15:15:47:97:f9:c0:
ea:e2:db:84:57:21:65:06:b3:0f:7b:de:04:33:35:67:f2:2c:
67:ff:f4:98
$

Notice, for example, the validity fields.  These fields indicate, in absolute terms, the timestamp range for which this certificate is valid.

 

Sample .bash_profile Snippet

  1. As a convenience, you may want to add these commands to your  ~/.bash_profile

Here is an example snippet:


# set environment variables

. ~/ldg-3.0/setup.sh

# initialize grid proxy?

echo -n "Would you like to grid-proxy-init (y/n)? "
read ANSWER
echo

if [ "$ANSWER" = "y" ] || [ "$ANSWER" = "Y" ]
then
    grid-proxy-init
fi
grid-proxy-info

You should now be ready to run the client toolkit software on your client machine.