Tuesday, March 25, 2008

Globus on EC2

As I mentioned in the roadmap, I am evaluating alternatives in providing Weka Data mining software as a web service.
Weka as a Web Service (Weka4WS) requires that you use the Globus Toolkit.

Globus tries to provide the framework for deploying any web service or Software as a service (SaaS).

Install:

Rather than re-invent the wheel. The Globus quick start guide, whilst not quick is very thorough in going through the whole process of getting both a master server (and Certificate Authority) and slave or client or node server.

I am happy to report that I managed to get through the guide and get a master server setup and running correctly. This is one of those installs where you are wondering what is next and what other requirement lies on the next page down.
If you are wondering, part of my dayjob (as a DBA) is to install software occasionally and get it working so I am no noob at this.

Summary:

I would have to say I have been seriously disappointed at the skill level ala assumed knowledge required to do these software installs. What small percentage of the potential users of the product are going to spend hours getting a server setup.
However on the plus side, if I am finding it difficult, providing the software as a service is sure to stimulate the demand for these applications. I also got to play again with PostgreSQL. It has been a while.

Have Fun

Paul



http://grid.deis.unical.it/weka4ws/

Get Globus Toolkit. I am used CentOS 4.4 which is equivalent to RHEL 4

http://www.globus.org/toolkit/docs/4.0/admin/docbook/quickstart.html - Quickstart Install Guide

http://www-unix.globus.org/ftppub/gt4/4.0/4.0.4/installers/bin/gt4.0.4-x86_rhas_4-installer.tar.gz

yum install zlib-devel.i386

Setting up Install Process
Setting up repositories
Reading repository metadata in from local files
Parsing package install arguments
Resolving Dependencies
--> Populating transaction set with selected packages. Please wait.
---> Downloading header for zlib-devel to pack into transaction set.
zlib-devel-1.2.1.2-1.2.i3 100% |=========================| 6.2 kB    00:00
---> Package zlib-devel.i386 0:1.2.1.2-1.2 set to be updated
--> Running transaction check

Dependencies Resolved

=============================================================================
Package                 Arch       Version          Repository        Size
=============================================================================
Installing:
zlib-devel              i386       1.2.1.2-1.2      base               89 k

Transaction Summary
=============================================================================
Install      1 Package(s)
Update       0 Package(s)
Remove       0 Package(s)
Total download size: 89 k
Is this ok [y/N]: y
Downloading Packages:
(1/1): zlib-devel-1.2.1.2 100% |=========================|  89 kB    00:00
Running Transaction Test
Finished Transaction Test
Transaction Test Succeeded
Running Transaction
 Installing: zlib-devel                   ######################### [1/1]

Installed: zlib-devel.i386 0:1.2.1.2-1.2
Complete!

 Apache Ant 

http://ant.apache.org/bindownload.cgi
tar -xvzf apache-ant-1.7.0-bin.tar.gz -C /usr/local


 GCC 

yum install gcc

[root@ip-10-251-73-176 mnt]# perl --version

This is perl, v5.8.5 built for i386-linux-thread-multi

Copyright 1987-2004, Larry Wall

Perl may be copied only under the terms of either the Artistic License or the
GNU General Public License, which may be found in the Perl 5 source kit.

Complete documentation for Perl, including FAQ lists, should be found on
this system using `man perl' or `perldoc perl'.  If you have access to the
Internet, point your browser at http://www.perl.com/, the Perl Home Page.

yum install postgresql postgresql-server.i386

 Create Globus user 

[root@ip-10-251-73-176 mnt]# adduser globus
[root@ip-10-251-73-176 mnt]# passwd globus
Changing password for user globus.
passwd: all authentication tokens updated successfully.
[root@ip-10-251-73-176 mnt]# mkdir /usr/local/globus-4.0.4/
[root@ip-10-251-73-176 mnt]# chown globus:globus /usr/local/globus-4.0.4/

 Untar globus into /usr/local 

tar -xzvf gt4.0.4-x86_rhas_4-installer.tar.gz -C /usr/local
chown -R  globus:globus /usr/local/gt4.0.4-x86_rhas_4-installer/

# User specific environment and startup programs

LD_LIBRARY_PATH=/usr/local/java/lib
JAVA_HOME=/usr/local/java
ANT_HOME=/usr/local/apache-ant-1.7.0
WEKAHOME=/usr/local/weka

PATH=$ANT_HOME/bin:$JAVA_HOME/bin:$PATH:$HOME/bin

export PATH LD_LIBRARY_PATH JAVA_HOME WEKAHOME ANT_HOME
unset USERNAME
[globus@ip-10-251-73-176 ~]$ source .bash_profile

./configure --prefix=/usr/local/globus-4.0.4/
checking for javac... /usr/local/java/bin/javac
checking for ant... /usr/local/apache-ant-1.7.0/bin/ant
configure: creating ./config.status
config.status: creating Makefile

make
make install


[globus@ip-10-251-73-176 gt4.0.4-x86_rhas_4-installer]$ export GLOBUS_LOCATION=/usr/local/globus-4.0.4
[globus@ip-10-251-73-176 gt4.0.4-x86_rhas_4-installer]$ source $GLOBUS_LOCATION/etc/globus-user-env.sh
[globus@ip-10-251-73-176 gt4.0.4-x86_rhas_4-installer]$ $GLOBUS_LOCATION/setup/globus/setup-simple-ca

[globus@ip-10-251-73-176 gt4.0.4-x86_rhas_4-installer]$ ls ~/.globus/simpleCA/
cacert.pem  crl                                          grid-ca-ssl.conf  newcerts  serial
certs       globus_simple_ca_b4fe7be7_setup-0.19.tar.gz  index.txt         private

[root@ip-10-251-73-176 mnt]# export GLOBUS_LOCATION=/usr/local/globus-4.0.4/
[root@ip-10-251-73-176 mnt]# $GLOBUS_LOCATION/setup/globus_simple_ca_ebb88ce5_setup/setup-gsi -default

 You will need to change the hashkey. Find it by checking for the file 

[root@ip-10-251-73-176 mnt]# ls -l /usr/local/globus-4.0.4/setup/globus_simple_ca_*_setup/setup-gsi
-rwxr-xr-x  1 globus globus 194 Feb 22 02:16 /usr/local/globus-4.0.4/setup/globus_simple_ca_b4fe7be7_setup/setup-gsi

/usr/local/globus-4.0.4/setup/globus_simple_ca_b4fe7be7_setup/setup-gsi -default

setup-gsi: Configuring GSI security
Making /etc/grid-security...
mkdir /etc/grid-security
Making trusted certs directory: /etc/grid-security/certificates/
mkdir /etc/grid-security/certificates/
Installing /etc/grid-security/certificates//grid-security.conf.b4fe7be7...
Running grid-security-config...
Installing Globus CA certificate into trusted CA certificate directory...
Installing Globus CA signing policy into trusted CA certificate directory...
setup-gsi: Complete

[root@ip-10-251-73-176 mnt]# ls /etc/grid-security/certificates/
b4fe7be7.0               globus-host-ssl.conf.b4fe7be7  grid-security.conf.b4fe7be7
b4fe7be7.signing_policy  globus-user-ssl.conf.b4fe7be7

[root@ip-10-251-73-176 mnt]# grid-cert-request -host `hostname`
The hostname ip-10-251-73-176 does not appear to be fully qualified.
Do you wish to continue? [n] y
Generating a 1024 bit RSA private key
..........++++++
.....................................................................++++++
writing new private key to '/etc/grid-security/hostkey.pem'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Level 0 Organization [Grid]:Level 0 Organizational Unit [GlobusTest]:Level 1 Organizational Unit [simpleCA-ip-10-251-73-176.ec2.internal]:Name (e.g., John M. Smith) []:

A private host key and a certificate request has been generated
with the subject:

/O=Grid/OU=GlobusTest/OU=simpleCA-ip-10-251-73-176.ec2.internal/CN=host/ip-10-251-73-176

----------------------------------------------------------

The private key is stored in /etc/grid-security/hostkey.pem
The request is stored in /etc/grid-security/hostcert_request.pem

Please e-mail the request to the Globus Simple CA roobaron@gmail.com
You may use a command similar to the following:

cat /etc/grid-security/hostcert_request.pem | mail roobaron@gmail.com

Only use the above if this machine can send AND receive e-mail. if not, please
mail using some other method.

Your certificate will be mailed to you within two working days.
If you receive no response, contact Globus Simple CA at roobaron@gmail.com

 Add GLOBUS_LOCATION to your profile 

[globus@ip-10-251-73-176 ~]$ vi .bash_profile
[globus@ip-10-251-73-176 ~]$ source .bash_profile
[globus@ip-10-251-73-176 ~]$ grid-ca-sign -in /etc/grid-security/hostcert_request.pem -out hostsigned.pem

To sign the request
please enter the password for the CA key:

The new signed certificate is at: /home/globus/.globus/simpleCA//newcerts/01.pem

 Copy the Certificates into the correct location as root 

[root@ip-10-251-73-176 mnt]# cp /etc/grid-security/hostcert.pem /etc/grid-security/hostcert.pem.old
[root@ip-10-251-73-176 mnt]# cp ~globus/hostsigned.pem /etc/grid-security/hostcert.pem
[root@ip-10-251-73-176 mnt]# cp /etc/grid-security/hostcert.pem /etc/grid-security/containcert.pem
[root@ip-10-251-73-176 mnt]# cp /etc/grid-security/hostkey.pem /etc/grid-security/containkey.pem

[root@ip-10-251-73-176 mnt]# ls -l /etc/grid-security/*.pem
-rw-r--r--  1 root root 2759 Feb 22 02:25 /etc/grid-security/containcert.pem
-r--------  1 root root  887 Feb 22 02:25 /etc/grid-security/containkey.pem
-rw-r--r--  1 root root 2759 Feb 22 02:24 /etc/grid-security/hostcert.pem
-rw-r--r--  1 root root 1437 Feb 22 02:20 /etc/grid-security/hostcert_request.pem
-r--------  1 root root  887 Feb 22 02:20 /etc/grid-security/hostkey.pem

 Creating demo user 

[root@ip-10-251-73-176 /mnt]$ adduser globus1
[root@ip-10-251-73-176 /mnt]$ passwd globus1
Changing password for user globus1.
passwd: all authentication tokens updated successfully.

[root@ip-10-251-73-176 /mnt]$ cp /home/globus/.bash_profile /home/globus1/
cp: overwrite `/home/globus1/.bash_profile'? y
[root@ip-10-251-73-176 /mnt]$ su - globus1

[globus1@ip-10-251-73-176 ~]$ source /usr/local/globus-4.0.4/etc/globus-user-env.sh
[globus1@ip-10-251-73-176 ~]$ grid-cert-request
Enter your name, e.g., John Smith: Globus
A certificate request and private key is being created.
You will be asked to enter a PEM pass phrase.
This pass phrase is akin to your account password,
and is used to protect your key file.
If you forget your pass phrase, you will need to
obtain a new certificate.

Generating a 1024 bit RSA private key
............++++++
..++++++
writing new private key to '/home/globus1/.globus/userkey.pem'
Enter PEM pass phrase:
Verifying - Enter PEM pass phrase:
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Level 0 Organization [Grid]:Level 0 Organizational Unit [GlobusTest]:Level 1 Organizational Unit [simpleCA-ip-10-251-73-176.ec2.internal]:Level 2 Organizational Unit [ec2.internal]:Name (e.g., John M. Smith) []:

A private key and a certificate request has been generated with the subject:

/O=Grid/OU=GlobusTest/OU=simpleCA-ip-10-251-73-176.ec2.internal/OU=ec2.internal/CN=Globus

If the CN=Globus is not appropriate, rerun this
script with the -force -cn "Common Name" options.

Your private key is stored in /home/globus1/.globus/userkey.pem
Your request is stored in /home/globus1/.globus/usercert_request.pem

Please e-mail the request to the Globus Simple CA roobaron@gmail.com
You may use a command similar to the following:

 cat /home/globus1/.globus/usercert_request.pem | mail roobaron@gmail.com

Only use the above if this machine can send AND receive e-mail. if not, please
mail using some other method.

Your certificate will be mailed to you within two working days.
If you receive no response, contact Globus Simple CA at roobaron@gmail.com

 Copied to /tmp so globus can just sign it 

[root@ip-10-251-73-176 /mnt]$ su - globus
[globus@ip-10-251-73-176 ~]$ grid-ca-sign -in /tmp/usercert_request.pem -out /tmp/signed.pem

To sign the request
please enter the password for the CA key:

The new signed certificate is at: /home/globus/.globus/simpleCA//newcerts/02.pem

[root@ip-10-251-73-176 /mnt]$ su - globus1
[globus1@ip-10-251-73-176 ~]$ cp /tmp/signed.pem ~/.globus/usercert.pem
[globus1@ip-10-251-73-176 ~]$ ls -l ~/.globus/
total 12
-rw-r--r--  1 globus1 globus1 2769 Feb 22 02:41 usercert.pem
-rw-r--r--  1 globus1 globus1 1453 Feb 22 02:38 usercert_request.pem
-r--------  1 globus1 globus1  963 Feb 22 02:38 userkey.pem

 Map file. The string comes from the output from the Certificate request 

[root@ip-10-251-73-176 /mnt]$ vi /etc/grid-security/grid-mapfile
[root@ip-10-251-73-176 /mnt]$ cat /etc/grid-security/grid-mapfile
"/O=Grid/OU=GlobusTest/OU=simpleCA-ip-10-251-73-176.ec2.internal/CN=host/ip-10-251-73-176/CN=Globus" globus1




 Setting up GridFTP 

[root@ip-10-251-73-176 /mnt]$ vi /etc/xinetd.d/gridftp
[root@ip-10-251-73-176 /mnt]$ cat /etc/xinetd.d/gridftp
service gsiftp
{
instances               = 100
socket_type             = stream
wait                    = no
user                    = root
env                     += GLOBUS_LOCATION=/usr/local/globus-4.0.4
env                     += LD_LIBRARY_PATH=/usr/local/globus-4.0.4/lib
server                  = /usr/local/globus-4.0.4/sbin/globus-gridftp-server
server_args             = -i
log_on_success          += DURATION
nice                    = 10
disable                 = no
}

 Adding GridFTP as a service 

[root@ip-10-251-73-176 /mnt]$ vi /etc/services
[root@ip-10-251-73-176 /mnt]$ /etc/init.d/xinetd reload
Reloading configuration:                                   [  OK  ]
[root@ip-10-251-73-176 /mnt]$ netstat -an | grep 2811
tcp        0      0 0.0.0.0:2811                0.0.0.0:*                   LISTEN

 Testing 

[globus1@ip-10-251-73-176 ~]$ grid-proxy-init -verify -debug
grid-proxy-init: error while loading shared libraries: libglobus_gsi_proxy_core_gcc32.so.0: cannot open shared object file: No such file or directory

 This error means you need to source the /usr/local/globus-4.0.4/etc/globus-user-env.sh 

[root@ip-10-251-73-176 /mnt]$ su - globus1
[globus1@ip-10-251-73-176 ~]$ source /usr/local/globus-4.0.4/etc/globus-user-env.sh
[globus1@ip-10-251-73-176 ~]$  grid-proxy-init -verify -debug

User Cert File: /home/globus1/.globus/usercert.pem
User Key File: /home/globus1/.globus/userkey.pem

Trusted CA Cert Dir: /etc/grid-security/certificates

Output File: /tmp/x509up_u504
Your identity: /O=Grid/OU=GlobusTest/OU=simpleCA-ip-10-251-73-176.ec2.internal/OU=ec2.internal/CN=Globus
Enter GRID pass phrase for this identity:
Creating proxy .......++++++++++++
........++++++++++++
Done
Proxy Verify OK
Your proxy is valid until: Fri Feb 22 14:49:47 2008


 Setup start-stop script... why is this not done by the developers!?! 

[globus@ip-10-251-73-176 ~]$ vi $GLOBUS_LOCATION/start-stop
[globus@ip-10-251-73-176 ~]$ chmod +x $GLOBUS_LOCATION/start-stop
[globus@ip-10-251-73-176 ~]$ ls -l $GLOBUS_LOCATION/start-stop
-rwxrwxr-x  1 globus globus 528 Feb 22 04:21 /usr/local/globus-4.0.4/start-stop
[globus@ip-10-251-73-176 ~]$ exit
logout
[root@ip-10-251-73-176 /mnt]$ vi /etc/init.d/globus-4.0.4
[root@ip-10-251-73-176 /mnt]$ cat /usr/local/globus-4.0.4/start-stop
#! /bin/sh
set -e

export JAVA_HOME=/usr/local/java
export ANT_HOME=/usr/local/apache-ant-1.7.0
export GLOBUS_LOCATION=/usr/local/globus-4.0.4
export GLOBUS_OPTIONS="-Xms256M -Xmx512M" 1

. $GLOBUS_LOCATION/etc/globus-user-env.sh

cd $GLOBUS_LOCATION
case "$1" in
   start)
       $GLOBUS_LOCATION/sbin/globus-start-container-detached -p 8443
       ;;
   stop)
       $GLOBUS_LOCATION/sbin/globus-stop-container-detached
       ;;
   *)
       echo "Usage: globus {start|stop}" >&2
       exit 1
      ;;
esac
exit 0
[root@ip-10-251-73-176 /mnt]$ chmod +x /etc/init.d/globus-4.0.4

 Starting up Globus... finally we are getting somewhere 

[root@ip-10-251-73-176 /mnt]$ /etc/init.d/globus-4.0.4 start
Starting Globus container. PID: 14945
WARNING: It seems like the container died directly
        Please see $GLOBUS_LOCATION/var/container.log for more information
[root@ip-10-251-73-176 /mnt]$ tail $GLOBUS_LOCATION/var/container.log
Failed to start container: Failed to initialize 'ManagedJobFactoryService' service [Caused by: [SEC] Service credentials not configured and was not able to obtain container credentials.; nested exception is:
       org.globus.wsrf.security.SecurityException: [SEC] Error obtaining container credentials; nested exception is:
       org.globus.wsrf.config.ConfigException: Failed to initialize container security config [Caused by:  [Caused by: Failed to load credentials. [Caused by: /etc/grid-security/containercert.pem (No such file or directory)]]]]
[root@ip-10-251-73-176 /mnt]$ ls -l /etc/grid-security/containercert.pem
ls: /etc/grid-security/containercert.pem: No such file or directory

 Issue with missing container certificate 

[root@ip-10-251-73-176 /mnt]$ mv /etc/grid-security/containcert.pem /etc/grid-security/containercert.pem
[root@ip-10-251-73-176 /mnt]$ mv /etc/grid-security/containkey.pem /etc/grid-security/containerkey.pem

 Woot! we have a Globus container running 

[root@ip-10-251-73-176 /mnt]$ /etc/init.d/globus-4.0.4 start
Starting Globus container. PID: 15140
[root@ip-10-251-73-176 /mnt]$  tail $GLOBUS_LOCATION/var/container.log
[42]: https://10.251.73.176:8443/wsrf/services/TriggerService
[43]: https://10.251.73.176:8443/wsrf/services/TriggerServiceEntry
[44]: https://10.251.73.176:8443/wsrf/services/Version
[45]: https://10.251.73.176:8443/wsrf/services/WidgetNotificationService
[46]: https://10.251.73.176:8443/wsrf/services/WidgetService
[47]: https://10.251.73.176:8443/wsrf/services/gsi/AuthenticationService
[48]: https://10.251.73.176:8443/wsrf/services/mds/test/execsource/IndexService
[49]: https://10.251.73.176:8443/wsrf/services/mds/test/execsource/IndexServiceEntry
[50]: https://10.251.73.176:8443/wsrf/services/mds/test/subsource/IndexService
[51]: https://10.251.73.176:8443/wsrf/services/mds/test/subsource/IndexServiceEntry

 Testing the container using demo service CounterService 

[root@ip-10-251-73-176 /mnt]$ su - globus1
[globus1@ip-10-251-73-176 ~]$ counter-client -s https://10.251.73.176:8443/wsrf/services/CounterService

Got notification with value: 3
Counter has value: 3

 Starting Postgres database 

[root@ip-10-251-73-176 /mnt]$ mkdir -p /var/lib/postgres/data
[root@ip-10-251-73-176 /mnt]$ vi /var/lib/postgres/data/pg_hba.conf
[root@ip-10-251-73-176 /mnt]$ cp /usr/share/pgsql/pg_hba.conf.sample /var/lib/postgres/data/pg_hba.conf
[root@ip-10-251-73-176 /mnt]$ id postgres
uid=26(postgres) gid=26(postgres) groups=26(postgres)
[root@ip-10-251-73-176 /mnt]$ vi /var/lib/postgres/data/pg_hba.conf
[root@ip-10-251-73-176 /mnt]$ /etc/init.d/postgresql start
Initializing database:                                     [  OK  ]
Starting postgresql service:                               [  OK  ]
[root@ip-10-251-73-176 /mnt]$ ps -ef|grep post
postgres 15628     1  0 04:41 ttyp0    00:00:00 /usr/bin/postmaster -p 5432 -D /var/lib/pgsql/data
postgres 15629 15628  0 04:41 ttyp0    00:00:00 postgres: stats buffer process
postgres 15630 15629  0 04:41 ttyp0    00:00:00 postgres: stats collector process

[root@ip-10-251-73-176 /mnt]$ su postgres -c "createuser -P globus"
Enter password for new user:
Enter it again:
Shall the new user be allowed to create databases? (y/n) y
Shall the new user be allowed to create more new users? (y/n) n
CREATE USER

[root@ip-10-251-73-176 /mnt]$ su - globus
[globus@ip-10-251-73-176 ~]$ createdb rftDatabase
CREATE DATABASE
[globus@ip-10-251-73-176 ~]$ psql -d rftDatabase -f $GLOBUS_LOCATION/share/globus_wsrf_rft/rft_schema.sql
psql:/usr/local/globus-4.0.4/share/globus_wsrf_rft/rft_schema.sql:6: NOTICE:  CREATE TABLE / PRIMARY KEY will create implicit index "requestid_pkey" for table "requestid"
CREATE TABLE
psql:/usr/local/globus-4.0.4/share/globus_wsrf_rft/rft_schema.sql:11: NOTICE:  CREATE TABLE / PRIMARY KEY will create implicit index "transferid_pkey" for table "transferid"
CREATE TABLE
psql:/usr/local/globus-4.0.4/share/globus_wsrf_rft/rft_schema.sql:30: NOTICE:  CREATE TABLE / PRIMARY KEY will create implicit index "request_pkey" for table "request"
CREATE TABLE
psql:/usr/local/globus-4.0.4/share/globus_wsrf_rft/rft_schema.sql:65: NOTICE:  CREATE TABLE / PRIMARY KEY will create implicit index "transfer_pkey" for table "transfer"
CREATE TABLE
psql:/usr/local/globus-4.0.4/share/globus_wsrf_rft/rft_schema.sql:71: NOTICE:  CREATE TABLE / PRIMARY KEY will create implicit index "restart_pkey" for table "restart"
CREATE TABLE
CREATE TABLE
CREATE INDEX


 Restarted ok. Testing RFT 

[root@ip-10-251-73-176 ~]# su - globus1
[globus1@ip-10-251-73-176 ~]$ cp /usr/local/globus-4.0.4/share/globus_wsrf_rft_test/transfer.xfr /tmp/rft.xfr
[globus1@ip-10-251-73-176 ~]$ cat /tmp/rft.xfr
true
16000
16000
false
1
true
1
null
null
false
10
gsiftp://10.251.73.176:2811/etc/group
gsiftp://10.251.73.176:2811/tmp/paultest.tmp
[globus1@ip-10-251-73-176 ~]$ dd if=/dev/zero of=/tmp/paultest.tmp bs=100M count=1
1+0 records in
1+0 records out
[globus1@ip-10-251-73-176 ~]$ ls -l /tmp/paultest.tmp
-rw-rw-r--  1 globus1 globus1 104857600 Feb 22 06:01 /tmp/paultest.tmp
[globus1@ip-10-251-73-176 ~]$ rft -h 10.251.73.176 -f /tmp/rft.xfr
Number of transfers in this request: 1
Subscribed for overall status
Termination time to set: 60 minutes

Overall status of transfer:
Finished/Active/Failed/Retrying/Pending
0/1/0/0/0

Overall status of transfer:
Finished/Active/Failed/Retrying/Pending
1/0/0/0/0
All Transfers are completed

 Outline of what globusrun-ws options 

[globus1@ip-10-251-73-176 ~]$ globusrun-ws -help
globusrun-ws -help | -version[s]
globusrun-ws -usage [-validate | -submit | -monitor | -status | -kill]
 Use the above to see which of the following are valid with each mode.

Modes of operation: (one should appear first on command line)
-validate:
      checks the job description for syntax errors and a subset
      of semantic errors without making any service requests.
-submit:
      submits (or resubmits) a job to a job host in one of
      three output modes: batch, interactive, or interactive-streaming.
-monitor:
      attaches to an existing job in interactive or
      interactive-streaming output modes.
-status:
      reports the current state of the job and exits.
-kill:
      requests the immediate cancellation of the job and exits.

Options:
-F, -factory :
      If supplied, this option causes an EPR to be constructed using
      ad-hoc methods that depend on GT implementation details.
      For interoperability to other implementations of WS_GRAM,
      the -factory-epr-file option should be used instead.
     *format: [protocol://]{hostname|hostaddr}[:port][/service]
     *default: https://localhost:8443/wsrf/services/ManagedJobFactoryService
-Ft, -factory-type :
      in the absence of -factory-epr-file, this specifies a
      type of scheduler.
     *default: 'Fork' for single jobs and 'Multi' for multijobs
-Ff, -factory-epr-file :
      causes the EPR for the ManagedJobFactory to be read from the given
      file. This EPR is used as the service endpoint for submission of the
      job.
-f, -job-description-file :
      causes the job description to be read from the given file.
      This description is modified according to the other options and
      passed in the WS_GRAM submission messages.
-c, -job-command [--]  [arg ...]:
      takes all remaining globusrun-ws arguments as its arguments;
      therefore it must appear last among globusrun-ws options. This
      option causes globusrun-ws to generate a simple job description with
      the named program and arguments.
-o, -job-epr-output-file :
      the created ManagedJob EPR will be written to the given
      file following successful submission. The file will not be written
      if the submission fails.
-j, -job-epr-file :
      causes the EPR for the ManagedJob to be read from the given file.
      This EPR is used as the endpoint for service requests.
-s, -streaming:
      The standard output and standard error files of the job are
      monitored and data is written to the corresponding output of
      globusrun-ws. The standard output will contain ONLY job output data,
      while the standard error may be a mixture of job error output as
      well as globusrun-ws messages, unless -quiet is specified.
     *implies: -staging-delegate if job description does not already
      contain stdout and stderr endpoints
     *note: use of -streaming (with or without -batch) places a hold state
      on the job before cleanup.  you must let the job complete
      or come back to it with -monitor or -kill
-so, -stdout-file :
      append stdout out stream to the specified file instead of to stdout.
-se, -stderr-file :
      append stderr out stream to the specified file instead of to stderr.
-I, -submission-id :
      causes the job to be (re)submitted using the given uuid in the
      reliability protocol.
-If, -submission-id-file :
      causes the uuid to be read from the given file. It is an error
      to use with -submission-id
-Io, -submission-id-output-file :
      the uuid in use is written to the given file, whether this uuid
      was generated for the user or given by one of the above
      input options.
-J, -job-delegate:
      If supplied AND the job description does not already provide a
      jobCredential element, globusrun-ws will delegate the
      client credential to WS_GRAM and introduce the corresponding
      element to the submission input.
-S, -staging-delegate:
      If supplied AND the job description does include staging or
      cleanup directives AND the job description does not already provide
      the necessary stagingCredential or transferCredential element(s),
      globusrun-ws will delegate the client credential to WS_GRAM and RFT,
      and introduce the corresponding elements to the submission input.
-Jf, -job-credential-file :
      If supplied AND the job description does not already provide a
      jobCredential element, globusrun-ws will copy the supplied epr into
      the job description.  This should be an epr returned from the
      DelegationFactoryService intended for use by the job (or, in the
      case of a multijob, for authenticating to the subjobs).
     *note: for multijob descriptions, only the top level jobCredential
      will be copied into.
-Sf, -staging-credential-file :
      If supplied AND the job description does not already provide a
      stagingCredential element, globusrun-ws will copy the supplied epr
      into the job description.  This should be an epr returned from the
      DelegationFactoryService intended for use with the RFT service
      associated with the ManagedJobService.
     *note: this option is ignored for multijobs.
-Tf, -transfer-credential-file :
      If supplied, globusrun-ws will copy the epr into each of the
      stage in, stage out, and cleanup elements that do not already
      contain a transferCredential element.  This should be an epr
      returned from the DelegationFactoryService intended for use by
      RFT to authenticate with the target gridftp server.
     *note: this option is ignored for multijobs.
-b, -batch:
      enables batch mode. the tool prints the resulting ManagedJob EPR as
      the sole standard output (unless in quiet mode) and exits.
     *note: without this, -submit is equivalent to
      -submit -batch immediately followed by -monitor.
-q, -quiet:
      all non-fatal status and protocol-related messages are suppressed.
-n, -no-cleanup:
      the default behavior of trapping interrupts (SIGINT) and canceling
      the job is disabled. Instead, the interrupt simply causes the tool
      to exit without affecting the ManagedJob resource.
-host, -host-authz:
      The GSI 'host authorization' rule is used to verify that the
      service is using a host credential appropriate for the underlying
      service address information.
     *default
-self, -self-authz:
      The GSI 'self authorization' rule is used to verify that the
      service is using a (proxy) credential derived from the same
      identity as the client's.
-subject, -subject-authz :
      The service must be using a credential with the exact subject
      name provided by this option.
-p, -private:
      If supplied, privacy-protection is enabled between globusrun-ws
      and WS_GRAM or GridFTP services. It is a fatal error to select
      privacy protection if it is not available due to build options or
      other security settings.
     *note: currently only works with https endpoints
-T, -http-timeout :
      Set timeout for HTTP socket, in milliseconds, for all Web services
      interactions.
     *default: 120000 (2 minutes).
-term, -termination +|:
      Set a termination time (+relative to now).
     *default: +24:00
-dbg, -debug:
      Display message and GridFTP debug output on stderr
-pft, -print-fault-type:
      When a fault occurs, display a line containing
      Fault Type: fault-type
      on stderr
-ipv6, -allow-ipv6:
      Allow streaming transfers to use IPV6.
-passive:
      Force streaming transfers to use MODE S to allow for passive mode
      transfers. (Useful if you're behind a firewall, but expensive
      because there is no connection caching).
-nodcau:
      Disable data channel authentication on streaming transfers.

 Errors of note 

[globus1@ip-10-251-73-176 ~]$ globusrun-ws -submit -c /bin/true
Submitting job...Failed.
globusrun-ws: Error submitting job
globus_xio_gsi: gss_init_sec_context failed.
GSS Major Status: Unexpected Gatekeeper or Service Name
globus_gsi_gssapi: Authorization denied: The name of the remote host (ip-10-251-73-176), and the expected name for the remote host (ip-10-251-73-176.ec2.internal) do not match. This happens when the name in the host certificate does not match the information obtained from DNS and is often a DNS configuration problem.

Fix: make sure to add a line in /etc/hosts eg:

10.251.73.176 ip-10-251-73-176 ip-10-251-73-176.ec2.internal

[globus1@ip-10-251-73-176 ~]$ globusrun-ws -submit -c /bin/true
Submitting job...Done.
Job ID: uuid:8e3adcd2-e136-11dc-b2fd-12313a004646
Termination time: 02/23/2008 11:08 GMT
Current job state: Failed
Destroying job...Done.
globusrun-ws: Job failed: Error code: 201
Script stderr:
We trust you have received the usual lecture from the local SystemAdministrator. It usually boils down to these two things:     #1) Respect the privacy of others.      #2) Think before you type.Password:


 Fix: Make sure sudoers file is correct

AddThis Social Bookmark Button

Posted by roobaron at 2:44 AM

Labels: , ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)