| | 1 | = QCG-Client Installation Guide = |
| | 2 | |
| | 3 | [[PageOutline]] |
| | 4 | |
| | 5 | '''The QCG-Client is the command-line java based client to the QCG-Broker service.''' |
| | 6 | |
| | 7 | |
| | 8 | = Requirements = |
| | 9 | == Mandatory == |
| | 10 | * '''configured set of trusted CAs''' |
| | 11 | * '''software packages''' |
| | 12 | * Installation from RPM - all packages required by the QCG-Client will be automatically installed by YUM during the installation of qcg-broker-client package. |
| | 13 | * Installation from sources - The following list of packages is required to build, deploy and run the qcg-broker client: |
| | 14 | * java 1.6 |
| | 15 | * ant |
| | 16 | * ant-nodeps |
| | 17 | * xml-commons-apis |
| | 18 | == Optional == |
| | 19 | * '''PL-Grid LDAP integration (PL-Grid only)''' - the machine where the client is to be installed has to be configured to allow users to log in to the their "plg*" accounts. |
| | 20 | * '''GridFTP server''' - the GridFTP server providing access to user's data for staging them in/out. It can be installed on the client machine (see the "Optional steps" section) or be any other instance of server having access to the data (e.g. if UI `/home` directory is shared with the QCG-Computing machine then installing gridFTP server on the UI is optional). |
| | 21 | |
| | 22 | = Preparation of the environment = |
| | 23 | |
| | 24 | == Disabling IPv6 == |
| | 25 | [http://apps.man.poznan.pl/trac/qcg/wiki/disable%20IPv6 Disable IPv6 if you really do not need it] |
| | 26 | |
| | 27 | == Certificate authorities == |
| | 28 | To allow proper mutual authentication between client and service set of Certificate Authorities [CA] certificates has to be installed. |
| | 29 | To install CA certificates please follow the instruction: [[https://www.qoscosgrid.org/trac/qcg/wiki/CA%20certificates | CA certificates installation]] |
| | 30 | |
| | 31 | |
| | 32 | |
| | 33 | = QCG-Client Installation = |
| | 34 | |
| | 35 | == Installation == |
| | 36 | |
| | 37 | === Installation from RPM (recommended) === |
| | 38 | |
| | 39 | * configure your system with [[http://www.qoscosgrid.org/trac/qcg/wiki/Software%20repositories | QCG Software Repositories]] |
| | 40 | * install QCG-Client using YUM Package Manager (as root): |
| | 41 | {{{ |
| | 42 | #!div style="font-size: 90%" |
| | 43 | {{{#!sh |
| | 44 | yum install qcg-broker-client |
| | 45 | }}} |
| | 46 | }}} |
| | 47 | |
| | 48 | The client is installed into three directories: |
| | 49 | * ''/usr/share/qcg/qcg-broker-client'' - scripts and jars needed to run the client |
| | 50 | * ''/etc/qcg/qcg-broker-client'' - configuration file for the client |
| | 51 | * ''/usr/bin'' - links to qcg-* commands |
| | 52 | |
| | 53 | === Installation from sources === |
| | 54 | |
| | 55 | * download qcg-broker sources from the SVN repository |
| | 56 | {{{ |
| | 57 | svn co https://apps.man.poznan.pl/svn/qcg-broker/branches/3.0 . |
| | 58 | }}} |
| | 59 | |
| | 60 | * build the code |
| | 61 | {{{ |
| | 62 | ant client-rebuild |
| | 63 | }}} |
| | 64 | |
| | 65 | * deploy the client to the target directory, setting the variable client.deploy.dir to the target location |
| | 66 | {{{ |
| | 67 | ant -Dclient.deploy.dir=/home/piontek/qcg-client -f build.deploy.xml deploy-client |
| | 68 | }}} |
| | 69 | == Configuration == |
| | 70 | The client looks for the global configuration first in the ''/etc/qcg/qcg-broker-client/qcg-broker-client.conf'' file and then for the ''~/.qcg/qcg.conf'' one which overwrites global settings. |
| | 71 | |
| | 72 | '''IMPORTANT: ''' We strongly advice to configure the RPM installation with global file. |
| | 73 | |
| | 74 | * To configure the client please create/edit |
| | 75 | * either the ''/etc/qcg/qcg-broker-client/qcg-broker-client.conf'' file (common for all users) |
| | 76 | * or the ''~/.qcg/qcg.conf'' file (with individual settings for every user) |
| | 77 | |
| | 78 | {{{ |
| | 79 | #!div style="font-size: 90%" |
| | 80 | {{{#!sh |
| | 81 | vi /etc/qcg/qcg-broker-client/qcg-broker-client.conf |
| | 82 | }}} |
| | 83 | }}} |
| | 84 | |
| | 85 | The following properties have to be set: |
| | 86 | * QCG_URL_DEFAULT - the URL of QCG-Broker service |
| | 87 | * QCG_DN_DEFAULT - the Distinguished Name of the QCG-Broker service |
| | 88 | * QCG_CLIENT_LOCATION_DEFAULT - the location of the client. If the value was set during the installation procedure there is no need to modify it. |
| | 89 | |
| | 90 | Optionally it is possible to configure the host and port of the GridFTP server which will be used by client for staging input/output files |
| | 91 | * GFTP_HOSTNAME - hostname of the host where the GridFTP server is installed. If the property is not set the default value is hostname of the host where the client is installed, |
| | 92 | * GFTP_PORT - port which the GridFTP server is listening on. If the property is not set the default value is "2811". |
| | 93 | |
| | 94 | GridFTP server and interactive jobs require some set of ports to be opened for incoming connections. The client takes this range of opened ports from the GLOBUS_TCP_PORT_RANGE environment variable. |
| | 95 | * GLOBUS_TCP_PORT_RANGE - range of opened ports |
| | 96 | |
| | 97 | Additionally it is possible to configure also the settings responsible for defining the policy for creation and refreshing of user's proxy. |
| | 98 | * QCG_PROXY_DURATION_DEFAULT - default length in hours of the proxy created by QCG-Client, |
| | 99 | * QCG_PROXY_DURATION_MIN - minimal acceptable lifetime of the proxy. If the remaining lifetime of the proxy is smaller then the given value, the proxy is automatically recreated. |
| | 100 | |
| | 101 | QCG-Client supports connecting to running jobs with interactive console (''qcg-connect'' command). The functionality needs one property to be set. |
| | 102 | * QCG_CONNECT_TIMEOUT - timeout for the connection from the job to the client. |
| | 103 | |
| | 104 | |
| | 105 | The example of the configuration file can be seen below: |
| | 106 | {{{ |
| | 107 | #!div style="font-size: 90%" |
| | 108 | {{{#!sh |
| | 109 | export QCG_CLIENT_LOCATION_DEFAULT=/usr/share/qcg/qcg-broker-client |
| | 110 | |
| | 111 | export QCG_URL_DEFAULT="https://qcg-broker.man.poznan.pl:8443/qcg/services/" |
| | 112 | export QCG_DN_DEFAULT="/C=PL/O=GRID/O=PSNC/CN=qcg-broker/qcg-broker.man.poznan.pl" |
| | 113 | |
| | 114 | export GFTP_HOSTNAME=qcg.man.poznan.pl |
| | 115 | export GFTP_PORT=2811 |
| | 116 | |
| | 117 | export GLOBUS_TCP_PORT_RANGE=9000,9500 |
| | 118 | |
| | 119 | export QCG_PROXY_DURATION_DEFAULT=600 |
| | 120 | export QCG_PROXY_DURATION_MIN=480 |
| | 121 | |
| | 122 | export QCG_CONNECT_TIMEOUT=60 |
| | 123 | }}} |
| | 124 | }}} |
| | 125 | |
| | 126 | '''IMPORTANT (PL-Grid only):''' |
| | 127 | To configure the client to contact the official, production instance of the QCG-Broker service deployed on PL-Grid infrastructure please use the following values: |
| | 128 | {{{ |
| | 129 | #!div style="font-size: 110%" |
| | 130 | {{{#!sh |
| | 131 | export QCG_URL_DEFAULT="https://qcg-broker.man.poznan.pl:8443/qcg/services/" |
| | 132 | export QCG_DN_DEFAULT="/C=PL/O=GRID/O=PSNC/CN=qcg-broker/qcg-broker.man.poznan.pl" |
| | 133 | }}} |
| | 134 | }}} |
| | 135 | |
| | 136 | == Site configuration == |
| | 137 | * Configure the site to display "the message of the day" for QCG-Client. |
| | 138 | The path to the motd file is ''/usr/share/qcg/qcg-broker-client/doc/motd''. |
| | 139 | * Configure the site for "nightly yum updates" to automatically install new versions of the client. |
| | 140 | |
| | 141 | |
| | 142 | = Optional Components Installation = |
| | 143 | The optional steps consider installation and configuration of the GridFTP server as well installation and configuration of the !GridMapFileGenerator tool (PLGrid Only) being responsible for periodic creation of grid-map-file used by the server for authorization and mapping users to physical accounts. |
| | 144 | |
| | 145 | The steps are for the case when there is no other GridFTP server providing access to user's data on the client machine and the dedicated instance of the server has to be installed. |
| | 146 | |
| | 147 | '''IMPORTANT:''' In most cases it should be possible to configure QCG-client to use the GridFTP server installed on the QCG-Computing site. Such configuration is recommended as it reduces number of software components that have to be maintained. |
| | 148 | |
| | 149 | == GridFTP server == |
| | 150 | For the user convenience QCG-Client is able to stage in input data accessible from the host where it is installed and also to stage out output data there. The functionality requires the data to be accessible via GridFTP server. The GridFTP server can be installed on the client machine or it can be any GridFTP server having access to the data on client machine. The simplest and the most popular solution is to mount the same shared network file system on both machines. The mount point must be exact the same. Paths to data have to be exactly the same on both machines. |
| | 151 | |
| | 152 | To install and configure the gridFTP server please follow the [[http://apps.man.poznan.pl/trac/qcg/wiki/gridftp%20server | guide]] |
| | 153 | |
| | 154 | |
| | 155 | == Grid Mapfile == |
| | 156 | To have access do data every authenticated user must be authorized by GridFTP server against the `grid-mapfile`. This file can be created manually by an administrator or generated automatically based on the LDAP directory service. |
| | 157 | |
| | 158 | === Manually created grid mapfile === |
| | 159 | {{{ |
| | 160 | #!div style="font-size: 90%" |
| | 161 | {{{#!default |
| | 162 | #for test purpose only add mapping for your account |
| | 163 | echo '"MyCertDN" myaccount' >> /etc/grid-security/grid-mapfile |
| | 164 | }}} |
| | 165 | }}} |
| | 166 | |
| | 167 | === LDAP generated grid mapfile (PL-Grid only)=== |
| | 168 | To install and configure the gridmap-file-generator tool please follow the [[http://apps.man.poznan.pl/trac/qcg/wiki/gridmap-file-generator | guide]] |
| | 169 | |
| | 170 | = Verification of installation = |
| | 171 | |
| | 172 | * Copy user's certificate (''usercert.pem'') and key (''userkey.pem'') files to the ''.globus'' directory |
| | 173 | * Invoke the command returning description of the QCG-Broker service |
| | 174 | {{{ |
| | 175 | #!div style="font-size: 90%" |
| | 176 | {{{#!default |
| | 177 | qcg-client description |
| | 178 | }}} |
| | 179 | }}} |
| | 180 | |
| | 181 | The information about the service version should be displayed |
| | 182 | {{{ |
| | 183 | #!div style="font-size: 90%" |
| | 184 | {{{#!default |
| | 185 | QCG-Broker Service ... |
| | 186 | }}} |
| | 187 | }}} |
| | 188 | |
| | 189 | '''IMPORTANT:''' For more details concerning usage of the QCG-Client please visit: |
| | 190 | * [[http://www.qoscosgrid.org/trac/qcg-broker/wiki/client_user_guide | the QCG-Client User Guide ]] |
| | 191 | * [[https://docs.plgrid.pl/qcg | QCG-Client Podręcznik Użytkownika (Polish only)]]. |
| | 192 | |
| | 193 | = License = |
| | 194 | For license details please visit the [http://www.qoscosgrid.org/trac/qcg/wiki/license QCG License] page. |
