QCG-Client Installation

The QCG-Client is the command-line java based client to the QCG-Broker service.

Requirements

  • PL-Grid LDAP integration (PL-Grid only) - the machine where the client is to be installed has to be configured to allow users to log in to the their "plg*" accounts.
  • Packages requirements - all packages required by the QCG-Client will be automatically installed by YUM during the installation of qcg-broker-client package.
  • GridFTP server - the GridFTP server providing access to user's data for staging them in/out. It can be installed on the client machine (see the "Optional steps" section) or be any other instance of server having access to the data (e.g. if UI /home directory is shared with the QCG-Computing machine then installing gridFTP server on the UI is optional).

Preparation of the environment

Disabling IPv6

 Disable IPv6 if you really do not need it

Certificate authorities

To allow proper mutual authentication between client and service set of Certificate Authorities [CA] certificates has to be installed. To install CA certificates please follow the instruction:   CA certificates installation

Software repositories

To install QCG client please configure your system with   QCG Software Repositories

QCG-Client Installation

Installation

  • install QCG-Client using YUM Package Manager (as root):
    yum install qcg-broker-client
    

The client is installed into three directories:

  • /usr/share/qcg/qcg-broker-client - scripts and jars needed to run the client
  • /etc/qcg/qcg-broker-client - configuration file for the client
  • /usr/bin - links to qcg-* commands

Configuration

  • To configure the client please edit the /etc/qcg/qcg-broker-client/qcg-broker-client.conf file.
vi /etc/qcg/qcg-broker-client/qcg-broker-client.conf

The following properties have to be set:

  • QCG_URL_DEFAULT - the URL of QCG-Broker service
  • QCG_DN_DEFAULT - the Distinguished Name of the QCG-Broker service
  • QCG_CLIENT_LOCATION_DEFAULT - the location of the client. This value is set during the installation procedure and shouldn't be modified.

Optionally it is possible to configure the host and port of the GridFTP server which will be used by client for staging input/output files

  • GFTP_HOSTNAME - hostname of the host where the GridFTP server is installed. If the property is not set the default value is hostname of the host where the client is installed,
  • GFTP_PORT - port which the GridFTP server is listening on. If the property is not set the default value is "2811".

GridFTP server and interactive jobs require some set of ports to be opened for incoming connections. The client takes this range of opened ports from the GLOBUS_TCP_PORT_RANGE environment variable.

  • GLOBUS_TCP_PORT_RANGE - range of opened ports

Additionally it is possible to configure also the settings responsible for defining the policy for creation and refreshing of user's proxy.

  • QCG_PROXY_DURATION_DEFAULT - default length in hours of the proxy created by QCG-Client,
  • QCG_PROXY_DURATION_MIN - minimal acceptable lifetime of the proxy. If the remaining lifetime of the proxy is smaller then the given value, the proxy is automatically recreated.

QCG-Client supports connecting to running jobs with interactive console (qcg-connect command). The functionality needs one property to be set.

  • QCG_CONNECT_TIMEOUT - timeout for the connection from the job to the client.

The example of the configuration file can be seen below:

export QCG_CLIENT_LOCATION_DEFAULT=/usr/share/qcg/qcg-broker-client

export QCG_URL_DEFAULT="https://qcg-broker.man.poznan.pl:8443/qcg/services/"
export QCG_DN_DEFAULT="/C=PL/O=GRID/O=PSNC/CN=qcg-broker/qcg-broker.man.poznan.pl"

export GFTP_HOSTNAME=qcg.man.poznan.pl
export GFTP_PORT=2811

export GLOBUS_TCP_PORT_RANGE=9000,9500

export QCG_PROXY_DURATION_DEFAULT=600
export QCG_PROXY_DURATION_MIN=480

export QCG_CONNECT_TIMEOUT=60

IMPORTANT (PL-Grid only): To configure the client to contact the official, production instance of the QCG-Broker service deployed on PL-Grid infrastructure please use the following values:

export QCG_URL_DEFAULT="https://qcg-broker.man.poznan.pl:8443/qcg/services/"
export QCG_DN_DEFAULT="/C=PL/O=GRID/O=PSNC/CN=qcg-broker/qcg-broker.man.poznan.pl"

Site configuration

  • Configure the site to display "the message of the day" for QCG-Client. The path to the motd file is /usr/share/qcg/qcg-broker-client/doc/motd.
  • Configure the site for "nightly yum updates" to automatically install new versions of the client.

Optional Components Installation

The optional steps consider installation and configuration of the GridFTP server as well installation and configuration of the GridMapFileGenerator tool (PLGrid Only) being responsible for periodic creation of grid-map-file used by the server for authorization and mapping users to physical accounts.

The steps are for the case when there is no other GridFTP server providing access to user's data on the client machine and the dedicated instance of the server has to be installed.

IMPORTANT: In most cases it should be possible to configure QCG-client to use the GridFTP server installed on the QCG-Computing site. Such configuration is recommended as it reduces number of software components that have to be maintained.

GridFTP server

For the user convenience QCG-Client is able to stage in input data accessible from the host where it is installed and also to stage out output data there. The functionality requires the data to be accessible via GridFTP server. The GridFTP server can be installed on the client machine or it can be any GridFTP server having access to the data on client machine. The simplest and the most popular solution is to mount the same shared network file system on both machines. The mount point must be exact the same. Paths to data have to be exactly the same on both machines.

To install and configure the gridFTP server please follow the   guide

Grid Mapfile

To have access do data every authenticated user must be authorized by GridFTP server against the grid-mapfile. This file can be created manually by an administrator or generated automatically based on the LDAP directory service.

Manually created grid mapfile

#for test purpose only add mapping for your account
echo '"MyCertDN" myaccount' >> /etc/grid-security/grid-mapfile

LDAP generated grid mapfile (PL-Grid only)

To install and configure the gridmap-file-generator tool please follow the   guide

Verification of installation

  • Copy user's certificate (usercert.pem) and key (userkey.pem) files to the .globus directory
  • Invoke the command returning description of the QCG-Broker service
    qcg-client description
    

The information about the service version should be displayed

QCG-Broker Service ...

IMPORTANT: For more details concerning usage of the QCG-Client please visit   the QCG User Guide (Polish only).

License

For license details please visit the  QCG License page.