Chinaunix首页 | 论坛 | 博客
  • 博客访问: 1734047
  • 博文数量: 163
  • 博客积分: 10591
  • 博客等级: 上将
  • 技术积分: 1980
  • 用 户 组: 普通用户
  • 注册时间: 2006-08-08 18:17
文章分类

全部博文(163)

文章存档

2018年(1)

2012年(1)

2011年(47)

2010年(58)

2009年(21)

2008年(35)

分类: LINUX

2010-03-19 10:09:53

以前花了很多时间配置出来的,写出来供搭建参考,希望有人更深入的学习了解。

 

 

 


简单测试环境的搭建

 

 

 

Nimbusworkspace.globus.org)是基于Globus)网格软件包GT中的java core(ws-core)组件而开发的IaaS平台软件。

 

 

 

这里为了搭建一个简单的环境,我们选取了三台机器:

Role

Hostname

IP

OS

User

Software

nimbus client

wang135.hrwang.com

172.20.86.135

RHEL5.2/CentOS5.2

nimbus

jdk-1_5_0_17-linux

nimbus-cloud-client-011.tar.gz

nimbus server

wang136.hrwang.com

172.20.86.136

RHEL5.2/CentOS5.2

globus

nimbus

jdk-1_5_0_17-linux

apache-ant-1.7.1-bin.tar.gz

XML-Parser-2.36.tar.gz

gt4.0.8-all-source-installer.tar.bz2

nimbus-TP2.2.tar.gz

VMM

cloud.jsgl.com

172.20.86.174

RHEL5.2/CentOS5.2

globus

dhcpd

python2.3+

sudo

ebtables-v2.0.8-2.tar.gz

nimbus-controls-TP2.2.tar.gz

  

 

 

 

 

 

 

 

结合上面的结构图,wang135.hrwang.com可以当做cloud-client wang136.hrwang.com可以当做Workspace Service+Repository node可以当做VMMs

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

下面以#开头的命令是root用户执行的,以$开头的命令是普通用户执行的。

首先确保,每台机器的/etc/hosts内容都如下:

172.20.86.135   wang135.hrwang.com wang135

172.20.86.136   wang136.hrwang.com wang136

172.20.86.169   cloud.jsgl.com cloud

 

另外将相应的用户在相应的机器上创建起来。

 

 

nimbus server进行安装部署

 

安装javaapache-ant,及XML-Parser

 

[root@wang136 opt]# pwd

/opt

[root@wang136 opt]# ./jdk-1_5_0_17-linux-amd64.bin              解压安装

[root@wang136 opt]# tar zxvf apache-ant-1.7.1-bin.tar.gz            解压安装

 

[root@wang136 opt]# vi /etc/profile                         在文件末添加环境变量

export ANT_HOME=/opt/apache-ant-1.7.1/

PATH=/opt/apache-ant-1.7.1/bin:/opt/jdk1.5.0_17/bin:/opt/jdk1.5.0_17/jre/bin:$PATH

JAVA_HOME=/opt/jdk1.5.0_17

CLASSPATH=/opt/jdk1.5.0_17/lib:/opt/jdk1.5.0_17/jre/lib:/opt/apache-ant-1.7.1/lib

export PATH

export JAVA_HOME

export CLASSPATH

 

[root@wang136 opt]# source /etc/profile                        生效环境变量

 

[root@wang136 opt]# java –version                            验证

java version "1.5.0_17"

Java(TM) 2 Runtime Environment, Standard Edition (build 1.5.0_17-b04)

Java HotSpot(TM) 64-Bit Server VM (build 1.5.0_17-b04, mixed mode)

[root@wang136 opt]# ant -version

Apache Ant version 1.7.1 compiled on June 27 2008

 

[root@wang136 opt]# tar zxvf XML-Parser-2.36.tar.gz       安这个包是为了以后装GRAM

[root@wang136 opt]# cd XML-Parser-2.36

[root@wang136 XML-Parser-2.36]# perl Makefile.PL

[root@wang136 XML-Parser-2.36]# make

[root@wang136 XML-Parser-2.36]# make install

 

安装GT

 

[root@wang136 ~]# useradd globus                        创建globus用户

[root@wang136 ~]# passwd globus

 

[root@wang136 ~]# mkdir /usr/local/globus-4.0.8             创建安装目录

[root@wang136 ~]# chown -R globus:globus /usr/local/globus-4.0.8

 

[root@wang136 ~]# cd /opt/                              软件放在opt目录下

[root@wang136 opt]# tar jxvf gt4.0.8-all-source-installer.tar.bz2

[root@wang136 opt]# chown -R globus:globus gt4.0.8-all-source-installer

 

切换到globus登陆的终端

[globus@wang136 gt4.0.8-all-source-installer]$ pwd

/opt/gt4.0.8-all-source-installer

[globus@wang136 gt4.0.8-all-source-installer]$ export GLOBUS_LOCATION=/usr/local/globus-4.0.8                  (将这行添加到/home/globus/.bash_profile的末尾)

 

[globus@wang136 gt4.0.8-all-source-installer]$ ./configure --prefix=/usr/local/globus-4.0.8

[globus@wang136 gt4.0.8-all-source-installer]$ make wsjava gridftp

[globus@wang136 gt4.0.8-all-source-installer]$ make wsjava gridftp install

 

创建配置证书

 

创建CA

使用globus用户执行下面的操作

[globus@wang136 gt4.0.8-all-source-installer]$ cd /usr/local/globus-4.0.8/   

[globus@wang136 globus-4.0.8]$ sh etc/globus-user-env.sh     

将下面这行添加到/home/globus/.bash_profile的末尾:

source /usr/local/globus-4.0.8/etc/globus-user-env.sh

 

[globus@wang136 globus-4.0.8]$ ./setup/globus/setup-simple-ca             生成CA

 

WARNING: GPT_LOCATION not set, assuming:

         GPT_LOCATION=/usr/local/globus-4.0.8

 

 

 

    C e r t i f i c a t e    A u t h o r i t y    S e t u p

 

This script will setup a Certificate Authority for signing Globus

users certificates.  It will also generate a simple CA package

that can be distributed to the users of the CA.

 

The CA information about the certificates it distributes will

be kept in:

 

/home/globus/.globus/simpleCA/

 

The unique subject name for this CA is:

 

cn=Globus Simple CA, ou=simpleCA-wang136.hrwang.com, ou=GlobusTest, o=Grid

 

Do you want to keep this as the CA subject (y/n) [y]:y

 

Enter the email of the CA (this is the email where certificate

requests will be sent to be signed by the CA):wanghongrui@ceopen.cn

 

The CA certificate has an expiration date. Keep in mind that

once the CA certificate has expired, all the certificates

signed by that CA become invalid.  A CA should regenerate

the CA certificate and start re-issuing ca-setup packages

before the actual CA certificate expires.  This can be done

by re-running this setup script.  Enter the number of DAYS

the CA certificate should last before it expires.

[default: 5 years (1825 days)]:

 

Enter PEM pass phrase:

Verifying - Enter PEM pass phrase:

 

 

creating CA config package...done.

 

 

A self-signed certificate has been generated

for the Certificate Authority with the subject:

 

/O=Grid/OU=GlobusTest/OU=simpleCA-wang136.hrwang.com/CN=Globus Simple CA

 

If this is invalid, rerun this script

 

./setup/globus/setup-simple-ca

 

and enter the appropriate fields.

 

-------------------------------------------------------------------

 

The private key of the CA is stored in /home/globus/.globus/simpleCA//private/cakey.pem

The public CA certificate is stored in /home/globus/.globus/simpleCA//cacert.pem

 

The distribution package built for this CA is stored in

 

/home/globus/.globus/simpleCA//globus_simple_ca_2f982487_setup-0.19.tar.gz

 

This file must be distributed to any host wishing to request

certificates from this CA.

 

CA setup complete.

 

The following commands will now be run to setup the security

configuration files for this CA:

 

$GLOBUS_LOCATION/sbin/gpt-build /home/globus/.globus/simpleCA//globus_simple_ca_2f982487_setup-0.19.tar.gz

 

$GLOBUS_LOCATION/sbin/gpt-postinstall

-------------------------------------------------------------------

 

 

setup-ssl-utils: Configuring ssl-utils package

Running setup-ssl-utils-sh-scripts...

 

***************************************************************************

 

Note: To complete setup of the GSI software you need to run the

following script as root to configure your security configuration

directory:

 

/usr/local/globus-4.0.8/setup/globus_simple_ca_2f982487_setup/setup-gsi

 

For further information on using the setup-gsi script, use the -help

option.  The -default option sets this security configuration to be

the default, and -nonroot can be used on systems where root access is

not available.

 

***************************************************************************

 

setup-ssl-utils: Complete

 

1 上面选择的都是默认答案,只有邮箱和密码根据情况填写。

 

)配置CA

使用root执行:

[root@wang136 opt]# export GLOBUS_LOCATION=/usr/local/globus-4.0.8

[root@wang136 opt]# /usr/local/globus-4.0.8/setup/globus_simple_ca_2f982487_setup/setup-gsi -default

setup-gsi: Configuring GSI security

Making /etc/grid-security...

mkdir /etc/grid-security

Making trusted certs directory: /etc/grid-security/certificates/

mkdir /etc/grid-security/certificates/

Installing /etc/grid-security/certificates//grid-security.conf.2f982487...

Running grid-security-config...

Installing Globus CA certificate into trusted CA certificate directory...

Installing Globus CA signing policy into trusted CA certificate directory...

setup-gsi: Complete

 



阅读(2160) | 评论(5) | 转发(0) |
给主人留下些什么吧!~~

chinaunix网友2011-01-10 21:28:58

您好,能不能加我QQ,有不懂的地方向您请教。4923333八7,非常感谢!

benxiong2011-01-10 09:51:55

呵呵,没有其它的文档了,你可以多看看官方的文档,我那时也是看了很多遍。 参考blog里的方法一定可以搭建成功(当然,软件版本也限于blog写的,其它的版本我没有试过)

chinaunix网友2011-01-09 21:33:01

邮箱是panwubin470#gmail.com

chinaunix网友2011-01-09 21:31:18

您好,我想搭Nimbus,有没有Nimbus的文档可以给我看看啊。谢谢!

chinaunix网友2010-03-21 09:58:12

太感谢了,最近正在整个东西