Wiki Display Wiki Display

PreparingToHostAGILDATutorial

Preparing to host a GILDA Tutorial#

Introduction#

GILDA offers different tutorial categories each oriented on forming attendees on a particular Grid knowledge. Mainly there are: Tutorials for users and Tutorials for Site Administration. The first kind of tutorial is used to give to the students the necessary knowledge to access and use a Grid Infrastructure. The tutorials for Site administration are used to give to the students the necessary knowledge in order to install/configure and manage Grid site services by their own. Actually GILDA teaches on how to use install and manage gLite middleware version 3.1.

Tutorial for users.#

We will introduce you on how to host user tutorials.

User Certificate Request#

In order to arrange a tutorial for users it is needed to request a digital certificate for each student participating to the tutorial. Normally the number of certificates matches with the number of physical PCs dedicated for the tutorial. Some time it is necessary to let more than one student to share each computer. We suggest to request a digital certificate to each participant rather than to each PC in order to give each student the possibility to try our GILDA testbed also after the end of the tutorial. Please consider that GILDA digital certificates created for tutiruals does not keep personal certificates valid over one week after the end of the tutorial. To request digital certificates you need to fill a form into the GILDA web site, (https://gilda.ct.infn.it/request_tutorial/index.php) specifying that you want to host a tutorial for users.

Please pay attention on the following fields:

Type Choose here: Users
Start Date The 1st day of the tutorial
End Date The last day of the tutorial
Tutorial home page Put here the tutorial home page (if any)
Agenda page Put here the link to the event Agenda
Expected number of participants Put here the number of certificates you like to obtain
E-mail address of the organiser Put here the contact e-mail of the tutorial responsible

After the form filling just push the ‘Submit’ button to finalize your request. After a while the tutorial responsible will receive in his email folder a tarball file containing all GILDA digital certificates. You will also receive instructions on the passwords assigned to each certificate. Normally the passphrase is unique for all certificates. Normally the content of the tarball is similar to the following:

[cityname]1/ [cityname]1_userkey.pem [cityname]1_usercert.pem [cityname]1_userkey.p12 [cityname]2/ [cityname]2_userkey.pem [cityname]2_usercert.pem [cityname]2_userkey.p12 … [cityname]n/ [cityname]n_userkey.pem [cityname]n_usercert.pem [cityname]n_userkey.p12 

The directory has the name of the user certificate. The userkey.pem and usercert.pem files are respectively the public and private key of the certificate. The last P12 file contains both public and private key of the certificate, this latter format will be used to import easily the digital certificate on the web browsers or directly by applications using the grid. (Normally GENIUS web portal and Grid2Win). We suggest to extract the tarball on to a computer hosting a httpd service and let attendees access the certificates from their own PCs.

User Interface#

GILDA tutorials make use of Virtual Machines (http://www.vmware.com). The first step is to visit the VMWare web site download page and download the latest version of the VMPlayer application (http://www.vmware.com/products/player/). The use of this application does not need to purchase any licence since it is freeware. After downloading the VMWarePlayer application you need to install it on each PC that will be used by the students. Once you finish to install the VMPlayer you have to go to the GILDA Virtual Services web page: https://gilda.ct.infn.it/VirtualServices.html Then you have to click on the latest available UI; currently: GILDA VM UI gLite 3.0 . A download process will start and when you finish you will get a tarball file. Copy the tar ball to each PC serving the students then extract the tarball. (on Unix: tar xvfz <argchive>.tar.gz). The final step is to open the virtual service just giving as input the ‘.VMX’ file on the VMPlayer application. This will start a virtual PC on the physical PC. The virtual PC will host Scientific Linux OS with all software needed to access the Grid infrastructure. When the startup procedure is finished you should be prompted to access to the virtual machine. Instructions on how to access the virtual machines as root are available beside the tarball file name in readme file

Once you access on the virtual PC, you may change the UI root password (not mandatory step). Then you have to create a unix user with:

# adduser [name of the certificate] (the name used on the directories of the certificate tarball) # passwd [name of the certificate]  [set as password: [cityname][certificate number]] 

Then access to the UI as the new created user with:

# su - [cityname][certificate number] 

Other few commands are necessary to complete the installation.

The first step is to extract the following tarball file containing a set of examples that students can use during the tutorial to test grid services. You can download this tarball of examples from: https://gilda.ct.infn.it/RPMS/GILDA-TAR-APPLICATIONs.tar.gz Please untar it on the user $HOME directory. We also suggest to copy this tarball file on the httpd machine hosting the certificates.

Then you need to put user certificates with the following commands:

$ mkdir .globus $ scp  [username]@[certificates_host]:[cityname][n]/[cityname]1_usercert.pem  ./.globus/usercert.pem $ scp  [username]@[certificates_host]:[cityname][n]/[cityname]1_userkey.pem  ./.globus/userkey.pem $ chmod 644 .globus/usercert.pem $ chmod 400 .globus/userkey.pem 

ATTENTION - Please follow the above steps for each PC and/or students. In case more than one student are sharing the same PC please add an account for each student that is using the PC. You are free to follow any numbering convention you wish associating the phisicl PCs to the available certificates and students. We also suggest to work on a single VM preparing the common steps then spread it on all machine and finish your work on each machine.

When all these steps have been done, you should test to logon on the grid. Access to the UI as user:

Username: [cityname][certificate number] Password: : [cityname][certificate number] 
[cityname][certificate number] voms-proxy-init --voms gilda Cannot find file or dir: /home/brunor/.glite/vomses Your identity: /C=IT/O=GILDA/OU=Personal Certificate/L=INFNCT/CN=Riccardo Bruno/Email=ricsxn@hotmail.com Enter GRID pass phrase: Creating temporary proxy ................................ Done Contacting  voms.ct.infn.it:15001 [/C=IT/O=GILDA/OU=Host/L=INFN Catania/CN=voms.ct.infn.it/Email=emidio.giorgio@ct.infn.it] "gilda" Done Creating proxy ................................... Done 

At this stage you are logged into the grid and you will be able to use its services. If you are not successful on that operation please don’t hesitate to contact us to receive support grid-prod@ct.infn.it.

Import the certificate into the browser.

In the tarball file containing the certificates you should have also a file P12. If you have just the .pem ones please use the following command to convert the PEM format to the the P12.

# openssl pkcs12 &ndash;export &ndash;in .pem &ndash;inkey .pem &ndash;out .p12 &ndash;name  

Once you have the P12 file you have to import it in your favorite web browser following the specific instructions of your browser. Please don't forget to allow students to access the certificates from a dedicated machine running a httpd service.

Tutorial for site admin.#

We will introduce you on how to host a site administration tutorial.

Host Certificate Request#

In order to arrange a tutorial for site administrators it is needed to request a host digital certificate for each PC used into the tutorial. Normally the number of certificates matches with the number of physical PCs dedicated to the tutorial. Some time it is necessary to let more than one grid service to share a PC; in such a case it is important to plan in advance the exact number of host digital certificates you need. To request host certificates you need to fill up a form into the GILDA web site (https://gilda.ct.infn.it/request_tutorial/index.php) specifying that you want to host a tutorial for site administrators.

Please pay attention on the following fields:

Type Choose here: Sysadmins
Start Date The 1st day of the tutorial
End Date The last day of the tutorial
Tutorial home page Put here the tutorial home page (if any)
Agenda page Put here the link to the event Agenda
Expected number of participants Put here the number of certificates you like to obtain
E-mail address of the organiser Put here the contact e-mail of the tutorial responsible

After the form filling just push the ‘Submit’ button to send your request. Then provide to the GILDA CA mailing list a list of hostnames in order to generate the requested number of GILDA host certificates. ATTENTION - Each hostname must have direct and inverse name resolution and it has to be a public IP. After a while a the tutorial responsible will receive in its email folder a tarball file containing all certificates. Normally the content of the tarball is similar to the following:

[host]1/ [hostkey ]1.pem [hostcert]1.pem [host>2/ [hostkey ]2.pem [hostcert]2.pem &hellip; [host]n/ [hostkey ]n.pem [hostcert]n.pem 

The userkey.pem and usercert.pem .PEM files are respectively the public and private key of the certificate. We suggest to extract the tarball on to a computer hosting a httpd service.

The GildaVMBase#

The GILDA tutorials make use of Virtual Machines (http://www.vmware.com). The first step is to visit the VMWare web site download page and download the latest version of the VMPlayer application (http://www.vmware.com/products/player/). The use of this application does not need to purchase any licence since it is freeware. After downloading the VMWarePlayer application you need to install it on each PC that will be used by the students. Once you finish to install the VMPlayer you have to go to the GILDA Virtual Services web page: https://gilda.ct.infn.it/VirtualServices.html Then you have to click on the latest available GildaVMBase machine; currently:
GILDA VM Base_SLC4.6_i386 For gLite services requesting SLC4.x
GILDA VM Base_SLC3.0_i386 For gLite services still requesting the older SLC3.x
A new download process will start and when you finish you will get a tarball file. Copy the tar ball to each PC serving the students then extract the tarball. (on Unix: tar xvfz <argchive>.tar.gz). The final step is to open the virtual service just giving as input the ‘.VMX’ file to the VMPlayer application. This will start a virtual PC on the physical PC hosting a Scientific Linux OS with the minimal set of packages needed to host a grid site installation. When the startup procedure is finished you should be prompted to access to the virtual machine. Instructions on how to access the virtual machines as root are available beside the tarball file name by the Readme link.

If you wish you can then change the UI root password (not mandatory step).

FQDN#

Open the VM and access to it as root, setup the network settings in order to use the right one of the right IP address specified on the host certificate request. To start the network setup we recommend you the use of the setup tool
# setup (then choice network settings) 

Use of VM#

Please keep a copy of the tarball file in a safe place on each tutorial PC. After each service installation the virtual machine will be destroyed or saved and the safe tarball will be used to restart from scratch a new virtual machine. Some VMPlayer versions allow the use of snapshots; in such cases there is no need to make copies of files.

Repository#

One of the most important point on prearing a site administration tutorials is to arrange a full mirror of the GILDA repository. The repository contains RPMs of ALL Grid services. Although the repository can be accessed remotely from any host that can access to internet, we kindly recommend you to make a full mirror of our repository locally on a dedicated server. This is necessary in order to reduce the bandwidth usage during the tutorial. The students will change installation scripts in order to download all packages from the local repository site instead of downloading then using the external bandwidth.

-- Riccardo Bruno - 10 Nov 2006

1 Attachment
2269 Views
Average (0 Votes)
Comments