TWiki> APACgrid Web>GatewayMachines>VmdetailsNgdataVdt (10 May 2007, JosephAntony)EditAttach

NGDATAVDT

Responsible Person

Graham Jenkins, GrahamJenkins VPAC

Technology Summary and Contents

  • CentOS Linux 4.4
  • VDT 1.6.1 with Globus-Base-Data-Server, GSIOpenSSH and Prima Auth Module

Notes on site-specific NGData info

Basic Install Instructions

  • Build the basic Xen guest for NGDataVdt using the procedure shown in XenInstall and set-up networking, user authentication and user directory mounts in accordance with local conventions
  • Apply for and install a host certificate (and key) for the machine as shown at: http://www.vpac.org/twiki/bin/view/APACgrid/HostCertRequestAPAC
  • Login as root, set http_proxy if appropriate, then perform the following operations:
  • yum install Gbuild
  • /usr/local/sbin/BuildNgdataVdt161.sh .. and answer 'y' to the cache question
  • You will also need to supply the name of a local GUMS server .. e.g.: nggums.vpac.org in /etc/grid-security/prima-authz.conf
  • Submit some test jobs from a Globus client machine

Security Considerations

  • An NGDATA machine built using these instructions has a gsissh server running on port 22, and this offers both standard ssh and gssapi authentication methods
  • If appropriate for your site, you can restrict this so that only gsissh methods are offered as follows, by adding the following to: /opt/vdt/globus/etc/ssh/sshd_config 
        Protocol 2
        RSAAuthentication no
        PubkeyAuthentication no
        PasswordAuthentication no
        ChallengeResponseAuthentication no
  • You might then also want to start a normal sshd server on port 2222 (which can be firewalled to restrict access); this might be used by local administrators. You can accomplish this by adding to: /etc/ssh/sshd_config the line: Port 2222. You will then need to do: chkconfig --add sshd; service sshd start

If You Need To Re-Install The VDT Components

  • Login as root and do: vdt-control --force --off
  • Then: mv /opt/vdt /opt/vdt.`date +%s`
  • And: rm -f /etc/grid-security/prima-authz.conf
  • You can then set http_proxy if appropriate and re-run: BuildNgdataVdt161.sh as outlined above

Adding pciback support

  • pciback info from the CentOS5 install page

-- GrahamJenkins - 23 Apr 2007

Attachments Attachments
Topic attachments
I Attachment Action Size Date Who Comment
gifgif norbit.gif manage 11.1 K 28 Feb 2007 - 09:02 GrahamJenkins  
Edit | Attach | Print version | History: r12 < r11 < r10 < r9 < r8 | Backlinks | Raw View | Raw edit | More topic actions
Topic revision: r12 - 10 May 2007 - 15:25:37 - JosephAntony
 
This site is powered by the TWiki collaboration platformCopyright © by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
Ideas, requests, problems regarding TWiki? Send feedback