1. Introduction:
This is a standard Globus package that will build 3 GridFTP server DSI modules for HPSS 6.2. The first two modules are required if you wish to use the HPSS PIO API for high performance transfers from the HPSS movers. The third module, uses the traditional HPSS Read/Write Client API calls.
hpss_controlis the frontend DSI for a single or multistripe GridFTP configuration.hpss_datais the backend(s) DSI for a single or multistripe GridFTP configuration. Both frontend and backend GridFTP processes are required for striped operation. This is the preferred configuration.hpss_localprovides HPSS access via a single GridFTP process. This gives poor performance compared to frontend/backend striped configuration, but is acceptable for light use.
2. Prerequistes:
Before proceeding, make sure to go through the following:
- Download and Install Globus
- Setup Grid Security (GSI) [ Host Certificates, Trusted CAs, grid-mapfile ]
- Setup GridFTP [ GridFTP System Administration Guide ]
make globus_gridftp_server-thrfrom the source installer.
3. Downloading:
The HPSS DSI modules for gridftp can be found here: globus_gridftp_server_hpss-0.2.tar.gz
4. Installing:
From this package:
gpt-build [CONFIGOPTS_GPTMACRO="[options]"] \
globus_gridftp_server_hpss-x.x.tar.gz gcc32dbgpthr
From a CVS checkout, from this dir, run:
./bootstrap gpt-build [CONFIGOPTS_GPTMACRO="[options]"] gcc32dbgpthr
Options are:
| --with-hpssdir=[hpssdir] | /opt/hpss is the default HPSS dir, use this to specify a different path. |
| --with-hpss-auth-libs | enable linking of libhpssunixauth.so and libhpsskrb5auth.so This is should be used if those libs exist in [hpssdir]/lib/. |
| --without-rpath | this option disables setting of rpath, and is probably required on non-Linux platforms. If this option is set, [hpssdir] needs to be added to the environment library path (LIBPATH, LD_LIBRARY_PATH, etc, depending on platform) before the server is run. |
gpt-query globus_gridftp_server' can be run to verify which flavor
is installed.
5. Running
In order to use the module, the server must be started with the -dsi command line option:
globus-gridftp-server -dsi hpss_local -p 5000 -debugwill start a server listening on port 5000 using the hpss_local module.
hpss_control and hpss_data also require other options to specify frontend/backend:
globus-gridftp-server -dsi hpss_control -debug \
-p 5000 -r localhost:5001,localhost:5002
globus-gridftp-server -dsi hpss_data -p 5001 -dn -debug
globus-gridftp-server -dsi hpss_data -p 5002 -dn -debugwill start a
frontend listening on port 5000 that will connect to 2 backends on ports 5001
and 5002, using the striped hpss modules.
Here are xinetd confs and daemon mode commands for running as a user. The
user (globus in this case, but it can be any non-root user) needs read
permission on the HPSS keytab, as well as ownership of
/home/globus/.globus/*.
This is assuming both processes on the same machine. Change '-r
localhost' to the appropriate hostname.
service gridftp_frontend (/etc/services as 2811)
{
instances = 250
socket_type = stream
wait = no
user = globus
env += GLOBUS_LOCATION=[GL]
env += GRIDMAP=/etc/grid-security/grid-mapfile
env += X509_USER_CERT=/home/globus/.globus/hostcert.pem
env += X509_USER_KEY=/home/globus/.globus/hostkey.pem
server = [GL]/sbin/globus-gridftp-server
server_args = -i -r localhost:2812 \
-auth-level 4 -dsi hpss_control
log_on_success += DURATION
log_on_failure += ATTEMPT, HOST
nice = 10
disable = no
}
service gridftp_backend1 (/etc/services as 2812)
{
instances = 250
socket_type = stream
wait = no
user = globus
env += GLOBUS_LOCATION=[GL]
env += GRIDMAP=/etc/grid-security/grid-mapfile
env += X509_USER_CERT=/home/globus/.globus/hostcert.pem
env += X509_USER_KEY=/home/globus/.globus/hostkey.pem
server = [GL]/sbin/globus-gridftp-server
server_args = -i -dn -auth-level 4 -dsi hpss_data
log_on_success += DURATION
log_on_failure += ATTEMPT, HOST
nice = 10
disable = no
}or as a daemon: export GLOBUS_LOCATION=[GL]
export GRIDMAP=/etc/grid-security/grid-mapfile
export X509_USER_CERT=/home/globus/.globus/hostcert.pem
export X509_USER_KEY=/home/globus/.globus/hostkey.pem
$GLOBUS_LOCATION/sbin/globus-gridftp-server -S -p 2811 \
-r localhost:2812 -auth-level 4 -dsi hpss_control
$GLOBUS_LOCATION/sbin/globus-gridftp-server -S -p 2812 \
-dn -auth-level 4 -dsi hpss_data
6. Configuration:
A configuration file is requried to specify security parameters. By default,
this file is expected to be at /var/hpss/etc/gridftp-hpss.conf. If
you need to point to a file in a different location, specify the path with the
-dsi option to globus-gridftp-server: -dsi
hpss_control:/path/to/config.file
The format of this file, and required parameters:
login_name "hpss_login@host.domain" realm_name "kerb_realm.host.domain" keytab "/var/hpss/etc/hpss.keytab"
The keytab must be readable by the user that GridFTP runs as (typically "globus").
The following are optional:
unixauth [0|1] #to enable HPSS UNIX authentication (kerberos is the default)
noauth [0|1] #disable additional authentication calls -- the process will run
#with whatever permissions running user has.
7. Known Issues:
- There are problems involving mismatched GridFTP block sizes in striped mode.
- Writes to a multiple backend coniguration will likely fail.
- unixauth currently just does the same thing as noauth.
- Memory may become corrupted if a transfer is aborted, this shouldn't pose a problem except in -debug mode when the process does not fork for each new connection.
- Transfers from the same GridFTP-HPSS server to itself may fail.
8. Other
For a general understanding of the interface that these modules implement, see:http://viewcvs.globus.org/viewcvs.cgi/*checkout*/gridftp/server/src/dsi_bones/README.txt
and
http://viewcvs.globus.org/viewcvs.cgi/*checkout*/gridftp/server/src/globus_gridftp_server.h
(or
$GLOBUS_LOCATION/include/globus_gridftp_server.h).
Additionally, there are notes and comments in each module's source.