Installation Steps for GFTP servers

Table of Contents

OS

Install the OS Patch

VDT Install

VDT version will change over time. Check http://vdt.cs.wisc.edu/ for updates.

mkdir -p /data/vdt
mkdir -p /data/pacman
cd /data/pacman
wget http://physics.bu.edu/pacman/sample_cache/tarballs/pacman-3.21.tar.gz
tar zxvf  pacman-3.21.tar.gz
cd pacman-3.21
source setup.sh
cd ../../vdt
pacman -http-proxy http://clarens-1.local:3128
pacman -get http://vdt.cs.wisc.edu/vdt_180_cache:CA-Certificates
pacman -get http://vdt.cs.wisc.edu/vdt_180_cache:CA-Certificates-Updater
pacman -get http://vdt.cs.wisc.edu/vdt_180_cache:PPDG-Cert-Scripts
source setup.sh
./vdt/setup/setup-cert-request
/globus/bin/grid-cert-request -host <hostname>

Setup the /etc/grid-security area. It should look something like

lrwxrwxrwx 1 root root    36 Sep 20 05:48 certificates -> /etc/grid-security/certificates-30-1
drwxr-xr-x 3 root root 20480 Sep 18 06:51 certificates-29-1
drwxr-xr-x 3 root root 20480 Sep 22 01:18 certificates-30-1
lrwxrwxrwx 1 root root    40 Sep 18 06:24 doegrids -> /etc/grid-security/certificates/doegrids
lrwxrwxrwx 1 root root    57 Sep 20 05:55 globus-host-ssl.conf -> /data/vdt/globus/TRUSTED_CA/globus-host-ssl.conf.1c3f2ca8
lrwxrwxrwx 1 root root    57 Sep 20 05:55 globus-user-ssl.conf -> /data/vdt/globus/TRUSTED_CA/globus-user-ssl.conf.1c3f2ca8
-rw-r--r-- 1 root root     0 Sep 18 06:27 grid-mapfile
lrwxrwxrwx 1 root root    55 Sep 20 05:55 grid-security.conf -> /data/vdt/globus/TRUSTED_CA/grid-security.conf.1c3f2ca8
-rw-r--r-- 1 root root  1306 Sep 20 05:59 hostcert.pem
-rw-r--r-- 1 root root   639 Sep 20 05:58 hostcert_request.pem
-r-------- 1 root root   887 Sep 20 05:58 hostkey.pem
drwxr-xr-x 2 root root  4096 Sep 18 06:27 vomsdir

Setup the certs at https://pki1.doegrids.org and copy the results into the host cert file

Turn on the fetch crl and CA certificate updaters

cd /data/vdt
source setup.sh
vdt-control --on vdt-update-certs
vdt-control --on fetch-crl

Check to make sure the crontab entry is created

crontab -l
19 * * * * /data/vdt/vdt/sbin/vdt-update-certs-wrapper --vdt-install /data/vdt
16 1 * * * /data/vdt/fetch-crl/share/doc/fetch-crl-2.6.2/fetch-crl.cron

Configure the Time Daemon ntpd

Use the following /etc/ntp.conf

server 192.168.21.2
server us.pool.ntp.org
authenticate no
driftfile /var/lib/ntp/drift

Set the time and start the ntpd daemon

ntpdate 192.168.21.2
/etc/init.d/ntpd start

Synchronize the hardware clock and set cron to sync the hardware clock hourly.

 /sbin/hwclock --systohc
echo "1,30 * * * * root /sbin/hwclock --systohc" > /etc/cron.d/systohc

TCP Tuning

net.core.rmem_max = 8388608
net.core.wmem_max = 8388608
net.core.rmem_default = 1048576
net.core.wmem_default = 1048576
net.ipv4.tcp_rmem = 262144 1048576 8388608
net.ipv4.tcp_wmem = 262144 1048576 8388608
net.ipv4.tcp_mem = 122070 196608 244140
net.ipv4.tcp_window_scaling = 1
net.core.netdev_max_backlog = 1000000
kernel.panic = 5

Dcache Notes

• VDT subset for GSI
• Host certificate pair
• CA certificates, CRLs, CRL update mechanisms
• Java JDK (different for 64 bit versus 32 bit)
• TCP parameter tuning
• /etc/hosts (or may be I can take care of this, on servers/non-pools)

-- TerrenceMartin - 04 Oct 2007