Installation Steps for GFTP servers
Table of Contents
OS
Install the OS
Patch
VDT Install
VDT version will change over time. Check
http://vdt.cs.wisc.edu/ for updates.
mkdir -p /data/vdt
mkdir -p /data/pacman
cd /data/pacman
wget http://physics.bu.edu/pacman/sample_cache/tarballs/pacman-3.21.tar.gz
tar zxvf pacman-3.21.tar.gz
cd pacman-3.21
source setup.sh
cd ../../vdt
pacman -http-proxy http://clarens-1.local:3128
pacman -get http://vdt.cs.wisc.edu/vdt_180_cache:CA-Certificates
pacman -get http://vdt.cs.wisc.edu/vdt_180_cache:CA-Certificates-Updater
pacman -get http://vdt.cs.wisc.edu/vdt_180_cache:PPDG-Cert-Scripts
source setup.sh
./vdt/setup/setup-cert-request
/globus/bin/grid-cert-request -host <hostname>
Setup the /etc/grid-security area. It should look something like
lrwxrwxrwx 1 root root 36 Sep 20 05:48 certificates -> /etc/grid-security/certificates-30-1
drwxr-xr-x 3 root root 20480 Sep 18 06:51 certificates-29-1
drwxr-xr-x 3 root root 20480 Sep 22 01:18 certificates-30-1
lrwxrwxrwx 1 root root 40 Sep 18 06:24 doegrids -> /etc/grid-security/certificates/doegrids
lrwxrwxrwx 1 root root 57 Sep 20 05:55 globus-host-ssl.conf -> /data/vdt/globus/TRUSTED_CA/globus-host-ssl.conf.1c3f2ca8
lrwxrwxrwx 1 root root 57 Sep 20 05:55 globus-user-ssl.conf -> /data/vdt/globus/TRUSTED_CA/globus-user-ssl.conf.1c3f2ca8
-rw-r--r-- 1 root root 0 Sep 18 06:27 grid-mapfile
lrwxrwxrwx 1 root root 55 Sep 20 05:55 grid-security.conf -> /data/vdt/globus/TRUSTED_CA/grid-security.conf.1c3f2ca8
-rw-r--r-- 1 root root 1306 Sep 20 05:59 hostcert.pem
-rw-r--r-- 1 root root 639 Sep 20 05:58 hostcert_request.pem
-r-------- 1 root root 887 Sep 20 05:58 hostkey.pem
drwxr-xr-x 2 root root 4096 Sep 18 06:27 vomsdir
Setup the certs at
https://pki1.doegrids.org and copy the results into the host cert file
Turn on the fetch crl and CA certificate updaters
cd /data/vdt
source setup.sh
vdt-control --on vdt-update-certs
vdt-control --on fetch-crl
Check to make sure the crontab entry is created
crontab -l
19 * * * * /data/vdt/vdt/sbin/vdt-update-certs-wrapper --vdt-install /data/vdt
16 1 * * * /data/vdt/fetch-crl/share/doc/fetch-crl-2.6.2/fetch-crl.cron
Configure the Time Daemon ntpd
Use the following /etc/ntp.conf
server 192.168.21.2
server us.pool.ntp.org
authenticate no
driftfile /var/lib/ntp/drift
Set the time and start the ntpd daemon
ntpdate 192.168.21.2
/etc/init.d/ntpd start
Synchronize the hardware clock and set cron to sync the hardware clock hourly.
/sbin/hwclock --systohc
echo "1,30 * * * * root /sbin/hwclock --systohc" > /etc/cron.d/systohc
TCP Tuning
net.core.rmem_max = 8388608
net.core.wmem_max = 8388608
net.core.rmem_default = 1048576
net.core.wmem_default = 1048576
net.ipv4.tcp_rmem = 262144 1048576 8388608
net.ipv4.tcp_wmem = 262144 1048576 8388608
net.ipv4.tcp_mem = 122070 196608 244140
net.ipv4.tcp_window_scaling = 1
net.core.netdev_max_backlog = 1000000
kernel.panic = 5
Dcache Notes
- VDT subset for GSI
- Host certificate pair
- CA certificates, CRLs, CRL update mechanisms
- Java JDK (different for 64 bit versus 32 bit)
- TCP parameter tuning
- /etc/hosts (or may be I can take care of this, on servers/non-pools)
--
TerrenceMartin - 04 Oct 2007