Дипломна работа Лист № Съдържание: Обзор. 2 Грид систем
Изтегляне 0.59 Mb.
|
- Навигация на страницата:
- 3.3. Инсталиране и настройване на сертификат за сигурност на първата машина.
3.2 Изграждане на Toolkit-а.Вече сме приключили с подготовката за инсталиране и остава да изтеглим кода и да го изградим. root@debian:~# adduser globus Adding user `globus'... Adding new group `globus' (1023). Adding new user `globus' (1023) with group `globus'. Creating home directory `/home/globus'. Copying files from `/etc/skel' Enter new UNIX password:******** Retype new UNIX password:******** passwd: password updated successfully Changing the user information for globus Enter the new value, or press ENTER for the default Full Name []: Globus Room Number []: Work Phone []: Home Phone []: Other []: Is the information correct? [y/N] y root@choate:/etc/init.d# mkdir /usr/local/globus-4.0.8/ root@choate:/etc/init.d# chown globus:globus /usr/local/globus-4.0.8/
globus@debian:~$ cd gt4.0.8-all-source-installer globus@debian:~/gt4.0.8-all-source-installer$ export \ ANT_HOME=/usr/local/apache-ant-1.6.5 globus@debian:~/gt4.0.8-all-source-installer$ export \ JAVA_HOME=/usr/java/j2sdk1.4.2_10/ globus@debian:~/gt4.0.8-all-source-installer$ export \ PATH=$ANT_HOME/bin:$JAVA_HOME/bin:$PATH globus@debian:~/gt4.0.8-all-source-installer$ ./configure -- \ prefix=/usr/local/globus-4.0.8 checking build system type... i686-pc-linux-gnu checking for javac... /usr/java/j2sdk1.4.2_10//bin/javac checking for ant... /usr/local/apache-ant-1.6.5/bin/ant configure: creating ./config.status config.status: creating Makefile
cd gpt-3.2autotools2004 && OBJECT_MODE=32 ./build_gpt build_gpt ====> installing GPT into /usr/local/globus-4.0.8/ ...
Time for a coffee break here, the build will take over an hour, possibly longer depending on how fast your machine is ... echo "Your build completed successfully. Please run make install." Your build completed successfully. Please run make install. globus@choate:~/gt4.0.8-all-source-installer$ make install /usr/local/globus-4.0.8//sbin/gpt-postinstall ... ..Done
3.3. Инсталиране и настройване на сертификат за сигурност на първата машина.Сега след като Toolkit-а вече инсталиран ще трябва да направим сертификати за машината и за потребителите. За да направим това ще използваме SimpleCA, който се предлага заедно с Toolkit-а. globus@choate:~$ export GLOBUS_LOCATION=/usr/local/globus-4.0.8 globus@choate:~$ source $GLOBUS_LOCATION/etc/globus-user-env.sh globus@choate:~$ $GLOBUS_LOCATION/setup/globus/setup-simple-ca WARNING: GPT_LOCATION not set, assuming: GPT_LOCATION=/usr/local/globus-4.0.8 C e r t i f i c a t e A u t h o r i t y S e t u p This script will setup a Certificate Authority for signing Globus users certificates. It will also generate a simple CA package that can be distributed to the users of the CA.
be kept in: /home/globus/.globus/simpleCA/ /usr/local/globus-4.0.8/setup/globus/setup-simple-ca: line 250: test: res: integer expression expected
Enter the email of the CA (this is the email where certificate requests will be sent to be signed by the CA): user@debian The CA certificate has an expiration date. Keep in mind that once the CA certificate has expired, all the certificates signed by that CA become invalid. A CA should regenerate the CA certificate and start re-issuing ca-setup packages before the actual CA certificate expires. This can be done by re-running this setup script. Enter the number of DAYS the CA certificate should last before it expires. [default: 5 years (1825 days)]:RETURN Enter PEM pass phrase:****** Verifying - Enter PEM pass phrase:****** /bin/sed: can't read /tmp//globus_tmp_ca_setup//pkgdata/pkg_data_src.gpt.tmpl: No such file or directory
A self-signed certificate has been generated for the Certificate Authority with the subject:
The public CA certificate is stored in /home/globus/.globus/simpleCA//cacert.pem The distribution package built for this CA is stored in /home/globus/.globus/simpleCA//globus_simple_ca_ebb88ce5_setup-0.18.tar.gz This file must be distributed to any host wishing to request certificates from this CA. CA setup complete. The following commands will now be run to setup the security configuration files for this CA: $GLOBUS_LOCATION/sbin/gpt-build \ /home/globus/.globus/simpleCA//globus_simple_ca_ebb88ce5_setup-0.18.tar.gz $GLOBUS_LOCATION/sbin/gpt-postinstall ------------------------------------------------------------------- setup-ssl-utils: Configuring ssl-utils package Running setup-ssl-utils-sh-scripts... *************************************************************************** Note: To complete setup of the GSI software you need to run the following script as root to configure your security configuration directory:
option. The -default option sets this security configuration to be the default, and -nonroot can be used on systems where root access is not available. *************************************************************************** setup-ssl-utils: Complete Това е доста изходна информация. Ето какво всъщност се случи: globus@debian:~$ ls ~/.globus/ simpleCA
globus@debian:~$ ls ~/.globus/simpleCA/ cacert.pem globus_simple_ca_ebb88ce5_setup-0.18.tar.gz newcerts certs grid-ca-ssl.conf private crl index.txt serial Това е директорията в която е създаден SimpleCA, a сега трябва да накарам моята машина да му „вярва”. Може да постигнем това чрез изпълнение на следните команди, но логнати като root: root@debian:~# export GLOBUS_LOCATION=/usr/local/globus-4.0.8 root@debian:~#$GLOBUS_LOCATION/setup/globus_simple_ca_ebb88ce5_setup/ \ setup-gsi -default setup-gsi: Configuring GSI security Making /etc/grid-security... mkdir /etc/grid-security Making trusted certs directory: /etc/grid-security/certificates/ mkdir /etc/grid-security/certificates/ Installing /etc/grid-security/certificates//grid-security.conf.ebb88ce5... Running grid-security-config... Installing Globus CA certificate into trusted CA certificate directory... Installing Globus CA signing policy into trusted CA certificate directory... setup-gsi: Complete root@debian:~# ls /etc/grid-security/ certificates globus-host-ssl.conf globus-user-ssl.conf grid-security.conf root@debian:~# ls /etc/grid-security/certificates/ ebb88ce5.0 globus-user-ssl.conf.ebb88ce5 ebb88ce5.signing_policy grid-security.conf.ebb88ce5 globus-host-ssl.conf.ebb88ce5 Това са конфигурационните файлове, които установяват „доверието” на simpleCA за нашата Globus toolkit инсталация. Трябва да обърнем внимание, че хеш стойността ebb88ce5 съвпада със хеш стойността на simpleCA. Сега след като сме създали CA и му „вярваме” е необходимо да получим хостсертификат за машината: root@debian:~# source $GLOBUS_LOCATION/etc/globus-user-env.sh root@debian:~# grid-cert-request -host `hostname` Generating a 1024 bit RSA private key ..++++++
...................................................++++++ writing new private key to '/etc/grid-security/hostkey.pem' ... Your certificate will be mailed to you within two working days. If you receive no response, contact Globus Simple CA at user@debian Трябва да подпишем сертификата като потребител globus globus@debian:~$ grid-ca-sign -in /etc/grid-security/hostcert_request.pem -out hostsigned.pem please enter the password for the CA key:******
root@debian:/etc/grid-security# cp hostkey.pem containerkey.pem root@debian:/etc/grid-security# chown globus:globus container*.pem root@debian:/etc/grid-security# ls -l *.pem -r-------- 1 globus globus 887 2009-12-15 07:48 containerkey.pem -rw-r--r-- 1 globus globus 2710 2009-12-15 07:48 containercert.pem -rw-r--r-- 1 root root 2710 2009-12-15 07:47 hostcert.pem -rw-r--r-- 1 root root 1404 2009-12-15 07:40 hostcert_request.pem -r-------- 1 root root 887 2009-12-15 07:40 hostkey.pem
debian % source $GLOBUS_LOCATION/etc/globus-user-env.csh debian % grid-cert-request A certificate request and private key is being created. You will be asked to enter a PEM pass phrase. This pass phrase is akin to your account password, and is used to protect your key file. If you forget your pass phrase, you will need to obtain a new certificate.
.........................................................++++++ .........................++++++ unable to write 'random state' writing new private key to '/home/bacon/.globus/userkey.pem' Enter PEM pass phrase: **** Verifying - Enter PEM pass phrase: **** -----
You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank ----- Level 0 Organization [Grid]: Level 0 Organizational Unit [GlobusTest]: Level 1 Organizational Unit [debian.tu-varna.bg]: Level 2 Organizational Unit [tu-varna.bg]: Name (e.g., John M. Smith) []: A private key and a certificate request has been generated with the subject: /O=Grid/OU=GlobusTest/OU=debian.tu-varna.bg/OU=tu-varna.bg/CN=User If the CN=User is not appropriate, rerun this script with the -force -cn "Common Name" options. Your private key is stored in /home/user/.globus/userkey.pem Your request is stored in /home/user/.globus/usercert_request.pem Please e-mail the request to the Globus Simple CA user@debian You may use a command similar to the following: cat /home/user/.globus/usercert_request.pem | mail user@debian Only use the above if this machine can send AND receive e-mail. if not, please mail using some other method. Your certificate will be mailed to you within two working days. If you receive no response, contact Globus Simple CA at user@debian Необходимо е тази заявка за сертификат да достигне до потребителя globus за да може да бъде подписана. Тъй като потребителя user се намира на същата машина просто копираме заявката в съответната директория на потребителя globus и след това изпълняваме следната команда: globus@debian:~$ grid-ca-sign -in request.pem -out signed.pem To sign the request please enter the password for the CA key: ****** The new signed certificate is at: /home/globus/.globus/simpleCA//newcerts/02.pem globus@debian:~$ cat signed.pem | mail user@debian След като сертификата е подписан е необходимо отново да се копира в съответната директория на потребителя user: deian % cp signed.pem ~/.globus/usercert.pem debian % ls -l ~/.globus/ total 12
-rw-r--r-- 1 bacon globdev 895 2005-11-15 07:57 usercert.pem -rw-r--r-- 1 bacon globdev 1426 2005-11-15 07:51 usercert_request.pem -r-------- 1 bacon globdev 963 2005-11-15 07:51 userkey.pem
root@debian:/etc/grid-security# cat /etc/grid-security/grid-mapfile "/O=Grid/OU=GlobusTest/OU=debian.tu-varna.bg/OU=tu-varna.bg/CN=User" user
Каталог: 123 123 -> Възникване и развитие на телевизионната индустрия. Модели телевизионни организации 123 -> Списание „Прозорец”3/12 123 -> Н а р е д б а за реда за придобиване, управление и разпореждане с общинско имущество 123 -> Програма за действие по околната среда: Към устойчиво развитие Европейска Общностна програма за политиката и действията по отношение на околната среда и устойчивото развитие 123 -> Curriculum vitae 123 -> За произхода на някои български названия на малки предмети Живка Колева-Златева 123 -> Съобщение на комисията до европейския парламент и съвета план за действие за намаляване на инцидентния улов на морски птици в риболовните уреди 123 -> На научната продукция на ДНК маргарита карамихова 123 -> Програма за овм. Концепция за опазване и мониторинг на овм, чрез изграждане на мрежа от сътрудници по места Изтегляне 0.59 Mb. Сподели с приятели:
|