Notes from first attempt at globus
In an attempt to install Globus Connect Server, here is my notes of what I have done so far.
Note: I have tried installed Globus on gimel2, tau. So far no luck getting it working
Detail complete guide https://docs.globus.org/globus-connect-server-installation-guide/
Open required TCP Ports
Check if FQDN is resolvable
$ hostname -f $ nslookup 'tau.compbio.ucsf.edu' 18.104.22.168
Globus TCP Ports
Note: Our server is behind the lab and UCSF firewalls. I have attempted to open these ports on tau and UCSF IT also helped open these port on UCSF firewall.
The TCP ports that must be open for the default Globus Connect Server installation, together with brief descriptions of each, are listed here:
- Port 2811 inbound from 22.214.171.124/29
- Used for GridFTP control channel traffic.
- Ports 50000—51000 inbound and outbound to/from Any
- Used for GridFTP data channel traffic.
- The use of the default port range is strongly recommended (you can read why here).
- Data channel traffic is sent directly between endpoints—it is not relayed by the Globus service.
- Port 443 outbound to 126.96.36.199/29 and nexus.api.globusonline.org
- Used to communicate with the Globus service via its REST API.
- nexus.api.globusonline.org is a CNAME for an Amazon ELB; IP addresses in the ELB are subject to change.
- Port 443 outbound to downloads.globus.org
- Used to pull Globus Connect Server packages from the Globus repository.
- Port 443 outbound to crl.cilogon.org
- Used to pull CRL file updates for endpoints configured to use CILogon based activation
- Port 7512 inbound from 188.8.131.52/29
- Used for MyProxy traffic.
- Needed if your server will run MyProxy service.
- Port 443 inbound from Any
- Used for OAuth traffic.
- Needed if your server will run OAuth service.
- OAuth traffic comes directly from clients using your OAuth service—it is not relayed by the Globus service.
Globus Connect Server v.4 Installation / Uninstallation
Install Globus on Centos
Install EPEL repository on CentOS 6, Red Hat Enterprise Linux 6, and Scientific Linux 6:
$ sudo curl -LOs https://dl.fedoraproject.org/pub/epel/epel-release-latest-6.noarch.rpm $ sudo yum install epel-release-latest-6.noarch.rpm
Install EPEL repository on CentOS 7, Red Hat Enterprise Linux 7, and Scientific Linux 7:
$ sudo curl -LOs https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm $ sudo yum install epel-release-latest-7.noarch.rpm
$ sudo yum install yum-plugin-priorities $ sudo yum install globus-connect-server
- Stop Globus Sever
- Remove packages
$ yum remove \*globus\* $ yum remove \*myproxy\*
- Remove globus configure folders and files
$ rm /etc/globus-connect-server.conf $ rm -f /etc/gridftp.conf $ rm -rf /etc/grid-security $ rm -rf /var/lib/globus-connect-server
Create & Configure Globus Endpoint
Create a Globus ID https://www.globusid.org/login Note: use something like bkslab or ucsf_bks, don't use your name since globus uses username in conjunction with the endpoint name (ie ucsf_bks@zinc)
$ vim /etc/globus-connect-server.conf [Endpoint] Name = zinc Public = True
Run this command after make changed to /etc/globus-connect-server.conf
$ sudo globus-connect-server-setup
Login with your UCSF credential or globusid https://app.globus.org/