gLite 3.2 UI Installation Guidelines

This page documents the installation procedure of gLite 3.2 UI on Scientific Linux or Centos.

Step 1: Install a Clock Synchronization Service

The most common cause of authentication problems is incorrect system clocks. GSI authentication is very sensitive to clock skew. You must run a system clock synchronization service of some type on your system to prevent authentication problems caused by incorrect system clocks. We recommend NTP. Please refer to your operating system documentation or the NTP Home Page for installation instructions. Please also ensure your system timezone is set correctly. On the Linux distributions supporting NTP repository, it can be easily installed by yum install ntp or apt-get install ntp.

Step 2: Install Java Sun and DAG repository

Please before you proceed further make sure that Java is installed in your system. Additionally, Java must be recognized by the default installation tool (yum package manager). The easiest way to ensure that is to download the Java rpm package from the Java Page and install by following its installation procedure.

DAG is a maintained repository which provides a number of packages not available through Scientific Linux. If you have installed the CERN version of Scientific Linux, you will find that the relevant file is already installed in /etc/yum.repos.d. You can download the repo file and put in /etc/yum.repos.d.

cd /etc/yum.repos.d
wget http://grid-deployment.web.cern.ch/grid-deployment/glite/repos/3.2/dag.repo

Or create it manually:

[main]
[dag]
name=DAG (http://dag.wieers.com) additional RPMS repository
baseurl=http://linuxsoft.cern.ch/dag/redhat/el5/en/$basearch/dag
gpgkey=http://linuxsoft.cern.ch/cern/slc5X/$basearch/RPM-GPG-KEYs/RPM-GPG-KEY-dag
gpgcheck=1
enabled=1

If some packages are still not available, you need to download them from the gLite support site and install them manually.

Step 3: Install gLite 3.2 UI Package

Fetching the glite-UI repository and use the following commands for the 64bit architecture to install UI:

wget http://grid-deployment.web.cern.ch/grid-deployment/glite/repos/3.2/glite-UI.repo
yum groupinstall glite-UI

In order to configure a gLite UI, you have to specify all the configuration target in one line:

yaim -c -s site-info.def -n glite-UI

The site-info.def file contains all information about the VO that you want to configure. Here is an example for the biomed VO.

SITE_NAME=glite-ui
RB_HOST=boszwijn.nikhef.nl
LB_HOST=boszwijn.nikhef.nl
WMS_HOST=egee-wms-01.cnaf.infn.it
PX_HOST=myproxy.cern.ch
BDII_HOST=lcg-bdii.cern.ch
REG_HOST=lcgic01.gridpp.rl.ac.uk
CA_REPOSITORY="rpm http://linuxsoft.cern.ch/ LCG-CAs/current production"
VOS=biomed
VO_BIOMED_VOMS_SERVERS="'vomss://voms-biomed.in2p3.fr:8443/voms/biomed?/biomed/'"
VO_BIOMED_VOMSES="'biomed cclcgvomsli01.in2p3.fr 15000 /O=GRID-FR/C=FR/O=CNRS/OU=CC-IN2P3/CN=cclcgvomsli01.in2p3.fr biomed 24'"
VO_BIOMED_VOMS_CA_DN="'/C=FR/O=CNRS/CN=GRID2-FR'"

Step 3: Install Certification Authority Repository

The most up-to-date version of the list of trusted Certification Authorities (CA) is needed on your node. As the list and structure of the Certification Authorities (CA) accepted by the LCG project can change independently of the middleware releases, the rpm list related to the CAs certificates and URLs has been decoupled from the standard gLite/LCG release procedure.

Please note that the lcg-CA metapackage and repository is no longer maintained. The lcg-CA repository should be now replaced by the EGI trustanchors repository. All the details on how to install the CAs can be found in EGI IGTF release pages. To install the EGI trust anchors on a system that uses the RedHat Package Manager (RPM) based package management system, we provide a convenience package to manage the installation.

Using YUM package management:

Add the following repo-file to the /etc/yum.repos.d/ directory:

cd /etc/yum.repos.d
wget http://repository.egi.eu/sw/production/cas/1/current/repo-files/EGI-trustanchors.repo
yum install ca-policy-egi-core lcg-CA

Your gLite UI is now ready!