This R&D project provides a pre-packaged version of the gLite UI node which can connect into the NGS WMS service.  When set up within an institution this allows you to quickly provide user's with a place where they can access NGS computational services through logging on to the server using ssh with their site username and password.  This can dramatically reduce the need for tools to be installed on users own desktop and also mean supporting users can be made more straightforward.

Warning: there are risks associated with running any type of Login service such as provided by this UI.  We recommend that this is only installed and maintained by a competend system administrator and all local security and patching proceedures are followed.

Licence: Various

Download: PrepackagedUI.zip

Instructions

Configuration for your network

1. Deploy the virtual image on a VM server (by using “Add Existing Virtual machine” in VMServer 2. and finding the .vmx file).
2. Ensure that it has access to a direct access (own IP address) to the network and that the TCP ports 64000-65256 are not blocked to it’s IP.
3. Boot the machine, logon as root, password “1uMa5;My”. CHANGE THE ROOT PASSWORD.
4. Use system-config-network-tui to configure the network connection.
5. Restart networking using “service network restart”
6. Run “yum update” to bring all packages up to date.
7. Configure ntp
   1. Edit the list of timeservers in /etc/ntp.conf if you cannot get to the redhat ones.
   2. run “ntp -gqn” to synchronise your clocks
   3. start ntp: “service ntpd start”
   4. make sure it runs at next boot “chkconfig ntpd on”
8. There is a 100Gb user partition in the package for user files. There are no files in it. Before creating any users it is suggested that consideration is given as to whether a larger space is needed or another mount. A larger drive can be added through the VMWare interface and then use fdisk and mkfs.ext3 to create a new partition and then add it to /etc/fstab with a mount point of /home.
9. You may also need to re-install the VMWare Tools package if you are running a newer version of the VMWare architecture.

User management

This VM is set up for a situation where users login using ssh (maybe linked into a site authentication scheme) and store their certificates on the server. In the simplest case, to add a user run:

useradd -g grid -c “<firstname> <lastname>” <username>

passwd <username> 

Using the command system-config-authentication you can set up much more complex authentication schemes, linking into site authentication systems. An example would be giving everyone in your institution access, using their SSO password, automatically creating a home directory.

How users get started

When a user wants to get started on the UI they will need to upload their certificate to the UI using an scp client (e.g. WinSCP). Instructions for exporting the .pfx or .p12 file from your web-browser can be found in the instructions for backing up your certificate.

Once the certificate is on the UI the command:

certificate_install -c <path to p12 file>

can be used to correctly set it up.

When the user subsequently wishes to use the UI they issue the command:

voms-proxy-init -vo ngs.ac.uk

The user can then access the NGS using the examples from the NGS Wiki - ignoring the login instructions as they already are properly authenticated. They can also use the Globus commands.