Perhaps I'm making this too hard. I follow these instructions..... Chapter 2. Configuring 1. Configure SimpleCA for multiple machines So far, you have a single machine configured with SimpleCA certificates. Recall that in Section 2.5, “Confirm generated certificate” a CA setup package was created in .globus/simpleCA/globus_simple_ca_HASH_setup- 0.17.tar.gz. If you want to use your certificates on another machine, you must install that CA setup package on that machine. To install it, copy that package to the second machine and run: $GLOBUS_LOCATION/sbin/gpt-build globus_simple_ca_HASH_setup-0.17.tar.gz gcc32dbg $GLOBUS_LOCATION/sbin/gpt-postinstall Then you will have to perform setup-gsi -default from Section 2.6, “Complete setup of GSI”. If you are going to run services on the second host, it will need its own host certificate (Section 3, “Host certificates”) and grid-mapfile (as described in the basic configuration instructions in Section 3, “Add authorization”). You may re-use your user certificates on the new host. You will need to copy the requests to the host where the Sim- pleCA was first installed in order to sign them.
Everything goes well until I get to the part that says "If you are going to run services on the second host, it will need its own host certificate (Section 3, “Host certificates”) and grid-mapfile (as described in the basic configuration instructions in Section 3, “Add authorization”)." I can create the host certificate but I can't sign it due to the previously mentioned error. So your comment says I should sign the second machine's certificate on the first machine and then bring it back. I'll give it a try. Bottom line is all I'm trying to do is get two machines trusted so I can try striped transfers. Hoot -----Original Message----- From: Martin Feller <[email protected]> To: Hoot Thompson <[email protected]> Cc: [email protected] Subject: Re: [gt-user] Stripe mode over multiple links between two servers Date: Fri, 27 Aug 2010 07:04:53 -0500 The CA itself should stay on one machine and should not be copied to multiple nodes in a grid. It's probably only located on the first machine in your case. Does it work if you copy the host certificate request from the second machine to the first machine, sign it there, and copy the generated certificate back to the second machine, where the corresponding private key of the host certificate lives? Martin Hoot Thompson wrote: > I'm back again. Can you point me to a good resource for setting up a > simpleCA for two test machines. Things go ok on the first machine but > I'm getting stuck trying to sign the host certificate on the second > machine. I'm using the GT 5.0.2 SimpleCA: Admin Guide as a reference. > > Error message is as follows..... > > [h...@i7test4 <mailto:h...@i7test4> globus_simple_ca_264a619f_setup]$ > $GLOBUS_LOCATION/bin/grid-ca-sign -in > /me/hoot/wideband_tools/gridftp/globus/etc/hostcert_request.pem -out > $GLOBUS_LOCATION/hostsigned.pem > > ERROR: No simple CA directory > found at /me/hoot/.globus/simpleCA/ > Either specify a directory with -dir, or run > setup-simple-ca to create a CA > > > > -----Original Message----- > *From*: Chandin Wilson <[email protected] > <mailto:chandin%20wilson%20%[email protected]%3e>> > *To*: [email protected] <mailto:[email protected]> > *Cc*: [email protected] <mailto:[email protected]> > *Subject*: Re: [gt-user] Stripe mode over multiple links between two servers > *Date*: Tue, 24 Aug 2010 14:48:48 -0500 (CDT) > > From: Hoot Thompson <[email protected] <mailto:[email protected]>> > Subject: RE: [gt-user] Stripe mode over multiple links between two servers > Date: Tue, 24 Aug 2010 14:58:39 -0400 > >> Ok. Just to repeat in my own words, two servers with two interfaces each >> can be striped if GSI is use. > > Yes. I'd expect you'd end up running three GridFTP instances per > server, one master and two data movers, each bound to a seperate > data interface. > > Might want to make sure your filesystem and backend I/O can keep up > with and sustain 20Gbit/sec. > > --Chan > > >> >> Hoot >> >> -----Original Message----- >> From: Chandin Wilson [mailto:[email protected]] >> Sent: Tuesday, August 24, 2010 2:48 PM >> To: [email protected] <mailto:[email protected]> >> Cc: [email protected] <mailto:[email protected]> >> Subject: Re: [gt-user] Stripe mode over multiple links between two servers >> >> From: Hoot Thompson <[email protected] <mailto:[email protected]>> >> Subject: [gt-user] Stripe mode over multiple links between two servers >> Date: Tue, 24 Aug 2010 14:03:39 -0400 >> >>> I have two servers, each with two 10GigE links and I would like to >>> stripe a file across the two links. I'm currently authenticating >>> using ssh. Can I do this using the gridftp server stripe mode and if so, >> how do I set it up? >> >> No, you cannot. You must use GSI authentication (and hence gsiftp:// style >> URLs) to do striped (data movers) GridFTP transfers. >> >> --Chan >> Chandin Wilson, General Specialist, Information technology. >> [email protected] <mailto:[email protected]> >> +1-608-216-5689 >> OneNOAA RDHPCS Infrastructure >> >> >> >>> >>> Thanks! >>> >> >> > >
