Globus Tools and Grid Services
Globus client tools require a user to have a valid Grid certificate signed by an authorized certificate authority (CA). Grid services at the CI accept certificates signed by a variety of CAs, the most common of which is DOEgrids. If you do not have a valid signed certificate, please contact the principle investigator of your project for assistance and sponsorship.
Standard Globus services and tools
Grid services and tools at the CI are typically based on version 5 the standard Globus Toolkit.
Globus tools are added to one's path through Modules
by loading the
In order to use your DN on CI Globus services, run the
after updating your Modules
configuration. Allow one hour for the update to take effect. If you are unable to authenticate after this time, please contact email@example.com
Open Science Grid
OSG client tools are provided through softenv. To add the necessary paths and environmental settings to use OSG tools, add the following macro to your ~/.soft file:
Users may notice failures of other tools or applications due to the extensive configuration needed for OSG client tools. When using OSG tools, it is recommended that other Globus macros in one's ~/.soft= file be disabled to avoid path-related conflicts. Undesirable behavior in LDAP and Java may also occur due to order of precedence in the path as well.
The OSG distributes Grid software that diverges from that of a standard Globus installation. Notable differences include:
GUMS and the absence of /etc/grid-security/grid-mapfile
: Instead of using the grid-mapfile to map a user's DN to a local Unix account, most OSG sites use a Grid User Management System (GUMS) server when authenticating a Grid submission. OSG sites at the CI (e.g., Teraport) use GUMS to map DNs to both OSG virtual organizations (VOs) and local accounts.
If you wish to have your DN mapped to your local account on a CI OSG resource, email firstname.lastname@example.org.
Virtual Organization Membership Service (VOMS) and voms-proxy tools
: OSG VOs provide their DN-to-account mappings through a VOMS service. The GUMS service is configured to collect these maps from the respective VOs' VOMS services.
Often times a user will have the same DN mapped to multiple accounts (VO or local). In order to instruct the the proxy to map the DN to the preferred account, users should use
instead of the respective
VOMS service mappings, provided by the
file, are necessary for
tools. It is recommended that users copy the
file to their local directory prior to use:
$ cp /soft/osg-client-1.0.0-r1/glite/etc/vomses ~/.globus/
can then be used after setting the
$ export VOMS_USERCONF=~/.globus/vomses
$ voms-proxy-init -voms VO
- 01 May 2009