Tuesday, December 28, 2010
P2P
Designing a P2P grid which will uses decentralized approach entirely. There will be no central coordinator. Is it possible? Let me find it out.
Monday, August 30, 2010
Globus continued....
1. export GLOBUS_LOCATION=/usr/local/globus
2. cd /usr/local/globus/setup/globus
3. ./setup-simple-ca
Press y to keep the default subject name.
Enter the email of the CA (It must be working because all the certificate requests will be sent to this emailID).
Accept the default for expiration date.
passphrase: should be hard to guess, as its compromise may compromise all the certificates signed by the CA.
Your passphrase must not contain any spaces.
Private key is in /home/globus/.globus/simpleCA//private/cakey.pem
The public CA certificate is stored in /home/globus/.globus/simpleCA//cacert.pem
The distribution package built for this CA is stored in
/home/globus/.globus/simpleCA//globus_simple_ca_decb74a7_setup-0.20.tar.gz
This file must be distributed to any host wishing to request
certificates from this CA. The number decb74a7 in the last line is known as your CA hash. It will be an 8 hexadecimal digit string.
4. Run the following as root (or, if no root privileges are available, add the -nonroot option to the command line)
$GLOBUS_LOCATION/setup/globus_simple_ca_CA_decb74a7_setup/setup-gsi -default
replace the hash value on your machine i.e. decb74a7
5. cd /usr/local/globus/bin
./grid-cert-request -host '11.11.1.12'
6. As globus user sign the certificate request and generate certificate using:
./grid-ca-sign -in /etc/grid-security/hostcert_request.pem -out hostsigned.pem
You will be prompted for CA's password enter it here.
7. Login as root:
mv hostsigned.pem /etc/grid-security/hostcert.pem
press y to overwrite.
The certificate should be owned by root, and read-only for other users.
chown root:root /etc/grid-security/hostcert.pem
8. Users also must request user certificates, which you will sign using the globus user.Request a user certificate: As your normal user account (not globus), run:
grid-cert-request
After you enter a passphrase, this creates
• ~$USER/.globus/usercert.pem (empty)
• ~$USER/.globus/userkey.pem
• ~$USER/.globus/usercert_request.pem
Email the usercert_request.pem file to the SimpleCA maintainer.
9. As globus user, run:
grid-ca-sign -in usercert_request.pem -out signed.pem
Enter a passphrase of CA private key.
As user (xyz, not globus), copy the signed user certificate into ~/.globus/ and rename it as usercert.pem, thus replacing the empty file.
10. Using xyz user account verify certificate for xyz user.
cd /usr/local/globus/bin
./grid-proxy-init -debug -verify
User Cert File: /home/xyz/.globus/usercert.pem
User Key File: /home/xyz/.globus/userkey.pem
Trusted CA Cert Dir: /etc/grid-security/certificates
Output File: /tmp/x509up_u504
Your identity: /O=Grid/OU=GlobusTest/OU=simpleCA-localhost.localdomain/OU=localdomain/CN=xyz
Enter GRID pass phrase for this identity:
Creating proxy ..........++++++++++++
......................++++++++++++
Done
Proxy Verify OK
Your proxy is valid until: Tue Aug 31 01:23:44 2010
2. cd /usr/local/globus/setup/globus
3. ./setup-simple-ca
Press y to keep the default subject name.
Enter the email of the CA (It must be working because all the certificate requests will be sent to this emailID).
Accept the default for expiration date.
passphrase: should be hard to guess, as its compromise may compromise all the certificates signed by the CA.
Your passphrase must not contain any spaces.
Private key is in /home/globus/.globus/simpleCA//private/cakey.pem
The public CA certificate is stored in /home/globus/.globus/simpleCA//cacert.pem
The distribution package built for this CA is stored in
/home/globus/.globus/simpleCA//globus_simple_ca_decb74a7_setup-0.20.tar.gz
This file must be distributed to any host wishing to request
certificates from this CA. The number decb74a7 in the last line is known as your CA hash. It will be an 8 hexadecimal digit string.
4. Run the following as root (or, if no root privileges are available, add the -nonroot option to the command line)
$GLOBUS_LOCATION/setup/globus_simple_ca_CA_decb74a7_setup/setup-gsi -default
replace the hash value on your machine i.e. decb74a7
5. cd /usr/local/globus/bin
./grid-cert-request -host '11.11.1.12'
6. As globus user sign the certificate request and generate certificate using:
./grid-ca-sign -in /etc/grid-security/hostcert_request.pem -out hostsigned.pem
You will be prompted for CA's password enter it here.
7. Login as root:
mv hostsigned.pem /etc/grid-security/hostcert.pem
press y to overwrite.
The certificate should be owned by root, and read-only for other users.
chown root:root /etc/grid-security/hostcert.pem
8. Users also must request user certificates, which you will sign using the globus user.Request a user certificate: As your normal user account (not globus), run:
grid-cert-request
After you enter a passphrase, this creates
• ~$USER/.globus/usercert.pem (empty)
• ~$USER/.globus/userkey.pem
• ~$USER/.globus/usercert_request.pem
Email the usercert_request.pem file to the SimpleCA maintainer.
9. As globus user, run:
grid-ca-sign -in usercert_request.pem -out signed.pem
Enter a passphrase of CA private key.
As user (xyz, not globus), copy the signed user certificate into ~/.globus/ and rename it as usercert.pem, thus replacing the empty file.
10. Using xyz user account verify certificate for xyz user.
cd /usr/local/globus/bin
./grid-proxy-init -debug -verify
User Cert File: /home/xyz/.globus/usercert.pem
User Key File: /home/xyz/.globus/userkey.pem
Trusted CA Cert Dir: /etc/grid-security/certificates
Output File: /tmp/x509up_u504
Your identity: /O=Grid/OU=GlobusTest/OU=simpleCA-localhost.localdomain/OU=localdomain/CN=xyz
Enter GRID pass phrase for this identity:
Creating proxy ..........++++++++++++
......................++++++++++++
Done
Proxy Verify OK
Your proxy is valid until: Tue Aug 31 01:23:44 2010
Thursday, August 26, 2010
Creating a grid using Globus toolkit
I have used fedora core 12 for installation.
1. Download the globus toll installer from http://www.globus.org. The current version is gt5.0.2-all-source-installer.tar.bz2.
2. create a directory with root login
mkdir /usr/local/globus
Copy gt5.0.2-all-source-installer.tar.bz2 to /usr/local/globus using the command
cp gt5.0.2-all-source-installer.tar.bz2 /usr/local/globus
2. Login as globus user and extract gt5.0.2-all-source-installer.tar.bz2 in /usr/local/globus:
chown globus:globus /usr/local/globus
tar xvf gt5.0.2-all-source-installer.tar.bz2
3.Configure the installation path to /usr/local/globus/ using commands:
cd gt5.0.2-all-source-installer
./configure --prefix /usr/local/globus/
This will create makefile.
4. make
It will take 15-20 minutes depending on the configuration of your machine.
5. make install
6. export GLOBUS_LOCATION on terminal and add a line in ~/.bashrc :
export GLOBUS_LOCATION=/usr/local/globus-5.0.2
To setup Simple CA see next blog.
1. Download the globus toll installer from http://www.globus.org. The current version is gt5.0.2-all-source-installer.tar.bz2.
2. create a directory with root login
mkdir /usr/local/globus
Copy gt5.0.2-all-source-installer.tar.bz2 to /usr/local/globus using the command
cp gt5.0.2-all-source-installer.tar.bz2 /usr/local/globus
2. Login as globus user and extract gt5.0.2-all-source-installer.tar.bz2 in /usr/local/globus:
chown globus:globus /usr/local/globus
tar xvf gt5.0.2-all-source-installer.tar.bz2
3.Configure the installation path to /usr/local/globus/ using commands:
cd gt5.0.2-all-source-installer
./configure --prefix /usr/local/globus/
This will create makefile.
4. make
It will take 15-20 minutes depending on the configuration of your machine.
5. make install
6. export GLOBUS_LOCATION on terminal and add a line in ~/.bashrc :
export GLOBUS_LOCATION=/usr/local/globus-5.0.2
To setup Simple CA see next blog.
Thursday, June 10, 2010
How to set/change ipaddress in linux terminal?
In order to set or change the IP address assigned to a certain interface in your linux machine you can use GUI. Use System -> Administration ->Network. But it is not always possible to use GUI. Sometimes you need to use terminal commands (like if you are ssh'ing).
Login as root and use the following command:
#ifconfig eth0 11.11.1.178 netmask 255.255.248.0
where eth0 is the interface you want to configure
11.11.1.178 is the ipaddress being assigned to that interface
255.255.248.0 is the subnet mask
we can use system-config-network to configure DNS settings.
Login as root and use the following command:
#ifconfig eth0 11.11.1.178 netmask 255.255.248.0
where eth0 is the interface you want to configure
11.11.1.178 is the ipaddress being assigned to that interface
255.255.248.0 is the subnet mask
we can use system-config-network to configure DNS settings.
Friday, June 4, 2010
SSH login without having to specify password each time
The following procedure works for OpenSSH_5.2p1, OpenSSL 0.9.8k-fips 25 Mar 2009. To check version of your ssh use $ssh -V. In case you have version other than this, please refer $man ssh and check which file permissions should be applied to Files (e.g. permissions of ~/.ssh/authorized_keys should be 640 otherwise ssh will ignore the file).
$:ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/home/swapnil/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/swapnil/.ssh/id_rsa.
Your public key has been saved in /home/swapnil/.ssh/id_rsa.pub.
The key fingerprint is:
67:50:53:ef:84:67:69:38:87:8a:03:14:fd:8b:df:68 swapnil@localhost.localdomain
The key's randomart image is:
+--[ RSA 2048]----+
| oo o.. |
| . .. . = . |
| . .. = O |
| . o.. O |
| S.+. . |
| .+. |
| . o |
| E . |
| . |
+-----------------+
Comment: Enter passphrase (empty for no passphrase): here simply enter a return key
Step 2:
$:cat .ssh/id_rsa.pub | ssh localhost 'cat >> .ssh/authorized_keys'
swapnil@localhost's password:
Step 3:
$:chmod 600 ~/.ssh/authorized_keys
Step 4:
$:ssh localhostLast login: Fri May 21 16:06:34 2010 from localhost
$:ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/home/swapnil/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/swapnil/.ssh/id_rsa.
Your public key has been saved in /home/swapnil/.ssh/id_rsa.pub.
The key fingerprint is:
67:50:53:ef:84:67:69:38:87:8a:03:14:fd:8b:df:68 swapnil@localhost.localdomain
The key's randomart image is:
+--[ RSA 2048]----+
| oo o.. |
| . .. . = . |
| . .. = O |
| . o.. O |
| S.+. . |
| .+. |
| . o |
| E . |
| . |
+-----------------+
Comment: Enter passphrase (empty for no passphrase): here simply enter a return key
Step 2:
$:cat .ssh/id_rsa.pub | ssh localhost 'cat >> .ssh/authorized_keys'
swapnil@localhost's password:
Step 3:
$:chmod 600 ~/.ssh/authorized_keys
Step 4:
$:ssh localhostLast login: Fri May 21 16:06:34 2010 from localhost
Friday, May 21, 2010
How to install and configure Sun's Jdk in Fedora 11
Visit http://java.sun.com/javase/downloads/widget/jdk6.jsp to download the jdk. While downloading select "jdk-6u20-linux-i586-rpm.bin".
Once downloading is finished login using root privileges and run the following:
#chmod 777 jdk-6u20-linux-i586-rpm.bin
#./ jdk-6u20-linux-i586-rpm.bin
This will start extraction of various packages in the file and the start installing it. Accept the license agreement.
If you already have open jdk installed on your machine, then to use the new jdk you need to change the links pointed by /usr/bin/java*. Following lines shows it how to do that: (# prompt means root's shell)
#ln -fs /usr/java/jdk1.6.0_20/bin/java /usr/bin/java
After changing the link you can check the version using
$java -version
Similarly we need to change the link for javac, javadoc, javah, javap, javaw
#ln -fs /usr/java/jdk1.6.0_20/bin/javac /usr/bin/javac
#ln -fs /usr/java/jdk1.6.0_20/bin/javadoc /usr/bin/javadoc
#ln -fs /usr/java/jdk1.6.0_20/bin/javah /usr/bin/javah
ln -fs /usr/java/jdk1.6.0_20/bin/javap /usr/bin/javap
ln -fs /usr/java/jdk1.6.0_20/bin/javaws /usr/bin/javaws
Check all the paths using
#ls -l /usr/bin/java*
Once downloading is finished login using root privileges and run the following:
#chmod 777 jdk-6u20-linux-i586-rpm.bin
#./ jdk-6u20-linux-i586-rpm.bin
This will start extraction of various packages in the file and the start installing it. Accept the license agreement.
If you already have open jdk installed on your machine, then to use the new jdk you need to change the links pointed by /usr/bin/java*. Following lines shows it how to do that: (# prompt means root's shell)
#ln -fs /usr/java/jdk1.6.0_20/bin/java /usr/bin/java
After changing the link you can check the version using
$java -version
Similarly we need to change the link for javac, javadoc, javah, javap, javaw
#ln -fs /usr/java/jdk1.6.0_20/bin/javac /usr/bin/javac
#ln -fs /usr/java/jdk1.6.0_20/bin/javadoc /usr/bin/javadoc
#ln -fs /usr/java/jdk1.6.0_20/bin/javah /usr/bin/javah
ln -fs /usr/java/jdk1.6.0_20/bin/javap /usr/bin/javap
ln -fs /usr/java/jdk1.6.0_20/bin/javaws /usr/bin/javaws
Check all the paths using
#ls -l /usr/bin/java*
Wednesday, May 12, 2010
Threading in linux
Following is the simple program which creates 2 new threads. It uses pthread library. To compile use
"gcc filename.c -pthread"
#include
#include
#include
void * run (void * usearg)
{
int *count;
struct timespec sleepTime;
struct timespec remainingSleepTime;
count = (int *)usearg;
printf("In child:%d\n",*count);
while(*count <20000)
{
printf("%d\t",*count);
(*count)++;
sleepTime.tv_sec=0;
sleepTime.tv_nsec=100;
nanosleep(&sleepTime,&remainingSleepTime);
}
printf("Child thread finished\n");
return NULL;
}
void * runAnother (void * usearg)
{
int *count;
struct timespec sleepTime;
struct timespec remainingSleepTime;
count = (int *)usearg;
printf("In child:%d\n",*count);
while(*count <30000)
{
printf("%d\t",*count);
(*count)++;
sleepTime.tv_sec=0;
sleepTime.tv_nsec=100;
nanosleep(&sleepTime,&remainingSleepTime);
}
printf("Child thread finished\n");
return NULL;
}
int main()
{
void *retValue;
pthread_t threadId,threadId1;
int countThread = 10000,countThread1 = 20000;
int countMain = 0;
struct timespec sleepTime;
struct timespec remainingSleepTime;
if(pthread_create(&threadId,NULL,run, &countThread)==0 && pthread_create(&threadId1,NULL,runAnother, &countThread1)==0)
{
printf("Thread created sucessfully\n");
}
else
{
perror("Thread could not be created\n");
}
while(countMain<10000)
{
printf("%d\t",countMain);
countMain++;
sleepTime.tv_sec=0;
sleepTime.tv_nsec=100;
nanosleep(&sleepTime,&remainingSleepTime);
}
printf("Main thread finished\n");
pthread_join(threadId,&retValue);
pthread_join(threadId1,&retValue);
printf("Children Joined\n");
return 0;
}
"gcc filename.c -pthread"
#include
#include
#include
void * run (void * usearg)
{
int *count;
struct timespec sleepTime;
struct timespec remainingSleepTime;
count = (int *)usearg;
printf("In child:%d\n",*count);
while(*count <20000)
{
printf("%d\t",*count);
(*count)++;
sleepTime.tv_sec=0;
sleepTime.tv_nsec=100;
nanosleep(&sleepTime,&remainingSleepTime);
}
printf("Child thread finished\n");
return NULL;
}
void * runAnother (void * usearg)
{
int *count;
struct timespec sleepTime;
struct timespec remainingSleepTime;
count = (int *)usearg;
printf("In child:%d\n",*count);
while(*count <30000)
{
printf("%d\t",*count);
(*count)++;
sleepTime.tv_sec=0;
sleepTime.tv_nsec=100;
nanosleep(&sleepTime,&remainingSleepTime);
}
printf("Child thread finished\n");
return NULL;
}
int main()
{
void *retValue;
pthread_t threadId,threadId1;
int countThread = 10000,countThread1 = 20000;
int countMain = 0;
struct timespec sleepTime;
struct timespec remainingSleepTime;
if(pthread_create(&threadId,NULL,run, &countThread)==0 && pthread_create(&threadId1,NULL,runAnother, &countThread1)==0)
{
printf("Thread created sucessfully\n");
}
else
{
perror("Thread could not be created\n");
}
while(countMain<10000)
{
printf("%d\t",countMain);
countMain++;
sleepTime.tv_sec=0;
sleepTime.tv_nsec=100;
nanosleep(&sleepTime,&remainingSleepTime);
}
printf("Main thread finished\n");
pthread_join(threadId,&retValue);
pthread_join(threadId1,&retValue);
printf("Children Joined\n");
return 0;
}
Subscribe to:
Posts (Atom)