Install BeStMan SE

1.0 About this Document

This document explains how to install a BeStMan Storage Element (SE) using the Open Science Grid (OSG) provided RPMs. This procedure will guide one through the installation and configuration of a basic BeStMan2 with an underlying GridFTP server. This will allow the service to service requests via the SRM (Storage Resource Manager) protocol or the gsiftp (GridFTP) protocol.

HELP NOTE
Starting on 11 February 2014, all OSG-issued Digicert certificates (host, service, and personal) use the SHA-2 algorithm. The BeStMan software must be on a recent version to support SHA-2 certificates. Please visit our SHA-2 compliance page for more information about minimum required versions of software components.

For notes on upgrading, see section 9.0 Upgrading BeStMan

2.0 Installing BeStMan Storage Element

This procedure explains how to install the stand-alone BeStMan Storage Element server.

3.0 Requirements

3.1 Host and OS

You need atleast one node in order to install BeStMan with following components

  1. OS must be Red Hat Enterprise Linux 5, 6, 7, and variants (see details...).
  2. EPEL repos enabled.
  3. All procedures in this document require root privileges

3.2 Users

This installation will create following users unless they are already created.

User Comment
bestman Used by Bestman SRM server (needs sudo access).

For this package to function correctly, you will have to create the users needed for grid operation. Any user that can be authenticated should be created.

For grid-mapfile users, each line of the grid-mapfile is a certificate/user pair. Each user in this file should be created on the server.

For gums users, this means that each user that can be authenticated by gums should be created on the server.

Note that these users must be kept in sync with the authentication method. For instance, if new users or rules are added in gums, then new users should also be added here.

3.3 Certificates

Certificate User that owns certificate Path to certificate
Host certificate root /etc/grid-security/hostcert.pem
/etc/grid-security/hostkey.pem
Bestman service certificate bestman /etc/grid-security/bestman/bestmancert.pem
/etc/grid-security/bestman/bestmankey.pem

Instructions to request a service certificate.

You will also need a copy of CA certificates (see below). Note that the osg-se-bestman package will automatically install a certificate package but will not necessarily pick the cert package you expect. For instance, certain installs will prefer the osg-ca-scripts package to fulfill this requirement, which installs a set of scripts to automatically update the certificates, but does not initialize the CA certs by default (you have to run it first). For this reason, you may want to specifically install the cert package of your choice first, before installing BeStMan.

3.4 Networking

For more details on overall Firewall configuration, please see our Firewall documentation.

Service Name Protocol Port Number Inbound Outbound Comment
GRAM callback tcp GLOBUS_TCP_PORT_RANGE Y   contiguous range of ports
GRAM callback tcp GLOBUS_TCP_SOURCE_RANGE   Y contiguous range of ports
GridFTP tcp 2811 and GLOBUS_TCP_SOURCE_RANGE Y   contiguous range of ports
Storage Resource Manager tcp 8080 Y    
Storage Resource Manager tcp 8443 Y    

3.5 Engineering Considerations

Please answer following questions before you proceed with installation and configuration of BeStMan storage element:

Q. What authorization mechanism do you prefer?
Decide between a grid-mapfile or a GUMS server for authorization.
We recommend to use GUMS as the most flexible solution; most large sites use GUMS.

Q. How many GridFTP servers you will need?
Choose to run multiple GridFTP servers for load balancing and better performance. We recommend to install additional GridFTP servers if your Storage Element:
  • is serving data to more than 250 cores for VOs that use storage heavily (e.g. CMS, ATLAS, CDF, and D0)
  • is managing more than 50 TB of disk space
  • has more than 1Gbps bandwidth: plan on at least one GridFTP server for each 4Gbps of available bandwidth to maximize throughput

Q. Do I need to change default configuration of Gridftp server?
Yes, you may want to do this if the node on which Gridftp server will be installed has multiple network interfaces. Read this section for more details.

Q. Do you need to enable Gratia gridftp-transfer probes?
The Gratia gridftp-transfer probes provide OSG storage statistics for accounting purposes. More details can be found at the Gratia Home Page. The reports include the source and destination of transfers, certificate subject of transfer initiator, as well as the size and status of the transferred file.
The probe needs to be installed on every GridFTP server which may be different from your BeStMan server.

Q. What kind of storage do you like to provide to your users?
Choose between a volatile cache (files are stored for a fixed amount of time), a custodial cache (files are stored until deleted) or provide both. You can also allow users to write to storage areas that are outside the storage space managed by BeStMan.

4.0 Install Instructions

Install the Yum Repositories required by OSG

The OSG RPMs currently support Red Hat Enterprise Linux 5, 6, 7, and variants (see details...).

OSG RPMs are distributed via the OSG yum repositories. Some packages depend on packages distributed via the EPEL repositories. So both repositories must be enabled.

Install EPEL

  • Install the EPEL repository, if not already present. Note: This enables EPEL by default. Choose the right version to match your OS version.
    # EPEL 5 (For RHEL 5, CentOS 5, and SL 5) 
    [root@client ~]$ curl -O https://dl.fedoraproject.org/pub/epel/epel-release-latest-5.noarch.rpm
    [root@client ~]$ rpm -Uvh epel-release-latest-5.noarch.rpm
    # EPEL 6 (For RHEL 6, CentOS 6, and SL 6) 
    [root@client ~]$ rpm -Uvh https://dl.fedoraproject.org/pub/epel/epel-release-latest-6.noarch.rpm
    # EPEL 7 (For RHEL 7, CentOS 7, and SL 7) 
    [root@client ~]$ rpm -Uvh https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm
    WARNING: if you have your own mirror or configuration of the EPEL repository, you MUST verify that the OSG repository has a better yum priority than EPEL (details). Otherwise, you will have strange dependency resolution (depsolving) issues.

Install the Yum priorities package

For packages that exist in both OSG and EPEL repositories, it is important to prefer the OSG ones or else OSG software installs may fail. Installing the Yum priorities package enables the repository priority system to work.

  1. Choose the correct package name based on your operating system’s major version:

    • For EL 5 systems, use yum-priorities
    • For EL 6 and EL 7 systems, use yum-plugin-priorities
  2. Install the Yum priorities package:

    [root@client ~]$ yum install PACKAGE

    Replace PACKAGE with the package name from the previous step.

  3. Ensure that /etc/yum.conf has the following line in the [main] section (particularly when using ROCKS), thereby enabling Yum plugins, including the priorities one:

    plugins=1
    NOTE: If you do not have a required key you can force the installation using --nogpgcheck; e.g., yum install --nogpgcheck yum-priorities.

Install OSG Repositories

  1. If you are upgrading from OSG 3.1 (or 3.2) to OSG 3.2 (or 3.3), remove the old OSG repository definition files and clean the Yum cache:

    [root@client ~]$ yum clean all
    [root@client ~]$ rpm -e osg-release

    This step ensures that local changes to *.repo files will not block the installation of the new OSG repositories. After this step, *.repo files that have been changed will exist in /etc/yum.repos.d/ with the *.rpmsave extension. After installing the new OSG repositories (the next step) you may want to apply any changes made in the *.rpmsave files to the new *.repo files.

  2. Install the OSG repositories using one of the following methods depending on your EL version:

    1. For EL versions greater than EL5, install the files directly from repo.grid.iu.edu:

      [root@client ~]$ rpm -Uvh URL

      Where URL is one of the following:

      Series EL6 URL (for RHEL 6, CentOS 6, or SL 6) EL7 URL (for RHEL 7, CentOS 7, or SL 7)
      OSG 3.2 https://repo.grid.iu.edu/osg/3.2/osg-3.2-el6-release-latest.rpm N/A
      OSG 3.3 https://repo.grid.iu.edu/osg/3.3/osg-3.3-el6-release-latest.rpm https://repo.grid.iu.edu/osg/3.3/osg-3.3-el7-release-latest.rpm
    2. For EL5, download the repo file and install it using the following:

      [root@client ~]$ curl -O https://repo.grid.iu.edu/osg/3.2/osg-3.2-el5-release-latest.rpm
      [root@client ~]$ rpm -Uvh osg-3.2-el5-release-latest.rpm

For more details, please see our yum repository documentation.

Install the CA Certificates: A quick guide

You must perform one of the following yum commands below to select this host's CA certificates.

Set of CAs CA certs name Installation command (as root)
OSG osg-ca-certs yum install osg-ca-certs Recommended
IGTF igtf-ca-certs yum install igtf-ca-certs
None* empty-ca-certs yum install empty-ca-certs --enablerepo=osg-empty
Any** Any yum install osg-ca-scripts

* The empty-ca-certs RPM indicates you will be manually installing the CA certificates on the node.
** The osg-ca-scripts RPM provides a cron script that automatically downloads CA updates, and requires further configuration.

HELP NOTE
If you use options 1 or 2, then you will need to run "yum update" in order to get the latest version of CAs when they are released. With option 4 a cron service is provided which will always download the updated CA package for you.

HELP NOTE
If you use services like Apache's httpd you must restart them after each update of the CA certificates, otherwise they will continue to use the old version of the CA certificates.
For more details and options, please see our CA certificates documentation.

4.1 Installing BeStMan2

  1. Install Java using these instructions
  2. Install the BeStMan Storage element meta-package:
    [root@client ~]$ yum install osg-se-bestman
    

4.2 Authorization

There are two authorization options:

  • Gridmap file
  • GUMS authentication server

Please choose one of these and follow the instructions in one of the two following sections.

Configuring Gridmap Support

By default, GridFTP uses a gridmap file, found in /etc/grid-security/grid-mapfile. This file is not generated by default. There are two ways you can generate this file. You can generate this file manually, by including DN/username combinations. This is most useful for debugging. Otherwise, you can use edg-mkgridmap, which will periodically contact a list of VOMS servers that you specify. It assembles a list of users from those servers and creates a grid-mapfile. This grid-mapfile serves both as a list of authorized users and provides a mapping from user dns to local user ids. edg-mkgridmap is already installed with OSG BeStMan SE packages.

In order to use edg-mkgridmap, review /etc/edg-mkgridmap.conf to make sure that it has all VOs that you are interested in and also to comment out any VOs that you do not wish to support.

vi /etc/edg-mkgridmap.conf
This utility edg-mkgridmap runs as a cronjob /etc/cron.d/edg-mkgridmap-cron (by default every 6 hours). You can also run edg-mkgridmap manually to see that it generates /etc/grid-security/grid-mapfile.
edg-mkgridmap
Then, you can enable/start the service.
/sbin/service edg-mkgridmap start
/sbin/chkconfig edg-mkgridmap on

Next, you will have to modify /etc/bestman2/conf/bestman2.rc and change GridMapFileName from /etc/bestman2/conf/grid-mapfile.empty to:

GridMapFileName=/etc/grid-security/grid-mapfile

In /etc/sysconfig/bestman2, change

BESTMAN_GUMS_ENABLED=no

Configuring GUMS support

By default, GridFTP uses a gridmap file, found in /etc/grid-security/gridmap-file. If you want to use GUMS security (recommended), you will need to enable it using the following steps:

First, edit /etc/grid-security/gsi-authz.conf and uncomment the globus callout.

globus_mapping liblcas_lcmaps_gt4_mapping.so lcmaps_callout
Note that this used to be the full path to the library (/usr/lib64 or /usr/lib), but now we rely on the linker for proper resolution in this file.

Next edit /etc/lcmaps.db to edit your gums information:


...
gumsclient = "lcmaps_gums_client.mod"
             "-resourcetype ce"
             "-actiontype execute-now"
             "-capath /etc/grid-security/certificates"
             "-cert   /etc/grid-security/hostcert.pem"
             "-key    /etc/grid-security/hostkey.pem"
             "--cert-owner root"
# Change this URL to your GUMS server
             "--endpoint https://gums.fnal.gov:8443/gums/services/GUMSXACMLAuthorizationServicePort"

If you would like to run SAZ, you will need to enable the relevant lines in the above file as well (more documentation to be added later).

You will need to modify the following settings in /etc/sysconfig/bestman2

BESTMAN_GUMSCERTPATH=/etc/grid-security/bestman/bestmancert.pem
BESTMAN_GUMSKEYPATH=/etc/grid-security/bestman/bestmankey.pem
...

You will need to modify the following settings in /etc/bestman2/conf/bestman2.rc

GUMSserviceURL=https://GUMS_HOST:8443/gums/services/GUMSXACMLAuthorizationServicePort

4.3 Edit Bestman Settings

Bestman settings are now split into three files. Environment variables (except those that represent server and client libraries) are stored in /etc/sysconfig/bestman2, the server and client library variables are stored in /etc/sysconfig/bestman2lib and configuration is stored in /etc/bestman2/conf/bestman2.rc. You should review these settings to make sure all of them comply with your environment. You, as a user should not have to edit /etc/sysconfig/bestman2lib .

Note: If you are upgrading from a version prior to 2.3.0-9, you will need to remove all entries for BESTMAN2_SERVER_LIB and BESTMAN2_CLIENT_LIB in file /etc/sysconfig/bestman2. These settings are now present in file /etc/sysconfig/bestman2lib

For those familiar with the Pacman installation of BeStMan, you will know about the configure_bestman script for configuring the BeStMan server. This script is not supported or included in the RPM package.

You will likely need to modify the following settings in /etc/bestman2/conf/bestman2.rc

localPathListAllowed=/tmp
CertFileName=/etc/grid-security/bestman/bestmancert.pem
KeyFileName=/etc/grid-security/bestman/bestmankey.pem
supportedProtocolList=gsiftp://GRIDFTP_HOSTNAME;gsiftp://GRIDFTP_HOSTNAME2

Note: Make sure the value for localPathListAllowed is correctly entered - i.e. each path separated by a ;. If it is not, this parameter may not be effective.

Note: Make sure the permissions for the localPathListAllowed directory(ies) are set to 1777, which is the default for /tmp. Further, note that on many systems, /tmp gets cleared out automatically, so you may want to use a different location (not under /tmp) to ensure that the files persist.

BeStMan requires two sets of certificate pairs. One is for host services. When clients connect to BeStMan, they will receive this certificate (CertFileName, KeyFileName) as proof of the server's identity. The second certificate pair (BESTMAN_GUMSCERTPATH and BESTMAN_GUMSKEYPATH) is used to communicate with Gums when verifying identity information. Note: these two can (and usually will be) the same files, but can be split if your Gums setup requires a specific identity. Note that the Gums cert and key are not needed if you are using grid map file authentication.

localPathListAllowed determines which paths users will be able to access via SRM.

supportedProtocolList is a semi-colon list of GridFTP servers that the BeStMan will use as transfer agents. If you are using anything but the standard GridFTP port 2811, you will also have to add the port (ie gsiftp://HOSTNAME:port).

Also, modify GUMSserviceURL to use your local Gums installation if you are using Gums authentication and have not yet done so.

4.4 Modify /etc/sudoers

BeStman requires the "sudo" command in order to write information as the proper user. You will need to give the bestman user the proper permissions to run these commands.

Modify /etc/sudoers and comment the following line.

#Defaults    requiretty

Then add the following lines at the end of the /etc/sudoers file.

Cmnd_Alias SRM_CMD = /bin/rm, /bin/mkdir, /bin/rmdir, /bin/mv, /bin/cp, /bin/ls
Runas_Alias SRM_USR = ALL, !root
bestman   ALL=(SRM_USR) NOPASSWD: SRM_CMD

4.5 Copying certificates to a bestman location

BeStMan requires a certificate pair to function. In order to use lcg-utils, this must be a host certificate (rather than a service certificate). The following shows how to copy your certificates

cp /etc/grid-security/hostkey.pem /etc/grid-security/bestman/bestmankey.pem
cp /etc/grid-security/hostcert.pem /etc/grid-security/bestman/bestmancert.pem
chown -R bestman:bestman /etc/grid-security/bestman/
Then modify CertFileName, KeyFileName in /etc/bestman2/conf/bestman2.rc.

4.6 (Optional) Using a different bestman user

If you would like to use a different user than the default bestman user (not recommended), you will need to change the following:

  • Change ownership of bestman certs in /etc/grid-security/bestman. (If they are in a different location, you will need to update bestman2.rc)
  • Change SRM_OWNER in /etc/sysconfig/bestman2 to the new user.
  • Change bestman user in /etc/sudoers. The last line "bestman ALL=(SRM_USR) NOPASSWD: SRM_CMD" should be changed from bestman to the new user.
  • Change ownership of /var/log/bestman2
  • WARNING: Currently the RPM packaging will change the ownership of the /var/log/bestman2 directory back to bestman on upgrades; therefore, you will need to change the ownership of /var/log/bestman2 back to your configured user after every bestman2 upgrade.

4.7 (Optional) Modifying default logging for event.srm.log

/var/log/bestman2 directory has two types of logs - bestman2.log and event.srm.log

Logrotation of bestman2.log file is controlled by /etc/logrotate.d/bestman2 file.

By default, the size of event.srm.log log file is set to 50000000 bytes within the Bestman code itself

So, if you don't change above settings, you will see event.srm.log files with size of ~44MB and their count will keep increasing (indefinitely, as far as we know)

Depending on the usage, the number of these files can become high enough to fill up the partition that holds these logs.

There are 3 ways to avoid this -

  • Modify following parameters (commented by default) in the /etc/sysconfig/bestman2 file

# Number of files to keep
BESTMAN_EVENT_LOG_COUNT= 10
# Size of each file in bytes
BESTMAN_EVENT_LOG_SIZE= 20971520

The value for these depends on usage of your SE

  • Create a directory under a much bigger partition and have a symlink from /var/log/bestman2 to that directory.
  • Or you can leave the default settings , but have your own custom script that cleans these files as per your needs.

4.8 (Optional) BeStMan Fullmode

The above procedure installs BeStMan in gateway mode which is sufficient for most purposes in the Open Science Grid. BeStMan also includes a full-mode capability with the following features:

  • Includes full SRM implementation
  • Includes Dynamic space reservation
  • Request queue management
  • Enhanced plug-in support

Note that full-mode capability may not be updated in future releases and will be supported only on a best-effort capacity. For those who absolutely need this functionality to support legacy systems, information is attached below.

Modify /etc/bestman2/conf/WEB-INF/server-config.wsdd and change "TSRMServiceGateway" to "TSRMService".

 <parameter name="className" value="gov.lbl.srm.impl.TSRMService" />
Modify the following options in /etc/bestman2/conf/bestman2.rc.
BESTMAN_GATEWAYMODE_ENABLED=no
BESTMAN_FULLMODE_ENABLED=yes
pathForToken=false
disableSpaceMgt=false
useBerkeleyDB=true
noCacheLog=false

Delete these entries

checkSizeWithFS=true
checkSizeWithGsiftp=false

Add these entries:

MaxNumberOfUsers=100
MaxNumberOfFileRequests=1000000
Concurrency=40
MaxConcurrentFileTransfer=10
GridFTPNumStreams=1
GridFTPBufferSizeBytes=1048576
DefaultFileSizeMB=500
DefaultVolatileFileLifeTimeInSeconds=1800
PublicTokenMaxFileLifetimeInSeconds=1800
InactiveTxfTimeOutInSeconds=300
PublicSpaceProportion=80
DefaultMBPerToken=1000
CacheLogLocation=/var/log/bestman2
srmcacheKeywordOn=true
uploadQueueParameter=40:10
You may need to tweak some of the performance options to your installations.

Also add the following line with your Replica Storage Locations:

ReplicaQualityStorageMB=[20000]path=/var/run/bestman2/cache;
This should be semi-colon delimited in the form of "[size_in_mb]path=/path/to/replica/storage".

5.0 Starting Services

1. fetch-crl

You need to fetch the latest CA Certificate Revocation Lists (CRLs) and you should enable the fetch-crl service to keep the CRLs up to date:

# For RHEL 5, CentOS 5, and SL5 
[root@client ~]$ /usr/sbin/fetch-crl3   # This fetches the CRLs 
[root@client ~]$ /sbin/service fetch-crl3-boot start
[root@client ~]$ /sbin/service fetch-crl3-cron start
# For RHEL 6, CentOS 6, and SL6, or OSG 3 _older_ than 3.1.15 
[root@client ~]$ /usr/sbin/fetch-crl   # This fetches the CRLs 
[root@client ~]$ /sbin/service fetch-crl-boot start
[root@client ~]$ /sbin/service fetch-crl-cron start
# For RHEL 7, CentOS 7, and SL7 
[root@client ~]$ /usr/sbin/fetch-crl   # This fetches the CRLs 
[root@client ~]$ systemctl start fetch-crl-boot
[root@client ~]$ systemctl start fetch-crl-cron
For more details and options, please see our CRL documentation.

To enable the fetch-crl service to keep the CRLs up to date after reboots:

# For RHEL 5, CentOS 5, and SL5 
[root@client ~]$ /sbin/chkconfig fetch-crl3-boot on
[root@client ~]$ /sbin/chkconfig fetch-crl3-cron on
# For RHEL 6, CentOS 6, and SL6, or OSG 3 _older_ than 3.1.15 
[root@client ~]$ /sbin/chkconfig fetch-crl-boot on
[root@client ~]$ /sbin/chkconfig fetch-crl-cron on
# For RHEL 7, CentOS 7, and SL7 
[root@client ~]$ systemctl enable fetch-crl-boot
[root@client ~]$ systemctl enable fetch-crl-cron

2. GridFTP

Starting GridFTP:

[root@client ~]$ service globus-gridftp-server start

3. Bestman

[root@client ~]$ service bestman2 start
To start Bestman automatically at boot time
[root@client ~]$ chkconfig bestman2 on

4. Gratia transfer and storage probes

[root@client ~]$ service gratia-xrootd-transfer start
[root@client ~]$ service gratia-xrootd-storage start

6.0 Stopping Services

1. fetch-crl

* (other grid service running on the machine may still use it) To stop fetch-crl:

# For RHEL 5, CentOS 5, and SL5 
[root@client ~]$ /sbin/service fetch-crl3-boot stop
[root@client ~]$ /sbin/service fetch-crl3-cron stop
# For RHEL 6, CentOS 6, and SL6, or OSG 3 _older_ than 3.1.15 
[root@client ~]$ /sbin/service fetch-crl-boot stop
[root@client ~]$ /sbin/service fetch-crl-cron stop
# For RHEL 7, CentOS 7, and SL7 
[root@client ~]$ systemctl stop fetch-crl-boot
[root@client ~]$ systemctl stop fetch-crl-cron
For more details and options, please see our CRL documentation.

* (other grid service running on the machine may still use it) To disable the fetch-crl service:

# For RHEL 5, CentOS 5, and SL5 
[root@client ~]$ /sbin/chkconfig fetch-crl3-boot off
[root@client ~]$ /sbin/chkconfig fetch-crl3-cron off
# For RHEL 6, CentOS 6, and SL6, or OSG 3 _older_ than 3.1.15 
[root@client ~]$ /sbin/chkconfig fetch-crl-boot off
[root@client ~]$ /sbin/chkconfig fetch-crl-cron off
# For RHEL 7, CentOS 7, and SL7 
[root@client ~]$ systemctl disable fetch-crl-boot
[root@client ~]$ systemctl disable fetch-crl-cron

2. GridFTP

Stopping GridFTP:

[root@client ~]$ service globus-gridftp-server stop

3. Bestman

[root@client ~]$ service bestman2 stop

4. Gratia transfer and storage probes

[root@client ~]$ service gratia-xrootd-transfer stop
[root@client ~]$ service gratia-xrootd-storage stop

7.0 Validation of Service Operation

7.1 Site registration and daily monitoring

Once you have your SE setup and configured, there are several ways to monitor your installation. Refer to the following pages for more information.

You can also self-test to verify your installation with an SRM client (see below).

7.2 Self-testing with srm clients

In order to verify that the system is functional you will need to have access to srm client commands, be able to create a proxy certificate (grid-proxy-init or voms_proxy_init command) and have access to your certificate and private key.

Preparing to run srm-client commands

You can test the installation either from the BeStMan installation node or from a node on which OSG Client is installed. To do this, you will need:

  • Access to a grid proxy
    • Login to a node where the OSG Client is installed as "yourself"
    • Make sure that you have access to your certificate and private key on that node. You will need it to create a proxy certificate.
    • Execute either grid-proxy-init or voms-proxy-init.
    • The proxy will be created in /tmp/x509up_uUID by default.
  • A node with an srm client installed.
    • The following instructions assume this is the bestman2-client package. However, in principle, you can also use the dcache-srmclient or other SRM tool as well.
    • If this node is different from where you created your proxy (above), you will need to transfer it to this node to test.

Executing SRM-client commands

After you create a proxy certificate, you may try to verify BeStMan with srm client commands

Execute srm-ping:

 srm-ping srm://BeStMan_host:secured_http_port/srm/v2/server
srm-ping   2.2.1.2.i7.p3  Fri Jul 10 15:56:18 PDT 2009
SRM-Clients and BeStMan Copyright(c) 2007-2009,
Lawrence Berkeley National Laboratory. All rights reserved.
Support at SRM@LBL.GOV and documents at http://datagrid.lbl.gov/bestman
SRM-CLIENT: Connecting to serviceurl httpg://fg0x1.fnal.gov:10443/srm/v2/server
SRM-PING: Tue Mar 02 14:17:38 CST 2010  Calling SrmPing Request...
versionInfo=v2.2
Extra information (Key=Value)
backend_type=BeStMan
backend_version=2.2.1.3.8
backend_build_date=2009-12-03T05:09:14.000Z 
gsiftpTxfServers[0]=gsiftp://fg0x1.fnal.gov
clientDN=/DC=org/DC=doegrids/OU=People/CN=Tanya Levshina 508821
gumsIDMapped=fnalgrid

Please check that your gumsIDMapped is not null. If this is the case you have probably misconfigured your grid-mapfile or GUMS related configuration. If you have reasonable result you may try to srm copy. In order to do so create a file test in /tmp directory and write into the default volatile space:

srm-copy   file:////tmp/test1  srm://BeStMan_host:secured_http_port/srm/v2/server\?SFN=/srmcache/~/test_1
srm-copy   2.2.1.2.i7.p3  Fri Jul 10 15:56:18 PDT 2009
SRM-Clients and BeStMan Copyright(c) 2007-2009,
Lawrence Berkeley National Laboratory. All rights reserved.
Support at SRM@LBL.GOV and documents at http://datagrid.lbl.gov/bestman
 
 
SRM-CLIENT: Tue Mar 02 14:19:20 CST 2010 Connecting to httpg://fg0x1.fnal.gov:10443/srm/v2/server SRM-CLIENT: Tue Mar 02 14:19:20 CST 2010 Calling SrmPrepareToPutRequest now ... request.token=fnalgrid:1_PUT_3055620301 status=SRM_REQUEST_QUEUED explanation=null SRM-CLIENT: Next status call in 10 seconds. SRM-CLIENT: Tue Mar 02 14:19:32 CST 2010 Calling Status at Tue Mar 02 14:19:32 CST 2010 SRM-CLIENT: Result Status from SRM (srmStatusOfPutRequest)=SRM_SUCCESS SRM-CLIENT: RemainingPinTime=289 SRM-CLIENT: received TURL=gsiftp://fg0x1.fnal.gov//usr/local/osg_1.2-bestman/vdt-app-data/bestman/cache/fnalgrid/V.0.0-1258657694/te st_1 SRM-CLIENT: Tue Mar 02 14:19:32 CST 2010 start file transfer SRM-CLIENT:Source=file:////tmp/test SRM-CLIENT:Target=gsiftp://fg0x1.fnal.gov//usr/local/osg_1.2-bestman/vdt-app-data/bestman/cache/fnalgrid/V.0.0-1258657694/test_1 SRM-CLIENT: Tue Mar 02 14:19:35 CST 2010 end file transfer for file:////tmp/test SRM-CLIENT: Tue Mar 02 14:19:35 CST 2010 Calling putDone for srm://fg0x1.fnal.gov:10443/srm/v2/server?SFN=/srmcache/~/test_1 Result.status=SRM_SUCCESS Result.Explanation=null SRM-CLIENT: Request completed with success SRM-CLIENT: Printing text report now ...
SRM-CLIENT*REQUESTTYPE=put SRM-CLIENT*TOTALFILES=1 SRM-CLIENT*TOTAL_SUCCESS=1 SRM-CLIENT*TOTAL_FAILED=0 SRM-CLIENT*REQUEST_TOKEN=fnalgrid:1_PUT_3055620301 SRM-CLIENT*REQUEST_STATUS=SRM_SUCCESS SRM-CLIENT*SOURCEURL[0]=file:////tmp/test SRM-CLIENT*TARGETURL[0]=srm://fg0x1.fnal.gov:10443/srm/v2/server?SFN=/srmcache/~/test_1 SRM-CLIENT*TRANSFERURL[0]=gsiftp://fg0x1.fnal.gov//usr/local/osg_1.2-bestman/vdt-app-data/bestman/cache/fnalgrid/V.0.0-1258657694/te st_1 SRM-CLIENT*ACTUALSIZE[0]=15 SRM-CLIENT*FILE_STATUS[0]=SRM_SUCCESS SRM-CLIENT*EXPLANATION[0]=SRM-CLIENT: PutDone is called successfully
If you turn on Gratia GridFTP transfer probes, you should be able to see the accounting information by accessing your Gratia collector. See details in Preparing, Installing and Validating Gratia transfer probe.

8.0 Troubleshooting

8.1 Useful Configuration and Log Files

Service/Process Configuration File Description
BeStMan2 /etc/bestman2/conf/bestman2.rc Main Configuration file
/etc/sysconfig/bestman2 Environment variables used by BeStMan2
/etc/sysconfig/bestman2lib Environment variables that store values of various client and server libraries used by BeStMan2
/etc/bestman2/conf/* Other runtime configuration files
/etc/init.d/bestman2 init.d startup script
GridFTP /etc/sysconfig/globus-gridftp-server Environment variables to use
/etc/gridftp.conf Startup parameters

Service/Process Log File Description
BeStMan2 /var/log/bestman2/bestman2.log BeStMan2 server log and errors
  /var/log/bestman2/event.srm.log Records all SRM transactions
GridFTP /var/log/gridftp.log Transfer log
  /var/log/gridftp-auth.log Authentication log
  /var/log/messages Main system log (look here for LCMAPS errors)

8.2 Open Ports

The following ports are opened for the installed services

Module Name Port Number Protocol
BeStMan default 8443 tcp
GridFTP 2811 tcp
lowPort,maxPort if needed to control outbound globus connections tcp

8.3 Debugging Procedure

If system validation failed, you would probably need to check each component in order to verify your installation. In order to do so, you should check all of them in the following order
  • GUMS (if in use)
  • GridFTP
  • BeStMan

Verifying GUMS

Make sure that the service certificate you specified for BeStMan configuration with GUMSHOSTCERT , GUMSHOSTKEY options and GridFTP service certificate are accepted by GUMS.

Test GUMS by running:

srm-ping srm://Bestman_host:port/srm/v2/server
Check that your gumsIDMapped is not null. It returns the uid that GUMS will map you to. This can be obtained from your GUMS administrator. Verify that this uid exists on BeStMan and GridFTP node.

Verifying GridFTP

Login on the node where your certificate and OSG Client is installed You will need to generate your voms-proxy or grid_proxy credentials using grid-proxy-init or voms-proxy-init (provided by the globus-proxy-utils and voms-clients packages, respectively).

Then test GridFTP (globus-url-copy is provided by the globus-gass-copy-progs package):

echo “This is a test” >/tmp/test 
globus-url-copy -dbg file:///tmp/test gsiftp://GridFtp_host/tmp/test 

Check the GridFTP logs to see if you have encountered any errors.

Verifying BeStMan

First, make sure that BeStMan is running

# ps -ef | grep bestman
bestman   5121     1 99 19:59 ?        00:00:01 /usr/java/latest/bin/java -server -Xmx1024m -XX:MaxDirectMemorySize=1024m -DX509_CERT_DIR=/etc/grid-security/certificates -DCADIR=/etc/grid-security/certificates -Daxis.socketSecureFactory=org.glite.security.trustmanager.axis.AXISSocketFactory -DsslCAFiles=/etc/grid-security/certificates/*.0 -DsslCertfile=/etc/grid-security/bestman/bestmancert.pem -DsslKey=/etc/grid-security/bestman/bestmankey.pem -DJettyConfiguration=/etc/bestman2/conf/WEB-INF/jetty.xml -DJettyDescriptor=/etc/bestman2/conf/WEB-INF/web.xml -DJettyResource=/etc/bestman2/conf/ -Dorg.eclipse.jetty.util.log.IGNORE=true gov.lbl.srm.server.Server /etc/bestman2/conf/bestman2.rc

If BeStMan is not running, check information in the log file /var/log/bestman2/bestman2.log.

9.0 Useful Configuration and Log Files

Service/Process Configuration File Description
BeStMan2 /etc/bestman2/conf/bestman2.rc Main BeStMan2 configuration file
  /etc/sysconfig/bestman2 BeStMan2 sysconfig and environment variables
/etc/sysconfig/bestman2lib Environment variables that store values of various client and server libraries used by BeStMan2
GridFTP /etc/sysconfig/globus-gridftp-server Environment variables for GridFTP
Gratia Probe /etc/gratia/gridftp-transfer/ProbeConfig GridFTP Gratia Probe configuration
Gratia Probe /etc/cron.d/gratia-probe-gridftp-transfer.cron Cron tab file

Service/Process Log File Description
BeStMan2 /var/log/bestman2/bestman2.log BeStMan2 Jetty log
  /var/log/bestman2/event.srm.log BeStMan2 event and authorization log
GridFTP /var/log/gridftp.log GridFTP transfer log
/var/log/gridftp-auth.log GridFTP authorization log
Gratia probe /var/log/gratia

10.0 Upgrading BeStMan

Upgrading BeStMan can be done by

yum upgrade bestman2-server

There are a few notes to be aware of when upgrading BeStMan.

  • From many of the versions of the BeStMan, configuration changes have taken place. Do not ignore any warnings about rpmsave or rpmnew files. You will need to especially be careful about and /etc/bestman2/conf/bestman2.rc.
  • Beginning with BeStMan 2.3.0-9, many dependency locations changed. Be sure that /etc/sysconfig/bestman2lib contains the "build-classpath" directives in the BESTMAN2_SERVER_LIB and BESTMAN2_CLIENT_LIB. Otherwise, you may get java class loading errors on startup or on run-time. Also, be sure to remove these entries from the /etc/sysconfig/bestman2 file.
  • For BeStMan 2.1.3, certain versions had a combined sysconfig and configuration file. You may need to split these files apart if this is the case.

For more help, please contact the GOC to create a support ticket.

11.0 How to get Help?

If you cannot resolve the problem, there are several ways to receive help:

For a full set of help options, see Help Procedure.

12.0 References

13.0 Screen Dump of Install Procedure

[root@fermicloud109 ~]# wget http://download.fedoraproject.org/pub/epel/5/i386/epel-release-5-4.noarch.rpm
--2011-10-18 14:54:37--  http://download.fedoraproject.org/pub/epel/5/i386/epel-release-5-4.noarch.rpm
Resolving download.fedoraproject.org... 140.211.169.197, 152.19.134.146, 209.132.181.16, ...
Connecting to download.fedoraproject.org|140.211.169.197|:80... connected.
HTTP request sent, awaiting response... 302 FOUND
Location: http://mirrors.usu.edu/epel/5/i386/epel-release-5-4.noarch.rpm [following]
--2011-10-18 14:54:38--  http://mirrors.usu.edu/epel/5/i386/epel-release-5-4.noarch.rpm
Resolving mirrors.usu.edu... 129.123.104.64
Connecting to mirrors.usu.edu|129.123.104.64|:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 12232 (12K) [application/x-redhat-package-manager]
Saving to: `epel-release-5-4.noarch.rpm'

100%[==================================================================>] 12,232      77.0K/s   in 0.2s

2011-10-18 14:54:39 (77.0 KB/s) - `epel-release-5-4.noarch.rpm' saved [12232/12232]

[root@fermicloud109 ~]# rpm -i epel-release-5-4.noarch.rpm
warning: epel-release-5-4.noarch.rpm: Header V3 DSA signature: NOKEY, key ID 217521f6
[root@fermicloud109 ~]# yum -y install yum-priorities
Loaded plugins: kernel-module
epel                                                                                 | 3.7 kB     00:00
epel/primary_db                                                                      | 3.8 MB     00:00
Setting up Install Process
Resolving Dependencies
--> Running transaction check
---> Package yum-priorities.noarch 0:1.1.16-14.el5 set to be updated
--> Finished Dependency Resolution
Beginning Kernel Module Plugin
Finished Kernel Module Plugin

Dependencies Resolved

============================================================================================================
 Package                      Arch                 Version                      Repository             Size
============================================================================================================
Installing:
 yum-priorities               noarch               1.1.16-14.el5                sl-base                14 k

Transaction Summary
============================================================================================================
Install       1 Package(s)
Upgrade       0 Package(s)

Total download size: 14 k
Downloading Packages:
yum-priorities-1.1.16-14.el5.noarch.rpm                                              |  14 kB     00:00
Running rpm_check_debug
Running Transaction Test
Finished Transaction Test
Transaction Test Succeeded
Running Transaction
  Installing     : yum-priorities                                                                       1/1

Installed:
  yum-priorities.noarch 0:1.1.16-14.el5

Complete!
[root@fermicloud109 ~]# rpm -Uvh http://repo.grid.iu.edu/osg-release-latest.rpm
Retrieving http://repo.grid.iu.edu/osg-release-latest.rpm
warning: /var/tmp/rpm-xfer.mXE3uU: Header V3 DSA signature: NOKEY, key ID 824b8603
Preparing...                ########################################### [100%]
   1:osg-release            ########################################### [100%]
[root@fermicloud109 ~]# yum install osg-se-bestman
Loaded plugins: kernel-module, priorities
osg                                                                                  | 1.9 kB     00:00
osg/primary_db                                                                       |  65 kB     00:00
osg-testing                                                                          | 1.9 kB     00:00
osg-testing/primary_db                                                               | 319 kB     00:00
1232 packages excluded due to repository priority protections
Setting up Install Process
Resolving Dependencies
--> Running transaction check
---> Package osg-se-bestman.x86_64 0:3.0.0-6 set to be updated
--> Processing Dependency: gums-client for package: osg-se-bestman
--> Processing Dependency: bestman2-tester for package: osg-se-bestman
--> Processing Dependency: bestman2-server for package: osg-se-bestman
--> Processing Dependency: java-1.6.0-sun-compat for package: osg-se-bestman
--> Processing Dependency: edg-mkgridmap for package: osg-se-bestman
--> Processing Dependency: fetch-crl for package: osg-se-bestman
--> Processing Dependency: grid-certificates for package: osg-se-bestman
--> Processing Dependency: globus-gridftp-server-progs for package: osg-se-bestman
--> Processing Dependency: vo-client for package: osg-se-bestman
--> Processing Dependency: gratia-probe-gridftp-transfer for package: osg-se-bestman
--> Processing Dependency: bestman2-client for package: osg-se-bestman
--> Processing Dependency: liblcas_lcmaps_gt4_mapping.so.0()(64bit) for package: osg-se-bestman
--> Running transaction check
---> Package bestman2-client.noarch 0:2.1.3-1 set to be updated
--> Processing Dependency: bestman2-common-libs = 2.1.3-1 for package: bestman2-client
--> Processing Dependency: bestman2-client-libs = 2.1.3-1 for package: bestman2-client
---> Package bestman2-server.noarch 0:2.1.3-1 set to be updated
--> Processing Dependency: bestman2-server-dep-libs = 2.1.3-1 for package: bestman2-server
--> Processing Dependency: bestman2-server-libs = 2.1.3-1 for package: bestman2-server
---> Package bestman2-tester.noarch 0:2.1.3-1 set to be updated
--> Processing Dependency: bestman2-tester-libs = 2.1.3-1 for package: bestman2-tester
---> Package edg-mkgridmap.noarch 0:4.0.0-3.osg set to be updated
--> Processing Dependency: perl(Net::LDAPS) for package: edg-mkgridmap
--> Processing Dependency: vo-client-edgmkgridmap for package: edg-mkgridmap
--> Processing Dependency: perl-Net-SSLeay for package: edg-mkgridmap
--> Processing Dependency: perl(Net::LDAP::Util) for package: edg-mkgridmap
--> Processing Dependency: perl(Net::LDAP) for package: edg-mkgridmap
--> Processing Dependency: osg-vo-map for package: edg-mkgridmap
--> Processing Dependency: perl(Term::ReadKey) for package: edg-mkgridmap
--> Processing Dependency: perl(XML::DOM) for package: edg-mkgridmap
--> Processing Dependency: perl-Crypt-SSLeay for package: edg-mkgridmap
---> Package fetch-crl.noarch 0:2.8.4-2.el5 set to be updated
---> Package globus-gridftp-server-progs.x86_64 0:6.1-5.osg set to be updated
--> Processing Dependency: globus-gridftp-server = 6.1-5.osg for package: globus-gridftp-server-progs
--> Processing Dependency: globus-xio-gsi-driver >= 2 for package: globus-gridftp-server-progs
--> Processing Dependency: perl(Globus::Core::Paths) for package: globus-gridftp-server-progs
--> Processing Dependency: libglobus_gssapi_gsi.so.9(globus_gssapi_gsi)(64bit) for package: globus-gridftp-server-progs
--> Processing Dependency: libglobus_gsi_credential.so.5()(64bit) for package: globus-gridftp-server-progs
--> Processing Dependency: libglobus_gssapi_error.so.4()(64bit) for package: globus-gridftp-server-progs
--> Processing Dependency: libglobus_io.so.8()(64bit) for package: globus-gridftp-server-progs
--> Processing Dependency: libglobus_gsi_cert_utils.so.8()(64bit) for package: globus-gridftp-server-progs
--> Processing Dependency: libglobus_callout.so.2()(64bit) for package: globus-gridftp-server-progs
--> Processing Dependency: libglobus_openssl.so.3()(64bit) for package: globus-gridftp-server-progs
--> Processing Dependency: libglobus_authz.so.2()(64bit) for package: globus-gridftp-server-progs
--> Processing Dependency: libglobus_gsi_authz_callout_error.so.2()(64bit) for package: globus-gridftp-server-progs
--> Processing Dependency: libglobus_common.so.14()(64bit) for package: globus-gridftp-server-progs
--> Processing Dependency: libglobus_proxy_ssl.so.4()(64bit) for package: globus-gridftp-server-progs
--> Processing Dependency: libglobus_xio.so.3()(64bit) for package: globus-gridftp-server-progs
--> Processing Dependency: libglobus_gsi_proxy_core.so.6()(64bit) for package: globus-gridftp-server-progs
--> Processing Dependency: libglobus_gfork.so.3()(64bit) for package: globus-gridftp-server-progs
--> Processing Dependency: libglobus_gridftp_server_control.so.2()(64bit) for package: globus-gridftp-server-progs
--> Processing Dependency: libglobus_ftp_control.so.4()(64bit) for package: globus-gridftp-server-progs
--> Processing Dependency: libglobus_gss_assist.so.8()(64bit) for package: globus-gridftp-server-progs
--> Processing Dependency: libglobus_openssl_error.so.2()(64bit) for package: globus-gridftp-server-progs
--> Processing Dependency: libglobus_gridftp_server.so.6()(64bit) for package: globus-gridftp-server-progs
--> Processing Dependency: libglobus_gsi_sysconfig.so.5()(64bit) for package: globus-gridftp-server-progs
--> Processing Dependency: libglobus_usage.so.3()(64bit) for package: globus-gridftp-server-progs
--> Processing Dependency: libglobus_gsi_callback.so.4()(64bit) for package: globus-gridftp-server-progs
--> Processing Dependency: libglobus_gssapi_gsi.so.9()(64bit) for package: globus-gridftp-server-progs
--> Processing Dependency: libglobus_oldgaa.so.4()(64bit) for package: globus-gridftp-server-progs
---> Package gratia-probe-gridftp-transfer.noarch 0:1.09-0.4.1.pre set to be updated
--> Processing Dependency: gratia-probe-common >= 1.09-0.4.1.pre for package: gratia-probe-gridftp-transfer
--> Processing Dependency: netlogger for package: gratia-probe-gridftp-transfer
---> Package gums-client.noarch 0:1.3.18.002-3 set to be updated
--> Processing Dependency: gums = 1.3.18.002 for package: gums-client
---> Package java-1.6.0-sun-compat.x86_64 0:1.6.0.26-3.sl5.jpp set to be updated
--> Processing Dependency: jdk = 2000:1.6.0_26-fcs for package: java-1.6.0-sun-compat
--> Processing Dependency: jpackage-utils >= 1.7.3 for package: java-1.6.0-sun-compat
--> Processing Dependency: /usr/bin/xsltproc for package: java-1.6.0-sun-compat
--> Processing Dependency: /usr/bin/xsltproc for package: java-1.6.0-sun-compat
---> Package lcas-lcmaps-gt4-interface.x86_64 0:0.1.4-6.osg set to be updated
--> Processing Dependency: liblcas.so.0()(64bit) for package: lcas-lcmaps-gt4-interface
--> Processing Dependency: liblcmaps.so.0()(64bit) for package: lcas-lcmaps-gt4-interface
--> Processing Dependency: libglobus_gridmap_callout_error.so.1()(64bit) for package: lcas-lcmaps-gt4-interface
---> Package osg-ca-certs.noarch 0:1.24-1 set to be updated
---> Package vo-client.noarch 0:38-9.osg set to be updated
--> Running transaction check
---> Package bestman2-client-libs.noarch 0:2.1.3-1 set to be updated
---> Package bestman2-common-libs.noarch 0:2.1.3-1 set to be updated
---> Package bestman2-server-dep-libs.noarch 0:2.1.3-1 set to be updated
---> Package bestman2-server-libs.noarch 0:2.1.3-1 set to be updated
---> Package bestman2-tester-libs.noarch 0:2.1.3-1 set to be updated
---> Package globus-authz.x86_64 0:2.0-2.osg set to be updated
---> Package globus-authz-callout-error.x86_64 0:2.0-2.osg set to be updated
---> Package globus-callout.x86_64 0:2.0-2.osg set to be updated
--> Processing Dependency: libltdl.so.3()(64bit) for package: globus-callout
---> Package globus-common.x86_64 0:14.0-3.osg set to be updated
---> Package globus-ftp-control.x86_64 0:4.0-2.osg set to be updated
---> Package globus-gfork.x86_64 0:3.0-2.osg set to be updated
---> Package globus-gridftp-server.x86_64 0:6.1-5.osg set to be updated
---> Package globus-gridftp-server-control.x86_64 0:2.0-3.osg set to be updated
--> Processing Dependency: globus-xio-pipe-driver >= 2 for package: globus-gridftp-server-control
---> Package globus-gridmap-callout-error.x86_64 0:1.1-1.osg set to be updated
---> Package globus-gsi-callback.x86_64 0:4.0-2.osg set to be updated
---> Package globus-gsi-cert-utils.x86_64 0:8.0-2.osg set to be updated
---> Package globus-gsi-credential.x86_64 0:5.0-3.osg set to be updated
---> Package globus-gsi-openssl-error.x86_64 0:2.0-2.osg set to be updated
---> Package globus-gsi-proxy-core.x86_64 0:6.0-2.osg set to be updated
---> Package globus-gsi-proxy-ssl.x86_64 0:4.0-2.osg set to be updated
---> Package globus-gsi-sysconfig.x86_64 0:5.0-3.osg set to be updated
---> Package globus-gss-assist.x86_64 0:8.0-2.osg set to be updated
---> Package globus-gssapi-error.x86_64 0:4.0-2.osg set to be updated
---> Package globus-gssapi-gsi.x86_64 0:10.0-1.osg set to be updated
---> Package globus-io.x86_64 0:9.0-2.osg set to be updated
---> Package globus-openssl-module.x86_64 0:3.0-2.osg set to be updated
---> Package globus-usage.x86_64 0:3.0-2.osg set to be updated
---> Package globus-xio.x86_64 0:3.0-3.osg set to be updated
---> Package globus-xio-gsi-driver.x86_64 0:2.0-2.osg set to be updated
---> Package gratia-probe-common.noarch 0:1.09-0.4.1.pre set to be updated
--> Processing Dependency: pyOpenSSL for package: gratia-probe-common
---> Package gums.noarch 0:1.3.18.002-3 set to be updated
---> Package jdk.x86_64 2000:1.6.0_26-fcs set to be updated
---> Package jpackage-utils.noarch 0:1.7.3-1jpp.2.el5 set to be updated
---> Package lcas.x86_64 0:1.3.13-8.osg set to be updated
--> Processing Dependency: liblcas_userban.so()(64bit) for package: lcas
---> Package lcmaps.x86_64 0:1.4.28-14.osg set to be updated
--> Processing Dependency: lcmaps-plugins-saz-client for package: lcmaps
--> Processing Dependency: lcmaps-plugins-gums-client for package: lcmaps
--> Processing Dependency: liblcmaps_scas_client.so.0()(64bit) for package: lcmaps
--> Processing Dependency: liblcmaps_verify_proxy.so.0()(64bit) for package: lcmaps
--> Processing Dependency: libvomsapi.so.1()(64bit) for package: lcmaps
--> Processing Dependency: liblcmaps_posix_enf.so.0()(64bit) for package: lcmaps
---> Package libxslt.x86_64 0:1.1.17-2.el5_2.2 set to be updated
---> Package netlogger.noarch 0:4.2.0-1 set to be updated
---> Package osg-vo-map.noarch 0:0.0.1-1.osg set to be updated
---> Package perl-Crypt-SSLeay.x86_64 0:0.51-11.el5 set to be updated
---> Package perl-LDAP.noarch 1:0.33-3.fc6 set to be updated
--> Processing Dependency: perl(Convert::ASN1) for package: perl-LDAP
--> Processing Dependency: perl(XML::SAX::Base) for package: perl-LDAP
--> Processing Dependency: perl(IO::Socket::SSL) for package: perl-LDAP
---> Package perl-Net-SSLeay.x86_64 0:1.30-4.fc6 set to be updated
---> Package perl-TermReadKey.x86_64 0:2.30-5.el5 set to be updated
---> Package perl-XML-DOM.noarch 0:1.44-2.el5 set to be updated
--> Processing Dependency: perl(XML::RegExp) for package: perl-XML-DOM
---> Package vo-client-edgmkgridmap.noarch 0:38-9.osg set to be updated
--> Running transaction check
---> Package globus-xio-pipe-driver.x86_64 0:2.0-2.osg set to be updated
---> Package lcas-plugins-basic.x86_64 0:1.3.5-5.osg set to be updated
---> Package lcmaps-plugins-basic.x86_64 0:1.4.5-1.osg set to be updated
---> Package lcmaps-plugins-gums-client.x86_64 0:0.0.2-2.osg set to be updated
--> Processing Dependency: lcmaps-plugins-scas-client for package: lcmaps-plugins-gums-client
---> Package lcmaps-plugins-saz-client.x86_64 0:0.2.22-7.osg set to be updated
--> Processing Dependency: saml2-xacml2-c-lib for package: lcmaps-plugins-saz-client
--> Processing Dependency: libxacml.so.0()(64bit) for package: lcmaps-plugins-saz-client
---> Package lcmaps-plugins-verify-proxy.x86_64 0:1.4.9-2.osg set to be updated
---> Package libtool-ltdl.x86_64 0:1.5.22-7.el5_4 set to be updated
---> Package perl-Convert-ASN1.noarch 0:0.20-1.1 set to be updated
---> Package perl-IO-Socket-SSL.noarch 0:1.01-1.fc6 set to be updated
---> Package perl-XML-RegExp.noarch 0:0.03-2.el5 set to be updated
---> Package perl-XML-SAX.noarch 0:0.14-8 set to be updated
--> Processing Dependency: perl(XML::NamespaceSupport) for package: perl-XML-SAX
---> Package pyOpenSSL.x86_64 0:0.6-1.p24.7.2.2 set to be updated
---> Package voms.x86_64 0:2.0.6-3.osg set to be updated
--> Running transaction check
---> Package lcmaps-plugins-scas-client.x86_64 0:0.2.22-7.osg set to be updated
---> Package perl-XML-NamespaceSupport.noarch 0:1.09-1.2.1 set to be updated
---> Package saml2-xacml2-c-lib.x86_64 0:1.0.1-6.osg set to be updated
--> Finished Dependency Resolution
Beginning Kernel Module Plugin
Finished Kernel Module Plugin

Dependencies Resolved

============================================================================================================
 Package                              Arch          Version                     Repository             Size
============================================================================================================
Installing:
 osg-se-bestman                       x86_64        3.0.0-6                     osg-testing           2.6 k
Installing for dependencies:
 bestman2-client                      noarch        2.1.3-1                     osg-testing            24 k
 bestman2-client-libs                 noarch        2.1.3-1                     osg-testing           627 k
 bestman2-common-libs                 noarch        2.1.3-1                     osg-testing           5.5 M
 bestman2-server                      noarch        2.1.3-1                     osg-testing            21 k
 bestman2-server-dep-libs             noarch        2.1.3-1                     osg-testing            11 M
 bestman2-server-libs                 noarch        2.1.3-1                     osg-testing           779 k
 bestman2-tester                      noarch        2.1.3-1                     osg-testing           7.9 k
 bestman2-tester-libs                 noarch        2.1.3-1                     osg-testing           189 k
 edg-mkgridmap                        noarch        4.0.0-3.osg                 osg-testing            21 k
 fetch-crl                            noarch        2.8.4-2.el5                 epel                   24 k
 globus-authz                         x86_64        2.0-2.osg                   osg-testing            14 k
 globus-authz-callout-error           x86_64        2.0-2.osg                   osg-testing           9.9 k
 globus-callout                       x86_64        2.0-2.osg                   osg-testing            16 k
 globus-common                        x86_64        14.0-3.osg                  osg-testing           128 k
 globus-ftp-control                   x86_64        4.0-2.osg                   osg-testing            73 k
 globus-gfork                         x86_64        3.0-2.osg                   osg-testing            19 k
 globus-gridftp-server                x86_64        6.1-5.osg                   osg-testing           163 k
 globus-gridftp-server-control        x86_64        2.0-3.osg                   osg-testing            77 k
 globus-gridftp-server-progs          x86_64        6.1-5.osg                   osg-testing            40 k
 globus-gridmap-callout-error         x86_64        1.1-1.osg                   osg-testing           6.7 k
 globus-gsi-callback                  x86_64        4.0-2.osg                   osg-testing            41 k
 globus-gsi-cert-utils                x86_64        8.0-2.osg                   osg-testing            18 k
 globus-gsi-credential                x86_64        5.0-3.osg                   osg-testing            35 k
 globus-gsi-openssl-error             x86_64        2.0-2.osg                   osg-testing            16 k
 globus-gsi-proxy-core                x86_64        6.0-2.osg                   osg-testing            36 k
 globus-gsi-proxy-ssl                 x86_64        4.0-2.osg                   osg-testing            17 k
 globus-gsi-sysconfig                 x86_64        5.0-3.osg                   osg-testing            29 k
 globus-gss-assist                    x86_64        8.0-2.osg                   osg-testing            34 k
 globus-gssapi-error                  x86_64        4.0-2.osg                   osg-testing            13 k
 globus-gssapi-gsi                    x86_64        10.0-1.osg                  osg-testing            60 k
 globus-io                            x86_64        9.0-2.osg                   osg-testing            44 k
 globus-openssl-module                x86_64        3.0-2.osg                   osg-testing            14 k
 globus-usage                         x86_64        3.0-2.osg                   osg-testing            16 k
 globus-xio                           x86_64        3.0-3.osg                   osg-testing           178 k
 globus-xio-gsi-driver                x86_64        2.0-2.osg                   osg-testing            37 k
 globus-xio-pipe-driver               x86_64        2.0-2.osg                   osg-testing            16 k
 gratia-probe-common                  noarch        1.09-0.4.1.pre              osg-testing           132 k
 gratia-probe-gridftp-transfer        noarch        1.09-0.4.1.pre              osg-testing            22 k
 gums                                 noarch        1.3.18.002-3                osg-testing            25 M
 gums-client                          noarch        1.3.18.002-3                osg-testing            13 k
 java-1.6.0-sun-compat                x86_64        1.6.0.26-3.sl5.jpp          fermi-security         65 k
 jdk                                  x86_64        2000:1.6.0_26-fcs           fermi-security         68 M
 jpackage-utils                       noarch        1.7.3-1jpp.2.el5            sl-base                61 k
 lcas                                 x86_64        1.3.13-8.osg                osg-testing            28 k
 lcas-lcmaps-gt4-interface            x86_64        0.1.4-6.osg                 osg-testing            17 k
 lcas-plugins-basic                   x86_64        1.3.5-5.osg                 osg-testing            23 k
 lcmaps                               x86_64        1.4.28-14.osg               osg-testing            89 k
 lcmaps-plugins-basic                 x86_64        1.4.5-1.osg                 osg-testing            38 k
 lcmaps-plugins-gums-client           x86_64        0.0.2-2.osg                 osg-testing           2.6 k
 lcmaps-plugins-saz-client            x86_64        0.2.22-7.osg                osg-testing            32 k
 lcmaps-plugins-scas-client           x86_64        0.2.22-7.osg                osg-testing            39 k
 lcmaps-plugins-verify-proxy          x86_64        1.4.9-2.osg                 osg-testing            23 k
 libtool-ltdl                         x86_64        1.5.22-7.el5_4              fermi-security         38 k
 libxslt                              x86_64        1.1.17-2.el5_2.2            sl-base               488 k
 netlogger                            noarch        4.2.0-1                     osg-testing           624 k
 osg-ca-certs                         noarch        1.24-1                      osg-testing           450 k
 osg-vo-map                           noarch        0.0.1-1.osg                 osg-testing           7.3 k
 perl-Convert-ASN1                    noarch        0.20-1.1                    sl-base                41 k
 perl-Crypt-SSLeay                    x86_64        0.51-11.el5                 sl-base                45 k
 perl-IO-Socket-SSL                   noarch        1.01-1.fc6                  sl-base                49 k
 perl-LDAP                            noarch        1:0.33-3.fc6                sl-base               316 k
 perl-Net-SSLeay                      x86_64        1.30-4.fc6                  sl-base               192 k
 perl-TermReadKey                     x86_64        2.30-5.el5                  sl-base                32 k
 perl-XML-DOM                         noarch        1.44-2.el5                  epel                  138 k
 perl-XML-NamespaceSupport            noarch        1.09-1.2.1                  sl-base                15 k
 perl-XML-RegExp                      noarch        0.03-2.el5                  epel                  8.2 k
 perl-XML-SAX                         noarch        0.14-8                      sl-base                77 k
 pyOpenSSL                            x86_64        0.6-1.p24.7.2.2             sl-base               120 k
 saml2-xacml2-c-lib                   x86_64        1.0.1-6.osg                 osg-testing           581 k
 vo-client                            noarch        38-9.osg                    osg-testing            15 k
 vo-client-edgmkgridmap               noarch        38-9.osg                    osg-testing           4.8 k
 voms                                 x86_64        2.0.6-3.osg                 osg-testing           171 k

Transaction Summary
============================================================================================================
Install      73 Package(s)
Upgrade       0 Package(s)

Total download size: 116 M
Is this ok [y/N]: y
Downloading Packages:
(1/73): lcmaps-plugins-gums-client-0.0.2-2.osg.x86_64.rpm                            | 2.6 kB     00:00
(2/73): osg-se-bestman-3.0.0-6.x86_64.rpm                                            | 2.6 kB     00:00
(3/73): vo-client-edgmkgridmap-38-9.osg.noarch.rpm                                   | 4.8 kB     00:00
(4/73): globus-gridmap-callout-error-1.1-1.osg.x86_64.rpm                            | 6.7 kB     00:00
(5/73): osg-vo-map-0.0.1-1.osg.noarch.rpm                                            | 7.3 kB     00:00
(6/73): bestman2-tester-2.1.3-1.noarch.rpm                                           | 7.9 kB     00:00
(7/73): perl-XML-RegExp-0.03-2.el5.noarch.rpm                                        | 8.2 kB     00:00
(8/73): globus-authz-callout-error-2.0-2.osg.x86_64.rpm                              | 9.9 kB     00:00
(9/73): gums-client-1.3.18.002-3.noarch.rpm                                          |  13 kB     00:00
(10/73): globus-gssapi-error-4.0-2.osg.x86_64.rpm                                    |  13 kB     00:00
(11/73): globus-authz-2.0-2.osg.x86_64.rpm                                           |  14 kB     00:00
(12/73): globus-openssl-module-3.0-2.osg.x86_64.rpm                                  |  14 kB     00:00
(13/73): vo-client-38-9.osg.noarch.rpm                                               |  15 kB     00:00
(14/73): perl-XML-NamespaceSupport-1.09-1.2.1.noarch.rpm                             |  15 kB     00:00
(15/73): globus-gsi-openssl-error-2.0-2.osg.x86_64.rpm                               |  16 kB     00:00
(16/73): globus-usage-3.0-2.osg.x86_64.rpm                                           |  16 kB     00:00
(17/73): globus-callout-2.0-2.osg.x86_64.rpm                                         |  16 kB     00:00
(18/73): globus-xio-pipe-driver-2.0-2.osg.x86_64.rpm                                 |  16 kB     00:00
(19/73): globus-gsi-proxy-ssl-4.0-2.osg.x86_64.rpm                                   |  17 kB     00:00
(20/73): lcas-lcmaps-gt4-interface-0.1.4-6.osg.x86_64.rpm                            |  17 kB     00:00
(21/73): globus-gsi-cert-utils-8.0-2.osg.x86_64.rpm                                  |  18 kB     00:00
(22/73): globus-gfork-3.0-2.osg.x86_64.rpm                                           |  19 kB     00:00
(23/73): bestman2-server-2.1.3-1.noarch.rpm                                          |  21 kB     00:00
(24/73): edg-mkgridmap-4.0.0-3.osg.noarch.rpm                                        |  21 kB     00:00
(25/73): gratia-probe-gridftp-transfer-1.09-0.4.1.pre.noarch.rpm                     |  22 kB     00:00
(26/73): lcas-plugins-basic-1.3.5-5.osg.x86_64.rpm                                   |  23 kB     00:00
(27/73): lcmaps-plugins-verify-proxy-1.4.9-2.osg.x86_64.rpm                          |  23 kB     00:00
(28/73): fetch-crl-2.8.4-2.el5.noarch.rpm                                            |  24 kB     00:00
(29/73): bestman2-client-2.1.3-1.noarch.rpm                                          |  24 kB     00:00
(30/73): lcas-1.3.13-8.osg.x86_64.rpm                                                |  28 kB     00:00
(31/73): globus-gsi-sysconfig-5.0-3.osg.x86_64.rpm                                   |  29 kB     00:00
(32/73): perl-TermReadKey-2.30-5.el5.x86_64.rpm                                      |  32 kB     00:00
(33/73): lcmaps-plugins-saz-client-0.2.22-7.osg.x86_64.rpm                           |  32 kB     00:00
(34/73): globus-gss-assist-8.0-2.osg.x86_64.rpm                                      |  34 kB     00:00
(35/73): globus-gsi-credential-5.0-3.osg.x86_64.rpm                                  |  35 kB     00:00
(36/73): globus-gsi-proxy-core-6.0-2.osg.x86_64.rpm                                  |  36 kB     00:00
(37/73): globus-xio-gsi-driver-2.0-2.osg.x86_64.rpm                                  |  37 kB     00:00
(38/73): libtool-ltdl-1.5.22-7.el5_4.x86_64.rpm                                      |  38 kB     00:00
(39/73): lcmaps-plugins-basic-1.4.5-1.osg.x86_64.rpm                                 |  38 kB     00:00
(40/73): lcmaps-plugins-scas-client-0.2.22-7.osg.x86_64.rpm                          |  39 kB     00:00
(41/73): globus-gridftp-server-progs-6.1-5.osg.x86_64.rpm                            |  40 kB     00:00
(42/73): globus-gsi-callback-4.0-2.osg.x86_64.rpm                                    |  41 kB     00:00
(43/73): perl-Convert-ASN1-0.20-1.1.noarch.rpm                                       |  41 kB     00:00
(44/73): globus-io-9.0-2.osg.x86_64.rpm                                              |  44 kB     00:00
(45/73): perl-Crypt-SSLeay-0.51-11.el5.x86_64.rpm                                    |  45 kB     00:00
(46/73): perl-IO-Socket-SSL-1.01-1.fc6.noarch.rpm                                    |  49 kB     00:00
(47/73): globus-gssapi-gsi-10.0-1.osg.x86_64.rpm                                     |  60 kB     00:00
(48/73): jpackage-utils-1.7.3-1jpp.2.el5.noarch.rpm                                  |  61 kB     00:00
(49/73): java-1.6.0-sun-compat-1.6.0.26-3.sl5.jpp.x86_64.rpm                         |  65 kB     00:00
(50/73): globus-ftp-control-4.0-2.osg.x86_64.rpm                                     |  73 kB     00:00
(51/73): globus-gridftp-server-control-2.0-3.osg.x86_64.rpm                          |  77 kB     00:00
(52/73): perl-XML-SAX-0.14-8.noarch.rpm                                              |  77 kB     00:00
(53/73): lcmaps-1.4.28-14.osg.x86_64.rpm                                             |  89 kB     00:00
(54/73): pyOpenSSL-0.6-1.p24.7.2.2.x86_64.rpm                                        | 120 kB     00:00
(55/73): globus-common-14.0-3.osg.x86_64.rpm                                         | 128 kB     00:00
(56/73): gratia-probe-common-1.09-0.4.1.pre.noarch.rpm                               | 132 kB     00:00
(57/73): perl-XML-DOM-1.44-2.el5.noarch.rpm                                          | 138 kB     00:00
(58/73): globus-gridftp-server-6.1-5.osg.x86_64.rpm                                  | 163 kB     00:00
(59/73): voms-2.0.6-3.osg.x86_64.rpm                                                 | 171 kB     00:00
(60/73): globus-xio-3.0-3.osg.x86_64.rpm                                             | 178 kB     00:00
(61/73): bestman2-tester-libs-2.1.3-1.noarch.rpm                                     | 189 kB     00:00
(62/73): perl-Net-SSLeay-1.30-4.fc6.x86_64.rpm                                       | 192 kB     00:00
(63/73): perl-LDAP-0.33-3.fc6.noarch.rpm                                             | 316 kB     00:00
(64/73): osg-ca-certs-1.24-1.noarch.rpm                                              | 450 kB     00:00
(65/73): libxslt-1.1.17-2.el5_2.2.x86_64.rpm                                         | 488 kB     00:00
(66/73): saml2-xacml2-c-lib-1.0.1-6.osg.x86_64.rpm                                   | 581 kB     00:00
(67/73): netlogger-4.2.0-1.noarch.rpm                                                | 624 kB     00:00
(68/73): bestman2-client-libs-2.1.3-1.noarch.rpm                                     | 627 kB     00:00
(69/73): bestman2-server-libs-2.1.3-1.noarch.rpm                                     | 779 kB     00:00
(70/73): bestman2-common-libs-2.1.3-1.noarch.rpm                                     | 5.5 MB     00:01
(71/73): bestman2-server-dep-libs-2.1.3-1.noarch.rpm                                 |  11 MB     00:01
(72/73): gums-1.3.18.002-3.noarch.rpm                                                |  25 MB     00:02
(73/73): jdk-1.6.0_26-fcs.x86_64.rpm                                                 |  68 MB     00:01
------------------------------------------------------------------------------------------------------------
Total                                                                       6.0 MB/s | 116 MB     00:19
warning: rpmts_HdrFromFdno: Header V3 DSA signature: NOKEY, key ID 824b8603
osg-testing/gpgkey                                                                   | 1.7 kB     00:00
Importing GPG key 0x824B8603 "OSG Software Team (RPM Signing Key for Koji Packages) " from /etc/pki/rpm-gpg/RPM-GPG-KEY-OSG
Is this ok [y/N]: y
warning: rpmts_HdrFromFdno: Header V3 DSA signature: NOKEY, key ID 217521f6
epel/gpgkey                                                                          | 1.7 kB     00:00
Importing GPG key 0x217521F6 "Fedora EPEL " from /etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL
Is this ok [y/N]: y
Running rpm_check_debug
Running Transaction Test
Finished Transaction Test
Transaction Test Succeeded
Running Transaction
  Installing     : globus-gsi-proxy-ssl                                                                1/73
  Installing     : saml2-xacml2-c-lib                                                                  2/73
  Installing     : lcmaps-plugins-scas-client                                                          3/73
  Installing     : libtool-ltdl                                                                        4/73
  Installing     : globus-common                                                                       5/73
  Installing     : globus-gsi-openssl-error                                                            6/73
  Installing     : globus-openssl-module                                                               7/73
  Installing     : globus-gsi-sysconfig                                                                8/73
  Installing     : globus-gsi-cert-utils                                                               9/73
  Installing     : globus-gsi-callback                                                                10/73
  Installing     : globus-gsi-credential                                                              11/73
  Installing     : globus-gsi-proxy-core                                                              12/73
  Installing     : globus-gssapi-gsi                                                                  13/73
  Installing     : globus-callout                                                                     14/73
  Installing     : globus-gss-assist                                                                  15/73
  Installing     : globus-xio                                                                         16/73
  Installing     : globus-gssapi-error                                                                17/73
  Installing     : globus-xio-gsi-driver                                                              18/73
  Installing     : globus-io                                                                          19/73
  Installing     : globus-authz-callout-error                                                         20/73
  Installing     : globus-authz                                                                       21/73
  Installing     : globus-ftp-control                                                                 22/73
  Installing     : globus-usage                                                                       23/73
  Installing     : globus-gfork                                                                       24/73
  Installing     : perl-Net-SSLeay                                                                    25/73
  Installing     : globus-gridmap-callout-error                                                       26/73
  Installing     : globus-xio-pipe-driver                                                             27/73
  Installing     : globus-gridftp-server-control                                                      28/73
  Installing     : globus-gridftp-server                                                              29/73
  Installing     : globus-gridftp-server-progs                                                        30/73
  Installing     : lcmaps-plugins-saz-client                                                          31/73
  Installing     : lcmaps-plugins-verify-proxy                                                        32/73
  Installing     : lcmaps-plugins-basic                                                               33/73
  Installing     : voms                                                                               34/73
  Installing     : perl-Crypt-SSLeay                                                                  35/73
  Installing     : perl-TermReadKey                                                                   36/73
  Installing     : pyOpenSSL                                                                          37/73
  Installing     : libxslt                                                                            38/73
  Installing     : osg-ca-certs                                                                       39/73
  Installing     : vo-client                                                                          40/73
  Installing     : osg-vo-map                                                                         41/73
  Installing     : vo-client-edgmkgridmap                                                             42/73
  Installing     : gratia-probe-common                                                                43/73
  Installing     : perl-IO-Socket-SSL                                                                 44/73
  Installing     : lcmaps-plugins-gums-client                                                         45/73
  Installing     : lcmaps                                                                             46/73
  Installing     : perl-XML-RegExp                                                                    47/73
  Installing     : perl-XML-DOM                                                                       48/73
  Installing     : jpackage-utils                                                                     49/73
  Installing     : perl-XML-NamespaceSupport                                                          50/73
  Installing     : perl-XML-SAX                                                                       51/73
  Installing     : netlogger                                                                          52/73
  Installing     : gratia-probe-gridftp-transfer                                                      53/73
  Installing     : jdk                                                                                54/73
Unpacking JAR files...
        rt.jar...
        jsse.jar...
        charsets.jar...
        tools.jar...
        localedata.jar...
        plugin.jar...
        javaws.jar...
        deploy.jar...
  Installing     : java-1.6.0-sun-compat                                                              55/73
  Installing     : bestman2-common-libs                                                               56/73
  Installing     : bestman2-server-libs                                                               57/73
  Installing     : bestman2-tester-libs                                                               58/73
  Installing     : bestman2-tester                                                                    59/73
  Installing     : gums                                                                               60/73
  Installing     : gums-client                                                                        61/73
  Installing     : bestman2-client-libs                                                               62/73
  Installing     : bestman2-client                                                                    63/73
  Installing     : bestman2-server-dep-libs                                                           64/73
  Installing     : bestman2-server                                                                    65/73
  Installing     : perl-Convert-ASN1                                                                  66/73
  Installing     : perl-LDAP                                                                          67/73
  Installing     : edg-mkgridmap                                                                      68/73
  Installing     : fetch-crl                                                                          69/73
  Installing     : lcas                                                                               70/73
  Installing     : lcas-lcmaps-gt4-interface                                                          71/73
  Installing     : lcas-plugins-basic                                                                 72/73
  Installing     : osg-se-bestman                                                                     73/73

Installed:
  osg-se-bestman.x86_64 0:3.0.0-6

Dependency Installed:
  bestman2-client.noarch 0:2.1.3-1                   bestman2-client-libs.noarch 0:2.1.3-1
  bestman2-common-libs.noarch 0:2.1.3-1              bestman2-server.noarch 0:2.1.3-1
  bestman2-server-dep-libs.noarch 0:2.1.3-1          bestman2-server-libs.noarch 0:2.1.3-1
  bestman2-tester.noarch 0:2.1.3-1                   bestman2-tester-libs.noarch 0:2.1.3-1
  edg-mkgridmap.noarch 0:4.0.0-3.osg                 fetch-crl.noarch 0:2.8.4-2.el5
  globus-authz.x86_64 0:2.0-2.osg                    globus-authz-callout-error.x86_64 0:2.0-2.osg
  globus-callout.x86_64 0:2.0-2.osg                  globus-common.x86_64 0:14.0-3.osg
  globus-ftp-control.x86_64 0:4.0-2.osg              globus-gfork.x86_64 0:3.0-2.osg
  globus-gridftp-server.x86_64 0:6.1-5.osg           globus-gridftp-server-control.x86_64 0:2.0-3.osg
  globus-gridftp-server-progs.x86_64 0:6.1-5.osg     globus-gridmap-callout-error.x86_64 0:1.1-1.osg
  globus-gsi-callback.x86_64 0:4.0-2.osg             globus-gsi-cert-utils.x86_64 0:8.0-2.osg
  globus-gsi-credential.x86_64 0:5.0-3.osg           globus-gsi-openssl-error.x86_64 0:2.0-2.osg
  globus-gsi-proxy-core.x86_64 0:6.0-2.osg           globus-gsi-proxy-ssl.x86_64 0:4.0-2.osg
  globus-gsi-sysconfig.x86_64 0:5.0-3.osg            globus-gss-assist.x86_64 0:8.0-2.osg
  globus-gssapi-error.x86_64 0:4.0-2.osg             globus-gssapi-gsi.x86_64 0:10.0-1.osg
  globus-io.x86_64 0:9.0-2.osg                       globus-openssl-module.x86_64 0:3.0-2.osg
  globus-usage.x86_64 0:3.0-2.osg                    globus-xio.x86_64 0:3.0-3.osg
  globus-xio-gsi-driver.x86_64 0:2.0-2.osg           globus-xio-pipe-driver.x86_64 0:2.0-2.osg
  gratia-probe-common.noarch 0:1.09-0.4.1.pre        gratia-probe-gridftp-transfer.noarch 0:1.09-0.4.1.pre
  gums.noarch 0:1.3.18.002-3                         gums-client.noarch 0:1.3.18.002-3
  java-1.6.0-sun-compat.x86_64 0:1.6.0.26-3.sl5.jpp  jdk.x86_64 2000:1.6.0_26-fcs
  jpackage-utils.noarch 0:1.7.3-1jpp.2.el5           lcas.x86_64 0:1.3.13-8.osg
  lcas-lcmaps-gt4-interface.x86_64 0:0.1.4-6.osg     lcas-plugins-basic.x86_64 0:1.3.5-5.osg
  lcmaps.x86_64 0:1.4.28-14.osg                      lcmaps-plugins-basic.x86_64 0:1.4.5-1.osg
  lcmaps-plugins-gums-client.x86_64 0:0.0.2-2.osg    lcmaps-plugins-saz-client.x86_64 0:0.2.22-7.osg
  lcmaps-plugins-scas-client.x86_64 0:0.2.22-7.osg   lcmaps-plugins-verify-proxy.x86_64 0:1.4.9-2.osg
  libtool-ltdl.x86_64 0:1.5.22-7.el5_4               libxslt.x86_64 0:1.1.17-2.el5_2.2
  netlogger.noarch 0:4.2.0-1                         osg-ca-certs.noarch 0:1.24-1
  osg-vo-map.noarch 0:0.0.1-1.osg                    perl-Convert-ASN1.noarch 0:0.20-1.1
  perl-Crypt-SSLeay.x86_64 0:0.51-11.el5             perl-IO-Socket-SSL.noarch 0:1.01-1.fc6
  perl-LDAP.noarch 1:0.33-3.fc6                      perl-Net-SSLeay.x86_64 0:1.30-4.fc6
  perl-TermReadKey.x86_64 0:2.30-5.el5               perl-XML-DOM.noarch 0:1.44-2.el5
  perl-XML-NamespaceSupport.noarch 0:1.09-1.2.1      perl-XML-RegExp.noarch 0:0.03-2.el5
  perl-XML-SAX.noarch 0:0.14-8                       pyOpenSSL.x86_64 0:0.6-1.p24.7.2.2
  saml2-xacml2-c-lib.x86_64 0:1.0.1-6.osg            vo-client.noarch 0:38-9.osg
  vo-client-edgmkgridmap.noarch 0:38-9.osg           voms.x86_64 0:2.0.6-3.osg

Complete!
[root@fermicloud109 ~]# sed -i 's/\#globus_mapping/globus_mapping/' /etc/grid-security/gsi-authz.conf
[root@fermicloud109 ~]# sed -i 's/yourgums.yourdomain/gums.fnal.gov/' /etc/lcmaps.db
[root@fermicloud109 ~]# mkdir /etc/grid-security/bestman
[root@fermicloud109 ~]# cp /etc/grid-security/hostkey.pem /etc/grid-security/bestman/bestmankey.pem
[root@fermicloud109 ~]# cp /etc/grid-security/hostcert.pem /etc/grid-security/bestman/bestmancert.pem
[root@fermicloud109 ~]# chown -R bestman:bestman /etc/grid-security/bestman/
[root@fermicloud109 ~]# sed -i 's/Defaults.*requiretty/#Defaults requiretty/' /etc/sudoers
[root@fermicloud109 ~]# echo "Cmnd_Alias SRM_CMD = /bin/rm, /bin/mkdir, /bin/rmdir, /bin/mv, /bin/ls" >> /etc/sudoers
[root@fermicloud109 ~]#         echo "Runas_Alias SRM_USR = ALL, !root" >> /etc/sudoers
-bash: !root": event not found
[root@fermicloud109 ~]# echo "Runas_Alias SRM_USR = ALL, !root" >> /etc/sudoers
-bash: !root": event not found
[root@fermicloud109 ~]# echo "Runas_Alias SRM_USR = ALL, \!root" >> /etc/sudoers
[root@fermicloud109 ~]# echo "bestman ALL=(SRM_USR) NOPASSWD:SRM_CMD" >> /etc/sudoers
[root@fermicloud109 ~]# vi /etc/sudoers
[root@fermicloud109 ~]# vi /etc/bestman2/
conf/       properties/ version
[root@fermicloud109 ~]# vi /etc/bestman2/conf/
bestman2.gateway.sample.rc  grid-mapfile.empty          srmtester.conf.sample
bestman2.rc                 srmclient.conf              WEB-INF/
bestman-diag.conf.sample    srmclient.conf.sample
bestman-diag-msg.conf       srmtester.conf
[root@fermicloud109 ~]# vi /etc/bestman2/conf/bestman2.rc
[root@fermicloud109 ~]#         sed -i 's/CertFileName=.*/CertFileName=\/etc\/grid-security\/bestman\/bestma
[root@fermicloud109 ~]#         sed -i 's/KeyFileName=.*/KeyFileName=\/etc\/grid-security\/bestman\/bestmank
[root@fermicloud109 ~]#         sed -i 's/GUMSserviceURL=.*/GUMSserviceURL=https:\/\/gums.fnal.gov:8443\/gum
[root@fermicloud109 ~]#         sed -i 's/BESTMAN_GUMSCERTPATH=.*/BESTMAN_GUMSCERTPATH=\/etc\/grid-security\
[root@fermicloud109 ~]#         sed -i 's/BESTMAN_GUMSKEYPATH=.*/BESTMAN_GUMSKEYPATH=\/etc\/grid-security\/b
[root@fermicloud109 ~]#         echo "localPathListAllowed=/tmp" >> /etc/bestman2/conf/bestman2.rc
[root@fermicloud109 ~]# vi /etc/bestman2/conf/bestman2.rc
[root@fermicloud109 ~]# hostname
fermicloud109.fnal.gov
[root@fermicloud109 ~]# HOSTNAME=`hostname`
[root@fermicloud109 ~]# echo "supportedProtocolList=gsiftp://$HOSTNAME" >> /etc/bestman2/conf/bestman2.rc
[root@fermicloud109 ~]# service bestman2 start
Starting bestman2:                                         [  OK  ]
[root@fermicloud109 ~]# tail -f /var/log/bestman2/bestman2.log
BeStMan: space mgt component is disabled.
[Note:] srmcacheKeywordOn is set to true automatically when space mgt is disabled.
............ no static tokens defined for bestman
.........local SRM is on: httpg://fermicloud109.fnal.gov:8443/srm/v2/server  current user:bestman
.... using gsi connection.
...appling /etc/bestman2/conf/WEB-INF/jetty.xml
........pool:null qtp1884603565{10<=0<=0/256,-1}
..........acceptQueueSize:0
..................acceptor:1
BeStMan-Jetty is ready.

[root@fermicloud109 ~]#

14.0 Known Issues

14.1 Requesting host certificates in slc6

Sometimes it may happen that bestman does not start when certificates were requested on slc6. This may be caused by a bug in JGlobus with openssl> 1.X.X JGlobusIssue118. A known workaround is to run this command

openssl rsa -in mykey.pem -out mykey.pem.old

This command on SLF6 converts mykey.pem in mykey.pem.old which has format supported by jglobus.

Comments

There is no mention of BESTMAN_GUMS_ENABLED. It defaults to yes, should it be set to no if using the gridmap file? MarcoMambelli 17 Apr 2012 - 20:56

Topic attachments
I Attachment Action Size Date Who Comment
pdfpdf Bestman2.3.0-ScalabilityTests.pdf manage 118.8 K 11 Jan 2013 - 19:47 NehaSharma Bestman-2.3.0 Scalability Testing
Topic revision: r60 - 07 Feb 2017 - 20:18:16 - BrianBockelman
Hello, TWikiGuest!
Register

 
TWIKI.NET

TWiki | Report Bugs | Privacy Policy

This site is powered by the TWiki collaboration platformCopyright by the contributing authors. All material on this collaboration platform is the property of the contributing authors..