SyncGTS Command Line Approach

[ GTS: Administrators Guide | Developers Guide | caGrid: Documentation Guides ]

Overview

This guide provides a step-by-step process for syncing with the trust fabric using the SyncGTS Command Line approach. The SyncGTS command line approach is intended to be used to sync client environments with the trust fabric. To ensure that the client environment is synced with the latest trust roots, this approach should be repeated regularly.

Prerequisites

In order to install and run the GTS, the following prerequisite software must be installed:

Java 1.6 JDK or Greater
Mysql 5 or Greater

Step 1: Installing SyncGTS

In this step you will download and install SyncGTS using the caGrid Installer. If you already have caGrid 1.4 installed on your machine, you may proceed to the next step. To install caGrid/SyncGTS, please complete the following steps:

Installer Prerequisites

The caGrid Installer installs all prerequisites except for Java and MySQL.

Java 6 JDK
- Make sure the JAVA_HOME environment variable is set and points to the location where the JDK has been installed.
(Optional) If you are deploying caGrid core services locally, you may also need a MySQL database.
Note
MySQL is only required for the security services and GME. You can use 4.x (with transaction enabled; i.e., use InnoDB engine) or 5.x.

Installing caGrid 1.4 Using the Installer

Internet Resources Required by the Installer
Unless you are using a customized installer, the installer will need to be able to access these internet resources:

http://gforge.nci.nih.gov to download caGrid and Globus
http://archive.apache.org to download ant and tomcat (if you create a tomcat container)
http://downloads.sourceforge.net to download JBoss if you create a JBoss container.
https://ncisvn.nci.nih.gov to download the default installer properties and configuration file

Download the caGrid 1.4 Installer, unless you have a customized installer that you have been instructed to use for your grid. The downloaded installer should be contained in the file caGrid-installer-1.4.zip. If you are using a customized installer the name may vary.
Unzip the file caGrid-installer-1.4.zip. This creates the directory caGrid-installer-1.4. This documentation refers to this directory as CAGRID_INSTALLER_LOCATION.
From a command prompt, launch the installer using the following command:
Do not launch the installer by double-clicking the jar file
```
 > cd *CAGRID_INSTALLER_LOCATION*

> java -jar caGrid-installer-1.4.jar 
```

Select the I agree to this license checkbox and then click Next.

Select the Install/Configure caGrid Software checkbox and then click Next.

The installer detects whether or not you have already installed Ant. It installs or reinstalls it, depending on your installation status. In either case, you must specify the location where you want to install Ant.
The installer detects whether or not you have already installed Globus. It installs or reinstalls it, depending on your installation status. In either case, you must specify the location where you want to install Globus.

The installer asks you for a location on your local file system to install caGrid. Specify a location to install caGrid and click Next.

To select a file location that is not in the User's Home directory, Click the Look In: drop down list and select a new starting location.

The installer displays a list of tasks that the installer will perform. Click Next to begin the installation process. At this time the installer downloads, builds, and installs several components. This process takes several minutes.
Once the installer has completed installing all the components, click Next.

The installer prompts you to specify which Grid you want to configure your installation to use. The installer supports configuring caGrid to work out of the box with many community Grid environments. For testing and development purposes, we recommend selecting the Training Grid. If you do not want to configure caGrid to work with an existing Grid you may select that as well. The installer can also be modified to support additional Grids.

The installer shows a summary of the tasks to be completed. Click Next to configure caGrid to use the selected target Grids. This process takes several minutes.
Once the installer has finished configuring caGrid to use the target Grid, click Next. The final screen reminds you to set your ANT_HOME and GLOBUS_LOCATION environment variables. Set these variables immediately and click Finish.

Congratulations! You have successfully installed caGrid.

Add ANT_HOME/bin to PATH
You will be running the ant program from the command line so add ANT_HOME/bin to PATH.

The installer will install caGrid to the directory you specified during installation. From this point forward we will refer to this directory as CAGRID_HOME. SyncGTS can be found in the directory CAGRID_HOME/projects/syncgts. From this point forward we will refer to this directory as SYNC_GTS_HOME.

Step 2: Configuring SyncGTS (Optional)

SyncGTS is configured through an XML configuration file herein referred to as the Sync Description. The default Sync Description file can be found in SYNC_GTS_HOME/ext/resource/sync-description.xml. SyncGTS is pre-configured to work with the Target Grid you specified during installation and in most cases does not need to be modified.

If you do need to change the target grid that sync GTS synchronizes with, please read further how to change your target Grid.

Step 3: Configure Trust Roots (Optional)

In order for SyncGTS to sync with a GTS service, it is required that the local environment trust the GTS service with which it is being synced. In other words the local environment must trust the certificate authority that issued the GTS Service's credentials. SyncGTS is pre-configured to trust the Trust Fabric Certificate Authority of the Target Grid you specified during installation and in most cases no further configuration is required. If further configuration is required, SyncGTS can easily be configured to trust other certificate authorities by placing a copy of the CA's certificate in the directory SYNC_GTS_HOME/ext/resources/certificates. The CA certificate must be contained in PEM format and must be given a digit (0-9) extension. For example, to configure SyncGTS to trust a CA whose certificate is contained in the file cacert.pem, the file should be renamed to cacert.0 and copied to the directory SYNC_GTS_HOME/ext/resources/certificates. You will also need to add an entry to the excluded CA list in SyncGTS's configuration.

Step 4: Running SyncGTS

To run SyncGTS from the command line, complete the following from a command prompt:<

 > cd SYNC_GTS_HOME
 > ant syncWithTrustFabric

Executing the command above should yield similar output to the output below:

> ant syncWithTrustFabric
Buildfile: build.xml

syncWithTrustFabric:

setGlobus:

checkGlobus:
     [echo] Globus: /home/cagrid/ext/ws-core-4.0.3

defineClasspaths:

defineExtendedClasspaths:

deployTrustedCerts:

syncWithTrustFabric:
     [java] log4j: Trying to find [sync-gts-log4j.properties] using context classloader sun.misc.Launcher$AppClassLoader@a9c85c.
     [java] log4j: Using URL [file:/home/cagrid/projects/caGrid/caGrid/projects/syncgts/build/classes/sync-gts-log4j.properties] for automatic log4j configuration.
     [java] log4j: Reading configuration from URL file:/home/cagrid/projects/caGrid/caGrid/projects/syncgts/build/classes/sync-gts-log4j.properties
     [java] log4j: Parsing for [root] with value=[ERROR, A1].
     [java] log4j: Level token is [ERROR].
     [java] log4j: Category root set to ERROR
     [java] log4j: Parsing appender named "A1".
     [java] log4j: Parsing layout options for "A1".
     [java] log4j: Setting property [conversionPattern] to [%d{ISO8601} %-5p %c{2} [%t,%M:%L] %m%n].
     [java] log4j: End of parsing for "A1".
     [java] log4j: Parsed "A1" options.
     [java] log4j: Parsing for [gov.nih.nci.cagrid.syncgts.core] with value=[DEBUG].
     [java] log4j: Level token is [DEBUG].
     [java] log4j: Category gov.nih.nci.cagrid.syncgts.core set to DEBUG
     [java] log4j: Handling log4j.additivity.gov.nih.nci.cagrid.syncgts.core=[null]
     [java] log4j: Parsing for [org.globus] with value=[INFO].
     [java] log4j: Level token is [INFO].
     [java] log4j: Category org.globus set to INFO
     [java] log4j: Handling log4j.additivity.org.globus=[null]
     [java] log4j: Finished configuring.
     [java] 2009-02-20 12:48:32,496 DEBUG core.SyncGTS [main,getSyncDescription:55] SyncGTS using sync description: /home/cagrid/projects/caGrid/caGrid/projects/syncgts/ext/target_grid/sync-description.xml
     [java] 2009-02-20 12:48:32,515 INFO  core.SyncGTS [main,sync:175] Syncing with the GTS https://slavegts.training.cagrid.org:8443/wsrf/services/cagrid/GTS
     [java] 2009-02-20 12:48:34,371 DEBUG core.SyncGTS [main,sync:200] Successfully synced with https://slavegts.training.cagrid.org:8443/wsrf/services/cagrid/GTS using filter 1 the search found 5 Trusted Authority(s)!!!
     [java] 2009-02-20 12:48:34,371 DEBUG core.SyncGTS [main,sync:236] Done syncing with the GTS https://slavegts.training.cagrid.org:8443/wsrf/services/cagrid/GTS 5 Trusted Authority(s) found!!!
     [java] 2009-02-20 12:48:34,372 INFO  core.SyncGTS [main,readInCurrentCADirectory:578] Taking Snapshot of Trusted CA Directory (/home/cagrid/.globus/certificates)....
     [java] 2009-02-20 12:48:34,374 DEBUG core.SyncGTS [main,readInCurrentCADirectory:632] Found 6 Trusted CAs found!!!
     [java] 2009-02-20 12:48:34,374 DEBUG core.SyncGTS [main,readInCurrentCADirectory:636] Trusted CA [8e3e7e54] {
     [java]  Certificate:/home/cagrid/.globus/certificates/8e3e7e54.0
     [java]  CRL:/home/cagrid/.globus/certificates/8e3e7e54.r0
     [java]  Signing Policy:/home/cagrid/.globus/certificates/8e3e7e54.signing_policy
     [java] }
     [java]
     [java] 2009-02-20 12:48:34,374 DEBUG core.SyncGTS [main,readInCurrentCADirectory:636] Trusted CA [62f4fd66] {
     [java]  Certificate:/home/cagrid/.globus/certificates/62f4fd66.0
     [java]  CRL:null
     [java]  Signing Policy:/home/cagrid/.globus/certificates/62f4fd66.signing_policy
     [java] }
     [java]
     [java] 2009-02-20 12:48:34,375 DEBUG core.SyncGTS [main,readInCurrentCADirectory:636] Trusted CA [f3b3491b] {
     [java]  Certificate:/home/cagrid/.globus/certificates/f3b3491b.0
     [java]  CRL:/home/cagrid/.globus/certificates/f3b3491b.r0
     [java]  Signing Policy:/home/cagrid/.globus/certificates/f3b3491b.signing_policy
     [java] }
     [java]
     [java] 2009-02-20 12:48:34,375 DEBUG core.SyncGTS [main,readInCurrentCADirectory:636] Trusted CA [1c3f2ca8] {
     [java]  Certificate:/home/cagrid/.globus/certificates/1c3f2ca8.0
     [java]  CRL:/home/cagrid/.globus/certificates/1c3f2ca8.r0
     [java]  Signing Policy:/home/cagrid/.globus/certificates/1c3f2ca8.signing_policy
     [java] }
     [java]
     [java] 2009-02-20 12:48:34,378 DEBUG core.SyncGTS [main,readInCurrentCADirectory:636] Trusted CA [68907d53] {
     [java]  Certificate:/home/cagrid/.globus/certificates/68907d53.0
     [java]  CRL:null
     [java]  Signing Policy:/home/cagrid/.globus/certificates/68907d53.signing_policy
     [java] }
     [java]
     [java] 2009-02-20 12:48:34,378 DEBUG core.SyncGTS [main,readInCurrentCADirectory:636] Trusted CA [d1b603c3] {
     [java]  Certificate:/home/cagrid/.globus/certificates/d1b603c3.0
     [java]  CRL:/home/cagrid/.globus/certificates/d1b603c3.r0
     [java]  Signing Policy:/home/cagrid/.globus/certificates/d1b603c3.signing_policy
     [java] }
     [java]
     [java] 2009-02-20 12:48:34,381 INFO  core.SyncGTS [main,readInCurrentCADirectory:643] DONE -Taking Snapshot of Trusted CA Directory, 6 Trusted CAs found!!!
     [java] 2009-02-20 12:48:34,405 DEBUG core.SyncGTS [main,sync:342] Removed the certificate (/home/cagrid/.globus/certificates/8e3e7e54.0) for the CA O=caBIG,OU=caGrid,OU=LOA1,CN=caGrid LOA1 Certificate Authority.
     [java] 2009-02-20 12:48:34,405 DEBUG core.SyncGTS [main,sync:357] Removed the CRL (/home/cagrid/.globus/certificates/8e3e7e54.r0) for the CA O=caBIG,OU=caGrid,OU=LOA1,CN=caGrid LOA1 Certificate Authority.
     [java] 2009-02-20 12:48:34,405 DEBUG core.SyncGTS [main,sync:372] Removed the Signing Policy (/home/cagrid/.globus/certificates/8e3e7e54.0) for the CA O=caBIG,OU=caGrid,OU=LOA1,CN=caGrid LOA1 Certificate Authority.
     [java] 2009-02-20 12:48:34,405 DEBUG core.SyncGTS [main,sync:387] Removed the CA Metadata (/home/cagrid/.globus/certificates/8e3e7e54.syncgts) for the CA O=caBIG,OU=caGrid,OU=LOA1,CN=caGrid LOA1 Certificate Authority.
     [java] 2009-02-20 12:48:34,414 DEBUG core.SyncGTS [main,sync:342] Removed the certificate (/home/cagrid/.globus/certificates/62f4fd66.0) for the CA O=caBIG,OU=caGrid,OU=Trust Fabric,CN=caGrid Trust Fabric Certificate Authority.
     [java] 2009-02-20 12:48:34,415 DEBUG core.SyncGTS [main,sync:372] Removed the Signing Policy (/home/cagrid/.globus/certificates/62f4fd66.0) for the CA O=caBIG,OU=caGrid,OU=Trust Fabric,CN=caGrid Trust Fabric Certificate Authority.
     [java] 2009-02-20 12:48:34,415 DEBUG core.SyncGTS [main,sync:387] Removed the CA Metadata (/home/cagrid/.globus/certificates/62f4fd66.syncgts) for the CA O=caBIG,OU=caGrid,OU=Trust Fabric,CN=caGrid Trust Fabric Certificate Authority.
     [java] 2009-02-20 12:48:34,421 DEBUG core.SyncGTS [main,sync:342] Removed the certificate (/home/cagrid/.globus/certificates/f3b3491b.0) for the CA O=caBIG,OU=caGrid,OU=Training,CN=caGrid Training CA.
     [java] 2009-02-20 12:48:34,422 DEBUG core.SyncGTS [main,sync:357] Removed the CRL (/home/cagrid/.globus/certificates/f3b3491b.r0) for the CA O=caBIG,OU=caGrid,OU=Training,CN=caGrid Training CA.
     [java] 2009-02-20 12:48:34,422 DEBUG core.SyncGTS [main,sync:372] Removed the Signing Policy (/home/cagrid/.globus/certificates/f3b3491b.0) for the CA O=caBIG,OU=caGrid,OU=Training,CN=caGrid Training CA.
     [java] 2009-02-20 12:48:34,422 DEBUG core.SyncGTS [main,sync:387] Removed the CA Metadata (/home/cagrid/.globus/certificates/f3b3491b.syncgts) for the CA O=caBIG,OU=caGrid,OU=Training,CN=caGrid Training CA.
     [java] 2009-02-20 12:48:34,427 DEBUG core.SyncGTS [main,sync:342] Removed the certificate (/home/cagrid/.globus/certificates/1c3f2ca8.0) for the CA DC=org,DC=DOEGrids,OU=Certificate Authorities,CN=DOEGrids CA 1.
     [java] 2009-02-20 12:48:34,427 DEBUG core.SyncGTS [main,sync:357] Removed the CRL (/home/cagrid/.globus/certificates/1c3f2ca8.r0) for the CA DC=org,DC=DOEGrids,OU=Certificate Authorities,CN=DOEGrids CA 1.
     [java] 2009-02-20 12:48:34,428 DEBUG core.SyncGTS [main,sync:372] Removed the Signing Policy (/home/cagrid/.globus/certificates/1c3f2ca8.0) for the CA DC=org,DC=DOEGrids,OU=Certificate Authorities,CN=DOEGrids CA 1.
     [java] 2009-02-20 12:48:34,428 DEBUG core.SyncGTS [main,sync:387] Removed the CA Metadata (/home/cagrid/.globus/certificates/1c3f2ca8.syncgts) for the CA DC=org,DC=DOEGrids,OU=Certificate Authorities,CN=DOEGrids CA 1.
     [java] 2009-02-20 12:48:34,429 INFO  core.SyncGTS [main,sync:298] The CA O=caBIG,OU=caGrid,OU=Training Trust Fabric,CN=caGrid Training Trust Fabric CA was not removed because it is the exclude list.
     [java] 2009-02-20 12:48:34,436 DEBUG core.SyncGTS [main,sync:342] Removed the certificate (/home/cagrid/.globus/certificates/d1b603c3.0) for the CA DC=net,DC=ES,O=ESnet,OU=Certificate Authorities,CN=ESnet Root CA 1.
     [java] 2009-02-20 12:48:34,438 DEBUG core.SyncGTS [main,sync:357] Removed the CRL (/home/cagrid/.globus/certificates/d1b603c3.r0) for the CA DC=net,DC=ES,O=ESnet,OU=Certificate Authorities,CN=ESnet Root CA 1.
     [java] 2009-02-20 12:48:34,439 DEBUG core.SyncGTS [main,sync:372] Removed the Signing Policy (/home/cagrid/.globus/certificates/d1b603c3.0) for the CA DC=net,DC=ES,O=ESnet,OU=Certificate Authorities,CN=ESnet Root CA 1.
     [java] 2009-02-20 12:48:34,439 DEBUG core.SyncGTS [main,sync:387] Removed the CA Metadata (/home/cagrid/.globus/certificates/d1b603c3.syncgts) for the CA DC=net,DC=ES,O=ESnet,OU=Certificate Authorities,CN=ESnet Root CA 1.
     [java] 2009-02-20 12:48:34,440 INFO  core.SyncGTS [main,sync:414] Successfully removed 5 Trusted Authority(s) from /home/cagrid/.globus/certificates
     [java] 2009-02-20 12:48:34,444 DEBUG core.SyncGTS [main,sync:477] Wrote out the certificate for the Trusted Authority O=caBIG,OU=caGrid,OU=Training,CN=caGrid Training CA to the file /home/cagrid/.globus/certificates/f3b3491b.0
     [java] 2009-02-20 12:48:34,449 DEBUG core.SyncGTS [main,sync:484] Wrote out the CRL for the Trusted Authority O=caBIG,OU=caGrid,OU=Training,CN=caGrid Training CA to the file /home/cagrid/.globus/certificates/f3b3491b.r0
     [java] 2009-02-20 12:48:34,456 DEBUG core.SyncGTS [main,sync:499] Wrote out the metadata for the Trusted Authority O=caBIG,OU=caGrid,OU=Training,CN=caGrid Training CA to the file /home/cagrid/.globus/certificates/f3b3491b.syncgts
     [java] 2009-02-20 12:48:34,461 DEBUG core.SyncGTS [main,sync:477] Wrote out the certificate for the Trusted Authority DC=org,DC=DOEGrids,OU=Certificate Authorities,CN=DOEGrids CA 1 to the file /home/cagrid/.globus/certificates/1c3f2ca8.0
     [java] 2009-02-20 12:48:34,508 DEBUG core.SyncGTS [main,sync:484] Wrote out the CRL for the Trusted Authority DC=org,DC=DOEGrids,OU=Certificate Authorities,CN=DOEGrids CA 1 to the file /home/cagrid/.globus/certificates/1c3f2ca8.r0
     [java] 2009-02-20 12:48:34,510 DEBUG core.SyncGTS [main,sync:499] Wrote out the metadata for the Trusted Authority DC=org,DC=DOEGrids,OU=Certificate Authorities,CN=DOEGrids CA 1 to the file /home/cagrid/.globus/certificates/1c3f2ca8.syncgts
     [java] 2009-02-20 12:48:34,513 DEBUG core.SyncGTS [main,sync:477] Wrote out the certificate for the Trusted Authority O=caBIG,OU=caGrid,OU=Trust Fabric,CN=caGrid Trust Fabric Certificate Authority to the file /home/cagrid/.globus/certificates/62f4fd66.0
     [java] 2009-02-20 12:48:34,517 DEBUG core.SyncGTS [main,sync:499] Wrote out the metadata for the Trusted Authority O=caBIG,OU=caGrid,OU=Trust Fabric,CN=caGrid Trust Fabric Certificate Authority to the file /home/cagrid/.globus/certificates/62f4fd66.syncgts
     [java] 2009-02-20 12:48:34,520 DEBUG core.SyncGTS [main,sync:477] Wrote out the certificate for the Trusted Authority O=caBIG,OU=caGrid,OU=LOA1,CN=caGrid LOA1 Certificate Authority to the file /home/cagrid/.globus/certificates/8e3e7e54.0
     [java] 2009-02-20 12:48:34,523 DEBUG core.SyncGTS [main,sync:484] Wrote out the CRL for the Trusted Authority O=caBIG,OU=caGrid,OU=LOA1,CN=caGrid LOA1 Certificate Authority to the file /home/cagrid/.globus/certificates/8e3e7e54.r0
     [java] 2009-02-20 12:48:34,524 DEBUG core.SyncGTS [main,sync:499] Wrote out the metadata for the Trusted Authority O=caBIG,OU=caGrid,OU=LOA1,CN=caGrid LOA1 Certificate Authority to the file /home/cagrid/.globus/certificates/8e3e7e54.syncgts
     [java] 2009-02-20 12:48:34,527 DEBUG core.SyncGTS [main,sync:477] Wrote out the certificate for the Trusted Authority DC=net,DC=ES,O=ESnet,OU=Certificate Authorities,CN=ESnet Root CA 1 to the file /home/cagrid/.globus/certificates/d1b603c3.0
     [java] 2009-02-20 12:48:34,530 DEBUG core.SyncGTS [main,sync:484] Wrote out the CRL for the Trusted Authority DC=net,DC=ES,O=ESnet,OU=Certificate Authorities,CN=ESnet Root CA 1 to the file /home/cagrid/.globus/certificates/d1b603c3.r0
     [java] 2009-02-20 12:48:34,531 DEBUG core.SyncGTS [main,sync:499] Wrote out the metadata for the Trusted Authority DC=net,DC=ES,O=ESnet,OU=Certificate Authorities,CN=ESnet Root CA 1 to the file /home/cagrid/.globus/certificates/d1b603c3.syncgts
     [java] 2009-02-20 12:48:34,531 INFO  core.SyncGTS [main,sync:533] Successfully wrote out 5 Trusted Authority(s) to /home/cagrid/.globus/certificates

BUILD SUCCESSFUL
Total time: 3 seconds

Congratulations you have successfully installed, configured, and run SyncGTS from the command line!!!