Table of Contents
The Grid Portlets User's Guide describes how to use Grid Portlets for managing jobs and data on the Grid. Please consult the Administrator's Guide for more information on how to administer the Grid Portlets web application. Please consult the Developer's Guide for more information on how to use Grid Portlets to develop custom Grid portal web applications.
The Grid Portlets web application must be installed on the same web server GridSphere is installed. Please consult with your portal administrator if this has not been done. Otherwise, you should see the "Grid Portlets" group in the list of available portlet groups in the Profile Manager portlet. Add that group to your user profile if it is not already added. Once it has been added, you will see a "Grid" tab in your tab bar.
Grid Portlets provides support for delegating credentials to a portal with the Credential Retrieval Portlet and enables users to sign-on to the Grid with those credentials. This section describes how to obtain a Grid certificate using globus command line tools and how to delegate credentials to a MyProxy credential repository. The Credential Retrieval Portlet allows users to retrieve credentials from MyProxy for use with other portlets that require credentials. Moreover, uers can configure Grid Portlets to retrieve credentials from MyProxy when they next login.
A Grid certificate is a file which consists of your RSA public key, a period of validity and some user information. Grid certificates can be used for authenticating users to computing resources on the Grid in a process known as single sign-on. The steps below describe how to obtain and setup your Grid certificate for use with the Grid Portlets. In order to use Grid Portlets, we require that you obtain a Grid certificate from one of our accepted Grid certificate authorities.
If you do not already have a Grid cerftifcate, your instituion should provide command line tools or an application for obtaining a Grid certificate. For example, if Globus command line tools are available on your client, then you should be able to run the grid-cert-request program to request a certificate from a certificate authority.
In a unix shell, you would type the following commands:
# grid-cert-request -cn '<FIRSTNAME> <SURNAME>'
This tool asks for a passphrase securing the private key. It creates a directory named ".globus" in your home directory containing the following files:
usercert.pem usercert_request.pem userkey.pem
You would then send the file named "usercert_request.pem" to your site adminisitrator or to directly to the certificate authority, depening on how your institution has configured Globus. If the request is accepted, you will receive an email containing the certificate in a file called "usercert.pem". DO NOT LOSE THIS FILE!. Move the file to your ~/.globus directory.
# mv usercert.pem ~/.globus/
Next test to see that you can create a proxy with your Grid cerftificate. Proxies contain your credentials, which, in addition to containing your Grid certificate, include information for authorizing the use of your certificate.
In a unix shell, you would type the following command:
# grid-proxy-init
After you have obtained a Grid certificate, you must then delegate a credential to our MyProxy server at myproxy.gridlab.org using the MyProxy client program. MyProxy is an online repository for delegated credentials and Grid Portlets uses it to obtain credentials in steps 4 and 5 below so that it can sign users onto remote computing resources. The MyProxy client program is installed on peyote.aei.mpg.de and is easy to use.
In a unix shell, you would type a command similar to this:
# myproxy-init -s myproxy.gridlab.org
A typical MyProxy dialog looks like this:
Your identity: /O=Grid/O=GridLab/CN=Michael Russell
Enter GRID pass phrase for this identity:
Creating proxy ........................................ Done
Proxy Verify OK
Your proxy is valid until: Thu Jul 15 11:52:18 2004
Enter MyProxy pass phrase:
Verifying password - Enter MyProxy pass phrase:
A proxy valid for 168 hours (7.0 days) for user russell now exists on myproxy.gridlab.org.
Your GRID pass phrase is the pass phrase you used to generate a private key
for your Grid certificate. The MyProxy pass phrase is the password you would
like to use for delegating proxies to Grid Portlets. Use a password that is easy to type
and easy to remember. You will use this password in steps 4 and 5 below. Note that the
credential that is delegated to MyProxy has a lifetime of 7 days. This means you
must repeat this step every 7 days! Alternatively, you can specify a longer lifetime.
Type myproxy-init -help for more information on how to use MyProxy.
Now that you have delegated a credential to MyProxy, you can delegate a credential from MyProxy to Grid Portlets for use on the Grid.
Login to Grid Portlets if you haven't already. If you have not added the "Grid Portlets" group to your user profile, please do so with the Profile Manager when you first logon. Then go to the Credential Retrieval Portlet located under the Grid tab. Click on and specify the credential you delegated to MyProxy in step 3.
The information you specify depends on what options you used with the MyProxy client program:
- Credential Label - The label to display in Grid Portlets for this credential. For example, if you had used a certificate signed by the GridLab Certificate Authority, you could enter "GridLab Certificate" here.
- User Name - Maps to the
-l optioninmyproxy-init. If you did not specify this option, then it will the same as the name of the account under which you ran the MyProxy client program. - Credential Name - This is an optional field so it can be left blank. It maps to the
-n optioninmyproxy-init. - Pass Phrase - This should be the same as the
MyProxy pass phraseyou provided tomyproxy-init. - Single Sign-On - Leave this option checked so that you can login to Grid Portlets with the pass phrase you enter here in step 5.
Once you've successfully delegated your credential to Grid Portlets, Grid Portlets will keep a record of this credential for future use. You will notice that the credential that is delegated to Grid Portlets has a shorter lifetime than the credential delegated to MyProxy. This is for security reasons. If this credential expires while you are still logged in to Grid Portlets, you can simply return to the Credential Retrieval Portlet, enter your MyProxy pass phrase into the Pass Phrase field and click . This will delegate a new credential to Grid Portlets.
If you completed step 4 successfully, you are already signed onto the Grid for as long as your credential's lifetime. When you next logon to Grid Portlets, simply enter your Portal username and use the pass phrase you used to delegate a credential to MyProxy. This will simultaneously log you in to Grid Portlets and delegate a new credential to the portal. This process is called "single sign-on". You are now ready to use the Grid!
You can see the resources that have been made accessible to the portal with the Resource Browser Portlet. Here you can view available computing resoruces and see what services, software and accounts are available on those resources.
The Job Submission Portlet enables you to submit and monitor jobs to remote computing resources. The Job Submission Portlet allows you to see job history, submit jobs and receive notification when jobs complete.
The File Browser Portlet enables you to browse for files on remote file systems. In addition to support for basic file commands (list files, rename file, create directory, etc.), the file browser portlet can be used to upload and dowload files to and from remote computing resources.
