/
Globus Non-POSIX Installation

Globus Non-POSIX Installation

Owned by UKY CCS RCD
Jun 21, 2024
5 min read

This guide details the process of setting up a Globus Connect Server node to connect non-POSIX storage systems to Globus.

Prerequisites

Globus Endpoint Creation

Run the following commands to install the Globus Connect Server software and create an endpoint.

Rocky 8

# Install Globus Connect Server sudo dnf install https://dl.fedoraproject.org/pub/epel/epel-release-latest-8.noarch.rpm sudo dnf install https://downloads.globus.org/globus-connect-server/stable/installers/repo/rpm/globus-repo-latest.noarch.rpm sudo dnf module disable mod_auth_openidc sudo dnf install 'dnf-command(config-manager)' sudo dnf install globus-connect-server54

Rocky 9

sudo dnf install https://dl.fedoraproject.org/pub/epel/epel-release-latest-9.noarch.rpm sudo dnf install https://downloads.globus.org/globus-connect-server/stable/installers/repo/rpm/globus-repo-latest.noarch.rpm sudo dnf install 'dnf-command(config-manager)' sudo dnf install globus-connect-server54

After Install

# Configure firewall for necesary ports only firewall-cmd --permanent --add-port=443/tcp firewall-cmd --permanent --add-port=50000-51000/tcp firewall-cmd --reload # Create a new endpoint and login to Globus to begin configuring globus-connect-server endpoint setup --organization "University of XXXXXX" \ --owner "abc123@your-institution.edu" --contact-email "abc123@your-institution.edu" \ your-endpoint globus-connect-server node setup globus-connect-server login localhost

Google Drive/OneDrive

  1. Go to Google Developer Console and create a new project.

The project MUST be associated with your organization; make sure you are using a Gmail associated with you institution to set this backend up.

  1. Go to “Enable API & Services“. Search for and Enable the following APIs.

    1. Cloud Storage

    2. Google Cloud Storage JSON API

    3. Cloud Resource Manager API

    4. Google Drive API

  1. Go to “OAuth consent screen” to begin configuring the Google OAuth Consent Screen that will be shown to users when they access the Globus Google Drive endpoint.

    1. App name: Globus Connect Server

    2. Set “globus.org“ as App domain

    3. Add “globus.org“ and your institution’s domain to “authorized domains”

    4. Add emails for User support and Developer contact.

  2. On “Scopes” page, select “Add or Remove Scopes“ and past the following into the “Manually add scopes“ box to allow the app to use Google Drive API.

https://www.googleapis.com/auth/drive.appdata https://www.googleapis.com/auth/drive

  1. Go to “Credentials“ and select “Create Credentials > OAuth Client ID”

    1. On the following screen, specify “Web application“ and set the authorized redirect URL to the Google auth callback URL created when the endpoint is first setup: https://<unique-ID>.data.globus.org/api/v1/authcallback_google

    2. For this node, this is https://16b16.03c0.data.globus.org/api/v1/authcallback_google. For another node, you can find the domain name for this URL by runningglobus-connect-server endpoint show on the endpoint node.

  1. Back at the node, provide the generated client ID and secret when creating a storage gateway with a GoogleDrive connector.

    globus-connect-server storage-gateway create google-drive "UK Google Drive" \ --google-client-id ${CLIENT_ID} --google-client-secret ${CLIENT_SECRET} \ --allowed-domains your-institution.edu \ --identity-mapping file:identity-mapping.json \ --restrict-paths file:path-restrictions.json # This command should print out a UUID number globus-connect-server collection create <UUID#> "/" "Your Institution's Google Drive Collection"

 

OneDrive Configuration

  1. Go to Microsoft Azure app registration and select “New Registration“

  2. Set the following for the app

    1. Name: Globus Connect Server

    2. Select “Account in this organizational directory only (Single Tenant)“

    3. Select “Web” and use https://16b16.03c0.data.globus.org/api/v1/authcallback for the Redirect URI

  3. Select “API Permission”, then “+ Add a permission”. Select “Graph Permission > Delegated permissions“ then add the following permissions

    1. OpenId permissions: check email, offline_access, openid, profile.

    2. Files: check Files.ReadWrite.All.

    3. User: check User.Read.

    4. Sites: check Sites.ReadWrite.All.

       

       

  1. Select “Certificates & secrets”, then “+ New client secret“ to generate keys for Globus to operate with this auth app.

    1. Add a description and set the expiration to 12 months

Make sure to copy the secret value in the Value column before leaving the page for the next step. If you navigate away from this page; you will no longer we able to copy it and have to re-create the secret.

  1. Select “Overview“ and note both the “Application (client) ID“ and the “Directory (tenant) ID” value as well.

  2. Back at the node, provide the generated IDs and secret when creating a storage gateway with a OneDrive connector.

    1. The identity map file and path restrict file used for configuration are located in sharepoint-endpoint directory.

      globus-connect-server storage-gateway create onedrive "UK OneDrive" \ --domain uky.edu \ --ms-client-id ${CLIENT_ID} --ms-client-secret ${MS_SECRET} --ms-tenant ${DIRECTORY_ID}\ --identity-mapping file:identity-mapping.json \ --restrict-paths file:path-restrictions.json # This command should print out a UUID number globus-connect-server collection create <UUID#> '/' "Your Institution's OneDrive Collection"

 

Related content

Center for Computational Sciences