Globus Posix Installation
- UKY CCS RCD
Analytics
This guide covers installing Globus Connect Server on a Linux system in order to make files on it accessible via Globus.
Install
Run the following commands to install the software.
Rocky 8
# Install Globus Connect Server
sudo dnf install https://dl.fedoraproject.org/pub/epel/epel-release-latest-8.noarch.rpm
sudo dnf install https://downloads.globus.org/globus-connect-server/stable/installers/repo/rpm/globus-repo-latest.noarch.rpm
sudo dnf module disable mod_auth_openidc
sudo dnf install 'dnf-command(config-manager)'
sudo dnf install globus-connect-server54Rocky 9
sudo dnf install https://dl.fedoraproject.org/pub/epel/epel-release-latest-9.noarch.rpm
sudo dnf install https://downloads.globus.org/globus-connect-server/stable/installers/repo/rpm/globus-repo-latest.noarch.rpm
sudo dnf install 'dnf-command(config-manager)'
sudo dnf install globus-connect-server54Endpoint & Collection Setup
These steps will create the endpoint and ultimately expose the files you wish to be transferable via Globus as a collection. See Globus V5 Terminology for a more thorough explanation of each of the components used in these steps.
Configure the firewall to open only the ports that are needed by Globus.
firewall-cmd --permanent --add-port=443/tcp firewall-cmd --permanent --add-port=50000-51000/tcp firewall-cmd --reloadCreate a new endpoint and login to Globus with your institution's sign-on method to begin configuring it.
globus-connect-server endpoint setup --organization "University of XXXXXX" \ --owner "abc123@your-institution.edu" --contact-email "abc123@your-institution.edu" \ your-endpoint globus-connect-server node setup globus-connect-server login localhostCreate a Storage Gateway for the local file system.
globus-connect-server storage-gateway create posix "POSIX gateway" \ --domain "your-institution.edu" \ --user-deny root --identity-mapping file:identity-mapping.json \ --restrict-paths file:path-restrictions.jsonThe
--domainflag specifies that only identities from that domain can access the storage system; use multiple--domainflags if you need more than one domain to access the file system.--domain "your-instituion.edu" --domain "uky.edu" ...The
identity-mapping.jsonfile (if using the default method) should map an attribute of an an identity (usually the username) to a local user account, like the following.{ "DATA_TYPE": "expression_identity_mapping#1.0.0", "mappings": [ { "source": "{username}", "match": "abc123@your-institution\\.edu", "output": "abc123" }, ... }The
path-restrictions.jsonshould define additional restrictions on certain paths that can be accessed via Globus, like the following.{ "DATA_TYPE": "path_restrictions#1.0.0", "none": ["/"], "read-write": ["$HOME", "/path/to/scratch-data/", "/path/to/project-data/", ... ], "read": ["/shared/example-scripts/", ...] }
For a POSIX gateway, the file permission of the local user accounts are still respected. However, it’s still a good idea to explicitly restrict access to certain paths.
Create a collection to expose the files you wish to access via Globus.
For this collection, the path you specify will act as the root of the collection.
globus-connect-server collection create <Storage Gateway UUID#> /path/to/files/ "POSIX xfs files" \ --department "Your department" \ --organization "Your Institution" \ --contact-email "abc123@your-institution.edu"
After this, you should be able to login into Globus, search for the name of the collection in “File Manager“, and access the collection by authenticating with your institution via CILogin.
Related content
Center for Computational Sciences