![[Note]](/docbook-images/note.gif) | Note |
|---|---|
The clients (myproxy-logon, etc) do NOT send any data. It is only the servers that send the usage statistics. |
See also:
You should choose a well-protected host to run the myproxy-server on. Consult with security-aware personnel at your site. You want a host that is secured to the level of a Kerberos KDC, that has limited user access, runs limited services, and is well monitored and maintained in terms of security patches.
Install the MyProxy distribution on the host where you want to run the myproxy-server (instructions here). You way want to install MyProxy in its own $GLOBUS_LOCATION for the myproxy-server service to keep it separate from any other GPT software on the system.
The MyProxy server requires a secure filesystem on which to store credentials. By default, it tries to use /var/myproxy and if that fails, it uses $GLOBUS_LOCATION/var/myproxy. If $GLOBUS_LOCATION/var/myproxy is not on a secure filesystem, make sure /var/myproxy is accessible by the myproxy-server.
For a typical myproxy-server installation, the host on which the myproxy-server is running must have /etc/grid-security created and a host certificate installed. In this case, the myproxy-server will run as root so it can access the host certificate and key. (See this page for details on running the myproxy-server using a non-host certificate.) You should have been prompted during the Globus Toolkit installation to run the setup-gsi script, which will create the /etc/grid-security directory. To install a host certificate, either follow the instructions for your site's certificate authority or follow the instructions here to obtain a host certificate using Globus Toolkit software. Refer to this page for more information about the Grid Security Infrastructure.
In MyProxy version 4.0 and later, the myproxy-server can be
configured automatically by the
myproxy-server-setup command as demonstrated by
the following example.
root# myproxy-server-setup Wrote a default myproxy-server configuration to /etc/myproxy-server.config. Installed /etc/init.d/myproxy. Starting up MyProxy server... done. Running myproxy-server tests... Success!
The following manual configuration steps are required
only if myproxy-server-setup is not used or a custom
configuration is needed.
If myproxy-server-setup completes successfully,
it is not necessary to manually start your myproxy-server,
because myproxy-server-setup starts it for you.
If your /etc/myproxy-server.config file is not already in place, modify the myproxy-server.config template provided at $GLOBUS_LOCATION/share/myproxy/myproxy-server.config and copy it to /etc/myproxy-server.config (if you have root access) or $GLOBUS_LOCATION//etc/myproxy-server.config (if you don't have root access). If you skip this step, your myproxy-server will not start. To enable all myproxy-server features, uncomment to provided sample policy at the top of the myproxy-server.config config file, as follows:
MyProxy servers are configured by default to send usage metrics information to the default/configured collector hosts, per this policy statement on the collection of usage statistics. This information will help us as well as funding agencies such as the NSF (National Science Foundation) to gauge the usage of the MyProxy server, identify areas of potential improvement that justify funding. The following MyProxy-specific usage statistics are sent by the MyProxy server to the default/configured collector host(s) in a UDP packet at the end of each task, in addition to the standard header information described in the Usage Stats section. You can choose to report only a subset of these elements by specifying the corresponding tags (specified in parentheses below) in your configuration, as explained later.
Additionally, a site could choose to report the following data to a local collector. These data are NOT reported by default due to the private nature of these data elements.
| Note |
|---|---|
The clients (myproxy-logon, etc) do NOT send any data. It is only the servers that send the usage statistics. |
We have made a concerted effort to collect only data that is not too intrusive
or private and yet still provides us with information that will help us as well as funding
agencies such as the NSF (National Science Foundation) to gauge the usage of the MyProxy server, identify areas of potential improvement that justify funding. Nevertheless, if you wish to disable
this feature for MyProxy only, set the disable-usage-stats option in the configuration file to "true", "enabled", "yes", "on" or "1". Note that you
can disable transmission of usage statistics globally for all C components by setting
"GLOBUS_USAGE_OPTOUT=1" in your environment.
If you wish to specify the collector host(s) that should receive the metrics, you can do so by using the usage_stats_target configiration setting in myproxy-server.config. The format for the specification is host:port[!tags][,host:port[!tags]]... where tags is a set of tags each corresponding to the information element described above that should be reported to the specified host. If no tags are specified or the special string "default" is specified, then the tags VvtrlLB are assumed. The special string "all" denotes all tags.
If your myproxy-server is not already running, you can run it directly from your shell to verify your installation and configuration. If using a host certificate, you will need to run the myproxy-server as root. First, make sure your Globus environment is setup in your shell. Set the GLOBUS_LOCATION environment variable to the location of your MyProxy installation. Then, depending on your shell, run one of the following commands.
For csh shells:
For sh shells:
Then, run $GLOBUS_LOCATION/sbin/myproxy-server -d. The -d argument runs the myproxy-server in debug mode. It will write debugging messages to the terminal and exit after servicing a single request. You'll need to start it once for each test request. In another shell, you can run the MyProxy client programs to test the server. Refer to the User's Guide for examples.
If run without the -d argument, the myproxy-server program will start up and background itself. It accepts connections on TCP port 7512, forking off a separate child to handle each incoming connection. It logs information via the syslog service under the daemon facility.
A sample SysV-style boot script for MyProxy is installed at $GLOBUS_LOCATION/share/myproxy/etc.init.d.myproxy. To install on Linux, copy the file to /etc/rc.d/init.d/myproxy and run chkconfig --add myproxy. You will need to edit the file to set the GLOBUS_LOCATION environment variable correctly.
Alternatively, to run the myproxy server out of inetd or xinetd, you need to do the following as root:
In addition, an example cron script is provided in $GLOBUS_LOCATION/share/myproxy/myproxy.cron for removing expired/revoked credentials from the repository. You will need to edit the file to set the GLOBUS_LOCATION environment variable correctly before installing in (for example) /etc/cron.hourly.