Home -> Toolkit -> Docs -> 2.2 -> Mds

MDS 2.2 Installation and Configuration

Installation and configuration of the MDS 2.2 release requires the following basic steps:

1. Install MDS as directed by the Globus Toolkit 2.2 Installation Instructions.
2. Obtain required certificate(s).
3. Start MDS.
4. Send a test query to GRIS and GIIS.
5. Set up and test MDS for authenticated access.

These steps are described in detail in the following paragraphs.

1. Install MDS as directed by the Globus Toolkit 2.2 Installation Instructions.

MDS 2.2 is included with the Globus Toolkit 2.2 release. Therefore, MDS should be installed as described in the Globus Toolkit 2.4 Installation Instructions. These instructions describe how to get and install the Globus Toolkit 2.2 release.

2. Obtain required certificate(s).

For authenticated access to MDS, each user needs a user certificate and corresponding key, and the server requires an LDAP service certificate and corresponding key.  See Step 5 below regarding authenticated access.

As described in the Globus Toolkit 2.4 Installation Instructions, you obtain a user certificate with the grid-cert-request command.

To obtain the LDAP service certificate required by MDS, you also use the grid-cert-request command, as described in the MDS 2.2 User’s Guide.

Only anonymous bind works without the service certificate. You can install the certificate later, restart the service, and then test with authentication.

The LDAP service certificate is located by MDS based on the GSI installation and configuration.

The service certificate and key are set by default in $GLOBUS_LOCATION/etc/grid-info-server-env.conf to $GLOBUS_LOCATION/etc/grid-security/ldap/ldapcert.pem and ldapkey.pem.  These files should have permissions 600 and should be owned by the user account running MDS. If MDS cannot read these files for some reason, it will try instead $GLOBUS_LOCATION/etc/ldap/ldapcert.pem and ldapkey.pem.

3. Start MDS.

When you are logged in as the user account that will run MDS, start MDS 2.2 with the following command:

$GLOBUS_LOCATION/sbin/globus-mds  start

This command calls the grid-info-slapd script, which calls grid-info-server-env.conf.  As mentioned above, that configuration file sets up the MDS environment variables such as those for the service certificate and key. This grid-info-slapd script then calls the slapd server, which reads the grid-info-slapd.conf file and determines all the other configuration files to read.  Refer to MDS 2.2 Configuration Files for more details.

The globus-mds start command does not require the GLOBUS_LOCATION environment variable if you put the full path in as shown above.

Note that for compatibility with MDS 2.1, the SXXgris start command continues to work in MDS 2.2.

4. Send a test query to GRIS and GIIS.

Send a test query to the GRIS on a local host, with the following command:

$GLOBUS_LOCATION/bin/grid-info-search -anonymous

5. Set up and test MDS for authenticated access.

To be able to perform authenticated queries, you need to set up MDS as follows:

• Set the environment.
  
  Set GLOBUS_LOCATION to the location of your Toolkit installation.  Then source your environment corresponding to the type of shell you are using.
   

• Obtain necessary certificates.
  
  You need a user certificate and the server requires an LDAP service certificate.  You obtain these certificates with the grid-cert-request command.  See Step 2 above.
   

• Obtain a proxy for authenticated access.
  
  You obtain a proxy with the grid-proxy-init command.
   

• Start MDS and verify authenticated access.
  
  Start MDS as described in Step 3 above, then enter the following security-enabled query to output the details of all objects on the GRIS:
  
  grid-info-search -b "mds-vo-name=local, o=grid"

Refer to the MDS 2.2 User’s Guide (the MDS Security Setup Procedures section of Chapter 5, MDS Security Configuration) for more details on the above procedures.