Software Links
Getting Started
- Doc Structure
- A Globus Primer
- Globus Is Modular!
- Quickstart
- Installing GT
- Platform Notes
- GT Developer's Guide
- GT User's Guide (coming soon)
- Migrating from GT2
- Migrating from GT3
Reference
- Best Practices
- Coding Guidelines
- API docs
- Public Interfaces (coming soon)
- Resource Properties
- Samples
- Glossary
- Performance Studies (coming soon)
Manuals
Common Runtime
Security
- Non-WS (General) Security
- WS Java Security
- Message-level
- Authz Framework
- CAS
- Delegation Service
- MyProxy
- GSI-OpenSSH
- SimpleCA
- SGAS
Data Mgt
MDS4
Execution Mgt
Table of Contents
Table B.1. Globus standard environment variables
| Name | Value | Description | Comments |
| GLOBUS_LOCATION | <path> | The <path> is the root location of the Java WS Core installation. Must be an absolute path. | Required |
| GLOBUS_TCP_PORT_RANGE | <min,max> | The <min,max> is the minimum and maximum port range for TCP server sockets (useful for systems behind firewalls). For example, if set, the notification sink on the client will be started within that port range. | Optional |
| GLOBUS_TCP_SOURCE_PORT_RANGE | <min,max> | The <min,max> is the minimum and maximum port range for TCP outgoing sockets (useful for systems behind firewalls). | Optional |
| GLOBUS_UDP_SOURCE_PORT_RANGE | <min,max> | The <min,max> is the minimum and maximum port range for UDP outgoing sockets (useful for systems behind firewalls). | Optional |
| GLOBUS_HOSTNAME | <host> | The <host> is either a hostname or ip address. The host ip address under which the container and services will be exposed. | Optional |
Table B.2. Launch script specific environment variables
| Name | Value | Description | Comments |
| GLOBUS_OPTIONS | <arguments> | The <arguments> are arbitrary arguments that can be passed to the JVM. See below for a detailed list of supported options. | Optional |
| JAVA_HOME | <path> | The <path> is the root location of the JVM installation. If set, the JVM from that installation will be used. Otherwise, the first one found in path will be used. | Optional |
| CLASSPATH | <classpath> | This environment property is ignored by launch scripts. | Ignored |
Table B.3. Options supported by the GLOBUS_OPTIONS environment
property
| Name | Value | Description |
| -Dorg.globus.wsrf.proxy.port | int | This property specifies the port number of the proxy server. The proxy server must run
on the same machine as the container. This setting will cause the service address to have the
port of the proxy instead of the container (only applies to code that uses the
ServiceHost or
AddressingUtils API. |
| -Dorg.globus.wsrf.container.server.id | string | This property specifies the server id. The server id is used to uniquely identify each
container instance. For example, each container gets its own persistent directory based on the
server id. By default the standalone container will store the persistent resources under the
~/.globus/persisted/<ip>-<containerPort>
directory. While in Tomcat the
~/.globus/persisted/<ip>-<webApplicationName>
directory will be used instead. This property overwrites the default server id and therefore
indirectly controls which storage directory is used by the container. If set, the container
will store the persisted resources under
~/.globus/persisted/<server.id>/ instead.
Note, that if somehow multiple containers running as the same user on the same machine end up
with the same server id / persistent directory they might overwrite each other's persistent
data. |
| -Dorg.globus.wsrf.container.persistence.dir | directory | This property specifies the base directory that will be used for storing the persistent
resources. This property overwrites the default
(~/.globus/persisted/) base directory assumed by the
container. |
Any JVM options can also be passed using the GLOBUS_OPTIONS
environment property.
The vast majority of the environment variables that effect the Globus XIO framework are defined by the driver in use. The following are links to descriptions of the more common driver environment variables:
- http://www.globus.org/api/c-globus-4.1.3/globus_xio/html/group__tcp__driver__envs.html
- http://www.globus.org/api/c-globus-4.1.3/globus_xio/html/group__file__driver__envs.html
- http://www.globus.org/api/c-globus-4.1.3/globus_xio/html/group__gsi__driver__envs.html
- http://www.globus.org/api/c-globus-4.1.3/globus_xio/html/group__udp__driver__envs.html
Table B.4. Environment variables
| MYPROXY_SERVER | Specifies the hostname where the myproxy-server is running.
This environment variable can be used in place of the -s option. |
| MYPROXY_SERVER_PORT | Specifies the port where the myproxy-server is running. This
environment variable can be used in place of the -p option. |
| MYPROXY_SERVER_DN | Specifies the distinguished name (DN) of the myproxy-server. All MyProxy client programs authenticate the server's identity. By default, MyProxy servers run with host credentials, so the MyProxy client programs expect the server to have a distinguished name of the form "host/<fqhn>" or "myproxy/<fqhn>" (where <fqhn> is the fully-qualified hostname of the server). If the server is running with some other DN, you can set this environment variable to tell the MyProxy clients to accept the alternative DN. |
| X509_USER_CERT | Specifies a non-standard location for the certificate from which
the proxy credential is created by myproxy-init.
It also specifies an alternative location for the server's certificate.
By default, the server uses /etc/grid-security/hostcert.pem when
running as root or ~/.globus/usercert.pem when running as non-root. |
| X509_USER_KEY | Specifies a non-standard location for the private key from which
the proxy credential is created by myproxy-init.
It also specifies an alternative location for the server's private key.
By default the server uses /etc/grid-security/hostkey.pem when
running as root or ~/.globus/userkey.pem when running as non-root. |
| X509_USER_PROXY | Specifies an alternative location for the server's certificate
and private key (in the same file). Use when running the server
with a proxy credential. Note that the proxy will need to be
periodically renewed before expiration to allow the myproxy-server to
keep functioning. When the myproxy-server runs with
a non-host credential, clients must have the MYPROXY_SERVER_DN
environment variable set to the distinguished name of the certificate
being used by the server. |
| GLOBUS_LOCATION | Specifies the root of the MyProxy installation, used to find the
default location of the myproxy-server.config file
and the credential storage directory. |
| LD_LIBRARY_PATH | The MyProxy server is typically linked dynamically with Globus
security libraries, which must be present in the dynamic
linker's search path. This typically requires $GLOBUS_LOCATION/lib to
be included in the list in the LD_LIBRARY_PATH environment
variable, which is set by the $GLOBUS_LOCATION/libexec/globus-script-initializer script,
which should be called from any myproxy-server startup script.
Alternatively, to set LD_LIBRARY_PATH appropriately
for the Globus libraries in an interactive shell, source $GLOBUS_LOCATION/etc/globus-user-env.sh (for sh shells) or $GLOBUS_LOCATION/etc/globus-user.env.csh (for csh shells). |
| GT_PROXY_MODE |
Set to "old" to use the "legacy globus proxy" format.
By default, MyProxy uses the RFC 3820 compliant proxy
(also known as "proxy draft compliant") format.
If GT_PROXY_MODE is set to "old", then
myproxy-init will store a legacy proxy and
myproxy-logon will retrieve a legacy proxy (if
possible). Note that if the repository contains a proxy
certificate, rather than an end-entity certificate, the
retrieved proxy will be of the same type as the stored
proxy, regardless of the setting of this environment
variable. |
The GSI-enabled OpenSSHD needs to be able to find certain files and directories in order to properly function.
The items that OpenSSHD needs to be able to locate, their default location and the environment variable to override the default location are:
Host key
Default location: /etc/grid-security/hostkey.pem
Override with X509_USER_KEY environment variable
Default location: /etc/grid-security/hostcert.pem
Override with X509_USER_CERT environment variable
Default location: /etc/grid-security/grid-mapfile
Override with GRIDMAP environment variable
Certificate directory
Default location: /etc/grid-security/certificates
Override with X509_CERT_DIR environment variable
All CAS client programs use the following environment variables to determine the appropriate URL to connect to and server identity to expect. In all cases, the command line options takes precedence over the environment variables.
The URL is determined using this algorithm:
- If the
-ccommand line option was specified, the URL specified with that option is used. - Otherwise, the
CAS_SERVER_URLenvironment variable must be set, and its value is used.
- If the
The server identity (i.e. the expected subject name of the CAS server certificate) is determined as follows:
- If the
-scommand line option was specified, the value specified with that option is used as the identity - Otherwise, if the
CAS_SERVER_IDENTITYenvironment variable is set, the value of that variable is used as the expected server identity. Ensure that the value is enclosed within double quotes if there are spaces in the DN. The double quotes are required by the CAS scripts when they are run from a Windows shell, although the shell does not require it even if the value has spaces. - If neither is set, host authorization is done and the expected server credential is
cas/<fqdn>, where <fqdn> is the fully qualified domain name of the host on which the CAS service is up.
- If the
The only environment variable that needs to be set for RFT is GLOBUS_LOCATION, in order to run the command line clients, which should be set to the location of the globus installation.