Base Components

ESG Apache Manager Module

Module for installing Apache and mod_wsgi. Also contains Apache process management functions

esg_apache_manager.check_apache_status()

Check httpd status

esg_apache_manager.check_for_apache_installation()

Check for existing httpd installation

esg_apache_manager.copy_apache_conf_files()

Copy custom apache conf files

esg_apache_manager.install_apache_httpd()

Install apache from yum

esg_apache_manager.install_mod_wsgi()

Have to ensure python is install properly with the shared library for mod_wsgi installation to work

esg_apache_manager.make_python_eggs_dir()

Create Python egg directories

esg_apache_manager.restart_apache()

Restart httpd server

esg_apache_manager.run_apache_config_test()

Run httpd config test

esg_apache_manager.start_apache()

Start httpd server

esg_apache_manager.stop_apache()

Stop httpd server

ESG Postgres Module

esg_postgres.backup_db(db_name, schema=None, backup_dir='/etc/esgf_db_backup')

Backup database to directory specified by backup_dir

esg_postgres.build_connection_string(user, db_name=None, host=None, password=None)

Creates the db connection string using the params as options

esg_postgres.check_existing_pg_version(psql_path)

Gets the version number if a previous Postgres installation is detected

esg_postgres.connect_to_db(user, db_name=None, host='/tmp', password=None)

Connect to database

esg_postgres.create_database(database_name, cursor=None)

Create database in postgres

esg_postgres.create_pg_pass_file()

Creates the file to store login passwords for psql

esg_postgres.create_pg_publisher_user(cursor, db_user_password)

Creates postgres user for the ESGF Publisher (esgcet by default)

esg_postgres.create_pg_super_user(psycopg2_cursor, db_user_password)

Create postgres super user

esg_postgres.initialize_postgres()

Sets up postgres data directory

esg_postgres.list_roles(conn=None, user_name='postgres', db_name='postgres')

List all roles

esg_postgres.list_tables(conn=None, user_name='postgres', db_name='postgres')

List all tables in current database

esg_postgres.list_users(conn=None, user_name='postgres', db_name='postgres')

List all users in database

esg_postgres.log_postgres_properties()

Write postgres properties to /esg/config/esgf.properties

esg_postgres.main()

Main function

esg_postgres.postgres_clean_schema_migration(repository_id)

Removes entries from the esgf_migrate_version table if any exist where repository_id matches an SQL LIKE to the first argument

The SQL LIKE strings are generally defined in “src/python/esgf/<reponame>/schema_migration/migrate.cfg” in each relevant repository.

esg_postgres.postgres_list_db_schemas(conn=None, user_name='postgres', db_name='postgres', password=None)

This prints a list of all schemas known to postgres.

esg_postgres.postgres_list_dbs(conn=None, user_name='postgres', db_name='postgres')

This prints a list of all databases known to postgres.

esg_postgres.postgres_list_schemas_tables(conn=None, user_name='postgres', db_name='postgres')

List all Postgres tables in all schemas, in the schemaname.tablename format, in the ESGF database

esg_postgres.postgres_status()

Checks the status of the postgres server

esg_postgres.restart_postgres()

Restarts the postgres server

esg_postgres.setup_hba_conf_file()

Copy the static pg_hba.conf file to proper location

esg_postgres.setup_postgres(default_continue_install='N')

Installs postgres

esg_postgres.setup_postgres_conf_file()

Copies postgres.conf file to proper location

esg_postgres.start_postgres()

Start db

esg_postgres.stop_postgres()

Stops the postgres server

esg_postgres.write_postgress_env()

Write postgres environment properties to /etc/esg.env

esg_postgres.write_postgress_install_log()

Write postgres version to install manifest

ESG Setup Module

esg_setup.check_if_root()

Check to see if the user has root privileges

esg_setup.check_os()

Check if the operating system on server is Redhat or CentOS

esg_setup.check_prerequisites()

A check for what is expected to be on the system a-priori that we are not going to install or be responsible for.

esg_setup.create_esg_directories()

Create directories to hold ESGF scripts, config files, and logs

esg_setup.exit_on_false(assertion, err_msg)

Exit if the assertion fails

ESG Tomcat Module

Tomcat Management Functions

esg_tomcat_manager.check_tomcat_status()

Check status of tomcat server

esg_tomcat_manager.check_tomcat_version()

Check installed tomcat version

esg_tomcat_manager.configure_tomcat()

Configure tomcat for ESGF Node Manager

esg_tomcat_manager.copy_config_files()

copy custom configuration context.xml: increases the Tomcat cache to avoid flood of warning messages

esg_tomcat_manager.copy_credential_files(tomcat_install_config_dir)

Copy Tomcat config files

esg_tomcat_manager.create_tomcat_group()

Creates Tomcat Unix group

esg_tomcat_manager.create_tomcat_user()

Create the Tomcat system user and user group

esg_tomcat_manager.download_tomcat()

Download tomcat from distribution mirror

esg_tomcat_manager.extract_tomcat_tarball(dest_dir='/usr/local')

Extract tomcat tarball that was downloaded from the distribution mirror

esg_tomcat_manager.main()

Main function

esg_tomcat_manager.migrate_tomcat_credentials_to_esgf()

Move selected config files into esgf tomcat’s config dir (certificate et al) Ex: /esg/config/tomcat -rw-r–r– 1 tomcat tomcat 181779 Apr 22 19:44 esg-truststore.ts -r——– 1 tomcat tomcat 887 Apr 22 19:32 hostkey.pem -rw-r–r– 1 tomcat tomcat 1276 Apr 22 19:32 keystore-tomcat -rw-r–r– 1 tomcat tomcat 590 Apr 22 19:32 pcmdi11.llnl.gov-esg-node.csr -rw-r–r– 1 tomcat tomcat 733 Apr 22 19:32 pcmdi11.llnl.gov-esg-node.pem -rw-r–r– 1 tomcat tomcat 295 Apr 22 19:42 tomcat-users.xml Only called when migration conditions are present.

esg_tomcat_manager.remove_default_error_page()

Removes the default Tomcat error page. From https://www.owasp.org/index.php/Securing_tomcat: The default error page shows a full stacktrace which is a disclosure of sensitive information. Place the following within the web-app tag (after the welcome-file-list tag is fine). The following solution is not ideal as it produces a blank page because Tomcat cannot find the file specified, but without a better solution this, at least, achieves the desired result. A well configured web application will override this default in CATALINA_HOME/webapps/APP_NAME/WEB-INF/web.xml so it won’t cause problems.

esg_tomcat_manager.remove_example_webapps()

remove Tomcat example applications

esg_tomcat_manager.restart_tomcat()

Restart tomcat server

esg_tomcat_manager.run_tomcat_config_test()

Run tomcat config test

esg_tomcat_manager.setup_tomcat_logrotate()

If there is no logrotate file ${tomcat_logrotate_file} then create one default is to cut files after 512M up to 20 times (10G of logs) No file older than year should be kept.

esg_tomcat_manager.start_tomcat()

Start tomcat server

esg_tomcat_manager.stop_tomcat()

Stop tomcat server

esg_tomcat_manager.write_tomcat_env()

Write tomcat environment info to /etc/esg.env

esg_tomcat_manager.write_tomcat_install_log()

Write tomcat version to install manifest

Data Node Components

ESG Publisher Module

ESGCET Package (Publisher) functions

esg_publisher.check_publisher_version()

Check if an existing version of the Publisher is found on the system

esg_publisher.edit_esg_ini(node_short_name='test_node')

Edit placeholder values in the generated esg.ini file

esg_publisher.esgcet_startup_hook()

Prepares the Publisher for startup

esg_publisher.generate_esgsetup_options()

Generate the string that will pass arguments to esgsetup to initialize the database

esg_publisher.main()

Main function

esg_publisher.run_esginitialize()

Run the esginitialize script to initialize the ESG node database.

esg_publisher.run_esgsetup()

generate esg.ini file using esgsetup script; #Makes call to esgsetup - > Setup the ESG publication configuration

esg_publisher.setup_publisher(tag='v3.5.0')

Install ESGF publisher

esg_publisher.write_esgcet_env()

Write Publisher environment properties to /etc/esg.env

esg_publisher.write_esgcet_install_log()

Write the Publisher install properties to the install manifest

ESG ORP Module

Module to install the OpenID Relying Party

orp.backup_orp()

Backup existing ORP installation

orp.backup_orp_properties()

Backup orp properties file

orp.download_orp_war(orp_url)

Download ORP war file from orp_url

orp.extract_orp_war()

Extract orp war file

orp.get_orp_support_libs(dest_dir, esg_dist_url)

Takes the destination directory you wish to have supported libs checked and downloaded to returns the number of files downloaded (in this case max of 2)

0 if there was no update of libs necessary

orp.main()

Main function

orp.orp_startup_hook()

This function is called by esg-node before starting tomcat! This is how we make sure we are always using the proper credentials.

orp.setup_orp()

Install ORP

orp.setup_providers_dropdown()

Do additional setup to configure CEDA-provided ORP with a dropdown list of IDPs

orp.update_common_loader(config_dir)

add /esg/config/ to common.loader in catalina.properties if not already present

orp.update_existing_orp()

Update an existing ORP installation

orp.write_orp_install_log(orp_service_app_home)

Write ORP properties to install manifest and properties file

ESG Thredds Module

thredds.add_tomcat_user()

Add a user to the default Tomcat user database (tomcat-users.xml) for container-managed authentication

thredds.check_thredds_version()

Check the MANIFEST.MF file for the Thredds version

thredds.copy_jar_files(esg_dist_url)

TDS jars necessary to support ESGF security filters some jars are retrieved from the ESGF repository other jars are copied from the unpacked ORP or NM distributions

thredds.copy_public_directory()

HACK ALERT!! For some reason the public directory does not respect thredds’ tds.context.root.path property… So have to manually move over this directory to avert server not starting! -gavin

thredds.copy_xml_files()

Copy Thredds configuration xmls files into proper location on server

thredds.create_password_hash(tomcat_user_password)

Creates a hash for a Tomcat user’s password using Tomcat’s digest.sh script

thredds.download_thredds_war(thredds_url)

Download thredds war file from thredds_url

thredds.esgsetup_thredds()

Configures Thredds with esgsetup

thredds.main()

Main function

thredds.select_idp_peer(esgf_idp_peer=None)

called during setup_tds or directly by –set-idp-peer | –set-admin-peer flags

thredds.setup_thredds()

Install Thredds

thredds.tds_startup_hook()

Prepares thredds to start

thredds.update_mail_admin_address()

Updates mail_admin_address in threddsConfig.xml

thredds.update_tomcat_users_file(tomcat_username, password_hash, tomcat_users_file='/esg/config/tomcat/tomcat-users.xml')

Adds a new user to the tomcat-users.xml file

thredds.verify_thredds_credentials(thredds_ini_file='/esg/config/esgcet/esg.ini', tomcat_users_file='/esg/config/tomcat/tomcat-users.xml')

Verifies that Thredds credentials in /esg/config/esgcet/esg.ini matches /esg/config/tomcat/tomcat-users.xml

thredds.write_tds_env()

Write thredds info to /etc/esg.env

thredds.write_tds_install_log()

Write thredds info to install manifest

ESG Cert Manager

Certificate Management Functions

esg_cert_manager.backup_existing_certs()

Backup existing SSL certs on system

esg_cert_manager.check_cert_expiry(cert_name)

Check if a certificate is valid or has expired

esg_cert_manager.check_certificates()

Check the validity of the ESGF and Globus certificates

esg_cert_manager.check_for_commercial_ca()

Checks if Commerical CA directory has been created; asks user if they would like proceed with Commercial CA installation if directory is found

esg_cert_manager.create_cert_request(pkey, digest='sha256', **name)

source: https://github.com/pyca/pyopenssl/blob/master/examples/certgen.py

esg_cert_manager.create_certificate(req, issuer_cert_key, serial, validity_period, digest='sha256')

Generate a certificate given a certificate request. Arguments: req - Certificate request to use

issuer_cert - The certificate of the issuer issuer_key - The private key of the issuer serial - Serial number for the certificate not_before - Timestamp (relative to now) when the certificate

starts being valid

not_after - Timestamp (relative to now) when the certificate

stops being valid

digest - Digest method to use for signing, default is sha256

Returns: The signed certificate in an X509 object

esg_cert_manager.create_key_pair(key_type, bits=4096)

source: https://github.com/pyca/pyopenssl/blob/master/examples/certgen.py

esg_cert_manager.extract_keystore_dn()

Returns the distinguished name from the Java keystore

esg_cert_manager.extract_openssl_dn(public_cert='/etc/grid-security/hostcert.pem')

Regex’s the output from openssl’s x509 output in “openssl” format: Subject: O=Grid, OU=GlobusTest, OU=simpleCA-pcmdi3.llnl.gov, CN=pcmdi7.llnl.gov and transforms it to our “standard” format /O=Grid/OU=GlobusTest/OU=simpleCA-pcmdi3.llnl.gov/CN=pcmdi7.llnl.gov arg 1 -> the location of the x509 pem file

esg_cert_manager.generate_esgf_csrs(node_type_list)

Generates a CSR to be signed by a ESGF CA

esg_cert_manager.generate_esgf_csrs_ext(node_type)

Generates a CSR to be signed by a ESGF CA

esg_cert_manager.generate_ssl_key_and_csr(private_key='/usr/local/tomcat/hostkey.pem', public_cert_req=None)

Create a SSL keypair and CSR

esg_cert_manager.install_local_certs(node_type_list, firstrun=None)

Installs local certs to /var/lib/globus-connect-server/myproxy-ca and /etc/grid-security

esg_cert_manager.set_commercial_ca_paths()

Set locations of the commercial CA key and cert

ESG Functions

esg-functions: ESGF Node Application Stack Functions description: Installer Functions for the ESGF Node application stack

esg_functions.add_unix_group(group_name)

Add a Unix group

esg_functions.add_unix_user(user_add_options)

Use subprocess to add Unix user

esg_functions.backup(path, backup_dir='/esg/backups', num_of_backups=7)

Given a directory the contents of the directory is backed up as a tar.gz file in path - a filesystem path backup_dir - destination directory for putting backup archive (default esg_backup_dir:-/esg/backups) num_of_backups - the number of backup files you wish to have present in destination directory (default num_backups_to_keep:-7)

esg_functions.bump_git_tag(bump_level='patch', commit_message=None)

Update git tag version

esg_functions.call_binary(binary_name, arguments=None, silent=False, conda_env=None)

Uses plumbum to make a call to a CLI binary. The arguments should be passed as a list of strings

esg_functions.call_subprocess(command_string, command_stdin=None)

Mimics subprocess.call; Need this on CentOS 6 because system Python is 2.6, which doesn’t have subprocess.call()

esg_functions.change_ownership_recursive(directory_path, uid=-1, gid=-1)

Recursively changes ownership on a directory and its subdirectories; Mimics chown -R

esg_functions.change_permissions_recursive(path, mode)

Recursively changes permissions on a directory and its subdirectories; Mimics chmod -R

esg_functions.check_for_update(filename_1, filename_2=None)

Does an md5 check between local and remote resource returns 0 (success) iff there is no match and thus indicating that an update is available. USAGE: checked_for_update [file] http://www.foo.com/file

esg_functions.check_shmmax(min_shmmax=48)

NOTE: This is another RedHat/CentOS specialty thing (sort of) arg1 - min value of shmmax in MB (see: /etc/sysctl.conf)

esg_functions.confirm_password(password_input, password_confirmation)

Helper function to confirm that passwords match. Returns true if passwords match

esg_functions.convert_hash_to_hex(subject_name_hash)

Converts the subject_name_hash from a long to a hex string

esg_functions.create_backup_file(file_name, backup_extension='.bak', date='2018-11-30')

Create a backup of a file using the given backup extension

esg_functions.download_update(local_file, remote_file=None, force_download=False, make_backup_file=False, use_local_files=False)

If an update is available then pull it down… then check the md5 sums again!

Yes, this results in 3 network calls to pull down a file, but it saves total bandwidth and it also allows the updating from the network process to be cronttab-able while parsimonious with resources. It is also very good practice to make sure that code being executed is the RIGHT code!

The 3rd token is the “force” flag value 1|0. 1 = do not check for update, directly go and fetch the file regardless 0 = first check for update availability. (default)

The 4th token is for indicated whether a backup file should be made flag value 1|0. 1 = yes, create a .bak file if the file is already there before fetching new 0 = no, do NOT make a .bak file even if the file is already there, overwrite it

(When using the force flag you MUST specify the first two args!!)

NOTE: Has multiple return values test for (( $? > 1 )) when looking or errors

A return value of 1 only means that the file is up-to-date and there Is no reason to fetch it.

USAGE: checked_get [file] http://www.foo.com/file [<1|0>] [<1|0>]

esg_functions.esgf_node_info()

Print basic info about ESGF installation

esg_functions.extract_tarball(tarball_name, dest_dir='.')

Extract a tarball to the given dest_dir

esg_functions.fetch_remote_file(local_file, remote_file)

Download a remote file from a distribution mirror and write its contents to the local_file

esg_functions.get_dir_owner_and_group(path)

Returns a tuple containing the owner and group of the given directory path

esg_functions.get_esgf_host()

Get the esgf host name from the file; if not in file, return the fully qualified domain name (FQDN)

esg_functions.get_group_id(group_name)

Returns the id of the Unix group

esg_functions.get_group_list()

Returns a list of the Unix groups on the system

esg_functions.get_java_keystore_password()

Gets the keystore_password from the saved ks_secret_file at /esg/config/.esg_keystore_pass

esg_functions.get_md5sum(file_name)

#Utility function, wraps md5sum so it may be used on either mac or #linux machines

esg_functions.get_md5sum_password(password)

Hash a password to get it’s md5 value

esg_functions.get_node_type(config_file='/esg/config/config_type')

Helper method for reading the last state of node type config from config dir file “config_type” Every successful, explicit call to –type|-t gets recorded in the “config_type” file If the configuration type is not explicity set the value is read from this file.

esg_functions.get_parent_directory(directory_path)

Returns the parent directory of directory_path

esg_functions.get_postgres_password()

Gets the Postgres superuser account password from /esg/config/.esg_pg_pass

esg_functions.get_publisher_password()

Gets the publisher database user’s password

esg_functions.get_security_admin_password()

Gets the security_admin_password from the esgf_secret_file

esg_functions.get_tomcat_group_id()

Returns the id of the Tomcat group

esg_functions.get_tomcat_user_id()

Returns the id of the Tomcat user

esg_functions.get_user_id(user_name)

Returns the id of the Unix user

esg_functions.get_user_list()

Returns a list of the Unix users on the system

esg_functions.get_version_from_install_manifest(component, manifest_file='/esg/esgf-install-manifest', section_name='install_manifest')

Get component version info from install manifest

esg_functions.insert_file_at_pattern(target_file, input_file, pattern)

Replace a pattern inside the target file with the contents of the input file

esg_functions.is_in_git_repo(file_name)

This determines if a specified file is in a git repository. This function will resolve symlinks and check for a .git directory in the directory of the actual file as well as its parent to avoid attempting to call git unless absolutely needed, so as to be able to detect some common cases on a system without git actually installed and in the path.

Accepts as an argument the file to be checked

Returns True if the specified file is in a git repository

Returns False otherwise

esg_functions.is_valid_password(password_input)

Check that password_input meets the valid password requirements: an alphanumeric string greater than 6 characters long

esg_functions.main()

Main function

esg_functions.path_unique(path_string='/Users/carlson60/miniconda2/envs/esgf-pub/bin:/Users/carlson60/miniconda2/bin:/usr/local/bin:/usr/bin:/bin:/usr/sbin:/sbin:/opt/X11/bin:/Users/carlson60/miniconda2/bin', path_separator=':')

Prints a unique path string

The first (leftmost) instance of a path entry will be the one that is preserved.

If $1 is specified, it will be taken as the string to deduplicate, otherwise $PATH is used.

If $2 is specified, it will be taken as the path separator, which otherwise defaults to ‘:’

esg_functions.pip_install(pkg, req_file=False)

pip installs a package to the current python environment

esg_functions.pip_install_git(repo, name, tag=None, subdir=None)

Builds a properly formatted string to pip install from a git repo

esg_functions.pip_version(pkg_name)

Get the version of a package installed with pip, return None if not installed

esg_functions.prefix_to_path(path, prepend_value)

Prepends path components to a variable, deduplicates the list, then prints to stdout the export command required to prepend that list to that variable.

Takes as arguments first a variable containing a colon-separated path to prepend to, then a space-separated collection of paths to prepend – these path components MUST NOT contain spaces.

If insufficient arguments are present, a warning message is printed to stderr and nothing is printed to stdout.

Example:

prefix_to_path LD_LIBRARY_PATH /foo/lib /bar/lib

Would result in the entry:

export LD_LIBRARY_PATH=/foo/lib:/bar/lib:$LD_LIBRARY_PATH

NOTE: In the context of system setup this is usually

WHAT YOU WANT; that your libs are found before any user libs are

esg_functions.readlinkf(file_name)

This is a portable implementation of GNU’s “readlink -f” in bash/zsh, following symlinks recursively until they end in a file, and will print the full dereferenced path of the specified file even if the file isn’t a symlink.

Loop detection exists, but only as an abort after passing a maximum length.

esg_functions.replace_string_in_file(file_name, original_string, new_string)

Goes into a file and replaces string

esg_functions.set_java_keystore_password(keystore_password=None)

Saves the password for a Java keystore to /esg/config/.esg_keystore_pass

esg_functions.set_postgres_password(password)

Updates the Postgres superuser account password; gets saved to /esg/config/.esg_pg_pass

esg_functions.set_publisher_password(password=None)

Sets the publisher database user’s password; saves it to pub_secret_file If not password is provided as an argument, a prompt for a password is given.

esg_functions.set_security_admin_password(updated_password, password_file='/esg/config/.esgf_pass')

Updates the esgf_secret_file

esg_functions.setup_whitelist_files(whitelist_file_dir='/esg/config')

Setups up whitelist XML files from the distribution mirror Downloads the XML files and edits the placeholder string with the esgf hostname Formerly called setup_sensible_confs

esg_functions.stream_subprocess_output(command_string)

Print out the stdout of the subprocess in real time

esg_functions.track_extraction_progress(members)

Output of the files being extracted from a tarball

esg_functions.update_fileupload_jar()

quick-fix for removing insecure commons-fileupload jar file

esg_functions.verify_checksum(local_file, remote_file)

Verify md5 checksum of file downloaded from distribution mirror

esg_functions.write_security_lib_install_log()

Write esgf-security library info to install manifest

esg_functions.write_to_install_manifest(component, install_path, version, manifest_file='/esg/esgf-install-manifest')

Write component info to install manifest

ESG Purge

esg_purge.purge_postgres()

Removes postgres installation via yum

Index Node Components

ESG Search

esg_search.setup_search_service()

Install The Search Service… - Takes boolean arg: 0 = setup / install mode (default)

1 = updated mode

In setup mode it is an idempotent install (default) In update mode it will always pull down latest after archiving old

Solr

solr.download_template_directory()

download template directory structure for shards home

solr.extract_solr_tarball(solr_tarball_path, SOLR_VERSION, target_path='/usr/local')

Extract the solr tarball to {target_path} and symlink it to /usr/local/solr

solr.setup_solr(index_config=['master', 'slave'], SOLR_INSTALL_DIR='/usr/local/solr', SOLR_HOME='/usr/local/solr-home', SOLR_DATA_DIR='/esg/solr-index')

Setup Apache Solr for faceted search

solr.solr_status()

Check the status of solr

solr.stop_solr(SOLR_INSTALL_DIR='/usr/local/solr', port='-all')

Stop the solr process

CoG

esg_cog.checkout_cog_branch(cog_path, branch_name)

Checkout a given branch of the COG repo

esg_cog.clone_cog_repo(COG_INSTALL_DIR, COG_TAG='master')

Clone the COG repo from Github

IDP Node Components

ESG Security

esg_security.clean_security_webapp_subsystem()

Removes the deprecated esgf-security webapp if found on system

esg_security.create_policy_files(policy_type, security_jar_file)

Creates the policy files depending on the type argument (either local or common).

Parameters:type – The type of policy file to be created. Must either be ‘local’ or ‘common’ Returns:None Raises:TypeError – raises an exception

esg_security.security_startup_hook(node_type_list)

Prepares esgf-security to start

esg_security.setup_security(node_type_list, esg_dist_url)

• Takes boolean arg: 0 = setup / install mode (default)

  1 = updated mode

In setup mode it is an idempotent install (default) In update mode it will always pull down latest after archiving old

esg_security.write_security_db_install_log(db_dir, esgf_security_version)

Writes esgf-security settings to install manifest

Globus

globus.check_for_existing_globus_rpm_packages()

Check if globus rpm is already installed

globus.create_globus_account(globus_sys_acct)

Create the system account for globus to run as.

globus.globus_check_certificates()

Check if globus certificates are valid

globus.install_globus_rpm()

Install globus rpm repo

globus.setup_globus(installation_type)

Globus Toolkit -> MyProxy (client) & GridFTP (server) Takes arg <selection bit vector> The rest of the args are the following… for data-node configuration (GridFTP stuff): [“bdm”|”end-user”] see esg-globus script for idp configuration (MyProxy stuff): [gen-self-cert] <dir> | <regen-simpleca> [fetch-certs|gen-self-cert|keep-certs] | [“install”|”update”]

globus.setup_globus_services(config_type)

arg1 - config_type (“datanode” | “gateway” [“install”|”update”])

globus.start_globus(installation_type)

Starts the globus services by delegating out to esg-globus script arg1 selection bit vector ($sel) args* (in the context of “data” node -> [“bdm”|”end-user”])

globus.stop_globus(installation_type)

Stops the globus services

globus.stop_globus_services(config_type)

Stop globus

globus.write_globus_env(globus_location)

Write globus properties to /etc/esg.env

IDP

idp.main()

Main function

idp.setup_idp()

Setup IDP service

idp.write_idp_install_log(idp_service_app_home)

Write IDP properties to install manifest and property file