Globus Connect Server v5 Quickstart Guide
Last Updated: January 19, 2021
1. Introduction
This is a condensed version of the Globus Connect Server v5.4 installation and data access guides intended for users who want to do a basic setup of Globus Connect Server on a single node providing access to a Posix filesystem. The other documents provide more details and information about the available features and policies available for configuring Globus Connect Server on your system.
This document assumes you have root access to a machine to use for Globus Connect Server, running a recent Debian, Ubuntu, Fedora, or RHEL-compatible operating system. This machine must allow network access to TCP ports 443 and the range 50000-51000 and have a synchronized system clock. Read the prerequisites section of the install doc for an explanation of these.
In this document, we will show some example invocations of the Globus Connect Server
management commands. If you plan to follow along on your own system, you’ll need
to change the commands to reflect your organization and login policies.
Anywhere you see something highlighted like this you’ll need to
replace the text with something that matches the desired policies for your
own endpoint.
1.1. Install Globus Connect Server version 5 software
Skip to the appropriate section for your Linux distribution and follow the instructions to install Globus Connect Server version 5 on your system.
sudo yum install https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm
sudo yum install https://downloads.globus.org/globus-connect-server/stable/installers/repo/rpm/globus-repo-latest.noarch.rpmInstall Globus Connect Server:
sudo yum install globus-connect-server54sudo dnf install https://dl.fedoraproject.org/pub/epel/epel-release-latest-8.noarch.rpm
sudo dnf install https://downloads.globus.org/globus-connect-server/stable/installers/repo/rpm/globus-repo-latest.noarch.rpmEnsure the mod_auth_openidc module stream is disabled, as it will conflict with packages in the Globus repository:
sudo dnf module disable mod_auth_openidcInstall the DNF config manager:
sudo dnf install 'dnf-command(config-manager)'Install Globus Connect Server:
sudo dnf install globus-connect-server54sudo dnf install https://dl.fedoraproject.org/pub/epel/epel-release-latest-9.noarch.rpm
sudo dnf install https://downloads.globus.org/globus-connect-server/stable/installers/repo/rpm/globus-repo-latest.noarch.rpmInstall the DNF config manager:
sudo dnf install 'dnf-command(config-manager)'Install Globus Connect Server:
sudo dnf install globus-connect-server54sudo dnf install https://downloads.globus.org/globus-connect-server/stable/installers/repo/rpm/globus-repo-latest.noarch.rpminstall Globus Connect Server:
sudo dnf install globus-connect-server54curl -LOs https://downloads.globus.org/globus-connect-server/stable/installers/repo/deb/globus-repo_latest_all.deb
sudo dpkg -i globus-repo_latest_all.deb
sudo apt-key add /usr/share/globus-repo/RPM-GPG-KEY-Globus
sudo apt update
sudo apt install globus-connect-server54curl -LOs https://downloads.globus.org/globus-connect-server/stable/installers/repo/deb/globus-repo_latest_all.deb
sudo dpkg -i globus-repo_latest_all.deb
sudo apt-key add /usr/share/globus-repo/RPM-GPG-KEY-Globus
sudo apt update
sudo apt install globus-connect-server54If you are using SUSE Linux Enterprise server, you must enable the PackageHub repository to install all of the Globus Connect Server dependencies.
sudo rpm --import https://downloads.globus.org/globus-connect-server/stable/installers/keys/GPG-KEY-Globus
sudo zypper install https://downloads.globus.org/globus-connect-server/stable/installers/repo/rpm/globus-repo-latest.noarch.rpm
sudo zypper install globus-connect-server541.2. Create the endpoint
To create the endpoint, run the globus-connect-server endpoint setup command.
globus-connect-server endpoint setup "My GCSv5.4 Endpoint" \
--organization "Example Organization" \
--owner admin@example.edu \
--contact-email support@example.eduThe command returns information about the endpoint that may be useful for additional configuration later, including the domain name of the endpoint, a link to send to subscription managers to set the endpoint as managed, and the redirect URI needed if Google Drive or Cloud connectors will be used with this endpoint.
1.3. Set up services on the Data Transfer Node
Run the globus-connect-server node setup command to configure and start the
Globus services on the Data Transfer Node. This command must be done as the root user,
as it enables and starts systemd services. The deployment-key.json
file from the previous step will be used by this command.
sudo globus-connect-server node setup1.4. Log into the endpoint
globus-connect-server login localhost
This creates local authentication tokens that can be used by the Globus Connect Server command-line interface to interact with the endpoint. Log in with the identity you chose as the endpoint owner in [create-globus-endpoint-section].
1.5. Set the endpoint as managed
Endpoints that require premium functionality—such as guest collections for data sharing and premium connectors—must be managed under a Globus subscription. If your organization has a subscription, and your Globus account has the subscription manager role, you may set the endpoint as managed using the globus-connect-server command as follows.
globus-connect-server endpoint set-subscription-id DEFAULT1.6. Create OIDC Server (optional)
If your site does not have a identity provider available for logging in to Globus, you can use a Globus provided OIDC provider that uses PAM to authenticate users with local accounts. This is documented in the Globus OIDC Installation Guide. For this quickstart, we’ll use the --quickstart-server-name option to register the identity provider using the identity subdomain of the endpoint’s domain. The guide contains information about how to use a site-specific DNS name and certificate for this service.
sudo globus-connect-server oidc create \
--display-name "OIDC Server for example.edu" \
--support-contact "Joe Admin"\
--support-email "support@example.edu" \
--quickstart-server-name identity
sudo globus-connect-server oidc showThis script will print out a line indicating the domain that is being used for
the OIDC server. Use this in place of example.edu when creating
the storage gateway in the next step to use this service for authentication.
1.7. Create the Storage Gateway
globus-connect-server storage-gateway create posix \
"Example Gateway" \
--domain example.eduThis creates a Storage Gateway named Posix Gateway that restricts access to
identities that have an example.edu domain. Copy the Storage Gateway ID in the
output to use in the next step in place of STORAGE_GATEWAY_ID.
For more information on other policies that can be set on a Storage Gateway see The Storage Gateway section of the Data Access Guide. For instructions on creating Storage Gateways for Connectors other that POSIX see GCSv5 Premium Connectors
1.8. Create a Mapped Collection
globus-connect-server collection create \
STORAGE_GATEWAY_ID \
/home/ \
"Example Collection"This creates a Mapped Collection named Example Collection rooted on the path /home/ using the Storage Gateway created in Create the Storage Gateway. This Collection will be visible to users through the Globus webapp, who will be able to access data in /home/ if they have an account from example.edu. The Globus accounts USER@example.edu will be granted access if there is a corresponding local account for USER.
2. Additional Reading
- Globus Connect Server v5.4 Installation Guide
-
This guide contains information about the features of Globus Connect Server v5.4, complete steps for endpoint configuration, as well as links to reference material about the Globus Connect Server command line tool. Using this document, you can learn how to set up multiple Data Transfer Nodes to provide service for a single endpoint.
- Globus Connect Server v5.4 Data Access Guide
-
This guide contains describes how to configure data access policies for your endpoint and its collections.
- Globus Connect Server v5.4 Identity Mapping Guide
-
This guide contains details about how to configure a Globus Connect Server endpoint to support Globus users from different identity providers.
- Premium Storage Connectors
-
This section of the website contains information about how to configure a Globus Connect Server endpoint to use a premium storage connector.