In order to install GCS software, you must sudo. The GCS install creates 2 files in the user's current working directory:
-rw-------. 1 root root 1615 Apr 21 15:27 deployment-key.json
-rw-r--r--. 1 root root 0 Apr 21 15:27 globus-connect-server.log
Then, during the globus-connect-server endpoint create step, which should be done as the user, it tries to read the deployment-key.json file which it cannot do. So I sudo'd and chmod'd it to be 644. Then went back and reran the command. it then tried to write to the globus-connect-server.log file. It couldn't do that either since it was 644. So I sudo'd and chmod'd it to 666.
Delivery Effort Stage:
When installing the software, you MUST have a Globus account through your XSEDE ID. Failure to use it will result in a userid that cannot be validated error:
[root@vm034 susan]# globus-connect-server endpoint setup "bridges2-GCS" --organization "XCI-826" --client-id "6acbdcdb-8d36-4885-b9a4-4f4c15a1e152" --owner susan@psc.edu
Secret:
Secret:
Globus Connect Server uses the Let's Encrypt service to manage
certificates for the web services it installs on your data transfer
nodes. These certificates are issued for DNS domain names operated by
the Globus Project.
Please read the Terms of Service at:
https://letsencrypt.org/repository/
Do you agree to these Terms of Service? [y/N]: y
[###########--------------] 46% 00:00:03 Check subscription status
Requested owner susan@psc.edu exists but does not have a validated account
After discussion with JP, he noticed that I'm trying to log in as PSC user susan@psc.edu, whereas i should have been trying as my XSEDE alter ego, slitzing@xsede.org. Making that change got over this hurdle:
[susan@vm034 ~]$ globus-connect-server endpoint setup "bridges2-GCS" --organization "XCI-826" --client-id "6acbdcdb-8d36-4885-b9a4-4f4c15a1e152" --owner slitzing@xsede.org --keywords XSEDE
Secret:
Globus Connect Server uses the Let's Encrypt service to manage
certificates for the web services it installs on your data transfer
nodes. These certificates are issued for DNS domain names operated by
the Globus Project.
Please read the Terms of Service at:
https://letsencrypt.org/repository/
Do you agree to these Terms of Service? [y/N]: y
[################---------] 66% 00:00:01 DNS registration (may take a few [##################-------] 73% 00:00:06 DNS registration [####################-----] 80% 00:00:05 Create Let's Encrypt account [#####################----] 86% 00:00:03 Get Certificate (may take a few m inutes)
[#######################--] 93% 00:00:04 Get Certificate [#########################] 100% Register with Globus [#########################] 100%
Created endpoint 6acbdcdb-8d36-4885-b9a4-4f4c15a1e152
Endpoint domain_name e65a9.36fe.data.globus.org
No subscription is set on this endpoint, so only basic features are enabled
To enable subscription features on this endpoint, have the Globus subscription manager for your organization assign a subscription to this endpoint at
https://app.globus.org/file-manager/collections/6acbdcdb-8d36-4885-b9a4-... after you've set up at least one node
If you plan on using the Google Drive or Google Cloud Storage connectors, use
https://e65a9.36fe.data.globus.org/api/v1/authcallback_google
as the Authorized redirect URI for this endpoint
It isn't necessary to use an XSEDE ID to set up a Globus endpoint. But you must use an ID that you've previously used to login with Globus. The error message you received regarding your PSC ID was letting you know that you'd never used your PSC ID with Globus. PSC doesn't have an OpenID Connect or CILogon login service, so you actually can't use your PSC ID with Globus.
Since you've logged into applications using your XSEDE ID before, the XSEDE ID worked. (All of the following web applications use Globus for logins: the XSEDE User Portal, XSEDE Confluence, XSEDE Jira, the Research Software Portal, and of course the Globus web application itself.)
But any ID you can use with Globus (e.g., a campus ID, an ORCID ID, a Google ID, etc.) would work as well as your XSEDE ID.
Bottom line: I think it would be a good idea for the XSEDE GCS 5.4 Installation Guide to explain that you need to use an ID that you can login to Globus with.
This has been clarified in XSEDE's Installation Guide Step 1.c.
Hey Susan,
We've clarified in the documentation which steps require root and which ones do not. Specifically, Globus software installs "endpoint setup" and "node setup" all must happen as root. That is through Globus Installation section 4.4. Similarly, installing and configure xsede-oauth-mapfile should happen as root.
Everything in Globus Installation section 4.5 (login localhost) and beyond, and XSEDE setp 1.d and beyond should happen with an admin or service account and not root.