The machine needs to have a public IP address, but does not need a lot of ports open. Actually only needs 1 port open. Make a note of what port is open.
An OSG Certificate: I know that most people do not like using certificates. Actually, no one likes using certificates. Here is the newer, easier place you can apply for a new(ish) digi-cert certificate. Not sure if it's production yet.
First, we will start on the machine as root, we will install the OSG Repos. The instructions are on the OSG Twiki. For RHEL 5, here's the short instructions:
After installing these tools, we need to configure condor to use our certificate, and to flock to our glideinwms provider of choice.
Next, we need to configure the host to use your certificate. In order to do this, we make your certificate the 'host' certificate. Copy your cert and key to: /etc/grid-security/hostcert.pem and /etc/grid-security/hostkey.pem.
Next, we select the glideinwms provider of choice to use. This is covered more in-depth on the OSG Twiki. You will also need to send your certificate to the OSG gateway provider you have chosen. Both have pages on the OSG OIM with contact information. OSG Gateway. HCC Gateway.
Next, we need to set condor to use only a single port, and specify that port. In /etc/condor/config.d/99_osg_flock.conf, add the following lines.
USE_SHARED_PORT = True SHARED_PORT_ARGS = -p 4080
The port number (given by the argument after -p) can be any arbitrary port. Additionally, you will need to open the firewall. In iptables, add a line like:
-A RH-Firewall-1-INPUT -p tcp -m tcp --dport 4080 -j ACCEPT -A RH-Firewall-1-INPUT -p udp -m udp --dport 4080 -j ACCEPT
And, that is all you need. Startup condor with 'service condor start', and you're on your way to running on the OSG with only 1 port open to the world.