Gridftp client: Difference between revisions
From Lsdf
Jump to navigationJump to search
mNo edit summary |
mNo edit summary |
||
(3 intermediate revisions by the same user not shown) | |||
Line 1: | Line 1: | ||
'''LSDF GridFTP Server''' <br> |
|||
* Host: gridftp.lsdf.kit.edu |
|||
* Port: 2811 |
|||
'''Grid Certificate''' <br> |
'''Grid Certificate''' <br> |
||
* In order to use gridftp you need to have a valid grid certificate issued from the [https://gridka-ca-sec.fzk.de/ GridKa Certificate Authority] (CA). |
* In order to use gridftp you need to have a valid grid certificate issued from the [https://gridka-ca-sec.fzk.de/ GridKa Certificate Authority] (CA). For instructions see https://gridka-ca-sec.fzk.de/help/index.php?lid=1 |
||
* Export your certificate from your browser as pk12 file and convert into the pem format with this [https://gridka-ca-sec.fzk.de/download/p12-2-pem-en.sh script] (requires openssl): |
* Export your certificate from your browser as pk12 file and convert into the pem format with this [https://gridka-ca-sec.fzk.de/download/p12-2-pem-en.sh script] (requires openssl): |
||
wget --no-check-certificate https://gridka-ca-sec.fzk.de/download/p12-2-pem-en.sh |
wget --no-check-certificate https://gridka-ca-sec.fzk.de/download/p12-2-pem-en.sh |
||
Line 15: | Line 18: | ||
-r--r--r--. 1 myname users 1999 Mar 15 09:28 usercert.pem |
-r--r--r--. 1 myname users 1999 Mar 15 09:28 usercert.pem |
||
-r--------. 1 myname users 2004 Mar 15 09:28 userkey.pem |
-r--------. 1 myname users 2004 Mar 15 09:28 userkey.pem |
||
* The gridftp client needs to trust the CA that issued the host certificate of the gridftp server. Therefore, you need copy the CA root certificate of the [https://gridka-ca-sec.fzk.de/ GridKa CA] to the certificates subfolder: |
|||
cd $HOME/.globus/certificates |
|||
wget --no-check-certificate https://gridka-ca-sec.fzk.de/gridka-root-cert.crt |
|||
openssl x509 -in gridka-root-cert.crt -out 7ecb2657.0 -outform PEM |
|||
rm gridka-root-cert.crt |
|||
(remark: 7ecb2657 is a hash of the CA pem file: |
|||
openssl x509 -hash -noout < 7ecb2657.0 |
|||
7ecb2657 |
|||
)<br> |
|||
Create a text file called 7ecb2657.signing_policy with the following content: |
|||
access_id_CA X509 '/C=DE/O=GermanGrid/CN=GridKa-CA' |
|||
pos_rights globus CA:sign |
|||
cond_subjects globus '"/C=DE/O=GermanGrid/*" "/O=GermanGrid/OU=*"' |
|||
ls -l $HOME/.globus/certificates |
|||
-rw-r--r--. 1 myname users 1631 Mar 9 07:35 7ecb2657.0 |
|||
-rw-r--r--. 1 myname users 267 Mar 9 07:35 7ecb2657.signing_policy |
|||
* Install globus-proxy-utils (contains commands grid-proxy-init, grid-proxy-info and grid-proxy-destroy)<br> |
|||
On Red Hat (Fedora, CentOS, Scientific Linux): |
|||
yum install globus-proxy-utils |
|||
On Debian (Debian, Ubuntu): |
|||
apt-get install globus-proxy-utils |
|||
* Generate a grid proxy: |
|||
grid-proxy-init |
|||
Your identity: /C=DE/O=GermanGrid/OU=KIT/CN=My Name |
|||
Enter GRID pass phrase for this identity: |
|||
Creating proxy .................................................................... Done |
|||
Your proxy is valid until: Tue Mar 19 21:52:39 2013 |
|||
grid-proxy-info |
|||
subject : /C=DE/O=GermanGrid/OU=KIT/CN=My Name/CN=1846815392 |
|||
issuer : /C=DE/O=GermanGrid/OU=KIT/CN=My Name |
|||
identity : /C=DE/O=GermanGrid/OU=KIT/CN=My Name |
|||
type : RFC 3820 compliant impersonation proxy |
|||
strength : 512 bits |
|||
path : /tmp/x509up_u1000 |
|||
timeleft : 11:59:52 |
|||
'''uberftp''' <br> |
|||
[http://dims.ncsa.illinois.edu/set/uberftp/ uberftp] is an interactive gridftp client. |
|||
* On Red Hat based distributions it can be installed with: |
|||
yum install uberftp |
|||
* Connect to server (requires valid grid proxy): |
|||
uberftp gridftp.lsdf.kit.edu |
|||
220 sif-s-02.lsdf.kit.edu GridFTP Server 6.16 (gcc64, 1352462503-83) [Globus Toolkit 5.2.2] ready. |
|||
230-User myname logged in. |
|||
230-Welcome to LSDF! |
|||
230 End. |
|||
UberFTP> cd /gpfs/home/myname |
|||
UberFTP> quit |
|||
221 Goodbye. |
|||
Enter help to see all uberftp commands. |
|||
'''globus-url-copy''' <br> |
|||
Globus-url-copy is a command line copy command using gridftp. |
|||
* On Red Hat based distributions it can be installed with: |
|||
yum install globus-gass-copy-progs |
|||
* Copy a local file to lsdf (requires valid grid proxy): |
|||
globus-url-copy file:////path/to/myfile gsiftp://gridftp.lsdf.kit.edu:2811/gpfs/home/username/myfile |
|||
'''Troubleshooting''' |
|||
* Error messages from gridftp server: http://www.globus.org/toolkit/docs/4.2/4.2.0/data/gridftp/admin/gridftp-troubleshooting.html |
|||
* If you need help open a ticket at [https://helpdesk.lsdf.kit.edu/ helpdesk] |
|||
* Problem "Gridmap lookup failure": |
|||
uberftp gridftp.lsdf.kit.edu |
|||
220 sif-s-02.lsdf.kit.edu GridFTP Server 6.16 (gcc64, 1352462503-83) [Globus Toolkit 5.2.2] ready. |
|||
530-Login incorrect. : globus_gss_assist: Gridmap lookup failure: Could not map /C=DE/O=GermanGrid/OU=KIT/CN=My Name |
|||
530- |
|||
530 End. |
|||
Solution: Ask [https://helpdesk.lsdf.kit.edu/ helpdesk] to map your DN (/C=DE/O=GermanGrid/OU=KIT/CN=My Name) to your LSDF account. |
Latest revision as of 11:10, 19 March 2013
LSDF GridFTP Server
- Host: gridftp.lsdf.kit.edu
- Port: 2811
Grid Certificate
- In order to use gridftp you need to have a valid grid certificate issued from the GridKa Certificate Authority (CA). For instructions see https://gridka-ca-sec.fzk.de/help/index.php?lid=1
- Export your certificate from your browser as pk12 file and convert into the pem format with this script (requires openssl):
wget --no-check-certificate https://gridka-ca-sec.fzk.de/download/p12-2-pem-en.sh chmod 755 p12-2-pem-en.sh ./p12-2-pem-en.sh usercert.p12
- copy user certificate files in .globus folder:
mkdir -p $HOME/.globus/certificates mv usercert.pem $HOME/.globus mv userkey.pem $HOME/.globus chmod og-rwx $HOME/.globus userkey.pem ls -l $HOME/.globus/ drwxrwxr-x. 2 myname users 4096 Mar 9 08:29 certificates -r--r--r--. 1 myname users 1999 Mar 15 09:28 usercert.pem -r--------. 1 myname users 2004 Mar 15 09:28 userkey.pem
- The gridftp client needs to trust the CA that issued the host certificate of the gridftp server. Therefore, you need copy the CA root certificate of the GridKa CA to the certificates subfolder:
cd $HOME/.globus/certificates wget --no-check-certificate https://gridka-ca-sec.fzk.de/gridka-root-cert.crt openssl x509 -in gridka-root-cert.crt -out 7ecb2657.0 -outform PEM rm gridka-root-cert.crt
(remark: 7ecb2657 is a hash of the CA pem file:
openssl x509 -hash -noout < 7ecb2657.0 7ecb2657
)
Create a text file called 7ecb2657.signing_policy with the following content:
access_id_CA X509 '/C=DE/O=GermanGrid/CN=GridKa-CA' pos_rights globus CA:sign cond_subjects globus '"/C=DE/O=GermanGrid/*" "/O=GermanGrid/OU=*"'
ls -l $HOME/.globus/certificates -rw-r--r--. 1 myname users 1631 Mar 9 07:35 7ecb2657.0 -rw-r--r--. 1 myname users 267 Mar 9 07:35 7ecb2657.signing_policy
- Install globus-proxy-utils (contains commands grid-proxy-init, grid-proxy-info and grid-proxy-destroy)
On Red Hat (Fedora, CentOS, Scientific Linux):
yum install globus-proxy-utils
On Debian (Debian, Ubuntu):
apt-get install globus-proxy-utils
- Generate a grid proxy:
grid-proxy-init Your identity: /C=DE/O=GermanGrid/OU=KIT/CN=My Name Enter GRID pass phrase for this identity: Creating proxy .................................................................... Done Your proxy is valid until: Tue Mar 19 21:52:39 2013 grid-proxy-info subject : /C=DE/O=GermanGrid/OU=KIT/CN=My Name/CN=1846815392 issuer : /C=DE/O=GermanGrid/OU=KIT/CN=My Name identity : /C=DE/O=GermanGrid/OU=KIT/CN=My Name type : RFC 3820 compliant impersonation proxy strength : 512 bits path : /tmp/x509up_u1000 timeleft : 11:59:52
uberftp
uberftp is an interactive gridftp client.
- On Red Hat based distributions it can be installed with:
yum install uberftp
- Connect to server (requires valid grid proxy):
uberftp gridftp.lsdf.kit.edu 220 sif-s-02.lsdf.kit.edu GridFTP Server 6.16 (gcc64, 1352462503-83) [Globus Toolkit 5.2.2] ready. 230-User myname logged in. 230-Welcome to LSDF! 230 End. UberFTP> cd /gpfs/home/myname UberFTP> quit 221 Goodbye.
Enter help to see all uberftp commands.
globus-url-copy
Globus-url-copy is a command line copy command using gridftp.
- On Red Hat based distributions it can be installed with:
yum install globus-gass-copy-progs
- Copy a local file to lsdf (requires valid grid proxy):
globus-url-copy file:////path/to/myfile gsiftp://gridftp.lsdf.kit.edu:2811/gpfs/home/username/myfile
Troubleshooting
- Error messages from gridftp server: http://www.globus.org/toolkit/docs/4.2/4.2.0/data/gridftp/admin/gridftp-troubleshooting.html
- If you need help open a ticket at helpdesk
- Problem "Gridmap lookup failure":
uberftp gridftp.lsdf.kit.edu 220 sif-s-02.lsdf.kit.edu GridFTP Server 6.16 (gcc64, 1352462503-83) [Globus Toolkit 5.2.2] ready. 530-Login incorrect. : globus_gss_assist: Gridmap lookup failure: Could not map /C=DE/O=GermanGrid/OU=KIT/CN=My Name 530- 530 End.
Solution: Ask helpdesk to map your DN (/C=DE/O=GermanGrid/OU=KIT/CN=My Name) to your LSDF account.