Gridftp client

From Lsdf
Revision as of 11:10, 19 March 2013 by Jmeyer (talk | contribs)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigationJump to search

LSDF GridFTP Server

  • Host: gridftp.lsdf.kit.edu
  • Port: 2811

Grid Certificate

wget --no-check-certificate https://gridka-ca-sec.fzk.de/download/p12-2-pem-en.sh
chmod 755 p12-2-pem-en.sh
./p12-2-pem-en.sh usercert.p12
  • copy user certificate files in .globus folder:
mkdir -p $HOME/.globus/certificates
mv usercert.pem $HOME/.globus
mv userkey.pem $HOME/.globus
chmod og-rwx $HOME/.globus userkey.pem

ls -l $HOME/.globus/
drwxrwxr-x. 2 myname users 4096 Mar  9 08:29 certificates
-r--r--r--. 1 myname users 1999 Mar 15 09:28 usercert.pem
-r--------. 1 myname users 2004 Mar 15 09:28 userkey.pem
  • The gridftp client needs to trust the CA that issued the host certificate of the gridftp server. Therefore, you need copy the CA root certificate of the GridKa CA to the certificates subfolder:
cd $HOME/.globus/certificates
wget --no-check-certificate https://gridka-ca-sec.fzk.de/gridka-root-cert.crt
openssl x509 -in gridka-root-cert.crt -out 7ecb2657.0 -outform PEM
rm gridka-root-cert.crt

(remark: 7ecb2657 is a hash of the CA pem file:

openssl x509 -hash -noout < 7ecb2657.0
7ecb2657

)
Create a text file called 7ecb2657.signing_policy with the following content:

access_id_CA  X509   '/C=DE/O=GermanGrid/CN=GridKa-CA'
pos_rights    globus CA:sign
cond_subjects globus '"/C=DE/O=GermanGrid/*" "/O=GermanGrid/OU=*"'
ls -l $HOME/.globus/certificates
-rw-r--r--. 1 myname users 1631 Mar  9 07:35 7ecb2657.0
-rw-r--r--. 1 myname users  267 Mar  9 07:35 7ecb2657.signing_policy
  • Install globus-proxy-utils (contains commands grid-proxy-init, grid-proxy-info and grid-proxy-destroy)

On Red Hat (Fedora, CentOS, Scientific Linux):

yum install globus-proxy-utils

On Debian (Debian, Ubuntu):

apt-get install globus-proxy-utils
  • Generate a grid proxy:
grid-proxy-init 
Your identity: /C=DE/O=GermanGrid/OU=KIT/CN=My Name
Enter GRID pass phrase for this identity:
Creating proxy .................................................................... Done
Your proxy is valid until: Tue Mar 19 21:52:39 2013

grid-proxy-info 
subject  : /C=DE/O=GermanGrid/OU=KIT/CN=My Name/CN=1846815392
issuer   : /C=DE/O=GermanGrid/OU=KIT/CN=My Name
identity : /C=DE/O=GermanGrid/OU=KIT/CN=My Name
type     : RFC 3820 compliant impersonation proxy
strength : 512 bits
path     : /tmp/x509up_u1000
timeleft : 11:59:52


uberftp
uberftp is an interactive gridftp client.

  • On Red Hat based distributions it can be installed with:
yum install uberftp
  • Connect to server (requires valid grid proxy):
uberftp gridftp.lsdf.kit.edu
220 sif-s-02.lsdf.kit.edu GridFTP Server 6.16 (gcc64, 1352462503-83) [Globus Toolkit 5.2.2] ready.
230-User myname logged in.
230-Welcome to LSDF!
230 End.
UberFTP> cd /gpfs/home/myname
UberFTP> quit
221 Goodbye.

Enter help to see all uberftp commands.

globus-url-copy
Globus-url-copy is a command line copy command using gridftp.

  • On Red Hat based distributions it can be installed with:
yum install globus-gass-copy-progs
  • Copy a local file to lsdf (requires valid grid proxy):
globus-url-copy file:////path/to/myfile gsiftp://gridftp.lsdf.kit.edu:2811/gpfs/home/username/myfile

Troubleshooting

uberftp gridftp.lsdf.kit.edu
220 sif-s-02.lsdf.kit.edu GridFTP Server 6.16 (gcc64, 1352462503-83) [Globus Toolkit 5.2.2] ready.
530-Login incorrect. : globus_gss_assist: Gridmap lookup failure: Could not map /C=DE/O=GermanGrid/OU=KIT/CN=My Name
530-
530 End.

Solution: Ask helpdesk to map your DN (/C=DE/O=GermanGrid/OU=KIT/CN=My Name) to your LSDF account.