Note

The Grid Community Toolkit documentation was taken from the Globus Toolkit 6.0 documentation. As a result, there may be inaccuracies and outdated information. Please report any problems to the Grid Community Forums as GitHub issues.

GCTGridFTP → GCT 6.2 GridFTP: User’s Guide

Introduction

The GridFTP User’s Guide provides general end user-oriented information.

Using GridFTP for Data Movement

GridFTP clients

The Globus Service is the recommended interface to move data to and from GridFTP servers. Globus Online provides a web GUI, command line interface and a REST API for GridFTP data movement. It provides automatic fault recovery and automatic tuning of optimization parameters to achieve high performance.

The Grid Community Toolkit provides a GridFTP client called globus-url-copy, a command line interface, suitable for scripting. For example, the following command:

globus-url-copy gsiftp://remote.host.edu/path/to/file
   file:///path/on/local/host

would transfer a file from a remote host to the locally accessible path specified in the second URL.

The Grid Community Toolkit also provides FTP client libraries in C and the jGlobus provides Java client libraries for building custom GridFTP clients.

Configuring the GridFTP client

If client is behind a firewall

If the GridFTP client is behind a firewall:

  1. Contact your network administrator to open up a range of ports (for GridFTP data channel connections) for the incoming connections. If the firewall blocks the outgoing connections, open up a range of ports for outgoing connections as well.

  2. Set the environment variable GLOBUS_TCP_PORT_RANGE

    export GLOBUS_TCP_PORT_RANGE=min,max

    where min,max specify the port range that you have opened for the incoming connections on the firewall. This restricts the listening ports of the GridFTP client to this range. Recommended range is 1000 (e.g., 50000-51000) but it really depends on how much use you expect.

  3. If you have a firewall blocking the outgoing connections and you have opened a range of (local) ports, set the environment variable GLOBUS_TCP_SOURCE_RANGE:

    export GLOBUS_TCP_SOURCE_RANGE=min,max

    where min,max specify the port range that you have opened for the outgoing connections on the firewall. This restricts the GridFTP client to bind to a local port in this range for outbound connections. Recommended range is twice the range used for GLOBUS_TCP_PORT_RANGE, because if parallel TCP streams are used for transfers, the listening port would remain the same for each connection but the connecting port would be different for each connection.

Additional information on Grid Community Toolkit Firewall Requirements is available here.

Configuring security

SSH Security

There is no additional configuration required to use GridFTP in conjunction with SSH.

GSI Security

In order to use GSI security for the transfers, you need to obtain and install a user certificate from a certificate authority trusted by the GridFTP servers that you wish to move data in and out of, and configure the client to trust the certificate authority that signed the certificates of the GridFTP server(s)

Basic procedure for using globus-url-copy

If you just want the "rules of thumb" on getting started (without all the details), the following options using globus-url-copy will normally give acceptable performance:

For a single file transfer:

globus-url-copy -vb -p 4 source_url destination_url

where:

-vb

specifies verbose mode and displays:

  • number of bytes transferred,

  • performance since the last update (currently every 5 seconds), and

  • average performance for the whole transfer.

-p

Specifies the number of parallel data connections that should be used. This is one of the most commonly used options.

For a directory transfer:

globus-url-copy -vb -p 4  -r -cd - cc 4 source_url destination_url

where:

-cc

Specifies the number of concurrent FTP connections to use for multiple transfers.

-cd

Creates destination directories, if needed.

-r

Copies files in subdirectories.

The source/destination URLs will normally be one of the following:

  • file:///path/to/my/file if you are accessing a file on a file system accessible by the host on which you are running your client.

  • gsiftp://hostname/path/to/remote/file if you are accessing a file from a GridFTP server.

Uploading files to a server

One of the most basic tasks in GridFTP is to "put" files, i.e., moving a file from your file system to the server. So for example, if you want to move the file /tmp/foo from a file system accessible to the host on which you are running your client to a file name from a file system accessible to the host on which you are running your client to a file name /tmp/bar on a host named on a host named remote.machine.my.edu running a GridFTP server, you would use this command: running a GridFTP server, you would use this command:

globus-url-copy -vb -p 4 file:///tmp/foo gsiftp://remote.machine.my.edu/tmp/bar
Note

In theory, remote.machine.my.edu could be the same host as the one on which you are running your client, but that is normally only done in testing situations. could be the same host as the one on which you are running your client, but that is normally only done in testing situations.

Downloading files from a server

A get, i.e, moving a file from a server to your file system, would just reverse the source and destination URLs:

Tip

Remember file: always refers to your file system.

globus-url-copy -vb -p 4 gsiftp://remote.machine.my.edu/tmp/bar file:///tmp/foo

Third party transfers between two remote servers

Finally, if you want to move a file between two GridFTP servers (a third party transfer), both URLs would use gsiftp: as the protocol: as the protocol:

globus-url-copy -vb -p 4 gsiftp://other.machine.my.edu/tmp/foo gsiftp://remote.machine.my.edu/tmp/bar

For more information

If you want more information and details on URLs and the command line options, the GCT 6.2 GridFTP Key Concepts gives basic definitions and an overview of the GridFTP protocol as well as our implementation of it.

Using standard FTP clients with GridFTP server

You can use any standard FTP client to communicate with the GridFTP server in the following cases:

  • GridFTP server is configured to allow anonymous access or username/password based authentication. Note that this method is not secure but if the data on the GridFTP server is world readable or if the GridFTP server is accessible only to the clients on a trusted internal network, the GridFTP server may be configured to allow anonymous access or username/password based authentication

  • Your local system administrator has installed "GridFTP Where There is FTP (GWTFTP)", which acts as a proxy between standard FTP clients and GridFTP servers. More information on GWTFTP is available at GridFTP Where There Is FTP (GWTFTP).

Advanced Features

Failures and retries

To retry a transfer after a server or network failure, use the -rst option. To store the untransferred urls for restarting the transfer after a client failure, use the -df option. More information about these options is available here.

For example, globus-url-copy can be invoked in a loop for long running transfers, as shown in the script below:

     #!/bin/sh
     STATEFILE=/path/to/statefile;
     while  [ ! -e $STATEFILE -o -s $STATEFILE ];
     do
     globus-url-copy -rst -p 4  -cc 4 -cd -vb -r -df $STATEFILE gsiftp://srchost/srcdirpath/ gsiftp://dsthost/dstdirpath/;
     sleep 10;
     done;

Load Balancing

When there are multiple GridFTP servers avalibale at endpoints, -af option allows concurrent transfers to be spread across multiple GridFTP servers rather than multiple connections to a single GridFTP server.

For example, globus-url-copy can be invoked as shown below:

     globus-url-copy -cc 4 -af /tmp/alias-file -f /tmp/xfer-file

Contents of /tmp/alias-file look something like this:

     @source
     gridftp1.source-cluster.org
     gridftp2.source-cluster.org
     @destination
     gridftp1.destination-cluster.org
     gridftp2.destination-cluster.org
     gridftp3.destination-cluster.org
     gridftp4.destination-cluster.org
Note

Each line should either be an alias (noted with the @ symbol), or a hostname[:port]. Currently, only the aliases @source and @destination are valid, and they are used for every source or destination url.

Contents of /tmp/xfer-file look something like this:

     gsiftp:///tmp/x1 gsiftp:///tmp/x1
     gsiftp:///tmp/x2 gsiftp:///tmp/x2
     gsiftp:///tmp/x3 gsiftp:///tmp/x3
     gsiftp:///tmp/x4 gsiftp:///tmp/x4
Note

The host part in the url is ignored.

In the above example, the following transfers will happen concurrently:

     gsiftp://gridftp1.source-cluster.org/tmp/x1 gsiftp://gridftp1.destination-cluster.org/tmp/x1
     gsiftp://gridftp2.source-cluster.org/tmp/x2 gsiftp://gridftp2.destination-cluster.org/tmp/x2
     gsiftp://gridftp1.source-cluster.org/tmp/x3 gsiftp://gridftp3.destination-cluster.org/tmp/x3
     gsiftp://gridftp2.source-cluster.org/tmp/x4 gsiftp://gridftp4.destination-cluster.org/tmp/x4

Using UDT as an alternative transport protocol for TCP

UDT is an application-level protocol that uses UDP for data transport. It addresses some of the limitations of TCP in high-bandwidth and high-delay networks and achieves better performance than TCP on those networks. To use UDT as the underlying transport protocol for the GridFTP transfers, use the -udt option.

Note

Note: In order to use this for a third-party transfer, the server must be configured to enable UDT. In order to use this for a client-server transfer, you need to enable multi-threading in globus-url-copy. To switch to threaded flavor, set the environment variable GLOBUS_THREAD_MODEL=pthread.

Encryption and Integrity protection

The data channel is authenticated by default. Integrity protection and encryption are optional. To integrity protect the data, use the -dcsafe option. For encrypted data transfer, use the -dcpriv option.

Striping

The striping functionality enables one to use a set of computers at both ends of a network to transfer data. At both the source and destination ends, the computers need to have a shared file system so that the dataset is accessible from any computer.

This feature is especially useful in configurations where individual nodes at the source and destination clusters have significantly less network capacity when compared to the network capacity available between the clusters. An example would be clusters with the individual nodes connected by 1 Gbit/s Ethernet connections to a switch that is itself connected to the external network at 10 Gbit/s or faster.

To perform striped data movement, use the -stripe option.

Note

This option is useful only if the server is configured for striped data movement.

Experimental Features

Multicasting

To transfer a single file to many destinations in a multicast/broadcast, use the new -mc option.

Note

To use this option, the admin must enable multicasting. Click here for more information.

Warning

This option is EXPERIMENTAL

globus-url-copy -vb -p 4 -mc filename source_url

The filename must contain a line-separated list of destination urls. For example:

gsiftp://localhost:5000/home/user/tst1
       gsiftp://localhost:5000/home/user/tst3
       gsiftp://localhost:5000/home/user/tst4

For more flexibility, you can also specify a single destination url on the command line in addition to the urls in the file. Examples are:

globus-url-copy -MC multicast.file gsiftp://localhost/home/user/src_file

or

globus-url-copy -MC multicast.file gsiftp://localhost/home/user/src_file gsiftp://localhost/home/user/dest_file1
Advanced multicasting options

Along with specifying the list of destination urls in a file, a set of options for each url can be specified. This is done by appending a ? to the resource string in the url followed by semicolon-separated key value pairs. For example:

gsiftp://dst1.domain.com:5000/home/user/tst1?cc=1;tcpbs=10M;P=4

This indicates that the receiving host dst1.domain.com will use 4 parallel stream, a tcp buffer size of 10 MB, and will select 1 host when forwarding on data blocks. This url is specified in the will use 4 parallel stream, a tcp buffer size of 10 MB, and will select 1 host when forwarding on data blocks. This url is specified in the -mc file as described above.

The following is a list of key=value options and their meanings:

P=integer

The number of parallel streams this node will use when forwarding.

cc=integer

The number of urls to which this node will forward data.

tcpbs=formatted integer

The TCP buffer size this node will use when forwarding.

urls=string list

The list of urls that must be children of this node when the spanning tree is complete.

local_write=boolean: y|n

Determines if this data will be written to a local disk, or just forwarded on to the next hop. This is explained more in the Network Overlay section.

subject=string

The DN name to expect from the servers this node is connecting to.

Network Overlay

In addition to allowing multicast, function also allows for creating user-defined network routes.

If the local_write option is set to n, then no data will be written to the local disk, the data will only be forwarded on.

If the local_write option is set to n and is used with the cc=1 option, the data will be forwarded on to exactly one location.

This allows the user to create a network overlay of data hops using each GridFTP server as a router to the ultimate destination.

Bottleneck detection

To determine whether the disk or the network is the bottleneck for the file transfer, use the -nlb option. This option uses NetLogger to estimate speeds of disk and network read/write system calls, and attempt to determine the bottleneck component.

Note

In order to use this, the server must be configured to enable netlogger bottleneck detection.

Example:

globus-url-copy -p 2 -nlb -vb  gsiftp://host1:port/path/myfile gsiftp://host2:port/path/myfile

This will output something like the following:

     Total instantaneous throughput:
     disk read    = 17022.2 Mbits/s
     disk write   = 26630.8 Mbits/s
     net read     = 509.0 Mbits/s
     net write    = 1053.4 Mbits/s
     Bottleneck: network

GridFTP Client Tools

GLOBUS-URL-COPY(1)

NAME

globus-url-copy - globus-url-copy

SYNOPSIS

globus-url-copy [options] SOURCE-URL DESTINATION-URL

DESCRIPTION

The globus-url-copy program is a command line tool for multi-protocol data movement. It supports gsiftp:// (GridFTP), ftp://, http://, https://, sshftp:// and file:/// protocol specifiers in the URL.

OPTIONS

-help, -usage

Print help.

-versions

Print the versions of all modules that this program uses

-c, -continue-on-error

Do not die after any errors. By default, program will exit after most errors.

-a, -ascii

Convert the file to/from ASCII format to/from local file format

-b, -binary

Do not apply any conversion to the files. default

-f FILENAME

Read a list of URL pairs from filename. Each line should contain sourceURL destURL. Enclose URLs with spaces in double qoutes ("). Blank lines and lines beginning with # will be ignored.

-cd, -create-dest

Create destination directory if needed.

-r

Copy files in subdirectories

-fast

Recommended when using GridFTP servers. Use MODE E for all data transfers, including reusing data channels between list and transfer operations.

-t SECONDS

Run the transfer for this number of seconds and then end. Useful for performance testing or forced restart loops.

-q, -quiet

Suppress all output for successful operation.

-v, -verbose

Display URLs being transferred

-vb, -verbose-perf

During the transfer, display the number of bytes transferred and the transfer rate per second. Show URLs being transferred

-dbg, -debugftp

Debug ftp connections. Prints control channel communication to stderr

-rst, -restart

Restart failed ftp operations.

-rst-retries RETRIES

The maximum number of times to retry the operation before giving up on the transfer. Use 0 for infinite. Default is 5.

-rst-interval SECONDS

The interval in seconds to wait after a failure before retrying the transfer. Use 0 for an exponential backoff. Default is 0.

-rst-timeout SECONDS

Maximum time after a failure to keep retrying. Use 0 for no timeout. Default is 0.

-stall-timeout SECONDS, -st SECONDS

How long before cancelling/restarting a transfer with no data movement. Set to 0 to disable. Default is 600 seconds.

-df FILENAME, -dumpfile FILENAME

Path to a file where untransferred URLs will be saved for later restarting. Resulting file is the same format as the -f input file. If file exists, it will be read and all other URL input will be ignored.

-do FILENAME, -dump-only FILENAME

Perform no write operations on the destination. Instead, all files that would be transferred are enumerated and dumped to the specified file. Resulting file is the same format as the -f input file. Note: if you intend to use this file as input for a future transfer, the -create-dest option will be required if any destination directories do not already exist.

-rp, -relative-paths

The path portion of ftp URLs will be interpreted as relative to the user’s starting directory on the server. By default, all paths are root-relative. When this flag is set, the path portion of the ftp URL must start with %2F if it designates a root-relative path.

-s SUBJECT, -subject SUBJECT

Use this subject to match with both the source and dest servers.

-ss SUBJECT, -source-subject SUBJECT

Use this subject to match with the source server

-ds SUBJECT, -dest-subject SUBJECT

Use this subject to match with the destination server.

-tcp-bs SIZE, -tcp-buffer-size SIZE

Specify the size (in bytes) of the buffer to be used by the underlying ftp data channels.

-bs block SIZE, -block-size block SIZE

Specify the size (in bytes) of the buffer to be used by the underlying transfer methods.

-p PARALLELISM, -parallel PARALLELISM

Specify the number of parallel data connections should be used.

-notpt, -no-third-party-transfers

Turn third-party transfers off (on by default).

-nodcau, -no-data-channel-authentication

Turn off data channel authentication for ftp transfers.

-dcsafe, -data-channel-safe

Set data channel protection mode to SAFE

-dcpriv, -data-channel-private

Set data channel protection mode to PRIVATE

Warning
Despite having -dcpriv in its command line globus-url-copy will silently fall back to an unencryted data channel when connected to a server that does not support data channel encryption (e.g. dCache)!
-off, -partial-offset

Offset for partial ftp file transfers, defaults to 0.

-len, -partial-length

Length for partial ftp file transfers, used only for the source url, defaults the full file.

-list URL

List the files located at URL.

-stripe

Enable striped transfers on supported servers.

-striped-block-size, -sbs

Set layout mode and block size for striped transfers. If not set, server defaults will be used. If set to 0, Partitioned mode will be used. If set to > 0, Blocked mode will be used, with this as the block size.

-ipv6

Use ipv6 when available (EXPERIMENTAL)

-udt

Use UDT, a reliable udp based transport protocol, for data transfers

-g2, -gridftp2

Use GridFTP v2 protocol enhancements when possible.

-dp, -delayed-pasv

Enable delayed passive.

-mn NAME, -module-name NAME

Set the back-end storage module to use for both the source and destination in a GridFTP transfer.

-mp PARAMETERS, -module-parameters PARAMETERS

Set the back-end storage module arguments to use for both the source and destination in a GridFTP transfer.

-smn NAME, -src-module-name NAME

Set the back-end storage module to use for the source in a GridFTP transfer.

-smp PARAMETERS, -src-module-parameters PARAMETERS

Set the back-end storage module arguments to use for the source in a GridFTP transfer.

-dmn NAME, -dst-module-name NAME

Set the back-end storage module to use for the destination in a GridFTP transfer.

-dmp PARAMETERS, -dst-module-parameters PARAMETERS

Set the back-end storage module arguments to use for the destination in a GridFTP transfer.

-aa FILE, -authz-assert FILE

Use the assertions in FILE to authorize the access with both source and destination servers.

-saa FILE, -src-authz-assert FILE

Use the assertions in this file to authorize the access with source server.

-daa FILE, -dst-authz-assert FILE

Use the assertions in this file to authorize the access with dest server.

-cache-aa, -cache-authz-assert

Cache the authz assertion for subsequent transfers.

-cache-saa, -cache-src-authz-assert

Cache the src authz assertion for subsequent transfers.

-cache-daa, -cache-dst-authz-assert

Cache the dst authz assertion for subsequent transfers.

-pipeline, -pp

Enable pipelining support for multi-file ftp transfers. Currently third-party transfers benefit from this. EXPERIMENTAL

-concurrency, -cc

Number of concurrent ftp connections to use for multiple transfers.

-nl-bottleneck, -nlb

Use NetLogger to estimate speeds of disk and network read/write system calls, and attempt to determine the bottleneck component.

-sp COMMANDS, -src-pipe COMMANDS

Set the source end of a remote transfer to use piped in input with the given command line. Do not use with -fsstack.

-DP COMMANDS, -dst-pipe COMMANDS

Set the destination end of a remote transfer to write data to then standard input of the program run via the given command line. Do not use with -fsstack.

-pipe COMMANDS

Sets both -src-pipe and -dst-pipe to the same thing.

-dcstack STACK, -data-channel-stack STACK

Set the XIO driver stack for the network on both the source and the destination. Both must be GridFTP servers. The stack should contain all network drivers to use, in the order specified from bottom to top (e.g. -dcstack tcp,gsi). If the gsi driver is not included in the stack and data channel authentication is enabled, it will be inserted above the transport driver in the stack.

-fsstack STACK, -file-system-stack STACK

Set the XIO driver stack for the disk on both the source and the destination. Both must be GridFTP servers. The stack should contain all file system drivers to use, in the order specified from bottom to top.

-src-dcstack STACK, -source-data-channel-stack STACK

Set the XIO driver stack for the network on the source GridFTP server. See -dcstack above for description of the STACK string.

-src-fsstack STACK, -source-file-system-stack STACK

Set the XIO driver stack for the disk on the source GridFTP server. See -fsstack above for description of the STACK string.

-dst-dcstack STACK, -dest-data-channel-stack STACK

Set the XIO driver stack for the network on the destination GridFTP server. See -dcstack above for description of the STACK string.

-dst-fsstack STACK, -dest-file-system-stack STACK

Set the XIO driver stack for the disk on the destination GridFTP server. See -fsstack above for description of the STACK string.

-cred PATH

Set the credentials to use for both ftp connections.

-src-cred CRED-FILE, -sc CRED-FILE

Set the credentials to use for source ftp connections.

-dst-cred CRED-FILE, -dc CRED-FILE

Set the credentials to use for destination ftp connections.

-af FILENAME, -alias-file FILENAME

File with mapping of logical host aliases to lists of physical hosts. When used with multiple concurrent connections, each connection uses the next host in the list. Each line should either be an alias, noted with the @ symbol, or a hostname[:port]. Currently, only the aliases @source and @destination are valid, and they are used for every source or destination URL.

-sync

Only transfer files where the destination does not exist or differs from the source. -sync-level controls how to determine if files differ.

-sync-level number

Criteria for determining if files differ when performing a sync transfer. The default sync level is 2. The available levels are:

  • Level 0 will only transfer if the destination does not exist.

  • Level 1 will transfer if the size of the destination does not match the size of the source.

  • Level 2 will transfer if the time stamp of the destination is older than the time stamp of the source.

  • Level 3 will perform a checksum of the source and destination and transfer if the checksums do not match.

AUTHOR

Copyright © 1999-2014 University of Chicago

Interactive clients for GridFTP

The Grid Community Toolkit does not contain an interactive client for GridFTP. Any normal FTP client will work with a GridFTP server, but it cannot take advantage of the advanced features of GridFTP. The interactive clients listed below take advantage of the advanced features of GridFTP.

There is no endorsement implied by their presence here. We make no assertion as to the quality or appropriateness of these tools, we simply provide this for your convenience. We will not answer questions, accept bugs, or in any way shape or form be responsible for these tools, although they should have mechanisms of their own for such things.

UberFTP was developed at the NCSA under the auspices of NMI and TeraGrid:

Graphical User Interface

Globus Online

Grid Community Toolkit does not provide a client with Graphical User Interface (GUI) but Globus Service provides a web GUI for GridFTP data movement. It has the following features: * With a one-click Globus Connect Personal installed on your local system, you can browse the local file system and transfer files and directories between the local system and remote GridFTP servers and between two remote GridFTP servers (third-party transfers). * Supports file system operations such as creating, deleting and renaming files and directories.

Supported Platforms: * Windows * Linux * Mac

Troubleshooting

If you are having problems using the GridFTP server, try the steps listed below. If you have an error, try checking the server logs if you have access to them. By default, the server logs to stderr, unless it is running from inetd, or its execution mode is detached, in which case logging is disabled by default.

The command line options -d , -log-level, -L and -logdir can affect where logs will be written, as can the configuration file options log_single and log_unique. See globus-gridftp-server for more information on these and other configuration options.

Error Codes in GridFTP

Table 1. GridFTP Errors
Error Code Definition Possible Solutions

globus_ftp_client: the server responded with an error
530 530-globus_xio: Authentication Error
530-OpenSSL Error: s3_srvr.c:2525: in library: SSL routines,
function SSL3_GET_CLIENT_CERTIFICATE: no certificate returned
530-globus_gsi_callback_module: Could not verify credential
530-globus_gsi_callback_module: Can’t get the local trusted CA certificate:
Untrusted self-signed certificate in chain with hash d1b603c3
530 End.

This error message indicates that the GridFTP server doesn’t trust the certificate authority (CA) that issued your certificate.

You need to ask the GridFTP server administrator to install your CA certificate chain in the GridFTP server’s trusted certificates directory.

globus_ftp_control: gss_init_sec_context failed
OpenSSL Error: s3_clnt.c:951: in library: SSL routines, function
SSL3_GET_SERVER_CERTIFICATE: certificate verify failed
globus_gsi_callback_module: Could not verify credential
globus_gsi_callback_module: Can’t get the local trusted CA certificate:
Untrusted self-signed certificate in chain with hash d1b603c3

This error message indicates that your local system doesn’t trust the certificate authority (CA) that issued the certificate on the resource you are connecting to.

You need to ask the resource administrator which CA issued their certificate and install the CA certificate in the local trusted certificates directory.

530-globus_xio: Authentication Error
530-globus_gsi_callback_module: Could not verify credential
530-globus_gsi_callback_module: Could not verify credential
530-globus_gsi_callback_module: Invalid CRL: The available CRL has expired
530 End.

This error message indicates one of the following: Certificate Revocation List (CRL) for the source or destination server CA at the client has expired or CRL for client CA has expired at source or destination server or CRL for source (destination) server CA has expired at destination (source) server. CRL is a file {CA_hash}.r0 in /etc/grid-security/certificates or ${USER_HOME}/.globus/certificates or ${X509_CERT_DIR}

The tool available at http://dist.eugridpma.info/distribution/util/fetch-crl/ can be run in a crontab to keep the CRLs up to date.

Establish control channel connection

Verify that you can establish a control channel connection and that the server has started successfully by telnetting to the port on which the server is running:

% telnet localhost 2811
                Trying 127.0.0.1...
                Connected to localhost.
                Escape character is '^]'.
                220 GridFTP Server mldev.mcs.anl.gov 2.0 (gcc32dbg, 1113865414-1) ready.

If you see anything other than a 220 banner such as the one above, the server has not started correctly.

Verify that there are no configuration files being unexpectedly loaded from /etc/grid-security/gridftp.conf or $GLOBUS_LOCATION/etc/gridftp.conf. If those files exist, and you did not intend for them to be used, rename them to .save, or specify -c none on the command line and try again.

If you can log into the machine where the server is, try running the server from the command line with only the -s option:

$GLOBUS_LOCATION/sbin/globus-gridftp-server -s

The server will print the port it is listening on:

Server listening at gridftp.mcs.anl.gov:57764

Now try and telnet to that port. If you still do not get the banner listed above, something is preventing the socket connection. Check firewalls, tcp-wrapper, etc.

If you now get a correct banner, add -p 2811 (you will have to disable (x)inetd on port 2811 if you are using them or you will get port already in use):

$GLOBUS_LOCATION/sbin/globus-gridftp-server -s -p 2811

Now telnet to port 2811. If this does not work, something is blocking port 2811. Check firewalls, tcp-wrapper, etc.

If this works correctly then re-enable your normal server, but remove all options but -i, -s, or -S.

Now telnet to port 2811. If this does not work, something is wrong with your service configuration. Check /etc/services and (x)inetd config, have (x)inetd restarted, etc.

If this works, begin adding options back one at a time, verifying that you can telnet to the server after each option is added. Continue this till you find the problem or get all the options you want.

At this point, you can establish a control connection. Now try running globus-url-copy.

Try running globus-url-copy

Once you’ve verified that you can establish a control connection, try to make a transfer using globus-url-copy.

If you are doing a client/server transfer (one of your URLs has file: in it) then try: in it) then try:

globus-url-copy -vb -dbg gsiftp://host.server.running.on/dev/zero file:///dev/null

This will run until you control-c the transfer. If that works, reverse the direction:

globus-url-copy -vb -dbg file:///dev/zero gsiftp://host.server.running.on/dev/null

Again, this will run until you control-c the transfer.

If you are doing a third party transfer, run this command:

globus-url-copy -vb -dbg gsiftp://host.server1.on/dev/zero gsiftp://host.server2.on/dev/null

Again, this will run until you control-c the transfer.

If the above transfers work, try your transfer again. If it fails, you likely have some sort of file permissions problem, typo in a file name, etc.

If your server starts…​

If the server has started correctly, and your problem is with a security failure or gridmap lookup failure, verify that you have security configured properly here.

If the server is running and your client successfully authenticates but has a problem at some other time during the session, please ask for help on [email protected]. When you send mail or submit bugs, please always include as much of the following information as possible:

  • Specs on all hosts involved (OS, processor, RAM, etc).

  • globus-url-copy -version

  • globus-url-copy -versions

  • Output from the telnet test above.

  • The actual command line you ran with -dbg added. Don’t worry if the output gets long.

  • Check that you are getting a FQDN and /etc/hosts that is sane.

  • The server configuration and setup (/etc/services entries, (x)inetd configs, etc.).

  • Any relevant lines from the server logs (not the entire log please).

High latency for GridFTP server connections

If you run GridFTP servers via Xinetd and notice high latency for connections and/or transfers, check if /etc/xinetd.conf or the gsiftp service configuration inside or the gsiftp service configuration inside /etc/xinetd.d is set to log USERID as follows: is set to log USERID as follows:

log_on_success += USERID
log_on_failure += USERID

Such a configuration tells Xinetd to log the remote user using the method defined in RFC 1413, which causes an ident client to attempt to query the machine that the connection is coming from before the service will run. Even when this succeeds, the response can’t be trusted, and more often than not it is rejected or simply dropped (which results in the longest delays) by the remote firewall.

Latency can be reduced by making sure Xinetd does not log the USERID.

Usage statistics collection by the Globus Alliance

GridFTP-specific usage statistics

The following GridFTP-specific usage statistics are sent in a UDP packet at the end of each transfer, in addition to the standard header information described in the Usage Stats section.

  • Start time of the transfer

  • End time of the transfer

  • Version string of the server

  • TCP buffer size used for the transfer

  • Block size used for the transfer

  • Total number of bytes transferred

  • Number of parallel streams used for the transfer

  • Number of stripes used for the transfer

  • Type of transfer (STOR, RETR, LIST)

  • FTP response code — Success or failure of the transfer

Note

The client (globus-url-copy) does NOT send any data. It is the servers that send the usage statistics.

We have made a concerted effort to collect only data that is not too intrusive or private and yet still provides us with information that will help improve and gauge the usage of the GridFTP server. Nevertheless, if you wish to disable this feature for GridFTP only, use the -disable-usage-stats option of globus-gridftp-server. Note that you can disable transmission of usage statistics globally for all C components by setting "GLOBUS_USAGE_OPTOUT=1" in your environment.

Also, please see our policy statement on the collection of usage statistics.

Index