Note
|
The Grid Community Toolkit documentation was taken from the Globus Toolkit 6.0 documentation. As a result, there may be inaccuracies and outdated information. Please report any problems to the Grid Community Forums as GitHub issues. |
The GridFTP User’s Guide provides general end user-oriented information.
Using GridFTP for Data Movement
GridFTP clients
The Globus Service is the recommended interface to move data to and from GridFTP servers. Globus Online provides a web GUI, command line interface and a REST API for GridFTP data movement. It provides automatic fault recovery and automatic tuning of optimization parameters to achieve high performance.
The Grid Community Toolkit provides a GridFTP client called globus-url-copy
,
a command line interface, suitable for scripting. For example, the
following command:
globus-url-copy gsiftp://remote.host.edu/path/to/file file:///path/on/local/host
would transfer a file from a remote host to the locally accessible path specified in the second URL.
The Grid Community Toolkit also provides FTP client libraries in C and the jGlobus provides Java client libraries for building custom GridFTP clients.
Configuring the GridFTP client
If client is behind a firewall
If the GridFTP client is behind a firewall:
-
Contact your network administrator to open up a range of ports (for GridFTP data channel connections) for the incoming connections. If the firewall blocks the outgoing connections, open up a range of ports for outgoing connections as well.
-
Set the environment variable GLOBUS_TCP_PORT_RANGE
export GLOBUS_TCP_PORT_RANGE=min,max
where min,max specify the port range that you have opened for the incoming connections on the firewall. This restricts the listening ports of the GridFTP client to this range. Recommended range is 1000 (e.g., 50000-51000) but it really depends on how much use you expect.
-
If you have a firewall blocking the outgoing connections and you have opened a range of (local) ports, set the environment variable GLOBUS_TCP_SOURCE_RANGE:
export GLOBUS_TCP_SOURCE_RANGE=min,max
where min,max specify the port range that you have opened for the outgoing connections on the firewall. This restricts the GridFTP client to bind to a local port in this range for outbound connections. Recommended range is twice the range used for GLOBUS_TCP_PORT_RANGE, because if parallel TCP streams are used for transfers, the listening port would remain the same for each connection but the connecting port would be different for each connection.
Additional information on Grid Community Toolkit Firewall Requirements is available here.
Configuring security
SSH Security
There is no additional configuration required to use GridFTP in conjunction with SSH.
GSI Security
In order to use GSI security for the transfers, you need to obtain and install a user certificate from a certificate authority trusted by the GridFTP servers that you wish to move data in and out of, and configure the client to trust the certificate authority that signed the certificates of the GridFTP server(s)
Basic procedure for using globus-url-copy
If you just want the "rules of thumb" on getting started (without all
the details), the following options using globus-url-copy
will
normally give acceptable performance:
For a single file transfer:
globus-url-copy -vb -p 4 source_url destination_url
where:
- -vb
-
specifies verbose mode and displays:
-
number of bytes transferred,
-
performance since the last update (currently every 5 seconds), and
-
average performance for the whole transfer.
-
- -p
-
Specifies the number of parallel data connections that should be used. This is one of the most commonly used options.
For a directory transfer:
globus-url-copy -vb -p 4 -r -cd - cc 4 source_url destination_url
where:
- -cc
-
Specifies the number of concurrent FTP connections to use for multiple transfers.
- -cd
-
Creates destination directories, if needed.
- -r
-
Copies files in subdirectories.
The source/destination URLs will normally be one of the following:
-
file:///path/to/my/file if you are accessing a file on a file system accessible by the host on which you are running your client.
-
gsiftp://hostname/path/to/remote/file if you are accessing a file from a GridFTP server.
Uploading files to a server
One of the most basic tasks in GridFTP is to "put" files, i.e., moving a
file from your file system to the server. So for example, if you want to
move the file /tmp/foo
from a file system accessible to the host on
which you are running your client to a file name from a file system
accessible to the host on which you are running your client to a file
name /tmp/bar
on a host named on a host named
remote.machine.my.edu
running a GridFTP server, you would use this
command: running a GridFTP server, you would use this command:
globus-url-copy -vb -p 4 file:///tmp/foo gsiftp://remote.machine.my.edu/tmp/bar
Note
|
In theory, |
Downloading files from a server
A get, i.e, moving a file from a server to your file system, would just reverse the source and destination URLs:
Tip
|
Remember file: always refers to your file system. |
globus-url-copy -vb -p 4 gsiftp://remote.machine.my.edu/tmp/bar file:///tmp/foo
Third party transfers between two remote servers
Finally, if you want to move a file between two GridFTP servers (a third
party transfer), both URLs would use gsiftp:
as the protocol: as the
protocol:
globus-url-copy -vb -p 4 gsiftp://other.machine.my.edu/tmp/foo gsiftp://remote.machine.my.edu/tmp/bar
For more information
If you want more information and details on URLs and the command line options, the GCT 6.2 GridFTP Key Concepts gives basic definitions and an overview of the GridFTP protocol as well as our implementation of it.
Using standard FTP clients with GridFTP server
You can use any standard FTP client to communicate with the GridFTP server in the following cases:
-
GridFTP server is configured to allow anonymous access or username/password based authentication. Note that this method is not secure but if the data on the GridFTP server is world readable or if the GridFTP server is accessible only to the clients on a trusted internal network, the GridFTP server may be configured to allow anonymous access or username/password based authentication
-
Your local system administrator has installed "GridFTP Where There is FTP (GWTFTP)", which acts as a proxy between standard FTP clients and GridFTP servers. More information on GWTFTP is available at GridFTP Where There Is FTP (GWTFTP).
Advanced Features
Failures and retries
To retry a transfer after a server or network failure, use the -rst option. To store the untransferred urls for restarting the transfer after a client failure, use the -df option. More information about these options is available here.
For example, globus-url-copy
can be invoked in a loop for long
running transfers, as shown in the script below:
#!/bin/sh STATEFILE=/path/to/statefile; while [ ! -e $STATEFILE -o -s $STATEFILE ]; do globus-url-copy -rst -p 4 -cc 4 -cd -vb -r -df $STATEFILE gsiftp://srchost/srcdirpath/ gsiftp://dsthost/dstdirpath/; sleep 10; done;
Load Balancing
When there are multiple GridFTP servers avalibale at endpoints, -af option allows concurrent transfers to be spread across multiple GridFTP servers rather than multiple connections to a single GridFTP server.
For example, globus-url-copy
can be invoked as shown below:
globus-url-copy -cc 4 -af /tmp/alias-file -f /tmp/xfer-file
Contents of /tmp/alias-file look something like this:
@source gridftp1.source-cluster.org gridftp2.source-cluster.org @destination gridftp1.destination-cluster.org gridftp2.destination-cluster.org gridftp3.destination-cluster.org gridftp4.destination-cluster.org
Note
|
Each line should either be an alias (noted with the @ symbol), or a hostname[:port]. Currently, only the aliases @source and @destination are valid, and they are used for every source or destination url. |
Contents of /tmp/xfer-file look something like this:
gsiftp:///tmp/x1 gsiftp:///tmp/x1 gsiftp:///tmp/x2 gsiftp:///tmp/x2 gsiftp:///tmp/x3 gsiftp:///tmp/x3 gsiftp:///tmp/x4 gsiftp:///tmp/x4
Note
|
The host part in the url is ignored. |
In the above example, the following transfers will happen concurrently:
gsiftp://gridftp1.source-cluster.org/tmp/x1 gsiftp://gridftp1.destination-cluster.org/tmp/x1 gsiftp://gridftp2.source-cluster.org/tmp/x2 gsiftp://gridftp2.destination-cluster.org/tmp/x2 gsiftp://gridftp1.source-cluster.org/tmp/x3 gsiftp://gridftp3.destination-cluster.org/tmp/x3 gsiftp://gridftp2.source-cluster.org/tmp/x4 gsiftp://gridftp4.destination-cluster.org/tmp/x4
Using UDT as an alternative transport protocol for TCP
UDT is an application-level protocol that uses UDP for data transport. It addresses some of the limitations of TCP in high-bandwidth and high-delay networks and achieves better performance than TCP on those networks. To use UDT as the underlying transport protocol for the GridFTP transfers, use the -udt option.
Note
|
Note: In order to use this for a third-party transfer, the server must
be configured to
enable UDT. In
order to use this for a client-server transfer, you need to enable
multi-threading in |
Encryption and Integrity protection
The data channel is authenticated by default. Integrity protection and encryption are optional. To integrity protect the data, use the -dcsafe option. For encrypted data transfer, use the -dcpriv option.
Striping
The striping functionality enables one to use a set of computers at both ends of a network to transfer data. At both the source and destination ends, the computers need to have a shared file system so that the dataset is accessible from any computer.
This feature is especially useful in configurations where individual nodes at the source and destination clusters have significantly less network capacity when compared to the network capacity available between the clusters. An example would be clusters with the individual nodes connected by 1 Gbit/s Ethernet connections to a switch that is itself connected to the external network at 10 Gbit/s or faster.
To perform striped data movement, use the -stripe option.
Note
|
This option is useful only if the server is configured for striped data movement. |
Experimental Features
Multicasting
To transfer a single file to many destinations in a multicast/broadcast, use the new -mc option.
Note
|
To use this option, the admin must enable multicasting. Click here for more information. |
Warning
|
This option is EXPERIMENTAL |
globus-url-copy -vb -p 4 -mc filename source_url
The filename must contain a line-separated list of destination urls. For example:
gsiftp://localhost:5000/home/user/tst1 gsiftp://localhost:5000/home/user/tst3 gsiftp://localhost:5000/home/user/tst4
For more flexibility, you can also specify a single destination url on the command line in addition to the urls in the file. Examples are:
globus-url-copy -MC multicast.file gsiftp://localhost/home/user/src_file
or
globus-url-copy -MC multicast.file gsiftp://localhost/home/user/src_file gsiftp://localhost/home/user/dest_file1
Advanced multicasting options
Along with specifying the list of destination urls in a file, a set of
options for each url can be specified. This is done by appending a ?
to the resource string in the url followed by semicolon-separated key
value pairs. For example:
gsiftp://dst1.domain.com:5000/home/user/tst1?cc=1;tcpbs=10M;P=4
This indicates that the receiving host dst1.domain.com
will use 4
parallel stream, a tcp buffer size of 10 MB, and will select 1 host when
forwarding on data blocks. This url is specified in the will use 4
parallel stream, a tcp buffer size of 10 MB, and will select 1 host when
forwarding on data blocks. This url is specified in the -mc file as
described above.
The following is a list of key=value options and their meanings:
- P=integer
-
The number of parallel streams this node will use when forwarding.
- cc=integer
-
The number of urls to which this node will forward data.
- tcpbs=formatted integer
-
The TCP buffer size this node will use when forwarding.
- urls=string list
-
The list of urls that must be children of this node when the spanning tree is complete.
- local_write=boolean: y|n
-
Determines if this data will be written to a local disk, or just forwarded on to the next hop. This is explained more in the Network Overlay section.
- subject=string
-
The DN name to expect from the servers this node is connecting to.
Network Overlay
In addition to allowing multicast, function also allows for creating user-defined network routes.
If the local_write option is set to n
, then no data will be
written to the local disk, the data will only be forwarded on.
If the local_write option is set to n
and is used with the cc=1
option, the data will be forwarded on to exactly one location.
This allows the user to create a network overlay of data hops using each GridFTP server as a router to the ultimate destination.
Bottleneck detection
To determine whether the disk or the network is the bottleneck for the file transfer, use the -nlb option. This option uses NetLogger to estimate speeds of disk and network read/write system calls, and attempt to determine the bottleneck component.
Note
|
In order to use this, the server must be configured to enable netlogger bottleneck detection. |
Example:
globus-url-copy -p 2 -nlb -vb gsiftp://host1:port/path/myfile gsiftp://host2:port/path/myfile
This will output something like the following:
Total instantaneous throughput: disk read = 17022.2 Mbits/s disk write = 26630.8 Mbits/s net read = 509.0 Mbits/s net write = 1053.4 Mbits/s Bottleneck: network
GridFTP Client Tools
GLOBUS-URL-COPY(1)
NAME
globus-url-copy - globus-url-copy
SYNOPSIS
globus-url-copy [options] SOURCE-URL DESTINATION-URL
DESCRIPTION
The globus-url-copy program is a command line tool for multi-protocol data movement. It supports gsiftp:// (GridFTP), ftp://, http://, https://, sshftp:// and file:/// protocol specifiers in the URL.
OPTIONS
- -help, -usage
-
Print help.
- -versions
-
Print the versions of all modules that this program uses
- -c, -continue-on-error
-
Do not die after any errors. By default, program will exit after most errors.
- -a, -ascii
-
Convert the file to/from ASCII format to/from local file format
- -b, -binary
-
Do not apply any conversion to the files. default
- -f FILENAME
-
Read a list of URL pairs from filename. Each line should contain sourceURL destURL. Enclose URLs with spaces in double qoutes ("). Blank lines and lines beginning with # will be ignored.
- -cd, -create-dest
-
Create destination directory if needed.
- -r
-
Copy files in subdirectories
- -fast
-
Recommended when using GridFTP servers. Use MODE E for all data transfers, including reusing data channels between list and transfer operations.
- -t SECONDS
-
Run the transfer for this number of seconds and then end. Useful for performance testing or forced restart loops.
- -q, -quiet
-
Suppress all output for successful operation.
- -v, -verbose
-
Display URLs being transferred
- -vb, -verbose-perf
-
During the transfer, display the number of bytes transferred and the transfer rate per second. Show URLs being transferred
- -dbg, -debugftp
-
Debug ftp connections. Prints control channel communication to stderr
- -rst, -restart
-
Restart failed ftp operations.
- -rst-retries RETRIES
-
The maximum number of times to retry the operation before giving up on the transfer. Use 0 for infinite. Default is 5.
- -rst-interval SECONDS
-
The interval in seconds to wait after a failure before retrying the transfer. Use 0 for an exponential backoff. Default is 0.
- -rst-timeout SECONDS
-
Maximum time after a failure to keep retrying. Use 0 for no timeout. Default is 0.
- -stall-timeout SECONDS, -st SECONDS
-
How long before cancelling/restarting a transfer with no data movement. Set to 0 to disable. Default is 600 seconds.
- -df FILENAME, -dumpfile FILENAME
-
Path to a file where untransferred URLs will be saved for later restarting. Resulting file is the same format as the -f input file. If file exists, it will be read and all other URL input will be ignored.
- -do FILENAME, -dump-only FILENAME
-
Perform no write operations on the destination. Instead, all files that would be transferred are enumerated and dumped to the specified file. Resulting file is the same format as the -f input file. Note: if you intend to use this file as input for a future transfer, the -create-dest option will be required if any destination directories do not already exist.
- -rp, -relative-paths
-
The path portion of ftp URLs will be interpreted as relative to the user’s starting directory on the server. By default, all paths are root-relative. When this flag is set, the path portion of the ftp URL must start with %2F if it designates a root-relative path.
- -s SUBJECT, -subject SUBJECT
-
Use this subject to match with both the source and dest servers.
- -ss SUBJECT, -source-subject SUBJECT
-
Use this subject to match with the source server
- -ds SUBJECT, -dest-subject SUBJECT
-
Use this subject to match with the destination server.
- -tcp-bs SIZE, -tcp-buffer-size SIZE
-
Specify the size (in bytes) of the buffer to be used by the underlying ftp data channels.
- -bs block SIZE, -block-size block SIZE
-
Specify the size (in bytes) of the buffer to be used by the underlying transfer methods.
- -p PARALLELISM, -parallel PARALLELISM
-
Specify the number of parallel data connections should be used.
- -notpt, -no-third-party-transfers
-
Turn third-party transfers off (on by default).
- -nodcau, -no-data-channel-authentication
-
Turn off data channel authentication for ftp transfers.
- -dcsafe, -data-channel-safe
-
Set data channel protection mode to SAFE
- -dcpriv, -data-channel-private
-
Set data channel protection mode to PRIVATE
Warning
|
Despite having -dcpriv in its command line globus-url-copy will silently fall back to an unencryted data channel when connected to a server that does not support data channel encryption (e.g. dCache)! |
- -off, -partial-offset
-
Offset for partial ftp file transfers, defaults to 0.
- -len, -partial-length
-
Length for partial ftp file transfers, used only for the source url, defaults the full file.
- -list URL
-
List the files located at URL.
- -stripe
-
Enable striped transfers on supported servers.
- -striped-block-size, -sbs
-
Set layout mode and block size for striped transfers. If not set, server defaults will be used. If set to 0, Partitioned mode will be used. If set to > 0, Blocked mode will be used, with this as the block size.
- -ipv6
-
Use ipv6 when available (EXPERIMENTAL)
- -udt
-
Use UDT, a reliable udp based transport protocol, for data transfers
- -g2, -gridftp2
-
Use GridFTP v2 protocol enhancements when possible.
- -dp, -delayed-pasv
-
Enable delayed passive.
- -mn NAME, -module-name NAME
-
Set the back-end storage module to use for both the source and destination in a GridFTP transfer.
- -mp PARAMETERS, -module-parameters PARAMETERS
-
Set the back-end storage module arguments to use for both the source and destination in a GridFTP transfer.
- -smn NAME, -src-module-name NAME
-
Set the back-end storage module to use for the source in a GridFTP transfer.
- -smp PARAMETERS, -src-module-parameters PARAMETERS
-
Set the back-end storage module arguments to use for the source in a GridFTP transfer.
- -dmn NAME, -dst-module-name NAME
-
Set the back-end storage module to use for the destination in a GridFTP transfer.
- -dmp PARAMETERS, -dst-module-parameters PARAMETERS
-
Set the back-end storage module arguments to use for the destination in a GridFTP transfer.
- -aa FILE, -authz-assert FILE
-
Use the assertions in FILE to authorize the access with both source and destination servers.
- -saa FILE, -src-authz-assert FILE
-
Use the assertions in this file to authorize the access with source server.
- -daa FILE, -dst-authz-assert FILE
-
Use the assertions in this file to authorize the access with dest server.
- -cache-aa, -cache-authz-assert
-
Cache the authz assertion for subsequent transfers.
- -cache-saa, -cache-src-authz-assert
-
Cache the src authz assertion for subsequent transfers.
- -cache-daa, -cache-dst-authz-assert
-
Cache the dst authz assertion for subsequent transfers.
- -pipeline, -pp
-
Enable pipelining support for multi-file ftp transfers. Currently third-party transfers benefit from this. EXPERIMENTAL
- -concurrency, -cc
-
Number of concurrent ftp connections to use for multiple transfers.
- -nl-bottleneck, -nlb
-
Use NetLogger to estimate speeds of disk and network read/write system calls, and attempt to determine the bottleneck component.
- -sp COMMANDS, -src-pipe COMMANDS
-
Set the source end of a remote transfer to use piped in input with the given command line. Do not use with -fsstack.
- -DP COMMANDS, -dst-pipe COMMANDS
-
Set the destination end of a remote transfer to write data to then standard input of the program run via the given command line. Do not use with -fsstack.
- -pipe COMMANDS
-
Sets both -src-pipe and -dst-pipe to the same thing.
- -dcstack STACK, -data-channel-stack STACK
-
Set the XIO driver stack for the network on both the source and the destination. Both must be GridFTP servers. The stack should contain all network drivers to use, in the order specified from bottom to top (e.g. -dcstack tcp,gsi). If the gsi driver is not included in the stack and data channel authentication is enabled, it will be inserted above the transport driver in the stack.
- -fsstack STACK, -file-system-stack STACK
-
Set the XIO driver stack for the disk on both the source and the destination. Both must be GridFTP servers. The stack should contain all file system drivers to use, in the order specified from bottom to top.
- -src-dcstack STACK, -source-data-channel-stack STACK
-
Set the XIO driver stack for the network on the source GridFTP server. See -dcstack above for description of the STACK string.
- -src-fsstack STACK, -source-file-system-stack STACK
-
Set the XIO driver stack for the disk on the source GridFTP server. See -fsstack above for description of the STACK string.
- -dst-dcstack STACK, -dest-data-channel-stack STACK
-
Set the XIO driver stack for the network on the destination GridFTP server. See -dcstack above for description of the STACK string.
- -dst-fsstack STACK, -dest-file-system-stack STACK
-
Set the XIO driver stack for the disk on the destination GridFTP server. See -fsstack above for description of the STACK string.
- -cred PATH
-
Set the credentials to use for both ftp connections.
- -src-cred CRED-FILE, -sc CRED-FILE
-
Set the credentials to use for source ftp connections.
- -dst-cred CRED-FILE, -dc CRED-FILE
-
Set the credentials to use for destination ftp connections.
- -af FILENAME, -alias-file FILENAME
-
File with mapping of logical host aliases to lists of physical hosts. When used with multiple concurrent connections, each connection uses the next host in the list. Each line should either be an alias, noted with the @ symbol, or a hostname[:port]. Currently, only the aliases @source and @destination are valid, and they are used for every source or destination URL.
- -sync
-
Only transfer files where the destination does not exist or differs from the source. -sync-level controls how to determine if files differ.
- -sync-level number
-
Criteria for determining if files differ when performing a sync transfer. The default sync level is 2. The available levels are:
-
Level 0 will only transfer if the destination does not exist.
-
Level 1 will transfer if the size of the destination does not match the size of the source.
-
Level 2 will transfer if the time stamp of the destination is older than the time stamp of the source.
-
Level 3 will perform a checksum of the source and destination and transfer if the checksums do not match.
-
AUTHOR
Copyright © 1999-2014 University of Chicago
Interactive clients for GridFTP
The Grid Community Toolkit does not contain an interactive client for GridFTP. Any normal FTP client will work with a GridFTP server, but it cannot take advantage of the advanced features of GridFTP. The interactive clients listed below take advantage of the advanced features of GridFTP.
There is no endorsement implied by their presence here. We make no assertion as to the quality or appropriateness of these tools, we simply provide this for your convenience. We will not answer questions, accept bugs, or in any way shape or form be responsible for these tools, although they should have mechanisms of their own for such things.
UberFTP was developed at the NCSA under the auspices of NMI and TeraGrid:
Graphical User Interface
Globus Online
Grid Community Toolkit does not provide a client with Graphical User Interface (GUI) but Globus Service provides a web GUI for GridFTP data movement. It has the following features: * With a one-click Globus Connect Personal installed on your local system, you can browse the local file system and transfer files and directories between the local system and remote GridFTP servers and between two remote GridFTP servers (third-party transfers). * Supports file system operations such as creating, deleting and renaming files and directories.
Supported Platforms: * Windows * Linux * Mac
Troubleshooting
If you are having problems using the GridFTP server, try the steps listed below. If you have an error, try checking the server logs if you have access to them. By default, the server logs to stderr, unless it is running from inetd, or its execution mode is detached, in which case logging is disabled by default.
The command line options -d , -log-level, -L and -logdir can affect where logs will be written, as can the configuration file options log_single and log_unique. See globus-gridftp-server for more information on these and other configuration options.
Error Codes in GridFTP
Error Code | Definition | Possible Solutions |
---|---|---|
|
This error message indicates that the GridFTP server doesn’t trust the certificate authority (CA) that issued your certificate. |
You need to ask the GridFTP server administrator to install your CA certificate chain in the GridFTP server’s trusted certificates directory. |
|
This error message indicates that your local system doesn’t trust the certificate authority (CA) that issued the certificate on the resource you are connecting to. |
You need to ask the resource administrator which CA issued their certificate and install the CA certificate in the local trusted certificates directory. |
|
This error message indicates one of the following: Certificate Revocation List (CRL) for the source or destination server CA at the client has expired or CRL for client CA has expired at source or destination server or CRL for source (destination) server CA has expired at destination (source) server. CRL is a file {CA_hash}.r0 in /etc/grid-security/certificates or ${USER_HOME}/.globus/certificates or ${X509_CERT_DIR} |
The tool available at http://dist.eugridpma.info/distribution/util/fetch-crl/ can be run in a crontab to keep the CRLs up to date. |
Establish control channel connection
Verify that you can establish a control channel connection and that the server has started successfully by telnetting to the port on which the server is running:
% telnet localhost 2811 Trying 127.0.0.1... Connected to localhost. Escape character is '^]'. 220 GridFTP Server mldev.mcs.anl.gov 2.0 (gcc32dbg, 1113865414-1) ready.
If you see anything other than a 220 banner such as the one above, the server has not started correctly.
Verify that there are no configuration files being unexpectedly loaded from /etc/grid-security/gridftp.conf or $GLOBUS_LOCATION/etc/gridftp.conf. If those files exist, and you did not intend for them to be used, rename them to .save, or specify -c none on the command line and try again.
If you can log into the machine where the server is, try running the server from the command line with only the -s option:
$GLOBUS_LOCATION/sbin/globus-gridftp-server -s
The server will print the port it is listening on:
Server listening at gridftp.mcs.anl.gov:57764
Now try and telnet to that port. If you still do not get the banner listed above, something is preventing the socket connection. Check firewalls, tcp-wrapper, etc.
If you now get a correct banner, add -p 2811 (you will have to disable (x)inetd on port 2811 if you are using them or you will get port already in use):
$GLOBUS_LOCATION/sbin/globus-gridftp-server -s -p 2811
Now telnet to port 2811. If this does not work, something is blocking port 2811. Check firewalls, tcp-wrapper, etc.
If this works correctly then re-enable your normal server, but remove all options but -i, -s, or -S.
Now telnet to port 2811. If this does not work, something is wrong with your service configuration. Check /etc/services and (x)inetd config, have (x)inetd restarted, etc.
If this works, begin adding options back one at a time, verifying that you can telnet to the server after each option is added. Continue this till you find the problem or get all the options you want.
At this point, you can establish a control connection. Now try running globus-url-copy.
Try running globus-url-copy
Once you’ve verified that you can establish a control connection, try to make a transfer using globus-url-copy.
If you are doing a client/server transfer (one of your URLs has
file:
in it) then try: in it) then try:
globus-url-copy -vb -dbg gsiftp://host.server.running.on/dev/zero file:///dev/null
This will run until you control-c the transfer. If that works, reverse the direction:
globus-url-copy -vb -dbg file:///dev/zero gsiftp://host.server.running.on/dev/null
Again, this will run until you control-c the transfer.
If you are doing a third party transfer, run this command:
globus-url-copy -vb -dbg gsiftp://host.server1.on/dev/zero gsiftp://host.server2.on/dev/null
Again, this will run until you control-c the transfer.
If the above transfers work, try your transfer again. If it fails, you likely have some sort of file permissions problem, typo in a file name, etc.
If your server starts…
If the server has started correctly, and your problem is with a security failure or gridmap lookup failure, verify that you have security configured properly here.
If the server is running and your client successfully authenticates but has a problem at some other time during the session, please ask for help on [email protected]. When you send mail or submit bugs, please always include as much of the following information as possible:
-
Specs on all hosts involved (OS, processor, RAM, etc).
-
globus-url-copy -version
-
globus-url-copy -versions
-
Output from the telnet test above.
-
The actual command line you ran with -dbg added. Don’t worry if the output gets long.
-
Check that you are getting a FQDN and /etc/hosts that is sane.
-
The server configuration and setup (/etc/services entries, (x)inetd configs, etc.).
-
Any relevant lines from the server logs (not the entire log please).
High latency for GridFTP server connections
If you run GridFTP servers via Xinetd and notice high latency for
connections and/or transfers, check if /etc/xinetd.conf
or the
gsiftp service configuration inside or the gsiftp service configuration
inside /etc/xinetd.d
is set to log USERID as follows: is set to log
USERID as follows:
log_on_success += USERID log_on_failure += USERID
Such a configuration tells Xinetd to log the remote user using the method defined in RFC 1413, which causes an ident client to attempt to query the machine that the connection is coming from before the service will run. Even when this succeeds, the response can’t be trusted, and more often than not it is rejected or simply dropped (which results in the longest delays) by the remote firewall.
Latency can be reduced by making sure Xinetd does not log the USERID.
Usage statistics collection by the Globus Alliance
GridFTP-specific usage statistics
The following GridFTP-specific usage statistics are sent in a UDP packet at the end of each transfer, in addition to the standard header information described in the Usage Stats section.
-
Start time of the transfer
-
End time of the transfer
-
Version string of the server
-
TCP buffer size used for the transfer
-
Block size used for the transfer
-
Total number of bytes transferred
-
Number of parallel streams used for the transfer
-
Number of stripes used for the transfer
-
Type of transfer (STOR, RETR, LIST)
-
FTP response code — Success or failure of the transfer
Note
|
The client (globus-url-copy) does NOT send any data. It is the servers that send the usage statistics. |
We have made a concerted effort to collect only data that is not too intrusive or private and yet still provides us with information that will help improve and gauge the usage of the GridFTP server. Nevertheless, if you wish to disable this feature for GridFTP only, use the -disable-usage-stats option of globus-gridftp-server. Note that you can disable transmission of usage statistics globally for all C components by setting "GLOBUS_USAGE_OPTOUT=1" in your environment.
Also, please see our policy statement on the collection of usage statistics.