Using GridFTP

Setting Up Your Environment

Mira, Cetus, Vesta, and Cooley

Mira, Cetus, Vesta, and Cooley use softenv for managing your software environment. You may add the GridFTP client utilities to your environment by inserting the keyword +globus in the .soft file in your home directory (.soft.cooley on Cooley). This must be on a single line by itself, and can be placed anywhere in the file except the last line; the last line of the file must always be the keyword @default.

For example, a .soft file consisting of the GridFTP tools and the default environment would look like this:

+globus
@default

Theta

On Theta, modules is used to manage your software environment. You may add the GridFTP client utilities to your environment by running the following command:

module load globus

Your environment is immediately updated after issuing the above command, but it will only persist for your login session. To permanently add the Globus Toolkit to your environment, you can add the above command to your .bashrc (if your login shell is bash), or .cshrc (if your login shell is csh or tcsh).

Prerequisites for Your Home Site

Trusting the ALCF CA

In order to use your ALCF MyProxy credentials to authenticate to both endpoints involved in your data transfer (i.e., ALCF and your home site), your system administrator may need to add the ALCF Certificate Authority (CA) files to your local GridFTP server's configuration, if this has not already been done.

Download the following tar.gz file containing ALCF CA files: 664c643b.tgz

  • Contents of archive:
    • ALCF CA Cert: 664c643b.0 (MD5 e790018fdae7419c732560a73a399321)
    • ALCF CA Signing Policy: 664c643b.signing_policy (MD5 ac0ed74fcbb8a6610b3c3ec057002057)
  • Your system administrator will need to install the above files on their GridFTP servers in /etc/grid-security/certificates

Information about our CA

ALCF has a local CA for the purpose of generating short-term certificates for GridFTP transactions. In order to perform GridFTP transfers, users must authenticate to the MyProxy server using the one-time password provided by their CryptoCard. The Registration Authority (RA) function for our