Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Warning

In order to be able to transfer data to/from an arbitrary external site, the IP(s) of the external endpoint(s) have to be registered as trusted IP(s) by your project in the SuperMUC-NG firewall. If not already done so, please ask the Master User of your project to submit a Service Request to register your IP(s) in the SuperMUC-NG firewall.

...

Code Block
languagetext
https://datagw03.supermuc.lrz.de:9000/rest/auth/DATAGW
https://datagw04.supermuc.lrz.de:9000/rest/auth/DATAGW

which can be both reached via the alias:

Code Block
languagetext
https://datagw.supermuc.lrz.de:9000/rest/auth/DATAGW

Setting up the Client

To transfer files with a client at LRZ on SuperMUC-NG to another site, you need to log in to

...

Code Block
languagetext
module use -a /lrz/sys/share/modules/extfiles
module load uftp-client

For more information on the uftp-client, see the examples below or please refer to https://www.unicore.eu/docstore/uftpclient-1.3.2/uftpclient-manual.html

...

Note

For performance reasons all data transfers are NOT encrypted by default (but authentication is, of course). If you want your transfer to be completely encrypted, use the additional command line argument "-E"  or "--encrypt" in the copy command (see also `uftp "uftp cp --help`help"). But be aware that this can have massive impact on the transfer speed.

...

Code Block
languagetext
Client identity: CN=YOUR_USERNAME_AT_JSC , OU=ssh-local-users
Client auth method: SSHKEY
Auth server type: AuthServer
Server: JUDAC
URL base: https://uftp.fz-juelich.de:9112/UFTP_Auth/rest/auth/JUDAC:
Description: JUDAC
Remote user info: uid=YOUR_USERNAME_AT_JSC ;gid=N/A
Sharing support: enabled
Server status: OK [connected to UFTPD judacsrv.fz-juelich.de:64433]
Server: JUDAC-PRACE
URL base: https://uftp.fz-juelich.de:9112/UFTP_Auth/rest/auth/JUDAC-PRACE:
Description: JUDAC via PRACE Network
Remote user info: uid= YOUR_USERNAME_AT_JSC;gid=N/A
Sharing support: not available
Server status: OK [connected to UFTPD judacsrv.fz-juelich.de:64433]
Note

If you receive a warning like

Code Block
languagetext
WARNING: An illegal reflective access operation has occurred
WARNING: Illegal reflective access by org.bouncycastle.jcajce.provider.drbg.DRBG (file:/dss/dsshome1/lrz/sys/grid/uftp-client-1.3.2/lib/bcprov-jdk15on-1.61.jar) to constructor sun.security.provider.Sun()
WARNING: Please consider reporting this to the maintainers of org.bouncycastle.jcajce.provider.drbg.DRBG
WARNING: Use --illegal-access=warn to enable warnings of further illegal reflective access operations
WARNING: All illegal access operations will be denied in a future release

this can be SAFELY IGNORED and will disappear with never versions.


To To list the contents of a remote directory, use

...

At LRZ copy the contents of ~/.uftp/id_uftp_to_lrz.pub (located at JUDAC) into the file ~/.sshuftp/authorized_keys (located at LRZ) and replace the authentification URL https://uftp.fz-juelich.de:9112/UFTP_Auth/rest/auth/JUDAC with https://datagw03.supermuc.lrz.de:9000/rest/auth/DATAGW or https://datagw04.supermuc.lrz.de:9000/rest/auth/DATAGW, so e.g.

...

Code Block
gsiftp://datagw03.supermuc.lrz.de
gsiftp://datagw04.supermuc.lrz.de

which can be both reached via the alias:

Code Block
gsiftp://datagw.supermuc.lrz.de


Associate your DN from your personal certificate with your LRZ-username

In the following we assume that you successfully obtained your signed certificate as a .p12 file which is called "SignedGridCert.p12". As a next step, you need to extract you your DN (Distingiushed Name) from the certificate. This can be done via

Code Block
languagetext
openssl pkcs12 -in SignedGridCert.p12 -nodes | openssl x509 -noout -subject -nameopt RFC2253 | sed s/"subject="//
Enter Import Password: 
subjectCN=C = DE, O = GridGermany, OU = John Doe,OU=Leibniz-Rechenzentrum, CN = John Doe,O=GridGermany,C=DE

Afterwards, please follow the instructions on https://www.lrz.de/services/compute/grid_en/certificate_en/person-certificate_en/register_cert_en/ to associate your DN with your LRZ-Account.

Until the association becomes valid it may take up to thirty minutes.

...

Please note the reverse order in the DN. From the example above, the DN you need to enter into the IDM portal would be

...

-Account.

Until the association becomes valid it may take up to thirty minutes.

Note

To use GridFTP with HLRS and JSC you also need to associate your DN with your corresponding usernames at these sites. For JSC, this can be done in https://judoor.fz-juelich.de/ under "Change data", for HLRS you need to contact the colleagues directly.

...

Then you need to load the GridFTP module:

Code Block
module use -a /lrz/sys/share/modules/extfiles 
module load gridftp-client

Now you need to generate a proxy certificate with a limited lifetime. This is done via

...

Code Block
globus-url-copy -vb -p 6 gsiftp://datagw03datagw.supermuc.lrz.de/PATH/TO/FILE/AT/LRZ gsiftp://judacsrv.fz-juelich.de/PATH/TO/FILE/AT/JSC

...

Code Block
globus-url-copy -vb -p 6 gsiftp://gridftp-fr1.hww.de:2812/PATH/TO/FILE/AT/HLRS gsiftp://datagw04datagw.supermuc.lrz.de/PATH/TO/FILE/AT/LRZ 

...

Data Transfer to/from PRACE sites

Note

Coming Soon.

...


Beyond Data Transfer: Sharing and Public Access

...