Last Updated: May 12, 2016

Note:This page refers to the current Globus CLI which is accessed via SSH. We have a new CLI, which is a locally installed program and now available in Beta.

This guide provides a brief introduction to the Globus command-line interface (CLI). Additional CLI features are discussed in CLI: Beyond the Basics.


Prerequisites

To use the CLI you must have a Globus account with ssh access enabled. To enable your account for ssh access you must add your ssh public key to your Globus account by visiting the Manage Identities page and clicking "add linked identity", followed by "Add SSH Public Key". If you do not have an ssh key, follow the directions here to create one.

CLI Structure

There is no need to install custom client software. CLI users interact with Globus via a secure shell. The general structure of a CLI request is:

$ ssh <username>@cli.globusonline.org <command> <options> <params>

where: <username> is your Globus user name, <command> is the Globus command to execute, <options> are the options available for <command>, and <params> are the parameters passed to <command>. If desired, gsissh can be used in place of ssh.

File Transfer

The Globus transfer service provides the transfer command for moving files.

All Globus accounts are provisioned with two endpoints for exploratory use, so as soon as you have an account you should be able to transfer /share/godata/file1.txt from endpoint go#ep1 to your home directory on go#ep2, as shown below by user demodoc:

$ ssh demodoc@cli.globusonline.org transfer -- go#ep1/share/godata/file1.txt go#ep2/~/myfile.txt
Task ID: 9be793ca-5983-12e6-c030-22100b92c261
$ ssh demodoc@cli.globusonline.org status 9be793ca-5983-12e6-c030-22100b92c261
Task ID     : 9be793ca-5983-12e6-c030-22100b92c261
Request Time: 2016-10-03 16:08:23Z
Command     : transfer -- go#ep1/share/godata/file1.txt go#ep2/~/myfile.txt
Label       : n/a
Status      : SUCCEEDED
$ ssh demodoc@cli.globusonline.org ls go#ep2/~/
myfile.txt

Online Help

You can execute the help command to view the current Globus CLI command set:

$ ssh demodoc@cli.globusonline.org help
Type '<command> -h' for basic help on a command.
Type 'man <command>' for detailed help.

Task Management        Endpoint Management         Other
---------------        -------------------         -----
cancel                 acl-add                     echo
details                acl-list                    help
events                 acl-remove                  history
modify                 bookmark-add                identity-details
status                 bookmark-list               man
wait                   bookmark-remove             profile
                       endpoint-activate
Task Creation          endpoint-add
-------------          endpoint-deactivate
delete                 endpoint-details
rm                     endpoint-modify
transfer               endpoint-remove
                       endpoint-rename
File Management        endpoint-role-add
---------------        endpoint-role-list
ls                     endpoint-role-remove
mkdir                  endpoint-search
rename                 server-add
                       server-list
                       server-remove

In addition, <command> -h displays a command syntax summary and man <command> displays the command’s manual page.

Endpoint Activation

Activation is a Globus endpoint user authentication mechanism; it enables endpoint owners to determine who is transferring files. Transfers will only proceed when both the source and destination endpoints are activated. You can practice by activating the Globus endpoints:

$ ssh demodoc@cli.globusonline.org endpoint-activate go#ep1
$ ssh demodoc@cli.globusonline.org endpoint-activate go#ep2

In the following example user demodoc activates NERSC endpoints using the ssh -t option to prevent the passphrase from being echoed to stdout. Activation gives you authorization to the endpoint itself, but you still need to be authorized (have permissions) to the given resources on an endpoint before you can access them through Globus. Being authorized to access an endpoint is separate from being further authorized to access specific resources on and endpoint. Access to a given endpoint is entirely within the endpoint owner’s control, so you must contact owners directly to obtain permission to use their endpoints.

$ ssh -t demodoc@cli.globusonline.org endpoint-activate nersc#carver
Myproxy activation for endpoint: 'nersc#carver'
Using Myproxy server: 'nerscca.nersc.gov'
Enter username (Default: 'demodoc'):
Enter password:
Connection to cli.globusonline.org closed.
$ ssh -t demodoc@cli.globusonline.org endpoint-activate nersc#hopper
Myproxy activation for endpoint: 'nersc#hopper'
Using Myproxy server: 'nerscca.nersc.gov'
Enter username (Default: 'demodoc'):
Enter password:
Connection to cli.globusonline.org closed.

Because 'carver' and 'hopper' have been activated using NERSC credentials, and the 'carver' and 'hopper' owners have authorized the user to access their endpoints, demodoc is able to transfer a file:

$ ssh demodoc@cli.globusonline.org transfer -- nersc#carver/share/godata/file1.txt nersc#hopper/~/myfile.txt
Task ID: 6356aa16-ed20-11df-aa30-1231350018b1

Now, user demodoc activates the XSEDE endpoint 'stampede'. The endpoint owner requires that the user go to the XSEDE OAuth service so that the user’s password does not flow through Globus. This requires copying the URL shown in the terminal window to a web browser and following the prompts. Once the user has authenticated on XSEDE’s OAuth server, a confirmation message is displayed in the terminal:

$ ssh -t demodoc@cli.globusonline.org endpoint-activate xsede#stampede
*** Please use this URL to activate the endpoint(s) ***
https://www.globusonline.org/activate?ep=xsede%23stampede
*** Waiting... Press CTRL-C to cancel ***
*** Credential Received! ***
Connection to cli.globusonline.org closed.

An endpoint can also be activated using gsissh:

$ gsissh demodoc@cli.globusonline.org endpoint-activate -g ci#pads
Credential Subject : /DC=org/DC=doegrids/OU=People/CN=Demo Docuser 595766/CN=576965990/CN=436543765
Credential Time Left: 11:59:54
Activating 'ci#pads'

Endpoints can also be activated inline by specifying the -g option with the transfer command.


© 2010- The University of Chicago Legal