Using the Command Line Interface (CLI)
Last Updated: May 12, 2016
This guide provides a brief introduction to the Globus command-line interface (CLI). Additional CLI features are discussed in CLI: Beyond the Basics.
To use the CLI you must have a Globus account with ssh access enabled. To enable your account for ssh access you must add your ssh public key to your Globus account by visiting the Manage Identities page and clicking "add linked identity", followed by "Add SSH Public Key". If you do not have an ssh key, follow the directions here to create one.
There is no need to install custom client software. CLI users interact with Globus via a secure shell. The general structure of a CLI request is:
$ ssh <username>@cli.globusonline.org <command> <options> <params>
where: <username> is your Globus user name, <command> is the Globus command to execute, <options> are the options available for <command>, and <params> are the parameters passed to <command>. If desired, gsissh can be used in place of ssh.
The Globus transfer service provides the
transfer command for moving files.
All Globus accounts are provisioned with two endpoints for exploratory use, so as soon as you have an account you should be able to transfer /share/godata/file1.txt from endpoint go#ep1 to your home directory on go#ep2, as shown below by user demodoc:
$ ssh firstname.lastname@example.org transfer -- go#ep1/share/godata/file1.txt go#ep2/~/myfile.txt Task ID: 9be793ca-5983-12e6-c030-22100b92c261 $ ssh email@example.com status 9be793ca-5983-12e6-c030-22100b92c261 Task ID : 9be793ca-5983-12e6-c030-22100b92c261 Request Time: 2016-10-03 16:08:23Z Command : transfer -- go#ep1/share/godata/file1.txt go#ep2/~/myfile.txt Label : n/a Status : SUCCEEDED $ ssh firstname.lastname@example.org ls go#ep2/~/ myfile.txt
You can execute the
help command to view the current Globus CLI command set:
$ ssh email@example.com help Type '<command> -h' for basic help on a command. Type 'man <command>' for detailed help. Task Management Endpoint Management Other --------------- ------------------- ----- cancel acl-add echo details acl-list help events acl-remove history modify bookmark-add identity-details status bookmark-list man wait bookmark-remove profile endpoint-activate Task Creation endpoint-add ------------- endpoint-deactivate delete endpoint-details rm endpoint-modify transfer endpoint-remove endpoint-rename File Management endpoint-role-add --------------- endpoint-role-list ls endpoint-role-remove mkdir endpoint-search rename server-add server-list server-remove
<command> -h displays a command syntax summary and
man <command> displays the command’s manual page.
Activation is a Globus endpoint user authentication mechanism; it enables endpoint owners to determine who is transferring files. Transfers will only proceed when both the source and destination endpoints are activated. You can practice by activating the Globus endpoints:
$ ssh firstname.lastname@example.org endpoint-activate go#ep1 $ ssh email@example.com endpoint-activate go#ep2
In the following example user demodoc activates NERSC endpoints using the
ssh -t option to prevent the passphrase from being echoed to stdout. Activation gives you authorization to the endpoint itself, but you still need to be authorized (have permissions) to the given resources on an endpoint before you can access them through Globus. Being authorized to access an endpoint is separate from being further authorized to access specific resources on and endpoint. Access to a given endpoint is entirely within the endpoint owner’s control, so you must contact owners directly to obtain permission to use their endpoints.
$ ssh -t firstname.lastname@example.org endpoint-activate nersc#carver Myproxy activation for endpoint: 'nersc#carver' Using Myproxy server: 'nerscca.nersc.gov' Enter username (Default: 'demodoc'): Enter password: Connection to cli.globusonline.org closed. $ ssh -t email@example.com endpoint-activate nersc#hopper Myproxy activation for endpoint: 'nersc#hopper' Using Myproxy server: 'nerscca.nersc.gov' Enter username (Default: 'demodoc'): Enter password: Connection to cli.globusonline.org closed.
Because 'carver' and 'hopper' have been activated using NERSC credentials, and the 'carver' and 'hopper' owners have authorized the user to access their endpoints, demodoc is able to transfer a file:
$ ssh firstname.lastname@example.org transfer -- nersc#carver/share/godata/file1.txt nersc#hopper/~/myfile.txt Task ID: 6356aa16-ed20-11df-aa30-1231350018b1
Now, user demodoc activates the XSEDE endpoint 'stampede'. The endpoint owner requires that the user go to the XSEDE OAuth service so that the user’s password does not flow through Globus. This requires copying the URL shown in the terminal window to a web browser and following the prompts. Once the user has authenticated on XSEDE’s OAuth server, a confirmation message is displayed in the terminal:
$ ssh -t email@example.com endpoint-activate xsede#stampede *** Please use this URL to activate the endpoint(s) *** https://www.globusonline.org/activate?ep=xsede%23stampede *** Waiting... Press CTRL-C to cancel *** *** Credential Received! *** Connection to cli.globusonline.org closed.
An endpoint can also be activated using
$ gsissh firstname.lastname@example.org endpoint-activate -g ci#pads Credential Subject : /DC=org/DC=doegrids/OU=People/CN=Demo Docuser 595766/CN=576965990/CN=436543765 Credential Time Left: 11:59:54 Activating 'ci#pads'
Endpoints can also be activated inline by specifying the -g option with the