globus-connect-server collection domain update - Set the domain name and certificate on a Globus Connect Server collection (new in v5.4.13)
The globus-connect-server collection domain update command updates the domain name, certificate, and private key used by the collection.
In order to use this command, one of your Globus identities must have an
owner role on the endpoint.
By default, Globus Connect Server uses a Globus-operated DNS service to provide DNS names to access collections and the Globus Connect Server management API. These names are randomly issued subdomains of the data.globus.org domain.
The globus-connect-server collection domain update command configures the domain and certificate used by a collection to be one that the administrator controls. The domain may be a wildcard or standard A or AAAA record. The certificate and key may be either managed or unmanaged by Globus.
When using this feature, Globus Connect Server allows any DNS domain name that the
administrator controls to serve the Globus services for your collection. These
names may be
CNAME records, as is suitable for the
DOMAIN option to this command sets the domain
name for the collection.
The domain name used by the collection can be set to either be a wildcard or non-wildcard domain. This setting affects what DNS name other related collections on the endpoint will have.
The default for the collection is to assume the domain not a wildcard. In this case, all collections created on the collection will use the subdomains of the data.globus.org domain created during endpoint setup.
The --wildcard flag to this command makes Globus Connect Server treat the domain name as a wildcard.
If the collection is configured with a wildcard domain, then all collections created on the collection will use subdomains of that wildcard domain unless they are themselves configured to use their own custom domain.
This means, for example, that if you configure your collection to use the wildcard domain globus-data.example.org, then a mapped collection may be automatically issued a name like m-766bd244.globus-data.example.org.
Globus Connect Server requires certificates and keys to match the domain name (including wildcard domain property).
PRIVATE_KEY command-line parameters set the
certificate and private key path. If additional certificates are needed by clients
to validate the certificate, they can be set using the
parameter. The contents of these files must be PEM-encoded.
Globus Connect Server can optionally manage synchronizing changes to the certificate and key files between data transfer nodes. This is enabled by passing the --managed command line option.
When this is enabled, the certificate chain and key are encrypted and synchronized between data transfer nodes along with other configuration data.
If this is not enabled, only the paths to the certificate and key files are synchronized. These files must exist on each data transfer node in order for the Globus services to function properly.
- -h, --help
Show help message and exit.
Show the version and exit.
- --use-explicit-host IP_ADDRESS (new in 5.4.23)
IP address of the GCS node to use for this request. If not specified, any available GCS node in the endpoint will be used.
- --domain DOMAIN
DNS name to use for this collection
Flag indicating that this is a wildcard domain; if true, all collections on this collection which don’t have custom domains will be subdomains of this domain
- --managed / --unmanaged
If --managed, automatically synchronize certificates and keys between data transfer nodes using Globus services.
- --private-key-path PRIVATE_KEY
Path to a file containing the PEM-encoded private key to use for this domain.
- --certificate-path CERT
Path to a file containing the PEM-encoded X.509 certificate for this domain.
- --certificate-chain-path CHAIN
Path to a file containing the PEM-encoded X.509 certificate chain for this domain.