Using Dcache to Copy Files (DocBook XML)
The Enstore and dCache User Guide (P00020) Chapter 5: Dcache
Size 33.9 kB - File type text/xmlFile contents
<?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE chapter PUBLIC "-//OASIS//DTD DocBook XML V4.3//EN" "http://www.oasis-open.org/docbook/xml/4.1.2/docbookx.dtd"> <chapter lang="en-US" id="UsingdCacheToCopy"> <title>Using dCache to Copy Files to/from Enstore</title> <para>Whenever a client application needs to talk to the dCache, it has to choose an appropriate door into the system. For each door, there are corresponding utilities for copying files back and forth between your machine and your <filename class="directory">/pnfs/storage-group</filename> area on the machine running dCache. We describe how to use the supported utilities in this chapter.</para> <para>Each dCache server may have multiple doors, thus allowing a variety of access methods. Each door is limited to about 50 simultaneous transfers; more doors can be added as needed. The dCache supports Kerberos V5 for FTP, the dCache native dCap C-API, and GSI FTP.</para> <caution> <para>The dCache server node and the ports documented in this section are subject to change. You can always find the <ulink url="http://www-isd.fnal.gov/enstore/dcache_user_guide.html">current configuration from the web page</ulink>.</para> </caution> <section id="dCacheNativedCap"> <title>dCache-Native dCap</title> <para><firstterm>dCap</firstterm> is a dCache-native access protocol. The dCap client, <application>dccp</application>, is available at the <ulink url="ftp://fnkits.fnal.gov/products/dcap/">KITS ftp site</ulink>. The libdcap library provides POSIX-like open, create, read, write and lseek functions to the dCache storage. In addition there are some specific functions for setting debug level, getting error messages, and binding the library to a network interface. See the <ulink url="http://www-dcache.desy.de/manuals/libdcap.html">dCache manual for usage information</ulink>.</para> </section> <section id="AuthenticationMechanisms"> <title>Authentication Mechanisms</title> <para>There are three authentication mechanisms used for the dcap protocol:</para> <orderedlist> <listitem> <para><link linkend="PlainDcap">Plain</link></para> </listitem> <listitem> <para><link linkend="KerberizedDcap">Kerberos</link></para> </listitem> <listitem> <para><link linkend="X509Dcap">X509</link></para> </listitem> </orderedlist> <para>All three have separate port numbers and separate "setup dcap" qualifiers for the UPS/UPD distribution of dCap. CDF has both kerberized dcap and X.509 dcap.</para> <para>These different qualifiers have to be setup correctly in UPS for this to work though, with a ups listing for each qualifier state. For debugging this issue, the env var DCACHE_IO_TUNNEL should point to the appropriate shared library for the authentication mechanism: a file like libgsstunnnel.so for krb5, libgsitunnel.so for x509, and it should be unset for plain dcap access.</para> <section id="PlainDcap"> <title>Plain dCap</title> <para>Plain dCap is strictly limited to fnal.gov domain access only. It uses uid/gid permissions on files in PNFS. Plain dcap is not the same as weakly-authenticated FTP, as it does allow write access as one's uid/gid permits. On FNDCA1, plain dcap is available on fndca1.fnal.gov:24125 and 24136. The UPS setup command reads:</para> <para><userinput>$ setup dcap -q unsecured</userinput></para> </section> <section id="KerberizedDcap"> <title>Kerberized dCap</title> <note> <para>If your dCap door uses Kerberos V5 authentication, you must have a Kerberos principal for the FNAL.GOV realm.</para> </note> <para>Kerberized dcap is available on ports 24725, 24736 to anyone with valid FNAL.GOV kerberos credentials. Install the dCap product on your computer. See the <ulink url="http://www-dcache.desy.de/manuals/dcap_setup.html">dCap Setup Manual</ulink>.</para> <para>The UPS setup command reads simply:</para> <para><userinput>setup dcap</userinput></para> <para>Besides creating a certificate with the "kx509", you have to place the certificate in the correct format and the correct location. Please see <ulink url="http://security.fnal.gov/pki/Get-Personal-DOEGrids-Cert.html#globus"><citetitle pubwork="article">Using Globus tools for submitting grid jobs from Linux/UNIX</citetitle></ulink> for the current suggested means of doing this.</para> </section> </section> <section id="NodesAndPorts"> <title>Nodes and Ports</title> <para>The nodes and ports available for dCap are subject to change; to get a current listing, run the following command, using your storage group (sample output shown for storage group cdfen):</para> <screen>% cat '/pnfs/cdfen/.(config)(dCache)(dcache.conf)' cdfdca1.fnal.gov:25125 cdfdca1.fnal.gov:25136 ... cdfdca2.fnal.gov:25153 cdfdca2.fnal.gov:25154 cdfdca3.fnal.gov:25155 ...</screen> <para>The dCap protocol requires specification of the dCache server host, port number, and domain, in addition to the inclusion of “/usr” ahead of the storage group designation in the PNFS path. Its structure is shown here:</para> <synopsis>dcap://<replaceable>serverHost</replaceable>:<replaceable>port</replaceable>/</pnfs>/<replaceable>storage_group</replaceable>/usr/<replaceable>filePath</replaceable></synopsis> <para>There are supposed to be two slashes inbetween the port number and pnfs (e.g., .. :24124//pnfs/...) but since users frequently just put one slash, we’ve allowed either one or two.</para> <note> <para>If you run any of the following commands (<command>dccp</command>, <command>dc_check</command>, <command>dc_stage</command>) and it fails because the port is unavailable, try the command again with a different port number, or with a different host and port combination.</para> </note> </section> <section id="Dccp"> <title>dccp</title> <para><command>dccp</command>, which is available in the dCap product, provides a cp-like functionality on the pnfs file system. It has the following syntax:</para> <cmdsynopsis> <command>dccp</command> <arg>-d <replaceable>debuglevel</replaceable></arg> <arg>-h <replaceable>relpyHostName</replaceable></arg> <arg>-i</arg> <arg>-S</arg> <sbr /> <arg>-P <arg>-t <replaceable>time</replaceable></arg><arg>-l <replaceable>location</replaceable></arg></arg> <arg>-b <replaceable>read-ahead bufferSize</replaceable></arg> <sbr /> <arg>-B <replaceable>bufferSize</replaceable></arg> <arg>-u</arg> <arg>-w</arg> <arg>-p <replaceable>first-port</replaceable><arg>:last-port</arg></arg> <sbr /> <arg>-T <replaceable>IO tunnel plugin</replaceable></arg> <arg choice="req"><replaceable>source</replaceable></arg> <arg><replaceable>destination</replaceable></arg> </cmdsynopsis> <para>See the <citetitle pubwork="book">dCache Manual</citetitle> for more on <ulink url="http://www-dcache.desy.de/manuals/dccp.html">options and command usage</ulink>.</para> </section> <section id="Dc_stage"> <title>dc_stage</title> <para><command>dc_stage</command> prestages the request; for read requests only. It is particularly useful when you’d like to grab the file quickly from the dCache when you’re ready for it. Use this with the <option>-t</option> option to set an interval of time between the download to the dCache and the download from the dCache to your local system. If <option>-t</option> is not used, the default interval is zero.</para> <cmdsynopsis> <command>dc_stage</command> <arg>-t <replaceable>number of seconds</replaceable><arg choice="req"><replaceable>source</replaceable></arg><arg><replaceable>destination</replaceable></arg></arg> </cmdsynopsis> </section> <section id="Dc_check"> <title>dc_check</title> <para>The <command>dc_check</command> command checks if a file is on disk in the <filename>dCache.dc_check</filename> file</para> </section> <section> <title>PNFS Not Mounted Locally: Syntax and Examples</title> <para>If PNFS is not mounted locally (the general case), you’ll have to supply the protocol, node, port, and pnfs directory for the remote location (the “source” on reads, and the “destination” on writes).</para> <section id="RequestingAWriteToEnstore"> <title>Requesting a write to Enstore</title> <screen>% dccp path/to/local/file \ dcap://<serverHost>:<port>///pnfs/fnal.gov/usr/ <storage_group>/<filePath> </screen> </section> <section id="RequestingAWriteFromLocal"> <title>Requesting a write from your local /tmp directory</title> <screen>% dccp /tmp/myfile \ dcap://cdfdca1.fnal.gov:25140//pnfs/fnal.gov/usr/cdfen/x/myfile </screen> </section> <section id="CheckingIfFileWithDc_check"> <title>Checking if a file is on disk in the dCache by running dc_check</title> <screen>% dc_check \ dcap://fndca1.fnal.gov:24725//pnfs/fnal.gov/myfile </screen> <para>For a read rather than a write:</para> <screen>% dccp \ dcap://cdfdca1.fnal.gov:25140//pnfs/fnal.gov/usr/cdfen/x/myfile \ /tmp/myfile </screen> </section> <section id="Pre-staginRequest"> <title>Pre-staging this request with an hour interval using dc_stage:</title> <screen>% dc_stage -t 3600 \ dcap://cdfdca1.fnal.gov:25140//pnfs/fnal.gov/usr/cdfen/x/myfile \ /tmp/myfile </screen> </section> </section> <section id="pnfsMountedLocally"> <title>pnfs Mounted Locally: Syntax and Examples</title> <para>If pnfs is mounted on your local machine, you only need to specify the simple pnfs path of the remote file, e.g. (for a write):</para> <section id="SpecifyingPnfsPath"> <title>Specifying the pnfs path of the remote file</title> <screen>% dccp path/to/local/file/pnfs/<storage_group>/<filePath></screen> </section> <section id="WritingFileToEnstore"> <title>Writing the file to Enstore</title> <para><screen>% dccp /tmp/myfile /pnfs/cdfen/x/myfile</screen></para> </section> <section id="ReadingFileFromEnstore"> <title>Reading the file from Enstore</title> <para><screen>% dccp /pnfs/cdfen/x/myfile /tmp/myfile</screen></para> </section> </section> <section id="GridGsiFtp"> <title>Grid (GSI) FTP</title> <para>GSI stands for Grid Security Interface. GSI FTP uses Grid Proxies for authentication and authorization and is compatible with popular Grid middleware tools such as <command>globus-url-copy</command> (available in the <ulink url="http://www.globus.org/">Globus toolkit at Globus</ulink> or <command>sam_gridftp</command> in Kits). The dCache GSI FTP currently runs on port 2811 on the following door nodes (different nodes for different user groups):</para> <informaltable frame="all"> <tgroup cols="2"> <tbody> <row> <entry><para>General users</para></entry> <entry><para>fndca1</para></entry> </row> <row> <entry><para>CDF</para></entry> <entry><para>cdfdca1, cdfdca2, cdfdca3</para></entry> </row> <row> <entry><para>CMS</para></entry> <entry><para> cmsdca1, cmsdca2 and cmsdca3 </para></entry> </row> </tbody> </tgroup> </informaltable> <para>It is more convenient to run this through an interface like srmcp which allows you to perform multiple transfers in a single command. In addition, it optimizes the parameters of the transfer, and allows FTP to scale with user load (overcoming a passive gridftp protocol issue).</para> </section> <section id="ObtainGridProxies"> <title>Obtain Grid Proxies</title> <para>Globus tools require that a user be authenticated with a short-term authentication Grid proxy. This proxy is created from (long-term) X.509 credentials issued by the <ulink url="http://www.doegrids.org/">DOE science grid</ulink> or <ulink url="http://computing.fnal.gov/security/pki">other Certificate Authority</ulink>, or from Kerberos credentials at Fermilab. DOE science grid is the recommended source for an X.509 certificate. We recommend that you use the command grid-proxy-init to generate your proxy from your certificate. A proxy expires after a preset duration, and then a new one must be regenerated from the user’s (long-term) X.509 certificate.</para> <para>X.509 Grid proxies can be issued automatically for Fermilab users authenticated to Kerberos. (See <ulink url="http://computing.fnal.gov/security/pki/">Fermilab instructions</ulink>. This involves downloading a KX.509 certificate. KX.509 can be used in place of permanent, long-term certificates. It works by creating X.509 credentials (certificate and private key) using your existing Kerberos ticket. These credentials are then used to generate the Globus proxy certificate. <ulink url="http://www.ncsa.uiuc.edu/~aloftus/NMI/kx509.html">More on KX.509</ulink>.</para> </section> <section id="GsiFtpWithGlobus-url-copy"> <title>GSI FTP with globus-url-copy</title> <para>Install the <ulink url="http://www.globus.org/">Globus toolkit</ulink>. Run the <command>globus-url-copy</command> command in order to use the GSI FTP protocol to transfer files. Use the <computeroutput>gsiftp://</computeroutput> URL prefix for the PNFS (Enstore) path, and <computeroutput>file://</computeroutput> for the other URL.</para> <para>For example, to copy from Enstore:</para> <screen>% globus-url-copy \ gsiftp://[[<src_node>:]port]/<source_url_path> \ file://[[<dest_node>]:port]/<dest_url_path></screen> <para>To copy to Enstore:</para> <screen>% globus-url-copy \ file://[[<src_node>:]port]/<source_url_path> \ gsiftp://[[<dest_node>]:port]/<dest_url_path></screen> <para>For a CDF user copying from Enstore to a local disk:</para> <screen>% globus-url-copy \ gsiftp://cdfdca1.fnal.gov:2811/<pnfs_path> \ file://<local_url_path></screen> <para>Copying from one Enstore system to another (here, from CDFDCA to FNDCA):</para> <screen>% globus-url-copy gsiftp://cdfdca1.fnal.gov:2811/<pnfs_path>\ gsiftp://fndca1.fnal.gov:2811/<pnfs_path></screen> </section> <section id="StorageResourceMgt"> <title>Storage Resource Management (SRM)</title> <para>SRM is middleware for managing storage resources on a grid. The SRM implementation within the dCache manages the dCache/Enstore system. It provides functions for file staging and pinning, transfer protocol negotiation and transfer url resolution.</para> <note> <para>Pinning refers to making a file undeletable in the cache for the period of time called the “lifetime of the job”.</para> </note> <para>The SRM client srmcp provides a convenient way to transfer multiple files from/to Enstore via dCache using a variety of protocols. <ulink url="http://grid.fnal.gov/">More on SRM...</ulink></para> <para>Srmcp is the implementation of SRM client as specified by the <ulink url="http://sdm.lbl.gov/srm/documents/joint.docs/srm.v1.0.doc">SRM spec</ulink>. You can use srmcp for the retrieval and/or storage of files to/from Enstore (or other Mass Storage Systems which implement SRM, e.g., <acronym>SLAC</acronym>’s, <acronym>CERN</acronym>’s). In this document we focus on file transfers to/from Fermilab’s Enstore via dCache.</para> <section id="PreparingToUseSrmcp"> <title>Preparing to Use srmcp</title> <para>Two packages are available, one with java (srmcp), the other with a C-based client (srmtools); they are both in <ulink url="ftp://fnkits.fnal.gov:8021/products/">Kits</ulink>. To use the java-based srmcp, you will need to install java on your system. You will also need to install either the globus toolkit or dccp, depending on which protocol you wish to use. In order to use GSI with srmcp, follow the instructions in the README.SECURITY file that comes with srmcp in Kits.</para> </section> <section id="CommandSyntax"> <title>Command Syntax</title> <cmdsynopsis> <command>srmcp</command> <arg>options</arg> <arg choice="req">source(s)</arg> <arg choice="req">destination</arg> </cmdsynopsis> <para>Default options will be read from a configuration file but can be overridden by command line options. The options are listed and defined in the srmcp README file in Kits. We do not list them here.</para> <para>The SRM protocol, used for the remote file specification, requires the SRM server host, port number, and domain. For the fnal.gov domain, the inclusion of “/usr” ahead of the storage group designation in the PNFS path is also required.</para> <para><userinput>srm://<replaceable>serverHost</replaceable>:<replaceable>portNumber</replaceable>/<replaceable>root of filesystem</replaceable>/<replaceable>storage_group</replaceable><optional>/usr</optional>/<replaceable>filepath</replaceable></userinput></para> <para>Some examples, the first two for the fnal.gov domain, the third for cern.ch:<itemizedlist> <listitem> <para><userinput>srm://cdfdca1.fnal.gov:8443//pnfs/fnal.gov/usr/cdfen/filesets/<replaceable>filePath</replaceable></userinput></para> </listitem> <listitem> <para><userinput>srm://fndca1.fnal.gov:8443//pnfs/fnal.gov/usr/<replaceable>filePath</replaceable></userinput></para> </listitem> <listitem> <para><userinput>srm://wacdr002d.cern.ch:9000/castor/cern.ch/user/<replaceable>filePath</replaceable></userinput></para> </listitem> </itemizedlist></para> </section> <section id="Examples"> <title>Examples</title> <para>These examples are taken from the srmcp v1_2 README file in Kits (with unnecessary options removed).</para> <para>The following command will retrieve two files, <filename>/mypath/myfile1.ext</filename> and <filename>/mypath/myfile2.ext</filename>, from Enstore via dCache (for a CDF user) and store them in the user’s local directory <filename class="directory">/home/me/targetdir</filename>. </para> <para>Note that srmcp requires that the PNFS path include <filename class="directory">/pnfs/fnal.gov/usr/</filename> ahead of the storage group designation.</para> <screen>% srmcp \ srm://cdfdca1.fnal.gov:8443//pnfs/fnal.gov/usr/cdf/myfile1.ext \ srm://cdfdca1.fnal.gov:8443//pnfs/fnal.gov/usr/cdf/myfile2.ext \ file://localhost//home/me/targetdir </screen> <para>The following will copy the same files from one Enstore installation (CDFEN) to another (STKEN):</para> <screen>% srmcp \ srm://cdfdca1.fnal.gov:8443//pnfs/fnal.gov/usr/cdf/myfile1.ext \ srm://cdfdca1.fnal.gov:8443//pnfs/fnal.gov/usr/cdf/myfile2.ext \ srm:/fndca1.fnal.gov:8443/targetdir </screen> <para>The following will get the file using dccp client, overriding the default (dccp would have to be already installed on you machine):</para> <screen>% srmcp \ -protocols=dcap \ srm:/fndca1.fnal.gov:8443//pnfs/fnal.gov/usr/targetdir/myfile1.ext \ file:////tmp/myfile1.ext </screen> <note> <para>The four slashes in the last line refer to: <computeroutput>file://</computeroutput> ; host, which comes next, is “ ”; path is</para> <para><userinput>/tmp/.... <replaceable>[your_login_id@]</replaceable>fndcal: <replaceable>pnfs_path</replaceable> <replaceable>/path/to/local_file</replaceable></userinput></para> </note> </section> </section> <section id="X509Dcap"> <title>X.509 dCap</title> <para>X.509 dcap is available on ports 24525, 24536. The UPS setup command reads:</para> <screen>$ setup dcap -q x509</screen> <para>For authentication to work, the environment variable X509_CERT_DIR must be set. If not, check with the compute administrator to get globus setup correctly for your job.</para> </section> <section id="GsiFtpWithKftcp"> <title>GSI FTP with kftpcp <emphasis>(Deprecated)</emphasis></title> <para>GSI FTP is also available with kftpcp (see <xref linkend="KerberizedFtpVia" xreflabel="Title_KerberizedFtpVia" />). Install and setup kftp (<ulink type="FTP" url="ftp://fnkits.fnal.gov:8021/products/kftp">from Kits</ulink>). Also from kits, install and setup <command>gsspy_gsi</command> (for Grid proxy) instead of <command>gsspy_krb</command>. Kftpcp works the same as described in section 5.4 except that the port number is 2811 in this case.</para> <para>We refer you to section 5.4 for details, but here’s a quick example for a general user (using STKEN) to copy from Enstore to a local disk:</para> <para><command>% kftpcp -p 2811 -m p [-v]</command></para> </section> <section id="SimpleKerberizedFtp"> <title>Simple Kerberized FTP</title> <para>The dCache door for Kerberized ftp service enforces Kerberos authentication (see the <ulink url="http://computing.fnal.gov/docs/strongauth/">Strong Authentication at Fermilab Documentation</ulink>). It currently runs on the following nodes and corresponding ports:</para> <orderedlist> <listitem> <para>fndca1.fnal.gov, port 24127 (for STKEN)</para> </listitem> <listitem> <para>cdfdca1, 2 and 3, port 25127 (for CDFEN)</para> </listitem> </orderedlist> <para>The port number is installation-specific.</para> <para>Any Kerberized ftp client can be used on the client machine. You must specify the host port in your ftp command.</para> <caution> <para>File read and write functionality is supported when the user (a) is authorized by the experiment to access the data stores, and (b) has obtained Kerberos credentials.</para> </caution> <important> <para>Portal Mode (CRYPTOCard) access is not supported since it is not compatible with automated transfers or future GRID development.</para> </important> </section> <section id="PrepareToUseKerberizedFtp"> <title>Prepare to use Kerberized FTP</title> <para>In order to establish the kftp service on dCache, you must first:</para> <itemizedlist> <listitem> <para>Have a valid Fermilab UNIX account (UID and GID)</para> </listitem> <listitem> <para>Have a Kerberos principal for FNAL.GOV (if Kerberized access is required)</para> </listitem> <listitem> <para>Ask your experiment’s Enstore liaison to register you for the service. You will need to provide the following information to the liaison:</para> <orderedlist> <listitem> <para>username</para> </listitem> <listitem> <para>UID and GID (run the command id at the UNIX prompt to find their values)</para> </listitem> <listitem> <para>storage group</para> </listitem> <listitem> <para>root path under <filename class="directory">/pnfs/<replaceable><storage_group></replaceable>/...</filename></para> </listitem> <listitem> <para>Kerberos principal(s), if applying for Kerberized door</para> </listitem> <listitem> <para>password, if applying for weak door (request by emailing <email>dcache-admin@fnal.gov</email>)</para> <warning> <para>This is for groups, not individuals.</para> </warning> </listitem> </orderedlist> </listitem> <listitem> <para><emphasis>Optional:</emphasis> Install the kftp product from KITS. kftp is useful for running scripts to transfer files. To do so, run:</para> <para><command>$ setup upd$ upd install -G "-c" kftp</command></para> </listitem> </itemizedlist> </section> <section id="SampleKerberizedFtpSession"> <title>Sample Kerberized FTP session</title> <para>User is authenticated to Kerberos and authorized for the Kerberized dCache door (currently at fndca1.fnal.gov, port 24127):</para> <screen> % ftp fndca1.fnal.gov 24127 Connected to stkendca3a.fnal.gov. 220 FTPDoorIM+GSS ready 334 ADAT must follow GSSAPI accepted as authentication type GSSAPI authentication succeeded Name (fndca:aheavey): 200 User aheavey logged in Remote system type is UNIX. Using binary mode to transfer files. ftp> cd aheavey/test3 250 CWD command succcessful. New CWD is </aheavey/test3> ftp> ls 200 PORT command successful 150 Opening ASCII data connection for file list dupl2 duplexps 226 ASCII transfer complete ftp> get duplexps local: duplexps remote: duplexps 200 PORT command successful 150 Opening BINARY data connection for /pnfs/fs/usr/test/aheavey/test3/duplexps 226 Closing data connection, transfer successful 42 bytes received in 0.033 seconds (1.2 Kbytes/s) ftp> </screen> </section> <section id="KerberizedFtpVia"> <title id="Title_KerberizedFtpVia">Kerberized FTP via the kftpcp Command</title> <para>In order to access data from a batch job or a background process, you should either use ftp client libraries (available from many sources), or the kftp package. This package includes a Kerberized client library and a GSI client library; you can use either. A regular ftp client (Kerberized or not) is an interactive program which is hard to use in batch mode.</para> <para>To use the product in a UPS environment as a Kerberized FTP client, first run:</para> <para><userinput>% setup gsspy_krb; setup kftp</userinput></para> <para>Then run the kftpcp command to copy one or more files. This command can be used from the shell or in a script.</para> </section> <section id="SyntaxAndOptions"> <title>Syntax and Options</title> <synopsis>% kftpcp [<options>] <replaceable>source_file</replaceable> <replaceable>destination_file</replaceable> </synopsis> <para>The available options include:</para> <informaltable frame="all"> <tgroup cols="2"> <tbody> <row> <entry><para><option>-p <replaceable>port</replaceable></option> </para></entry> <entry><para>ftp server port number</para></entry> </row> <row> <entry><para><command><option>-m [ a | p ]</option></command></para></entry> <entry><para>ftp server mode. Active (default), or passive </para></entry> </row> <row> <entry><para><option>-v</option></para></entry> <entry><para>verbose mode</para></entry> </row> </tbody> </tgroup> </informaltable> <important> <para>If your login id is the same on fndca1 and your local system, and if they match your Kerberos principal, you can leave off <userinput>\<replaceable><your_fndca1_login_id\></replaceable>@</userinput> in front of <userinput>fndca1:</userinput> in the command.</para> </important> <important> <para>Depending on how your access is configured, typically you only need to specify the path to the remote file starting from the directory under your /pnfs// area. For example, to specify the remote file <filename>/pnfs/my_storage_group/path/to/file</filename> on the command line, enter only <userinput>/path/to/file</userinput>, including the initial slash. You can use the full specification (starting with <userinput>/pnfs//usr/</userinput>)</para> </important> </section> <section id="DownloadFile"> <title>Download a File</title> <para>To download a stored data file from Enstore via the dCache, using fndca1 as a sample server host, run:</para> <para>% <userinput>kftpcp -p 24127 -m p <option>[-v]</option> <replaceable>login_id</replaceable>@fndca1:<replaceable>/path/to/remote_file</replaceable> <replaceable>/path/to/local_file</replaceable>></userinput></para> </section> <section id="UploadFile"> <title>Upload a File</title> <para>To upload a new data file, again using fndca1, run:</para> <synopsis><userinput>kftpcp -p 24127 - m p [ -v ] <replaceable>/path/to/local_file</replaceable> [<replaceable>fndcal_login</replaceable>]@fndcal:<replaceable>/path/to/remote_file</replaceable></userinput> </synopsis> </section> <section id="ExamplesDownloadFile"> <title>Examples</title> <para>To read (download) the stored file <filename>/pnfs/storage_group/mydir/myfile</filename> into a local file of the same name, run:</para> <screen>% setup kftp % kftpcp -p 24127 -m p -v myloginid@fndca1:/mydir/myfile \ /path/to/myfile Transferred 42 bytes </screen> <para>Or, if your usernames and principal all match, you could shorten it to:</para> <screen>% kftpcp -p 24127 -m p -v fndca1:/mydir/myfile /path/to/myfile </screen> </section> <section id="WeaklyAuthedFtpService"> <title>Weakly-Authenticated FTP Service (Read-only)</title> <para>The dCache weakly-authenticated ftp service currently runs on node the following nodes and corresponding ports:</para> <orderedlist> <listitem> <para>fndca1.fnal.gov, port 24126 (for STKEN).</para> </listitem> <listitem> <para>cdfdca1, 2, and 3, port 25126 (for CDFEN)</para> </listitem> </orderedlist> <para>This is read-only, and is not necessarily allowed by all experiments. This ftp service can be accessed by ordinary ftp client software. You must specify the host port in your ftp command, as shown below. The Enstore admin will have sent you an email to confirm your registration for this service, and included a password for it. This is a weak password. Log in with your username and password.</para> <section id="SampleWeaklyAuthenticatedReadOnlyFtpSession"> <title>Sample weakly-authenticated read-only ftp session</title> <para id="text">Here we explicitly use a weakly-authenticated ftp client, <filename>/usr/bin/ftp</filename>, and make the connection to fndca port 24126. In the session, we first successfully retrieve a file called myfile, and secondly attempt to write a file trace.txt and (correctly) fail.</para> <screen>% /usr/bin/ftp fndca1.fnal.gov 24126 Connected to stkendca3a.fnal.gov. 220 FTPDoorIM+PWD ready (read-only server) Name (fndca:aheavey): 331 Password required for aheavey. Password: XXXXXXXXXXXXXXX 230 User aheavey logged in ftp> cd aheavey/test3 250 CWD command succcessful. New CWD is </aheavey/test3> ftp> ls 200 PORT command successful 150 Opening ASCII data connection for file list myfile myfile2 myfile3 226 ASCII transfer complete 10 bytes received in 0.018 seconds (0.55 Kbytes/s) ftp> get myfile 200 PORT command successful 150 Opening BINARY data connection for /pnfs/fs/usr/test/aheavey/test3/myfile 226 Closing data connection, transfer successful local: myfile remote: myfile 42 bytes received in 0.05 seconds (0.82 Kbytes/s) ftp> put trace.txt 200 PORT command successful 500 Command disabled ftp> bye </screen> <important> <para>If you need to change this password, send email to <email>dcache-admin@fnal.gov</email>.</para> </important> </section> </section> </chapter>