GT 3.9.4 RFT: System Administrator's Guide

Introduction

RFT is used to perform third-party transfers across GridFTP servers. It uses  a database to store  its  state periodically  so the transfers can be recovered  from any failures. RFT uses standard grid security mechanisms for authorization and authentication of the users. So in order to effectively use RFT you should have installed and configured a database with RFT database schemas and have the necessary security infrastructure in place to perform a 3rd party transfer.

Building and Installing

 RFT is installed as a part of the standard install. For basic installation instructions, see the Installation Guide.

Configuring

Information on configuration settings and environment variables can be found in the rft interface configuration guide.

RFT can be registered to an MDS index service to facilitiate monitoring and discovery. The MDS documentation contains a note on registering RFT to an Index Service.

Deploying

If you want to deploy latest code from CVS do this:

  1. Configure your CVSROOT to point to globus cvs location.
  2. cvs co ws-transfer
  3. cd ws-transfer/reliable
  4. set GLOBUS_LOCATION to point to your globus installation.
  5. run ant deploy.

Testing

You need to checkout the tests from CVS because RFT tests are not included in the installer. Please follow these steps to run RFT unit tests:

1

Run:

cvs co ws-transfer/reliable/service/test
2

Start a gridftp server on the machine you are running the tests on; use port 5678. This can be done by running: 

globus-gridftp-server -s  -p 5678 &
3 Start the container with RFT deployed in it.
4

Run:

cd ws-transfer/reliable/service/test/unit
5

Generate a report of the tests that ran in the current working directory:

ant test

Security Considerations

Permissions of service configuration files

The service configuration files such as jndi-config.xml or server-config.wsdd (located under etc/<gar>/ directory) contains private information such as database passwords and username. Ensure that these configuration files are only readable by the user that is running the container.
The deployment process automatically sets the permissions of jndi-config.xml and server-config.wsdd files as user readable only. However, this might not work correctly on all platforms and this does not apply to any other configuration files.

Access of information stored in the database

RFT stores the transfer request in a database. Proper security measures need to be taken to protect the access of the data by granting/revoking appropriate permissions on tables that are created for RFT use and other steps that are appropriate and consistent with site specific security measures.

Permissions of persistent data

RFT uses subscription persistence API from GT4 core to store all of its subscription data under the ~/.globus/pe rsisted directory. Ensure that the entire ~/.globus/persisted directory is only readable by the user running the container.

Permissions of user's delegated proxy credential file

User's delegated proxy is stored in a file in /tmp directory ( on the host running the container ) and appropriate permissions are set on it so it can be accessed only by user running the container. This file is removed by the container after the expiration of RFT resource time to live. If it is removed manually before the expiration of resource lifetime all the transfers will fail. The transfers will also fail to start if there is not enough free space in /tmp dir to store the delegated credential.

Troubleshooting

 You can find instructions for common problems here.