Agave is an open platform-as-a-service built by TACC designed for scalable and reproducible research that integrates HPC resources which can be managed through a single API. Agave forms part of a thriving community that empowers users to run code in a reproducible manner, manage data efficiently, collaborate meaningfully, and integrate easily with third-party applications. TACC operates a professionally managed and supported instance of Agave as part of its TACC.cloud Platform.
The Agave command line interface (CLI) is a client for interacting with the Agave platform. The CLI empowers you to streamline common interactions with the API and automating repetitive and/or background tasks. Many developers and analysts use it as their primary interface to TACC and other computing environments. By default, this distribution of the CLI is configured to work with TACC-hosted instances of Agave, but it can easily be adapted to support on-premises or other hosted Agave installations.
TACC-Cloud/agave-cli
is, at this point, composed of legacy code writen in Bash, new
tooling,bug fixes, and rewrites are done in Python 3. The Python scripts make
use of TACC/agavepy.
To use TACC/agave-cli
you'll need the following dependencies.
* Bash 3.2.50+
* curl 7.2+ with TLS support
* jq 1.5+
* Python 3+
* TACC/agavepy
To install TACC/agavepy we recommend the following steps:
git clone https://github.com/TACC/agavepy
git checkout develop
make install
If you are interested in contributing to TACC-Cloud/agave-cli
you will also
need:
* Docker (we recommend using the latest stable release of Docker)
* Make 4.1+
* yapf https://github.com/google/yapf
For development, we recoomend you use the development container for your work.
Once you have these requirements installed, you'll need to clone thos
repositpry and add it to your $PATH
.
$ git https://github.com/TACC-Cloud/agave-cli
$ export PATH=$PATH:$PWD/agave-cli/bin
To persist the new $PATH
between logins, run
echo "export PATH=$PATH:$PWD/agave-cli/bin" >> ~/.bashrc
or
echo "export PATH=$PATH:$PWD/agave-cli/bin" >> ~/.bash_profile
The first time you use the CLI, you will need to initialize it. This will create a credentials store inside ~/.agave/
and set your API server to point at a specific tenant. Tenant, in this case, refers to an organization that has its own logically-isolated slice of the hosted Agave API platform.
Initialize the CLI as follows, selecting the appropriate tenant. If you don't know which to select, choose the default. Your Agave username and password will be the same as your TACC credentials.
$ tenants-init
Please select a tenant from the following list:
[0] 3dem
[1] agave.prod
[2] araport.org
[3] designsafe
[4] iplantc.org
[5] irec
[6] sd2e
[7] sgci
[8] tacc.cloud
[9] vdjserver.org
Your choice [8]:
Your CLI is now configured to interact with APIs owned by 'tacc.cloud'.
Use 'clients-create' to set up a new API client or 'auth-tokens-create' to
re-use an existing API key and secret.
TACC.cloud APIs, including Agave, use an authentication called Oauth2. The basic idea is that instead of always sending your very precious password over the wire when you interact with the APIs, you send secure, but expirable strings of text in place of your password. To do this, you need to have an API client, which is a unique combination of API key and secret, and you need at least one access token.
You can have as many clients as you want, and each can have exactly one active token. Technically, clients can have different levels of access to TACC.cloud resources, but that is not currently exposed. Some users like to think of clients as "sub-accounts" of their main Agave account.
Create a client as follows. Take note of the key and secret returned, as you can use them elsewhere.
$ clients-create -S
The name of the client application : cli_docs
API username : taco
API password: *********
Successfully created client cli_docs
key: XgzF0kXZK4cRfiyslXtCfqUEgPAa
secret: tgn1Oi_8XO7JEZVDhQWtsgcLNiUa
These values are used behind the scenes to generate, and then refresh, your access token, which is a little string that your CLI and other clients send to the Agave authentication servers.
Use your newly created client to generate a pair of tokens. One token is an access token which is sent over the wire in place of your password. The other is a refresh token which can can, in combination with the client secret and key, be used to get a new access token when the current one expires. Depending on your tenant's policy, access tokens have a lifespan of 1-4 hours.
$ auth-tokens-create -S
API password: *******
Token for tacc.cloud:taco successfully refreshed and cached for 14400 seconds
f1c972d9d4cb34faec981edbadc938d0
After a while, the access token expires. This is an important security feature, since that token is being sent all over the place and might get intercepted by annoying people and used to access your resources without your permission. Getting a new one is easy. If you're using the Agave CLI or the AgavePy Python library, a good faith attempt will be made to refresh your token automatically.
If you need to manually refresh your token, do the following:
$ auth-tokens-refresh -S
Token for tacc.cloud:taco successfully refreshed and cached for 14400 seconds
cc378eac99cb171687eb6e55a85c1756
If this fails, run auth-tokens-create -S
as above
The Agave CLI is broken down into the following groups of scripts
- apps* query and register apps
- auth* authenticate
- clients* create and manage your API keys
- files* manage remote files and folders, upload, download, and transfer data
- jobs* submit and manage jobs
- metadata* create and manage metadata and metadata schemas
- notifications* subscribe to and manage event notifications from the platform
- postits* create pre-authenticated, disposable urls
- profiles* query and register users
- systems* query, monitor, and manage systems
- tenants* query and initialize the CLI for your tenant
- uuid* lookup and expand one or more Agave UUID
All commands follow a common syntax and share many of the same flags -h
for help, -d
for debug mode, -v
for verbose output, -V
for very verbose (prints curl command and full service response), and -i
for interactive mode. Additionaly, individual commands will have their own options specific to their functionality. The general syntax all commands follow is:
<command> [-hdv]
<command> [-hdv] [target]
<command> [-hdv] [options] [target]
Each command has built in help documentation that will be displayed when the -h
flag is specified. The help documentation will list the actions, options, and targets available for that command.