wiki:GEMINIGNtoiRODSDemo

Version 4 (modified by Jeanne Ohren, 7 years ago) (diff)

--

Steps for accessing iRODS from GN via GSI:

Prerequisites:

  • iRODS server is built with GSI
  • Slice owner has an account on the iRODS server
  • Slice owner's account has aua from GENI certificate configured

Prior to setting up the slice, the user must contact the iRODS administrator (via GEMINI mailing list?) and provide their username and GENI certificate identity (give the openssl command). An account will be established for them in the "GEMINI zone" with an aua matching the provided certificate identity.

  1. Instrumentize will generate a proxy certificate from slice owner's GENI certificate. (Wesley will confirm this)
  2. Instrumentize will place proxy pem file in appropriate location on the GN (home directory of user executing the archive server)
  3. Instrumentize will configure irodsEnv for the user executing the archive server.
    1. host/port - set to the KY iRODS server
    2. zone/resource - a predetermined "GEMINI zone"
    3. username - provided by the user during instrumentize - this MUST match the iRODS account
    4. irods directories - determined from username and zone (e.g. /geminiZone/home/username)

iRODS servers with GSI

There are currently a couple of options for iRODS servers that will be used by the GEMINI experimenters.

  1. Continue to use the iRODS server in KY with its own iCAT.
  2. Federate the KY iRODS server with the GIMI iRODS server.
  3. Others?

Demo Plan

  • A slice will be pre-instrumentized.
    • Show the command line for the instrumentize
    • Show the following items that were configured by instrumentize:
      • proxy certificate (show output of 'openssl verify' or 'grid-proxy-info')
      • irodsEnv contents
    • Show the configuration on the iRODS server
      • user account created
      • aua's for the user
      • contents before the archive
  • The archive will be triggered
    • Show the iRODS contents after the archive

Executing the demo: Hussam? (Wesley will be gone 1/31- end of Feb.)

Schedule a dry-run prior to 1/31 (including Hussam?)