SNIC storage/supr test irods

From SNIC Documentation
Revision as of 13:41, 29 September 2017 by Krishnaveni Chitrapu (NSC) (talk | contribs) (Using SUPR-Test System for projects)
Jump to: navigation, search

Using SUPR-Test System for projects

The SUPR-Test System can be accessed via

https://disposer.c3se.chalmers.se/supr-test

If its a new person, click on Register New Person Button

One can

1) Register via SWAMID

2) Register without SWAMID

If you are a PI, login to SUPR-Test

1) Click on Rounds on the left Panel and select MAX IV Swestore 2017.

2) Click on Create new Proposal for MAX IV Swestore 2017 button.

3) Give a project title and Create proposal.Alternatively you can clone an existing project from the dropdown.

5) The directory name for the project should be simple and not contain any spaces.It would the project/directory name in irods

6) PI can add Co-Investigators to the proposal. Alternatively they can be added as members once the proposal is approved.

7) Proposal is submitted and once approved a project is created.

8) A Python script is run in the background which picks the project and user data and creates corresponding project and users in test-irods.

9) User can follow the below instructions to access test-irods.

Client setup to use the test-irods system

The iRODS system 'test-irods' is a test system we use to test upgrades and functionality. It a collection of Xen virtual machines running CentOS 6.9 and iRODS 4.1.8 at the moment. There is one iCAT server and two iRODS storage server nodes.

To access the system it is preferable to use the same version of the client as the server but theoretically it should also work with other versions of the client as well.

Easiest and most tested is the Unix command line client. On a cluster like Aurora most probably this is going to be the one to be used.


Installing the iRODS iCommands client

To install the latest 4.2.1 command line client the instructions are on the iRODS web site at:

 https://irods.org/download/

and

 https://packages.irods.org/

.

On a CentOS Linux variant as root: Get the signing key.

 rpm --import https://packages.irods.org/irods-signing-key.asc

Get the repository description file.

 wget -qO - https://packages.irods.org/renci-irods.yum.repo >/etc/yum.repos.d/renci-irods.yum.repo

Install the package.

 yum install irods-icommands

It will ask to confirm to import the iRODS package signing key and then ask to confirm going ahead with installing the package and the dependencies. The command line client executables will go under /bin.

The iRODS client will need to be able to talk to the iRODS iCAT server and the resource servers at ports 1247 and 20000..20199. (Those are the defaults.) Firewall / packet filtering should allow outgoing connections to those ports.


Configuring the iRODS iCommands client

To be able to use the iRODS command line client a user has to have a configuration file in place which describes how to access the iCAT server. The file has json format (with the latest versions.)

An example file would look like this:

{
    "irods_host": "<irodshost>",
    "irods_port": <port>,
    "irods_default_resource": "<resourcename>",
    "irods_home": "/<zonename>/home/<username>",
    "irods_cwd": "/<zonename>/home/<username>",
    "irods_user_name": "<username>",
    "irods_zone_name": "<zonename>",
    "irods_client_server_negotiation": "request_server_negotiation",
    "irods_client_server_policy": "CS_NEG_REFUSE",
    "irods_encryption_key_size": 32,
    "irods_encryption_salt_size": 8,
    "irods_encryption_num_hash_rounds": 16,
    "irods_encryption_algorithm": "AES-256-CBC",
    "irods_default_hash_scheme": "SHA256",
    "irods_match_hash_policy": "compatible",
    "irods_server_control_plane_port": 1248,
    "irods_server_control_plane_key": "TEMPORARY__32byte_ctrl_plane_key",
    "irods_server_control_plane_encryption_num_hash_rounds": 16,
    "irods_server_control_plane_encryption_algorithm": "AES-256-CBC",
    "irods_maximum_size_for_single_buffer_in_megabytes": 32,
    "irods_default_number_of_transfer_threads": 4,
    "irods_transfer_buffer_size_for_parallel_transfer_in_megabytes": 4
}

Names in the angle brackets are placeholders to be replaced with the actual values (without the angle brackets as in the file below).

 irodshost is the fully qualified name of the irods host (with the dots).
 port is the port the iCAT server is using, the default is 1247
 resourcename is the name of the default resource to be used
 zonename is the name of the iRODS zone

If not sure about these please ask a system administrator.

In out case:

{
    "irods_host": "test-irods.nsc.liu.se",
    "irods_port": 1247,
    "irods_default_resource": "demoResc",
    "irods_home": "/tempZone/home/s_jonli",
    "irods_cwd": "/tempZone/home/s_jonli",
    "irods_user_name": "s_jonli",
    "irods_zone_name": "tempZone",
    "irods_client_server_negotiation": "request_server_negotiation",
    "irods_client_server_policy": "CS_NEG_REFUSE",
    "irods_encryption_key_size": 32,
    "irods_encryption_salt_size": 8,
    "irods_encryption_num_hash_rounds": 16,
    "irods_encryption_algorithm": "AES-256-CBC",
    "irods_default_hash_scheme": "SHA256",
    "irods_match_hash_policy": "compatible",
    "irods_server_control_plane_port": 1248,
    "irods_server_control_plane_key": "TEMPORARY__32byte_ctrl_plane_key",
    "irods_server_control_plane_encryption_num_hash_rounds": 16,
    "irods_server_control_plane_encryption_algorithm": "AES-256-CBC",
    "irods_maximum_size_for_single_buffer_in_megabytes": 32,
    "irods_default_number_of_transfer_threads": 4,
    "irods_transfer_buffer_size_for_parallel_transfer_in_megabytes": 4
}

To use PAM authentication (that is with the Yubikey) you will need one additional line:

    "irods_authentication_scheme": "PAM",

to be inserted _before_ the line with irods_transfer_buffer_size_for_parallel_transfer_in_megabytes. Please note the comma at the end of the line.

The configuration file needs to be placed in the directory .irods under the home directory, named irods_environment.json.

To be able to use the iRODS system first the user has to be authenticated. This is done using the iinit command.

 iinit

It will ask for a password, which should have been already sent in an e-mail. For the users who are given a Yubikey the device should be inserted into a USB port at this point and the gold plated button should be pressed for a few seconds. In case the authentication was successful the command prompt is returned.

From then on the iRODS iCommands should be available to use.


Using iCommands

All icommands give help using the command line switch -h. The most useful commands are:

 iinit
 ils
 iget
 iput
 irsync


For more information see: https://irods.org/uploads/2016/06/irods_beginner_training_2016.pdf from Chapter 5.2 (page 16) in the document. This is an introduction on how to use iRODS.

There is a more detailed description at https://docs.irods.org/4.2.1/icommands/user/