If you want to copy files into dCache with GSIdCap
, SRM
or
WebDAV
with certificates you need to follow the instructions
in the section above.
To use GSIdCap
you must run a GSIdCap
door. This is
achieved by including the gsidcap
service in your
layout file on the machine you wish to host the door.
[gsidcapDomain] [gsidcapDomain/dcap] dcap.authn.protocol=gsi
In addition, you need to have libdcap-tunnel-gsi installed on your worker node, which is contained in the gLite-UI.
As ScientificLinux 5 32bit is not supported by gLite there is no libdcap-tunnel-gsi for SL5 32bit.
[root] #
yum install libdcap-tunnel-gsi
It is also available on the dCap
downloads
page.
Example:
[root] #
rpm -i http://www.dcache.org/repository/yum/sl5/x86_64/RPMS.stable//libdcap-tunnel-gsi-2.47.5-0.x86_64.rpm
The machine running the GSIdCap
door needs to have a host
certificate and you need to have a valid user
certificate. In addition, you should have created a voms proxy as mentioned
above.
Now you can copy a file into your dCache using GSIdCap
[user] $
dccp /bin/sh gsidcap://<dcache.example.org>:22128/data/world-writable/my-test-file3
801512 bytes in 0 seconds
and copy it back
[user] $
dccp gsidcap://<dcache.example.org>:22128/data/world-writable/my-test-file3 /tmp/mytestfile3.tmp
801512 bytes in 0 seconds
To use the SRM
you need to define the srm
service
in your layout file.
[srmDomain] [srmDomain/srm]
In addition, the user needs to install an SRM
client for
example the dcache-srmclient
, which
is contained in the gLite-UI, on the worker node and set
the PATH
environment variable.
[root] #
yum install dcache-srmclient
You can now copy a file into your dCache using the SRM
,
[user] $
srmcp -2 file:////bin/sh srm://<dcache.example.org>:8443/data/world-writable/my-test-file4
copy it back
[user] $
srmcp -2 srm://<dcache.example.org>:8443/data/world-writable/my-test-file4 file:////tmp/mytestfile4.tmp
and delete it
[user] $
srmrm -2 srm://<dcache.example.org>:8443/data/world-writable/my-test-file4
If the grid functionality is not required the file can be
deleted with the NFS
mount of the Chimera namespace:
[user] $
rm
/data/world-writable/my-test-file4
To use WebDAV
with certificates you change the entry in
/opt/d-cache/etc/layouts/mylayout.conf
from
[webdavDomain] [webdavDomain/webdav] webdav.authz.anonymous-operations=FULL webdav.root=/data/world-writable
to
[webdavDomain] [webdavDomain/webdav] webdav.authz.anonymous-operations=NONE webdav.root=/data/world-writable webdav.authn.protocol=https
Then you will need to import the host certificate into the dCache keystore using the command
[root] #
/opt/d-cache/bin/dcache import hostcert
and initialise your truststore by
[root] #
/opt/d-cache/bin/dcache import cacerts
Now you need to restart the WebDAV
domain
[root] #
/opt/d-cache/bin/dcache restart webdavDomain
and access your files via
https://<dcache.example.org>:2880
with your browser.
If the host certificate contains an extended key usage
extension, it must include the extended usage for server
authentication. Therefore you have to make sure that your
host certificate is either unrestricted or it is explicitly
allowed as a certificate for TLS Web Server
Authentication
.
You can also choose to have secure and insecure access to your files at the same time. You might for example allow access without authentication for reading and access with authentication for reading and writing.
[webdavDomain] [webdavDomain/webdav] webdav.root=/data/world-writable webdav.authz.anonymous-operations=READONLY port=2880 webdav.authn.protocol=https
You can access your files via
https://<dcache.example.org>:2880
with your browser.