Dice patch pam

66c0500e · Ondrej Dvorak · Jan Siwiec · 8434ad25 · 66c0500e · 66c0500e
Commit 66c0500e authored 2 years ago by Ondrej Dvorak Committed by Jan Siwiec 2 years ago
--- a/docs.it4i/dice.md
+++ b/docs.it4i/dice.md
@@ -27,12 +27,57 @@ We have to be sure about your identity, this will be done throught this steps:
 ![](img/aai2.jpg)
 ![](img/aai3-passwd.jpg)

-### You Need a Client to Connect to iRods Server
+### ***IT4I User (You Have IT4I Account With Access to Cluster Already)***
+
+- iRods clients are provided as a module
+- config file (for client) will be loaded with module too
+
+***How to mount your collection***
+
+```console
+ssh some_user@login.karolina.it4i.cz
+ml iRODS
+```
+
+now you can choose between Fuse client or iCommands
+
+***iCommands***
+
+```console
+iinit
+Enter your current PAM password:
+```
+```console
+ils
+/IT4I/home/some_user:
+  test.1
+  test.2
+  test.3
+  test.4
+```
+
+- upload `iput` , download `iget`
+- for more help, type `ihelp`
+
+***Fuse***
+
+```console
+./irodsfs -config ~/config.yml ~/IRODS
+cd ~/IRODS
+```
+
+you can work with fuse as an ordinary directory
+
+### ***Users Without IT4I Account (No Access to Cluster)***
+
+- we suppose, you will upload your data from your local pc/vm
+
+#### You Need a Client to Connect to iRods Server

 - there are many iRods clients, but we recommend theese:
 - Cyberduck - for windows / mac, GUI . Password from aai.it4i.cz (keycloak) works
+- Fuse (irodsfs lite) - for linux, cli
 - iCommands - for linux, cli . Password from aai.it4i.cz (keycloak) works
- Fuse (irodsfs lite) - for linux, cli . Only local password created by support@it4i.cz works for now, we working on it.

 #### Cyberduck

@@ -42,6 +87,80 @@ We have to be sure about your identity, this will be done throught this steps:

 ![](img/irods-cyberduck.jpg)

+#### Irodsfs Lite
+
+- work with your irods collection like ordinary directory
+- this is linux client only, basic knowledge of commandline is neccessary
+
+```console
+cd ~
+wget https://docs.it4i.cz/irods1.it4i.cz.crt [k]
+wget https://github.com/cyverse/irodsfs/releases/download/v0.7.6/irodsfs_amd64_linux_v0.7.6.tar
+tar -xvf ~/irodsfs_amd64_linux_v0.7.6.tar
+mkdir ~/IRODS
+```
+
+settings:
+
+```console
+vim ~/config.yml
+```
+
+```console
+host: irods1.it4i.cz
+port: 1247
+proxy_user: some_user
+client_user: some_user
+zone: IT4I
+
+authscheme: "pam"
+ssl_ca_cert_file: "~/irods1.it4i.cz.crt"
+ssl_encryption_key_size: 32
+ssl_encryption_algorithm: "AES-256-CBC"
+ssl_encryption_salt_size: 8
+ssl_encryption_hash_rounds: 16
+
+path_mappings:
+  - irods_path: /IT4I/home/some_user
+    mapping_path: /
+    resource_type: dir
+```
+
+***How to start - mount your collection:***
+
+```console
+./irodsfs -config ~/config.yml ~/IRODS
+time="2022-07-29 09:51:11.720831" level=info msg="Logging to /tmp/irodsfs_cbhp2rucso0ef0s7dtl0.log" function=processArguments package=main
+Password:
+
+time="2022-07-29 09:51:17.691988" level=info msg="Found FUSE Device. Starting iRODS FUSE Lite." function=parentMain package=main
+time="2022-07-29 09:51:17.692683" level=info msg="Running the process in the background mode" function=parentRun package=main
+time="2022-07-29 09:51:17.693381" level=info msg="Process id = 74772" function=parentRun package=main
+time="2022-07-29 09:51:17.693421" level=info msg="Sending configuration data" function=parentRun package=main
+time="2022-07-29 09:51:17.693772" level=info msg="Successfully sent configuration data to background process" function=parentRun package=main
+time="2022-07-29 09:51:18.008166" level=info msg="Successfully started background process" function=parentRun package=main
+```
+
+***How to put your data to iRODS***
+
+```console
+cp test1G.txt ~/IRODS
+```
+
+It works as ordinary filesystem
+
+```console
+ls -la ~/IRODS
+total 0
+-rwx------ 1 some_user some_user 1073741824 Nov  4  2021 test1G.txt
+```
+
+***How to stop - unmout your collection:***
+
+```console
+fusermount -u ~/IRODS
+```
+
 #### iCommands

 - this is linux client only, basic knowledge of commandline is neccessary
@@ -54,12 +173,13 @@ wget -qO - https://packages.irods.org/renci-irods.yum.repo | sudo tee /etc/yum.r
 sudo yum install epel-release -y
 sudo yum install irods-icommands
 mkdir ~/.irods/
+wget https://docs.it4i.cz/irods1.it4i.cz.crt [k]
 ```

 Copy&paste + edit irods_user_name

 ```console
-$ cat .irods/irods_environment.json
+$ vim ~/.irods/irods_environment.json
 {
    "irods_host": "irods1.it4i.cz",
    "irods_port": 1247,
@@ -67,7 +187,7 @@ $ cat .irods/irods_environment.json
    "irods_zone_name": "IT4I",
    "irods_authentication_scheme": "PAM",
    "irods_ssl_verify_server": "cert",
-    "irods_ssl_ca_certificate_file": "/etc/ssl/certs/irods1.it4i.cz.crt",
+    "irods_ssl_ca_certificate_file": "~/irods1.it4i.cz.crt",
    "irods_encryption_algorithm": "AES-256-CBC",
    "irods_encryption_key_size": 32,
    "irods_encryption_num_hash_rounds": 16,
@@ -77,13 +197,13 @@ $ cat .irods/irods_environment.json

 ```console
 $ pwd
-/root/.irods
+/some_user/.irods

 $ ls -la
 total 16
-drwx------. 2 root root 136 Sep 29 08:53 .
-dr-xr-x---. 6 root root 206 Sep 29 08:53 ..
-rw-r--r--. 1 root root 253 Sep 29 08:14 irods_environment.json
+drwx------. 2 some_user some_user 136 Sep 29 08:53 .
+dr-xr-x---. 6 some_user some_user 206 Sep 29 08:53 ..
+-rw-r--r--. 1 some_user some_user 253 Sep 29 08:14 irods_environment.json
 ```

 **How to Start:**
@@ -97,56 +217,26 @@ Enter your current PAM password:
 $ ils
 /IT4I/home/some_user:
  file.jpg
-  file2.png
-  file3.test
-  file4.txt
-  file5.xlsx
 ```

-#### Irodsfs Lite
-
- work with your irods collection like ordinary directory
+***how to put your data to IRODS***

 ```console
-wget https://github.com/cyverse/irodsfs/releases/download/v0.7.3/irodsfs_amd64_linux_v0.7.3.tar
-tar -xvf irodsfs_amd64_linux_v0.7.3.tar
-mkdir /mount/irods
+$ iput cesnet.crt
 ```

-settings:
-
 ```console
-vim config.yml
-
-host: irods1.it4i.cz
-port: 1247
-proxy_user: some_user
-client_user: some_user
-zone: IT4I
-
-path_mappings:
-  - irods_path: /IT4I/home/some_user
-    mapping_path: /
-    resource_type: dir
-```
-
-How to start - mount your collection:
-
-```console
-./irodsfs -config ~/config.yml ~/mount/irods
-
-time="2022-07-13 14:42:18.088338" level=info msg="Logging to /tmp/irodsfs_cb7brah44s3cedmmstp0.log" function=processArguments package=main
-Password: ##type your password here
-
-ls -la /mount/irods/
-total 0
-rwx------ 1 some_user some_user 1073741824 Nov  4  2021 test1G.txt
+$ ils
+/IT4I/home/some_user:
+  cesnet.crt
 ```

-How to stop - unmout your collection:
+***How to download data***

 ```console
-fusermount -u /mount/irods
+$ iget cesnet.crt
+ls -la ~
+-rw-r--r--. 1 some_user some_user 1464 Jul 20 13:44 cesnet.crt
 ```

 For more commands, use the `ihelp` command.
@@ -161,3 +251,4 @@ For more commands, use the `ihelp` command.
 [h]: https://www.eudat.eu/contact-support-request?Service=B2SAFE
 [i]: https://cyberduck.io/download/
 [j]: http://docs.snic.se/wiki/IRODS_iCommands_installation_on_Ubuntu_20.04#Authenticate_and_test_iRODS_iCommands_client
+[k]: https://docs.it4i.cz/irods1.it4i.cz.crt
--- a/docs.it4i/irods1.it4i.cz.crt
+++ b/docs.it4i/irods1.it4i.cz.crt
+-----BEGIN CERTIFICATE-----
+MIIHezCCBWOgAwIBAgIQWi8LC+shJ7H9XiWIJYC/JDANBgkqhkiG9w0BAQwFADBE
+MQswCQYDVQQGEwJOTDEZMBcGA1UEChMQR0VBTlQgVmVyZW5pZ2luZzEaMBgGA1UE
+AxMRR0VBTlQgT1YgUlNBIENBIDQwHhcNMjEwOTI0MDAwMDAwWhcNMjIwOTI0MjM1
+OTU5WjCBiTELMAkGA1UEBhMCQ1oxHjAcBgNVBAgMFU1vcmF2c2tvc2xlenNrw70g
+a3JhajFBMD8GA1UECgw4Vnlzb2vDoSDFoWtvbGEgYsOhxYhza8OhIC0gVGVjaG5p
+Y2vDoSB1bml2ZXJ6aXRhIE9zdHJhdmExFzAVBgNVBAMTDmlyb2RzMS5pdDRpLmN6
+MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnDpgPV2UhQ1Mebx75zxj
+LVmIw60KXTMucsFVvmcLAKzqT82BeBCml+/TQBWQPJstdMiui/ll+E6+wXl2L47V
+5Yyz7bx1bYg4IXPmyhpqG/MJbbGTmheYd87PwoX3zygppOsgwvK9rsY3mdrQqXmA
+Fx7+oaRizO23nSSx2H7/PqiL/wQu/mYW/uoSKkJw1dAPUynTKwXlOetQZ4GM5TtO
+EWDzMvzG8HqLRjjtEg7I0iL3LkKnOGWIHYSIFy9itF55HS7gNmIdgpCIHi/YLW2U
+cFuTcZpWuJF64wCmBkVyvcw+nTXIXV+5jIg9wRXNbyjda/HO5o6Kjg93PJl7khmb
+bQIDAQABo4IDITCCAx0wHwYDVR0jBBgwFoAUbx01SRBsMvpZoJ68iugflb5xegww
+HQYDVR0OBBYEFE0wy9WZZpkR0e+S28ZcNlbzLD6kMA4GA1UdDwEB/wQEAwIFoDAM
+BgNVHRMBAf8EAjAAMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjBJBgNV
+HSAEQjBAMDQGCysGAQQBsjEBAgJPMCUwIwYIKwYBBQUHAgEWF2h0dHBzOi8vc2Vj
+dGlnby5jb20vQ1BTMAgGBmeBDAECAjA/BgNVHR8EODA2MDSgMqAwhi5odHRwOi8v
+R0VBTlQuY3JsLnNlY3RpZ28uY29tL0dFQU5UT1ZSU0FDQTQuY3JsMHUGCCsGAQUF
+BwEBBGkwZzA6BggrBgEFBQcwAoYuaHR0cDovL0dFQU5ULmNydC5zZWN0aWdvLmNv
+bS9HRUFOVE9WUlNBQ0E0LmNydDApBggrBgEFBQcwAYYdaHR0cDovL0dFQU5ULm9j
+c3Auc2VjdGlnby5jb20wggF+BgorBgEEAdZ5AgQCBIIBbgSCAWoBaAB2AEalVet1
+pEgMLWiiWn0830RLEF0vv1JuIWr8vxw/m1HAAABfBeiEKYAAAQDAEcwRQIhAPfD
+3hi8vipH2M7Sy4BiUgbbAt5ygaqwIFrLz11LEZfoAiAsipZZE8x/qsG39XsESiF5
+TarIMWC/S+gwakdCwmqeSQB2AEHIyrHfIkZKEMahOglCh15OMYsbA+vrS8do8JBi
+lgb2AAABfBeiELoAAAQDAEcwRQIhAM04GehcIEYwIzyrYOuhMztJ2LfvpMTX2vZj
+8nxz78slAiASSx/0AU/HbrJqzIggTslSuoVmqGDCqNhvZs5fwRYNsgB2ACl5vvCe
+OTkh8FZzn2Old+W+V32cYAr4+U1dJlwlXceEAAABfBeiEIgAAAQDAEcwRQIgQiKN
+l8NfIYhHFQT5waJc5BnxX6JzSGDp3QNcHVI0da0CIQDtgYdXXlwJpQxx/5nzOSBa
+qWd0qwtJffQVwbet1qqxcTAZBgNVHREEEjAQgg5pcm9kczEuaXQ0aS5jejANBgkq
+hkiG9w0BAQwFAAOCAgEAbeIYOjIda12Z/wgyf8CFR80JsDuOt48Nel5wi08OMFQj
+0f8qIGJpNtDx3K24ic1Grdep4XpaXRe9uNPYh4rHtc0esj8q1IYcjcmFhKyCWE83
+3QbprXQ1e8ijHBQlxgr+AydMA8YQ1WxTMRUtRAl0FKerXamd+PglByy6vz+p87Ty
+NxCq35An2IjFPM4kWU1trK0M7fq7Wvy7eCVX0iv+UouRcwkFjwCt1yH1X1W5UK7q
+hnozLXkHUca+KFYahsz7gZvfwxdmzMjZF6EZOOnk1UOcAxaukU7oajhf0A7Qufpe
+b/sX/IodIKvBtxX2Iea1F6cf96kfHVvKC3VyF3JXVBqumgjQjC7aLpZrcIFqARbP
+dDreQMbuH8mA313+eU31j6CWPprOWsCdEqFax+wVyRVaA4TrSv6D1F8z1+j/sknk
+ucBD1JaSeKpjhsl1aPFbdF+d6LCGSjdlLZ1bXwMSdBkYfoEL120Q9lFaUldKVTr
+Jt5QTZQfnCgJPmlE55KVObhbK37If/x4MyJiM2FHf3My9i0HPZ8oKJGPvNNSlqtO
+PnA/CDd+22T2wPeKDAMFPmIzyGt+G4XAW/nP1pIdd9wB2uHGnS+71vY/NGdIdgre
+E5YVezyKONQIrpQjXDpprm0xeEQfJGOg9f09ZTcsFQGdXewdY3TMRxhiEUCEYwY=
+-----END CERTIFICATE-----
+
+# subject: C=NL, O=GEANT Vereniging, CN=GEANT OV RSA CA 4
+# issuer:  C=US, ST=New Jersey, L=Jersey City, O=The USERTRUST Network, CN=USERTrust RSA Certification Authority
+# SHA256 Fingerprint: 37:83:4f:a5:ea:40:fb:f7:b6:11:96:95:59:62:e1:ca:05:58:87:24:35:e4:20:66:53:d3:f6:20:dd:8e:98:8e
+-----BEGIN CERTIFICATE-----
+MIIG5TCCBM2gAwIBAgIRANpDvROb0li7TdYcrMTz2+AwDQYJKoZIhvcNAQEMBQAw
+gYgxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpOZXcgSmVyc2V5MRQwEgYDVQQHEwtK
+ZXJzZXkgQ2l0eTEeMBwGA1UEChMVVGhlIFVTRVJUUlVTVCBOZXR3b3JrMS4wLAYD
+VQQDEyVVU0VSVHJ1c3QgUlNBIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTIw
+MDIxODAwMDAwMFoXDTMzMDUwMTIzNTk1OVowRDELMAkGA1UEBhMCTkwxGTAXBgNV
+BAoTEEdFQU5UIFZlcmVuaWdpbmcxGjAYBgNVBAMTEUdFQU5UIE9WIFJTQSBDQSA0
+MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEApYhi1aEiPsg9ZKRMAw9Q
+r8Mthsr6R20VSfFeh7TgwtLQi6RSRLOh4or4EMG/1th8lijv7xnBMVZkTysFiPmT
+PiLOfvz+QwO1NwjvgY+Jrs7fSoVA/TQkXzcxu4Tl3WHi+qJmKLJVu/JOuHud6mOp
+LWkIbhODSzOxANJ24IGPx9h4OXDyy6/342eE6UPXCtJ8AzeumTG6Dfv5KVx24lCF
+TGUzHUB+j+g0lSKg/Sf1OzgCajJV9enmZ/84ydh48wPp6vbWf1H0O3Rd3LhpMSVn
+TqFTLKZSbQeLcx/l9DOKZfBCC9ghWxsgTqW9gQ7v3T3aIfSaVC9rnwVxO0VjmDdP
+FNbdoxnh0zYwf45nV1QQgpRwZJ93yWedhp4ch1a6Ajwqs+wv4mZzmBSjovtV0mKw
+d+CQbSToalEUP4QeJq4Udz5WNmNMI4OYP6cgrnlJ50aa0DZPlJqrKQPGL69KQQz1
+2WgxvhCuVU70y6ZWAPopBa1ykbsttpLxADZre5cH573lIuLHdjx7NjpYIXRx2+QJ
+URnX2qx37eZIxYXz8ggM+wXH6RDbU3V2o5DP67hXPHSAbA+p0orjAocpk2osxHKo
+NSE3LCjNx8WVdxnXvuQ28tKdaK69knfm3bB7xpdfsNNTPH9ElcjscWZxpeZ5Iij8
+lyrCG1z0vSWtSBsgSnUyG/sCAwEAAaOCAYswggGHMB8GA1UdIwQYMBaAFFN5v1qq
+K0rPVIDh2JvAnfKyA2bLMB0GA1UdDgQWBBRvHTVJEGwy+lmgnryK6B+VvnF6DDAO
+BgNVHQ8BAf8EBAMCAYYwEgYDVR0TAQH/BAgwBgEB/wIBADAdBgNVHSUEFjAUBggr
+BgEFBQcDAQYIKwYBBQUHAwIwOAYDVR0gBDEwLzAtBgRVHSAAMCUwIwYIKwYBBQUH
+AgEWF2h0dHBzOi8vc2VjdGlnby5jb20vQ1BTMFAGA1UdHwRJMEcwRaBDoEGGP2h0
+dHA6Ly9jcmwudXNlcnRydXN0LmNvbS9VU0VSVHJ1c3RSU0FDZXJ0aWZpY2F0aW9u
+QXV0aG9yaXR5LmNybDB2BggrBgEFBQcBAQRqMGgwPwYIKwYBBQUHMAKGM2h0dHA6
+Ly9jcnQudXNlcnRydXN0LmNvbS9VU0VSVHJ1c3RSU0FBZGRUcnVzdENBLmNydDAl
+BggrBgEFBQcwAYYZaHR0cDovL29jc3AudXNlcnRydXN0LmNvbTANBgkqhkiG9w0B
+AQwFAAOCAgEAUtlC3e0xj/1BMfPhdQhUXeLjb0xp8UE28kzWE5xDzGKbfGgnrT2R
+lw5gLIx+/cNVrad//+MrpTppMlxq59AsXYZW3xRasrvkjGfNR3vt/1RAl8iI31lG
+hIg6dfIX5N4esLkrQeN8HiyHKH6khm4966IkVVtnxz5CgUPqEYn4eQ+4eeESrWBh
+AqXaiv7HRvpsdwLYekAhnrlGpioZ/CJIT2PTTxf+GHM6cuUnNqdUzfvrQgA8kt1/
+ASXx2od/M+c8nlJqrGz29lrJveJOSEMX0c/ts02WhsfMhkYa6XujUZLmvR1Eq08r
+48/EZ4l+t5L4wt0DV8VaPbsEBF1EOFpz/YS2H6mSwcFaNJbnYqqJHIvm3PLJHkFm
+EoLXRVrQXdCT+3wgBfgU6heCV5CYBz/YkrdWES7tiiT8sVUDqXmVlTsbiRNiyLs2
+bmEWWFUl76jViIJog5fongEqN3jLIGTG/mXrJT1UyymIcobnIGrbwwRVz/mpFQo0
+vBYIi1k2ThVh0Dx88BbF9YiP84dd8Fkn5wbE6FxXYJ287qfRTgmhePecPc73Yrzt
+apdRcsKVGkOpaTIJP/l+lAHRLZxk/dUtyN95G++bOSQqnOCpVPabUGl2E/OEyFrp
+Ipwgu2L/WJclvd6g+ZA/iWkLSMcpnFb+uX6QBqvD6+RNxul1FaB5iHY=
+-----END CERTIFICATE-----