Skip to content
Snippets Groups Projects
Commit 66c0500e authored by Ondrej Dvorak's avatar Ondrej Dvorak Committed by Jan Siwiec
Browse files

Dice patch pam

parent 8434ad25
No related branches found
No related tags found
1 merge request!385Dice patch pam
Hide whitespace changes
Inline Side-by-side
docs.it4i/dice.md
+ 138
47
View file @ 66c0500e
......@@ -27,12 +27,57 @@ We have to be sure about your identity, this will be done throught this steps:
![](img/aai2.jpg)
![](img/aai3-passwd.jpg)
### You Need a Client to Connect to iRods Server
### ***IT4I User (You Have IT4I Account With Access to Cluster Already)***
- iRods clients are provided as a module
- config file (for client) will be loaded with module too
***How to mount your collection***
```console
ssh some_user@login.karolina.it4i.cz
ml iRODS
```
now you can choose between Fuse client or iCommands
***iCommands***
```console
iinit
Enter your current PAM password:
```
```console
ils
/IT4I/home/some_user:
test.1
test.2
test.3
test.4
```
- upload `iput` , download `iget`
- for more help, type `ihelp`
***Fuse***
```console
./irodsfs -config ~/config.yml ~/IRODS
cd ~/IRODS
```
you can work with fuse as an ordinary directory
### ***Users Without IT4I Account (No Access to Cluster)***
- we suppose, you will upload your data from your local pc/vm
#### You Need a Client to Connect to iRods Server
- there are many iRods clients, but we recommend theese:
- Cyberduck - for windows / mac, GUI . Password from aai.it4i.cz (keycloak) works
- Fuse (irodsfs lite) - for linux, cli
- iCommands - for linux, cli . Password from aai.it4i.cz (keycloak) works
- Fuse (irodsfs lite) - for linux, cli . Only local password created by support@it4i.cz works for now, we working on it.
#### Cyberduck
......@@ -42,6 +87,80 @@ We have to be sure about your identity, this will be done throught this steps:
![](img/irods-cyberduck.jpg)
#### Irodsfs Lite
- work with your irods collection like ordinary directory
- this is linux client only, basic knowledge of commandline is neccessary
```console
cd ~
wget https://docs.it4i.cz/irods1.it4i.cz.crt [k]
wget https://github.com/cyverse/irodsfs/releases/download/v0.7.6/irodsfs_amd64_linux_v0.7.6.tar
tar -xvf ~/irodsfs_amd64_linux_v0.7.6.tar
mkdir ~/IRODS
```
settings:
```console
vim ~/config.yml
```
```console
host: irods1.it4i.cz
port: 1247
proxy_user: some_user
client_user: some_user
zone: IT4I
authscheme: "pam"
ssl_ca_cert_file: "~/irods1.it4i.cz.crt"
ssl_encryption_key_size: 32
ssl_encryption_algorithm: "AES-256-CBC"
ssl_encryption_salt_size: 8
ssl_encryption_hash_rounds: 16
path_mappings:
- irods_path: /IT4I/home/some_user
mapping_path: /
resource_type: dir
```
***How to start - mount your collection:***
```console
./irodsfs -config ~/config.yml ~/IRODS
time="2022-07-29 09:51:11.720831" level=info msg="Logging to /tmp/irodsfs_cbhp2rucso0ef0s7dtl0.log" function=processArguments package=main
Password:
time="2022-07-29 09:51:17.691988" level=info msg="Found FUSE Device. Starting iRODS FUSE Lite." function=parentMain package=main
time="2022-07-29 09:51:17.692683" level=info msg="Running the process in the background mode" function=parentRun package=main
time="2022-07-29 09:51:17.693381" level=info msg="Process id = 74772" function=parentRun package=main
time="2022-07-29 09:51:17.693421" level=info msg="Sending configuration data" function=parentRun package=main
time="2022-07-29 09:51:17.693772" level=info msg="Successfully sent configuration data to background process" function=parentRun package=main
time="2022-07-29 09:51:18.008166" level=info msg="Successfully started background process" function=parentRun package=main
```
***How to put your data to iRODS***
```console
cp test1G.txt ~/IRODS
```
It works as ordinary filesystem
```console
ls -la ~/IRODS
total 0
-rwx------ 1 some_user some_user 1073741824 Nov 4 2021 test1G.txt
```
***How to stop - unmout your collection:***
```console
fusermount -u ~/IRODS
```
#### iCommands
- this is linux client only, basic knowledge of commandline is neccessary
......@@ -54,12 +173,13 @@ wget -qO - https://packages.irods.org/renci-irods.yum.repo | sudo tee /etc/yum.r
sudo yum install epel-release -y
sudo yum install irods-icommands
mkdir ~/.irods/
wget https://docs.it4i.cz/irods1.it4i.cz.crt [k]
```
Copy&paste + edit irods_user_name
```console
$ cat .irods/irods_environment.json
$ vim ~/.irods/irods_environment.json
{
"irods_host": "irods1.it4i.cz",
"irods_port": 1247,
......@@ -67,7 +187,7 @@ $ cat .irods/irods_environment.json
"irods_zone_name": "IT4I",
"irods_authentication_scheme": "PAM",
"irods_ssl_verify_server": "cert",
"irods_ssl_ca_certificate_file": "/etc/ssl/certs/irods1.it4i.cz.crt",
"irods_ssl_ca_certificate_file": "~/irods1.it4i.cz.crt",
"irods_encryption_algorithm": "AES-256-CBC",
"irods_encryption_key_size": 32,
"irods_encryption_num_hash_rounds": 16,
......@@ -77,13 +197,13 @@ $ cat .irods/irods_environment.json
```console
$ pwd
/root/.irods
/some_user/.irods
$ ls -la
total 16
drwx------. 2 root root 136 Sep 29 08:53 .
dr-xr-x---. 6 root root 206 Sep 29 08:53 ..
-rw-r--r--. 1 root root 253 Sep 29 08:14 irods_environment.json
drwx------. 2 some_user some_user 136 Sep 29 08:53 .
dr-xr-x---. 6 some_user some_user 206 Sep 29 08:53 ..
-rw-r--r--. 1 some_user some_user 253 Sep 29 08:14 irods_environment.json
```
**How to Start:**
......@@ -97,56 +217,26 @@ Enter your current PAM password:
$ ils
/IT4I/home/some_user:
file.jpg
file2.png
file3.test
file4.txt
file5.xlsx
```
#### Irodsfs Lite
- work with your irods collection like ordinary directory
***how to put your data to IRODS***
```console
wget https://github.com/cyverse/irodsfs/releases/download/v0.7.3/irodsfs_amd64_linux_v0.7.3.tar
tar -xvf irodsfs_amd64_linux_v0.7.3.tar
mkdir /mount/irods
$ iput cesnet.crt
```
settings:
```console
vim config.yml
host: irods1.it4i.cz
port: 1247
proxy_user: some_user
client_user: some_user
zone: IT4I
path_mappings:
- irods_path: /IT4I/home/some_user
mapping_path: /
resource_type: dir
```
How to start - mount your collection:
```console
./irodsfs -config ~/config.yml ~/mount/irods
time="2022-07-13 14:42:18.088338" level=info msg="Logging to /tmp/irodsfs_cb7brah44s3cedmmstp0.log" function=processArguments package=main
Password: ##type your password here
ls -la /mount/irods/
total 0
-rwx------ 1 some_user some_user 1073741824 Nov 4 2021 test1G.txt
$ ils
/IT4I/home/some_user:
cesnet.crt
```
How to stop - unmout your collection:
***How to download data***
```console
fusermount -u /mount/irods
$ iget cesnet.crt
ls -la ~
-rw-r--r--. 1 some_user some_user 1464 Jul 20 13:44 cesnet.crt
```
For more commands, use the `ihelp` command.
......@@ -161,3 +251,4 @@ For more commands, use the `ihelp` command.
[h]: https://www.eudat.eu/contact-support-request?Service=B2SAFE
[i]: https://cyberduck.io/download/
[j]: http://docs.snic.se/wiki/IRODS_iCommands_installation_on_Ubuntu_20.04#Authenticate_and_test_iRODS_iCommands_client
[k]: https://docs.it4i.cz/irods1.it4i.cz.crt
docs.it4i/irods1.it4i.cz.crt 0 → 100644
+ 85
0
View file @ 66c0500e
-----BEGIN CERTIFICATE-----
MIIHezCCBWOgAwIBAgIQWi8LC+shJ7H9XiWIJYC/JDANBgkqhkiG9w0BAQwFADBE
MQswCQYDVQQGEwJOTDEZMBcGA1UEChMQR0VBTlQgVmVyZW5pZ2luZzEaMBgGA1UE
AxMRR0VBTlQgT1YgUlNBIENBIDQwHhcNMjEwOTI0MDAwMDAwWhcNMjIwOTI0MjM1
OTU5WjCBiTELMAkGA1UEBhMCQ1oxHjAcBgNVBAgMFU1vcmF2c2tvc2xlenNrw70g
a3JhajFBMD8GA1UECgw4Vnlzb2vDoSDFoWtvbGEgYsOhxYhza8OhIC0gVGVjaG5p
Y2vDoSB1bml2ZXJ6aXRhIE9zdHJhdmExFzAVBgNVBAMTDmlyb2RzMS5pdDRpLmN6
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnDpgPV2UhQ1Mebx75zxj
LVmIw60KXTMucsFVvmcLAKzqT82BeBCml+/TQBWQPJstdMiui/ll+E6+wXl2L47V
5Yyz7bx1bYg4IXPmyhpqG/MJbbGTmheYd87PwoX3zygppOsgwvK9rsY3mdrQqXmA
Fx7+oaRizO23nSSx2H7/PqiL/wQu/mYW/uoSKkJw1dAPUynTKwXlOetQZ4GM5TtO
EWDzMvzG8HqLRjjtEg7I0iL3LkKnOGWIHYSIFy9itF55HS7gNmIdgpCIHi/YLW2U
cFuTcZpWuJF64wCmBkVyvcw+nTXIXV+5jIg9wRXNbyjda/HO5o6Kjg93PJl7khmb
bQIDAQABo4IDITCCAx0wHwYDVR0jBBgwFoAUbx01SRBsMvpZoJ68iugflb5xegww
HQYDVR0OBBYEFE0wy9WZZpkR0e+S28ZcNlbzLD6kMA4GA1UdDwEB/wQEAwIFoDAM
BgNVHRMBAf8EAjAAMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjBJBgNV
HSAEQjBAMDQGCysGAQQBsjEBAgJPMCUwIwYIKwYBBQUHAgEWF2h0dHBzOi8vc2Vj
dGlnby5jb20vQ1BTMAgGBmeBDAECAjA/BgNVHR8EODA2MDSgMqAwhi5odHRwOi8v
R0VBTlQuY3JsLnNlY3RpZ28uY29tL0dFQU5UT1ZSU0FDQTQuY3JsMHUGCCsGAQUF
BwEBBGkwZzA6BggrBgEFBQcwAoYuaHR0cDovL0dFQU5ULmNydC5zZWN0aWdvLmNv
bS9HRUFOVE9WUlNBQ0E0LmNydDApBggrBgEFBQcwAYYdaHR0cDovL0dFQU5ULm9j
c3Auc2VjdGlnby5jb20wggF+BgorBgEEAdZ5AgQCBIIBbgSCAWoBaAB2AEalVet1
+pEgMLWiiWn0830RLEF0vv1JuIWr8vxw/m1HAAABfBeiEKYAAAQDAEcwRQIhAPfD
3hi8vipH2M7Sy4BiUgbbAt5ygaqwIFrLz11LEZfoAiAsipZZE8x/qsG39XsESiF5
TarIMWC/S+gwakdCwmqeSQB2AEHIyrHfIkZKEMahOglCh15OMYsbA+vrS8do8JBi
lgb2AAABfBeiELoAAAQDAEcwRQIhAM04GehcIEYwIzyrYOuhMztJ2LfvpMTX2vZj
8nxz78slAiASSx/0AU/HbrJqzIggTslSuoVmqGDCqNhvZs5fwRYNsgB2ACl5vvCe
OTkh8FZzn2Old+W+V32cYAr4+U1dJlwlXceEAAABfBeiEIgAAAQDAEcwRQIgQiKN
l8NfIYhHFQT5waJc5BnxX6JzSGDp3QNcHVI0da0CIQDtgYdXXlwJpQxx/5nzOSBa
qWd0qwtJffQVwbet1qqxcTAZBgNVHREEEjAQgg5pcm9kczEuaXQ0aS5jejANBgkq
hkiG9w0BAQwFAAOCAgEAbeIYOjIda12Z/wgyf8CFR80JsDuOt48Nel5wi08OMFQj
0f8qIGJpNtDx3K24ic1Grdep4XpaXRe9uNPYh4rHtc0esj8q1IYcjcmFhKyCWE83
3QbprXQ1e8ijHBQlxgr+AydMA8YQ1WxTMRUtRAl0FKerXamd+PglByy6vz+p87Ty
NxCq35An2IjFPM4kWU1trK0M7fq7Wvy7eCVX0iv+UouRcwkFjwCt1yH1X1W5UK7q
hnozLXkHUca+KFYahsz7gZvfwxdmzMjZF6EZOOnk1UOcAxaukU7oajhf0A7Qufpe
b/sX/IodIKvBtxX2Iea1F6cf96kfHVvKC3VyF3JXVBqumgjQjC7aLpZrcIFqARbP
dDreQMbuH8mA313+eU31j6CWPprOWsCdEqFax+wVyRVaA4TrSv6D1F8z1+j/sknk
+ucBD1JaSeKpjhsl1aPFbdF+d6LCGSjdlLZ1bXwMSdBkYfoEL120Q9lFaUldKVTr
Jt5QTZQfnCgJPmlE55KVObhbK37If/x4MyJiM2FHf3My9i0HPZ8oKJGPvNNSlqtO
PnA/CDd+22T2wPeKDAMFPmIzyGt+G4XAW/nP1pIdd9wB2uHGnS+71vY/NGdIdgre
E5YVezyKONQIrpQjXDpprm0xeEQfJGOg9f09ZTcsFQGdXewdY3TMRxhiEUCEYwY=
-----END CERTIFICATE-----
# subject: C=NL, O=GEANT Vereniging, CN=GEANT OV RSA CA 4
# issuer: C=US, ST=New Jersey, L=Jersey City, O=The USERTRUST Network, CN=USERTrust RSA Certification Authority
# SHA256 Fingerprint: 37:83:4f:a5:ea:40:fb:f7:b6:11:96:95:59:62:e1:ca:05:58:87:24:35:e4:20:66:53:d3:f6:20:dd:8e:98:8e
-----BEGIN CERTIFICATE-----
MIIG5TCCBM2gAwIBAgIRANpDvROb0li7TdYcrMTz2+AwDQYJKoZIhvcNAQEMBQAw
gYgxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpOZXcgSmVyc2V5MRQwEgYDVQQHEwtK
ZXJzZXkgQ2l0eTEeMBwGA1UEChMVVGhlIFVTRVJUUlVTVCBOZXR3b3JrMS4wLAYD
VQQDEyVVU0VSVHJ1c3QgUlNBIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTIw
MDIxODAwMDAwMFoXDTMzMDUwMTIzNTk1OVowRDELMAkGA1UEBhMCTkwxGTAXBgNV
BAoTEEdFQU5UIFZlcmVuaWdpbmcxGjAYBgNVBAMTEUdFQU5UIE9WIFJTQSBDQSA0
MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEApYhi1aEiPsg9ZKRMAw9Q
r8Mthsr6R20VSfFeh7TgwtLQi6RSRLOh4or4EMG/1th8lijv7xnBMVZkTysFiPmT
PiLOfvz+QwO1NwjvgY+Jrs7fSoVA/TQkXzcxu4Tl3WHi+qJmKLJVu/JOuHud6mOp
LWkIbhODSzOxANJ24IGPx9h4OXDyy6/342eE6UPXCtJ8AzeumTG6Dfv5KVx24lCF
TGUzHUB+j+g0lSKg/Sf1OzgCajJV9enmZ/84ydh48wPp6vbWf1H0O3Rd3LhpMSVn
TqFTLKZSbQeLcx/l9DOKZfBCC9ghWxsgTqW9gQ7v3T3aIfSaVC9rnwVxO0VjmDdP
FNbdoxnh0zYwf45nV1QQgpRwZJ93yWedhp4ch1a6Ajwqs+wv4mZzmBSjovtV0mKw
d+CQbSToalEUP4QeJq4Udz5WNmNMI4OYP6cgrnlJ50aa0DZPlJqrKQPGL69KQQz1
2WgxvhCuVU70y6ZWAPopBa1ykbsttpLxADZre5cH573lIuLHdjx7NjpYIXRx2+QJ
URnX2qx37eZIxYXz8ggM+wXH6RDbU3V2o5DP67hXPHSAbA+p0orjAocpk2osxHKo
NSE3LCjNx8WVdxnXvuQ28tKdaK69knfm3bB7xpdfsNNTPH9ElcjscWZxpeZ5Iij8
lyrCG1z0vSWtSBsgSnUyG/sCAwEAAaOCAYswggGHMB8GA1UdIwQYMBaAFFN5v1qq
K0rPVIDh2JvAnfKyA2bLMB0GA1UdDgQWBBRvHTVJEGwy+lmgnryK6B+VvnF6DDAO
BgNVHQ8BAf8EBAMCAYYwEgYDVR0TAQH/BAgwBgEB/wIBADAdBgNVHSUEFjAUBggr
BgEFBQcDAQYIKwYBBQUHAwIwOAYDVR0gBDEwLzAtBgRVHSAAMCUwIwYIKwYBBQUH
AgEWF2h0dHBzOi8vc2VjdGlnby5jb20vQ1BTMFAGA1UdHwRJMEcwRaBDoEGGP2h0
dHA6Ly9jcmwudXNlcnRydXN0LmNvbS9VU0VSVHJ1c3RSU0FDZXJ0aWZpY2F0aW9u
QXV0aG9yaXR5LmNybDB2BggrBgEFBQcBAQRqMGgwPwYIKwYBBQUHMAKGM2h0dHA6
Ly9jcnQudXNlcnRydXN0LmNvbS9VU0VSVHJ1c3RSU0FBZGRUcnVzdENBLmNydDAl
BggrBgEFBQcwAYYZaHR0cDovL29jc3AudXNlcnRydXN0LmNvbTANBgkqhkiG9w0B
AQwFAAOCAgEAUtlC3e0xj/1BMfPhdQhUXeLjb0xp8UE28kzWE5xDzGKbfGgnrT2R
lw5gLIx+/cNVrad//+MrpTppMlxq59AsXYZW3xRasrvkjGfNR3vt/1RAl8iI31lG
hIg6dfIX5N4esLkrQeN8HiyHKH6khm4966IkVVtnxz5CgUPqEYn4eQ+4eeESrWBh
AqXaiv7HRvpsdwLYekAhnrlGpioZ/CJIT2PTTxf+GHM6cuUnNqdUzfvrQgA8kt1/
ASXx2od/M+c8nlJqrGz29lrJveJOSEMX0c/ts02WhsfMhkYa6XujUZLmvR1Eq08r
48/EZ4l+t5L4wt0DV8VaPbsEBF1EOFpz/YS2H6mSwcFaNJbnYqqJHIvm3PLJHkFm
EoLXRVrQXdCT+3wgBfgU6heCV5CYBz/YkrdWES7tiiT8sVUDqXmVlTsbiRNiyLs2
bmEWWFUl76jViIJog5fongEqN3jLIGTG/mXrJT1UyymIcobnIGrbwwRVz/mpFQo0
vBYIi1k2ThVh0Dx88BbF9YiP84dd8Fkn5wbE6FxXYJ287qfRTgmhePecPc73Yrzt
apdRcsKVGkOpaTIJP/l+lAHRLZxk/dUtyN95G++bOSQqnOCpVPabUGl2E/OEyFrp
Ipwgu2L/WJclvd6g+ZA/iWkLSMcpnFb+uX6QBqvD6+RNxul1FaB5iHY=
-----END CERTIFICATE-----
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment