If you want to copy files into dCache with GSIdCap, SRM or
WebDAV with certificates you need to follow the instructions
in the section above.
To use GSIdCap you must run a GSIdCap door. This is
achieved by including the gsidcap service in your
layout file on the machine you wish to host the door.
[gsidcapDomain] [gsidcapDomain/dcap] dcap.authn.protocol=gsi
In addition, you need to have libdcap-tunnel-gsi installed on your worker node, which is contained in the gLite-UI.
Note
As ScientificLinux 5 32bit is not supported by gLite there is no libdcap-tunnel-gsi for SL5 32bit.
[root] #yum install libdcap-tunnel-gsi
It is also available on the dCap downloads
page.
Example:
[root] #rpm -i http://www.dcache.org/repository/yum/sl5/x86_64/RPMS.stable//libdcap-tunnel-gsi-2.47.5-0.x86_64.rpm
The machine running the GSIdCap door needs to have a host
certificate and you need to have a valid user
certificate. In addition, you should have created a voms proxy as mentioned
above.
Now you can copy a file into your dCache using GSIdCap
[user] $dccp /bin/sh gsidcap://<dcache.example.org>:22128/data/world-writable/my-test-file3801512 bytes in 0 seconds
and copy it back
[user] $dccp gsidcap://<dcache.example.org>:22128/data/world-writable/my-test-file3 /tmp/mytestfile3.tmp801512 bytes in 0 seconds
To use the SRM you need to define the srm service
in your layout file.
[srmDomain] [srmDomain/srm]
In addition, the user needs to install an SRM client for
example the dcache-srmclient, which
is contained in the gLite-UI, on the worker node and set
the PATH environment variable.
[root] #yum install dcache-srmclient
You can now copy a file into your dCache using the SRM,
[user] $srmcp -2 file:////bin/sh srm://<dcache.example.org>:8443/data/world-writable/my-test-file4
copy it back
[user] $srmcp -2 srm://<dcache.example.org>:8443/data/world-writable/my-test-file4 file:////tmp/mytestfile4.tmp
and delete it
[user] $srmrm -2 srm://<dcache.example.org>:8443/data/world-writable/my-test-file4
If the grid functionality is not required the file can be
deleted with the NFS mount of the Chimera namespace:
[user] $rm/data/world-writable/my-test-file4
To use WebDAV with certificates you change the entry in
/etc/dcache/layouts/mylayout.conf from
[webdavDomain] [webdavDomain/webdav] webdav.authz.anonymous-operations=FULL webdav.root=/data/world-writable
to
[webdavDomain] [webdavDomain/webdav] webdav.authz.anonymous-operations=NONE webdav.root=/data/world-writable webdav.authn.protocol=https
Then you will need to import the host certificate into the dCache keystore using the command
[root] #dcache import hostcert
and initialise your truststore by
[root] #dcache import cacerts
Now you need to restart the WebDAV domain
[root] #dcache restart webdavDomain
and access your files via
https://<dcache.example.org>:2880
with your browser.
Important
If the host certificate contains an extended key usage
extension, it must include the extended usage for server
authentication. Therefore you have to make sure that your
host certificate is either unrestricted or it is explicitly
allowed as a certificate for TLS Web Server
Authentication.
You can also choose to have secure and insecure access to your files at the same time. You might for example allow access without authentication for reading and access with authentication for reading and writing.
[webdavDomain] [webdavDomain/webdav] webdav.root=/data/world-writable webdav.authz.anonymous-operations=READONLY port=2880 webdav.authn.protocol=https
You can access your files via
https://<dcache.example.org>:2880
with your browser.