iRODS Connector

The Globus Connect Server iRODS Connector provides access to iRODS storage resources.

This document describes the data types supported by this version of the connector.

iRODS Connector Virtual Filesystem

The iRODS Connector filesystem reflects the file system hierarchy on the configured zone of the iRODS resource. The usual directory structure is /ZONE/<data> with home directories at /ZONE/home/USER.

When accessing data on an iRODS collection, if the storage gateway’s restrict_paths or a mapped collection’s sharing_restrict_paths property are set to disallow all access to a file or directory, those directory entries will not be visible in the collection.

Also, if a collection_base_path value is set on collection creation, it will act similar to a POSIX chroot, and that value will act as the root of a collection’s virtual filesystem.

iRODS Connector Storage Gateway Policies

The iRODS Connector has policies to manage the iRODS client environment and client authentication configuration.

iRODS client environment file

The irods_environment_file property is used by Globus Connect Server to authenticate to the iRODS server as an admin user. The file must contain the following minimum set of entries:

irods_host: The iRODS server hostname
irods_port: The iRODS server port
irods_user_name: The iRODS admin username
irods_zone_name: The iRODS Zone name
irods_default_resource: The default iRODS resource

iRODS Environment File Permissions

The iRODS environment file must be readable by Globus Connect Server. This means it must have certain file permissions set on it. If SELinux is enforcing on your system it must also be labelled in a way that the Globus Connect Server services can access it. You can use the following commands as models to set the file permissions and SELinux label on the file. For these examples, we assume the IRODS_ENVIRONMENT_FILE environment variable is set to the actual path to the environment file.

Set environment file permissions

sudo chown gcsweb:gcsweb "${IRODS_ENVIRONMENT_FILE}"
sudo chmod 600 "${IRODS_ENVIRONMENT_FILE}"

Set SELinux label

sudo semanage fcontext -a -t gcs_manager_db_t "${IRODS_ENVIRONMENT_FILE}"
sudo restorecon "${IRODS_ENVIRONMENT_FILE}"

iRODS client authentication file

The irods_authentication_file property contains credentials used by Globus Connect Server to authenticate to the iRODS server as an admin user. This file should be created with the iRODS command iinit.

The authentication file must exist on each data transfer node, and must only be readable by the user gcsweb.

One way to create this file with the correct ownership is to run it as the user gcsweb:

sudo -u gcsweb env IRODS_ENVIRONMENT_FILE=/var/irods/irods_environment.json \
                   IRODS_AUTHENTICATION_FILE=/var/irods/.irodsA \
                   iinit

Document Schemas