Globus Connect Server Administration Guides
  • Quickstart Guide
  • Installation Guide
  • Data Access Admin Guide
  • Domain Guide
  • HTTPS Access to Collections
  • Identity Mapping Admin Guide
  • Globus OIDC Installation Guide
  • v5.3 Migration Guide
  • Troubleshooting Guide
  • Command-Line Reference
    • Audit
      • Load
      • Query
      • Dump
    • Endpoint
      • Setup
      • Show
      • Update
      • Reset Advertised Owner String
      • Set Advertised Owner String
      • Set Owner
      • Set Subscription ID
      • Migrate53
      • Cleanup
      • Domain
      • Role
      • Upgrade
    • OIDC
      • Create
      • Delete
      • Register
      • Show
      • Update
    • Node
      • Create
      • Setup
      • List
      • Show
      • Update
      • Cleanup
      • Update Vhost
      • Delete
    • Login
    • Session
      • Consent
      • Show
      • Update
    • Whoami
    • Logout
    • Storage Gateway
      • Create
      • List
      • Show
      • Update
      • Delete
    • Collection
      • Create
      • List
      • Show
      • Reset Advertised Owner String
      • Set Advertised Owner String
      • Update
      • Delete
      • Domain
      • Role
    • Sharing Policy
      • Create
      • List
      • Show
      • Delete
    • Self Diagnostic
  • Globus Connect Server Manager API
    • Responses
    • Schemas
    • Authorization
    • Versioning
    • Endpoint
    • Roles
    • Nodes
    • Storage Gateways
    • Collections
    • User Credentials
    • Domains
    • Sharing Policies
    • ActiveScale
    • Azure Blob
      • Azure Blob
    • BlackPearl
    • Box
    • Ceph
    • Google Cloud Storage
    • Google Drive
    • HPSS
    • iRODS Connector
    • OAuth Credential API
    • OneDrive
    • POSIX Connector
    • POSIX Staging Connector
    • S3
  • API Access for Portals
  • Application Migration Guide
  • Change Log
Skip to main content
Globus Docs
  • APIs
    Auth Transfer Groups Search Python SDK Helper Pages
  • How To
  • Guides
    Globus Connect Server High Assurance Collections for Protected Data Command Line Interface Premium Storage Connectors Globus Automation Services Security Modern Research Data Portal
  • Support
    FAQs Mailing Lists Contact Us Check Support Tickets
  1. Home
  2. Globus Connect Server
  3. Installation Guide
  4. Globus Connect Server Manager API
  5. iRODS Connector

iRODS Connector

The Globus Connect Server iRODS Connector provides access to iRODS storage resources.

This document describes the data types supported by this version of the connector.

iRODS Connector Virtual Filesystem

The iRODS Connector filesystem reflects the file system hierarchy on the configured zone of the iRODS resource. The usual directory structure is /ZONE/<data> with home directories at /ZONE/home/USER.

When accessing data on an iRODS collection, if the storage gateway’s restrict_paths or a mapped collection’s sharing_restrict_paths property are set to disallow all access to a file or directory, those directory entries will not be visible in the collection.

Also, if a collection_base_path value is set on collection creation, it will act similar to a POSIX chroot, and that value will act as the root of a collection’s virtual filesystem.

iRODS Connector Storage Gateway Policies

The iRODS Connector has policies to manage the iRODS client environment and client authentication configuration.

iRODS client environment file

The irods_environment_file property is used by Globus Connect Server to authenticate to the iRODS server as an admin user. The file must contain the following minimum set of entries:

irods_host

The iRODS server hostname

irods_port

The iRODS server port

irods_user_name

The iRODS admin username

irods_zone_name

The iRODS Zone name

irods_default_resource

The default iRODS resource

iRODS Environment File Permissions

The iRODS environment file must be readable by Globus Connect Server. This means it must have certain file permissions set on it. If SELinux is enforcing on your system it must also be labelled in a way that the Globus Connect Server services can access it. You can use the following commands as models to set the file permissions and SELinux label on the file. For these examples, we assume the IRODS_ENVIRONMENT_FILE environment variable is set to the actual path to the environment file.

Set environment file permissions
sudo chown gcsweb:gcsweb "${IRODS_ENVIRONMENT_FILE}"
sudo chmod 600 "${IRODS_ENVIRONMENT_FILE}"
Set SELinux label
sudo semanage fcontext -a -t gcs_manager_db_t "${IRODS_ENVIRONMENT_FILE}"
sudo restorecon "${IRODS_ENVIRONMENT_FILE}"

iRODS client authentication file

The irods_authentication_file property contains credentials used by Globus Connect Server to authenticate to the iRODS server as an admin user. This file should be created with the iRODS command iinit.

The authentication file must exist on each data transfer node, and must only be readable by the user gcsweb.

One way to create this file with the correct ownership is to run it as the user gcsweb:

sudo -u gcsweb env IRODS_ENVIRONMENT_FILE=/var/irods/irods_environment.json \
                   IRODS_AUTHENTICATION_FILE=/var/irods/.irodsA \
                   iinit
  • Document Schemas

  • Quickstart Guide
  • Installation Guide
  • Data Access Admin Guide
  • Domain Guide
  • HTTPS Access to Collections
  • Identity Mapping Admin Guide
  • Globus OIDC Installation Guide
  • v5.3 Migration Guide
  • Troubleshooting Guide
  • Command-Line Reference
    • Audit
      • Load
      • Query
      • Dump
    • Endpoint
      • Setup
      • Show
      • Update
      • Reset Advertised Owner String
      • Set Advertised Owner String
      • Set Owner
      • Set Subscription ID
      • Migrate53
      • Cleanup
      • Domain
      • Role
      • Upgrade
    • OIDC
      • Create
      • Delete
      • Register
      • Show
      • Update
    • Node
      • Create
      • Setup
      • List
      • Show
      • Update
      • Cleanup
      • Update Vhost
      • Delete
    • Login
    • Session
      • Consent
      • Show
      • Update
    • Whoami
    • Logout
    • Storage Gateway
      • Create
      • List
      • Show
      • Update
      • Delete
    • Collection
      • Create
      • List
      • Show
      • Reset Advertised Owner String
      • Set Advertised Owner String
      • Update
      • Delete
      • Domain
      • Role
    • Sharing Policy
      • Create
      • List
      • Show
      • Delete
    • Self Diagnostic
  • Globus Connect Server Manager API
    • Responses
    • Schemas
    • Authorization
    • Versioning
    • Endpoint
    • Roles
    • Nodes
    • Storage Gateways
    • Collections
    • User Credentials
    • Domains
    • Sharing Policies
    • ActiveScale
    • Azure Blob
      • Azure Blob
    • BlackPearl
    • Box
    • Ceph
    • Google Cloud Storage
    • Google Drive
    • HPSS
    • iRODS Connector
    • OAuth Credential API
    • OneDrive
    • POSIX Connector
    • POSIX Staging Connector
    • S3
  • API Access for Portals
  • Application Migration Guide
  • Change Log
© 2010- The University of Chicago Legal Privacy Accessibility