iRODS Connector
The Globus Connect Server iRODS Connector provides access to iRODS storage resources.
This document describes the data types supported by this version of the connector.
iRODS Connector Virtual Filesystem
The iRODS Connector filesystem reflects the file system hierarchy on
the configured zone of the iRODS resource. The usual directory
structure is /ZONE/<data>
with home directories at /ZONE/home/USER
.
When accessing data on an iRODS collection, if the storage gateway’s restrict_paths or a mapped collection’s sharing_restrict_paths property are set to disallow all access to a file or directory, those directory entries will not be visible in the collection.
Also, if a collection_base_path value is set on collection creation, it will act similar to a POSIX chroot, and that value will act as the root of a collection’s virtual filesystem.
iRODS Connector Storage Gateway Policies
The iRODS Connector has policies to manage the iRODS client environment and client authentication configuration.
iRODS client environment file
The irods_environment_file property is used by Globus Connect Server to authenticate to the iRODS server as an admin user. The file must contain the following minimum set of entries:
irods_host
-
The iRODS server hostname
irods_port
-
The iRODS server port
irods_user_name
-
The iRODS admin username
irods_zone_name
-
The iRODS Zone name
irods_default_resource
-
The default iRODS resource
iRODS Environment File Permissions
The iRODS environment file must be readable by Globus Connect Server. This
means it must have certain file permissions set on it. If SELinux is
enforcing on your system it must also be labelled in a way that the
Globus Connect Server services can access it. You can use the following
commands as models to set the file permissions and SELinux label on the
file. For these examples, we assume the
IRODS_ENVIRONMENT_FILE
environment variable is set to the
actual path to the environment file.
sudo chown gcsweb:gcsweb "${IRODS_ENVIRONMENT_FILE}"
sudo chmod 600 "${IRODS_ENVIRONMENT_FILE}"
sudo semanage fcontext -a -t gcs_manager_db_t "${IRODS_ENVIRONMENT_FILE}"
sudo restorecon "${IRODS_ENVIRONMENT_FILE}"
iRODS client authentication file
The irods_authentication_file property contains credentials
used by Globus Connect Server to authenticate to the iRODS server as an admin user.
This file should be created with the iRODS command iinit
.
The authentication file must exist on each data transfer node, and
must only be readable by the user gcsweb
.
One way to create this file with the correct ownership is to run
it as the user gcsweb
:
sudo -u gcsweb env IRODS_ENVIRONMENT_FILE=/var/irods/irods_environment.json
\
IRODS_AUTHENTICATION_FILE=/var/irods/.irodsA
\
iinit