Difference between revisions of "Accessing Swestore with davfs2"

From SNIC Documentation
Jump to: navigation, search
m
(Swestore documentation moved)
(Tag: New redirect)
 
(10 intermediate revisions by 4 users not shown)
Line 1: Line 1:
[[Category:SweStore]]
+
#REDIRECT[[Swestore Documentation Moved]]
[[Swestore national storage|< Swestore national storage]]
 
 
 
This guide describes how to mount a folder of the SweStore National Storage as a read/writeable folder in your local file-system.
 
 
 
== Caveat ==
 
'''There is currently a big problem with using Davfs2 with Swestore:''' Davfs2 does not currently support Status 302 redirects, which is used by default on Swestore, to redirect you directy to the storage pools for reading (writing is done via central server though). This will cause you problems!
 
 
 
An issue for the problem is filed here: https://savannah.nongnu.org/support/?107402
 
 
 
== Prerequisites ==
 
* A *nix like Operating System, such as linux (possibly MacOS might work ... and possibly Windows as well, though this is not covered in this article yet).
 
* The davfs2 package. On ubuntu, you can install it with:<br><pre>sudo apt-get install davfs2</pre>
 
 
 
== How to ==
 
You need to use your Terena certificate files, and convert them to the PKCS#12 format.
 
 
 
If you have them in .pem format, you can use openssl for this.
 
 
 
You might have them in the form of the following two files:
 
~/.globus/usercert.pem
 
~/.globus/userkey.pem
 
 
 
Converted these to the PKCS#12 format with:
 
openssl pkcs12 -export -in usercert.pem -inkey userkey.pem -out MyTerenaCert.p12
 
 
 
'''Note:''' You will first need to unlock your cert with a password you have gave when creating it. Then you need to add a password for the pkcs12 file. Remember this latter password for the later steps!
 
 
 
Copy the p12 cert to /etc/davfs2/certs/private, as root:
 
sudo cp MyTerenaCert.p12 /etc/davfs2/certs/private/
 
 
 
Edit /etc/davfs2/davfs2.conf:
 
sudo nano /etc/davfs2/davfs2.conf
 
 
 
At the bottom, add the line:
 
clientcert                              MyTerenaCert.p12
 
 
 
Create a folder for mounting the filesystem:
 
sudo mkdir -p /mnt/swestore
 
 
 
Add the following line to /etc/fstab (e.g. at the end):
 
https://webdav.swegrid.se/snic/<your-account>    /mnt/swestore  davfs  uid=<your-username>,gid=<your-accountname>,rw,noauto 0      0
 
 
 
Mount, according to fstab, as root:
 
sudo mount /mnt/swestore
 
 
 
When asking for a username and password, just press <Enter> (two times). On the third question, you are asked for the password you gave for the pkcs12 file, which you will have to type in, each time you mount this file system.
 
 
 
Done!
 
 
 
Now you should be able to browse to the mount point:
 
cd /mnt/swestore
 
ls -l
 
 
 
You chould be able to create files with content, and read the content:
 
echo "Testing testing 1 2 3 ..." > testfile.txt
 
cat testfile.txt
 
 
 
'''Note''' however, that you are not able to open the file for updating, with editors such as ''nano''.
 
 
 
== More Hints ==
 
In order to automatically mount the system, you will need to download the server cert and the CA cert via Firefox, and then cat them into a single file, that you place in /etc/davfs2/certs, and then add the filename of it in /etc/davfs2/davfs2.conf like so:
 
servercert      myservercert.crt
 
 
 
Also, you will need to add the user name and password (that you chose when generating the p12 file above) for your client certificate, to /etc/davfs2/secrets (read the help comments about how to do).
 
 
 
== Some Links ==
 
* [http://linux.die.net/man/8/mount.davfs Mount Davfs2 man page]
 
* [http://security.ncsa.illinois.edu/research/grid-howtos/usefulopenssl.html How to convert PEM to PKCS#12]
 
* [http://sysblogd.wordpress.com/2007/09/09/ubuntu-mounting-remote-filesystem-using-davfs2-fuse/ Mounting WebDav via davfs2 (Ubuntu)]
 
* [http://ubuntuforums.org/showthread.php?t=1034909 Install server certificates in davfs2 (Ubuntu)]
 
* [http://www.nordugrid.org/documents/certificate_howto.html Nordugrid Certificate HowTo] - Describes the userkey.pem and usercert.pem files
 

Latest revision as of 09:59, 8 February 2023