Difference between revisions of "Accessing Swestore with davfs2"

From SNIC Documentation
Jump to: navigation, search
m (More Hints)
(Docco cleanup to match current Swestore-dcache)
(8 intermediate revisions by 3 users not shown)
Line 1: Line 1:
[[Category:SweStore]]
+
[[Category:Swestore]]
[[Swestore national storage|< Swestore national storage]]
+
[[Category:Swestore user guide]]
  
This guide describes how to mount a folder of the SweStore National Storage as a read/writeable folder in your local file-system.
+
[[Swestore|< Swestore]]
  
== Caveat ==
+
'''This software have today to many problem so you should not use it!!!'''
'''There is currently a big problem with using Davfs2 with Swestore:''' Davfs2 does not currently support Status 302 redirects, which is used by default on Swestore, to redirect you directy to the storage pools for reading (writing is done via central server though). This will cause you problems!
 
  
An issue for the problem is filed here: https://savannah.nongnu.org/support/?107402
+
This guide describes how to mount a folder of the Swestore National Storage as a read/writeable folder in your local file-system.
  
== Prerequisites ==
+
= Caveat =
 +
 
 +
You need at least davfs 1.5.0 for download redirect support, see https://savannah.nongnu.org/bugs/?35428 for details.
 +
 
 +
= Prerequisites =
 
* A *nix like Operating System, such as linux (possibly MacOS might work ... and possibly Windows as well, though this is not covered in this article yet).
 
* A *nix like Operating System, such as linux (possibly MacOS might work ... and possibly Windows as well, though this is not covered in this article yet).
 
* The davfs2 package. On ubuntu, you can install it with:<br><pre>sudo apt-get install davfs2</pre>
 
* The davfs2 package. On ubuntu, you can install it with:<br><pre>sudo apt-get install davfs2</pre>
  
== How to ==
+
= Setup =
You need to use your Terena certificate files, and convert them to the PKCS#12 format.
+
 
 +
Edit <code>/etc/davfs2/davfs2.conf</code> using your favourite text editor and add the following:
 +
follow_redirect 1
 +
 
 +
This enables davfs to follow download redirects which improves performance and reduces load on central services.
 +
 
 +
== Certificate authentication ==
 +
 
 +
Prerequisite: Client certificate exported to a file, see [[Certificate Setup for Swestore]]
 +
 
 +
You need to use your eScience certificate files, and convert them to the PKCS#12 format.
  
 
If you have them in .pem format, you can use openssl for this.
 
If you have them in .pem format, you can use openssl for this.
Line 23: Line 36:
  
 
Converted these to the PKCS#12 format with:
 
Converted these to the PKCS#12 format with:
  openssl pkcs12 -export -in usercert.pem -inkey userkey.pem -out MyTerenaCert.p12
+
  openssl pkcs12 -export -in usercert.pem -inkey userkey.pem -out MyCert.p12
  
 
'''Note:''' You will first need to unlock your cert with a password you have gave when creating it. Then you need to add a password for the pkcs12 file. Remember this latter password for the later steps!
 
'''Note:''' You will first need to unlock your cert with a password you have gave when creating it. Then you need to add a password for the pkcs12 file. Remember this latter password for the later steps!
  
 
Copy the p12 cert to /etc/davfs2/certs/private, as root:
 
Copy the p12 cert to /etc/davfs2/certs/private, as root:
  sudo cp MyTerenaCert.p12 /etc/davfs2/certs/private/
+
  sudo cp MyCert.p12 /etc/davfs2/certs/private/
  
 
Edit /etc/davfs2/davfs2.conf:
 
Edit /etc/davfs2/davfs2.conf:
Line 34: Line 47:
  
 
At the bottom, add the line:
 
At the bottom, add the line:
  clientcert                              MyTerenaCert.p12
+
  clientcert                              MyCert.p12
  
 
Create a folder for mounting the filesystem:
 
Create a folder for mounting the filesystem:
  sudo mkdir -p /mnt/swestore
+
  sudo mkdir -p /swestore
  
 
Add the following line to /etc/fstab (e.g. at the end):
 
Add the following line to /etc/fstab (e.g. at the end):
  https://webdav.swegrid.se/snic/<your-account>     /mnt/swestore  davfs  uid=<your-username>,gid=<your-accountname>,rw,noauto 0      0
+
  https://webdav.swestore.se:2443/    /swestore  davfs  uid=<your-username>,gid=<your-accountname>,rw,noauto 0      0
  
 
Mount, according to fstab, as root:
 
Mount, according to fstab, as root:
  sudo mount /mnt/swestore
+
  sudo mount /swestore
  
 
When asking for a username and password, just press <Enter> (two times). On the third question, you are asked for the password you gave for the pkcs12 file, which you will have to type in, each time you mount this file system.
 
When asking for a username and password, just press <Enter> (two times). On the third question, you are asked for the password you gave for the pkcs12 file, which you will have to type in, each time you mount this file system.
Line 50: Line 63:
  
 
Now you should be able to browse to the mount point:
 
Now you should be able to browse to the mount point:
  cd /mnt/swestore
+
  cd /swestore
 
  ls -l
 
  ls -l
  

Revision as of 09:18, 17 October 2019


< Swestore

This software have today to many problem so you should not use it!!!

This guide describes how to mount a folder of the Swestore National Storage as a read/writeable folder in your local file-system.

Caveat

You need at least davfs 1.5.0 for download redirect support, see https://savannah.nongnu.org/bugs/?35428 for details.

Prerequisites

  • A *nix like Operating System, such as linux (possibly MacOS might work ... and possibly Windows as well, though this is not covered in this article yet).
  • The davfs2 package. On ubuntu, you can install it with:
    sudo apt-get install davfs2

Setup

Edit /etc/davfs2/davfs2.conf using your favourite text editor and add the following:

follow_redirect 1

This enables davfs to follow download redirects which improves performance and reduces load on central services.

Certificate authentication

Prerequisite: Client certificate exported to a file, see Certificate Setup for Swestore

You need to use your eScience certificate files, and convert them to the PKCS#12 format.

If you have them in .pem format, you can use openssl for this.

You might have them in the form of the following two files:

~/.globus/usercert.pem
~/.globus/userkey.pem

Converted these to the PKCS#12 format with:

openssl pkcs12 -export -in usercert.pem -inkey userkey.pem -out MyCert.p12

Note: You will first need to unlock your cert with a password you have gave when creating it. Then you need to add a password for the pkcs12 file. Remember this latter password for the later steps!

Copy the p12 cert to /etc/davfs2/certs/private, as root:

sudo cp MyCert.p12 /etc/davfs2/certs/private/

Edit /etc/davfs2/davfs2.conf:

sudo nano /etc/davfs2/davfs2.conf

At the bottom, add the line:

clientcert                              MyCert.p12

Create a folder for mounting the filesystem:

sudo mkdir -p /swestore

Add the following line to /etc/fstab (e.g. at the end):

https://webdav.swestore.se:2443/     /swestore  davfs   uid=<your-username>,gid=<your-accountname>,rw,noauto 0       0

Mount, according to fstab, as root:

sudo mount /swestore

When asking for a username and password, just press <Enter> (two times). On the third question, you are asked for the password you gave for the pkcs12 file, which you will have to type in, each time you mount this file system.

Done!

Now you should be able to browse to the mount point:

cd /swestore
ls -l

You chould be able to create files with content, and read the content:

echo "Testing testing 1 2 3 ..." > testfile.txt
cat testfile.txt

Note however, that you are not able to open the file for updating, with editors such as nano.

More Hints

In order to automatically mount the system, you will need to download the server cert and the CA cert via Firefox, and then cat them into a single file, that you place in /etc/davfs2/certs, and then add the filename of it in /etc/davfs2/davfs2.conf like so:

servercert      myservercert.crt

(See this link for more info)

Also, you will need to add the user name and password (that you chose when generating the p12 file above) for your client certificate, to /etc/davfs2/secrets (read the help comments about how to do).

Some Links