Globus Curator's Guide: Difference between revisions

From DISI
Jump to navigation Jump to search
(Created page with "== Introduction == Here will be instructions on how to maintain globus == Updating Path Permissions == 1. Identify the real paths of the permission denied paths. Globus doesn't follow symbolic links <source>readlink -f <symlink> </source> 2. Become root in epyc 3. Go to /root/globus <source>cd /root/globus</source> 4. Insert and save the real paths at the end of this file (check commas for syntax or you'll get an error): <source>vim storage_gateway_path_restriction.js...")
 
mNo edit summary
 
(2 intermediate revisions by the same user not shown)
Line 1: Line 1:
== Introduction ==
== Introduction ==
Here will be instructions on how to maintain globus
Here will be the instructions on how to maintain globus.


== Updating Path Permissions ==
=== Notes ===
1. Identify the real paths of the permission denied paths. Globus doesn't follow symbolic links
*For any restrict path's to work in the Guest Collections, the main collection needs to have either the same or broader path to be allowed.
<source>readlink -f <symlink> </source>
*The main collection is currently private. Only the admins can have access to it.
2. Become root in epyc


3. Go to /root/globus
== Updating Path Permissions for the Guest Collection ==
<source>cd /root/globus</source>
#Identify the real paths of the permission denied paths. Globus doesn't follow symbolic links
4. Insert and save the real paths at the end of this file (check commas for syntax or you'll get an error):
#:<source>readlink -f <symlink> </source>
<source>vim storage_gateway_path_restriction.json</source>
# Become root in epyc
5. Create a session token with globus. (Cluster 2 Password, ucsfbks)
##Go to /root/globus
<source>globus-connect-server session update ucsfbks@globusid.org</source>
#:<source>cd /root/globus</source>
6. Follow instructions given by globus and it should tell you that it was successful
#Insert and save the real paths at the end of this file (check commas for syntax or you'll get an error):
#:<source>vim storage_gateway_path_restriction.json</source>
##Here is an example of what it should look like
##:<source>
{
    "DATA_TYPE": "path_restrictions#1.0.0",
    "none": ["/"],
    "read": [
    "/nfs/ex3/published",
    "/nfs/exe/work/jji/2dexport",
    "/nfs/exe/work/jji/3d-zinc20",
    "/nfs/exl/zinc-22a",
    "/nfs/exl/zinc-22b",
    "/nfs/exl/zinc-22c",
    "/nfs/exc/zinc-22n"
    ],
    "read_write":[
    "/nfs/mammoth/idg-images/newAmisData"
    ]
}
</source>
#Create a session token with globus. (Cluster 2 Password, ucsfbks)
#:<source>globus-connect-server session update ucsfbks@globusid.org</source>
#Follow instructions given by globus and it should tell you that it was successful
#In the same directory, run this command to update
#:<source>bash globus-storage-gateway.sh update</source>
#This is the successful message
#:<source>Message: Updated Storage Gateway aa731fb1-b27a-49e6-aaeb-2d2cc252f779</source>


7. In the same directory, run this command to update
== Updating Path Permissions for the Main Collection ==
<source>bash globus-storage-gateway.sh update</source>
#Identify the real paths of the permission denied paths. Globus doesn't follow symbolic links
8. This is the successful message
#:<source>readlink -f <symlink> </source>
<source>Message: Updated Storage Gateway aa731fb1-b27a-49e6-aaeb-2d2cc252f779</source>
# Become root in epyc
##Go to /root/globus
#:<source>cd /root/globus</source>
#Insert and save the real paths at the end of this file (check commas for syntax or you'll get an error):
#:<source>vim path_restrictions.json</source>
##Here is an example of what it should look like
##:<source>
{
    "DATA_TYPE": "path_restrictions#1.0.0",
    "read": [
        "/"
    ],
    "read_write": [
        "/nfs/mammoth/idg-images/newAmisData/"
    ]
}
</source>
#Create a session token with globus. (Cluster 2 Password, ucsfbks)
#:<source>globus-connect-server session update ucsfbks@globusid.org</source>
#Follow instructions given by globus and it should tell you that it was successful
#In the same directory, run this command to update
#:<source>globus-connect-server collection update --sharing-restrict-paths file:path_restrictions.json 2e1e1781-6d8a-440a-8604-7100d9c65c90</source>
#This is the successful message
#:<source>code: success</source>
#Lastly, in the globus web GUI, you need to allow a specific user or group to access the new path in the permissions tab located in the collection overview.

Latest revision as of 21:06, 20 March 2024

Introduction

Here will be the instructions on how to maintain globus.

Notes

  • For any restrict path's to work in the Guest Collections, the main collection needs to have either the same or broader path to be allowed.
  • The main collection is currently private. Only the admins can have access to it.

Updating Path Permissions for the Guest Collection

  1. Identify the real paths of the permission denied paths. Globus doesn't follow symbolic links 
    readlink -f <symlink>
  2. Become root in epyc
    1. Go to /root/globus
    cd /root/globus
  3. Insert and save the real paths at the end of this file (check commas for syntax or you'll get an error): 
    vim storage_gateway_path_restriction.json
    1. Here is an example of what it should look like 
      {
    "DATA_TYPE": "path_restrictions#1.0.0",
    "none": ["/"],
    "read": [
	    "/nfs/ex3/published",
	    "/nfs/exe/work/jji/2dexport",
	    "/nfs/exe/work/jji/3d-zinc20",
	    "/nfs/exl/zinc-22a",
	    "/nfs/exl/zinc-22b",
	    "/nfs/exl/zinc-22c",
	    "/nfs/exc/zinc-22n"
    ],
    "read_write":[
	    "/nfs/mammoth/idg-images/newAmisData"
    ]
}
  4. Create a session token with globus. (Cluster 2 Password, ucsfbks) 
    globus-connect-server session update ucsfbks@globusid.org
  5. Follow instructions given by globus and it should tell you that it was successful
  6. In the same directory, run this command to update 
    bash globus-storage-gateway.sh update
  7. This is the successful message 
    Message: Updated Storage Gateway aa731fb1-b27a-49e6-aaeb-2d2cc252f779

Updating Path Permissions for the Main Collection

  1. Identify the real paths of the permission denied paths. Globus doesn't follow symbolic links 
    readlink -f <symlink>
  2. Become root in epyc
    1. Go to /root/globus
    cd /root/globus
  3. Insert and save the real paths at the end of this file (check commas for syntax or you'll get an error): 
    vim path_restrictions.json
    1. Here is an example of what it should look like 
      {
    "DATA_TYPE": "path_restrictions#1.0.0",
    "read": [
        "/"
    ],
    "read_write": [
        "/nfs/mammoth/idg-images/newAmisData/"
    ]
}
  4. Create a session token with globus. (Cluster 2 Password, ucsfbks) 
    globus-connect-server session update ucsfbks@globusid.org
  5. Follow instructions given by globus and it should tell you that it was successful
  6. In the same directory, run this command to update 
    globus-connect-server collection update --sharing-restrict-paths file:path_restrictions.json 2e1e1781-6d8a-440a-8604-7100d9c65c90
  7. This is the successful message 
    code: success
  8. Lastly, in the globus web GUI, you need to allow a specific user or group to access the new path in the permissions tab located in the collection overview.
Retrieved from "http://wiki.docking.org/index.php?title=Globus_Curator%27s_Guide&oldid=15667"