Closed pdonorio closed 8 years ago
Implement certification authority and request/sign on the irods server side
waiting for @muccix on this task
I added the shared volume, see 1ae8689 , but this has yet to be tested
Ont the SERVER container:
On the CLIENT container:
{ "irods_host": "rodserver", "irods_port": 1247, "irods_user_name": "rmucci", "irods_zone_name": "tempZone", "irods_authentication_scheme": "GSI" }
ERROR: [-] iRODS/lib/core/src/clientLogin.cpp:293:clientLogin : status [PLUGIN_ERROR_MISSING_SHARED_OBJECT] errno [] -- message [] [-] iRODS/lib/core/src/irods_gsi_object.cpp:34:resolve : status [PLUGIN_ERROR_MISSING_SHARED_OBJECT] errno [] -- message [Failed to load the GSI auth plugin.] [-] iRODS/lib/core/src/irods_auth_manager.cpp:76:init_from_type : status [PLUGIN_ERROR_MISSING_SHARED_OBJECT] errno [] -- message [Failed to load auth plugin.] [-] iRODS/lib/core/src/irods_auth_manager.cpp:55:load_auth_plugin : status [PLUGIN_ERROR_MISSING_SHARED_OBJECT] errno [] -- message [Failed to load plugin: "gsi".] [-] iRODS/lib/core/include/irods_load_plugin.hpp:175:load_plugin : status [PLUGIN_ERROR_MISSING_SHARED_OBJECT] errno [] -- message [shared library does not exist [/var/lib/irods/plugins/auth/libgsi.so]]
On the CLIENT container:
@akrause2014
To fix the failure you have to copy the GSI authentication plugin from the iRODS installation on the SERVER container at /var/lib/irods/plugins/auth/libgsi.so. (Installing the iRODS authentication package on the client doesn't work because it expects an iRODS server.)
I will try to look for an automatic solution to add at 'init time' (or even better inside the Dockerfile) on this. Probably there could be a way to extract the so file from the deb package.
The GSI authentication plugin will create the proxy for you if it is not available when connecting to the iRODS server.
Wow that's great. I will try to reproduce now the actions of both Roberto and your comments.
Just for the record, here is the link to the security schema we were following together with Roberto.
both a CA and a signed host certificate are already there
@muccix not for me. we can discuss this tomorrow, but i cannot find it on the server for the user 'irods'.
To make sure there are no errors is better to remove the docker volumes before doing the tests.
@akrause2014 thank you! Following your suggestions we were able to use icommands via GSI. I forgot that the GSI plugin is needed at client side as well. Probably the new release has also added the feature for the management of the proxy without the need to create it with grid-proxy-init.
Hello there, almost seeing the light.
By adding things directly on the container Roberto and I managed to make things work.
I automatized everything in the Dockerfile builds (see recent commits) but i am getting an error on the client side:
guest@flask:~$ ils
ERROR: unpackNonpointerItem: strlen of msg > dim size, content: DEBUG: On iRODS-Server side: GSS-API error acquiring credentials: GSS Minor Status Error Chain:
There should be something i am missing, i hope that next week my mind will be clearer and Roberto may help me out.
Another last point, to get the libgsi.so on the client side i shared a volume. I don't like this hack, i want to see how to install the library on the client too, and Roberto led me to follow this instructions. Will do.
Dear all, all the problems have been solved, also thanks to @muccix
libgsi.so
available without installingThe discussion goes now on the development side, see the related issue.