Closed XMol closed 2 years ago
XMol
commented
2 years ago Hello dCache.org,
are there other open issues regarding SRR that you have to work on in parallel? If not, may I ask you kindly to include the necessary changes in one of the upcoming releases soon? According to Tigran, actually very little work would go into it, so I'm surprised this request is pending for so long, despite the feedback on the user-forum.
Best regards, Xavier.
paulmillar
commented
2 years ago Hi Xavier,
The changes in behaviour you describe are available with dCache v7.2.6, v7.1.16, v7.0.25, v6.2.36.
These dCache versions were released on 2021-12-10 (last Friday).
Cheers, Paul.
kofemann
commented
2 years ago @paulmillar The direrd change is not in the dcache code base and still in RB: https://rb.dcache.org/r/13273/
XMol
commented
2 years ago Thank you for the quick update!
XMol
commented
2 years ago Hello @kofemann, @paulmillar,
again two months have passed and the issue in RB that Tigran linked has seen no updates either. I trust you did not forget about this request? 😉
Ciao,
Xavier.
paulmillar
commented
2 years ago I believe this is done (or almost done). You should see something "soon".
XMol
commented
2 years ago Thank you @kofemann,
adding a new property to toggle the behavior is fine for me/us.
Ciao,
Xavier.
ageorget
commented
2 years ago Hi, I'm trying to enable public access to SRR with the 6.2.41 dCache version but I still got 403 forbidden error if I ask anything else than localhost. My Frontend configuration looks like :
[FrontendDomain]
[FrontendDomain/frontend]
frontend.authn.basic=true
frontend.authn.protocol=https
frontend.authz.anonymous-operations=READONLY
frontend.srr.shares=pgroup-atlas-permanent-disk:/atlas,pgroup-cms-analysis:/cms,pgroup-lhcb-dst:/lhcb
frontend.srr.public=trueSame result switching to http, or anonymous-operation=FULL On the Frontend host :
curl https://localhost:3880/api/v1/srr
{
"storageservice" : {
"name" : "",
"id" : "ccsrm.in2p3.fr",
"servicetype" : "multidisk",
"implementation" : "dCache",
"implementationversion" : "6.2.41",
...
curl https://ccdcamcli06.in2p3.fr:3880/api/v1/srr
{"errors":[{"message":"Forbidden","status":"403"}]}
level=INFO ts=2022-03-15T13:21:30.552+0100 event=org.dcache.frontend.request request.method=GET request.url=https://localhost:3880/api/v1/srr response.code=200 response.reason=OK socket.remote=[::1]:43508 user-agent=curl/7.29.0 user.mapped=nobody response.entity="{\n \"storageservice\" : {\n \"name\"[...]"
level=WARN ts=2022-03-15T13:27:40.848+0100 event=org.dcache.frontend.request request.method=GET request.url=https://ccdcamcli06.in2p3.fr:3880/api/v1/srr response.code=403 response.reason=Forbidden socket.remote=[2001:660:5009:1:134:158:109:246]:48174 user-agent=curl/7.29.0 user.mapped=nobody response.entity="{\"errors\":[{\"message\":\"Forbidden\",\"[...]"
level=WARN ts=2022-03-15T13:32:02.005+0100 event=org.dcache.frontend.request request.method=GET request.url=http://ccdcamcli06.in2p3.fr:3880/api/v1/srr response.code=403 response.reason=Forbidden socket.remote=134.158.231.48:54926 user-agent=curl/7.68.0 user.mapped=nobody response.entity="{\"errors\":[{\"message\":\"Forbidden\",\"[...]"Am I missing something? Adrien
lemora
commented
2 years ago Hi Adrien,
sorry for the trouble; the problem is identified and a fix is on the way. Hopefully it will be included in the next bugfix releases.
Lea
ageorget
commented
2 years ago Hi Lea,
Thanks for the quick fix, indeed it's working with frontend.srr.public=false :)
Adrien
Hello dCache.org,
as became obvious by the feedback on the user-forum thread "The new SRR module is GA", multiple sites would like you to lift the restriction on the new SRR REST-API such that it may be queried from other places besides localhost.
The benefits are quite obvious (to me):
Thank you for all your effort that went into this service so far!
Best regards, Xavier.