Difference between revisions of "Transferring data to/from PIC"

From Public PIC Wiki
Jump to navigation Jump to search
 
(4 intermediate revisions by the same user not shown)
Line 1: Line 1:
== How to provide data access to external users without PIC account  ==
+
= How to provide data access to PIC massive storage (dCache) =
  
 +
== Requirements ==
  
==== dCache webdav door ====
+
* Install and configure Rclone
 +
* PIC credentials or macaroon
  
https://webdav.pic.es or https://webdav.pic.es:8460
+
== Install Rclone ==
  
==== dCacheView frontend (optional) ====
+
You can directly download the binary without installing anything. For instance, for a linux 64 bits machine:
  
https://webdav.pic.es:8470
+
    $ curl -JLO https://downloads.rclone.org/rclone-current-linux-amd64.zip
 +
    [...]
 +
    $ unzip rclone-current-linux-amd64.zip
  
==== Authentication ====
 
  
Either PIC credentials (user/password) or a macaroon (https://dcache.org/old/manuals/UserGuide-7.0/macaroons.shtml).
+
Or if you prefer, you can install Rclone like the next example on a Ubuntu machine:
Any authenticated user can get a macaroon for an external user. Remember to add proper caveats to restrict privileges.
 
In the next example, I retrieve a macaroon with 7 days validity, that can only download and list, and can only access the subtree of the provided URL.
 
  
<pre>
+
    $ cd /tmp
$ curl -u tallada -X POST -H 'Content-Type: application/macaroon-request' \
+
    $ curl -JLO 'https://downloads.rclone.org/rclone-current-linux-amd64.deb'
-d '{"caveats": ["activity:DOWNLOAD,LIST"], "validity": "P7D"}' \
+
    $ sudo apt install ./rclone-current-linux-amd64.deb
https://webdav.pic.es:8460/pnfs/pic.es/data/astro/euclid/disk/simulations/ComplementarySimulations
+
 
 +
== Configure Rclone ==
 +
 
 +
You should have been given some credentials and the url of a WebDAV endpoint at PIC.
 +
With them, you just need to create the config in rclone:
 +
 
 +
    $ rclone config
 +
    No remotes found, make a new one?
 +
    n) New remote
 +
    s) Set configuration password
 +
    q) Quit config
 +
    n/s/q> n
 +
   
 +
    Enter name for new remote.
 +
    name> pic
 +
   
 +
    Option Storage.
 +
    Type of storage to configure.
 +
    Choose a number from below, or type in your own value.
 +
    1 / 1Fichier
 +
      \ (fichier)
 +
    [...]
 +
    Storage> webdav
 +
   
 +
    Option url.
 +
    URL of http host to connect to.
 +
    E.g. https://example.com.
 +
    Enter a value.
 +
    url>  https://door04.pic.es/PATH_TO_YOUR_STORAGE_SPACE
 +
   
 +
    Option vendor.
 +
    Name of the WebDAV site/service/software you are using.
 +
    Choose a number from below, or type in your own value.
 +
    Press Enter to leave empty.
 +
    1 / Nextcloud
 +
      \ (nextcloud)
 +
    [...]
 +
    5 / Other site/service or software
 +
      \ (other)
 +
    vendor> other
 +
   
 +
===  Using your PIC credentials ===
 +
 
 +
If you have a PIC user, enter it and the corresponding password in this step. Otherwise, leave these fields blank.
  
{
+
     Option user.
     "macaroon": "MDA2MGxvY2F0aW",
+
     User name.
     "uri": {
+
    In case NTLM authentication is used, the username should be in the format 'Domain\User'.
        "targetWithMacaroon": "https://webdav.pic.es:8460/pnfs/pic.es/data/astro/euclid/disk/simulations/ComplementarySimulations?authz=MDA2MGxvY2F0aW",
+
    Enter a value. Press Enter to leave empty.
        "baseWithMacaroon": "https://webdav.pic.es:8460/?authz=MDA2MGxvY2F0aW",
+
     user> YOUR_PIC_USERNAME
        "target": "https://webdav.pic.es:8460/pnfs/pic.es/data/astro/euclid/disk/simulations/ComplementarySimulations",
 
        "base": "https://webdav.pic.es:8460/"
 
     }
 
}
 
</pre>
 
  
==== Browser access ====
+
    Option pass.
 +
    Password.
 +
    Choose an alternative below. Press Enter for the default (n).
 +
    y) Yes, type in my own password
 +
    g) Generate random password
 +
    n) No, leave this optional password blank (default)
 +
    y/g/n> y
 +
    Enter the password:
 +
    password: YOUR_PIC_PASSWORD
 +
    Confirm the password:
 +
    Password: YOUR_PIC_PASSWORD
  
You can access the data either through the webdav door or dCacheView. If you have PIC credentials (user/password), just input them when requested by the browser.
+
=== Using a Macaroon token ===
  
If you only have a macaroon token, you can access the webdav using the preauthenticated URL (either targetWithMacaroon or baseWithMacaroon). You will only be able to browse to the restricted subtree.
+
If you have been given a Macaroon token, provide it as a bearer token after leaving the user and password blank
You can also use command line clients like cURL or wget.
 
  
In order to use the macarron with dCacheView, DO NOT ENTER any credentials at the login step. Instead, click the three bar menu at the top right, a panel on the left will open. On that panel, select the "Shared files" option. Then, clic the "Add" button on the bottom right and enter the macaroon token.
+
    Option bearer_token.
 +
    Bearer token instead of user/pass (e.g. a Macaroon).
 +
    Enter a value. Press Enter to leave empty.
 +
    bearer_token> YOUR_MACAROON_TOKEN
  
==== rclone ====
+
=== Review settings ===
  
We can use rclone on Windows, Linux and MacOS to be able to automatize data transfer, even mount the remote data as a local filesystem.
+
At the end, just review the information you entered and confirm.
First, follow the instructions to install rclone in your host (https://rclone.org/install/).
 
Note that for mounting you might need additional software (https://rclone.org/commands/rclone_mount/)
 
  
Then, create a new remote, either using the "rclone config" command line, or opening the web GUI with the command "rclone rcd --rc-web-gui". You might need to add "--no-check-certificates" in some cases.
+
    Edit advanced config?
Provide the following info for the remote:
+
    y) Yes
* name: "pic" or any other short identifier
+
    n) No (default)
* provider: webdav
+
    y/n> n
* url: https://webdav.pic.es (you can use the full path here to to restrict the visible tree)
+
   
* username/password: if you have PIC credentials, otherwise leave empty and use macaroon below.
+
    Configuration complete.
* bearer token: MDANOxGCg (the macaroon token)
+
    Options:
 +
    - type: webdav
 +
    - url: https://door04.pic.es/PATH_TO_YOUR_STORAGE_SPACE
 +
    - vendor: other
 +
    - user: YOUR_PIC_USERNAME
 +
    - pass: *** ENCRYPTED ***
 +
    Keep this "pic" remote?
 +
    y) Yes this is OK (default)
 +
    e) Edit this remote
 +
    d) Delete this remote
 +
    y/e/d> y
 +
   
 +
    Current remotes:
 +
   
 +
    Name                Type
 +
    ====                ====
 +
    pic                  webdav
 +
   
 +
    e) Edit existing remote
 +
    n) New remote
 +
    d) Delete remote
 +
    r) Rename remote
 +
    c) Copy remote
 +
    s) Set configuration password
 +
    q) Quit config
 +
    e/n/d/r/c/s/q> q
  
Once done, you can use either the command line or the explorer tab to browse and download data.
+
Once done, you can use command line to browse and download/upload data.
  
Most common command lines:
+
=== Usage ===
  
 
* List a remote PIC directory:  
 
* List a remote PIC directory:  
 
   rclone lsd <name>:<path>`
 
   rclone lsd <name>:<path>`
  
* Copy a local directory to PIC
+
* Download a remote directory from PIC
   rclone copy <local_dir> <name>:<path>
+
   rclone copy <name>:<path> <local_path>
  
I recommend using the following flags, where n_transfers can be up to 350 if transferring lots of small files
+
* Upload a local directory to PIC
   rclone --check-first -P --stats-one-line --transfers <n_transfers> --size-only copy <local_dir> <name>:<path>
+
   rclone ${UPLOAD_FLAGS} copy <local_dir> <name>:<path>
  
You can also mount the remote data to a local path. Use the "Mounts" tab in the web GUI, select the remote filesystem and a local folder (or drive letter in Windows), and press create.
+
When uploading data, we recommend using the following flags, where n_transfers can be up to 350 if transferring lots of small files
 +
  --check-first -P --stats-one-line --transfers <n_transfers> --size-only
  
Enjoy!
+
See rclone manual for more extensive documentation https://rclone.org/docs/
 +
 
 +
== Obtaining a macaroon (for contacts) ==
 +
 
 +
Macaroons are valid up to 7 days.
 +
 
 +
For downloading data (read-only permissions on the path):
 +
 
 +
<pre>
 +
$ curl -u ${USER} -X POST -H 'Content-Type: application/macaroon-request' \
 +
-d '{"caveats": ["activity:DOWNLOAD,LIST"], "validity": "P7D"}' \
 +
https://door04.pic.es:8460/${RESTRICTED_PATH}
 +
 
 +
{
 +
    "macaroon": "MDA2MGxvY2F0aW",
 +
    "uri": {
 +
        "targetWithMacaroon": "https://door04.pic.es:8460/${RESTRICTED_PATH}?authz=MDA2MGxvY2F0aW",
 +
        "baseWithMacaroon": "https://door04.pic.es:8460/?authz=MDA2MGxvY2F0aW",
 +
        "target": "https://door04.pic.es:8460/${RESTRICTED_PATH}",
 +
        "base": "https://door04.pic.es:8460/"
 +
    }
 +
}
 +
</pre>
 +
 
 +
For uploading data (full permissions on the path):
 +
 
 +
<pre>
 +
$ curl -u ${USER} -X POST -H 'Content-Type: application/macaroon-request' \
 +
-d '{"validity": "P7D"}' \
 +
https://door04.pic.es:8460/${RESTRICTED_PATH}
 +
 
 +
{
 +
    "macaroon": "MDA2MGxvY2F0aW",
 +
    "uri": {
 +
        "targetWithMacaroon": "https://door04.pic.es:8460/${RESTRICTED_PATH}?authz=MDA2MGxvY2F0aW",
 +
        "baseWithMacaroon": "https://door04.pic.es:8460/?authz=MDA2MGxvY2F0aW",
 +
        "target": "https://door04.pic.es:8460/${RESTRICTED_PATH}",
 +
        "base": "https://door04.pic.es:8460/"
 +
    }
 +
}
 +
</pre>

Latest revision as of 13:17, 5 June 2024

How to provide data access to PIC massive storage (dCache)

Requirements

* Install and configure Rclone
* PIC credentials or macaroon

Install Rclone

You can directly download the binary without installing anything. For instance, for a linux 64 bits machine:

   $ curl -JLO https://downloads.rclone.org/rclone-current-linux-amd64.zip
   [...]
   $ unzip rclone-current-linux-amd64.zip


Or if you prefer, you can install Rclone like the next example on a Ubuntu machine:

   $ cd /tmp
   $ curl -JLO 'https://downloads.rclone.org/rclone-current-linux-amd64.deb'
   $ sudo apt install ./rclone-current-linux-amd64.deb

Configure Rclone

You should have been given some credentials and the url of a WebDAV endpoint at PIC. With them, you just need to create the config in rclone:

   $ rclone config
   No remotes found, make a new one?
   n) New remote
   s) Set configuration password
   q) Quit config
   n/s/q> n
   
   Enter name for new remote.
   name> pic
   
   Option Storage.
   Type of storage to configure.
   Choose a number from below, or type in your own value.
    1 / 1Fichier
      \ (fichier)
   [...]
   Storage> webdav
   
   Option url.
   URL of http host to connect to.
   E.g. https://example.com.
   Enter a value.
   url>  https://door04.pic.es/PATH_TO_YOUR_STORAGE_SPACE
   
   Option vendor.
   Name of the WebDAV site/service/software you are using.
   Choose a number from below, or type in your own value.
   Press Enter to leave empty.
    1 / Nextcloud
      \ (nextcloud)
   [...]
    5 / Other site/service or software
      \ (other)
   vendor> other
   

Using your PIC credentials

If you have a PIC user, enter it and the corresponding password in this step. Otherwise, leave these fields blank.

   Option user.
   User name.
   In case NTLM authentication is used, the username should be in the format 'Domain\User'.
   Enter a value. Press Enter to leave empty.
   user> YOUR_PIC_USERNAME
   Option pass.
   Password.
   Choose an alternative below. Press Enter for the default (n).
   y) Yes, type in my own password
   g) Generate random password
   n) No, leave this optional password blank (default)
   y/g/n> y
   Enter the password:
   password: YOUR_PIC_PASSWORD
   Confirm the password:
   Password: YOUR_PIC_PASSWORD

Using a Macaroon token

If you have been given a Macaroon token, provide it as a bearer token after leaving the user and password blank

   Option bearer_token.
   Bearer token instead of user/pass (e.g. a Macaroon).
   Enter a value. Press Enter to leave empty.
   bearer_token> YOUR_MACAROON_TOKEN

Review settings

At the end, just review the information you entered and confirm.

   Edit advanced config?
   y) Yes
   n) No (default)
   y/n> n
   
   Configuration complete.
   Options:
   - type: webdav
   - url: https://door04.pic.es/PATH_TO_YOUR_STORAGE_SPACE
   - vendor: other
   - user: YOUR_PIC_USERNAME
   - pass: *** ENCRYPTED ***
   Keep this "pic" remote?
   y) Yes this is OK (default)
   e) Edit this remote
   d) Delete this remote
   y/e/d> y
   
   Current remotes:
   
   Name                 Type
   ====                 ====
   pic                  webdav
   
   e) Edit existing remote
   n) New remote
   d) Delete remote
   r) Rename remote
   c) Copy remote
   s) Set configuration password
   q) Quit config
   e/n/d/r/c/s/q> q

Once done, you can use command line to browse and download/upload data.

Usage

  • List a remote PIC directory:
 rclone lsd <name>:<path>`
  • Download a remote directory from PIC
 rclone copy <name>:<path> <local_path>
  • Upload a local directory to PIC
 rclone ${UPLOAD_FLAGS} copy <local_dir> <name>:<path>

When uploading data, we recommend using the following flags, where n_transfers can be up to 350 if transferring lots of small files

 --check-first -P --stats-one-line --transfers <n_transfers> --size-only

See rclone manual for more extensive documentation https://rclone.org/docs/

Obtaining a macaroon (for contacts)

Macaroons are valid up to 7 days.

For downloading data (read-only permissions on the path):

$ curl -u ${USER} -X POST -H 'Content-Type: application/macaroon-request' \
-d '{"caveats": ["activity:DOWNLOAD,LIST"], "validity": "P7D"}' \
https://door04.pic.es:8460/${RESTRICTED_PATH}

{
    "macaroon": "MDA2MGxvY2F0aW",
    "uri": {
        "targetWithMacaroon": "https://door04.pic.es:8460/${RESTRICTED_PATH}?authz=MDA2MGxvY2F0aW",
        "baseWithMacaroon": "https://door04.pic.es:8460/?authz=MDA2MGxvY2F0aW",
        "target": "https://door04.pic.es:8460/${RESTRICTED_PATH}",
        "base": "https://door04.pic.es:8460/"
    }
}

For uploading data (full permissions on the path):

$ curl -u ${USER} -X POST -H 'Content-Type: application/macaroon-request' \
-d '{"validity": "P7D"}' \
https://door04.pic.es:8460/${RESTRICTED_PATH}

{
    "macaroon": "MDA2MGxvY2F0aW",
    "uri": {
        "targetWithMacaroon": "https://door04.pic.es:8460/${RESTRICTED_PATH}?authz=MDA2MGxvY2F0aW",
        "baseWithMacaroon": "https://door04.pic.es:8460/?authz=MDA2MGxvY2F0aW",
        "target": "https://door04.pic.es:8460/${RESTRICTED_PATH}",
        "base": "https://door04.pic.es:8460/"
    }
}