Agenda, Discussion, and Action Items

Agenda & Discussion


Figure out how to securely manage the content published from our pilot server.

Related Information

Background material


Pilot Server Setup (Jeff)

  1. Host provisioned on Jetstream with local user accounts that match XSEDE usernames
    1. We agreed that XSEDE matching usernames is the best approach
  2. Logins via password or ssh keys
    1. We agreed to configure login MFA right away for the pilot as this is how it would work in production
  3. Basic configuration managed using Ansible, but not checked in to a GitHub/BitBucket repo yet
  4. Worked with OSG to publish under the path ''
  5. content is updated by the the local 'colorado' account based on configured CVMFS privileges and unix permissions
    1. Might want to rename 'colorado' to "cvmfs_colorado' or something similar to separate it from the XSEDE username space

Since we would likely have multiple use cases and publishers ask OSG:

Use Cases

Managing Content

Steps on for the 'colorado' user to publish:

  1. Configure CVMFS with the account that owns and can modify the contents of ''
  2. The owner start an update transaction with command "cvmfs_server transaction"
    1. This mounts /cvmfs/ which the owner has write access to
  3. The owner modifies contents
  4. The owner closes transaction by running "cvmfs_server publish"

Security considerations:

Alternate content management approach:

Production platform

Jim recommended a pilot report to hand over to ACCESS rather than implementing in production before the end of XSEDE.

Action Items