Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Using the right WebDAV door, revisited #250

Open
onnozweers opened this issue Apr 9, 2021 · 5 comments
Open

Using the right WebDAV door, revisited #250

onnozweers opened this issue Apr 9, 2021 · 5 comments
Assignees

Comments

@onnozweers
Copy link
Contributor

This probably a follow-up of #231, but I'm not quite sure so I opened a new ticket.

I have 4 flavors of dCacheView and I want each of them to point to a dedicated WebDAV door by using tags. However, I can't seem to get it working.

The layout file:

[dcacheview22880Domain]
dcache.java.memory.heap=2g
# dCacheView with password authentication.
[dcacheview22880Domain/frontend]
frontend.cell.name=dcacheview-22880-${host.name}
frontend.net.port = 22880
frontend.authn.protocol = https
frontend.authn.basic = true
frontend.authn.require-client-cert = false
frontend.authn.accept-client-cert = false
frontend.static!dcache-view.org-name=SURFsara Grid Storage dCacheView
frontend.static!dcache-view.endpoints.webdav=https://dcacheview.grid.surfsara.nl:2880/
frontend.protocols.tags=webdav2880
frontend.geographic-placement = NL

[dcacheview22881Domain]
dcache.java.memory.heap=2g
# dCacheView with password authentication.
[dcacheview22881Domain/frontend]
frontend.cell.name=dcacheview-22881-${host.name}
frontend.net.port = 22881
frontend.authn.protocol = https
frontend.authn.basic = true
frontend.authn.require-client-cert = false
frontend.authn.accept-client-cert = false
frontend.static!dcache-view.org-name=SURFsara Grid Storage dCacheView
frontend.static!dcache-view.endpoints.webdav=https://dcacheview.grid.surfsara.nl:2881/
frontend.protocols.tags=webdav2881
frontend.geographic-placement =	NL

[dcacheview22882Domain]
dcache.java.memory.heap=2g
# dCacheView with X509 cert authentication.
[dcacheview22882Domain/frontend]
frontend.cell.name=dcacheview-22882-${host.name}
frontend.net.port = 22882
frontend.authn.protocol = https
frontend.authn.basic = false
frontend.authn.require-client-cert = true
frontend.authn.accept-client-cert = true
frontend.static!dcache-view.org-name=SURFsara Grid Storage dCacheView
frontend.static!dcache-view.endpoints.webdav=https://dcacheview.grid.surfsara.nl:2882/
frontend.protocols.tags=webdav2882
frontend.geographic-placement =	NL

[dcacheview22884Domain]
dcache.java.memory.heap=2g
# dCacheView with X509 cert authentication.
[dcacheview22884Domain/frontend]
frontend.cell.name=dcacheview-22884-${host.name}
frontend.net.port = 22884
frontend.authn.protocol = https
frontend.authn.basic = false
frontend.authn.require-client-cert = true
frontend.authn.accept-client-cert = true
frontend.static!dcache-view.org-name=SURFsara Grid Storage dCacheView
frontend.static!dcache-view.endpoints.webdav=https://dcacheview.grid.surfsara.nl:2884/
frontend.protocols.tags=webdav2884
frontend.geographic-placement =	NL


#
# WebDAV doors dedicated to dCacheView
#

# Fast WebDAV with username/password authentication
[webdav2880-${host.name}Domain]
dcache.java.options.extra = -Djdk.tls.ephemeralDHKeySize=2048
[webdav2880-${host.name}Domain/webdav]
webdav.cell.name=webdav2880-${host.name}
webdav.redirect.on-read=true
webdav.redirect.on-write=true
webdav.redirect.allow-https=true
webdav.authn.basic=true
webdav.authn.accept-client-cert = false
webdav.authn.protocol=https
webdav.net.port=2880
webdav.enable.overwrite=true
webdav.allowed.client.origins = https://dcacheview.grid.surfsara.nl:22880
webdav.loginbroker.tags=webdav2880

# Secure WebDAV with username/password authentication
[webdav2881-${host.name}Domain]
dcache.java.options.extra = \
    -Djava.security.properties=/etc/dcache/maximum.java.security \
    -Djdk.tls.ephemeralDHKeySize=2048
[webdav2881-${host.name}Domain/webdav]
webdav.cell.name=webdav2881-${host.name}
webdav.redirect.on-read=false
webdav.redirect.on-write=false
webdav.authn.basic=true
webdav.authn.accept-client-cert = false
webdav.authn.protocol=https
webdav.net.port=2881
webdav.enable.overwrite=true
webdav.allowed.client.origins = https://dcacheview.grid.surfsara.nl:22881
webdav.loginbroker.tags=webdav2881

# Fast WebDAV with X509 (cert) authentication
[webdav2882-${host.name}Domain]
dcache.java.options.extra = -Djdk.tls.ephemeralDHKeySize=2048
[webdav2882-${host.name}Domain/webdav]
webdav.cell.name=webdav2882-${host.name}
webdav.redirect.on-read=true
webdav.redirect.on-write=true
webdav.authn.basic=false
webdav.authn.accept-client-cert = true
webdav.authn.require-client-cert = true
webdav.authn.protocol=https
webdav.net.port=2882
webdav.enable.overwrite=true
webdav.allowed.client.origins = https://dcacheview.grid.surfsara.nl:22882
webdav.loginbroker.tags=webdav2882

# Secure WebDAV with X509 (cert) authentication
[webdav2884-${host.name}Domain]
dcache.java.options.extra = \
    -Djava.security.properties=/etc/dcache/maximum.java.security \
    -Djdk.tls.ephemeralDHKeySize=2048
[webdav2884-${host.name}Domain/webdav]
webdav.cell.name=webdav2884-${host.name}
webdav.redirect.on-read=false
webdav.redirect.on-write=false
webdav.authn.basic=false
webdav.authn.accept-client-cert = true
webdav.authn.require-client-cert = true
webdav.authn.protocol=https
webdav.net.port=2884
webdav.enable.overwrite=true
webdav.allowed.client.origins = https://dcacheview.grid.surfsara.nl:22884
webdav.loginbroker.tags=webdav2884

I log in to the dCacheView on port 22880 (username/password) and go to a file; then I try to download the file but dCacheView says "TypeError: Request failed with response status code 404." In the Firefox browser console I can see this error:

XHR GET https://dcacheview.grid.surfsara.nl:22881/scripts/tasks/undefined

The "undefined" looks similar to #231.

We're running 6.0.29.

@paulmillar
Copy link
Member

I'm actually just discovering a similar problem for a dCache instance here at DESY.

The cause is that dCacheView has a hard-coded tag it uses to selected WebDAV doors: dcache-view. You currently cannot change this.

Only if there are no doors with this tag (and that have a door-root path of /) then dCacheView will uses the URL from the configuration property frontend.static!dcache-view.endpoints.webdav.

If that configuration property isn't defined then it uses the same endpoint as frontend, but with port 2880.

So, currently the only way to have different dCacheView / frontend target different WebDAV endpoints is to make sure the dcache-view tag isn't defined anywhere and to configure the frontend.static!dcache-view.endpoints.webdav configuration property.

@paulmillar paulmillar self-assigned this Apr 9, 2021
@onnozweers
Copy link
Contributor Author

Hi Paul, thanks for your reply.

Then I must have misunderstood this property:

# ---- Login subscription tags (doors are filtered on this basis)
#
frontend.protocols.tags=

Or is it not fully implemented yet?

And I thought I had removed the "dcache-view" tag from all WebDAV doors, but I guess I must have missed some. I'll check.

Cheers,
Onno

@paulmillar
Copy link
Member

The frontend.protocols.tags is the list of tags that the frontend uses when advertising itself.

We don't have a property to say which tag frontend will use to select webdav doors -- that's really the problem :-(

@onnozweers
Copy link
Contributor Author

It appears I had removed all the "dcache-view" tags after all:

    453         Tags             : [cdmi, glue, srm, storage-descriptor]
      1         Tags             : [webdav2880]
      1         Tags             : [webdav2881]
      1         Tags             : [webdav2882]
      1         Tags             : [webdav2884]

Assuming it's still "dcache-view".

So then the frontend.static!dcache-view.endpoints.webdav values should be used, which would be OK, if it worked.

@paulmillar
Copy link
Member

I did a little digging and although Femi fixed #231 in dCacheView, there was no release of dCacheView with that bug-fix, and therefore no fix in dCache.

I've another couple of fixes that are also ready to go into dCache (#244 & #245). These are also committed.

I plan to do a release of dCacheView now and request dCache is updated to use that new version. That new version dCacheView (that would come along with a new version of dCache) may be sufficient to get something working, albeit not in a great way.

I'll also try to fix #251 and #252, which should make handling multiple frontend/dCacheView instances easier to deploy.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants