Scitokens and XRootD
- requesting access to the token generator
- Put in a service now ticket to scientific computing, with user name and the token access being requested.
- Tokens are gluex: read, write and eic: read, write
- once access is granted tokens can be generated using the htgettoken command
- command is available on the ifarm systems and the osg submit hosts
- format is: htgettoken -a htvault.jlab.org -i jlab -r <token>
- <token> can be either eic or gluex
- the command will provide a web link, copy and paste that link into a browser window on your system.
- select "Thomas Jefferson National Accelerator Facility" from the dropdown and then use your cue user name and password to log in
- the command will then generate the vault toke (/tmp/vt_<user pid>) and the bearer token (/var/run/user/<user pid>/bt_<user pid>
- Status of your token can be checked using the httokendecode command
- using "httokendecode -H" prints out the token with the dates in a human readable format.
- Using the token
- the token is used automatically by the xrootd commands xrdfs and xrdcp
- xrdfs can be used to perform operations like ls and mkdir (use man xrdfs for full details)
- format is
- xrdfs <name of dtn system> <command> /<token name>/path
- xrdc is used to copy files over xrootd
- the format is
- xrdcp source destination
- use xroots://<name of dtn>//<token>/path to designate the xrootd server
- for example to copy a file from local /tmp to an xrootd server:
- xrdcp /tmp/file xroots://dtn-test.jlab.org//gluex/directory