NFSRODS v1.0.0
June 9-11, 2020
User Group Meeting
Virtual Conference
Kory Draughn
korydraughn@renci.org
Software Developer, iRODS Consortium
NFSRODS v1.0.0
NFSRODS v0.8.0 - Authorization Model
NFSRODS - What's changed since v0.8.0?
NFSRODS v1.0.0 - Authorization Model
NFSRODS - Enabling SSL/TLS
$ cat /home/ubuntu/nfsrods_config/server.json { "irods_client": {
"ssl_negotiation_policy": "CS_NEG_REQUIRE" } }
1. NFSRODS Configuration (shaved down for conciseness):
Could also be set to CS_NEG_DONT_CARE.
2. Launch the NFSRODS Docker container with your SSL certificate:
$ docker run -d --name nfsrods \ -p 3000:2049 \ -v /home/ubuntu/nfsrods_config:/nfsrods_config:ro \ -v /etc/passwd:/etc/passwd:ro \ -v /<full/path/to/certificate.crt>:/nfsrods_ssl.crt:ro \ irods/nfsrods:latest
NFSRODS - Enabling sssd
$ docker run -d --name nfsrods \ -p 3000:2049 \ -v /home/ubuntu/nfsrods_config:/nfsrods_config:ro \ -v /var/lib/sss:/var/lib/sss \ irods/nfsrods:latest
Launch the NFSRODS Docker container with the sssd socket:
Thanks to Jonathon Anderson, NFSRODS can use sssd to resolve users and groups as an alternative to /etc/passwd.
Enables support for LDAP and Active Directory.
NFSRODS - Future Work
Questions?