StoRM Storage Resource Manager - Storage Area configuration examples

Back to How-To

Storage Area configuration examples

From StoRM 1.11.x versions new configurations have been introduced for Storage Areas. It’s possible to configure a Storage Area readable and/or writable from anonymous users, not associate a particular VO, or set filters on the x509 subject’s fields. These are some configuration examples of a Storage Area:

1. Storage Area readable from anonymous
2. Storage Area readable and writable from anonymous
3. Storage Area readable and writable with a valid x509 certificate

1. Storage Area readable from anonymous

To define a storage area test-sa readable and writable from any anonymous user add/modify the following YAIM variables like follows:

# list of VOs
VOS="test-vo"

# list of enabled Storage Areas
STORAGE_AREA_LIST="test-sa"

# test-sa configuration
STORM_TESTSA_VONAME="test-vo"
STORM_TESTSA_ANONYMOUS_HTTP_READ=true

To test this configuration, if you have a StoRM GridHTTPs server enabled (see Enable StoRM GridHTTPs on a standalone deployment), and file.txt exists and it’s located in the root directory of the storage area, you can simply open a browser or do a curl to the address:

http://<storm-gridhttps-server-hostname>:8085/webdav/test-sa/file.txt

and see the file content. The storm-gridhttps-server-hostname is the Backend hostname in case of a standalone deployment.

2. Storage Area readable and writable from anonymous

To define a storage area test-sa for the VO test-vo as:

writable only from test-vo valid users
readable from anononymous users

add/modify the following YAIM variables like follows:

# list of enabled Storage Areas
STORAGE_AREA_LIST="test-sa"

# test-sa configuration
STORM_TESTSA_VONAME="*"

The value * for STORM_TESTSA_VONAME is enough to allow read and write operations on test-sa from anonymous users. To test this configuration, if you have a StoRM GridHTTPs server enabled (see Enable StoRM GridHTTPs on a standalone deployment), and file.txt exists and it’s located in the root directory of the storage area, you can simply open a browser or do a curl to the address:

http://<storm-gridhttps-server-hostname>:8085/webdav/test-sa/file.txt

and see the file content. The storm-gridhttps-server-hostname is the Backend hostname in case of a standalone deployment. If you want to write/upload an existent local file localfile.txt do:

curl -T localfile.txt http://<storm-gridhttps-server-hostname>:8085/webdav/test-sa/localfile.txt

3. Storage Area readable and writable with a valid x509 certificate

To define a storage area test-sa as readable and writable only with a particular x509 certificate (or proxy) add/modify the following YAIM variables like follows:

# list of enabled Storage Areas
STORAGE_AREA_LIST="test-sa"

# test-sa configuration
STORM_TESTSA_VONAME="*"
STORM_TESTSA_DN_O_REGEX="IGI"

This is an example of how to set that test-sa is readable and writable only by user that provide a certificate with Organization “IGI”. You can use the variables:

STORM_{SA}_DN_C_REGEX
STORM_{SA}_DN_O_REGEX
STORM_{SA}_DN_OU_REGEX
STORM_{SA}_DN_L_REGEX
STORM_{SA}_DN_CN_REGEX

to make your own DN filter.