StoRM WebDAV installation and configuration guide


The StoRM WebDAV service provides a storage management solution supporting VOMS and token-based authorization.

Starting from version 1.1.0, StoRM WebDAV supports third-party WebDAV COPY transfers (see here for technical details) and token-based authorization.

Install the service package

Grap the latest package from the StoRM repository. See instructions here.

Note that storm-webdav is currently supported only on SL6.

yum install storm-webdav

Configure the service with YAIM

StoRM webdav provides minimal support for YAIM.

Minimal example configuration:

## The site name

## List of NTP hosts

## Location of the JVM. Java 7 is required

## Users configuration

## Groups configuration

## Supported VOs.
VOS=" dteam"

## List of storage areas

## Root for the storage area directories

## Enables authenticated read access to the
## storage area to all clients authenticated with a trusted certificate

## Sets the dteam VO as the trusted VO for storage area
## tape

The above configuration will configure two storage areas, and tape. Access to the storage area will be granted to all members of the VO (this is configured by default when the storage area name is identical to the VO name) authenticated with a valid VOMS proxy certificate.

In addition, access is granted to all clients authenticated with a valid X.509 certificate signed by a trusted CA.

Access to the tape storage area is granted to all members of the dteam VO.

To configure the service with yaim, run the following command:

/opt/glite/yaim/bin/yaim -c -s SITEINFO.def -n se_storm_webdav

Service configuration


The storm-webdav service configuration lives in this file. Normally you shouldn’t change anything.

VO mapfiles

When VO map files are enabled, users can authenticate to the StoRM webdav service using the certificate in their browser and be granted VOMS attributes if their subject is listed in one of the supported VO mapfile. You can configure whether users listed in VO map files will be granted read-only or write permissions in the storage area configuration in the /etc/storm/webdav/sa.d directory.

This mechanism is very similar to the traditional Gridmap file but is just used to know whether a given user is registered as a member in a VOMS managed VO and not to map his/her certificate subject to a local unix account.

How to enable VO map files

VO map files support is disabled by default in StoRM WebDAV.

Set STORM_WEBDAV_VO_MAP_FILES_ENABLE=true in /etc/sysconfig/storm-webdav to enable VO map file support.

VO map files format and location

A VO map file is a csv file listing a certificate subject, issuer and email for each line. It can be easily generated for a given VO using the voms-admin command line utility. VO map files by default live in the /etc/storm/webdav/vo-mapfiles.d directory.

For each VO, a file named:


is put in the /etc/storm/webdav/vo-mapfiles.d directory.

VO Map file examples

The file /etc/storm/webdav/vo-mapfiles.d/test.vomap with the following content:

/C=IT/O=INFN/OU=Personal Certificate/L=CNAF/CN=Andrea Ceccanti,/C=IT/O=INFN/CN=INFN CA,
/C=IT/O=INFN/OU=Personal Certificate/L=CNAF/CN=Enrico Vianello,/C=IT/O=INFN/CN=INFN CA,

will grant the test VO membership to clients authenticated with the above subjects.

To generate a VO mapfile for the cms VO, you could run the following command

  voms-admin --host --vo cms list-users > /etc/storm/webdav/vo-mapfiles.d/cms.vomap

Storage area configuration

StoRM WebDAV service configuration lives in the directory /etc/storm/webdav. See the in that dir for more help.

Service operation

Starting and stopping the service

Start the service:

  service storm-webdav start

Stop the service:

  service storm-webdav stop

Check service status:

  service storm-webdav status

Check that the service responds:

# curl http://localhost:8085/status/ping

Print JVM thread stacks:

# curl http://localhost:8085/status/threads
Reference Handler id=2 state=WAITING
    - waiting on <0x519b1696> (a java.lang.ref.Reference$Lock)
    - locked <0x519b1696> (a java.lang.ref.Reference$Lock)
    at java.lang.Object.wait(Native Method)
    at java.lang.Object.wait(
    at java.lang.ref.Reference$

Finalizer id=3 state=WAITING
    - waiting on <0x3c854594> (a java.lang.ref.ReferenceQueue$Lock)
    - locked <0x3c854594> (a java.lang.ref.ReferenceQueue$Lock)
    at java.lang.Object.wait(Native Method)
    at java.lang.ref.ReferenceQueue.remove(
    at java.lang.ref.ReferenceQueue.remove(
    at java.lang.ref.Finalizer$

Signal Dispatcher id=4 state=RUNNABLE

Get service metrics:

# curl http://localhost:8085/status/metrics?pretty=true
  "version" : "3.0.0",
  "gauges" : {
    "jvm.gc.Copy.count" : {
      "value" : 1
    "jvm.gc.Copy.time" : {
      "value" : 29
    "jvm.gc.MarkSweepCompact.count" : {
      "value" : 0
    "jvm.gc.MarkSweepCompact.time" : {
      "value" : 0
    "jvm.memory.heap.committed" : {
      "value" : 259522560
    "jvm.memory.heap.init" : {
      "value" : 268435456
    "jvm.memory.heap.max" : {
      "value" : 518979584

Service logs

The service logs live in the /var/log/storm/webdav directory.

  • storm-webdav-server.log provides the main service log
  • storm-webdav-server-access.log provides an http access log

Access points

By default a storage area named sa is accessible at the URL https://hostname:8443/sa or, if anonymous access is granted, at http://hostname:8085/sa