Versions Compared

Old Version 1

changes.mady.by.user Sean Fleming

Saved on

compared with

New Version 2

changes.mady.by.user Sean Fleming

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.


Excerpt
hiddentrue

Configuring and running an S3 client

Authentication for Acacia is provided by keypairs which you generate from the Pawsey Portal. An S3 client needs to be configured with this authentication and other details before it can be used to access your accounts on Acacia.

Authenticating

To access Acacia you need user and/or project authentication which comes in the form of keypairs (an Access ID and a Secret Key).  

...

Log in using your Pawsey username and password. Select the ACACIA tab from the top menu and either select MANAGE KEYS or View Keys as highlighted below. 


Image RemovedImage Added


This will show how many access keys you have created and the access ID's for these keys, but only for the account selected by the Storage Name drop down button.

...

Chose Create New Key and an access key pair will be generated and displayed so you can record it. Please note this is your only opportunity to view your Secret Key

Image RemovedImage Added

After you've saved your secret key in a secure location, chose Close.

...

Note
titleClient support
  • The secret key is visible only when you create it, if you don't copy your secret key or if you lose it, you must create a new set of access keys.
  • If you already have five access keys, the Create New Key button is disabled and you must delete an access key before you can create a new one. 
  • For more information on using the Pawsey Portal see /wiki/spaces/AR/pages/54101790.


Configuring

You need to configure an S3 client the first time you use it with the Acacia endpoint (https://projects.pawsey.org.au) and your access keys.

Rclone

You configure Rclone either by creating/editing the configuration file $HOME/.config/rclone/rclone.conf directly or by running the rclone config command which will create the file for you.

...

Code Block
$ mkdir -p $HOME/.config/rclone
$ set +o history   #This command turns off history recording for seccurity reasons (avoid recording of keys in history)
$ tee -a $HOME/.config/rclone/rclone.conf <<EOF

[<storageProfileName>]
type = s3
provider = Ceph
endpoint = https://projects.pawsey.org.au
access_key_id = <accessIDkey>
secret_access_key = <secretKey>   
EOF
$ set –o history    #This command turns on history again

Image RemovedImage Added


Once configured all Rclone commands can be executed as usual in interactive sessions or within Slurm batch scripts from Pawsey clusters. 

...

Warning
titleSecurity

Do not share your credentials with any other user (even within your same project).
Also check that the configuration files are only readable by you, that is, the read and write permissions on those files should only be granted to the owner:

Code Block
$ ls -l $HOME/.config/rclone/rclone.conf
-rw------- 1 user user 2367 Mar 28 15:22 /home/username/.config/rclone/rclone.conf

If instead it looks like this:

Code Block
-rw-rw-r-- 1 user user 2367 Mar 28 15:22 /home/username/.config/rclone/rclone.conf

you need to modify the permissions like so:

Code Block
$ chmod 600 /home/username/.config/rclone/rclone.conf

and check again.

Pshell

When running pshell for the first time you need to run the following commands to add your account and authentication details.

...