Post-Deployment Steps¶

1. Post-Deployment iRODS¶

Gain Access to the Host and Switch to the iRODS Admin User¶

ssh <irods_user>@IRODS.HOST
sudo su - irods

Create iRODS Account for de-irods¶

To create the user de-irods and set the password:

iadmin mkuser de-irods rodsadmin
iadmin moduser de-irods password DE_USER_PASSWORD

Add de-irods to the rodsadmin Group¶

Add the user de-irods to the rodsadmin group:

iadmin atg rodsadmin de-irods

Grant Ownership of /TUG/home/shared to rodsadmin¶

Ensure that rodsadmin owns the specified directory:

ichmod own rodsadmin /TUG/home/shared

Grant Read Access to Public¶

Grant public read access to the home and shared directories:

ichmod read public /TUG/home
ichmod read public /TUG/home/shared

Grant `icat_reader` Database Permissions¶

To grant the icat_reader user the necessary database permissions, run the following SQL command:

--- \c ICAT
GRANT SELECT, INSERT, UPDATE, DELETE ON ALL TABLES IN SCHEMA "public" TO icat_reader;

2. Post-Deployment DE(Discovery Environment)¶

Create iRODS Account for portal¶

To create the user portal and set the password:

iadmin mkuser portal rodsadmin
iadmin moduser portal password PORTAL_PASSWORD

Add portal to the rodsadmin Group¶

Add the portal user to the rodsadmin group:

iadmin atg rodsadmin portal

Add User to Admin Group (LDAP)¶

Follow these steps to add an existing user to the de-admins group in LDAP.

Step 1: Create a LDIF File to Add the User¶

Create an LDIF file named add-de_admins.ldif to add a user to the de-admins LDAP group. Replace YOUR_USER_NAME with the actual username of the user you want to add.

dn: cn=de_admins,ou=Groups,dc=tugraz,dc=at
changetype: modify
add: memberuid
memberuid: YOUR_USER_NAME

Step 2: Run the LDAP Modify Command¶

Run the following command to apply the changes and add the user to the LDAP group:

read -s PASSWORD && export PASSWORD
ldapmodify -x -D "cn=Manager,dc=tugraz,dc=at" -w $PASSWORD -f add-de_admins.ldif

✅ Create Anonymous User Workspace for Apps¶

Ensure that your LDAP configuration includes an anonymous user and that this user is added to the everyone group.

🐳 Run a Temporary Debian Container in Your Namespace¶

kubectl -n $NAMESPACE run testing \
  --rm -it \
  --image=debian:stable-slim \
  -- bash

Install `curl` Inside the Container¶

apt-get update && apt-get install curl

Trigger Workspace Creation for the Anonymous User¶

curl "http://apps/bootstrap?user=anonymous"

User Provisioning: iRODS + LDAP¶

This guide explains how to create a new user in both iRODS and OpenLDAP, including group membership and password setup.

1. Create iRODS User Account¶

Run the following commands as an iRODS administrator:

iadmin mkuser user01 rodsuser
iadmin moduser user01 password PASSWORD

This creates an iRODS user user01 with the type rodsuser and sets the password to PASSWORD.

2. Create LDAP User Account¶

Step 1: Create an LDIF file for the new user¶

Example: testuser.ldif

dn: uid=user01,ou=People,dc=tugraz,dc=at
objectClass: inetOrgPerson
objectClass: posixAccount
objectClass: shadowAccount
uid: user01
uidNumber: 40005
gidNumber: 10009
homeDirectory: /home/user01
mail: user01@cyverse.at
sn: surname
givenName: Test
cn: Test Surname
title: University/College Staff
o: Graz University of Technology

Step 2: Add the user to LDAP¶

ldapadd -x -D "cn=Manager,dc=tugraz,dc=at" -w "$MANAGER_PASSWORD" -f testuser.ldif

3. Set LDAP Password for the User¶

ldappasswd -x \
  -D "cn=Manager,dc=tugraz,dc=at" \
  -w "$MANAGER_PASSWORD" \
  -s "PASSWORD" \
  "uid=user01,ou=People,dc=tugraz,dc=at"

4. Add User to everyone Group¶

Step 1: Create an LDIF file for group modification¶

Example: add-everyone.ldif

dn: cn=everyone,ou=Groups,dc=tugraz,dc=at
changetype: modify
add: memberuid
memberuid: user01

Step 2: Apply the group modification¶

ldapmodify -x -D "cn=Manager,dc=tugraz,dc=at" -w "$MANAGER_PASSWORD" -f add-everyone.ldif

5. Add User to community Group¶

Step 1: Create an LDIF file for group modification¶

Example: add-community.ldif

dn: cn=community,ou=Groups,dc=tugraz,dc=at
changetype: modify
add: memberuid
memberUid: user01

Step 2: Apply the group modification¶

ldapmodify -x -D "cn=Manager,dc=tugraz,dc=at" -w "$MANAGER_PASSWORD" -f add-community.ldif

Post-Deployment Steps¶

1. Post-Deployment iRODS¶

Gain Access to the Host and Switch to the iRODS Admin User¶

Create iRODS Account for de-irods¶

Add de-irods to the rodsadmin Group¶

Grant Ownership of /TUG/home/shared to rodsadmin¶

Grant Read Access to Public¶

Grant icat_reader Database Permissions¶

2. Post-Deployment DE(Discovery Environment)¶

Create iRODS Account for portal¶

Add portal to the rodsadmin Group¶

Add User to Admin Group (LDAP)¶

Step 1: Create a LDIF File to Add the User¶

Step 2: Run the LDAP Modify Command¶

✅ Create Anonymous User Workspace for Apps¶

🐳 Run a Temporary Debian Container in Your Namespace¶

Install curl Inside the Container¶

Trigger Workspace Creation for the Anonymous User¶

User Provisioning: iRODS + LDAP¶

1. Create iRODS User Account¶

2. Create LDAP User Account¶

Step 1: Create an LDIF file for the new user¶

Step 2: Add the user to LDAP¶

3. Set LDAP Password for the User¶

4. Add User to everyone Group¶

Step 1: Create an LDIF file for group modification¶

Step 2: Apply the group modification¶

5. Add User to community Group¶

Step 1: Create an LDIF file for group modification¶

Step 2: Apply the group modification¶

Grant `icat_reader` Database Permissions¶

Install `curl` Inside the Container¶