Post-Deployment Steps¶
1. Post-Deployment iRODS¶
Gain Access to the Host and Switch to the iRODS Admin User¶
ssh <irods_user>@IRODS.HOST
sudo su - irods
Create iRODS Account for de-irods¶
To create the user de-irods and set the password:
iadmin mkuser de-irods rodsadmin
iadmin moduser de-irods password DE_USER_PASSWORD
Add de-irods to the rodsadmin Group¶
Add the user de-irods to the rodsadmin group:
iadmin atg rodsadmin de-irods
Grant Ownership of /TUG/home/shared to rodsadmin¶
Ensure that rodsadmin owns the specified directory:
ichmod own rodsadmin /TUG/home/shared
Grant Read Access to Public¶
Grant public read access to the home and shared directories:
ichmod read public /TUG/home
ichmod read public /TUG/home/shared
Grant icat_reader
Database Permissions¶
To grant the icat_reader
user the necessary database permissions, run the following SQL command:
--- \c ICAT
GRANT SELECT, INSERT, UPDATE, DELETE ON ALL TABLES IN SCHEMA "public" TO icat_reader;
2. Post-Deployment DE(Discovery Environment)¶
Create iRODS Account for portal¶
To create the user portal and set the password:
iadmin mkuser portal rodsadmin
iadmin moduser portal password PORTAL_PASSWORD
Add portal to the rodsadmin Group¶
Add the portal user to the rodsadmin group:
iadmin atg rodsadmin portal
Add User to Admin Group (LDAP)¶
Follow these steps to add an existing user to the de-admins group in LDAP.
Step 1: Create a LDIF File to Add the User¶
Create an LDIF file named add-de_admins.ldif
to add a user to the de-admins
LDAP group. Replace YOUR_USER_NAME
with the actual username of the user you want to add.
dn: cn=de_admins,ou=Groups,dc=tugraz,dc=at
changetype: modify
add: memberuid
memberuid: YOUR_USER_NAME
Step 2: Run the LDAP Modify Command¶
Run the following command to apply the changes and add the user to the LDAP group:
read -s PASSWORD && export PASSWORD
ldapmodify -x -D "cn=Manager,dc=tugraz,dc=at" -w $PASSWORD -f add-de_admins.ldif
✅ Create Anonymous User Workspace for Apps¶
Ensure that your LDAP configuration includes an anonymous
user and that this user is added to the everyone
group.
🐳 Run a Temporary Debian Container in Your Namespace¶
kubectl -n $NAMESPACE run testing \
--rm -it \
--image=debian:stable-slim \
-- bash
Install curl
Inside the Container¶
apt-get update && apt-get install curl
Trigger Workspace Creation for the Anonymous User¶
curl "http://apps/bootstrap?user=anonymous"
User Provisioning: iRODS + LDAP¶
This guide explains how to create a new user in both iRODS and OpenLDAP, including group membership and password setup.
1. Create iRODS User Account¶
Run the following commands as an iRODS administrator:
iadmin mkuser user01 rodsuser
iadmin moduser user01 password PASSWORD
user01
with the type rodsuser
and sets the password to PASSWORD
.
2. Create LDAP User Account¶
Step 1: Create an LDIF file for the new user¶
Example: testuser.ldif
dn: uid=user01,ou=People,dc=tugraz,dc=at
objectClass: inetOrgPerson
objectClass: posixAccount
objectClass: shadowAccount
uid: user01
uidNumber: 40005
gidNumber: 10009
homeDirectory: /home/user01
mail: user01@cyverse.at
sn: surname
givenName: Test
cn: Test Surname
title: University/College Staff
o: Graz University of Technology
Step 2: Add the user to LDAP¶
ldapadd -x -D "cn=Manager,dc=tugraz,dc=at" -w "$MANAGER_PASSWORD" -f testuser.ldif
3. Set LDAP Password for the User¶
ldappasswd -x \
-D "cn=Manager,dc=tugraz,dc=at" \
-w "$MANAGER_PASSWORD" \
-s "PASSWORD" \
"uid=user01,ou=People,dc=tugraz,dc=at"
4. Add User to everyone Group¶
Step 1: Create an LDIF file for group modification¶
Example: add-everyone.ldif
dn: cn=everyone,ou=Groups,dc=tugraz,dc=at
changetype: modify
add: memberuid
memberuid: user01
Step 2: Apply the group modification¶
ldapmodify -x -D "cn=Manager,dc=tugraz,dc=at" -w "$MANAGER_PASSWORD" -f add-everyone.ldif
5. Add User to community Group¶
Step 1: Create an LDIF file for group modification¶
Example: add-community.ldif
dn: cn=community,ou=Groups,dc=tugraz,dc=at
changetype: modify
add: memberuid
memberUid: user01
Step 2: Apply the group modification¶
ldapmodify -x -D "cn=Manager,dc=tugraz,dc=at" -w "$MANAGER_PASSWORD" -f add-community.ldif