Supported by the National Science Foundation Collaborator: University of Michigan Collaborator: Michigan State University Collaborator: Wayne State University Collaborator: Indiana University

OSiRIS CephFS and S3 storage is accessible using our Globus endpoints.

The Globus CephFS endpoints are:

osiris@um
osiris@wsu
osiris@msu

All have an identical view of the OSiRIS data on CephFS as you also can see via ssh/scp access

The Globus OSiRIS S3 endpoints are:

osiris-s3rgw@um
osiris-s3rgw@msu
osiris-s3rgw@wsu

You will be able to access data buckets associated with the S3 userid mapped to your CILogon identity. By default every person has an S3 identity which is the same as the username which identifies you for CephFS and ssh login.

If you are planning to access OSiRIS via Globus then you will need to go to cilogon.org and login with any identity provider. It does not have to be the same provider used for OSiRIS (but most likely is).

Send to osiris-help@umich.edu the “Certificate Subject” given to you by CIlogon and request globus access in the email. The subject will resemble this string:

/DC=org/DC=cilogon/O=YourOrg/CN=Your Name A12345

Once we have configured your account for Globus access login and transfer data at globus.org.

Search for ‘osiris’ and you should see our endpoints:

Globus endpoint search

Ignore any endpoints with ‘#’ in the name. They are left for the convenience of some existing users but should not be used going forward.

Globus Permissions and Shares

When you access Globus CephFS endpoints your access is determined by Posix (unix-style) permissions for CephFS. Please look at information about OSiRIS default groups for more details and how to create additional groups for other OSiRIS-enrolled collaborators.

When you access Globus S3 endpoints your access is determined by S3 ACL. By default you have full access to any buckets you create. Allowing others to access them will require setting an ACL. Some examples are included in our S3 documentation

Globus also offers Globus Share functionality where you create a share belonging to your identity and choose to share it with other Globus identities or groups. This is entirely self-managed outside the scope of OSiRIS. Your Globus share has the same effective permissions in OSiRIS as your identity. This is a good option for sharing data with Globus-only users since they do not have to enroll in OSiRIS. It also can very much simplify sharing S3-based data because you do not have to setup ACLs to enable access to your data buckets.

Please be aware that Globus Shares are specific to the endpoint you create them on. You can create a share on all of our endpoints separately. In this case it is recommended to create a Globus group to manage sharing permissions; you can then use the same group for each share.

Globus users have to have an available identity through an organization on CIlogon. If you need to share with someone who is not part of a typical academic institution please point them at Non-Institutional Identity Providers on the Enrollment page. They can establish an identity for CIlogon use and/or OSiRIS enrollment.

The Globus.org website is the best place to learn about Globus shares.

You may want to create Globus groups to more easily manage your sharing permissions.