CERN VRE Rucio JupyterLab extension configuration
The Rucio JupyterLab extension is installed in most of the CERN VRE environments and allows any VRE user to access, explore and trigger replicas within the ESCAPE Data Lake content.
Default Authentication - OIDC
tokens
By default the extension is configured to use OIDC
tokens as the default authentication type.
Whenever a user logs into the VRE, the JupyterHub
deployment exchanges an access token with the the ESCAPE INDIGO IAM service, authenticating the user to the ESCAPE Rucio instance.
Therefore, the user does not need to re-authenticate when accessing the JupyterLab environment, and can start using the Rucio JupyterLab extension and/or the interact with Rucio via the CLI.
Check that the authentication was successful by opening a Terminal
window and typing
rucio whoami
ESCAPE OIDC access tokens have been configured with a lifetime of 2 hours.
If you think that your Jupyter session has been opened for more than 2h, or you cannot further access the Rucio instance, please close and restart your session by clicking on the File
tab:
File
> Hub Control Panel
> Stop My Server
> Start My Server
.
Authenticate via x509
Proxy certificates
The Rucio JupyterLab extension also allows x509
certificates to authenticate to the ESCAPE Rucio instance. The first thing you will need to do is setup the proper access permission on the certificate and key, and then run the voms-proxy-init
command to create a valid proxy.
chmod 644 ~/.globus/usercert.pem
chmod 400 ~/.globus/userkey.pem
voms-proxy-init --cert ~/.globus/usercert.pem --key ~/.globus/userkey.pem --voms escape -out <OUTPUT_FILENAME_AND_PATH>
To run the voms-proxy-init
command you must first upload your userkey.pem
and usercet.pem
to your Jupyter session.
You can upload these files using the Upload Files
icon on the File Browser tab of the JupyterLab session.
To configure the extension to use x509
Proxy certificates :
- Access the VRE and open the Rucio JupyterLab tab.
- Click on the settings icon (⚙️), on the right of the
Explore
andNotebook
tabs. - Use the different dropdown menus to select the
Authentication
method and select theX.509 Proxy Certificate
. - Chose the path to the proxy in the
Proxy file path
field. - Add your Rucio account in the
Account
field. - Click on the
Save Settings
, change to theExplore
tab and start using the extension.
You can click on the Show Advance Setting
and Purge Cache
to erase any saved configuration in case the extension shows the following message:
Authentication error. Perhaps you set an invalid credential?