 |
 |
Hi, Jean-Yves Nief wrote: > hello Fabrizio, > > yes I was interested of ssh tunnel usage through the > redirector. > but ssh tunnelling to a Xrootd data server has already been used > successfully so far by an experiment (for some remote interactive > analysis in ROOT where performances are not an issue in their case). Well, in that case you have to setup many static tunnels and be sure that they do not go away. In this case you can use only 1 tunnel for everything, since it is managed by using the socks4 protocol. > so it would be good to also use that in the ROOT framework. But I guess > that recompiling the XTNetFile library would not be enough in that case > as there are these extra options to give in the case of the xrd copy you > give below. Yes, at this point you can use only xrdcp, the test program and the command line interface. But the additions to TXNetFile are quite trivial, I hope they will be in root quite soon. Fabrizio > thanks, > JY > > > Fabrizio Furano wrote: >> Hi JY and Chris, >> >> I remember that, at some point (if I remember correctly) you have >> been interested in the possibility of communicating with an xrootd >> server through ssh tunnels. Since this was one of the latest commits, >> if you want to give a try to it, it's there (in the head). >> Basically it's an implementation of the SOCKS4 protocol in XrdClient. >> What follows is an example of how to use it. >> >> I suppose that I want to access the file >> >> root://kanolb-a.slac.stanford.edu//store/SP/R14/000993/run4/14.4.0c/SP_000993_002423.02E.root >> >> >> into my laptop in Padova. We know that the kanga cluster at slac is >> not accessible from outside (at least not from here). Here is a >> trivial example of how to do it using a SOCKS4 ssh tunnel and xrdcp. >> >> Step 1: Tunnel localhost-->noric02 mapping the local port 8080 through >> SOCKS4 >> >> fabrizio@dhcp-61 15:20:32 ~>ssh -D 8080 [log in to unmask] >> >> Step 2: in another window... >> >> fabrizio@dhcp-61>xrdcp -d 2 -DISocks4Port 8080 -DSSocks4Server >> 127.0.0.1 >> root://kanolb-a.slac.stanford.edu//store/SP/R14/000993/run4/14.4.0c/SP_000993_002423.02E.root >> ~fabrizio/ >> >> and the copy should be ok. >> ... if you want to shut it up, remove the "-d 2" parameter. >> Well, from Europe you will note that the data xfer rate is very low. >> This will hopefully change in December, when we finish implementing >> the multistream stuff. >> >> Please note that the parameter Socks4Server does not understand names >> yet, but IP addresses only. >> Another thing that made me crazy. Typically the ssh-tunnelled port >> (8080 in the example) is only available from localhost. To override >> this and make it visible also from other hosts, you have to use the >> "-g" switch (for older ssh) or specify */8080 (in the more recent >> releases of ssh). >> >> Any comment? >> Fabrizio >>