Native GPFS - via Maxwell
The Core filesystem is mounted on the Maxwell Analysis cluster. This is the fastest available solution for accessing the Core filesystem.
For more information about Maxwell, see Maxwell for Photon Science
SMB - For Windows, macOS and Linux users
For Windows, macOS and Linux users from Office networks, SMB is the recommended way to access the Core filesystem.
Linux desktop users should also access the Core filesystem via SMB, as it does not require any root permissions or configuration on the clients.
This is currently the only way to mount the Core filesystem on a DESY green desktop installation.
Each individual facility or research group has its own share:
|Facility||Path on GPFS||SMB Share Name|
Minimum Protocol Version
The SMB service only allows connections from machines, which implement SMB2 or higher.
SMB2 is available for recent Windows versions (Windows 7 and newer) and modern Linux distributions.
Some Linux tools might need additional configuration options to use SMB2, e.g. smbclient can be forced to use SMB2/3 by setting -m SMB3
Windows 7 EOL
Windows 7 will reach end of life on 2020-01-14, no security updates will be available after that point in time.
Access via SMB from Windows 7 hosts is therefore no longer supported.
See below for a manual on how to access the SMB share by mapping a network drive:
- Start the File Explorer
- Right click on Network and select Map network drive...
- Select the drive letter to which the share will be mapped and enter the share name you want to access
For Windows machines administered by FS-EC, the drive letter U: is recommended.
- The share will be mapped and displayed in This PC, double click on the share to access the data.
- If you want to unmap the share, right click on the share and select Disconnect
3. Confirm that you want to connect to this SMB server
- Open the Files or Nautilus application and click on + Other Locations
- Enter the SMB share prefixed with smb://, backslashes have to be converted to forward slashes
- Enter your DESY Account name and password
- The share has now been mapped and data can be accessed. To unmap the share, click on the eject button
- If you need to access the share from the CLI, look into /run/user/<your numeric userid>/gvfs/<share name>
To display your numeric userid, use the id command.
NFSv4 - For Linux users
While SMB is still the recommended way to access the Core filesystem, certain use-cases require an NFS mount.
For this purpose, an NFSv4 export with and without Kerberos is available.
|Facility||Path on GPFS||NFS Export|
Restricted Mount Access
Access to the NFSv4 exports are either restricted by IP subnet or netgroups from LDAP.
For PETRA III, the following subnets are allowed to mount the Core filesystem with kerberos:
For Special Instruments, the following subnets are allowed to mount the Core filesystem with kerberos:
For FLASH, hosts in the LDAP netgroup a3-flash-core-krb5-hosts are allowed to mount the core filesystem.
To display the hosts, you can use ldapsearch on pal.desy.de: ldapsearch -x cn=a3-flash-core-krb5-hosts
For FS-FLASH-O, hosts in the LDAP netgroup a3-fs-flash-o-core-krb5-hosts are allowed to mount the core filesystem.
To display the hosts, you can use ldapsearch on pal.desy.de: ldapsearch -x cn=a3-fs-flash-o-core-krb5-hosts
Mounting via NFSv4 with Kerberos
Mounting the Core filesystem via Kerberos requires root privileges on the client machine.
mount with krb5
mount -o nfsvers=4.0,sec=krb5,hard <NFS Export> <local mountpoint>
mount -o nfsvers=4.0,sec=krb5,hard asap3.desy.de:/asap3/flash/gpfs /asap3/flash/gpfs
Additional configuration and a kerberos keytab is required on the client machine, the setup for this is out of scope for this documentation.
Due to the nature of Kerberos, access is only possible while you have a valid kerberos ticket. The ticket lifetime is usually limited to 24h. Afterwards, the ticket has to be renewed in order to access the data.
This is usually ok, but cumbersome for long running, non-interactive processes.
Mounting via NFSv4 without Kerberos
Mounting the Core filesystem without Kerberos requires root privileges. Due to the security implications for this type of mount, this must be explicitly requested, as the host will be included in a whitelist.
Please contact FS-EC (email@example.com) in order to be included in the whitelist.
mount without krb5
mount -o nfsvers=4.0,sec=sys,hard <NFS Export> <local mountpoint>
mount -o nfsvers=4.0,sec=sys,hard asap3.desy.de:/asap3/flash/gpfs /asap3/flash/gpfs
Additional configuration is required on the client machine, the setup for this is out of scope for this documentation.