Setting Up iRODS with GridFTP using B2STAGE-GridFTP

I was asked to set up a reference implementation of iRODS using the B2STAGE-GridFTP data storage interface (DSI). This blog entry explains the steps used to set up and test this implementation. This was set up using the instructions at


I set up two Ubuntu 14.04 virtual machines on an internal network. These are:


Each of these servers could resolve the fully qualified domain name of the other.

I also installed iRODS 4.1.7 on This included the following packages:

  • irods-database-plugin-postgres-1.7-ubuntu14-x86_64.deb
  • irods-dev-4.1.7-ubuntu14-x86_64.deb
  • irods-icat-4.1.7-ubuntu14-x86_64.deb
  • irods-runtime-4.1.7-ubuntu14-x86_64.deb

Refer to for iRODS installation instructions.

Installing Necessary Packages

Run the following commands on to install the packages that we will be using:

Run the following on

Building and Configuring the iRODS GridFTP Data Storage Interface (DSI)

The following instructions should be performed on

First we need to clone the B2STAGE-GridFTP repository.

Next we will get ready to build the iRODS DSI. We will put the output files in /iRODS_DSI.

Edit and change the contents to:

Now build the iRODS DSI:

Next we need to edit /etc/gridftp.conf (as root) and add the following lines to the end.

Now we need to preload the GridFTP server library alongside the DSI library. Edit (as root) /etc/init.d/globus-gridftp-server and add the following lines to the start:

We also need to change the iRODS default hash scheme. As the user irods, update /etc/irods/server_config.json and change the following line:



We will be running the GridFTP server in the root account. Add the file /root/.irods/irods_environment.json with the following contents:

Run iinit and enter the password for the rods user.

Note: If you run iinit without first creating the irods_environment.json file, iRODS will not ask you for the default resource and this variable will not be set. This will cause unexpected failures. If this is done, edit irods_environment.json and add in the irods_default_resource.

Creating Certificates

We are finished with the setup of the iRODS DSI. However, to test this configuration we need to create certificates on the client and server.

Create and Installing Certficate Authority using SimpleCA

We need to create a certificate authority to sign are certificates. We will use SimpleCA for this purpose.

On, create the CA by running:

Next create an deb package for this certificate authority.

Install the package on

Note: Replace the ffffffff with the hexadecimal digits specific to your .deb file.

This will install the certificates into /etc/grid-security/certificates.

Update both /etc/grid-security/certificates/globus-host-ssl.conf.ffffffff (as root) and ~/.globus/simpleCA/grid-ca-ssl.conf and set the policy to “policy_anything”.



Edit /etc/grid-security/certificates/ffffffff.signing_policy cond_subjects to ‘”*”‘:


Copy the globus-simple-ca-ffffffff_0.0_all.deb file to the client, install this package on the client, and update the /etc/grid-security/certificates/ffffffff.signing_policy cond_subjects to ‘”*””.

Copy the certificate authority files to ~/.globus:

Creating and Signing the Certificates

Perform the following commands to create the private key and generate a certificate signing request:

Sign the newly created certificate:

*Note: Use the password you used when creating the certificate authority.*

Install the certificates on The certificates should be owned by root since the GridFTP server is run by root.

Copy hostcert.pem and hostkey.pem into the user’s home directory on Run the following commands to install these certificates and set the permissions:

Mapping the Certificate’s Subject Name to iRODS User

Run the following command to get the subject name from the certificate:

On, create the file /etc/grid-security/grid-mapfile and add the subject mapping to the user irods. The following is an example of the contents of this file. Replace the part inside the quotes with the subject name returned from the previous command.

Running the GridFTP Server

Run the GridFTP server using the following command:


Testing the GridFTP Connection

On the server, create a 1GB random file:

Put this file into iRODS.

Now let’s test retrieving this file from

Remove the file from iRODS and let’s try to put it from to iRODS:

Performance Comparison

The following table shows a comparison of getting a putting the 10 MB file between the client and server using native iRODS transport and GridFTP.

Protocol Get Time Put Time
GridFTP 18.5 s 16 s
iRODS CLI 23.5 s 16 s