CloudStor is an AARNet developed and supported service that enables AARNet customers and the wider community to quickly and securely sync, share and store files using the high-speed AARNet network.
The Nectar Research Cloud offers a helper command called cloudstor-setup for users who wish to make their CloudStor storage available on their Nectar virtual machine. It walks you though the setup procedure, and mounts your CloudStor storage to /cloudstor within your instance.
There is also a CloudStor tutorial available to show you how to setup CloudStor on your virtual machine. Please go to the Nectar Tutorial website.
When logged into your Nectar virtual machine, start the setup by typing cloudstor-setup at the command prompt, which will begin the setup. This command is available on Nectar official images, build after 2018-10-10. See the table below for more information.
The cloudstor-setup command will prompt you for your CloudStor username and password. For this, we recommend you generate an App password specifically for your VM. Using an app password will allow you to selectively remove a single password if you need to. You can do this from the CloudStor Security settings page.
Type in a name (a good choice is the name of your Nectar VM), and then click the Create new app password button. Copy the username and password generated, and enter it into the cloudstor-setup command when prompted.
Under the hood the cloudstor-setup command uses software called davfs2 to connect to your AARNet CloudStor account.
You should now be able to work with your CloudStor data at /cloudstor (sic) on your virtual machine.
The cloudstor-setup command is available in Nectar official images built after 2018-10-10. This table lists the the first image builds that include the command.
|NeCTAR CentOS 6
|NeCTAR CentOS 7
|NeCTAR Debian 8 (Jessie)
|NeCTAR Debian 9 (Stretch)
|NeCTAR Fedora 28
|NeCTAR Ubuntu 16.04 LTS (Xenial)
|NeCTAR Ubuntu 18.04 LTS (Bionic)
|NeCTAR Ubuntu 18.10 (Cosmic)
Usage information for cloudstor-setup
The normal way to use the cloudstor-setup command is to supply no arguments. It will then prompt for the CloudStor credentials as explained above. There are some optional arguments:
-h - print command usage information
-u <username> - provide the CloudStore user / account name
-p <password> - provide the CloudStore user / account name
-c - perform cleanup instead of mounting the share. The cleanup will unmount the share and delete the mount point directory (assuming it is mounted in the standard place). It will also remove the mount details from /etc/fstab and remove stored Cloudstor credentials. Warning: cleanup removes Cloudstore configuration information for all users, not just configurations that you set up; see "limitations" below.
Limitations of cloudstor-setup
The cloudstor-setup command provided in Nectar images is designed for the following use-case:
- Only one user's CloudStor share is mounted at a time on the VM.
- The CloudStore user can run cloudstor-setup using a Linux account with full "sudo" access.
- No users have setup CloudStor mounts on the VM in other ways. (For example, the "-c" option assumes that only this script has been adding CloudStor mounts to "/etc/fstab" and updating the secrets file.)
For more complicated use-cases, we recommend that VM system administrators treat the script as an example, and either do the CloudStor setup by hand, or using their VM configuration automation.
Note that the cloudstor-setup script is not deployed from a package repo, so there is no good way for us to push updates to it.
Your choice of CloudStor password
AARNET Cloudstor is secured using a password. Our recommendation is that you use an App Password that Cloudstor can generate for you on the CloudStor Security Settings page. If you prefer to choose your own Cloudstor password, make sure you read our password recommendations.
The CloudStor credentials are stored on your VM
The cloudstor-setup command will store your CloudStor username and password in a file on your VM. If you share your VM with other users and they have administrator access, they will be able to find the credentials.
Access to mounted CloudStor share while it is mounted
Any user who shares your Linux account on the VM, or who has an account with administrator access will be able to access your CloudStor data while the share is mounted.
Snapshotting your CloudStor-connected instance
If you snapshot your VM while a CloudStor mount is configured by cloudstor-setup, the credentials will become part of the snapshot. If you subsequently share the snapshot with another user, you are also sharing the credentials, and this other user will have access to your CloudStor data.
General Nectar Security info
You should practice good security around your VM. Nectar documentation has information about good security practice in a number of articles. Search them here