- Install opendiamond-server
- Optionally install python-paste
- Copy cookie signing public keys to a local file, f.i. /home/diamond/.diamond/CERTS
- Edit .diamond/diamond_config and add the following,
DATAROOT /path/to/diamond/files INDEXDIR /path/to/diamond/indexes CACHEDIR /path/to/diamond/cache CERTFILE /home/diamond/.diamond/CERTS SERVERID fully.qualified.domain.name
DATAROOT and INDEXDIR are used by the dataretriever. CERTFILE refers to the file containing public keys of signers we want to accept a ScopeCookie from. The SERVERID is optional and only needed if adiskd is unable to resolve it's own name as used in the scope cookie.
- Run the dataretriever and adiskd,
dataretriever -d adiskd
- If you have a scope server, copy the public certificate to ~/.diamond/CERTS. If this is your first Diamond server and do not want to set up a scope server yet, you should generate a self-signed certificate to make it possible to sign your own scope cookies.
certtool --generate-privkey --outfile ~/.diamond/key.pem certtool --generate-self-signed --load-privkey ~/.diamond/key.pem --outfile ~/diamond/CERTS
It does not matter much what you fill in, as long as the expiration date is sufficiently far in the future.
- Now we can create a scope cookie that when passed to the client will allow adiskd to retrieve the list of objects. This is very dependent on which dataretriever backend is used. The 'classic' diamond_store backend reads a file in INDEXDIR that lists path names relative to DATAROOT. The filename if this index file should start with GIDIDX and is followed by 16 (hexadecimal) characters. By default, the dataretriever returns this list of objects when accessed by adiskd as http://localhost:5873/collection/XXXXXXXXXXXXXXXX, where the X's match the GIDIDX filename.
A cookie that does not expire for at about 3 years which accesses files listed in index file INDEXDIR/GIDIDX0000000000000000, would be generated as follows,
echo http://127.0.0.1:5873/collection/0000000000000000 | cookiecutter -v -e 100000000 -s <servername>
