Windows 用户为 Neurodesk 配置 CVMFS 失败可能遇到的问题及解决方案

目录

• Download
• Configuration
  • 配置公钥
  • 挂载仓库并测试
  • 如果这里你都正常输出，没有出现我遇到的问题，不用往下看了，你完成了配置部分
  • 配置代理
    • 是否因为/etc/cvmfs/default.local没有被 root 读取
    • showconfig 默认只列出“仓库级”配置
    • 验证代理本身能否访问所有 url
    • 查看 autofs 服务状态
• 总结

Download

Neurodesk Doc

sudo apt-get install lsb-release
wget https://ecsft.cern.ch/dist/cvmfs/cvmfs-release/cvmfs-release-latest_all.deb
sudo dpkg -i cvmfs-release-latest_all.deb
rm -f cvmfs-release-latest_all.deb
sudo apt-get update
sudo apt-get install build-essential
sudo apt-get install cvmfs

Configuration

配置公钥

逐块粘贴以下内容：

# 为 CVMFS 创建密钥存放目录，为 `ardc.edu.au` 域名相关的仓库准备公钥的位置
sudo mkdir -p /etc/cvmfs/keys/ardc.edu.au/

# 写入公钥
echo "-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwUPEmxDp217SAtZxaBep
Bi2TQcLoh5AJ//HSIz68ypjOGFjwExGlHb95Frhu1SpcH5OASbV+jJ60oEBLi3sD
qA6rGYt9kVi90lWvEjQnhBkPb0uWcp1gNqQAUocybCzHvoiG3fUzAe259CrK09qR
pX8sZhgK3eHlfx4ycyMiIQeg66AHlgVCJ2fKa6fl1vnh6adJEPULmn6vZnevvUke
I6U1VcYTKm5dPMrOlY/fGimKlyWvivzVv1laa5TAR2Dt4CfdQncOz+rkXmWjLjkD
87WMiTgtKybsmMLb2yCGSgLSArlSWhbMA0MaZSzAwE9PJKCCMvTANo5644zc8jBe
NQIDAQAB
-----END PUBLIC KEY-----" | sudo tee /etc/cvmfs/keys/ardc.edu.au/neurodesk.ardc.edu.au.pub

# 配置仓库参数文件
echo "CVMFS_USE_GEOAPI=yes" | sudo tee /etc/cvmfs/config.d/neurodesk.ardc.edu.au.conf

echo 'CVMFS_SERVER_URL="http://cvmfs-geoproximity.neurodesk.org/cvmfs/@fqrn@;http://cvmfs.neurodesk.org/cvmfs/@fqrn@;http://s1osggoc-cvmfs.openhtc.io:8080/cvmfs/@fqrn@;http://s1fnal-cvmfs.openhtc.io:8080/cvmfs/@fqrn@;http://s1sampa-cvmfs.openhtc.io:8080/cvmfs/@fqrn@;http://s1brisbane-cvmfs.openhtc.io/cvmfs/@fqrn@;http://s1nikhef-cvmfs.openhtc.io/cvmfs/@fqrn@;http://s1bnl-cvmfs.openhtc.io/cvmfs/@fqrn@;http://s1perth-cvmfs.openhtc.io/cvmfs/@fqrn@"' | sudo tee -a /etc/cvmfs/config.d/neurodesk.ardc.edu.au.conf 

echo 'CVMFS_KEYS_DIR="/etc/cvmfs/keys/ardc.edu.au/"' | sudo tee -a /etc/cvmfs/config.d/neurodesk.ardc.edu.au.conf

# 设置默认行为
echo "CVMFS_HTTP_PROXY=DIRECT" | sudo tee  /etc/cvmfs/default.local
echo "CVMFS_QUOTA_LIMIT=5000" | sudo tee -a  /etc/cvmfs/default.local

# 初始化配置
sudo cvmfs_config setup

Ubuntu 24.04 might have an issue with this, so try installing dependies manually:

• 在ubuntu系统中安装指定版本的两个底层库，解决CVMFS兼容性、依赖问题

  sudo apt install libattr1=1:2.5.2-1build1 libuuid1=2.39.3-9ubuntu6
  

  • libattr1=1:2.5.2-1build1 安装 libattr1 的指定版本，用于处理 Linux 文件系统中的扩展属性（extended attributes）
  • libuuid1=2.39.3-9ubuntu6 安装 libuuid1 的指定版本，提供了生成和解析 UUID（通用唯一识别码）的功能，很多系统服务和文件系统都依赖它。

挂载仓库并测试

这里并不会自动挂载仓库，需要显式挂载仓库

sudo mount -t cvmfs neurodesk.ardc.edu.au /cvmfs/neurodesk.ardc.edu.au

• 执行下面的测试命令也会进行挂载

检查环境设置：

$ sudo cvmfs_config wsl2_start        # run for new WSL session

$ sudo cvmfs_config chksetup         # 检查环境设置

$ ls /cvmfs/neurodesk.ardc.edu.au
# 这里可能无输出，说明挂载失败

$ sudo cvmfs_talk -i neurodesk.ardc.edu.au host info
ls: cannot access '/cvmfs/neurodesk.ardc.edu.au': No such file or directory
ls: cannot access 'host': No such file or directory 
ls: cannot access 'info': No such file or directory
# 实锤挂载失败

$ cvmfs_config stat -v neurodesk.ardc.edu.au

$ sudo mount -t cvmfs neurodesk.ugr.es /cvmfs/neurodesk.ugr.es
# 如果看到挂载点下文件系统成功加载，并且包含 neurodesk 软件目录，说明一切配置就绪

# 测试挂载
sudo mount -t cvmfs neurodesk.ardc.edu.au /cvmfs/neurodesk.ardc.edu.au
ls /cvmfs/neurodesk.ardc.edu.au/containers

• 能正常列出 containers 目录即成功

如果这里你都正常输出，没有出现我遇到的问题，不用往下看了，你完成了配置部分

挂载失败的可能原因：

• ❌ 网络被墙或被代理屏蔽（CVMFS 默认通过 HTTP 获取内容）
• ❌ 公钥文件路径错误或格式不对
• ❌ 没有执行 mount 命令
• ❌ Ubuntu 版本不兼容（如你提到的 libssl 问题）

这里我收到的提示：

$ sudo cvmfs_talk -i neurodesk.ardc.edu.au host info
 cvmfs_talk -i neurodesk.ardc.edu.au host probe
cvmfs_config stat -v neurodesk.ardc.edu.au
sudo cvmfs_talk -i neurodesk.ardc.edu.au host probe
cvmfs_config stat -v neurodesk.ardc.edu.au
Seems like CernVM-FS is not running in /var/lib/cvmfs/shared (not found: /var/lib/cvmfs/shared/cvmfs_io.neurodesk.ardc.edu.au)

$ sudo cvmfs_talk -i neurodesk.ardc.edu.au host info
Seems like CernVM-FS is not running in /var/lib/cvmfs/shared (not found: /var/lib/cvmfs/shared/cvmfs_io.neurodesk.ardc.edu.au)

$ cd /etc/cvmfs/keys/ardc.edu.au
:/etc/cvmfs/keys/ardc.edu.au$ ls
neurodesk.ardc.edu.au.pub

• 挂载失败，没有创建目录

之后尝试Neurodesk中提到的 [A temporary workaround]

$ wget https://mirror.umd.edu/ubuntu/ubuntu/pool/main/o/openssl/libssl1.1_1.1.1f-1ubuntu2.15_amd64.deb
--2025-08-05 10:08:39--  https://mirror.umd.edu/ubuntu/ubuntu/pool/main/o/openssl/libssl1.1_1.1.1f-1ubuntu2.15_amd64.deb
Resolving mirror.umd.edu (mirror.umd.edu)... 128.8.207.141
Connecting to mirror.umd.edu (mirror.umd.edu)|128.8.207.141|:443... connected.
Unable to establish SSL connection.

• libssl1.1 安装失败

当时猜测可能没有显式挂载导致没出现对应目录 cvmfs/ardc.edu.au，于是

$ sudo mount -t cvmfs neurodesk.ardc.edu.au /cvmfs/neurodesk.ardc.edu.au
CVMFS_HTTP_PROXY required

• 说明 CVMFS 并未从任何地方读到有效的 CVMFS_HTTP_PROXY 设置。于是暂时不管SSL，在 [Neurodesk开发者文档] 指导下配置代理

配置代理

/etc/cvmfs/default.local 中含有代理信息，默认为：

CVMFS_HTTP_PROXY=DIRECT

表示 CVMFS 客户端将直接连接网络，不通过任何 HTTP 代理来访问远程仓库，适用：

• 网络没有代理限制；
• 可以直接访问 CVMFS 镜像服务器；
• 测试或本地实验环境。

可以增加一些常见配置项到 default.local，提升稳定性和性能：

CVMFS_CACHE_BASE=/var/cache/cvmfs      # 缓存目录（默认就是这里）
CVMFS_QUOTA_LIMIT=10000                # 缓存最大空间（单位：MB）
CVMFS_REPOSITORIES=neurodesk.ugr.es    # 默认仓库（也可单独配置）

这些配置项有时候放在每个仓库的 .local 文件中（例如 /etc/cvmfs/config.d/neurodesk.ugr.es.local），这样可以单独控制每个仓库的行为。

主要参考 [Neurodesk开发者文档]

sudo apt install -y squid

# 打开 `squid.conf` 文件，写入以下内容后关闭
$ sudo vi /etc/squid/squid.conf

• 写入部分文件需要root权限，sudo vi，写入后 :wq!

# List of local IP addresses (separate IPs and/or CIDR notation) allowed to access your local proxy
#acl local_nodes src YOUR_CLIENT_IPS

# Destination domains that are allowed
acl stratum_ones dstdomain .neurodesk.org .openhtc.io .cern.ch .gridpp.rl.ac.uk .opensciencegrid.org

# Squid port
http_port 3128

# Deny access to anything which is not part of our stratum_ones ACL.
http_access allow stratum_ones

# Only allow access from our local machines
#http_access allow local_nodes
http_access allow localhost

# Finally, deny all other access to this proxy
http_access deny all

minimum_expiry_time 0
maximum_object_size 1024 MB

cache_mem 128 MB
maximum_object_size_in_memory 128 KB
# 5 GB disk cache
cache_dir ufs /var/spool/squid 5000 16 256

接着

sudo squid -k parse

sudo systemctl start squid

sudo systemctl enable squid

sudo systemctl status squid

sudo systemctl restart squid

改写配置文件

sudo vi /etc/cvmfs/default.local

写入代理：

CVMFS_HTTP_PROXY=http://proxy-address:3128

• 这一行不要有多余的引号或空格，文件末尾不要留有windows换行符（是的不要保留官方文档中的引号，用我这个）

• 写入 .local 文件中，不要写到可执行脚本中

• 修改后，执行：

  sudo cvmfs_config setup       # 第一次设置
  sudo cvmfs_config reload      # 修改配置后刷新
  

然而依旧提示 CVMFS_HTTP_PROXY required ，没用，排查原因：

是否因为/etc/cvmfs/default.local没有被 root 读取

sudo cvmfs_config showconfig | grep HTTP_PROXY

• 如果看不到 CVMFS_HTTP_PROXY=http://proxy-address:3128 ，说明 root 环境下并未加载该值。

# 确认内容无格式问题，权限正确
$ sudo cat /etc/cvmfs/default.local
CVMFS_HTTP_PROXY=http://proxy-address:3128
# 说明写入代理没问题

# 重新加载
sudo cvmfs_config reload

哈哈，又出问题了

$ sudo cvmfs_config showconfig
# 没有任何输出捏，继续排查

showconfig 默认只列出“仓库级”配置

cvmfs_config showconfig 在无参数情况下，只打印为某个仓库加载的配置，不会展示全局（global）参数。

• 如果没指定某个仓库名，或者该仓库根本没被注册，showconfig 就什么都不输出。
• 默认文件中（即 /etc/cvmfs/default.local 中）需要定义要挂载的仓库列表，再次 sudo vi 改写其中内容，加上仓库列表：

  CVMFS_REPOSITORIES=neurodesk.ardc.edu.au
  CVMFS_HTTP_PROXY=http://proxy-address:3128
  

• 接着测试是否顺利加载：

  sudo cvmfs_config reload
  sudo cvmfs_config showconfig neurodesk.ardc.edu.au | grep HTTP_PROXY
  
  $ sudo cvmfs_config showconfig neurodesk.ardc.edu.au | grep HTTP_PROXY
  CVMFS_EXTERNAL_HTTP_PROXY=
  CVMFS_HTTP_PROXY=http://proxy-address:3128    # from /etc/cvmfs/default.local
  
  $ sudo cvmfs_talk -i neurodesk.ardc.edu.au proxy info
  Seems like CernVM-FS is not running in /var/lib/cvmfs/shared (not found: /var/lib/cvmfs/shared/cvmfs_io.neurodesk.ardc.edu.au)
  
  $ sudo cvmfs_config wsl2_start
  [WSL2] automounter already running
  
  $ sudo cvmfs_config chksetup
  Warning: failed to access http://cvmfs-geoproximity.neurodesk.org/cvmfs/neurodesk.ardc.edu.au/.cvmfspublished through proxy http://proxy-address:3128
  Warning: failed to use Geo-API with cvmfs-geoproximity.neurodesk.org
  Warning: failed to access http://cvmfs.neurodesk.org/cvmfs/neurodesk.ardc.edu.au/.cvmfspublished through proxy http://proxy-address:3128
  Warning: failed to use Geo-API with cvmfs.neurodesk.org
  Warning: failed to access http://s1osggoc-cvmfs.openhtc.io:8080/cvmfs/neurodesk.ardc.edu.au/.cvmfspublished through proxy http://proxy-address:3128
  Warning: failed to use Geo-API with s1osggoc-cvmfs.openhtc.io
  Warning: failed to access http://s1fnal-cvmfs.openhtc.io:8080/cvmfs/neurodesk.ardc.edu.au/.cvmfspublished through proxy http://proxy-address:3128
  Warning: failed to use Geo-API with s1fnal-cvmfs.openhtc.io
  Warning: failed to access http://s1sampa-cvmfs.openhtc.io:8080/cvmfs/neurodesk.ardc.edu.au/.cvmfspublished through proxy http://proxy-address:3128
  Warning: failed to use Geo-API with s1sampa-cvmfs.openhtc.io
  Warning: failed to access http://s1brisbane-cvmfs.openhtc.io/cvmfs/neurodesk.ardc.edu.au/.cvmfspublished through proxy http://proxy-address:3128
  Warning: failed to use Geo-API with s1brisbane-cvmfs.openhtc.io
  Warning: failed to access http://s1nikhef-cvmfs.openhtc.io/cvmfs/neurodesk.ardc.edu.au/.cvmfspublished through proxy http://proxy-address:3128
  Warning: failed to use Geo-API with s1nikhef-cvmfs.openhtc.io
  Warning: failed to access http://s1bnl-cvmfs.openhtc.io/cvmfs/neurodesk.ardc.edu.au/.cvmfspublished through proxy http://proxy-address:3128
  Warning: failed to use Geo-API with s1bnl-cvmfs.openhtc.io
  Warning: failed to access http://s1perth-cvmfs.openhtc.io/cvmfs/neurodesk.ardc.edu.au/.cvmfspublished through proxy http://proxy-address:3128
  Warning: failed to use Geo-API with s1perth-cvmfs.openhtc.io
  

  • 说明代理配置生效，但代理本身没放行 http 请求，或网络连接不上

验证代理本身能否访问所有 url

curl -v -x http://proxy-address:3128 \
  http://cvmfs-geoproximity.neurodesk.org/cvmfs/neurodesk.ardc.edu.au/.cvmfspublished

我遇到的问题：

$ curl -v -x http://proxy-address:3128 \
>   http://cvmfs-geoproximity.neurodesk.org/cvmfs/neurodesk.ardc.edu.au/.cvmfspublished
* Could not resolve proxy: proxy-address
* Closing connection
curl: (5) Could not resolve proxy: proxy-address

$ sudo cvmfs_talk -i neurodesk.ardc.edu.au proxy info
Seems like CernVM-FS is not running in /var/lib/cvmfs/shared (not found: /var/lib/cvmfs/shared/cvmfs_io.neurodesk.ardc.edu.au)

查看 autofs 服务状态

sudo service autofs status

我遇到的：

$ ls -ld /cvmfs
drwxr-xr-x 3 root root 0 Aug  5 11:14 /cvmfs

$ sudo service autofs status
● autofs.service - Automounts filesystems on demand
     Loaded: loaded (/usr/lib/systemd/system/autofs.service; enabled; preset: enabled)     Active: active (running) since Tue 2025-08-05 09:41:37 CST; 1h 36min ago
       Docs: man:autofs(8)
   Main PID: 615 (automount)
      Tasks: 22 (limit: 19015)
     Memory: 36.6M (peak: 53.3M)
        CPU: 3.862s
     CGroup: /system.slice/autofs.service
             ├─ 615 /usr/sbin/automount --pid-file /var/run/autofs.pid
             ├─8023 /usr/bin/cvmfs2 -o rw,system_mount,fsname=cvmfs2,allow_other,grab>             ├─8025 /usr/bin/cvmfs2 __cachemgr__ . 10 11 5242880000 2621440000 1 3 -1>             ├─8029 /usr/bin/cvmfs2 __cachemgr__ . 10 11 5242880000 2621440000 1 3 -1>             └─8033 /usr/bin/cvmfs2 -o rw,system_mount,fsname=cvmfs2,allow_other,grab>
Aug 05 11:13:14 L1303008678 cvmfs2[7995]: (cvmfs-config.cern.ch) (manager 'standard')>Aug 05 11:13:16 L1303008678 cvmfs2[7995]: (cvmfs-config.cern.ch) (manager 'standard')>Aug 05 11:13:16 L1303008678 cvmfs2[7995]: (cvmfs-config.cern.ch) (manager 'external')>Aug 05 11:13:18 L1303008678 cvmfs2[7995]: (cvmfs-config.cern.ch) CernVM-FS: linking />Aug 05 11:13:18 L1303008678 cvmfs2[8054]: (neurodesk.ardc.edu.au) failed to open publ>Aug 05 11:13:18 L1303008678 cvmfs2[8054]: (neurodesk.ardc.edu.au) failed to load publ>Aug 05 11:13:18 L1303008678 cvmfs2[8054]: (neurodesk.ardc.edu.au) CernVM-FS: unmounte>Aug 05 11:14:21 L1303008678 cvmfs2[8446]: (neurodesk.ardc.edu.au) failed to open publ>Aug 05 11:14:21 L1303008678 cvmfs2[8446]: (neurodesk.ardc.edu.au) failed to load publ>Aug 05 11:14:21 L1303008678 cvmfs2[8446]: (neurodesk.ardc.edu.au) CernVM-FS: unmounte> 

# 验证配置项与文件权限, 确认仓库级配置已生效
$ sudo cat /etc/cvmfs/config.d/neurodesk.ardc.edu.au.conf
CVMFS_USE_GEOAPI=yes
CVMFS_SERVER_URL="http://cvmfs-geoproximity.neurodesk.org/cvmfs/@fqrn@;http://cvmfs.neurodesk.org/cvmfs/@fqrn@;http://s1osggoc-cvmfs.openhtc.io:8080/cvmfs/@fqrn@;http://s1fnal-cvmfs.openhtc.io:8080/cvmfs/@fqrn@;http://s1sampa-cvmfs.openhtc.io:8080/cvmfs/@fqrn@;http://s1brisbane-cvmfs.openhtc.io/cvmfs/@fqrn@;http://s1nikhef-cvmfs.openhtc.io/cvmfs/@fqrn@;http://s1bnl-cvmfs.openhtc.io/cvmfs/@fqrn@;http://s1perth-cvmfs.openhtc.io/cvmfs/@fqrn@"
CVMFS_KEYS_DIR="/etc/cvmfs/keys/ardc.edu.au/"
# 这里没有问题

# 确认公钥文件确实存在且可读
$ ls -l /etc/cvmfs/keys/ardc.edu.au/neurodesk.ardc.edu.au.pub
-rw------- 1 root root 451 Aug  5 11:05 /etc/cvmfs/keys/ardc.edu.au/neurodesk.ardc.edu.au.pub
# 说明公钥文件权限过于严格，只有root用户可读

# 查询运行时配置
$ sudo cvmfs_talk -i neurodesk.ardc.edu.au config show
do cvmfs_talk -i neurodesk.ardc.edu.au server list
$ sudo cvmfs_talk -i neurodesk.ardc.edu.au server list
Seems like CernVM-FS is not running in /var/lib/cvmfs/shared (not found: /var/lib/cvmfs/shared/cvmfs_io.neurodesk.ardc.edu.au)
   

• 找到原因，公钥文件权限过于严格，而 CVMFS 的 cache manager（通常运行在 cvmfs 或其他非 root 帐号下）无法读取公钥，就会报 “failed to open public key” 并立刻卸载。
• 把该 .pub 文件及其父目录的权限放宽到：
  • 目录 /etc/cvmfs/keys/ardc.edu.au
  • 公钥文件

    $ sudo chmod 755 /etc/cvmfs/keys/ardc.edu.au
    $ sudo chmod 644 /etc/cvmfs/keys/ardc.edu.au/neurodesk.ardc.edu.au.pub
    

• 重启自动挂载

$ sudo cvmfs_config reload

$ ls -l /etc/cvmfs/keys/ardc.edu.au/neurodesk.ardc.edu.au.pub
-rw-r--r-- 1 root root 451 Aug  5 11:05 /etc/cvmfs/keys/ardc.edu.au/neurodesk.ardc.edu.au.pub

$ sudo cvmfs_config chksetup
urodesk.ardc.edu.au

$ ls /cvmfs/neurodesk.ardc.edu.au
OK

• 说明问题解决，此时：

$ ls /cvmfs/neurodesk.ardc.edu.au
containers  neurocommand  neurodesk-modules  neurodesktop

$ sudo cvmfs_talk -i neurodesk.ardc.edu.au host info
  [0] http://s1brisbane-cvmfs.openhtc.io/cvmfs/neurodesk.ardc.edu.au (geographically ordered)
  [1] http://s1perth-cvmfs.openhtc.io/cvmfs/neurodesk.ardc.edu.au (geographically ordered)
  [2] http://s1nikhef-cvmfs.openhtc.io/cvmfs/neurodesk.ardc.edu.au (geographically ordered)
  [3] http://s1osggoc-cvmfs.openhtc.io:8080/cvmfs/neurodesk.ardc.edu.au (geographically ordered)
  [4] http://cvmfs.neurodesk.org/cvmfs/neurodesk.ardc.edu.au (geographically ordered)
  [5] http://cvmfs-geoproximity.neurodesk.org/cvmfs/neurodesk.ardc.edu.au (geographically ordered)
  [6] http://s1fnal-cvmfs.openhtc.io:8080/cvmfs/neurodesk.ardc.edu.au (geographically ordered)
  [7] http://s1bnl-cvmfs.openhtc.io/cvmfs/neurodesk.ardc.edu.au (geographically ordered)
  [8] http://s1sampa-cvmfs.openhtc.io:8080/cvmfs/neurodesk.ardc.edu.au (geographically ordered)
Active host 0: http://s1brisbane-cvmfs.openhtc.io/cvmfs/neurodesk.ardc.edu.au

$ cvmfs_config stat -v neurodesk.ardc.edu.au
Version: 2.13.1.0
PID: 15167
Uptime: 1 minutes
Memory Usage: 24800k
File Catalog Revision: 21161 (expires in 2 minutes)
File Catalog ID: 561a642be37610fd0a1574e769d40b988cb1ea51
No. Active File Catalogs: 1
Cache Usage: 34803k / 5120001k
File Descriptor Usage: 0 / 130560
No. Open Directories: 0
No. IO Errors: 0
Connection: http://cvmfs-geoproximity.neurodesk.org/cvmfs/neurodesk.ardc.edu.au through proxy DIRECT (online)
Usage: 0 open() calls (hitrate 0.000%), 3 opendir() calls
Transfer Statistics: 3607k read, avg. speed: 311k/s

总结

1. 代理设置问题
2. 公钥权限问题
   如果发现新的问题或者解决方案，欢迎交流补充