LFC tutorial Jean-Philippe Baud, IT-GT, CERN July 2010.

Slides:

Advertisements

Similar presentations

Data Management Expert Panel. RLS Globus-EDG Replica Location Service u Joint Design in the form of the Giggle architecture u Reference Implementation.

Advertisements

DPM Name Server (DPNS) Namespace Authorization Location of physical files DPM Server Requests queuing and processing Space Management SRM Servers v1.1,

Grid Data Management Assaf Gottlieb - Israeli Grid NA3 Team EGEE is a project funded by the European Union under contract IST EGEE tutorial,

Andrew McNab - EDG Access Control - 14 Jan 2003 EU DataGrid security with GSI and Globus Andrew McNab University of Manchester

GGF Toronto Spitfire A Relational DB Service for the Grid Peter Z. Kunszt European DataGrid Data Management CERN Database Group.

MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration Chapter 7 Configuring File Services in Windows Server 2008.

Understanding Active Directory

(ITI310) SESSIONS : Active Directory By Eng. BASSEM ALSAID.

The LCG File Catalog (LFC) Jean-Philippe Baud – Sophie Lemaitre IT-GD, CERN May 2005.

DPM CCRC - 1 Research and developments DPM status and plans Jean-Philippe Baud.

INFSO-RI Enabling Grids for E-sciencE gLite Data Management Services - Overview Mike Mineter National e-Science Centre, Edinburgh.

VOX Project Status T. Levshina. Talk Overview VOX Status –Registration –Globus callouts/Plug-ins –LRAS –SAZ Collaboration with VOMS EDG team Preparation.

EGEE-III INFSO-RI Enabling Grids for E-sciencE The Medical Data Manager : the components Johan Montagnat, Romain Texier, Tristan.

The LCG File Catalog (LFC) Jean-Philippe Baud – Sophie Lemaitre IT-GD, CERN May 2005.

INFNGrid Constanza Project: Status Report A.Domenici, F.Donno, L.Iannone, G.Pucciani, H.Stockinger CNAF, 6 December 2004 WP3-WP5 FIRB meeting.

INFSO-RI Enabling Grids for E-sciencE AMGA Metadata Server - Metadata Services in gLite (+ ARDA DB Deployment Plans with Experiments)

Enabling Grids for E-sciencE EGEE-III INFSO-RI I. AMGA Overview What is AMGA Metadata Catalogue of EGEE’s gLite 3.1 Middleware Main Feature of.

INFSO-RI Enabling Grids for E-sciencE DPM Administration Jean-Philippe Baud (Sophie Lemaitre)

EGEE-II INFSO-RI Enabling Grids for E-sciencE EGEE middleware: gLite Data Management EGEE Tutorial 23rd APAN Meeting, Manila Jan.

Enabling Grids for E-sciencE Introduction Data Management Jan Just Keijser Nikhef Grid Tutorial, November 2008.

INFSO-RI Enabling Grids for E-sciencE ATLAS DDM Operations - III DPM at T2’s Jiří Chudoba ATLAS meeting, , CNAF.

 CASTORFS web page - CASTOR web site - FUSE web site -

EGEE-II INFSO-RI Enabling Grids for E-sciencE EGEE and gLite are registered trademarks AMGA PHP API Claudio Cherubino INFN - Catania.

Page 1 Active Directory and DNS Lecture 2 Hassan Shuja 09/14/2004.

Light weight Disk Pool Manager experience and future plans Jean-Philippe Baud, IT-GD, CERN September 2005.

INFSO-RI Enabling Grids for E-sciencE gLite Data Management and Interoperability Peter Kunszt (JRA1 DM Cluster) 2 nd EGEE Conference,

EGEE User Forum Data Management session Development of gLite Web Service Based Security Components for the ATLAS Metadata Interface Thomas Doherty GridPP.

INFSO-RI Enabling Grids for E-sciencE Experiences with LFC and comparison with RNS Erwin Laure Jean-Philippe.

DGC Paris WP2 Summary of Discussions and Plans Peter Z. Kunszt And the WP2 team.

INFSO-RI Enabling Grids for E-sciencE Installing a gLite VOMS server Joachim Flammer Integration Team, CERN EMBRACE Tutorial, Clermont-Ferrand.

DPM Python tools Ivan Calvet IT/SDC-ID DPM Workshop 10 th October 2014.

INFSO-RI Enabling Grids for E-sciencE Αthanasia Asiki Computing Systems Laboratory, National Technical.

Managing Data DIRAC Project. Outline  Data management components  Storage Elements  File Catalogs  DIRAC conventions for user data  Data operation.

SEE-GRID-SCI Storage Element Installation and Configuration Branimir Ackovic Institute of Physics Serbia The SEE-GRID-SCI.

INFSO-RI Enabling Grids for E-sciencE Introduction Data Management Ron Trompert SARA Grid Tutorial, September 2007.

Enabling Grids for E-sciencE EGEE-II INFSO-RI Medical Data Manager 1 Dicom retrieval : overview of the DPM One command line to retrieve a file:

Database authentication in CORAL and COOL Database authentication in CORAL and COOL Giacomo Govi Giacomo Govi CERN IT/PSS CERN IT/PSS On behalf of the.

EGEE is a project funded by the European Union under contract IST VO box: Experiment requirements and LCG prototype Operations.

David Adams ATLAS ATLAS distributed data management David Adams BNL February 22, 2005 Database working group ATLAS software workshop.

Last update 29/01/ :01 LCG 1Maria Dimou- cern-it-gd Maria Dimou IT/GD CERN VOMS server deployment LCG Grid Deployment Board

EGEE-II INFSO-RI Enabling Grids for E-sciencE EGEE and gLite are registered trademarks Data management in LCG and EGEE David Smith.

INFSO-RI Enabling Grids for E-sciencE /10/20054th EGEE Conference - Pisa1 gLite Configuration and Deployment Models JRA1 Integration.

EGEE-II INFSO-RI Enabling Grids for E-sciencE EGEE and gLite are registered trademarks gLite Data Management Components Presenter.

INFSO-RI Enabling Grids for E-sciencE SRMv2.2 in DPM Sophie Lemaitre Jean-Philippe.

DGC Paris Spitfire A Relational DB Service for the Grid Leanne Guy Peter Z. Kunszt Gavin McCance William Bell European DataGrid Data Management.

Status of tests in the LCG 3D database testbed Eva Dafonte Pérez LCG Database Deployment and Persistency Workshop.

VOX Project Status T. Levshina. 5/7/2003LCG SEC meetings2 Goals, team and collaborators Purpose: To facilitate the remote participation of US based physicists.

Site Authorization Service Local Resource Authorization Service (VOX Project) Vijay Sekhri Tanya Levshina Fermilab.

LHCC Referees Meeting – 28 June LCG-2 Data Management Planning Ian Bird LHCC Referees Meeting 28 th June 2004.

Replicazione e QoS nella gestione di database grid-oriented Barbara Martelli INFN - CNAF.

EGEE-II INFSO-RI Enabling Grids for E-sciencE Architecture of LHC File Catalog Valeria Ardizzone INFN Catania – EGEE-II NA3/NA4.

The EPIKH Project (Exchange Programme to advance e-Infrastructure Know-How) Algiers, EUMED/Epikh Application Porting Tutorial, 2010/07/04.

Security recommendations DPM Jean-Philippe Baud CERN/IT.

Grid Data Management Assaf Gottlieb Tel-Aviv University assafgot tau.ac.il EGEE is a project funded by the European Union under contract IST

FP6−2004−Infrastructures−6-SSA E-infrastructure shared between Europe and Latin America LFC Server Installation and Configuration.

EGEE-II INFSO-RI Enabling Grids for E-sciencE EGEE and gLite are registered trademarks SE Security Rémi Mollon, Ákos Frohner EGEE'08,

Enabling Grids for E-sciencE INFSO-RI Virtual Ids and VOMS integration DPM supports virual Ids and VOMS : –each user/group is internally mapped.

EGEE Data Management Services

Jean-Philippe Baud, IT-GD, CERN November 2007

Module 1: SQL Server Overview

AuthN and AuthZ in StoRM A short guide

The lightweight Grid-enabled Disk Pool Manager (DPM)

Security and Replication of Metadata with AMGA

LFC Status and Futures INFN T1+T2 Cloud Workshop

Jean-Philippe Baud - Sophie Lemaitre IT-GD, CERN May 2005

Data Management cluster summary

Grid Security M. Jouvin / C. Loomis (LAL-Orsay)

Data services in gLite “s” gLite and LCG.

gLite Data and Metadata Management

INFNGRID Workshop – Bari, Italy, October 2004

Presentation transcript:

LFC tutorial Jean-Philippe Baud, IT-GT, CERN July 2010

LFC tutorial Agenda Introduction DB schema Authentication and authorization Installation Configuration Log files Statistics

LFC tutorial Introduction LFC stands for LCG File Catalogue Development based on lessons learned in DC’s (2004) Fixes performance and scalability problems seen in EDG Catalogs Cursors for large queries Timeouts and retries from the client Provides more features than the EDG Catalogs User exposed transaction API Hierarchical namespace and namespace operations Integrated GSI Authentication + Authorization Access Control Lists (Unix Permissions and POSIX ACLs) Checksums Bulk methods have been added later

LFC tutorial Database schema File Replica Storage File Name Storage Host Symlinks Link Name File Metadata Logical File Name (LFN) GUID System Metadata (Ownership, Size, Checksum, ACL) User Metadata User Defined Metadata

LFC tutorial Database tables (1) CREATE TABLE Cns_file_metadata ( fileid NUMBER, parent_fileid NUMBER, guid CHAR(36), name VARCHAR2(255), filemode NUMBER(6), nlink NUMBER(6), owner_uid NUMBER(6), gid NUMBER(6), filesize NUMBER, atime NUMBER(10), mtime NUMBER(10), ctime NUMBER(10), fileclass NUMBER(5), status CHAR(1), csumtype VARCHAR2(2), csumvalue VARCHAR2(32), acl VARCHAR2(3900));

LFC tutorial Database tables (2) CREATE TABLE Cns_file_replica ( fileid NUMBER, nbaccesses NUMBER, ctime NUMBER(10), atime NUMBER(10), ptime NUMBER(10), ltime NUMBER(10), r_type CHAR(1), status CHAR(1), f_type CHAR(1), setname VARCHAR2(36), poolname VARCHAR2(15), host VARCHAR2(63), fs VARCHAR2(79), sfn VARCHAR2(1103));

LFC tutorial Database tables (3) CREATE TABLE Cns_groupinfo ( gid NUMBER(10), groupname VARCHAR2(255), banned NUMBER(10)); CREATE TABLE Cns_userinfo ( userid NUMBER(10), username VARCHAR2(255), banned NUMBER(10));

LFC tutorial Relationships between tables GUID Xxxxxx-xxxx-xxx-xxx- System Metadata “size” => “cksum_type” => “MD5” “cksum” => “yy-yy-yy” Symlink /grid/dteam/mydir/mylink Replica srm://host.example.com/foo/bar host.example.com Replica srm://host.example.com/foo/bar host.example.com Replica srm://host.example.com/foo/bar host.example.com Replica srm://host.example.com/foo/bar host.example.com Symlink /grid/dteam/mydir/mylink Symlink /grid/dteam/mydir/mylink LFN /grid/dteam/dir1/dir2/file1.root

LFC tutorial Implementation Client-server model Multi-threaded server Server use a pool of threads Each thread has its own DB connection (max 99 threads) Proprietary socket interface (Posix-like) Server well decoupled from the database backend Allow to support easily different backends: Oracle, MySQL, PostgreSQL Portable code Runs on Linux (SL and Debian), OpenSolaris and MacOSx Packages exist for SLC4, SL5, Debian 5 and OpenSolaris

LFC tutorial Client interfaces Command Line Interface (Unix-like) lfc-mkdir, lfc-ls … C API (Posix) lfc_mkdir, lfc_opendir … Python and Perl modules

LFC tutorial Namespace operations All names are in a hierarchical namespace mkdir(), opendir(), etc… Also chdir() GUID attached to every directory and file

LFC tutorial Bulk methods Avoid problems with long round-trip times Examples: lfc_getreplicas: get replicas for a list of guids lfc_getreplicasl: get replicas for a list of lfns lfc_delfilesbyguid: delete files by guids lfc_delfilesbyname: delete files by name lfc_delfilesbypattern: delete files by pattern lfc_registerfiles: register files with replicas or new replicas

LFC tutorial Authentication and authorization The service has security built-in: GSI or Kerberos 5 The entries in the name space can be protected by Posix Access Control Lists All privileged operations can only be done with a Host Certificate on a trusted host VOMS integration: groups, sub-groups and roles are supported

LFC tutorial VOMS integration (1) DNs are mapped to virtual UIDs: the virtual uid is created on the fly the first time the system receives a request for this DN (no pool account) VOMS FQANs (groups, sub-groups and roles) are mapped to virtual GIDs, also created on the fly when first received A given user may have one DN and several FQANs, so a given user may be mapped to one UID and several GIDs Authorization in name space is done using primary and secondary groups File group ownership is using the primary group

LFC tutorial VOMS integration (2) Support for normal proxies and VOMS proxies Integration with CSEC (socket interface) and CGSI (soap services) Administrative tools are provided to manually update the DB mapping table if necessary To create VO groups in advance To keep same uid when DN changes To get same uid for a DN and a Kerberos principal

LFC tutorial Access Control Lists LFC support Posix ACLs based on Virtual Ids Access Control Lists on files and directories Default Access Control Lists on directories: they are inherited by the sub-directories and files under the directory Example lfc-mkdir /grid/dteam/jpb lfc-setacl -m d:u::7,d:g::7,d:o:5 /grid/dteam/jpb lfc-getacl /grid/dteam/jpb # file: /grid/dteam/jpb # owner: /C=CH/O=CERN/OU=GRID/CN=Jean-Philippe Baud 7183 # group: dteam user::rwx group::r-x #effective:r-x other::r-x default:user::rwx default:group::rwx default:other::r-x

LFC tutorial Deployment LFC can be deployed as Central catalogue Local catalogue Replica of central catalogue Replication uses Oracle STREAMS

LFC tutorial Installation Port to be opened: 5010/tcp Install host certificate on the server host /etc/grid-security/hostcert.pem /etc/grid-security/hostkey.pem /etc/grid-security/lfcmgr/lfccert.pem /etc/grid-security/lfcmgr/lfckey.pem Install /opt/lcg/etc/lcgdm-mapfile Install *.lsc files in /etc/grid-security/vomsdir

LFC tutorial Configuration 3 methods can be used: Yaim Quattor Manual /etc/sysconfig/lfcdaemon RUN_READONLY=“no” RUN_DISABLEAUTOVIDS="no“ ALLOW_COREDUMP="yes“ (recommended) NB_THREADS=20 (default, but should be 60 for large VOs) ORACLE_HOME /opt/lcg/etc/NSCONFIG

LFC tutorial LOGS 02/11 09:16: Cns_serv: started (LFC ) 02/11 11:12: ,0 Cns_srv_lstat: NS092 - lstat request by /DC=ch/DC=cern/OU=Organic Units/OU=Users/CN=baud/CN=373165/CN=Jean-Philippe Baud (101,106) from lxb7994.cern.ch 02/11 11:12: ,0 Cns_srv_lstat: NS098 - lstat 0 / 02/11 11:12: ,0 Cns_srv_lstat: returns 0

LFC tutorial Statistics LFC installed at 60 sites LFC used by tens of VOs, including ATLAS and LHCb

LFC tutorial Monitoring Check the maximum number of threads in use Check that a file entry can be listed Check that an entry can be created or modified Look for authentication errors (“Csec” messages) Look for DB errors (“ORA” errors if the backend is Oracle). Most of the DB errors are recovered thru internal retries. Look for procdirreq, procsessreq and proctransreq errors

LFC tutorial Documentation and support eStatus