Presentation is loading. Please wait.

Presentation is loading. Please wait.

Rucio & objectstores James Perry.

Published byประสงค์ ติณสูลานนท์ Modified over 5 years ago

Similar presentations

Presentation on theme: "Rucio & objectstores James Perry."— Presentation transcript:

1 Rucio & objectstores James Perry

2 Rationale Cloud-style objectstores are becoming increasingly popular for data storage Amazon S3 OpenStack Swift Google Cloud Platform Existing Rucio support for objectstores had limitations: AWS S3 support required clients to store objectstore credentials OpenStack Swift not properly supported at all Google Cloud Platform included URL signing support in Rucio core But only used for downloads Code was untidy with hacks, pseudo-protocols, special casing, etc.

3 S3 download in Rucio (old method)
Client Objectstore Credentials Data file Credentials

4 Signed URLs Objectstores support signed URLs (TempUrls in Swift)
URL, operation (GET, PUT, DELETE) and expiry time are cryptographically signed with a secret key Server checks the URL signature and enforces operation and time restrictions Can be generated offline (at least in Swift and in newest version of S3) Instead of giving objectstore credentials to clients, keep them on the Rucio server and have the server generate signed URLs for the clients

5 Upload and download: completed
Added URL signing for S3 and Swift to Rucio core Alongside existing GCP implementation Downloads worked immediately Rucio already signs the URLs returned by list_replicas when required Added support for uploading to signed URLs Required new Rucio API endpoint to get signed URL for file that does not yet exist More complicated than downloads because (e.g.) checksums and existence checks cannot be performed on signed PUT URL

6 S3 download in Rucio (new method)
Rucio Server Request Credentials Signed URL Credentials Client Objectstore Signed URL Data file

7 Deletion: completed URL signing code already added to core supported DELETE operation Added a call to sign URL when required to Rucio’s reaper daemon A bug in underlying GFAL2 library prevented this from working It performed a stat on the URL, not allowed on URL signed for DELETE operations Fixed in GFAL

8 3rd party transfers (delegated to FTS)
Rucio uses FTS3 for all 3rd party (RSE-to-RSE) transfers Signed URLS are not used for this Technically possible but undesirable as it could result in leakage of signed URLs Instead, FTS holds the objectstore credentials and performs authentication itself

9 Code clean up (in progress)
Legacy objectstore code is being removed from Rucio Fits well with core Rucio team’s current focus

10 Future Plans Event Service Auditing Dynafed
Check that URL signing performs well enough for heavy usage by the Event Service Auditing Check that the existing Rucio auditing code works with objectstores and make any changes necessary Dynafed Can be used to make objectstores appear more like traditional grid storage systems Check that it works properly with Rucio Already in progress at CERN Take advantage of objectstores fully, don’t just use as file systems Store DUNE events as objects Could implement a QoS prototype using them

Download ppt "Rucio & objectstores James Perry."

Similar presentations

Creating HIPAA-Compliant Medical Data Applications with Amazon Web Services Presented by, Tulika Srivastava Purdue University.

Creating HIPAA-Compliant Medical Data Applications with Amazon Web Services Presented by, Tulika Srivastava Purdue University.
Chronopolis: Preserving Our Digital Heritage David Minor UC San Diego San Diego Supercomputer Center.

Chronopolis: Preserving Our Digital Heritage David Minor UC San Diego San Diego Supercomputer Center.
It’s always better live. MSDN Events Security Best Practices Part 2 of 2 Reducing Vulnerabilities using Visual Studio 2008.

It’s always better live. MSDN Events Security Best Practices Part 2 of 2 Reducing Vulnerabilities using Visual Studio 2008.
Computer Science 162 Section 1 CS162 Teaching Staff.

Computer Science 162 Section 1 CS162 Teaching Staff.
OmStore Cloud API Harshit Agarwal Sohil Habib. About Us ●We are graduate students at CMU ●Currently at CMU Silicon Valley campus ●Working part time with.

OmStore Cloud API Harshit Agarwal Sohil Habib. About Us ●We are graduate students at CMU ●Currently at CMU Silicon Valley campus ●Working part time with.
Staging to CAF + User groups + fairshare Jan Fiete Grosse-Oetringhaus, CERN PH/ALICE Offline week, 08.04.08.

Staging to CAF + User groups + fairshare Jan Fiete Grosse-Oetringhaus, CERN PH/ALICE Offline week,
Wolfgang Schneider NSI: A Client-Server-Model for PKI Services.

Wolfgang Schneider NSI: A Client-Server-Model for PKI Services.
COMMUNICATION Team 5 ADIL KHAN. COMMUNICATION Team 5 COMMUNICATION PROVIDER Two Modules Comprise the CommunicationProvider SmilTransporter CloudDataProvider.

COMMUNICATION Team 5 ADIL KHAN. COMMUNICATION Team 5 COMMUNICATION PROVIDER Two Modules Comprise the CommunicationProvider SmilTransporter CloudDataProvider.
ATLAS DQ2 Deletion Service D.A. Oleynik, A.S. Petrosyan, V. Garonne, S. Campana (on behalf of the ATLAS Collaboration)

ATLAS DQ2 Deletion Service D.A. Oleynik, A.S. Petrosyan, V. Garonne, S. Campana (on behalf of the ATLAS Collaboration)
Don Quijote Data Management for the ATLAS Automatic Production System Miguel Branco – CERN ATC

Don Quijote Data Management for the ATLAS Automatic Production System Miguel Branco – CERN ATC
| nectar.org.au NECTAR TRAINING Module 10 Beyond the Dashboard.

| nectar.org.au NECTAR TRAINING Module 10 Beyond the Dashboard.
Secure Credential Manager Claes Nilsson - Sony Ericsson 2009-12-15.

Secure Credential Manager Claes Nilsson - Sony Ericsson
Robert Lyon  Design Review  November 11, 2011.

Robert Lyon  Design Review  November 11, 2011.
Δ Storage Middleware GridPP10 What’s new since GridPP9? CERN, 02-04 June 2004.

Δ Storage Middleware GridPP10 What’s new since GridPP9? CERN, June 2004.
Placeholder ES 1 CERN IT Experiment Support group Authentication and Authorization (AAI) issues concerning Storage Systems and Data Access Pre-GDB, 2013-02-12.

Placeholder ES 1 CERN IT Experiment Support group Authentication and Authorization (AAI) issues concerning Storage Systems and Data Access Pre-GDB,
Legion - A Grid OS. Object Model Everything is object Core objects - processing resource– host object - stable storage - vault object - definition of.

Legion - A Grid OS. Object Model Everything is object Core objects - processing resource– host object - stable storage - vault object - definition of.
 Registry itself is easy and straightforward in implementation  The objects of registry are actually complicated to store and manage  Objects of Registry.

 Registry itself is easy and straightforward in implementation  The objects of registry are actually complicated to store and manage  Objects of Registry.
Unified Cloud Storage Navneet Joshi, Apoorva Gupta, Gurinder Pal Singh Today there are a number of cloud storage services (Dropbox, Google drive, Box).

Unified Cloud Storage Navneet Joshi, Apoorva Gupta, Gurinder Pal Singh Today there are a number of cloud storage services (Dropbox, Google drive, Box).
WebFTS File Transfer Web Interface for FTS3 Andrea Manzi On behalf of the FTS team Workshop on Cloud Services for File Synchronisation and Sharing.

WebFTS File Transfer Web Interface for FTS3 Andrea Manzi On behalf of the FTS team Workshop on Cloud Services for File Synchronisation and Sharing.
Web Server Design Week 15 Old Dominion University Department of Computer Science CS 495/595 Spring 2010 Martin Klein 4/21/10.

Web Server Design Week 15 Old Dominion University Department of Computer Science CS 495/595 Spring 2010 Martin Klein 4/21/10.

Similar presentations

Ads by Google