Presentation is loading. Please wait.

Presentation is loading. Please wait.

LFC tutorial Jean-Philippe Baud, IT-GT, CERN July 2010.

Published byTodd Moore Modified over 9 years ago

Similar presentations

Presentation on theme: "LFC tutorial Jean-Philippe Baud, IT-GT, CERN July 2010."— Presentation transcript:

1 LFC tutorial Jean-Philippe Baud, IT-GT, CERN July 2010

2 LFC tutorial Agenda Introduction DB schema Authentication and authorization Installation Configuration Log files Statistics

3 LFC tutorial Introduction LFC stands for LCG File Catalogue Development based on lessons learned in DC’s (2004) Fixes performance and scalability problems seen in EDG Catalogs Cursors for large queries Timeouts and retries from the client Provides more features than the EDG Catalogs User exposed transaction API Hierarchical namespace and namespace operations Integrated GSI Authentication + Authorization Access Control Lists (Unix Permissions and POSIX ACLs) Checksums Bulk methods have been added later

4 LFC tutorial Database schema File Replica Storage File Name Storage Host Symlinks Link Name File Metadata Logical File Name (LFN) GUID System Metadata (Ownership, Size, Checksum, ACL) User Metadata User Defined Metadata

5 LFC tutorial Database tables (1) CREATE TABLE Cns_file_metadata ( fileid NUMBER, parent_fileid NUMBER, guid CHAR(36), name VARCHAR2(255), filemode NUMBER(6), nlink NUMBER(6), owner_uid NUMBER(6), gid NUMBER(6), filesize NUMBER, atime NUMBER(10), mtime NUMBER(10), ctime NUMBER(10), fileclass NUMBER(5), status CHAR(1), csumtype VARCHAR2(2), csumvalue VARCHAR2(32), acl VARCHAR2(3900));

6 LFC tutorial Database tables (2) CREATE TABLE Cns_file_replica ( fileid NUMBER, nbaccesses NUMBER, ctime NUMBER(10), atime NUMBER(10), ptime NUMBER(10), ltime NUMBER(10), r_type CHAR(1), status CHAR(1), f_type CHAR(1), setname VARCHAR2(36), poolname VARCHAR2(15), host VARCHAR2(63), fs VARCHAR2(79), sfn VARCHAR2(1103));

7 LFC tutorial Database tables (3) CREATE TABLE Cns_groupinfo ( gid NUMBER(10), groupname VARCHAR2(255), banned NUMBER(10)); CREATE TABLE Cns_userinfo ( userid NUMBER(10), username VARCHAR2(255), banned NUMBER(10));

8 LFC tutorial Relationships between tables GUID Xxxxxx-xxxx-xxx-xxx- System Metadata “size” => 10234 “cksum_type” => “MD5” “cksum” => “yy-yy-yy” Symlink /grid/dteam/mydir/mylink Replica srm://host.example.com/foo/bar host.example.com Replica srm://host.example.com/foo/bar host.example.com Replica srm://host.example.com/foo/bar host.example.com Replica srm://host.example.com/foo/bar host.example.com Symlink /grid/dteam/mydir/mylink Symlink /grid/dteam/mydir/mylink LFN /grid/dteam/dir1/dir2/file1.root

9 LFC tutorial Implementation Client-server model Multi-threaded server Server use a pool of threads Each thread has its own DB connection (max 99 threads) Proprietary socket interface (Posix-like) Server well decoupled from the database backend Allow to support easily different backends: Oracle, MySQL, PostgreSQL Portable code Runs on Linux (SL and Debian), OpenSolaris and MacOSx Packages exist for SLC4, SL5, Debian 5 and OpenSolaris

10 LFC tutorial Client interfaces Command Line Interface (Unix-like) lfc-mkdir, lfc-ls … C API (Posix) lfc_mkdir, lfc_opendir … Python and Perl modules

11 LFC tutorial Namespace operations All names are in a hierarchical namespace mkdir(), opendir(), etc… Also chdir() GUID attached to every directory and file

12 LFC tutorial Bulk methods Avoid problems with long round-trip times Examples: lfc_getreplicas: get replicas for a list of guids lfc_getreplicasl: get replicas for a list of lfns lfc_delfilesbyguid: delete files by guids lfc_delfilesbyname: delete files by name lfc_delfilesbypattern: delete files by pattern lfc_registerfiles: register files with replicas or new replicas

13 LFC tutorial Authentication and authorization The service has security built-in: GSI or Kerberos 5 The entries in the name space can be protected by Posix Access Control Lists All privileged operations can only be done with a Host Certificate on a trusted host VOMS integration: groups, sub-groups and roles are supported

14 LFC tutorial VOMS integration (1) DNs are mapped to virtual UIDs: the virtual uid is created on the fly the first time the system receives a request for this DN (no pool account) VOMS FQANs (groups, sub-groups and roles) are mapped to virtual GIDs, also created on the fly when first received A given user may have one DN and several FQANs, so a given user may be mapped to one UID and several GIDs Authorization in name space is done using primary and secondary groups File group ownership is using the primary group

15 LFC tutorial VOMS integration (2) Support for normal proxies and VOMS proxies Integration with CSEC (socket interface) and CGSI (soap services) Administrative tools are provided to manually update the DB mapping table if necessary To create VO groups in advance To keep same uid when DN changes To get same uid for a DN and a Kerberos principal

16 LFC tutorial Access Control Lists LFC support Posix ACLs based on Virtual Ids Access Control Lists on files and directories Default Access Control Lists on directories: they are inherited by the sub-directories and files under the directory Example lfc-mkdir /grid/dteam/jpb lfc-setacl -m d:u::7,d:g::7,d:o:5 /grid/dteam/jpb lfc-getacl /grid/dteam/jpb # file: /grid/dteam/jpb # owner: /C=CH/O=CERN/OU=GRID/CN=Jean-Philippe Baud 7183 # group: dteam user::rwx group::r-x #effective:r-x other::r-x default:user::rwx default:group::rwx default:other::r-x

17 LFC tutorial Deployment LFC can be deployed as Central catalogue Local catalogue Replica of central catalogue Replication uses Oracle STREAMS

18 LFC tutorial Installation Port to be opened: 5010/tcp Install host certificate on the server host /etc/grid-security/hostcert.pem /etc/grid-security/hostkey.pem /etc/grid-security/lfcmgr/lfccert.pem /etc/grid-security/lfcmgr/lfckey.pem Install /opt/lcg/etc/lcgdm-mapfile Install *.lsc files in /etc/grid-security/vomsdir

19 LFC tutorial Configuration 3 methods can be used: Yaim Quattor Manual /etc/sysconfig/lfcdaemon RUN_READONLY=“no” RUN_DISABLEAUTOVIDS="no“ ALLOW_COREDUMP="yes“ (recommended) NB_THREADS=20 (default, but should be 60 for large VOs) ORACLE_HOME /opt/lcg/etc/NSCONFIG lcg_lfc_local_test2_w/My_db_pwd@int6r

20 LFC tutorial LOGS 02/11 09:16:37 24739 Cns_serv: started (LFC 1.7.0-0) 02/11 11:12:09 24739,0 Cns_srv_lstat: NS092 - lstat request by /DC=ch/DC=cern/OU=Organic Units/OU=Users/CN=baud/CN=373165/CN=Jean-Philippe Baud (101,106) from lxb7994.cern.ch 02/11 11:12:09 24739,0 Cns_srv_lstat: NS098 - lstat 0 / 02/11 11:12:09 24739,0 Cns_srv_lstat: returns 0

21 LFC tutorial Statistics LFC installed at 60 sites LFC used by tens of VOs, including ATLAS and LHCb

22 LFC tutorial Monitoring Check the maximum number of threads in use Check that a file entry can be listed Check that an entry can be created or modified Look for authentication errors (“Csec” messages) Look for DB errors (“ORA” errors if the backend is Oracle). Most of the DB errors are recovered thru internal retries. Look for procdirreq, procsessreq and proctransreq errors

23 LFC tutorial Documentation and support https://svnweb.cern.ch/trac/lcgdm hep-service-dpm@cern.ch helpdesk@ggus.org https://svnweb.cern.ch/trac/lcgdm/roadmap https://twiki.cern.ch/twiki/bin/view/EGEE/DMReleas eStatus

Download ppt "LFC tutorial Jean-Philippe Baud, IT-GT, CERN July 2010."

Similar presentations

Data Management Expert Panel. RLS Globus-EDG Replica Location Service u Joint Design in the form of the Giggle architecture u Reference Implementation.

Data Management Expert Panel. RLS Globus-EDG Replica Location Service u Joint Design in the form of the Giggle architecture u Reference Implementation.
DPM Name Server (DPNS) Namespace Authorization Location of physical files DPM Server Requests queuing and processing Space Management SRM Servers v1.1,

DPM Name Server (DPNS) Namespace Authorization Location of physical files DPM Server Requests queuing and processing Space Management SRM Servers v1.1,
Grid Data Management Assaf Gottlieb - Israeli Grid NA3 Team EGEE is a project funded by the European Union under contract IST-2003-508833 EGEE tutorial,

Grid Data Management Assaf Gottlieb - Israeli Grid NA3 Team EGEE is a project funded by the European Union under contract IST EGEE tutorial,
Andrew McNab - EDG Access Control - 14 Jan 2003 EU DataGrid security with GSI and Globus Andrew McNab University of Manchester

Andrew McNab - EDG Access Control - 14 Jan 2003 EU DataGrid security with GSI and Globus Andrew McNab University of Manchester
GGF Toronto 19.02.02 Spitfire A Relational DB Service for the Grid Peter Z. Kunszt European DataGrid Data Management CERN Database Group.

GGF Toronto Spitfire A Relational DB Service for the Grid Peter Z. Kunszt European DataGrid Data Management CERN Database Group.
MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration Chapter 7 Configuring File Services in Windows Server 2008.

MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration Chapter 7 Configuring File Services in Windows Server 2008.
Understanding Active Directory

Understanding Active Directory
(ITI310) SESSIONS 9-10-11-12: Active Directory By Eng. BASSEM ALSAID.

(ITI310) SESSIONS : Active Directory By Eng. BASSEM ALSAID.
The LCG File Catalog (LFC) Jean-Philippe Baud – Sophie Lemaitre IT-GD, CERN May 2005.

The LCG File Catalog (LFC) Jean-Philippe Baud – Sophie Lemaitre IT-GD, CERN May 2005.
DPM CCRC - 1 Research and developments DPM status and plans Jean-Philippe Baud.

DPM CCRC - 1 Research and developments DPM status and plans Jean-Philippe Baud.
INFSO-RI-508833 Enabling Grids for E-sciencE www.eu-egee.org gLite Data Management Services - Overview Mike Mineter National e-Science Centre, Edinburgh.

INFSO-RI Enabling Grids for E-sciencE gLite Data Management Services - Overview Mike Mineter National e-Science Centre, Edinburgh.
VOX Project Status T. Levshina. Talk Overview VOX Status –Registration –Globus callouts/Plug-ins –LRAS –SAZ Collaboration with VOMS EDG team Preparation.

VOX Project Status T. Levshina. Talk Overview VOX Status –Registration –Globus callouts/Plug-ins –LRAS –SAZ Collaboration with VOMS EDG team Preparation.
EGEE-III INFSO-RI- 222667 Enabling Grids for E-sciencE www.eu-egee.org The Medical Data Manager : the components Johan Montagnat, Romain Texier, Tristan.

EGEE-III INFSO-RI Enabling Grids for E-sciencE The Medical Data Manager : the components Johan Montagnat, Romain Texier, Tristan.
The LCG File Catalog (LFC) Jean-Philippe Baud – Sophie Lemaitre IT-GD, CERN May 2005.

The LCG File Catalog (LFC) Jean-Philippe Baud – Sophie Lemaitre IT-GD, CERN May 2005.
INFNGrid Constanza Project: Status Report A.Domenici, F.Donno, L.Iannone, G.Pucciani, H.Stockinger CNAF, 6 December 2004 WP3-WP5 FIRB meeting.

INFNGrid Constanza Project: Status Report A.Domenici, F.Donno, L.Iannone, G.Pucciani, H.Stockinger CNAF, 6 December 2004 WP3-WP5 FIRB meeting.
INFSO-RI-508833 Enabling Grids for E-sciencE www.eu-egee.org AMGA Metadata Server - Metadata Services in gLite (+ ARDA DB Deployment Plans with Experiments)

INFSO-RI Enabling Grids for E-sciencE AMGA Metadata Server - Metadata Services in gLite (+ ARDA DB Deployment Plans with Experiments)
Enabling Grids for E-sciencE EGEE-III INFSO-RI-222667 1 I. AMGA Overview What is AMGA Metadata Catalogue of EGEE’s gLite 3.1 Middleware Main Feature of.

Enabling Grids for E-sciencE EGEE-III INFSO-RI I. AMGA Overview What is AMGA Metadata Catalogue of EGEE’s gLite 3.1 Middleware Main Feature of.
INFSO-RI-508833 Enabling Grids for E-sciencE www.eu-egee.org DPM Administration Jean-Philippe Baud (Sophie Lemaitre)

INFSO-RI Enabling Grids for E-sciencE DPM Administration Jean-Philippe Baud (Sophie Lemaitre)
EGEE-II INFSO-RI-031688 Enabling Grids for E-sciencE www.eu-egee.org EGEE middleware: gLite Data Management EGEE Tutorial 23rd APAN Meeting, Manila Jan.

EGEE-II INFSO-RI Enabling Grids for E-sciencE EGEE middleware: gLite Data Management EGEE Tutorial 23rd APAN Meeting, Manila Jan.
Enabling Grids for E-sciencE Introduction Data Management Jan Just Keijser Nikhef Grid Tutorial, 13-14 November 2008.

Enabling Grids for E-sciencE Introduction Data Management Jan Just Keijser Nikhef Grid Tutorial, November 2008.

Similar presentations

Ads by Google