1 / 74

iRODS Tutorial II. Data Grid Administration

iRODS Tutorial II. Data Grid Administration. Leesa Brieger . iRODS Tutorial Preview. iRODS Getting Started Unix client (icommands) Usage iRODS Data Grid Administration Installing server and iCAT Changing default settings Setting up users

thy
Download Presentation

iRODS Tutorial II. Data Grid Administration

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. iRODS TutorialII. Data Grid Administration Leesa Brieger

  2. iRODS Tutorial Preview • iRODS Getting Started • Unix client (icommands) • Usage • iRODS Data Grid Administration • Installing server and iCAT • Changing default settings • Setting up users • Installing resource server and adding new resources to a data grid/zone • Federating with other grids/zones, remote users • Microservices and rules for policy implementation and enforcement

  3. iRODS Data Grid Administration

  4. iRODS Info • Main page: http://irods.org • Github repositories: https://github.com/irods/ (Request a guest account to get access.) • Github tickets (issues): https://github.com/irods/irods/issues?state=open • Chat list: irods-chat@irods.org • The original iRODS wiki: https://wiki.irods.org • The iRODS Manual: http://irods.org/dev/wp-content/uploads/2014/03/irods-manual-4.0.0.pdf

  5. iRODS Books Available from Amazon • The integrated Rule-Oriented Data System (iRODS) Micro-service Workbook http://www.amazon.com/dp/1466469129 • An updated microservices reference book is coming out soon.

  6. iRODS Download • Download link for binary packages from the iRODS main page http://irods.org/download/ • Open source, BSD license • Binary packages – rpmand deb – available for CentOS, Red Hat, Debian, Ubuntu, SUSE. Planned: Mac OSX, Windows • See http://irods.org/2014/03/irods-4-0-0-released/ • 4.0 tested platforms: CentOS 5 & 6, SuSE 11 & 12, Ubuntu 10 & 12 • iRODS source is available via GitHub https://github.com/irods/irods • Other iRODS packages and plug-ins are available via GitHub at https://github.com/irods

  7. iRODS iCAT-Enabled Server (IES) • Installation – we’ll do Ubuntu and CentOS. • This is the heart of the data grid. • Other resources, on other platforms can be added to the data grid. • We will use PostgreSQL as the database for the iCAT for our installations; with database plug-ins, other DBs can also be used.

  8. iRODS Data Grid Installation - Ubuntu 12.04 Installing the iCAT-enabled Server • First, set up PostgreSQL > sudo apt-get install postgresql-9.3 This creates a Unix service account “postgres”, the DB superuser. • As user postgres, create a DB role/user “irods”, with rights to create DBs in the Postgres instance > sudo su – postgres > createuser -d -e -l -P irods Enter password for new role: ******* Enter it again: ******* CREATE ROLE irods PASSWORD 'md50061c043f3987cc21363299b9b1c0c3f' NOSUPERUSER CREATEDB NOCREATEROLE INHERIT LOGIN; > sudo exit continued… Enter the “irods” DB pw here; this will be used as the iCATadmin pw.

  9. iRODS Installation - Ubuntu 12.04 Installing the iCAT-enabled Server • Once “irods” is a user/role for the database, then install iRODS • Download the iRODS packages • irods-icat-4.0.0-64bit.deb • irods-database-plugin-postgres-1.0.deb • Install the packages > sudo dpkg -i irods-icat-4.0.0-64bit.debirods-database-plugin-postgres-1.0.deb > sudo apt-get -f install • Open the ports for iRODS client and server contact and parallel transfers > sudo iptables -A INPUT -m state --state NEW -m tcp -p tcp --dport 1247 –j ACCEPT > sudo iptables -A INPUT -m state --state NEW -m tcp -p tcp --dport 20000:20199 -j ACCEPT > sudo iptables -A INPUT -m state --state NEW -m udp -p udp –dport 20000:20199 –j ACCEPT continued… This creates an “irods” service account.

  10. iRODS Installation - Ubuntu 12.04 Installing the iCAT-enabled Server • As user irods, run the setup script > sudo su – irods (Home directory for this user is /var/lib/irods) > ./packaging/setup_database.sh This creates the iCAT database, using Postgres role ”irods”, and starts up the data grid, with iRODS admin user “rods”

  11. iRODS Installation – Ubuntu 12.04 Installing the iCAT-enabled Server Running the setup script setup_database.shcarries out these actions… • Prompts for config input • hostname (localhost) • port # • DB user name and pw (user “irods” and pw as specified in the postgres setup) • Creates an iRODS admin user “rods” with pw “rods” (This is an iRODS account, not Unix or postgres.) • Creates configuration files in /etc/irods/ • Creates the iCAT and brings up the data grid • Creates the environment file for iRODS user “rods” • Names the data grid (zone) and its resource with default names • tempZone • demoResc (and default physical path /var/lib/irods/iRODS/Vault) Change this password with “ipasswd” (/var/lib/irods/.irods/.irodsEnv)

  12. iRODS Environment File: ~/.irods/.irodsEnv # iRODS personal configuration file. # This file was automatically created during iRODS installation. # iRODS server host name: irodsHost 'tutorub.renci.org' # iRODS server port number: irodsPort 1247 # Default storage resource name: irodsDefResource 'demoResc' # Home directory in iRODS: irodsHome '/tempZone/home/rods' # Current directory in iRODS: irodsCwd '/tempZone/home/rods' # Account name: irodsUserName 'rods' # Zone: irodsZone 'tempZone’ …

  13. .irodsEnv • This file contains the environment of the grid you want to contact. • You can use multiple environment files to choose from among many grids (only one at a time has the name .irodsEnv) • This is only possible for Unix accounts that are not the “irods” service account. • NEVER changethe .irodsEnv file in the “irods” service account running a grid

  14. iRODS Data Grid Installation – CentOS 6 Installing the iCAT-enabled Server • Download the packages • RPM_INSTALLATION_HOWTO.txt • irods-icat-4.0.0-64bit-centos6.rpm • irods-database-plugin-postgres-1.0-centos6.rpm • Get and install the packages that iRODS depends on > sudo yum install postgresql postgresql-server unixODBC perl authd > sudo yum install postgresql-odbc (This installs PostgreSQL that will be used for the iCAT.) • Start the Postgres server and initialize database tables > sudo /sbin/service postgresql initdb Initializing database: [ OK ] > sudo /sbin/service postgresql start Starting postgresql service: continued… Read this first

  15. iRODS Data Grid Installation – CentOS 6 Installing the iCAT-enabled Server • As user postgres, create role/user irods with “create DB” privileges > sudo su – postgres > createuser -d -e -l -P irods Enter password for new role: ******* Enter it again: ******* CREATE ROLE irods PASSWORD 'md50061c043f3987cc21363299b9b1c0c3f' NOSUPERUSER CREATEDB NOCREATEROLE INHERIT LOGIN; > exit • Modify authd config file for xinetd.d (/etc/xinetd.d/auth) to remove the command line argument “-E”. Change [ server_args = -t60 --xerror --os -E ] to [ server_args = -t60 --xerror --os ] continued…

  16. iRODS Data Grid Installation – CentOS 6 Installing the iCAT-enabled Server • Set the proper runlevel for authd: > sudo /sbin/chkconfig --level=3 auth on • Restart xinetd > sudo /etc/init.d/xinetd restart • Open your firewall, if necessary, to listen for iRODS and allow parallel transfers. Add the following to your /etc/sysconfig/iptables: -A INPUT -m state --state NEW -m tcp -p tcp --dport 1247 -j ACCEPT -A INPUT -m state --state NEW -m tcp -p tcp --dport 20000:20199 -j ACCEPT -A INPUT -m state --state NEW -m udp -p udp --dport 20000:20199 -j ACCEPT • Restart the firewall: > sudo service iptables restart continued…

  17. iRODS Data Grid Installation – CentOS 6 Installing the iCAT-enabled Server • Download the iRODS package and install > sudo rpm -i irods-icat-4.0.0-64bit-centos6.rpm • As Unix user irods, run the database setup script: > sudo su – irods (Home directory for this user is /var/lib/irods) > ./packaging/setup_database.sh • Respond to script prompts DB server's hostname: localhost (<--- "localhost" here for a local DB) port: 5432 DB name: ICAT username: irods pw: ******* This creates Unix service account “irods”. Enter your iCAT DB admin pw here.

  18. iRODS Installation – CentOS 6 Installing the iCAT-enabled Server Running the setup script setup_database.shcarries out these actions… • Prompts for config input • hostname (localhost) • port # • DB user name and pw (user “irods” and pw as specified in the postgres setup • Creates an iRODS admin user “rods” with pw “rods” (This is an iRODS account, not Unix or postgres.) • Creates configuration files in /etc/irods/ • Creates the iCAT and brings up the data grid • Creates the environment file for iRODS user “rods” • Names the data grid (zone) and its resource with default names • tempZone • demoResc (and default physical path /var/lib/irods/iRODS/Vault) Change this password with “ipasswd” (/var/lib/irods/.irods/.irodsEnv)

  19. Installing the iCAT-Enabled Server (IES) with a Remote iCAT PostgreSQL Database On the database host machine: • Update postgresql.conf • Update pg_hba.conf • Restart postgres • Configure and restart iptables On the iRODS server host machine: 1) New setup script is necessary – will be supported in 4.0.3 2) During the configuration setup, give the hostname of the remote database machine

  20. Installing the IES with a Remote iCAT 1) postgresql.conf • Location: • Ubuntu: /etc/postgresql/9.3/main • CentOS: /var/lib/pgsql/data • Change required: • Update listen_addresses to contain the hostname (FQDN) or IP address of the postgres host

  21. Installing the IES with a Remote iCAT 2) pg_hba.conf • Location: • Ubuntu: /etc/postgresql/9.3/main • CentOS: /var/lib/pgsql/data • Change required: • Add a line to permit the ICAT server to connect using md5 authentication: host all all <hostname> md5

  22. Installing the IES with a Remote iCAT 3) Restart postgres • Ubuntu: sudo /etc/init.d/postgres restart • CentOS: sudo /etc/init.d/postgres-9.3 restart

  23. Installing the IES with a Remote iCAT 4) iptables • Ubuntu • Install iptables-persistent: sudo apt-get install iptables-persistent • Edit /etc/iptables/rules.v4 • Add (before the COMMIT line): -A INPUT -m state --state NEW -m tcp -p tcp --dport 5432 -j ACCEPT • Restart iptables: /etc/init.d/iptables restart • CentOS • Edit /etc/sysconfig/iptables • Add this line: -A INPUT -m state --state NEW -m tcp -p tcp --dport 5432 -j ACCEPT • Restart iptables: service iptables restart

  24. Installing the IES with a Remote iCAT Server side: 1) Get the setup script that supports this (4.0.3) 2) During the configuration setup, give the hostname of the remote DB

  25. iRODS Environment File: ~/.irods/.irodsEnv # iRODS personal configuration file. # This file was automatically created during iRODS installation. # iRODS server host name: irodsHost 'tutoricat.renci.org' # iRODS server port number: irodsPort 1247 # Default storage resource name: irodsDefResource 'demoResc' # Home directory in iRODS: irodsHome '/tempZone/home/rods' # Current directory in iRODS: irodsCwd '/tempZone/home/rods' # Account name: irodsUserName 'rods' # Zone: irodsZone 'tempZone’ …

  26. iRODS Post-Install • Configuration parameters saved in /etc/irods/irods.config and /etc/irods/server.config • Install logs are in /var/lib/irods/iRODS/installLogs/irods_setup.log • Server logs are in directory /var/lib/irods/iRODS/server/log/ • Rule file: /etc/irods/core.re contains rules that are triggered by actions in the data grid • Environment file /var/lib/irods/.irods/.irodsEnv is created automatically for service account “irods” • Copy this file into ~/.irods/.irodsEnv wherever you want admin access to the data grid • Copy this file and modify it for all other users’ access to the data grid

  27. iadmin – administrative functions • h for help, “h <command>” for help with that command • q to exit • Add new users, modify passwords, add new resources, federate to remote zones, create resource groups,… • mkresc/rmresc • mkuser/rmuser, moduser (modify passwords) • mkzone/rmzone, modzone (for federation) • Information on users, resources, tokens, etc • lt (el-tee), “lt <token type>” for listing of that token’s possible values • lu, lr, lz,…

  28. iRODS control ./irodsctl • start • stop • restart ./irodsctl –h gives documentation on using irodsctl Other options have been deprecated – iRODS no longer controls starting and stopping the iCAT DB Start/stop/restart the iRODS server

  29. iRODS Installation – Change Defaults • Modify default zone name (tempZone) • Modify default resource path (/var/lib/irods/iRODS/Vault/) • Modify default resource name (demoResc) • Alternative: Leave demoResc alone (name and path) and instead, introduce a separate, new resource on the same host; just stop using demoResc Examples • Change zone name from “tempZone” to “ubgrid” • Change default resource path to “/opt/irodsVault/” • Change default resource name from “demoResc” to “ubresc1” • Introduce new resource “ubresc2” on this server

  30. iRODS Installation – Change Defaults • Modify zone name (data grid name tempZone) • If you’re going to do this, it’s a good idea (though not absolutely necessary) to do it before you set up other users > iadmin iadmin> modzone tempZone name ubgrid • Once done, must edit the ~/.irods/.irodsEnv files of all users and change the zone name wherever it appears in that file (3 places) • Must also edit any rules (in /etc/irods/core.re) that might contain the zone name • Edit /etc/irods/irods.config: $ZONE_NAME = 'tempZone'; |-> $ZONE_NAME = ’ubgrid’ • Restart the data grid: > ./irodsctl restart

  31. iRODS Installation – Change Defaults • Modify resource path (/var/lib/irods/iRODS/Vault) • Again, best to do this before there are other users and much data in the data grid > iadmin iadmin> lr demoResc resc_id: 10010 resc_name: demoResc zone_name: ubgrid resc_type_name: unixfilesystem resc_net: tutorub.renci.org resc_def_path: /var/lib/irods/iRODS/Vault … iadmin> modresc demoResc path /opt/irodsVault Level 0: Previous resource path: /var/lib/irods/iRODS/Vault

  32. iRODS Installation – Change Defaults • Modify resource path (continued…) > iadmin iadmin> lr demoResc resc_id: 10010 resc_name: demoResc zone_name: ubgrid resc_type_name: unixfilesystem resc_net: tutorub.renci.org resc_def_path: /opt/irodsVault … If there are data objects in the resource and the physical path names need to be changed: > iadmin iadmin> modrescdatapaths demoResc /var/lib/irods/iRODS/Vault/ /opt/irodsVault/ “iadmin> help modrescdatapaths” for help

  33. iRODS Installation – Change Defaults • Modify resource name (demoResc) • Best to do this before there are other users on the data grid > iadmin iadmin> lr bundleResc demoResc iadmin> modresc demoResc name ubresc1 iadmin> lr bundleResc ubresc1 • Edit the .irodsEnv file to rename default resource if necessary: change irodsDefResource 'demoResc’ toirodsDefResource ’ubresc1'

  34. iRODS Installation – Change Defaults • Modify resource name (continued) • Must change the resource name used in any /etc/irods/core.re rules that use the default name • acSetRescSchemeForCreate {msiSetDefaultResc("demoResc","null"); } • acSetRescSchemeForRepl {msiSetDefaultResc("demoResc","null"); } change to • acSetRescSchemeForCreate {msiSetDefaultResc(”ubresc1","null"); } • acSetRescSchemeForRepl {msiSetDefaultResc(”ubresc1","null"); }

  35. iRODS Installation – Change Defaults • Introduce new resource on the same host > iadmin iadmin> lr bundleResc ubresc1 iadmin> mkresc ubresc2 unixfilesystem tutorub.renci.org:/opt/irodsVault2 Creating resource: Name: "ubresc2" Type: "unixfilesystem" Host: "tutorub.renci.org" Path: "/opt/irodsVault2" Context: "” iadmin> lr bundleResc ubresc1 ubresc2 Create the physical path first and make sure Unix user “irods” has write permission on it “iadmin> lt” is useful in choosing parameters to the mkresc command

  36. Changing Default Environment The Ubuntu Example > more .irodsEnv # iRODS server host name: irodsHost 'tutorub.renci.org' # iRODS server port number: irodsPort 1247 # Default storage resource name: irodsDefResource ’ubresc1' # Home directory in iRODS: irodsHome '/ubgrid/home/rods' # Current directory in iRODS: irodsCwd '/ubgrid/home/rods' # Account name: irodsUserName 'rods' # Zone: irodsZone 'ubgrid’ … > ilsresc ubresc1 ubresc2 Default data grid name (zone name) was changed to ubgrid; Default demoResc was renamed to ubresc1 and its physical path was redefined; new resource ubresc2 on the same host was added (new physical path). Edit .irodsEnv file to accurately reflect the changed environment.

  37. Changing Default Environment The CentOS Example > more .irodsEnv # iRODS server host name: irodsHost 'tutoricat.renci.org' # iRODS server port number: irodsPort 1247 # Default storage resource name: irodsDefResource ’resc1' # Home directory in iRODS: irodsHome '/centosgrid/home/rods' # Current directory in iRODS: irodsCwd '/centosgrid/home/rods' # Account name: irodsUserName 'rods' # Zone: irodsZone 'centosgrid’ … > ilsresc resc1 demoResc stateResc bundleResc Default data grid name (zone name) was changed to centosgrid; default demoResc was left as-is; new resources resc1 and stateResc on the same host were added (new physical paths). bundleResc is created when ibun is used. Edit .irodsEnv file to accurately reflect the changed environment.

  38. Setting Up New Users • Use iadmin • Two steps: mkuser and moduser (for a password) iadmin> mkuser user1 rodsuser iadmin> moduser user1 password ***** • Use iadmin to see what user types are possible iadmin> lt zone_type user_type data_type resc_type action_type rulexec_type access_type object_type coll_map auth_scheme_type iadmin>lt user_type • rodsgroup • rodsadmin • rodsuser • domainadmin • groupadmin • storageadmin • rodscurators • iadmin> lt user_type • rodsgroup • rodsadmin • rodsuser • domainadmin • groupadmin • storageadmin • rodscurators Possible values of token “user_type” Token List

  39. User Naming Convention An iRODS user account is identified by the user name and the data grid/zone name: • admin user on centosgrid: rods#centosgrid • admin user on ubgrid: rods#ubgrid • one of the rodsuser accounts on ubgrid: guest#ubgrid

  40. Resource Server Installation on CentOS Installing a non-IES Resource • Install a non-IES iRODS server in order to add a resource to an existing data grid • Host that will be running the iRODS server for this resource: tutorres.renci.org • Download irods-resource-4.0.0-64bit.deb from the download site • Install the packages that iRODS depends on > sudo yum install unixODBC perl authd > sudo yum install postgresql-odbc • PostgreSQL is set up on the IES, the iCAT-enabled server; don’t need it here on the non-IES resource server continued …

  41. Resource Server Installation on CentOS Installing a non-IES Resource • Modify /etc/xinetd.d/auth locally to remove the -E from a command line argument for auth: change [ server_args = -t60 --xerror --os -E ] to [ server_args = -t60 --xerror --os ] • Set the proper runlevel for authd > sudo /sbin/chkconfig --level=3 auth on • Restart xinetd > sudo /etc/init.d/xinetd restart continued …

  42. Resource Server Installation on CentOS Installing a non-IES Resource • Open your firewall, if necessary • Add the following lines to your /etc/sysconfig/iptables -A INPUT -m state --state NEW -m tcp -p tcp --dport 1247 -j ACCEPT -A INPUT -m state --state NEW -m tcp -p tcp --dport 20000:20199 -j ACCEPT -A INPUT -m state --state NEW -m udp -p udp --dport 20000:20199 -j ACCEPT • Restart the firewall > sudo service iptables restart • Install the iRODS RPM > rpm -i irods-resource-4.0.0-64bit-centos6.rpm • In case of missing FUSE libraries, install those > sudo yum install fuse-libs and then install the RPM (repeat step 8) continued …

  43. Resource Server Installation on CentOS Installing a non-IES Resource • As user irods, run the resource setup script > sudo su – irods > ./packaging/setup_resource.sh Answer the prompts for username and pw for iRODS admin user. > exit Running this script will • create/etc/irods/server.config, /etc/irods/irods.config, and /etc/irods/core.re • connect to the iCAT-enabled server (the IES) running the data grid • create the /var/lib/irods/.irods/.irodsEnv file (for local service account irods) • bring up the iRODS resource server • add info to the log file /var/lib/irods/iRODS/server/log • add a resource to the existing data grid continued …

  44. Resource Server Installation on CentOS Installing a non-IES Resource • My resource • host is • tutorres.renci.org, • thus the default • resource name • and path. • Default resource name and location: • <hostname>Resource • /var/lib/irods/iRODS/<hostname>ResourceVault Example • Take a look at the new resource > iadmin lr bundleResc resc1 stateResc demoResc tutorresResource > iadmin lr tutorresResource resc_id: 10020 resc_name: tutorresResource zone_name: centosgrid resc_type_name: unixfilesystem resc_net: tutorres.renci.org resc_def_path: /var/lib/irods/iRODS/tutorresResourceVault … See a listing of the data grid resources See more info about the new resource, in particular the physical path

  45. Resource Server Installation on CentOS Installing a non-IES Resource • Change resource name (before any data ingestion) > iadmin iadmin> modresc tutorresResource name resc2 • Change the physical path; my example path will be /opt/irodsVault Unix: create the directory and set permissions for user “irods” • create the directory: > sudo mkdir /opt/irodsVault • set Unix user “irods” as owner: >sudo chown irods irodsVault • set group to “irods” for this directory: > sudo chgrp irods irodsVault iRODS: • modify path: iadmin> modresc resc2 path /opt/irodsVault continued …

  46. Resource Server Installation on CentOS Installing a non-IES Resource Now take a look at the resources available on data grid centosgrid > ilsresc bundleResc resc1 demoResc resc2 stateResc • > iadmin • iadmin> lr resc2 • resc_id: 10020 • resc_name: resc2 • zone_name: centosgrid • resc_type_name: unixfilesystem • resc_net: tutorres.renci.org • resc_def_path: /opt/irodsVault • … From anywhere that you have your ~/.irods/.irodsEnv file and the icommands client, you have access to all the resources of your data grid.

  47. Resource Server Installation on Ubuntu Installing a non-IES Resource In this example, we’ll install another non-IES resource server on an Ubuntu host, to add yet another resource to centosgrid. • Download irods-resource-4.0.0-64bit.deb from the download site • Go to the directory containing the .deb package and do dpkg... > sudo dpkg -i irods-resource-4.0.0-64bit.deb • Use apt-get to install with all dependencies satisfied > sudo apt-get -f install continued … • This creates the • Unix account “irods”, • locally

  48. Resource Server Installation on Ubuntu Installing a non-IES Resource • As Unix user “irods” run the setup script > sudo su – irods > ./packaging/setup_resource.sh • Answer config questions about existing data grid this server is joining: iCAT server's hostname or IP address: tutoricat.renci.org iCAT server's port [1247]: iCAT server's ZoneName: centosgrid iRODS admin username [rods]: rods continued… /var/lib/irods is the irods home directory

  49. Resource Server Installation on Ubuntu Installing a non-IES Resource Running the setup script (./packaging/setup_resource.sh) will: • prompt for irods admin user and pw • create /etc/irods/server.config • connect to the iCAT-enabled server (the IES) running the data grid • create the /var/lib/irods/.irods/.irodsEnv file (for Unix user irods) • bring up the iRODS resource server • add info to the log file /var/lib/irods/iRODS/server/log continued…

  50. Resource Server Installation on Ubuntu Installing a non-IES Resource • Resource host: • tutor.renci.org • Default resource name and location: • <hostname>Resource • /var/lib/irods/iRODS/<hostname>ResourceVault Example • Take a look at the new resource > iadmin lr bundleResc resc1 stateResc demoResc resc2 tutorResource > iadmin lr tutorResource resc_id: 10020 resc_name: tutorresResource zone_name: centosgrid resc_type_name: unixfilesystem resc_net: tutor.renci.org resc_def_path: /var/lib/irods/iRODS/tutorResourceVault … • bundleResc is • created when • ibun is used • (see the • Getting Started • tutorial) See a listing of the data grid resources See more info about the new resource, in particular the physical path

More Related