Difference between revisions of "Swestore-irods"

From SNIC Documentation
Jump to: navigation, search
(SweStore iRODS usage documentation)
(Redirected page to Swestore-iRODS)
(45 intermediate revisions by 6 users not shown)
Line 1: Line 1:
[[Category:Storage]]
+
#REDIRECT [[Swestore-iRODS]]
[[Category:SweStore]]
 
  
'''This is not official yet'''
 
  
SNIC is building a storage infrastructure to complement the computational resources.
+
= National Storage using iRODS =
 +
[[Category:Storage]]
 +
[[Category:iRODS]]
  
Many forms of automated measurements can produce large amounts of data. In scientific areas such as high energy physics (the Large Hadron Collider at CERN), climate modeling, bioinformatics, bioimaging etc., the demands for storage are increasing dramatically. To serve these and other user communities, SNIC has appointed a working group to design a storage strategy, taking into account the needs on many levels and creating a unified storage infrastructure, which is now being implemented.
+
<font size="5" color="red"> NOTA: THIS PAGE IS OUT OF DATE! </font><br>
 
 
Swestore is in collaboration with [http://www.ecds.se/ ECDS], [http://snd.gu.se/ SND], Bioimage Sweden, [http://www.bils.se/ BILS], [http://www.uppnex.uu.se/ UPPNEX],[http://wlcg.web.cern.ch/ WLCG], [http://www.nrm.se/ NaturHistoriska RiksMuseet].
 
 
 
= National storage =
 
The Swestore Nationally Accessible Storage, commonly called just Swestore, is a robust, flexible and expandable long term storage system aimed at storing large amounts of data produced by various Swedish research projects. It is based on the [http://www.dcache.org dCache] and  [http://www.irods.org iRODS]
 
storage systems.
 
 
 
Swestore is distributed across the SNIC centres [http://www.c3se.chalmers.se/ C3SE], [http://www.hpc2n.umu.se/ HPC2N], [http://www.lunarc.lu.se/ Lunarc], [http://www.nsc.liu.se/ NSC], [http://www.pdc.kth.se PDC] and [http://www.uppmax.uu.se Uppmax]. Data is stored in two copies with each copy at a different SNIC centre. This enables the system to cope with a multitude of issues ranging from a simple crash of a storage element to losing an entire site while still providing access to the stored data.
 
 
 
One of the major advantages to the distributed nature of dCache and iRODS is the excellent aggregated transfer rates possible. This is achieved by bypassing a central node and having transfers going directly to/from the storage elements if the protocol allows it. The Swestore Nationally Accessible Storage system can achieve aggregated  transfer rates in excess of 100 Gigabit per second, but in practice this is limited by connectivity to each University (usually 10 Gbit/s) or a limited number of files (typically
 
max 1 Gbit/s per file/connection).
 
 
 
To protect against silent data corruption the dCache storage system checksums all stored data and periodically verifies the data using this checksum.
 
 
 
The dCache system does NOT yet provide protection against user errors like inadvertent file deletions and so on. The iRODS system provides this protection. Deleted files are moved to a trashcan.
 
  
 
== Getting access ==
 
== Getting access ==
Line 27: Line 12:
 
: Please follow the instructions on the [[Apply for storage on SweStore]] page.
 
: Please follow the instructions on the [[Apply for storage on SweStore]] page.
  
;Difference between dCache and iRODS user authentication
+
;iRODS user authentication
:SweStore's dCache system uses eScience client certificates.
+
:SweStore's iRODS system uses [http://www.yubico.com/products/yubikey-hardware/yubikey/ Yubikey] one-time passwords (OTP). With a simple touch of a button, a 44 character one-time password is generated and sent to the system. The user will be provided with a SweStore yubikey.
:SweStore's iRODS system uses [http://www.yubico.com/products/yubikey-hardware/yubikey/ Yubikey] one-time passwords (OTP). With a simple touch of a button, a 44 character one-time password is generated and sent to the system.
 
 
:Yubikey has a status as pilot now. It can be changed in the future.
 
:Yubikey has a status as pilot now. It can be changed in the future.
  
; dCache usage - How to acquire an eScience client certificate
+
; iRODS usage <span style="color:#FF0000"> Pilot. </span><br> - How to acquire a SweStore yubikey
: Follow the instructions on [[Grid_certificates#Requesting_a_certificate|Requesting a certificate]] to get your client certificate. This step can be performed while waiting for the storage application to be approved and processed. Of course, if you already have a valid eScience certificate you don't need to acquire another one.
+
:Please send an email to [mailto:support@swestore.se?subject=Yubikey support@swestore.se] and provide the shipping address to where the yubikey should be sent.<br>
:; For Terena certificates
+
:Yubikey has a status as pilot now. It can be changed in the future.
:: If intending to access SweStore from a SNIC resource, please make sure you also [[Exporting_a_client_certificate|export the certificate]], transfer it to the intended SNIC resource and [[Preparing_a_client_certificate|prepare it for use with grid tools]] (not necessarily needed with ARC 3.x, see [[Grid_certificates#Creating_a_proxy_certificate_using_the_Firefox.2FThunderbird_credential_store|proxy certificates using Firefox credential store]]).
 
:; For Nordugrid certificates
 
:: Please make sure to also [[Requesting_a_grid_certificate_from_the_Nordugrid_CA#Installing_the_certificate_in_your_browser|install your client certificate in your browser]].
 
:; Request membership in the SweGrid VO
 
:: Follow the instructions on [[Grid_certificates#Requesting_membership_in_the_SweGrid_VO|Requesting membership in the SweGrid VO]] to get added to the SweGrid Virtual Organisation (VO) and request membership to your allocated storage project.
 
 
 
; iRODS usage - How to acquire a SweStore YubiKey
 
 
 
To apply for a SweStore yubikey, please send an email to [mailto:support@swestore.se?subject=Yubikey support@swestore.se] and provide the shipping address to where the yubikey should be sent.<br>
 
Yubikey solution is still in a pilot phase. It can be changed in the future.
 
  
 
== Support ==  
 
== Support ==  
Line 50: Line 24:
 
If you have any issues using SweStore please do not hesitate to contact [mailto:support@swestore.se support@swestore.se].
 
If you have any issues using SweStore please do not hesitate to contact [mailto:support@swestore.se support@swestore.se].
  
== dCache ==
+
<span style="color:#FF0000"> Better not to use filename with single quotes. (There were problems with these but they had been fixed.</span><br>
 
 
=== Access protocols ===
 
; Currently supported protocols
 
: GridFTP - gsiftp://gsiftp.swestore.se/
 
: Storage Resource Manager - srm://srm.swegrid.se/
 
: Hypertext Transfer Protocol (read-only), Web Distributed Authoring and Versioning - http://webdav.swestore.se/ (unauthenticated), https://webdav.swestore.se/
 
: NFS4.1
 
 
 
For authentication eScience certificates are used, which provides a higher level of security than legacy username/password schemes.
 
 
 
=== Download and upload data ===
 
; Interactive browsing and manipulation of single files
 
: SweStore is accessible in your web browser in two ways, as a directory index interface at https://webdav.swestore.se/ and with an interactive file manager at https://webdav.swestore.se/browser/. '''Note''' that the interactive file manager has a lot of features and functions not supported in SweStore, only the basic file transfer features are supported.
 
: To browse private data you need to have your certificate installed in your browser (default with Terena certificates, see above). Projects are organized under the <code>/snic</code> directory as <code><nowiki>https://webdav.swestore.se/snic/YOUR_PROJECT_NAME/</nowiki></code>.
 
; Upload and delete data interactively or with automation
 
There are several tools that are capable of using the protocols provided by SweStore national storage.
 
For interactive usage on SNIC clusters we recommend using the ARC tools which should be installed on all SNIC resources.
 
As an integration point for building scripts and automated systems we suggest using the curl program and library.
 
: Use the ARC client. Please see the instructions for [[Accessing SweStore national storage with the ARC client]]. '''Recommended''' method when logged in on SNIC resources.
 
: Use lftp. Please see the instructions for [[Accessing SweStore national storage with lftp]].
 
: Use cURL. Please see the instructions for [[Accessing SweStore national storage with cURL]].
 
: Use globus-url-copy. Please see the instructions for [[Accessing SweStore national storage with globus-url-copy]].
 
 
 
=== Tools and scripts ===
 
 
 
There exists a number of tools and utilities developed externally that can be useful. Here are some links:
 
  
* [https://github.com/samuell/arc_tools ARC_Tools] - Convenience scripts for the arc client (Only a recursive rmdir so far).
+
== Usage monitoring ==
* [http://sourceforge.net/projects/arc-gui-clients ARC Graphical Clients] - Contains the ARC Storage Explorer (SweStore supported development).
 
* Transfer script, [[SweStore/swetrans_arc|swetrans_arc]], provided by Adam Peplinski / Philipp Schlatter
 
* [http://www.nordugrid.org/documents/SWIG-wrapped-ARC-Python-API.pdf Documentation of the ARC Python API (PDF)]
 
 
 
=== Slides and more ===
 
 
 
[http://docs.snic.se/wiki/Swestore/Lund_Seminar_Apr18 Slides and material from seminar for Lund users on April 18th]
 
 
 
=== Usage monitoring ===
 
 
* [http://status.swestore.se/munin/monitor/monitor/ Per Project Monitoring of Swestore usage]
 
* [http://status.swestore.se/munin/monitor/monitor/ Per Project Monitoring of Swestore usage]
  
== iRODS ==
+
== Supported clients ==
  
There is a SNIC iRODS system available under Swestore.
+
: iDrop web - Point your Web browser to [https://iweb.swestore.se iweb.swestore.se]
 +
: E-iRODS iCommands 3.0 - Command line client [ftp://ftp.renci.org/pub/irods/releases/3.0.1 Download E-iRODS icommands]
  
=== Supported clients ===
+
SweStore iRODS uses PAM authentication and SweStore yubikeys. With a simple touch of a button, a 44 character one-time password is generated and sent to the system.
  
: iDrop web - Point your Web browser to [https://iweb.swestore.se iweb.swestore.se]
 
: E-iRODS iCommands 3.0 - Command line client [ftp://ftp.renci.org/pub/eirods/releases/3.0 Download E-iRODS icommands]
 
  
SweStore iRODS uses PAM authentication and SweStore yubikeys. With a simple touch of a button, a 44 character one-time password is generated and sent to the system.
+
=== Web GUI (iDrop web) ===
 +
Please see the specific documentation for [[iDrop web]].
  
==== Community iRODS version 3.3 ====  
+
=== Community iRODS version 3.3 ===
 
The community iRODS client version 3.3 also should work, with PAM authentication.<br>
 
The community iRODS client version 3.3 also should work, with PAM authentication.<br>
 +
It is available from [http://irods.sdsc.edu/download.html SDSC].
 
Please install the OpenSSL include files and libraries:
 
Please install the OpenSSL include files and libraries:
 
<pre>
 
<pre>
sudo apt-get install libssl-dev (debian based system)
+
$ sudo apt-get install libssl-dev (debian based system)
 
# yum install openssl-devel (redhat-based systems)
 
# yum install openssl-devel (redhat-based systems)
 
</pre>
 
</pre>
 +
Download irods 3.3 from http://irods.sdsc.edu/download.html and unpack the tar.gz archive.
 +
 
Please enable the following defines in the Makefile iRODS/config/config.mk.in
 
Please enable the following defines in the Makefile iRODS/config/config.mk.in
 
<pre>
 
<pre>
Line 116: Line 58:
 
Please run irodssetup to compile the irods community client with PAM authentication.
 
Please run irodssetup to compile the irods community client with PAM authentication.
  
=== SweStore iRODS usage documentation  ===
+
== SweStore iRODS usage documentation  ==
  
 
To use the system you need to have the E-iRODS command line client installed or using iDROP web.  
 
To use the system you need to have the E-iRODS command line client installed or using iDROP web.  
  
==== Command line client ====
+
=== Command line client ===
  
 
For Linux systems the iRODS command line client is available as an installable package for various
 
For Linux systems the iRODS command line client is available as an installable package for various
Line 132: Line 74:
 
All these commands print short help when using the -h option.
 
All these commands print short help when using the -h option.
  
===== iCommands environment file =====
+
==== iCommands environment file ====
  
 
There is an environment file .irodsEnv in the .irods subdirectory
 
There is an environment file .irodsEnv in the .irods subdirectory
Line 143: Line 85:
 
irodsPort 1247
 
irodsPort 1247
 
irodsDefResource 'snicdefResc'
 
irodsDefResource 'snicdefResc'
irodsHome '/snicZone/home/USERNAME'
+
irodsHome '/snicZone/proj/<PROJECT_NAME>'
irodsCwd '/snicZone/home/USERNAME'
+
irodsCwd '/snicZone/proj/<PROJECT_NAME>'
irodsUserName 'USERNAME'
+
irodsUserName '<USERNAME>'
 
irodsZone 'snicZone'
 
irodsZone 'snicZone'
 
irodsAuthScheme 'PAM'
 
irodsAuthScheme 'PAM'
Line 153: Line 95:
 
The default irods zone name is snicZone.
 
The default irods zone name is snicZone.
 
The default resource is snicdefResc.
 
The default resource is snicdefResc.
 +
It is best to set the home directory to the same as the
 +
project directory, which would be a subdirectory under
 +
the /snicZone/proj directory tree.
 +
 +
==== Yubikey instructions ====
 +
 +
Prerequisite: A correct iCommands environment file, see above for instructions.
 +
 +
# Insert the yubikey in an available USB-slot in your computer.
 +
# Type iinit
 +
# Touch the conductive surface on the yubikey to send an one-time password to the system.
 +
 +
<pre>
 +
 +
$ iinit
 +
Enter your current PAM (system) password:
 +
$ ils
 +
/snicZone/proj/<projectname>:
 +
$
 +
</pre>
  
With the corrent environment file all we need is a Yubikey and we can run the iinit command to authenticate to the iCAT server. After that we can use the usual iCommands for 8 hours.
+
After that we can use the usual iCommands for 8 hours.
  
 
More details on the iCommands are available at
 
More details on the iCommands are available at
 
https://www.irods.org/index.php/icommands
 
https://www.irods.org/index.php/icommands
  
===== Using iCommands on SNIC HPC clusters =====
+
==== iCommands ====
 +
 
 +
Having initialized the session as described above we can use tie iRODS versions
 +
of the basic Unix commands. The project directory is under /snicZone/proj, all
 +
members of the project should have write access to this directory. We can use
 +
the command
 +
<pre>
 +
icd /snicZone/proj/projectname
 +
</pre>
 +
to move to the project directory, or to change to an another project directory
 +
when we are members of more than one project.
 +
 
 +
All commands give short help when invoked with the -h flag.
 +
 
 +
To put files files into the iRODS system we can use:
 +
<pre>
 +
iput localfile irodsfile
 +
</pre>
 +
or, to put a whole directory tree:
 +
<pre>
 +
iput -r localdirectory irodscollection
 +
</pre>
 +
 
 +
To load large amout of data it might be more advantageous to use
 +
<pre>
 +
irsync -r localdirectory irodscollection
 +
</pre>
 +
It might be a good idea to use -K so then checksums will be computed,
 +
stored and checked.
 +
 
 +
To create directories (collections in iRODSspeak) we use:
 +
<pre>
 +
imkdir collection
 +
</pre>
 +
as it would be expected.
 +
 
 +
To get those files back we can use
 +
<pre>
 +
iget irodsfile localfile
 +
</pre>
 +
or
 +
<pre>
 +
irsync -r irodscollection localdirectory
 +
</pre>
 +
 
 +
To remove files we use:
 +
<pre>
 +
irm
 +
</pre>
 +
or
 +
<pre>
 +
irm -r
 +
</pre>
 +
 
 +
Removing files like that would put the files into the trashcan (path: /snicZone/trash/).
 +
Time to time we would need to empty the trashcan, using
 +
<pre>
 +
irmtrash
 +
</pre>
 +
 
 +
==== Using iCommands on SNIC HPC clusters ====
  
 
On SNIC-clusters the icommands command line tools are either available in the PATH or by adding the irods module, e.g.
 
On SNIC-clusters the icommands command line tools are either available in the PATH or by adding the irods module, e.g.
 
: module load irods
 
: module load irods
 +
:If the irods commands are not available at the SNIC HPC cluster, please contact support@swestore.se
 
We also need to setup the iCommands environment file $HOME/.irods/.irodsEnv
 
We also need to setup the iCommands environment file $HOME/.irods/.irodsEnv
  
==== iDROP web client ====
+
=== Storage Project directory structure ===
 +
 
 +
Your storage project is available at /snicZone/proj/<PROJECT NAME>
 +
 
 +
/snicZone/home/<USERNAME> is just a small home directory.
 +
 
 +
=== iDROP web client ===
  
The web client is accessible via the URL https://iweb.swestore.se/.
+
See the [[iDrop web]] specific page.
A login screen will be presented first and your Yubikey should
 
be used to log in.
 
  
==== Upstream documentation ====
+
=== Upstream documentation ===
 
Detailed documentation, papers and resources are available from
 
Detailed documentation, papers and resources are available from
 
the [http://www.eirods.org E-iRODS web site]
 
the [http://www.eirods.org E-iRODS web site]
Line 178: Line 205:
  
 
[https://groups.google.com/d/forum/irod-chat‎ User forum]
 
[https://groups.google.com/d/forum/irod-chat‎ User forum]
 
= Center storage =
 
Centre storage, as defined by the SNIC storage group, is a storage solution that lives independently of the computational resources and can be accessed from all such resources at a centre. Key features include the ability to access the same filesystem the same way on all computational resources at a centre, and a unified structure and nomenclature for all centra. Unlike cluster storage which is tightly associated with a single cluster, and thus has a limited life-time, centre storage does not require the users to migrate their own data when clusters are decommissioned, not even when the storage hardware itself is being replaced.
 
 
== Unified environment ==
 
To make the usage more transparent for SNIC users, a set of environment variables are available on all SNIC resources:
 
 
* <code>SNIC_BACKUP</code> – the user's primary directory at the centre<br>(the part of the centre storage that is backed up)
 
* <code>SNIC_NOBACKUP</code> – recommended directory for project storage without backup<br>(also on the centre storage)
 
* <code>SNIC_TMP</code> – recommended directory for best performance during a job<br>(local disk on nodes if applicable)
 

Revision as of 13:29, 16 November 2020

Redirect to:

National Storage using iRODS

NOTA: THIS PAGE IS OUT OF DATE!

Getting access

Apply for storage
Please follow the instructions on the Apply for storage on SweStore page.
iRODS user authentication
SweStore's iRODS system uses Yubikey one-time passwords (OTP). With a simple touch of a button, a 44 character one-time password is generated and sent to the system. The user will be provided with a SweStore yubikey.
Yubikey has a status as pilot now. It can be changed in the future.
iRODS usage Pilot.
- How to acquire a SweStore yubikey
Please send an email to support@swestore.se and provide the shipping address to where the yubikey should be sent.
Yubikey has a status as pilot now. It can be changed in the future.

Support

If you have any issues using SweStore please do not hesitate to contact support@swestore.se.

Better not to use filename with single quotes. (There were problems with these but they had been fixed.

Usage monitoring

Supported clients

iDrop web - Point your Web browser to iweb.swestore.se
E-iRODS iCommands 3.0 - Command line client Download E-iRODS icommands

SweStore iRODS uses PAM authentication and SweStore yubikeys. With a simple touch of a button, a 44 character one-time password is generated and sent to the system.


Web GUI (iDrop web)

Please see the specific documentation for iDrop web.

Community iRODS version 3.3

The community iRODS client version 3.3 also should work, with PAM authentication.
It is available from SDSC. Please install the OpenSSL include files and libraries:

$ sudo apt-get install libssl-dev (debian based system)
# yum install openssl-devel (redhat-based systems)

Download irods 3.3 from http://irods.sdsc.edu/download.html and unpack the tar.gz archive.

Please enable the following defines in the Makefile iRODS/config/config.mk.in

PAM_AUTH = 1
PAM_AUTH_NO_EXTEND = 1
USE_SSL = 1 

Please run irodssetup to compile the irods community client with PAM authentication.

SweStore iRODS usage documentation

To use the system you need to have the E-iRODS command line client installed or using iDROP web.

Command line client

For Linux systems the iRODS command line client is available as an installable package for various Linux platforms from the e-iRODS website downloads section.

The command line client is natural to use for Unix users. There are versions of the usual ls, rm, mv, mkdir, pwd, rsync commands prefixed with an i for iRODS, i.e. irm, imv, imkdir etc.

As expected iput and iget move files to and from the irods system. All these commands print short help when using the -h option.

iCommands environment file

There is an environment file .irodsEnv in the .irods subdirectory of the home directory ($HOME/.irods/.irodsEnv) which contains information where and how to access the iRODS metadata (iCAT) server.

It looks like (placeholders are in <>):

irodsHost 'irods.swestore.se'
irodsPort 1247
irodsDefResource 'snicdefResc'
irodsHome '/snicZone/proj/<PROJECT_NAME>'
irodsCwd '/snicZone/proj/<PROJECT_NAME>'
irodsUserName '<USERNAME>'
irodsZone 'snicZone'
irodsAuthScheme 'PAM'

The iCAT server is irods.swestore.se. The default irods zone name is snicZone. The default resource is snicdefResc. It is best to set the home directory to the same as the project directory, which would be a subdirectory under the /snicZone/proj directory tree.

Yubikey instructions

Prerequisite: A correct iCommands environment file, see above for instructions.

  1. Insert the yubikey in an available USB-slot in your computer.
  2. Type iinit
  3. Touch the conductive surface on the yubikey to send an one-time password to the system.

$ iinit
Enter your current PAM (system) password:
$ ils
/snicZone/proj/<projectname>:
$

After that we can use the usual iCommands for 8 hours.

More details on the iCommands are available at https://www.irods.org/index.php/icommands

iCommands

Having initialized the session as described above we can use tie iRODS versions of the basic Unix commands. The project directory is under /snicZone/proj, all members of the project should have write access to this directory. We can use the command

icd /snicZone/proj/projectname

to move to the project directory, or to change to an another project directory when we are members of more than one project.

All commands give short help when invoked with the -h flag.

To put files files into the iRODS system we can use:

iput localfile irodsfile

or, to put a whole directory tree:

iput -r localdirectory irodscollection

To load large amout of data it might be more advantageous to use

irsync -r localdirectory irodscollection

It might be a good idea to use -K so then checksums will be computed, stored and checked.

To create directories (collections in iRODSspeak) we use:

imkdir collection

as it would be expected.

To get those files back we can use

iget irodsfile localfile

or

irsync -r irodscollection localdirectory

To remove files we use:

irm

or

irm -r

Removing files like that would put the files into the trashcan (path: /snicZone/trash/). Time to time we would need to empty the trashcan, using

irmtrash

Using iCommands on SNIC HPC clusters

On SNIC-clusters the icommands command line tools are either available in the PATH or by adding the irods module, e.g.

module load irods
If the irods commands are not available at the SNIC HPC cluster, please contact support@swestore.se

We also need to setup the iCommands environment file $HOME/.irods/.irodsEnv

Storage Project directory structure

Your storage project is available at /snicZone/proj/<PROJECT NAME>

/snicZone/home/<USERNAME> is just a small home directory.

iDROP web client

See the iDrop web specific page.

Upstream documentation

Detailed documentation, papers and resources are available from the E-iRODS web site

Community iRODS

User forum