The lightweight Gridenabled Disk Pool Manager DPM - PowerPoint PPT Presentation

About This Presentation

Title:

The lightweight Gridenabled Disk Pool Manager DPM

Description:

dpm-updatespace --token_desc myspace --gspace 5G $ dpm-releasespace --token_desc myspace ... Check that VOMS proxy signature comes from a trusted host ... – PowerPoint PPT presentation

Number of Views:95

Avg rating:3.0/5.0

Slides: 31

Provided by: gavinm1

Learn more at: https://osg-docdb.opensciencegrid.org

Category:

more less

Transcript and Presenter's Notes

Title: The lightweight Gridenabled Disk Pool Manager DPM

1
The lightweight Grid-enabled Disk Pool Manager
(DPM)

Sophie Lemaitre Jean-Philippe Baud
EGEE-OSG workshop
25 June 2007

2
Agenda

DPM architecture
SRMv2.2
VOMS and virtual ids
Whats next ?
Issues

3
DPM architecture
4
Functionality offered

Management of disk space on geographically
distributed disk servers
Management of name space (including ACLs)
Control interfaces
socket, SRM v1.0, SRM v2.1, SRM v2.2 (no srmCopy)
Data access protocols
secure RFIO, gsiFTP, HTTPS, and to come HTTP

5
DPM architecture
/dpm
/domain
/home
CLI, C API, SRM-enabled client, etc.
/vo
DPM head node
file

DPM Name Server
Namespace
Authorization
Physical files location
DPM Server
Requests queuing and processing
Space management
SRM Servers (v1.1, v2.1, v2.2)
Disk Servers
Physical files
Direct data transfer from/to
disk server (no bottleneck)

data transfer

DPM disk servers
6
DPM administration

Feedback from DPM administrators
Easy to install and configure
It works for us !
Our DPM has been running untouched for months
Very good online documentation
Intuitive commands
As similar to UNIX commands as possible
Ex dpns-ls, dpns-mkdir, dpns-getacl, etc.
DPM architecture is database centric
No configuration file
Support for MySQL and Oracle
Scalability
All servers (except the DPM one) can be
replicated if needed (DNS load balancing)

7
Platforms

Supported platforms
SL(C)3
SL(C)4
MAC OS X
From next release onwards
GridFTP 2 instead of GridFTP 1
GridFTP 2 plugin
Allowed to have a cleaner implementation
Much simpler than GridFTP 1 to interface to

8
SRMv2.2
9
Whats new ?

SRMv2.2
Biggest effort of last year
Required significant changes in DPM server code
5 new method types
Space reservation
srmReserveSpace, srmReleaseSpace,
Namespace operations
srmMkdir, srmLs,
Permissions and ACLs
srmSetPermission, srmGetPermission,
Transfer functions
srmPrepareToPut, srmPerpareToGet,
Admin functions
srmPing

10
Whats new ?

Retention policies
Given quality of disks, admin defines quality of
service
Replica, Output, Custodial
Access latency
Online, Nearline
Nearline will be used for BIOMED DICOM
integration
File storage type
Volatile, Permanent
File pinning
Extend TURL lifetime (srmPrepareToGet,
srmPrepareToPut)
Extend file lifetime in space (srmBringOnline)

11
Space reservation

Static space reservation (admin)
dpm-reservespace --gspace 20G --lifetime Inf
--group atlas --token_desc Atlas_ESD
dpm-reservespace --gspace 100M --lifetime 1h
--group dteam/Rolelcgadmin --token_desc LcgAd
dpm-updatespace --token_desc myspace --gspace
5G
dpm-releasespace --token_desc myspace
Dynamic space reservation (user)
Defined by user on request
dpm-reservespace
srmReserveSpace
Limitation on duration and size of space reserved

12
VOMS Virtual Ids
13
How to support VOMS ?

Lightweight VOMS handling in DPM
Check that VOMS proxy signature comes from a
trusted host
For scalability reasons, we didnt want to
contact another server for every authorization
Why virtual ids ?
We didnt want to use local users / groups
That admins would need to create a priori
DPM instead uses virtual ids
Stored in the DPM Name Server database
Created automatically when
user first connects with a valid proxy

14
DPM virtual ids

Each users DN
Is mapped to a unique virtual uid
Each VOMS group, each VOMS role
Is mapped to a unique virtual gid
Virtual uids / gids are created automatically
the first time a given user / group contacts the
DPM

15
DPM virtual ids
Ex (102, 101)
DB
Virtual uids mapping (example)
Virtual gids mapping (example)

grid-proxy-init
voms-proxy-init --vo atlas
Simone will be mapped
to (uid, gid) (102, 101)

16
DPM secondary groups
Ex (102, 103, 101)
DB
Virtual uids mapping (example)

voms-proxy-init voms
atlas/atlas/Roleproduction
Simone will be mapped to
(uid, gid, ) (102, 103, 101)
Simone still belongs to atlas

Virtual gids mapping (example)
17
ACLs on files

DPM supports Posix ACLs based on Virtual Ids
Access Control Lists on files and directories
Default Access Control Lists on directories they
are inherited by the sub-directories and files
under the directory
Example
dpns-mkdir /dpm/cern.ch/home/dteam/jpb
dpns-setacl -m du7,dg7,do5
/dpm/cern.ch/home/dteam/jpb
dpns-getacl /dpm/cern.ch/home/dteam/jpb
file /dpm/cern.ch/home/dteam/jpb
owner /CCH/OCERN/OUGRID/CNJean-Philipp
e Baud 7183
group dteam
userrwx
groupr-x effectiver-x
otherr-x
defaultuserrwx
defaultgrouprwx
defaultotherr-x

18
ACLs on pools

DPM terminology
A DPM pool is a set of filesystems on DPM disk
servers
By default, pools are generic
Possibility to dedicate a pool to several groups
dpm-addpool --poolname poolA --group alice
dpm-addpool --poolname poolB --group
atlas,cms,lhcb
Easy to add or remove groups
dpm-modifypool --poolname poolA --group
atlas,-alice

19
Authorization models

Follow the UNIX model
Namespace primary and secondary groups
Space reservation primary group only
For disk space accounting (and quotas later)
Who actually uses the space gets to pay the bill

20
Whats next ?
21
Whats next ?

Next release
DPM Name Server as local LFC
Short term (autumn 2007)
Quotas
srmCopy daemon
Medical data management
Encryption
DICOM backend
Medium term (beginning 2008)
NFSv4.1

22
Local LFC

DPM Name Server
Can act as a local LFC (LCG File Catalog)
Advantages
Only one service to run instead of two (LFC
DPM)
Transparent to the users
Available in next release

23
DPM quotas

DPM terminology
A DPM pool is a set of filesystems on DPM disk
servers
Unix-like quotas
Quotas are defined per disk pool
Usage in a given pool is per DN and per VOMS FQAN
Primary group gets charged for usage
Quotas in a given pool can be defined/enabled per
DN and/or per VOMS FQAN
Quotas can be assigned by admin
Default quotas can be assigned by admin and
applied to new users/groups contacting the DPM

24
DPM quotas

Unix-like quota interfaces
User interface
dpns-quota gives quota and usage information for
a given user/group (restricted to the own user
information)
Administrator interface
dpns-quotacheck to compute the current usage on
an existing system
dpns-repquota to list the usage and quota
information for all users/groups
dpns-setquota to set or change quotas for a given
user/group

25
DPM with NFSv4.1

NFSv4.1 and DPM have similar architectures
Separate metadata server
Direct access to physical files
Easy NFSv4.1 integration

26
Encrypted Storage

Medical community as the principal user
large amount of images are produced in DICOM
privacy concerns vs. processing needs
ease of use (image production and application)?
Strong security requirements
anonymity (patient data is separate)?
fine grained access control
privacy (even storage administrator cannot
read)data is encrypted (DICOM-SE) and decrypted
(client) in memory

AMGAmetadata
HydraKeyStore
HydraKeyStore
HydraKeyStore
2. keys
1. patient look-up
3.1.1 keys
DICOM
gridftp
3. get TURL
5. decrypt
3.1.2 image
DICOM plug-in
SRMv2
3.1 get enc. image
4. read enc. image
I/O
DICOM-SE
27
Issues
28
Issues