Skip to content
Snippets Groups Projects
Commit 7c4234cd authored by Michael Davis's avatar Michael Davis
Browse files

Documents ObjectStore configuration

parent 8df96f2d
Branches
Tags
No related merge requests found
......@@ -143,35 +143,126 @@ Section~\ref{compile_cta_from_source}
To install CTA from previously-built artifacts:
\begin{lstlisting}
# yum-config-manager --enable cta-artifacts
# yum-config-manager --enable ceph
# yum -y install cta-objectstore-tools cta-doc mt-st mtx lsscsi sg3_utils \
cta-catalogueutils ceph-common
# yum -y install cta-catalogueutils cta-debuginfo cta-doc cta-frontend \
cta-objectstore-tools mt-st mtx lsscsi sg3_utils
# yum clean packages
\end{lstlisting}
To install CTA from RPMs built in Section~\ref{compile_cta_from_source}:
\begin{lstlisting}
# yum -y install RPM/RPMS/x86_64/cta-*
\end{lstlisting}
\section{Configure ObjectStore}
\subsection{Configuration for a test system}
In a test system, configure the ObjectStore as a Virtual File System (VFS). Initialise the new ObjectStore VFS and set
global \texttt{rwx} permissions:
\begin{lstlisting}
# ~/CTA/objectstore/cta-objectstore-initialize
New object store path: file:///tmp/jobStoreVFSUaHSAk
# chmod -R 0777 /tmp/jobStoreVFSUaHSAk/
\end{lstlisting}
Then create environment variables to store the type and location of the new ObjectStore:
\begin{lstlisting}
# export OBJECTSTORETYPE=file
# export OBJECTSTOREURL=file:///tmp/jobStoreVFSUaHSAk
\end{lstlisting}
%Now we need to add it as a configuration parameter in the \texttt{castor.conf}, as in the following example:
%\begin{lstlisting}
%TapeServer ObjectStoreBackendPath /tmp/jobStoreVFSOKJCjW
%\end{lstlisting}
\subsection{Configuration for a production system}
In a production system, configure the ObjectStore to use Ceph. To install Ceph:
\begin{lstlisting}
# yum-config-manager --enable ceph
# yum -y install ceph-common
\end{lstlisting}
Create \texttt{/etc/ceph/ceph.conf} with the following contents:
\begin{lstlisting}
[global]
mon host = cephmond.cern.ch:6790
\end{lstlisting}
Create \texttt{/etc/ceph/ceph.client.cta-id.keyring} with the following contents:
\begin{lstlisting}
[client.cta-id]
key = KEY
caps mon = "allow r"
caps osd = "allow rwx pool=cta-tapepool namespace=cta-ns"
\end{lstlisting}
Then create environment variables to store the type and location of the new ObjectStore:
\begin{lstlisting}
export OBJECTSTORETYPE=ceph
export OBJECTSTOREURL=rados://cta-id@cta-tapepool:cta-ns
export OBJECTSTORENAMESPACE=cta-ns
export OBJECTSTOREID=cta-id
export OBJECTSTOREPOOL=cta-tapepool
\end{lstlisting}
\section{Install CTA Front-end}
Installing RPMs doesn't install cta-frontend. That is done in the script:
https://gitlab.cern.ch/cta/CTA/blob/master/continuousintegration/docker/ctafrontend/cc7/opt/run/bin/ctafrontend.sh
\section{Set up the objectstore VFS backend}
First we create the new objectstore VFS backend using a simple executable:
\begin{verbatim}
$ <cta_build_dir>/objectstore/cta-objectstore-initialize
\end{verbatim}
This command will return the newly created path to the VFS backend. Now we give it full permissions:
\begin{verbatim}
$ chmod -R 0777 <result_dir_of_previous_cmd>
\end{verbatim}
Now we need to add it as a configuration parameter in the \texttt{castor.conf}, as in the following example:
\begin{verbatim}
TapeServer ObjectStoreBackendPath /tmp/jobStoreVFSOKJCjW
\end{verbatim}
\subsection{Kubernetes ctafrontend.sh}
\begin{lstlisting}
yes | cp -r /opt/ci/ctafrontend/etc /
/opt/run/bin/init_objectstore.sh
. /tmp/objectstore-rc.sh
echo "ObjectStore BackendPath $OBJECTSTOREURL" > /etc/cta/cta-frontend.conf
echo "Catalogue NumberOfConnections 1" >>/etc/cta/cta-frontend.conf
echo "Log URL file:/cta-frontend.log" >>/etc/cta/cta-frontend.conf
/opt/run/bin/init_database.sh
. /tmp/database-rc.sh
echo ${DATABASEURL} >/etc/cta/cta_catalogue_db.conf
# Create user cta early so that we can set file ownership correctly
useradd cta
# EOS INSTANCE NAME used as username for SSS key
EOSINSTANCE=ctaeos
# Create SSS key for ctafrontend, must be forwardable in kubernetes realm
echo y | xrdsssadmin -k ctafrontend+ -u ${EOSINSTANCE} -g cta add /etc/ctafrontend_SSS_s.keytab
# copy it in the client file that contains only one SSS
cp /etc/ctafrontend_SSS_s.keytab /etc/ctafrontend_SSS_c.keytab
chmod 600 /etc/ctafrontend_SSS_s.keytab /etc/ctafrontend_SSS_c.keytab
chown cta /etc/ctafrontend_SSS_s.keytab /etc/ctafrontend_SSS_c.keytab
sed -i 's|.*sec.protocol sss.*|sec.protocol sss -s /etc/ctafrontend_SSS_s.keytab -c /etc/ctafrontend_SSS_c.keytab|' /etc/xrootd/xrootd-cta.cfg
sed -i 's|.*sec.protocol unix.*|#sec.protocol unix|' /etc/xrootd/xrootd-cta.cfg
# Hack the default xrootd-cta.cfg provided by the sources
sed -i 's|.*sec.protocol krb5.*|sec.protocol krb5 /etc/cta-frontend.keytab cta/cta-frontend@TEST.CTA|' /etc/xrootd/xrootd-cta.cfg
# Allow only SSS and krb5 for frontend
sed -i 's|^sec.protbind .*|sec.protbind * only sss krb5|' /etc/xrootd/xrootd-cta.cfg
# Wait for the keytab file to be pushed in by the creation script.
echo -n "Waiting for /etc/cta-frontend.keytab"
for ((;;)); do test -e /etc/cta-frontend.keytab && break; sleep 1; echo -n .; done
echo OK
touch /cta-frontend.log
chmod a+w /cta-frontend.log
tail -F /cta-frontend.log &
echo "Launching frontend"
runuser --shell='/bin/bash' --session-command='cd ~cta; xrootd -n cta -c /etc/xrootd/xrootd-cta.cfg -I v4' cta
echo "frontend died"
sleep infinity
\end{lstlisting}
\section{Ceph}
......@@ -238,16 +329,6 @@ https://gitlab.cern.ch/cta/CTA/blob/master/continuousintegration/docker/ctafront
here is what I understood:
\subsection{1/ Config file for the object store:}
\begin{verbatim}
[root@ctafrontend ~]# cat /tmp/objectstore-rc.sh
export OBJECTSTORENAMESPACE=cta-vlado
export OBJECTSTOREID=cta-vlado
export OBJECTSTOREPOOL=tapetest
export OBJECTSTORETYPE=ceph
export OBJECTSTOREURL=rados://cta-vlado@tapetest:cta-vlado
\end{verbatim}
\subsection{2/ Config file for the DB:}
\begin{verbatim}
[root@ctafrontend ~]# cat /tmp/database-rc.sh
......
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment