====== OneData deployment ====== Onedata is avalaible in EgiFedCloud. The storage consists of 2 disk of 7.5 TB in raid 6 configuration **LAYOUT** To deploy onedata services are needed 2 host for the configuration chosen, in our case we use: oneprovider: one-data-01.pd.infn.it onezone: onezone.cloud.cnaf.infn.it **ONEDATA** For official references about Onedata see: https://onedata.org/docs/doc/getting_started/what_is_onedata.html https://onedata.org/docs/doc/admin_guide.html **Prerequisites** All scenarios are prepared as Docker Compose configurations. The supported versions of docker engine and compose are equal or greater than: docker engine 1.11 docker-compose 1.7 Install git and clone onedata repository with git clone https://github.com/onedata/getting-started Opening Ports: If you want (usually you do) your Oneprovider/Onezone to communicate with any Onedata service that is located outside your localhost, you need to open a number of ports: Port Description 53/TCP DNS (Optional - used for load-balancing) 53/UDP DNS (Optional - used for load-balancing) 80/TCP HTTP 443/TCP HTTPS 5555/TCP Communication between Oneclient command line tool and Oneprovider service (TCP) 5556/TCP Communication between Oneprovider services among different sites 6665/TCP Onedata data transfer channel (RTransfer) 6666/TCP Onedata data transfer channel (RTransfer) 7443/TCP Communication between Oneprovider instances and Onezone used to exchange metadata 8443/TCP REST and CDMI API's (HTTP) 8876/TCP RTransfer protocol gateway 8877/TCP RTransfer protocol gateway 9443/TCP Onepanel web interface and make sure that there are no intermediate firewalls blocking those ports between machines running Onedata services. More information on firewall setup can be found in documentation https://onedata.org/docs/doc/administering_onedata/firewall_setup.html run_onedata.sh script runs in foreground. To run more complex scenarios, you will need multiple terminal windows or terminal multiplexer such as screen or tmux. (see https://github.com/onedata/getting-started **ONEDATA SETUP** As can be seen in the onedata quickstart guide https://github.com/onedata/getting-started, to launch onedata service you can choose a scenario, after that navigate to the scenario directory and execute ./run_onedata.sh script from there. Onedata services depend on each other. Maintain the order of starting up services and always wait for a message confirming that the service has successfully started. In our case we used scenario 3_0. To deploy onezone oneprovider service you have to configure docker-compose-onezone.yml copy the file in /opt/onedata/oneprovider and restart the service: systemctl restart oneprovider.service ----------------------------------------------------------------------------------------- IN ALTERNATIVE MODE (OLD MODE) you can sete hte file and start the script, according to scenario 3_0: ./run_onedata.sh --provider --provider-fqdn --zone-fqdn In our case the host one-data-01 use as onezone the Cnaf zone. We started the service from the directory /home//getting-started/scenarios/3_0_oneprovider_onezone_multihost/ and executed the scripts: ./run_onedata.sh --provider --provider-fqdn one-data-01.pd.infn.it --zone-fqdn onezone.cloud.cnaf.infn.it and wait for successfully started message ----------------------------------------------------------------------------------------- The script or the service gets configurations info from docker-compose-oneprovider.yml. Below is reported the configuration file, with some comments added for better explanations. version: '2.0' services: one-data-01.pd.infn.it: image: onedata/oneprovider:3.0.0-rc11 ####The version of onedata used hostname: node1.oneprovider.localhost # dns: 8.8.8.8 # uncomment if container can't ping any domain container_name: oneprovider-1 volumes: - "/var/run/docker.sock:/var/run/docker.sock" # configuration persistence - "${ONEPROVIDER_CONFIG_DIR}:/volumes/persistence" ####Is possible to set config directory for oneprovider or use the default one # data persistence - "/mnt/data1:/volumes/storage" ####The /mnt/data1 and /mnt/data2 mount point needs to be created - "/mnt/data2:/volumes/storage_2" #### and mounted on the machine before launching onedata scripts. #- "${ONEPROVIDER_DATA_DIR}:/volumes/storage" # Oneprovider #- "${OP_PRIV_KEY_PATH}:/volumes/persistence/etc/op_panel/certs/key.pem" #- "${OP_CERT_PATH}:/volumes/persistence/etc/op_panel/certs/cert.pem" #- "${OP_CACERT_PATH}:/volumes/persistence/etc/op_panel/cacerts/cacert.pem" #- "${OP_CACERT_PATH}:/volumes/persistence/etc/op_worker/cacerts/cacert.pem" ports: - "53:53" - "53:53/udp" - "443:443" - "80:80" - "5555:5555" - "5556:5556" - "6665:6665" - "6666:6666" - "7443:7443" - "8443:8443" - "8876:8876" - "8877:8877" - "9443:9443" environment: #ONEPANEL_DEBUG_MODE: "true" # prevents container exit on configuration error ONEPANEL_BATCH_MODE: "true" ONEPROVIDER_CONFIG: | cluster: domainName: "oneprovider.localhost" nodes: n1: hostname: "node1" managers: mainNode: "n1" nodes: - "n1" workers: nodes: - "n1" databases: nodes: - "n1" storages: NFS: type: "posix" ####Here can be added and configured different types of storage.It's possible also add storage from web panel interface mountPoint: "/volumes/storage" oneprovider: register: true name: "INFN-PD" redirectionPoint: "https://${PROVIDER_FQDN}" # OR IP ADDRESS geoLatitude: ${GEO_LATITUDE} geoLongitude: ${GEO_LONGITUDE} onezone: domainName: "${ZONE_FQDN}" # OR IP ADDRESS onepanel: users: "admin": password: "" userRole: "admin" "user": password: "" userRole: "regular" ---- **ONEPROVIDER WEB PANEL** As mentioned before when oneprovider service is up, is active also a web panel interface for the admin user at: https://one-data-01.pd.infn.it:9443/ Here is possible configure storage and give support for spaces created in onezone and want to use INFN-PD as provider. //MANAGE STORAGE// From the menu Software-> storage configuration, is possible add storage. For posix storage is enough give a name for storage and a mount point(for the 2 disk in our storage the mount point are /volumes/storage and /volumes/storage_2, as you can see in the docker-oneprovider.yml file). For ceph you need more parameters, in our case: clusterName => <<"ceph">>, key => <<"__secret__">>, monitorHostname => <<"192.168.61.206">>, poolName => <<"onedata">>, type => <<"ceph">>, username => <<"client.onedata">>} //SUPPORT SPACE// User can ask for support giving a token to the admin, as described in onedata documentation. The admin has to copy this token in Spaces->Management and click on Support Space. Here is possible to choose which disk use to give the space, to choose the size to support and copy the token in the appropriate box before confirm the operation. ===== Onedata rest api ===== It is possible to use Onedata's REST API's as well as oneclient command line tool for mounting virtual Onedata filesystem on the local machine. For official reference about Onedata's REST API's please look at: https://onedata.org/docs/doc/advanced/rest/index.html https://onedata.org/docs/doc/advanced/cdmi.html https://onedata.org/docs/doc/advanced/rest/cli.html Here you can find all the information and explanation about using oneclient rest api and cdmi. In order to be able to use this API the REST client must be able to authenticate with the Onezone service As common usecase an user needs to copy files to or from onedata space without using oneclient, in this case can simply use curl commands. Can be useful export some variable before running the command: export $ACCESS_TOKEN= the token can be retrieved from the onedata dashboard from the section access token export $ONEPROVIDER_HOST=https://one-data-01.pd.infn.it:8443 if the space is supported by padova one provider To copy a file in a specific onedata space you can use curl command with this options: curl -k -H "X-Auth-Token: $ACCESS_TOKEN" -T "//" "ONEPROVIDER_HOST/cdmi///" To copy the file from onedata space in a local path: curl -k -H "X-Auth-Token: $ACCESS_TOKEN" -o // "ONEPROVIDER_HOST/cdmi///" or curl -k -H "X-Auth-Token: $ACCESS_TOKEN" -O "ONEPROVIDER_HOST/cdmi///" in this case the destination path is not specified so it's better to navigate in the chosen directory and then run the curl command.