OneData deployment

Onedata is avalaible in EgiFedCloud. The storage consists of 2 disk of 7.5 TB in raid 6 configuration

LAYOUT

To deploy onedata services are needed 2 host for the configuration chosen, in our case we use: oneprovider: one-data-01.pd.infn.it onezone: onezone.cloud.cnaf.infn.it

ONEDATA

For official references about Onedata see: https://onedata.org/docs/doc/getting_started/what_is_onedata.html https://onedata.org/docs/doc/admin_guide.html

Prerequisites

All scenarios are prepared as Docker Compose configurations. The supported versions of docker engine and compose are equal or greater than:

docker engine 1.11 docker-compose 1.7

Install git and clone onedata repository with

git clone https://github.com/onedata/getting-started

Opening Ports:

If you want (usually you do) your Oneprovider/Onezone to communicate with any Onedata service that is located outside your localhost, you need to open a number of ports: Port Description

53/TCP DNS (Optional - used for load-balancing)

53/UDP DNS (Optional - used for load-balancing)

80/TCP HTTP

443/TCP HTTPS

5555/TCP Communication between Oneclient command line tool and Oneprovider service (TCP)

5556/TCP Communication between Oneprovider services among different sites

6665/TCP Onedata data transfer channel (RTransfer)

6666/TCP Onedata data transfer channel (RTransfer)

7443/TCP Communication between Oneprovider instances and Onezone used to exchange metadata

8443/TCP REST and CDMI API's (HTTP)

8876/TCP RTransfer protocol gateway

8877/TCP RTransfer protocol gateway

9443/TCP Onepanel web interface

and make sure that there are no intermediate firewalls blocking those ports between machines running Onedata services. More information on firewall setup can be found in documentation https://onedata.org/docs/doc/administering_onedata/firewall_setup.html

run_onedata.sh script runs in foreground. To run more complex scenarios, you will need multiple terminal windows or terminal multiplexer such as screen or tmux. (see https://github.com/onedata/getting-started

ONEDATA SETUP

As can be seen in the onedata quickstart guide https://github.com/onedata/getting-started, to launch onedata service you can choose a scenario, after that navigate to the scenario directory and execute ./run_onedata.sh script from there. Onedata services depend on each other. Maintain the order of starting up services and always wait for a message confirming that the service has successfully started.

In our case we used scenario 3_0. To deploy onezone oneprovider service you have to configure docker-compose-onezone.yml copy the file in /opt/onedata/oneprovider and restart the service:

systemctl restart oneprovider.service


IN ALTERNATIVE MODE (OLD MODE) you can sete hte file and start the script, according to scenario 3_0:

./run_onedata.sh –provider –provider-fqdn <provider ip or dns> –zone-fqdn <zone ip address or dns>

In our case the host one-data-01 use as onezone the Cnaf zone. We started the service from the directory /home/<last version of getting-started>/getting-started/scenarios/3_0_oneprovider_onezone_multihost/ and executed the scripts:

./run_onedata.sh –provider –provider-fqdn one-data-01.pd.infn.it –zone-fqdn onezone.cloud.cnaf.infn.it and wait for successfully started message


The script or the service gets configurations info from docker-compose-oneprovider.yml. Below is reported the configuration file, with some comments added for better explanations.

version: '2.0'

services: 
  one-data-01.pd.infn.it:
  image: onedata/oneprovider:3.0.0-rc11   ####The version of onedata used
  hostname: node1.oneprovider.localhost
  # dns: 8.8.8.8 # uncomment if container can't ping any domain
  container_name: oneprovider-1
  volumes:
      - "/var/run/docker.sock:/var/run/docker.sock"
      # configuration persistence
      - "${ONEPROVIDER_CONFIG_DIR}:/volumes/persistence"    ####Is possible to set config directory for oneprovider or use the default one
      # data persistence
      - "/mnt/data1:/volumes/storage"     ####The /mnt/data1 and /mnt/data2 mount point needs to be created
      - "/mnt/data2:/volumes/storage_2"   #### and mounted on the machine before launching onedata scripts. 
      #- "${ONEPROVIDER_DATA_DIR}:/volumes/storage"
      # Oneprovider
      #- "${OP_PRIV_KEY_PATH}:/volumes/persistence/etc/op_panel/certs/key.pem"
      #- "${OP_CERT_PATH}:/volumes/persistence/etc/op_panel/certs/cert.pem"
      #- "${OP_CACERT_PATH}:/volumes/persistence/etc/op_panel/cacerts/cacert.pem"
      #- "${OP_CACERT_PATH}:/volumes/persistence/etc/op_worker/cacerts/cacert.pem"
ports:
    - "53:53"
    - "53:53/udp"
    - "443:443"
    - "80:80"
    - "5555:5555"
    - "5556:5556"
    - "6665:6665"
    - "6666:6666"
    - "7443:7443"
    - "8443:8443"
    - "8876:8876"
    - "8877:8877"
    - "9443:9443"
  environment:
    #ONEPANEL_DEBUG_MODE: "true" # prevents container exit on configuration error
    ONEPANEL_BATCH_MODE: "true"
    ONEPROVIDER_CONFIG: |
      cluster:
        domainName: "oneprovider.localhost"
        nodes:
          n1:
            hostname: "node1"
        managers:
          mainNode: "n1"
          nodes:
            - "n1"
        workers:
          nodes:
            - "n1"
        databases:
          nodes:
            - "n1"
        storages:
          NFS:
            type: "posix"                      ####Here can be added and configured different types of storage.It's possible also add storage from web panel interface
            mountPoint: "/volumes/storage"
      oneprovider:
        register: true
        name: "INFN-PD"
        redirectionPoint: "https://${PROVIDER_FQDN}" # OR IP ADDRESS
        geoLatitude: ${GEO_LATITUDE}
        geoLongitude: ${GEO_LONGITUDE}
      onezone:
        domainName: "${ZONE_FQDN}" # OR IP ADDRESS
      onepanel:
        users:
          "admin":
            password: "<PASSWD>"
            userRole: "admin"
          "user":
            password: "<PASSWD>"
            userRole: "regular"

ONEPROVIDER WEB PANEL

As mentioned before when oneprovider service is up, is active also a web panel interface for the admin user at: https://one-data-01.pd.infn.it:9443/ Here is possible configure storage and give support for spaces created in onezone and want to use INFN-PD as provider.

MANAGE STORAGE

From the menu Software→ storage configuration, is possible add storage.

For posix storage is enough give a name for storage and a mount point(for the 2 disk in our storage the mount point are /volumes/storage and /volumes/storage_2, as you can see in the docker-oneprovider.yml file).

For ceph you need more parameters, in our case:

clusterName ⇒ «"ceph"», key ⇒ «"secret"», monitorHostname ⇒ «"192.168.61.206"», poolName ⇒ «"onedata"», type ⇒ «"ceph"», username ⇒ «"client.onedata"»}

SUPPORT SPACE

User can ask for support giving a token to the admin, as described in onedata documentation. The admin has to copy this token in Spaces→Management and click on Support Space. Here is possible to choose which disk use to give the space, to choose the size to support and copy the token in the appropriate box before confirm the operation.

Onedata rest api

It is possible to use Onedata's REST API's as well as oneclient command line tool for mounting virtual Onedata filesystem on the local machine.

For official reference about Onedata's REST API's please look at:

https://onedata.org/docs/doc/advanced/rest/index.html

https://onedata.org/docs/doc/advanced/cdmi.html

https://onedata.org/docs/doc/advanced/rest/cli.html

Here you can find all the information and explanation about using oneclient rest api and cdmi.

In order to be able to use this API the REST client must be able to authenticate with the Onezone service

As common usecase an user needs to copy files to or from onedata space without using oneclient, in this case can simply use curl commands. Can be useful export some variable before running the command:

export $ACCESS_TOKEN=<token> the token can be retrieved from the onedata dashboard from the section access token

export $ONEPROVIDER_HOST=https://one-data-01.pd.infn.it:8443 if the space is supported by padova one provider

To copy a file in a specific onedata space you can use curl command with this options:

curl -k -H "X-Auth-Token: $ACCESS_TOKEN" -T "/<path>/<filename>" "ONEPROVIDER_HOST/cdmi/<space-name>/<subdir>/"

To copy the file from onedata space in a local path:

curl -k -H "X-Auth-Token: $ACCESS_TOKEN" -o /<path>/<filename> "ONEPROVIDER_HOST/cdmi/<space-name>/<subdir>/<filename>"

or

curl -k -H "X-Auth-Token: $ACCESS_TOKEN" -O "ONEPROVIDER_HOST/cdmi/<space-name>/<subdir>/<filename>"

in this case the destination path is not specified so it's better to navigate in the chosen directory and then run the curl command.