Differences

This shows you the differences between two versions of the page.

--- progetti:cloud-areapd:egi_federated_cloud:onedata [2018/07/24 09:22] – traldi@infn.it
+++ progetti:cloud-areapd:egi_federated_cloud:onedata [2018/07/24 09:23] (current) – traldi@infn.it
@@ Line 1: / Line 1: @@
+====== OneData deployment ======
+Onedata is avalaible in EgiFedCloud. The storage consists of 2 disk of 7.5 TB in raid 6 configuration
+**LAYOUT**
+To deploy onedata services are needed 2 host for the configuration chosen, in our case we use:
+oneprovider: one-data-01.pd.infn.it
+onezone: onezone.cloud.cnaf.infn.it
+**ONEDATA**
+For official references about Onedata see:
+https://onedata.org/docs/doc/getting_started/what_is_onedata.html
+https://onedata.org/docs/doc/admin_guide.html
+**Prerequisites**
+All scenarios are prepared as Docker Compose configurations. The supported versions of docker engine and compose are equal or greater than:
+docker engine 1.11
+docker-compose 1.7
+Install git and clone onedata repository with
+git clone https://github.com/onedata/getting-started
+Opening Ports:
+If you want (usually you do) your Oneprovider/Onezone to communicate with any Onedata service that is located outside your localhost, you need to open a number of ports:
+Port 	Description
+/TCP 	DNS (Optional - used for load-balancing)
+/UDP 	DNS (Optional - used for load-balancing)
+/TCP 	HTTP
+/TCP 	HTTPS
+/TCP 	Communication between Oneclient command line tool and Oneprovider service (TCP)
+/TCP 	Communication between Oneprovider services among different sites
+/TCP 	Onedata data transfer channel (RTransfer)
+/TCP 	Onedata data transfer channel (RTransfer)
+/TCP 	Communication between Oneprovider instances and Onezone used to exchange metadata
+/TCP 	REST and CDMI API's (HTTP)
+/TCP 	RTransfer protocol gateway
+/TCP 	RTransfer protocol gateway
+/TCP 	Onepanel web interface
+and make sure that there are no intermediate firewalls blocking those ports between machines running Onedata services. More information on firewall setup can be found in documentation https://onedata.org/docs/doc/administering_onedata/firewall_setup.html
+run_onedata.sh script runs in foreground. To run more complex scenarios, you will need multiple terminal windows or terminal multiplexer such as screen or tmux. (see https://github.com/onedata/getting-started
+**ONEDATA SETUP**
+As can be seen in the onedata quickstart guide https://github.com/onedata/getting-started, to launch onedata service you can choose a scenario, after that navigate to the scenario directory and execute ./run_onedata.sh script from there. Onedata services depend on each other. Maintain the order of starting up services and always wait for a message confirming that the service has successfully started.
+In our case we used scenario 3_0.
+To deploy onezone oneprovider service you have to configure docker-compose-onezone.yml copy the file in /opt/onedata/oneprovider and restart the service:
+systemctl restart oneprovider.service
+-----------------------------------------------------------------------------------------
+IN ALTERNATIVE MODE (OLD MODE) you can sete hte file and start the script, according to scenario 3_0:
+./run_onedata.sh --provider --provider-fqdn <provider ip or dns>  --zone-fqdn <zone ip address or dns>
+In our case the host one-data-01 use as onezone the Cnaf zone. We started the service from the directory /home/<last version of getting-started>/getting-started/scenarios/3_0_oneprovider_onezone_multihost/ and executed the scripts:
+./run_onedata.sh --provider --provider-fqdn one-data-01.pd.infn.it --zone-fqdn onezone.cloud.cnaf.infn.it
+and wait for successfully started message
+-----------------------------------------------------------------------------------------
+The script or the service gets configurations info from docker-compose-oneprovider.yml. Below is reported the configuration file, with some comments added for better explanations.
+version: '2.0'
+  services:
+    one-data-01.pd.infn.it:
+    image: onedata/oneprovider:3.0.0-rc11   ####The version of onedata used
+    hostname: node1.oneprovider.localhost
+    # dns: 8.8.8.8 # uncomment if container can't ping any domain
+    container_name: oneprovider-1
+    volumes:
+        - "/var/run/docker.sock:/var/run/docker.sock"
+        # configuration persistence
+        - "${ONEPROVIDER_CONFIG_DIR}:/volumes/persistence"    ####Is possible to set config directory for oneprovider or use the default one
+        # data persistence
+        - "/mnt/data1:/volumes/storage"     ####The /mnt/data1 and /mnt/data2 mount point needs to be created
+        - "/mnt/data2:/volumes/storage_2"   #### and mounted on the machine before launching onedata scripts.
+        #- "${ONEPROVIDER_DATA_DIR}:/volumes/storage"
+        # Oneprovider
+        #- "${OP_PRIV_KEY_PATH}:/volumes/persistence/etc/op_panel/certs/key.pem"
+        #- "${OP_CERT_PATH}:/volumes/persistence/etc/op_panel/certs/cert.pem"
+        #- "${OP_CACERT_PATH}:/volumes/persistence/etc/op_panel/cacerts/cacert.pem"
+        #- "${OP_CACERT_PATH}:/volumes/persistence/etc/op_worker/cacerts/cacert.pem"
+  ports:
+      - "53:53"
+      - "53:53/udp"
+      - "443:443"
+      - "80:80"
+      - "5555:5555"
+      - "5556:5556"
+      - "6665:6665"
+      - "6666:6666"
+      - "7443:7443"
+      - "8443:8443"
+      - "8876:8876"
+      - "8877:8877"
+      - "9443:9443"
+    environment:
+      #ONEPANEL_DEBUG_MODE: "true" # prevents container exit on configuration error
+      ONEPANEL_BATCH_MODE: "true"
+      ONEPROVIDER_CONFIG: |
+        cluster:
+          domainName: "oneprovider.localhost"
+          nodes:
+            n1:
+              hostname: "node1"
+          managers:
+            mainNode: "n1"
+            nodes:
+              - "n1"
+          workers:
+            nodes:
+              - "n1"
+          databases:
+            nodes:
+              - "n1"
+          storages:
+            NFS:
+              type: "posix"                      ####Here can be added and configured different types of storage.It's possible also add storage from web panel interface
+              mountPoint: "/volumes/storage"
+        oneprovider:
+          register: true
+          name: "INFN-PD"
+          redirectionPoint: "https://${PROVIDER_FQDN}" # OR IP ADDRESS
+          geoLatitude: ${GEO_LATITUDE}
+          geoLongitude: ${GEO_LONGITUDE}
+        onezone:
+          domainName: "${ZONE_FQDN}" # OR IP ADDRESS
+        onepanel:
+          users:
+            "admin":
+              password: "<PASSWD>"
+              userRole: "admin"
+            "user":
+              password: "<PASSWD>"
+              userRole: "regular"
+----
+**ONEPROVIDER WEB PANEL**
+As mentioned before when oneprovider service is up, is active also a web panel interface for the admin user at:
+ https://one-data-01.pd.infn.it:9443/
+Here is possible configure storage and give support for spaces created in onezone and want to use INFN-PD as provider.
+//MANAGE STORAGE//
+From the menu Software-> storage configuration, is possible add storage.
+For posix  storage is enough give a name for storage and a mount point(for the 2 disk in our storage the mount point are /volumes/storage and /volumes/storage_2, as you can see in the docker-oneprovider.yml file).
+For ceph you need more parameters, in our case:
+clusterName => <<"ceph">>,  key => <<"__secret__">>, monitorHostname => <<"192.168.61.206">>, poolName => <<"onedata">>, type => <<"ceph">>, username => <<"client.onedata">>}
+//SUPPORT SPACE//
+User can ask for support giving a token to the admin, as described in onedata documentation.
+The admin has to copy this token in Spaces->Management and click on Support Space. Here is possible to choose which disk use to give the space, to choose the size to support and copy the token in the appropriate box before confirm the operation.
+===== Onedata rest api =====
+It is possible to use Onedata's REST API's as well as oneclient command line tool for mounting virtual Onedata filesystem on the local machine.
+For official reference about Onedata's REST API's please look at:
+https://onedata.org/docs/doc/advanced/rest/index.html
+https://onedata.org/docs/doc/advanced/cdmi.html
+https://onedata.org/docs/doc/advanced/rest/cli.html
+Here you can find all the information and explanation about using oneclient rest api and cdmi.
+In order to be able to use this API the REST client must be able to authenticate with the Onezone service
+As common usecase an user needs to copy files to or from onedata space without using oneclient, in this case can simply use curl commands.
+Can be useful export some variable before running the command:
+export $ACCESS_TOKEN=<token>  the token can be retrieved from the onedata dashboard from the section access token
+export $ONEPROVIDER_HOST=https://one-data-01.pd.infn.it:8443   if the space is supported by padova one provider
+To copy a file in a specific onedata space you can use curl command with this options:
+curl -k -H "X-Auth-Token: $ACCESS_TOKEN" -T "/<path>/<filename>" "ONEPROVIDER_HOST/cdmi/<space-name>/<subdir>/"
+To copy the file from onedata space in a local path:
+curl -k -H "X-Auth-Token: $ACCESS_TOKEN" -o /<path>/<filename> "ONEPROVIDER_HOST/cdmi/<space-name>/<subdir>/<filename>"
+or
+curl -k -H "X-Auth-Token: $ACCESS_TOKEN" -O "ONEPROVIDER_HOST/cdmi/<space-name>/<subdir>/<filename>"
+in this case the destination path is not specified so it's better to navigate in the chosen directory and then run the curl command.