NFSRODS
Presenting iRODS as NFSv4.1
November 18-21, 2019
Supercomputing 2019
Denver, CO
Kory Draughn
korydraughn@renci.org
Software Developer, iRODS Consortium
NFSRODS
Presenting iRODS as NFSv4.1
NFSRODS - Overview
NFSRODS v0.9 Release
Available today ...
Provides:
NFSRODS - Initial Authentication Model
Initially built with a hard requirement on Kerberos. Why?
The Good:
The Bad:
NFSRODS v0.9 - Current Authentication Model
NFSRODS v0.9 - Authorization Model
NFSRODS - Deployment
ubuntu$ git clone https://github.com/irods/irods_client_nfsrods
ubuntu$ cd irods_client_nfsrods
ubuntu$ docker build -t irods/nfsrods .
2. Build the image (if necessary):
1. Requirements:
NFSRODS - Deployment (cont.)
ubuntu$ cat /home/ubuntu/nfsrods_config/server.json { "nfs_server": { "port": 2049, "irods_mount_point": "/tempZone", "user_information_refresh_time_in_milliseconds": 3600000, "file_information_refresh_time_in_milliseconds": 1000, "user_access_refresh_time_in_milliseconds": 1000 }, "irods_client": { "zone": "tempZone", "host": "irods-server.sc19", "port": 1247, "default_resource": "demoResc", "ssl_negotiation_policy": "CS_NEG_REFUSE", "proxy_admin_account": { "username": "rods", "password": "rods" } } }
3. NFSRODS Configuration:
NFSRODS - Deployment (cont.)
ubuntu$ docker run -d --name nfsrods \ -p 3000:2049 \ -v /home/ubuntu/nfsrods_config:/nfsrods_config:ro \ -v /etc/passwd:/etc/passwd:ro \ -v /etc/shadow:/etc/shadow:ro \ irods/nfsrods:latest
ubuntu$ sudo mkdir -p /mnt/the_nfsrods_mountpoint ubuntu$ sudo mount -o sec=sys,port=3000 `hostname`:/ /mnt/the_nfsrods_mountpoint
5. Create the mount point:
4. Launch the NFSRODS Docker container:
bobby$ cd /mnt/the_nfsrods_mountpoint/home/bobby
bobby$ echo "science" > science.txt
bobby$ ls -l science.txt
-rw------- 1 bobby bobby 8 May 15 17:29 science.txt
bobby$ cat science.txt
science
6. Use the mount point:
NFSRODS v0.9
Demo
NFSRODS - Science. Done.
GREAT!!!
Let's run all of our tools against NFSRODS, right?
NFSRODS - Science. Done.
Well ...
NFSRODS v0.9 - Caveats
Consider passing lookupcache=none as an additional option to mount. Although NFSRODS will be less responsive, the benefit to using this is that information will be more consistent and less likely to be leaked to users with more restrictive access.
NFSRODS - Future Work
Questions?