Advanced Training:

Getting Started

June 17-20, 2025

iRODS User Group Meeting 2025

Durham, NC

Little Slips of Paper & Dependencies

curl -LO https://github.com/irods/irods_training/raw/ugm2025/training.pem
chmod 600 training.pem
ssh -i training.pem ubuntu@#.#.#.#

Log into your VM.

Install iRODS Build Requirements.

sudo apt update

sudo apt install -y git unzip jq wget curl less gnupg2 lsb-release odbc-postgresql pkgconf

Disable the needrestart prompts.

echo "\$nrconf{restart} = 'a';" |
  sudo tee /etc/needrestart/conf.d/no-prompt.conf > /dev/null

Acquire the Prerequisites

Clone the training repository.

git clone https://github.com/irods/irods_training

Install and configure PostgreSQL

DEBIAN_FRONTEND=noninteractive sudo -E apt -y install postgresql
sudo pg_ctlcluster --skip-systemctl-redirect 14/main start

sudo sed -i 's/CommLog=1/CommLog=0/' /etc/odbcinst.ini
sudo su - postgres

As the ubuntu user, install and start the database.

postgres $ psql
CREATE DATABASE "ICAT";
CREATE USER irods WITH PASSWORD 'testpassword';
GRANT ALL PRIVILEGES ON DATABASE "ICAT" to irods;
ALTER DATABASE "ICAT" OWNER TO irods;
\q
postgres $ exit

As the postgres user, prepare the database for iRODS use.

Install and configure Rsyslog

sudo apt install -y rsyslog

As the ubuntu user ...

$FileCreateMode 0644
$DirCreateMode 0755
$Umask 0000
$template irods_format,"%msg%\n"
:programname,startswith,"irodsServer" /var/log/irods/irods.log;irods_format & stop

:programname,startswith,"irodsAgent" /var/log/irods/irods.log;irods_format & stop
:programname,startswith,"irodsDelayServer" /var/log/irods/irods.log;irods_format & stop

Edit /etc/rsyslog.d/00-irods.conf (requires sudo).

Install rsyslog.

Restart rsyslog.

sudo systemctl restart rsyslog

Configure the Repository, Install, Run setup

wget -qO - https://packages.irods.org/irods-signing-key.asc | sudo apt-key add -
echo "deb [arch=amd64] https://packages.irods.org/apt/ $(lsb_release -sc) main" | \
  sudo tee /etc/apt/sources.list.d/renci-irods.list
sudo apt update
sudo apt install -y irods-server irods-database-plugin-postgres

Install public key and add repository.

Install from repository.

Read more: https://packages.irods.org

sudo python3 /var/lib/irods/scripts/setup_irods.py < \
  /var/lib/irods/packaging/localhost_setup_postgres.input

Run setup with provided input file.

Set up iRODS systemd support

sudo fallocate -l 3G /swapfile
sudo chmod 600 /swapfile
sudo mkswap /swapfile
sudo swapon /swapfile
sudo swapon --show

Add swap space to the VM for some heavy stuff later ...

The server log will be located at /var/log/irods/irods.log.

irodsServer -d
# Wait for server to start up...
ils

As the irods user, start iRODS server and run ils to make sure things are working.

Setup iRODS for Auditing

Before we continue with the training, we are going to set up some auditing in iRODS so that we can report on all of the activities in our iRODS instance.

 

At the end of today's training, we will revisit this and visualize what has happened in iRODS throughout the day.

 

The first action is to install the auditing plugin ...

sudo apt-get -y install irods-rule-engine-plugin-audit-amqp

Setup the iRODS Audit Plugin

Edit /etc/irods/server_config.json to add a new stanza to the rule_engines array, after the irods_rule_language plugin.

        "rule_engines": [
            {            

               "instance_name": "irods_rule_engine_plugin-irods_rule_language-instance",
                ...

                ...
                "shared_memory_instance": "irods_rule_language_rule_engine"
            },
            {
                "instance_name": "irods_rule_engine_plugin-audit_amqp-instance",
                "plugin_name": "irods_rule_engine_plugin-audit_amqp",
                "plugin_specific_configuration" : {
                     "amqp_location" : "ANONYMOUS@localhost:5672",
                     "amqp_topic" : "audit_messages",
                     "pep_regex_to_match" : "pep_(api|resource)_.*"
                 }
           },

           {
                "instance_name": "irods_rule_engine_plugin-cpp_default_policy-instance",

... 

As the irods user, reload the iRODS server's configuration.

kill -HUP $(cat /var/run/irods/irods-server.pid)

Setup Monitoring

curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo apt-key add -
sudo add-apt-repository "deb [arch=amd64] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable"
sudo apt update
sudo apt install -y docker-ce
sudo usermod -aG docker ${USER}

The iRODS audit plugin produces AMQP 1.0 messages for each dynamic policy enforcement point.
 

We will now setup a docker container which will accept these messages, store them in an Elastic database, and provide a visualization web tool.

 

First we need to install Docker.

Log out of your virtual machine and log back in to make sure your group list is updated.

Setup Monitoring

docker run -d -p 8080:15672 -p 5672:5672 -p 80:5601 -p 9201:9200 irods/irods_audit_elk_stack

From within your virtual machine, run this pre-built ELK stack docker image.

You now have a docker container instance running within your virtual machine.

 

This instance is running the following:

  • RabbitMQ - Message broker that stores the AMQP messages

  • Elasticsearch - Database that stores the AMQP messages

  • not-logstash - Reads messages from RabbitMQ and writes them to Elasticsearch

  • Kibana - A data visualization dashboarding tool for Elasticsearch 

docker ps

Confirm that the container is running.

Confirm the Visualization

Port 80 on your VM is now mapped to the Kibana web tool.

It may take a minute or so to start up.

 

  1. In a web browser, navigate to http://#.#.#.#/ to open the Kibana dashboard.

  2. Click on hamburger menu (top left) -> Analytics -> Dashboards.

  3. Select iRODS Dashboard.

  4. In the upper right corner, select "Last 15 minutes".

  5. Also, set the Refresh time to "15 seconds".

Configure the Visualization

You should see a dashboard that looks similar to the screenshot below.

 

If you have not executed an iput or iget yet...

the Bytes Read Per Minute and Bytes Written Per Minute will report no data.

What to Consider in an iRODS Deployment

Things to consider

  • Number of users and expected simultaneous connections

  • Expected ingest rate

  • Sizes of files

    • Many small files (more overhead per connection)

  • Partial read / write vs whole file usage

  • Replication for durability

  • Replication for locality of reference

  • Load balancing vs High Availability

iRODS will run on a laptop or a rack of servers.

Upgrading Large Installations

Things to consider

  • Database Snapshots

  • Maintenance Window

  • Attempt a graceful grid-wide shutdown ahead of time

  • Test Zones - do not upgrade blindly

  • Conformance Tests - try your edge cases

  • Federated Zones - how mixed is your deployment

Questions?

Anatomy of an iRODS installation

/etc/irods/core.* - iRODS Rule Language

/etc/irods/server_config.json - primary server configuration

/etc/irods/service_account.config - service account information

/usr/bin/* - iCommands

 

/usr/sbin/irodsAgent

/usr/sbin/irodsPamAuthCheck

/usr/sbin/irodsDelayServer

/usr/sbin/irodsServer

 

/var/run/irods - holds the server's pid file

 

/var/lib/irods - service account home directory

 

/var/log/irods - log files

 

/usr/lib/irods/plugins - plugins location

Introduction to iCommands

iRODS command line equivalent to standard Unix operations

  • ils

  • icd

  • ipwd

  • iput

  • iget

  • irepl

 

use -h to get help with any particular iCommand

 

ihelp will show all available iCommands

 

Questions?

UGM 2025 - Getting Started

By iRODS Consortium

UGM 2025 - Getting Started

iRODS User Group Meeting 2025 - Advanced Training Module

  • 112

More from iRODS Consortium