NFSRODS
Kory Draughn
korydraughn@renci.org
Software Developer, iRODS Consortium
NFSRODS
June 25-28, 2019
iRODS User Group Meeting 2019
Utrecht, Netherlands
NFSRODS - Overview
NFSRODS v0.8 Release
Available today ...
Provides:
NFSRODS - Initial Authentication Model
Initially built with a hard requirement on Kerberos. Why?
The Good:
The Bad:
NFSRODS v0.8 - Current Authentication Model
NFSRODS v0.8 - Authorization Model
iRODS Permission | Collection as Directory | Data Object as File |
---|---|---|
OWN | drwx-----x | -rw------- |
WRITE | d--x---rwx | -------rw- |
READ | d--x---r-x | -------r-- |
NULL | d--x-----x | ---------- |
NFSRODS v0.8 - Authorization Model Feedback
After early testing in an enterprise environment ...
The Good:
Other:
Suggestion:
NFSRODS - Deployment
ubuntu$ git clone https://github.com/irods/irods_client_nfsrods
ubuntu$ cd irods_client_nfsrods
ubuntu$ docker build -t nfsrods .
2. Build the image (if desired):
1. Requirements:
NFSRODS - Deployment (continued)
ubuntu$ cat /home/ubuntu/nfsrods_config/server.json { "nfs_server": { "port": 2049, "irods_mount_point": "/tempZone", "user_information_refresh_time_in_minutes": 60, "file_information_refresh_time_in_milliseconds": 1000 }, "irods_client": { "zone": "tempZone", "host": "irods-server.ugm-2019", "port": 1247, "default_resource": "demoResc" }, "irods_proxy_admin_account": { "username": "rods", "password": "rods" } }
3. NFSRODS Configuration:
NFSRODS - Deployment (continued)
ubuntu$ docker run -d --name nfsrods \ -p 3000:2049 \ -v /home/ubuntu/nfsrods_config:/nfsrods_config:ro \ -v /etc/passwd:/etc/passwd:ro \ -v /etc/shadow:/etc/shadow:ro \ nfsrods:latest
ubuntu$ sudo mkdir -p /mnt/the_nfsrods_mountpoint ubuntu$ sudo mount -o sec=sys,port=3000 `hostname`:/ /mnt/the_nfsrods_mountpoint
5. Create the mount point:
4. Launch the NFSRODS Docker container:
bobby$ cd /mnt/the_nfsrods_mountpoint/home/bobby
bobby$ echo "science" > science.txt
bobby$ ls -l science.txt
-rw------- 1 bobby bobby 8 May 15 17:29 science.txt
bobby$ cat science.txt
science
6. Use the mount point:
NFSRODS v0.8 - Live Demo
NFSRODS - Science. Done.
GREAT!!!
Let's run all of our existing tools against NFSRODS, right?
NFSRODS - Science. Done.
Well ...
NFSRODS v0.8 - Caveats
Consider passing lookupcache=none as an additional option to mount. Although NFSRODS will be less responsive, the benefit to using this is that information will be more consistent and less likely to be leaked to users with more restrictive access.
NFSRODS - Future Work
Questions?