NFSRODS v1.0.0
June 9-11, 2020
User Group Meeting
Virtual Conference
Kory Draughn
korydraughn@renci.org
Software Developer, iRODS Consortium
NFSRODS v1.0.0
NFSRODS v0.8.0 - Authorization Model
- Mapped traditional Unix permissions
- No group support
- Used world permissions
NFSRODS - What's changed since v0.8.0?
- Permissions are now managed via NFSv4 ACLs
- Groups are fully supported
- Added SSL support
- Added support for LDAP and AD via sssd
- Made it possible to retrieve the Git SHA of your deployment
- NFSRODS properly closes iRODS connections
- NFSRODS correctly handles listing of large collections
- Testing via BATS
NFSRODS v1.0.0 - Authorization Model
- Maps iRODS permissions to/from NFSv4.1 ACLs.
- Traditional UNIX permissions are only set for the owner.
- Permissions managed via nfs4_getfacl and nfs4_setfacl.
- Collections are always executable, while data objects are never executable.
NFSRODS - Enabling SSL/TLS
$ cat /home/ubuntu/nfsrods_config/server.json { "irods_client": {
"ssl_negotiation_policy": "CS_NEG_REQUIRE" } }
1. NFSRODS Configuration (shaved down for conciseness):
Could also be set to CS_NEG_DONT_CARE.
2. Launch the NFSRODS Docker container with your SSL certificate:
$ docker run -d --name nfsrods \ -p 3000:2049 \ -v /home/ubuntu/nfsrods_config:/nfsrods_config:ro \ -v /etc/passwd:/etc/passwd:ro \ -v /<full/path/to/certificate.crt>:/nfsrods_ssl.crt:ro \ irods/nfsrods:latest
NFSRODS - Enabling sssd
$ docker run -d --name nfsrods \ -p 3000:2049 \ -v /home/ubuntu/nfsrods_config:/nfsrods_config:ro \ -v /var/lib/sss:/var/lib/sss \ irods/nfsrods:latest
Launch the NFSRODS Docker container with the sssd socket:
Thanks to Jonathon Anderson, NFSRODS can use sssd to resolve users and groups as an alternative to /etc/passwd.
Enables support for LDAP and Active Directory.
NFSRODS - Future Work
- Hard Links
- Parallel Transfer
- Performance (e.g. "ls")
- Unit Testing
- NFStest - POSIX Filesystem Level Access Testing
- SMBRODS - Possible sister project to make iRODS accessible to Microsoft Windows machines
Questions?
- Thank you!
- This version (NFSv4.1) of NFSRODS was built by:
- Kory Draughn, iRODS Consortium
- Alek Mieczkowski, iRODS Consortium
- Mike Conway, NIH/NIEHS
- Jason Coposky, iRODS Consortium
- Terrell Russell, iRODS Consortium
- Inspired by work (NFSv3) presented at UGM2016 (slides, paper):
- Danilo Oliveira, Center for Informatics UFPE, Brazil
- I. Fé, Center for Informatics UFPE, Brazil
- A. Lobo Jr., Center for Informatics UFPE, Brazil
- F. Silva, Center for Informatics UFPE, Brazil
- G. Callou, Center for Informatics UFPE, Brazil
- V. Alves, Center for Informatics UFPE, Brazil
- P. Maciel, Center for Informatics UFPE, Brazil
- Stephen Worth, EMC Corporation
- Preliminary testing provided by:
- Bristol Myers Squibb
- University of Colorado Boulder Research Computing
UGM 2020 - NFSRODS v1.0.0
By korydraughn
UGM 2020 - NFSRODS v1.0.0
- 1,050