High Level Architecture For UID/GID Mapping. Revision History Date Revision Author 12/18/ jjw

Similar documents
Remote Directories High Level Design

Demonstration Milestone Completion for the LFSCK 2 Subproject 3.2 on the Lustre* File System FSCK Project of the SFS-DEV-001 contract.

Multi-tenancy: a real-life implementation

Nathan Rutman SC09 Portland, OR. Lustre HSM

Fujitsu s Contribution to the Lustre Community

Project Quota for Lustre

DL-SNAP and Fujitsu's Lustre Contributions

Scalability Test Plan on Hyperion For the Imperative Recovery Project On the ORNL Scalable File System Development Contract

European Lustre Workshop Paris, France September Hands on Lustre 2.x. Johann Lombardi. Principal Engineer Whamcloud, Inc Whamcloud, Inc.

Fan Yong; Zhang Jinghai. High Performance Data Division

LIME: A Framework for Lustre Global QoS Management. Li Xi DDN/Whamcloud Zeng Lingfang - JGU

Lustre 2.8 feature : Multiple metadata modify RPCs in parallel

Lustre overview and roadmap to Exascale computing

Commit-On-Sharing High Level Design

Lustre Interface Bonding

CS 470 Spring Distributed Web and File Systems. Mike Lam, Professor. Content taken from the following:

CS 470 Spring Distributed Web and File Systems. Mike Lam, Professor. Content taken from the following:

Managing Lustre TM Data Striping

HLD For SMP node affinity

Kerberized Lustre 2.0 over the WAN

Administering Lustre 2.0 at CEA

Fujitsu's Lustre Contributions - Policy and Roadmap-

6.5 Collective Open/Close & Epoch Distribution Demonstration

Lustre on ZFS. Andreas Dilger Software Architect High Performance Data Division September, Lustre Admin & Developer Workshop, Paris, 2012

User's Guide c-treeace SQL Explorer

DLD for OPEN HANDLING in CMD

Chapter 11: Implementing File-Systems

MULTICS TECHNICAL BULLETIN MTB-237 page 1. Distribution A. Bensoussan Date: December 3, 1975 Overview of the New Storage System

ECE 598 Advanced Operating Systems Lecture 19

INTERNAL REPRESENTATION OF FILES:

Filesystems on SSCK's HP XC6000

CDP Data Center Console User Guide CDP Data Center Console User Guide Version

An Overview of Security in the FreeBSD Kernel. Brought to you by. Dr. Marshall Kirk McKusick

NFSv4 Multi-Domain Access. Andy Adamson Connectathon 2010

Distributed File Systems: Design Comparisons

Assistance in Lustre administration

TGCC OVERVIEW. 13 février 2014 CEA 10 AVRIL 2012 PAGE 1

Distributed File Systems

Scope Statement For Shared Key Authentication and Encryption in Lustre 2.X

Distributed File Systems. Distributed Systems IT332

Networks: Access Management Windows NT Server Class Notes # 10 Administration October 24, 2003

Chapter 12 File-System Implementation

Lustre Capability DLD

Imperative Recovery. Jinshan Xiong /jinsan shiung/ 2011 Whamcloud, Inc.

File-System Structure

GridNFS: Scaling to Petabyte Grid File Systems. Andy Adamson Center For Information Technology Integration University of Michigan

Intel Omni-Path Fabric Manager GUI Software

Data Protection and Synchronization for Desktop and Laptop Users VERITAS BACKUP EXEC 9.1 FOR WINDOWS SERVERS DESKTOP AND LAPTOP OPTION

Chapter 5: User Management. Chapter 5 User Management

File systems: outline

File System Implementation

Operating system security models

Testing Lustre with Xperior

Distributed File Systems. CS 537 Lecture 15. Distributed File Systems. Transfer Model. Naming transparency 3/27/09

System that permanently stores data Usually layered on top of a lower-level physical storage medium Divided into logical units called files

An Exploration of New Hardware Features for Lustre. Nathan Rutman

Altiris CMDB Solution from Symantec Help. Version 7.0

DELL EQUALLOGIC FS7500 INTEGRATION WITHIN A LINUX ENVIRONMENT

Chapter 11: Implementing File Systems

What is a file system

Logical disks. Bach 2.2.1

DNE2 High Level Design

Chapter 8: Filesystem Implementation

ONTAP 9. SMB/CIFS Reference. December _H0 Updated for ONTAP 9.3

Lustre usages and experiences

PrepAwayExam. High-efficient Exam Materials are the best high pass-rate Exam Dumps

LFSCK High Performance Data Division

PESIT Bangalore South Campus

Challenges in making Lustre systems reliable

Batches and Commands. Overview CHAPTER

NFS Version 4 17/06/05. Thimo Langbehn

Lecture 2 Distributed Filesystems

DISTRIBUTED SYSTEMS [COMP9243] Lecture 9b: Distributed File Systems INTRODUCTION. Transparency: Flexibility: Slide 1. Slide 3.

CMD Code Walk through Wang Di

Refer to the Command Summary at the end of this document for a complete list of fs commands and their syntax.

FileCruiser. Administrator Portal Guide

An efficient method to avoid path lookup in file access auditing in IO path to improve file system IO performance

ECE 598 Advanced Operating Systems Lecture 18

Computer Science Section. Computational and Information Systems Laboratory National Center for Atmospheric Research

Introduction. This project will focus primarily on processes.

How to Configure CC Administrative Roles

Server Consolidation with Xen Farming

IBM Tivoli Storage Manager HSM for Windows Version 7.1. Messages

Using file systems at HC3

dcache NFSv4.1 Tigran Mkrtchyan Zeuthen, dcache NFSv4.1 Tigran Mkrtchyan 4/13/12 Page 1

Experiences in providing secure multi-tenant Lustre access to OpenStack. Dave Holland Wellcome Trust Sanger Institute

File Systems. What do we need to know?

Disruptive Storage Workshop Hands-On Lustre

IBM Security Access Manager Version May Advanced Access Control Configuration topics IBM

Shared Memory. By Oren Kalinsky

Data Movement & Storage Using the Data Capacitor Filesystem

Networking Heidenhain controllers with MCIS DNC Cell / Plant

Cluster creation and maintenance

File Services. Chapter 5. Topics in this Chapter: Understanding Windows File Systems. Understanding Linux File Systems

Process Time. Steven M. Bellovin January 25,

Emulating Windows file serving on POSIX. Jeremy Allison Samba Team

COS 318: Operating Systems. NSF, Snapshot, Dedup and Review

Using the Offline Diagnostic Monitor Menu

Dell FluidFS Version 6.0. FS8600 Appliance. Firmware Update Guide

SDC EMEA 2019 Tel Aviv

Transcription:

High Level Architecture For UID/GID Mapping Revision History Date Revision Author 12/18/2012 1 jjw i

Table of Contents I. Introduction 1 II. Definitions 1 Cluster 1 File system UID/GID 1 Client UID/GID 1 Canonical UID/GID Map 1 Working UID/GID Map 1 III. Changes from Solution Architecture 1 IV. Functional Specification 1 Structure of Cluster Definitions and UID/GID Maps 1 Distribution of the Cluster Definitions and UID/GID Maps 3 Client Mounting 4 UID/GID Lookup 5 Command Line Tools to Manipulate Clusters 5 V. Implementation Milestones 5 i

I. Introduction UID/GID Mapping allows the Lustre file system to be used across clusters heterogeneous user populations while still respecting POSIX file ownership, permissions, ACLs and quotas in a manner without credential timeouts or methods to transfer credentials across a client cluster. II. Definitions Cluster File system UID/GID The UID/GID that represents the owner/group of the file or directory as it is stored on the Lustre file system. Client UID/GID The UID/GID that represents the owner/group of the file or directory as it is represented on a Lustre client. Canonical UID/GID Map The UID/GID map held on the MGS server which serves as the master. Working UID/GID Map The UID/GID map held in memory on the MDS/OSS nodes. III. Changes from Solution Architecture None IV. Functional Specification Structure of Cluster Definitions and UID/GID Maps The MGS contains a linked list of the canonical cluster definitions and UID/GID maps for those clusters. The canonical list of cluster definitions and UID/GID maps kept in memory on the MGS as a linked list of cluster list versions, with each 1

version in memory having a unique version identifier. Only the latest version is written to disk. Each cluster will include a textual name for administrator identification, a file system UID and GID to assign to unmapped client UIDs and GIDs, flags indicating whether the cluster is trusted and the client UIDs and GIDs that should be used by the file system. Each cluster definition contains a pointer to a linked list representing one or more NID inclusive ranges that comprise the cluster. Any NID can be contained in only one range for only one cluster definition in the latest version of the cluster lists. Each cluster definition contains four pointers to red-black trees that provide fast forward and reverse mapping between client and file systems UIDs and GIDs. Nathan Rutman 1/8/13 10:03 AM Comment [1]: So after server reboot old reconnecting clients will lose their mappings. Nathan Rutman 1/8/13 10:04 AM Deleted: client Nathan Rutman 1/8/13 10:06 AM Comment [2]: Will the code check for this? cluster name unmapped UID unmapped GID flags (trusted cluster, admin, etc) range list client2filesystem UID RB Tree Start NID client2filesystem GID RB Tree End NID filesystem2client UID RB Tree Start NID filesystem2client GID RB Tree End NID pointer to next cluster Start NID End NID Figure 1 File system administrators will create definitions of client clusters on the Management node via the lctl command line tool. 2

Changes to the cluster definition are made and validated on the MGS in memory before being committed to disk. Multiple changes can be made before an explicit commit reducing the number of updates that take place during complex operations. If any changes to the cluster definitions fail to validate, all changes will be discarded. After a cluster definition has been committed, a mapping between client UIDs and GIDs and file system UIDs and GIDs can be attached to the cluster definition via the lctl command line tool. The exported functions for administering the cluster list and the associated UID/GID maps will be encapsulated into a kernel module. Distribution of the Cluster Definitions and UID/GID Maps Nathan Rutman 1/8/13 10:21 AM Comment [3]: Instead, maybe we should feed a complete definition text file directly in? (Along with the uid/gid list?) FWIW, I always vote for YAML. Nathan Rutman 1/8/13 10:11 AM Comment [4]: We probably want /proc files to: list the clusters, print each cluster definition, print each cluster map Upon initialization, each MDS and OSS node contacts the MGS, sets a callback for updates, and receives the latest version of the cluster definitions and UID/GID map. When the map is updated on the MGS, callbacks for the update are made for each server. Each MDS and OSS server provides the version id of the cluster definitions to the MGS. The MGS will compute the delta between the version current on the server and the latest version. It will then transmit only the changes to the servers to update their cluster definitions to the latest. Nathan Rutman 1/8/13 10:17 AM Comment [5]: If there are independent versions per cluster def, the implication is that this mechanism will handle multiple update files. If true, I d like to suggest this mechanism be made as generic as possible, to allow for other push updates of configs. Maybe include a header: push ver, config type, config ver, config id, flags, data 3

MGS MDS/OSS Cluster Table Updated Obtain Shared Lock on Cluster Table Call Shared Lock Callback Calculate Difference Between MDS/ OSS Version and Canonical Return Table Changes Pass Version of Cluster Table Figure 2 Client Mounting When a client mounts the file system, it logs into each server and an export structure allocated. During this operation, the NID will be looked up in the cluster definition linked list by checking against the range list. A pointer to the cluster definition containing the NID of the connecting client will be added to the exports structure. If a UID/GID mapping is toggled on, and the connecting NID is not in a cluster definition range, the pointer will be left NULL. Upon client definition and map updates, the exports will be walked to ensure that the exports structure for each client contains a pointer to the correct cluster definition. 4

UID/GID Lookup When a request is made of the MDT, the mapping from client UID/GID to file system UID/GID will be handled at the unpacking of the request at the beginning of its lifetime, and mapping from file system UID/GID to client UID/GID when the response is packed. When a request is made of the OST, the UID/GID mapping needs to occur prior to a write and any quota operations, as the only reason for UID/GID information on the OST is to maintain quotas. Command Line Tools to Manipulate Clusters Nathan Rutman 1/8/13 10:20 AM Comment [6]: Sorry if I asked before is this true with the new quotas code? Additions will be made to the lctl command line tool for cluster administration. Functionality will be added so that clusters can be defined, modified, and deleted, and maps associated with clusters can add or remove map nodes. The command line tool will only be able to manipulate the cluster list and maps from the MGS. Changes to the cluster list and map will be written to disk when the MGS is issued the command (via lctl) to commit the new configuration. The configuration will not be active nor will it be distributed to MDS and OSS servers until it is committed. Servers will be able to list the cluster list and map content using the lctl command, but not be able to affect the map. Additionally, the capability of a full reload of a server s working cluster list and UID/GID maps will be available via the lctl tool. V. Implementation Milestones To be done. 5

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback