dmlite-shell

The dmlite-shell is an administrative tool for dmlite. This shell provides bash-like access to the dmlite admin functionalities.

Usage

dmlite-shell [options]

Options:
  -h, --help            
      show this help message and exit

  -c <CONFIGFILE>, --config=<CONFIGFILE>
      define the configuration file before launching the shell (default value is /etc/dmlite.conf)

  -e <COMMAND>, --execute=<COMMAND>
      execute the given command and exit

  -s <SCRIPTFILE>, --script=<SCRIPTFILE>
      execute the given script file line by line and exit

  -l <LOGFILE>, --logfile=<LOGFILE>
      write the logs to the specified file

Help

 acl            Set or read the ACL of a file.
 cd             Change the current directory.
 chgrp          Change the group of a file.
 chmod          Change the mode of a file.
 chown          Change the owner of a file.
 checksum       Set or read file checksums. (DEPRECATED)
 comment        Set or read file comments.
 create         Create a new file.
 drainfs        Drain a specific filesystem
 drainpool      Drain a specific pool
 drainserver    Drain a specific Disk Server
 du             Determine the disk usage of a file or a directory.
 exit           Exit the DMLite shell.
 find           Find a file in the namespace based on the given pattern
 fsadd          Add a filesystem. Dome needs to be installed and running. (package dmlite-dome)
 fsdel          Delete a filesystem. Dome needs to be installed and running. (package dmlite-dome)
 fsmodify       Modify a filesystem. Dome needs to be installed and running. (package dmlite-dome)
 getchecksum    Get or calculate file checksum
 getimplid      Give the ID of the implementation
 getlfn         Retrieve the LFN associated to the given SFN
 groupadd       Add a new group.
 groupban       Modify the ban status of a group.
 groupdel       Delete a group.
 groupinfo      List the informations about all the groups or about the specified group.
 help           Print a help text or descriptions for single commands.
 info           Print all available information about a file.
 init           Initialise the DMLite shell with a given configuration file.
 ln             Create a symlink.
 ls             List the content of the current directory.
 mkdir          Create a new directory.
 mv             Move or rename a file.
 pooladd        Add a pool.
 pooldel        Delete a pool.
 poolinfo       List the pools.
 poolmodify     Modify a pool.
 pwd            Print the current directory.
 qryconf        Query the configuration of the pools.
 quotatokendel  Del the quota token for the given path
 quotatokenget  List the quota tokens for the given path
 quotatokenmod  Modify a quota token, given its id
 quotatokenset  Set a quota token for the given path
 readlink       Show the target of a symlink.
 replicaadd     Add a new replica for a file.
 replicadel     Delete a replica for a file.
 replicamodify  Update the replica of a file.
 replicamove    Move a specified rfn folder to a new filesystem location
 replicate      Replicate a File to a specific pool/filesystem
 rmdir          Delete a directory.
 setguid        Set the GUID of a file.
 unlink         Remove a file from the system
 useradd        Add a new user.
 userban        Modify the ban status of a user
 userdel        Delete a user.
 userinfo       List the informations about all the users or about the specified user.
 utime          Set the access and modification time of a file.
 version        Print the DMLite API Version.

Examples

$ dmlite-shell
DMLite shell v1.13.0 (using DMLite API v20121218)
Using configuration "/etc/dmlite.conf" as root.
> cd dpm/cern.ch/home/
> ls
atlas              (dir)   
cms                (dir)   
dteam              (dir)

> info dpm/cern.ch/home/dteam/tf01
dpm/cern.ch/home/dteam/tf01
---------------------------
File type:  Regular file
Size:       670293B
Status:     Unknown (0)
Comment:    
GUID:       
Ino:        825826
Mode:       0100660
# of Links: 1
User:       x (ID: 9)
Group:      dteam (ID: 101)
CSumType  (deprecated):   
CSumValue (deprecated):   
ATime:      Mon Sep  2 14:45:14 2019
MTime:      Mon Sep  2 14:45:14 2019
CTime:      Tue Sep 10 10:24:20 2019
Replica:    ID:     818964
        Server: dpmdisk-trunk.cern.ch
        Rfn:    dpmdisk-trunk.cern.ch:/srv/dpm/volume/dteam/2019-09-02/tf01.2500.1567428314
        Status: kAvailable
        Type:   kPermanent
        Replica Extended Attributes (Key, Value):
            pool:   pool01
            filesystem:   /srv/dpm/volume
            accountedspacetokenname:   dteam_token
ACL:        user::rw-
            group::rw-
            other::r--
Extended Attributes (Key, Value):

Commands

This section describes some of the most useful commands

ACL Management

The shell has a unique command to query, set, modify and delete ACLs on the DPM namespace : acl

The expected syntax for set, modify and delete is:

acl <path> <ACL> command [-r]

where :

  • path: specifies the DPM pathname. If path does not start with / is prefixed by the value of the current folder
  • ACL: ACL string following the syntax described in the #ACL_expression section.
  • command: could be set, modify or delete
  • -r: passed to a folder, will apply the command (set, modify, delete) to all files and subfolders recursively

while for query existing ACLs the syntax is:

acl <path> 

ACL expression

The ACL can be specified in the following form

  
   * user::rwx ( or u:)
   * user:<DN>:rwx
   * user:<USERID>:rwx
   * group::rwx (or g:)
   * group:<GROUP>:rw
   * group:<GROUPID>:rw
   * other::rwx ( or o:)
   * mask::rwx ( mask will apply to user and group ACLs)

and multiple ACLs can be included separated by a comma

Default ACLs can be also set by specifying default: or d: in front of the ACL expression:

   * default:user::rwx
   * d:user::rwx
 

The first "user" entry gives the permissions granted to the owner of the file. The following "user" entries show the permissions granted to specific users, they are sorted in ascending order of uid.

The first "group" entry gives the permissions granted to the group owner of the file. The following "group" entries show the permissons granted to specific groups, they are sorted in ascending order of gid.

The "mask" entry is the maximum permission granted to specific users or groups. It does not affect the "owner" and "other" permissions.

The "mask" entry must be present if there are specific "user" or "group" entries.

"default" entries associated with a directory are inherited as access ACL by the files or sub-directories created in that directory. The mask is not used. Sub-directories also inherit the default ACL as default ACL.

As soon as there is one default ACL entry, the 3 default ACL base entries (default user, default group, default other) must be present.

The permissions are expressed as a combination of characters rwx- ( read, write, execute, none)

The entry processing conforms to the Posix 1003.1e draft standard 17.

ACL commands

ACL query

In order to get the acl for a given file or folder you need to just use the syntax:

acl <path>

for example for a file the output would be

> acl dpm/cern.ch/home/dteam/tf01 
# file: dpm/cern.ch/home/dteam/tf01
# owner: /DC=ch/DC=cern/OU=Organic Units/OU=Users/CN=Testuser (ID: 9)
# group: dteam (ID: 101)
user::rw-
group::rw-
other::r--

while for a folder default ACLs are also printed if present


> acl dpm/cern.ch/home/dteam/
# file: dpm/cern.ch/home/dteam
# owner: root (ID: 0)
# group: dteam (ID: 101)
user::rwx
group::rwx
other::r-x
default:user::rwx
default:group::rwx
default:other::r-x

ACL set

In order to set ACL on a file/folder the following syntax must be used:

acl <path> <ACL> set [-r]

Options:

  • path: specifies the DPM pathname. If path does not start with / is prefixed by the value of the current folder
  • ACL: ACL string following the syntax described in the #ACL_expression section.
  • -r: passed to a folder, will apply the command set to all files and subfolders recursively

N.B. Be aware that the set command will owerwrite any existing ACL already assigned to the file/folder

N.B. In case the DN or the GROUP contain spaces the ACL expression should be surrounded by either " or ' e.g.

 acl <file> '<ACL>' set

ACL modify

In order to modify an existing ACL on a file/folder the following syntax must be used:

acl <path> <ACL> modify [-r]

Options:

  • path: specifies the DPM pathname. If path does not start with / is prefixed by the value of the current folder
  • ACL: ACL string following the syntax described in the #ACL_expression section.
  • -r: passed to a folder, will apply the command modify to all files and subfolders recursively

N.B. In case the DN or the GROUP contain spaces the ACL expression should be surrounded by either " or ' e.g.

acl <file> '<ACL>' modify

ACL delete

In order to delete an existing ACL on a file/folder the following syntax must be used:

acl <path> <ACL> delete [-r]

Options:

  • path: specifies the DPM pathname. If path does not start with / is prefixed by the value of the current folder
  • ACL: ACL string following the syntax described in the #ACL_expression section and it must be present on the file
  • -r: passed to a folder, will apply the command delete to all files and subfolders recursively

N.B. In case the DN or the GROUP contain spaces the ACL expression should be surrounded by either " or ' e.g.

acl <file> '<ACL>' delete

Replica Management

N.B. When DOME is not enabled these commands require the DPM Headnode DN mapping to be included in the /etc/lcgdm-mapfile on the DPM Head node

You can include the DN mapping (e.g. "/CN/your-host" dpmmgr, in the /etc/lcgdm-mapfile-local and the edk-mkgridmap cron will include it then in the /etc/lcgdm-mapfile

Tthe following configuration options are also needed in the dmlite-mysql-plugin configuration ( /etc/dmlite.conf.d/mysql.conf):

# Give root access to the host DN
HostDNIsRoot yes

# Needed to set the host DN 
HostCertificate /etc/grid-security/dpmmgr/dpmcert.pem

# Adminuser for replication and filesystem selection, it should be set to one of the admin DNs( not necessarily the one running the command)
# this parameter enables the specified DN to run admin commands like specifying pool and fs when copying a file.
AdminUsername <admin DN>

which can be also set via puppet.

replicate

The dmlite-shell includes also functionality for the file replication via '''HTTP'''.

The command ''replicate'' has the following options:

replicate <filename> [poolname <pool> filesystem <filesystemname> filetype <filetype> lifetime <lifetime> spacetoken <spacetoken> dryrun <true/false>]

the optional parameters are:

  • poolname : replicate to the specific pool
  • filesystem : replicate to the specific filesystem ( in the form server:filesystem)
  • filetype : the file type to use for the new replica (P (permanent), V (volatile) or D (Durable))
  • lifetime : the lifetime of the replica (Inf = Infinite or specified as XXy, XXm, XXd, XXh ( years, months, days, hours))
  • spacetoken : The destination spacetoken/quotatoken of the new replica
  • dryrun : if set to true just print the statistics (optional, default = true)

replicamove

The dmlite-shell includes also functionality to move file via '''HTTP'''.

The command ''replicamove'' has the following options:

replicamove <sourceFileSystem> <sourceFolder>  <destFilesystem> [filetype <filetype>  lifetime <lifetime>  nthreads <threads>  dryrun <true/false>  ]

The replicamove command accepts the following parameters:

  • sourceFileSystem : the source fileystem where to move the replicas from ( in the form servername:fsname)
  • sourceFolder : the source file or folder PFN, relative to the fsname root
  • destFilesystem : the filesystem where to move the file to ( in the form as servername:fsname)
  • filetype filetype : the filetype of the new replica, it could be P (permanent), D (durable), V (volatile) (optional, default = P )
  • lifetime lifetime : the lifetime of the new replica, it can be specified as a multiple of y,m,d,h or Inf (infinite) (optional, default = Inf)
  • nthreads threads : the number of threads to use in the process (optional, default = 5)
  • dryrun true/false : if set to true just print the statistics (optional, default = true)

For example

replicamove disk01.cern.ch:/dpmdata /dteam/2017-11-16/tf025.218.1510848066 disk02.cern.ch:/dpmdata

N.B. Please note that given that the move process could take days ( depending on the amount the data to move) is recommended to run the dmlite-shell with -e option and with nohup command, e.g.

nohup dmlite-shell -e "replicamove <params> " -l /tmp/logs &

this will prevent stopping the process in case you are connected remotely to the DPM Headnode.

By default the replication command uses port 443 for ''httpd'' running on the Headnode (in https) and 80 for ''httpd'' running on the disk nodes ( in plain http)

if your installation is running in different ports they can be configured in the environment before running the dmlite-shell as follows:

export DPM_HTTPS_PORT=8443
export DPM_HTTP_PORT=8080

drain

The dmlite-shell includes also functionality to implement drain of Filesystems, Diskservers and Pools.

Compared to the already available dpm-drain tool, the new drain is using '''HTTP''' protocol instead of '''RFIO''' in order to replicate files among diskservers. In addition the different options of drain ( pool, diskserver, filesystem) have been split in 3 different dmlite-shell commands:

  • drainfs : Drain a specific filesystem
  • drainpool : Drain a specific pool
  • drainserver : Drain a specific Disk Server

in details the options are:

drainfs <server> <filesystem> 

drainpool <poolToDrain> <destinationPool>

drainserver <server>

N.B. Due to an issue when merging code, drainpool released in version 1.12 is broken, the issue is fixed in DPM 1.13

N.B. When running the drainpool command on Dome enabled DPM and Quotatokens are in place, you need to first assign the Quotatokens of the pool to drain to the destination pool i.e. quotatokenmod pooltodran-qt-uuid pooltodran newpool

All the above commands have the following optional parameters:

  • group : specify the VO name to filter when draining ( only the files belonging to the given VO will be drained) , default is ''ALL''
  • nthreads : the number of threads to be used when replicating the files, default is ''5''
  • size : the percentage of the amount of data stored in the pool/server/filesystem to drain, default is ''100'' ( %)
  • dryrun : just calculate the statistics ( file to drain, size to drain ) without running the drain, default is ''true''
  • force : force to use more threads that the default maximum allowed (10), default is "false"

N.B. The drain commands assume that ALL disknodes have the HTTP access to port 80 properly configured, we can introduce another conf parameter to tell a different port to use for HTTP, but the disknodes should have ALL the same port configured.

N.B. Please note that given that the drain process could take days ( depending on the amount the data to drain) is recommended to run the dmlite-shell with -e option and with nohup command, e.g.

nohup dmlite-shell -e "drainserver dpmdisk01.cern.ch dryrun false" -l /tmp/logs &

this will prevent stopping the process in case you are connected remotely to the DPM headnode.

Command examples:

drainserver dpmdisk03.cern.ch size 50 nthreads 10 dryrun false
 
drainfs dpmdisk03.cern.ch /srv/dpm/01 nthreads 10 dryrun false

drainpool pooltodrain newpool nthreads 10 dryrun false

By default the replication command inside the drain uses port 443 for ''httpd'' running on the Headnode (in https) and 80 for ''httpd'' running on the disk nodes ( in plain http)

if your installation is running in different ports they can be configured in the environment before running the dmlite-shell as follows:

export DPM_HTTPS_PORT=8443
export DPM_HTTP_PORT=8080

The drain process will set the origin to read-only. If you've done a partial drain for rebalancing, remember to reinstate read support.

QuotaTokens Management

Starting with DPM 1.9.0 and the deployment of a new component ( Dome), is it possible to define via dmlite-shell the Quota Tokens for a particular path of the namespace.

Quota Tokens are an extension of the SRM spacetokens, because they define space reservations and in addition implement quota functionalities for a particular namespace path.

When enabling Dome and the Dome Adapter the first time, no quota tokens are defined. Therefore any attempt to write on the namespace will be denied ( as the quota is not defined)

Sysadmins have to define first the Quota Tokens via the dmlite-shell, this is possible in 2 ways:

  • For namespace paths which are not already managed via an SRM spacetoken a new quotatoken needs to be created via the quotatokenset command
  • For namespace paths managed via an SRM spacetoken, the existing spacetokens need to be 'converted' into Quota Tokens via the quotatokenmod command

as a preliminary operation, the namespace folder counters need to be initialised to the correct numbers. The following command needs to be executed on the Headnode for this:

dmlite-mysql-dirspaces.py --nsconfig=/usr/etc/NSCONFIG --updatedb

quotatokenset

The quotatokenset command, creates a Quota Token assigning it to a specific namespace path.

 quotatokenset <path> pool <value>   desc  <value>  size  <value>  groups  <value> 

The command accepts the following parameter:

  • path : the path
  • pool poolname : the pool name associated to the token
  • size size : the quota size and the corresponding unit of measure (kB, MB, GB, TB, PB), e.g. 2TB , 45GB
  • desc description : a description of the token
  • groups groups : a comma-separated list of the groups that have write access to this quotatoken

example

quotatokenset /dpm.cern.ch/home/dteam pool pool01 size 10TB desc "testing token" groups dteam

quotatokenget

The quotatokenget command list the Quota Tokens defined for a given path

quotatokenget <path>  <getsubdirs> 

The command accepts the following parameters:

  • path : the path
  • -s : the command will print the quota token associated to the subfolders of the given path (optional)

in order to get all quotatoken defined on the system for instance, the following command can be executed:

quotatokenget / -s

quotatokenmod

The quotatokenmod command can be used to modify a particular Quota Token.

quotatokenmod <token_id> path  <value> pool  <value>  size <value>  desc  <value> groups  <value>

The command accepts the following parameters:

  • token_id : the token id
  • path : the path
  • pool : the pool name associated to the token
  • size : the quota size and the corresponding unit of measure (kB, MB, GB, TB, PB), e.g. 2TB , 45GB
  • desc : a description of the token
  • groups : a comma-separated list of the groups that have write access to this quotatoken

this command is needed in order to 'convert' an existing SRM spacetoken to a Quota Token.

Using the quotatokenget command we retrieve the existing token e.g.

Token ID:   d1ccd612-3a41-4943-b11c-32ba220e7f88
Token Name:   ATLASSCRATCHDISK
Token Path:   
Token Pool:   pool01
Token Total Space:   9.54MB
Pool Total Space:   283.32GB
Path Used Space:   214.26GB
Path Free Space:   0B 
Groups:
   ID:   0   Name:   root
   ID:   118   Name:   atlas
   ID:   105   Name:   atlas/phys-top/Role=production

there is no path associated to it so it will not be taken into account for Quota Functionalities. To enable the quota the admin has to assign a path to it with the quotatokenmod command:

quotatokenmod d1ccd612-3a41-4943-b11c-32ba220e7f88 path /dpm/cern.ch/home/atlas/atlasscratchdisk

quotatokendel

The quotatokendel command remove an existing Quota Token from the system.

quotatokendel <path> <pool>

The command accepts the following parameters:

  • path : the path to remove the quota from
  • pool : the pool associated to the quota token to remove

i.e.

quotatokendel /dpm/cern.ch/home/dteam pool01
Edit | Attach | Watch | Print version | History: r15 < r14 < r13 < r12 < r11 | Backlinks | Raw View | WYSIWYG | More topic actions
Topic revision: r15 - 2019-11-14 - AndreaManzi
 
    • Cern Search Icon Cern Search
    • TWiki Search Icon TWiki Search
    • Google Search Icon Google Search

    DPM All webs login

This site is powered by the TWiki collaboration platform Powered by PerlCopyright & 2008-2020 by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
or Ideas, requests, problems regarding TWiki? use Discourse or Send feedback