creating non sensitive turbo volumes - raeker/ARC-Wiki-Test GitHub Wiki

Advanced Research Computing : Creating Non-Sensitive Turbo volumes

All Turbo volumes created for the UMRCP are multi-protocol. They will also include both snapshots and replication. 

The first step in setting up a volume is determining the path:

/ifs/macc-turbo2/mcomm-adsroot/repl/nfs-mp/FL/NAME

For the path shown the FL would be the first letter in the name of the volume which it then followed by /NAME. For example, if the volume is named umms-bender you will use umms-bender for NAME. The path would then be - 

/ifs/macc-turbo2/mcomm-adsroot/repl/nfs-mp/u/umms-bender

You will need the UID for the owner of the volume. This will be found in the top section of the UMRCP request:

Requestor's uid: 114131991

You will also need the GID of the MCommunity group for the volume. The MCommunity group will be shown in the UMCRP request in the section for the Turbo requests:

mcommunity group:umms-bender-turbo

To get the GID of the group you run the following command on gl-build:

get_ldap_gid <mcommunity group name>

The requestor on the UMRCP has the option of having the volume mounted on any combination of Great Lakes, Globus, Cavium, Lighthouse, or one of the user's choosing. For *HOSTS *in the NFS Export command below use these addresses as needed or pull the information from the UMRCP ticket:

Great Lakes - 141.211.192.32/27,10.164.8.0/21,10.164.24.0/21

Globus - globus-xfer1-stor.arc-ts.umich.edu

Lighthouse - 141.211.102.80/28,10.164.38.0/23,10.164.32.0/24,10.164.35.0/24

Cavium - 141.211.40.208/28,10.242.15.0/24,141.211.40.212

If no services are checked please use - macc-turbo2-cli-1.ifs.umich.edu - as the host

Use the TDx ticket number of the SRS request for the volume when creating the NFS export. If the user is only requesting a single Turbo volume then enter 10T for SIZE. If they request more than one volume then enter the amount that was indicated on the ticket for SIZE.

Use the following commands in order to provision a non-sensitive Turbo volume. You can copy and paste these commands into Isilon and fill in the parts needed:

Create Volume Directory:

sudo mkdir -m 2770 <PATH>

Set Share Permissions:

sudo chown <UID>:<GID> <PATH>

Create NFS Export:

isi nfs exports create --zone=mcomm-adsroot --security-flavors=unix --clients=<HOSTS> --description="TDx<SRS ticket number> - UMRCP Volume" --path=<PATH>

Create NFS Alias:

isi nfs alias create --zone=mcomm-adsroot --name=/<NAME> --path=<PATH>

Create SMB Share:

isi smb shares create --zone=mcomm-adsroot --browsable=true --smb3-encryption-enabled=false --continuously-available=true --path=<PATH> --name=<NAME>

Create SMB Share Permissions:

isi smb shares permission delete --zone=mcomm-adsroot --force --wellknown=Everyone --share=<NAME>

isi smb shares permission create --zone=mcomm-adsroot --wellknown="Authenticated Users" --permission=full --permission-type=allow --share=<NAME>

Create SMB File Permissions:

sudo chmod \=a# 1 group <GID> allow dir_gen_all,object_inherit,container_inherit <PATH>

sudo chmod +a user creator_owner allow dir_gen_all,object_inherit,container_inherit,inherit_only <PATH>

sudo chmod -c dacl_auto_inherited,dacl_protected <PATH>

Create SMB File Permissions for MiWorkspace managed UMRCP volumes use these commands INSTEAD of SMB file permissions above  *(MiWorkspace departments listed here: List of unit attributes for major schools and colleges at UM.:

sudo chmod \=a# 1 group <GID> allow dir_gen_read,dir_gen_write,dir_gen_execute,std_delete,object_inherit,container_inherit <PATH>

sudo chmod +a group 'UMROOT\euc-storage-select-admins' allow dir_gen_all,object_inherit,container_inherit <PATH>

sudo chmod +a user creator_owner allow dir_gen_all,object_inherit,container_inherit,inherit_only <PATH>

sudo chmod -c dacl_auto_inherited,dacl_protected <PATH>

Create Directory Quota:

isi quota quotas create --type=directory --container=true --hard-threshold=<SIZE> --include-snapshots=true --path=<PATH>

Create Snapshot Schedule:

isi snapshot schedules create --name=<NAME>-daily --pattern=<NAME>-daily_%Y-%m-%d_%H-%M --duration=1W --schedule="Every 1 days at 01:30 AM" --path=<PATH>

Once the above commands are completed a DNS entry will need to be made for the volume. One for NFS and one for CIFS. This requires logging into BlueCat. The NAME is the name of the volume:

  • Create an NFS Alias Record (CNAME)
    1. Zone = turbo.storage.umich.edu
    2. Name = <NAME>
    3. Host Record = macc-turbo2-nfs.p.turbo.storage.umich.edu
  • Create an CIFS Alias Record (CNAME)
    1. Zone = turbo.storage.umich.edu
    2. Name = <NAME>-win
    3. Host Record = macc-turbo2-mp.p.turbo.storage.umich.edu

Next is to enter the admin group name for the volume into the ARC-TS Storage Notifications MCommunity group. When you are in the group:

  1. Click on the Members tab
  2. Then click on Add Members
  3. Enter the admin group name into the Members box and then click Save Changes at the bottom of the screen. 

The last step is to request the volume to be mounted on a host:

Creating Autofs Request:

The Autofs Files used to manage the cluster mounts are managed through git. Thus to modify the autofs files to include a new volume, the file must be modified through git and submitted as a pull request. 

***These steps operate with the understanding that an Ansible repo clone has been created by you to work out of. ***

Modifying Autofs File Through Git:

git checkout master
git pull
git checkout -b hotfix/[DESCRIPTION]-[TDx #]

Modify Appropriate Autofs File (see this list)

  • when creating an entry on the Great Lakes Autofs file make sure you use NFSv4 for the entry. For example:
    • lsa-jonth -rw,tcp,hard,nosuid,vers=4  lsa-jonth.turbo.storage.umich.edu:/lsa-jonth

Submitting Pull Request:

git commit -a -m "[VERBOSE DESCRIPTION]"
git push --set-upstream origin hotfix/[DESCRIPTION]-[TDx #]

The git-push command should output a hyperlink that can be used for this very purpose. Navigate to it in your preferred web browser, and you should see:

  • Review the Changes Made to ensure accuracy (Select Diff Tab)
  • Check the "Close [BRANCH] after the pull request is merged" box (if it is not already)
  • Submit the Pull Request
  • Inform the Systems Team of the pull request, either via Slack or a Ticket

Once the PR request has been submitted you should create the local group on the cluster where the volume is to be mounted:

  • Use ldap to find the GID of the volume: 
    • *get_ldap_gid <mcommunity group name> *
  • Once you have the GID run the following commands:
    • sudo /usr/sbin/groupadd -g GID <mcommunity group name>
    • sudo /usr/arcts/systems/scripts/ansibleSync.sh
  • After Ansible finishes running you can add the users to the group. After you've entered all of the uniqnames run Ansible again:
    • sudo usermod -aG  <mcommunity group name> <user uniqname>
    • sudo /usr/arcts/systems/scripts/ansibleSync.sh

Back to UMRCP ticket workflow

Back to Support Workflow

ITS Advanced Research Computing

⚠️ **GitHub.com Fallback** ⚠️