This article describes changes to Faculty of Environment research storage filesystems after they have been migrated to Data Centre Strategy systems. There are some differences in the way the 2 systems are run which may affect access, permissions, backups, etc.
A central project is running which aims to provide an integrated system for compute and storage across the campus - the Data Centre Strategy project (DCS). The project involves migrating all existing Faculty of Environment compute and storage servers from local Faculty systems into DCS systems.
Although we are trying to make the DCS storage systems look as similar as possible to the Environment storage systems, there are some necessary changes when filesystems are migrated over to DCS. These changes are described below.
Sometime between now and November 2021, all existing Environment filesystems will be migrated to DCS. For each filesystem, communications will be sent to the users of the filesystem saying when the migration will take place. There will be some downtime on each filesystem when the migration is finalised - usually either overnight downtime, or over a weekend. On Environment systems, you can tell if a filesystem has been migrated by visiting this webpage.
General information about DCS storage can be found at these links -
https://it.leeds.ac.uk/it?id=kb_article&sysparm_article=KB0013189
https://it.leeds.ac.uk/it?id=kb_article&sysparm_article=KB0014063
Filesystems which have been migrated to DCS should still be accessible at the normal Environment locations on Environment clients. So, for example, filesystem a82 is accessible at -
/nfs/a82 - on Linux clients
\\envdfs\a82 - on Windows clients
Note that filesystems are not accessible via older pathnames - e.g. Windows pathnames which specify a specific server are no longer supported - so, for example - \\foe-data-32\a82 is NOT supported.
DCS filesystems which are exported to Unix clients (NFS exports) have an additional level of security applied to them - Kerberos tickets. Even if you have the correct permission to access a filesystem, you also require a valid Kerberos ticket - this identifies you to the network and indicates what privileges you have.
Normally you will be allocated a ticket when you login to a Linux client, and the ticket will stay valid for 10 days. When you logout and login again, you will be allocated a new ticket valid for another 10 days. But you are only allocated a ticket if you actually type in your password at login time.
There are cases where this could cause issues -
There's information on how to use ssh keytabs to address Kerberos issues related to scheduled and long-running jobs at the links below. You can also use keytabs if you want to ssh into Environment systems without supplying a password and retain access to DCS filesystems.
https://it.leeds.ac.uk/it?id=kb_article&sysparm_article=KB0014605
https://it.leeds.ac.uk/it?id=kb_article&sysparm_article=KB0014619
You can also manually manage Kerberos tickets using standard Linux commands -
If you have trouble accessing a filesystem which you think you should have permission to access, try running kinit. It will ask for your password, then allocate a new, valid Kerberos ticket which will last for 10 days. Verify you have a ticket by typing klist.
The default permission on Environment research storage systems includes read access for all staff and research students in the Faculty of Environment. It's possible to set this level of access because Environment filesystems are restricted to the Environment network only, and because the Environment servers set access control based on Environment user groups. This isn't possible on DCS filesystems - instead, access is potentially possible across the entire campus network, and restrictions are applied at a research group level.
In particular, this means that Environment users who had no special access to a filesystem, and were accessing it via the read access enabled for all staff and research students, will no longer have access. You now require membership of a specific research group to access filesystems - this can be done on a read or read/write basis. (Unless a research group has specifically opened their filesystem on all-campus access).
Filesystems which have been migrated from Environment to DCS have an indefinite lifetime on DCS - there is no 5 year lifetime.
Environment filesystems are backed up overnight with all files that have changed during the day being saved to a backup filesystem. The Environment system guarantees to keep file changes for 30 days - but if there's available space on the backup filesystems, changes are kept for much longer than that.
DCS filesystems keep changes for a maximum of 30 days. Changes totalling up to 15% of the filesystem size are stored in a separate backup area, changes beyond that size are stored within the filesystem itself and use filesystem capacity. The changes are kept in a hidden snapshot directory in the root of the filesystem (cd .snapshot). Users can access and restore backups themselves - there's no requirement for IT staff involvement.