GT 3.9.5 DRS (Tech Preview): System Administrator's Guide

Introduction

This guide contains advanced configuration information for system administrators working with the Data Replication Service (DRS). It provides references to information on procedures typically performed by system administrators, including installing, configuring, deploying, and testing the installation.

This information is in addition to the basic installation instructions in the GT 3.9.5 System Administrator's Guide.

Building and installing

DRS is not installed as part of the standard install. To install the DRS, first install the Globus Toolkit by following the basic installation instructions as referenced above. Following the basic installation, issue a make gt4-replicator postinstall command from the directory that was used to build the toolkit. The following commands will install the DRS.

 ./configure --prefix=/path/to/install
 make
 make gt4-replicator postinstall

Note: The DRS depends on the Globus RLS. In order for the "make" command above to build and install the RLS, you must follow the basic installation instructions for GT 3.9.5 as noted previously. Installation of the RLS requires that the GLOBUS_IODBC_PATH environment variable be properly set before issuing the "make" command. Not setting this environment variable before installation is a common mistake encountered by users.

Configuring

This information is in addition to the basic configuration instructions in the GT3.9.5 System Administrator's Guide. Aside from the basic configuration of GT 3.9.5, please review the following instructions for:

Database Configuration

The setup and configuration of the DRS depends on the installation of a relational database server. At present, these instructions will work with the PostgreSQL database server. The developers of DRS used the PostgreSQL 7.4.6 release when testing this service. Note: You must start PostgreSQL with the -i option to enable TCP/IP communication, which is required by DRS.

After installing and starting the database server, you will need to add a user account and create a database for DRS. The following commands may be used to configure PostgreSQL. (Note: you may select your own user account rather than using the example dbuser, but you must reflect that change consistently throughout the configuration of the service.)

1. Add user account:

 createuser -d -A -P
 Enter name of user to add: dbuser
 Enter password for new user:
 Enter it again:
 CREATE USER

2. Create database:

 createdb -O dbuser -W -U dbuser replicator
 Password:
 CREATE DATABASE

3. Create database schema:

 psql -W -U dbuser -d replicator -f \
  $GLOBUS_LOCATION/share/globus_wsrf_replicator/replicator_psql.sql
 Password:
 CREATE SEQUENCE
 CREATE SEQUENCE
 psql:/globus/install/share/globus_wsrf_replicator/replicator_psql.sql:22: 
 NOTICE:  CREATE TABLE / PRIMARY KEY will create implicit index 
 "t_replicator_pkey" for table "t_replicator"
 CREATE TABLE
 psql:/globus/install/share/globus_wsrf_replicator/replicator_psql.sql:35: 
 NOTICE:  CREATE TABLE / PRIMARY KEY will create implicit index 
 "t_replication_pkey" for table "t_replication"
 CREATE TABLE
 CREATE TABLE
 CREATE TABLE

4. Verify database setup:

 psql -W -U dbuser -d replicator
 Password:
 Welcome to psql 7.4.6, the PostgreSQL interactive terminal.
 
 Type:  \copyright for distribution terms
        \h for help with SQL commands
        \? for help on internal slash commands
        \g or terminate with semicolon to execute query
        \q to quit
	
 replicator=> \dt
            List of relations
  Schema |     Name      | Type  |    Owner
 --------+---------------+-------+-------------
  public | t_credential  | table | dbuser
  public | t_replication | table | dbuser
  public | t_replicator  | table | dbuser
  public | t_source      | table | dbuser
 (4 rows)
 
 replicator=> \di
                          List of relations
  Schema |        Name        | Type  |    Owner    |     Table
 --------+--------------------+-------+-------------+---------------
  public | t_replication_pkey | index | dbuser      | t_replication
  public | t_replicator_pkey  | index | dbuser      | t_replicator
 (2 rows)

 replicator=> \ds
                   List of relations
  Schema |       Name        |   Type   |    Owner
 --------+-------------------+----------+-------------
  public | t_replication_seq | sequence | dbuser
  public | t_replicator_seq  | sequence | dbuser
 (2 rows)

 replicator=> \d t_replicator
                             Table "public.t_replicator"
    Column   |       Type       |                     Modifiers
 ------------+------------------+-----------------------------------------------
  id         | integer          | not null default nextval('t_replicator_seq'...
  status     | integer          | default 0
  created    | double precision | not null
  started    | double precision | default 0
  terminated | double precision | default 0
  terminate  | double precision | default 0
  subject    | text             |
  username   | text             |
  total      | integer          | default 0
  finished   | integer          | default 0
  failed     | integer          | default 0
  cancelled  | integer          | default 0
  fault      | text             |
 Indexes:
     "t_replicator_pkey" primary key, btree (id)

 replicator=> \q

JNDI Configuration

In addition to database setup, the DRS requires certain JNDI settings to be properly configured. The installed JNDI configuration file may be found at $GLOBUS_LOCATION/etc/globus_wsrf_replicator/jndi-config.xml. To view the default configuration file (shipped with the GT 3.9.5 release) from the Globus CVS repository click here.

The settings are structured as name-value pairs. For example:

 <parameter>
   <name>rliUrl</name>
   <value>rls://127.0.0.1:39281</value>
 </parameter>

The following settings must be properly configured:

  • rliUrl: the connection URL for your installation of RLS running as a RLI service.
  • lrcUrl: the connection URL for your installation of RLS running as a LRC service.
  • rftUrl: the connection URL for your installation of the RFT ReliableFileTransferFactoryService.
  • maxTransferWait: the maximum number of seconds that the Replicator resource will wait for its RFT file transfers to complete. Note: the default value of 600, or 10 minutes, will be insufficient for large replication activities.
  • proxyfileChangePermsCmd: the platform-dependent command to change file permissions to user-only read-write permissions.
  • proxyfileDir: the directory that you would like the DRS to temporarily store user proxies. No setting is necessary. This value may be empty.
  • driverClassName: the JDBC database driver class name. This class must be reachable by the service via the container's classpath. The default value of org.postgresql.Driver works with PostgreSQL and comes installed with the standard installation of GT 3.9.5.
  • url: the connection URL for your installation and configuration of the database server for use with DRS.
  • username: the user associated with your database setup.
  • password: the password associated with your database user account.

Deploying

No further information is necessary.

Testing

This service does not provide a set of tests yet.

Security considerations

Service configuration files

The service configuration files such as the JNDI configuration file, jndi-config.xml, and the Web service deployment descriptor, server-config.wsdd, located in the $GLOBUS_LOCATION/etc/globus_wsrf_replicator directory, contain sensitive information such as database username and password. It is important to ensure that these files are readable only by the system administrator that is responsible for the container. During deployment, the permissions on these files are adjusted automatically, however, you should verify the permissions to ensure that they have been correctly set for your specific platform.

Database information

Critical inforamtion is maintained in the DRS database, including the replication request and all associated filenames, the endpoint reference to the delegated credential in the delegation service, and the username and user subject for each requestor. It is important that the user employ appropriate security measures to ensure the integrity and confidentiality of information maintained in your chosen database server. These steps may include granting limited permissions to other users of the database server, and ensuring that the database server encrypts its user passwords.

Delegated proxy credential files

Creating a Replicator requires that the user supply a delegated credential to the DRS during the initial creation request. The service retrieves the delegated credential from the Delegation Service and stores it on the file system. As part of the DRS configuration (see installation and configuration instructions), the user selects a directory to use for storage of delegated credentials. The default setting is for the DRS to store the file in the system's designated temporary directory (e.g., /tmp on many platforms). The service sets the permissions on the temporary file such that it can only be accessed by the user account used to run the container.

Troubleshooting

Generating verbose log output is a critical aid in troubleshooting of the DRS and is useful when communicating problems to Globus support lists. To increase logging detail, add the following line to the $GLOBUS_LOCATION/container-log4j.properties file.

 ...
 log4j.category.org.globus.replica=DEBUG
 ...