IRSubmillimeter nonISO Computing

1
IR/Submillimeter(non-ISO)Computing

• Present Status and (Near-term) Future

2
The Network Configuration
The Network Configuration
The Router of all Evil
depends on the constraints imposed by the other
side fast on exception list
3
ssh examples
ssh as a replacement for telnet and rlogin
ssh username_at_remotehost ssh as a
replacement for rexec and rsh ssh
username_at_remotehost command
4
scp examples
scp as a replacement for rcp and ftp (local file
to remote host) scp fileusername_at_remotehost
filedir scp as a replacement for rcp and ftp
(remote file to local host) scp
username_at_remotehostfile filedir To copy
directory trees recursively use the option -r
scp -r dir username_at_remotehostdir or scp
-r username_at_remotehostdir dir
5
sftp example
sftp myname_at_host1 At the sftpgt prompt you can
use the commands cd, lcd, chgrp, chmod, chown,
help, get, lls, ln, lmkdir, lpwd, ls, lumask,
mkdir, put, pwd, exit, quit, rename, rmdir, rm,
symlink, version, !command, !, and ? Use help or
? for help.
6
For Further Reading
Information on ssh, scp, sftp, and their usage
can be found at http//www.mpe.mpg.de/interna/DV
/ssh.html, http//www.rzg.mpg.de/rzg/security/ssh.
html, and associated links.
7
The survey says

• Rough equipartition of time spent with
  Win95/98/NT/2000 and Linux/Unix
• Almost everyone who uses HP-UX requires more disk
  space (typically
• 20GB), and 2/3 require faster CPU

8
The Solution

• BAR Antrag written and approved for

2. IBM RS/6000 43P/150 File Server 375MHz
604e PowerPC CPU 256MB Main Memory 1
? 18 GB internal disk Advanced SerialRAID
Plus Adapter AFS

• 3. 2 ? IBM Advanced SSA Disk Subsystem,
• each with 16 ? 36.4 GB 10000 rpm disks
• ? 1 spare
• ? 2 reserved for RAID bookkeeping
• ? 13 for normal use (? 473 GB / unit)

1. Sun UltraSPARC III Server 4 ? 750MHz
UltraSPARC III CPU 8 GB Main Memory 2
? 36 GB internal disks Sun Gigabit Ethernet
PCI Adapter AFS
9
The SolutionPart 2
In the upstairs computer room (1.3.72)
is pcir1.mpe-garching.mpg.de
4. 866GHz PIII PC with 256MB / 2 ? 18GB
CD-RW, DVD-ROM, DLT8000, DAT DDS-4
Linux (SuSE 7.1 Prof.) AFS
10
Present Status of the File Server and Disk
System(s)

• The file server is housed at the RZG and is
  currently in operation.
• One disk system (473 GB) is housed at the RZG,
  and is being configured for use under AFS (? all
• diskspace only accessible via an AFS read
  RZG
• account).
• The second disk system will be ordered in the
  fall, once prices have dropped.

11
Present Status of the Sun UltraSPARC III Server

• Still awaiting delivery.
• When it arrives it, too, will be housed at the
  RZG,
• and will be configured including AFS.

12
Present Status of pcir1

• Located in room 1.3.72
• Awaiting final configuration including AFS.

13
AFS What does it stand for?
Andrew File System A file system (cf. NFS)
developed at Carnegie Mellon University
in Pittsburgh Recognizing Andrew Carnegie and
Andrew Mellon Networked File System
14
AFS On what OS does it run?

• AFS has been ported to
• DEC, both Ultrix and Alphas
• HPs , HP_UX9.0 through 11.0
• IBMs, AIX
• Suns, SunOS4 through 5.6
• WinNT, Win98
• Linux, all kernels
• and several other architectures/OS

15
AFS Where does it run?

• AFS has been implemented on the following
• Group systems
• HPs irs2, fast, mpe3d, fiasko,
• hpgenzel, qso
• PCs various PCs within the group, both
• as Windows clients and Linux

16
AFS How do I get a piece of the action?
Apply for an RZG account 1. Fill in application
form. The current form is available at
www.rzg.mpg.de/rzg/forms/rzg-antrag_english.ps
www.rzg.mpg.de/rzg/forms/rzg-antrag_deutsch.ps 2.
Pass the form on to me. 3. Wait a day or so.
17
Tacconi-Garman MPE
x
Tacconi-Garman
Lowell
U.S.
30000 3288
x
MPE 20
MPE Infrared
x
quark-hhh
lowell
standard IR group account ? 1GB home area
18
AFS What are its advantages?

• AFS is a secure file system.
• 2. Central AFS namespace
• 3. Efficient caching
• 4. Replicated software servers
• 5. Flexible file access control
• 6. Ease of file recovery
• 7. Support for multiple operating systems
• 8. Support from the Rechenzentrum
• 9. Vehicle for homepages

19
AFS What are its disadvantages?
1. Support from the Rechenzentrum 2. Learning
curve
20
Intermission
21
AFS Advantage 1

• AFS is a secure file system.

(At least for the time being) AFS is deemed
secure such that outside access to AFS files
from systems running AFS does not require
additional authentication or other security
measures.
22
AFS Advantage 2
2. Central AFS namespace

• All files are visible from all machines running
  AFS
• within a common tree structure (e.g.
• /afs/ipp/home/l/lowell is equally accessible
• from fast as well as pclowell).
• No need to recall which AFS paths are mounted
  on
• which machines

23
AFS Advantage 3
3. Efficient caching

• Unlike NFS accessed files are cached locally.
• Subsequent use of executables relies on locally
• cached versions rather than re-accessing the
  code
• over the network again. ? increased speed for
• both execution and network transfers
• The file server notifies machines when an
• updated version exists.

24
AFS Advantage 4
4. Replicated software servers

• Files are handled by multiple software servers
• ? minimizes potential dropouts (i.e. What
  happens
• if fast goes down?)
• Allows software maintenance without downtime
• ? maximizes availability of software

25
AFS Advantage 5
5. Flexible file access control

• NFS file access controlled by permission bits
  (e.g.
• rwxrwxrwx hhh)
• Can only control access for owner, group, and
  world
• Can only control read, write, and execute access
• AFS file access granted through Access Control
  Lists
• ?Can control access for defined users/groups
• ?Can control lookup, insert, delete, administer,
  read,
• write, and lock access

26
AFS Advantage 6
6. Ease of file recovery
Nightly backups of AFS make recovery
of inadvertently deleted files straightforward.
27
AFS Advantage 7
7. Support for multiple operating systems

• Software for different operating systems are
  stored
• in a common structure.
• For example, /afs/ipp/_at_sys/bin/acroread
• ? HP_UX10.20 version from mpe3d
• ? Linux version from pclowell

28
AFS Advantage 8
8. Support from the Rechenzentrum
All AFS-related maintenance, including upgrades
to AFS itself, are done by the RZG.
29
AFS Advantage 9
9. Vehicle for homepages

• All websites not residing on the MPE webserver
• (e.g. www-ir.mpe-garching.mpg.de/lwl/)
• must reside within AFS

30
AFS Disadvantage 1
1. Support from the Rechenzentrum

• Although this is an advantage, the requirement
• to go through the RZG for some things (e.g.
  new
• accounts) decreases our control over the
  system.

31
AFS Disadvantage 2
2. Learning curve
Because AFS does things in a different way
than, say, NFS, users must become familiar with
different commands and procedures.
32
AFS Primer Cells
A cell is an independently administered site
running AFS. It consists of a collection of file
server and client machines. A machine can only
belong to one cell at a time. Examples of cells
are ipp-garching.mpg.de
(RZG) and mpa-garching.mpg.de (MPA). A machine
can access files belonging to its own cell and in
foreign cells. The pathname for each file is
identical regardless of which client machine the
user is working on. The filenames in our cell
start with /afs/ipp-garching.mpg.de/... (or more
simply /afs/ipp/...), at MPA with /afs/mpa/....
33
AFS Primer Authentication, Part 1
AFS uses the Kerberos procedures to authenticate
users. This is different from the standard UNIX
method. Kerberos authentication is different
from simply logging in. To access AFS files,
users must both log into the local machine's UNIX
file system and authenticate with the AFS
Authentication Server. Logins on (some) HPs are
configured to do both automatically.
34
AFS Primer Authentication, Part 2
Present AFS authentication status
35
AFS Primer Authentication, Part 3
To authenticate a user in a cell klog
-principal ltusergt -cell ltcellgt klog
-principal lowell -cell ipp.mpg.de or
simply klog The command prompts for the
password.
36
AFS Primer Authentication, Part 4
To change your Kerberos password kpasswd
-principal ltusergt -cell ltcellgt kpasswd
-principal lowell -cell ipp.mpg.de kpasswd The
command prompts for the old password, the
new password, and confirmation of the new
password.
37
AFS Primer Access Control Lists, Part 1

• ACLs
• control permission on directory and file access,
• superceding normal Unix permission bits
• are defined on a per-directory basis
• consist of 4 directory rights (lida) and 3 file
• rights (rwk)

38
AFS Primer Access Control Lists, Part 2

• ACL directory rights
• lookup (l) permits a user/group to list
  directory
• contents
• insert (i) permits a user/group to add files
  or
• subdirectories
• delete (d) permits a user/group to delete
  entries
• administer (a) permits a user/group to modify
  the
• ACL itself

39
AFS Primer Access Control Lists, Part 3

• ACL file rights (apply to all files in a
  directory)
• read (r) permission to read file contents and
  to
• query file status
• write (w) permission to write file content
• lock (k) permission to use full-file advisory
  locks

40
AFS Primer The fs command suite, Part 1
fs is a command suite of utilities to manipulate
AFS files and client cache. Some common uses
are fs setacl -dir . -acl patfriends rl
smith write fs listacl -path . Access list for
. is Normal rights patfriends rl smith
rlidwk
41
AFS Primer The fs command suite, Part 2
The following example includes the -clear flag,
which removes the existing permissions (as
displayed with the fs listacl command) from the
current working directory's reports subdirectory
and replaces them with a new set. fs setacl
-clear -dir reports -acl pat all \
smith write systemanyuser rl fs listacl -dir
reports Access list for reports is Normal
rights systemanyuser rl smith rlidwk
pat rlidwka
42
AFS Primer The fs command suite, Part 3
The following example shows the output for the
volume user.smith fs listquota -path
/afs/abc.com/usr/smith Volume Name Quota
Used Used Partition user.smith 15000
5071 34 86
43
AFS Primer The pts command suite, Part 1
These commands are related to the protection
server. pts creategroup -name ltgroupgt Create
an entry in the Protection Database for each
specified group. group has the following format
owner-namegroup-name. owner-name must be your
login name. Example pts creategroup -name
lowellnewgroup
44
AFS Primer The pts command suite, Part 2
The following example adds users lwl, nrt, and
tecza to the lowellnewgroup group. pts adduser
-user lwl nrt tecza group lowellnewgroup The
effect of adding a user to a group are not
immediate. Before a new user of a group get the
access rights of that group, she/he must
re-authenticate (klog).
45
AFS Primer For Further Reading
More complete information about AFS, fs, pts,
etc. can be found at www.rzg.mpg.de/infoafs/arc
hive/afsindex.html www.rzg.mpg.de/infoafs/archiv
e/afs/afs.html (in German) www.transarc.ibm.com/L
ibrary/documentation/afs/3.5/unix/cmd/cmd02.htmTo
C See also www.mpe.mpg.de/www-ir/ir-computing.ht
ml