Archiving and Deleting User App Areas¶
The idea is that there is limited space on the Network Attached Storage (NAS) volumes that are mounted on the interactive nodes and when people leave, they often don't clean up those areas (/uboone/data and /uboone/app). These instructions are designed so that these areas can be archived via a tarball on tape-backed dCache and then deleted from the active NAS. There are two steps to the process: create the tarball and copy it to tape and then deleting the archived working area. The problem is that the working area may not be group or world readable and therefore the creation of the tarball may not be initially possible. As well, in order to delete the files, you would either need access to the user account (not allowed at Fermilab) or have root access on the interactive node (also not allowed on uboonegpvm0X since it is centrally administered). The solution is to access the volume via the root account on if-admin-uboone.fnal.gov server. This server's sole purpose is to allow root access to the /uboone/data and /uboone/app volume by a limited number of collaborators.
NOTE: WITH ROOT ACCESS YOU WILL HAVE WRITE PERMISSIONS TO ALL OF /UBOONE/DATA AND /UBOONE/APP SO BE EXTREMELY CAREFUL WHEN ISSUING COMMANDS. IF A MISTAKE IS MADE, CALL THE SERVICE DESK IMMEDIATELY TO GET A TICKET OPENED TRY AND RECOVER FROM THE MISTAKE.
If you would like to have access to the root account on if-admin-uboone.fnal.gov, please open a service desk ticket.
With great power comes great responsibility.
Making the files group readable¶
You must first log into the root account on if-admin-uboone.fnal.gov
$> kinit $> ssh <KERBEROS_PRINCIPAL_UID>@uboonegpvm01.fnal.gov uboonegpvm01 $> ssh email@example.com
The first connection into uboonegpvm01.fnal.gov is because access to if-admin-uboone.fnal.gov is not permitted except from onsite. Alternatively, you could connect to the Fermilab VPN (vpn.fnal.gov) and then access if-admin-uboone.fnal.gov directly. Your choice. Go to the working area that you want to make group readable and issue the chmod command.
[root@if-admin-uboone ~]# cd /uboone/app/users/$USER_TO_ARCHIVE [root@if-admin-uboone ~]# chmod -R g+rw
Note that this will go through the entire user working area and so may take significant time. Their working area on /uboone/app will now be group readable and group writable.
Making the tarball¶
This is pretty easy since it's just a single SAM4Users command. It should not be done from the root account on if-admin-uboone.fnal.gov since that account doesn't have a grid proxy of write permission to tape-backed dCache. instead, log in as uboonepro on uboonegpvm01.fnal.gov and issue these commands:
$> ssh firstname.lastname@example.org [uboonepro@uboonegpvm01 ~]$ source /cvmfs/uboone.opensciencegrid.org/products/setup_uboone.sh [uboonepro@uboonegpvm01 ~]$ setup fife_utils [uboonepro@uboonegpvm01 ~]$ sam_archive_directory_image -j -s /uboone/app/users/$USER_TO_ARCHIVE -v -4 -d /pnfs/uboone/archive/sam_managed_users/uboonepro/image/user_$USER_TO_ARCHIVE/<app or data or persistent>
Note that the "-j" says to just test to see what would have been done without actually copying anything. If you're satisfied you've got things setup correctly, then issue the command without the "-j".
[uboonepro@uboonegpvm01 ~]$ sam_archive_directory_image -s /uboone/app/users/$USER_TO_ARCHIVE -v -4 -d /pnfs/uboone/archive/sam_managed_users/uboonepro/image/user_$USER_TO_ARCHIVE/<app or data or persistent>
If you need help with the sam_archive_directory_image command, just put "--help" on the command line to see additional documentation.
Comfirming the tarball is copied to tape¶
Taking directory /uboone/app/users/jhewes15 as an example
[uboonepro@uboonegpvm01 archive_inactive_user]$ ls -ltr /pnfs/uboone/archive/sam_managed_users/uboonepro/image/user_jhewes15/app total 6164842 -rw-r--r-- 1 uboonepro microboone 6312797924 Feb 15 15:31 image-ac2e5f24-8f4c-48ee-940c-026bac69f4c9.tgz [uboonepro@uboonegpvm01 archive_inactive_user]$ samweb list-files "archive.source '/uboone/app/users/jhewes15'" image-ac2e5f24-8f4c-48ee-940c-026bac69f4c9.tgz [uboonepro@uboonegpvm01 archive_inactive_user]$ samweb locate-file image-ac2e5f24-8f4c-48ee-940c-026bac69f4c9.tgz enstore:/pnfs/uboone/archive/sam_managed_users/uboonepro/image/user_jhewes15/app(3828@vr1502m8)
After you see the there's a tape label for the tarball, you could delete the directory. It would take up to 12 hours before a tape label is available
Deleting the working area¶
This is pretty straight forward. But be really certain that the sam_archive_directory_image finished correctly before issuing this command.
$> ssh email@example.com [root@if-admin-uboone ~]# rm -rf /uboone/app/users/$USER_TO_ARCHIVE