forked from holgerBerger/hpc-workspace
-
Notifications
You must be signed in to change notification settings - Fork 0
/
HOWTO
120 lines (92 loc) · 3.63 KB
/
HOWTO
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
very short introduction to workspace++
WHATS NEW
- incompatible file formats for DB and config
- unification of config, all config options moved into one config file,
user exceptions are kept in a extra file which must not be readable for user commands
- rewrite of ws_release and ws_allocate in C++, setuid optional, capability can be used if
supported by filesysten.
never was comfortable with the python in C hack, this is cleaner, less attack vectors.
- added/changed functionality
- ws_release always moves the data away when called (new semantics! users affected!)
- more admin options with ws_list, like seeing expired workspaces
- more output control in ws_list
- support for email reminders in ws_allocate/ws_cleaner
- YAML key:value configration and database, easyer to extend
- man pages
- ws_allocate has an argument -u so root can extend workspaces
using ws_allocate -u owner -x name duration
duration can be longer than allowed for the user, and it does not consume an extension,
so it works even if remaining extensions of the workspace is 0
Users can do this is as well if they can access the workspace!
- ws_allocate can prefix a workspace per user using a LUA callout.
example: spaces: /lustre/ws
with a callout could create
workspace: /lustre/ws/academic/username-workspacename
when the callout returns 'academic' for 'username'
ATTENTION: no code to modify permissions and ownerships of the subdirectory,
you better create them all as needed!
- ws_restore can restore expired workspaces, can be called by user
PLANNED
- striping support in ws_allocate (lustre parameters, probably we want to drop some
capabilities before we do that, needs study how to do that)
- quota settings
PREREQUISITS
c++ compiler (c++11 needed) (g++ and clang++ tested)
boost
boost_filesystem
boost_regex
boost_program_options
yaml-cpp
libcap2
python3.x
pyyaml
lua5.1
SUPPLIED
ws_allocate (C++)
ws_release (C++)
we_restore (C++)
ws_restore (C++)
ws_list (python)
ws_validate_config (python)
ws_register (python)
ws_find (python)
ws_expirer (python)
ws_send_ical (python)
BUGS
- when LUA callout to prefix workspaces is used, the prefix directories do
not get proper owner and permissions (what is propper anyhow???)
HOW TO INSTALL
write a config file, see ws.conf_full_sample, validate it
with ws_validate_config myconfig.conf
copy it to /etc/ws.conf
may be having /etc/ws.conf being a link is a good idea,
so different versions can be kept.
compile the tools with
./getyamlcpp.sh
cmake .
make
on filesystem with capability support:
copy ws_allocate and ws_release and ws_restore and ws_list where wanted,
( and set capabilites with
setcap "CAP_DAC_OVERRIDE=p CAP_CHOWN=p CAP_FOWNER=p" ws_allocate
setcap "CAP_DAC_OVERRIDE=p CAP_CHOWN=p CAP_FOWNER=p" ws_release
setcap "CAP_DAC_OVERRIDE=p CAP_DAC_READ_SEARCH=p" ws_restore
)
OR (on filesystems without capabilities and now default in build,
can be changed with ccmake .)
make ws_allocate ws_release ws_restore setuid root
install manpages.
try.
have fun.
complain.
REMARKS
- capabities need support from OS and filesystem
nfs and lustre are known not to work
- for SuSE users: SLES11.SP3 needs file_caps=1 on kernel command line
- for Redhat6 users: system yaml seems to be to old,
change in CMakeLists.txt
FIND_LIBRARY(YAML libyaml-cpp.so)
to
FIND_LIBRARY(YAML no-libyaml-cpp.so)
- with boost 1.70, use yaml-cpp-0.6.2 or later
- for Redhat7 uses, enable USE_BOOST_REGEXP, std::regexp seems to be broken in standard gcc