This tutorial covers the deployment of a CernVM-FS publication system based on the repository gateway and the Conveyor job system.
A set of VMs has been provisioned for use during this tutorial:
cvm19-front-$ID.cern.ch- the frontend machine where the test CernVM-FS repository can be mounted and inspected and jobs can submittedcvm19-gw-$ID.cern.ch- the gateway machine where the CernVM-FS repository is created (serves as Stratum-0) and thecvmfs-gateway,conveyor-serverandcvmfs-notifyservices are run.cvm19-publisher-1-$ID.cern.chandcvm19-publisher-2-$ID.cern.chare publisher machines, where the CernVM-FS publisher tools and the Converyor worker daemon are run.
To determine the exact name of the VMs you are supposed to use, replace the
$ID part of the hostnames with the actual value given to you at the start of
the tutorial.
The VMs have already have some initial configuration applied: installing some
CVMFS and some prerequisites, opening some firewall ports, etc. The Ansible
playbook setup.yml can be consulted to review this configuration.
To connect to the VMs, use the SSH key distributed at the start of the tutorial
In this part of the tutorial, a new CVMFS repository will be created and configured for use with the repository gateway. Two distinct machines will also be configured to publish content to the new repository.
First, connect to the gateway machine:
$ ssh -i ~/.ssh/id_rsa_cvm19 root@cvm19-gw-$ID.cern.chEnable Apache:
$ systemctl enable httpd && systemctl start httpdCreate the new CernVM-FS repository:
$ cvmfs_server mkfs -o root cvm19.cern.chCreate the gateway key, for example:
$ cat <<EOF > /etc/cvmfs/keys/cvm19.cern.ch.gw
plain_text key1 big_secret
EOFSave the public and repository keys for transfer to other VMs:
$ mkdir ~/keys && cp -v /etc/cvmfs/keys/cvm19.cern.ch.{crt,pub,gw} ~/keys/Add the repository to the gateway configuration file (/etc/cvmfs/gateway/repo.json), as follows:
{
"version": 2,
"repos" : [
"cvm19.cern.ch"
]
}Enable and start the gateway service:
$ systemctl enable cvmfs-gateway && systemctl start cvmfs-gatewayConnect to the frontend machine to mount the repository for reading:
$ ssh -i ~/.ssh/id_rsa_cvm19 root@cvm19-front-$ID.cern.chCopy the public repository keys from the gateway machine to the default location on the frontend machine (/etc/cvmfs/keys).
Initialize the CVMFS configuration:
$ cvmfs_config setupCreate a configuration file (/etc/cvmfs/config.d/cvm19.cern.ch.conf) for the repository, with the following contents:
CVMFS_HTTP_PROXY=DIRECT
CVMFS_SERVER_URL=http://cvm19-gw-$ID.cern.ch/cvmfs/cvm19.cern.ch
CVMFS_KEYS_DIR=/etc/cvmfs/keysStart AutoFS:
$ systemctl enable autofs && systemctl start autofsThe repository can now be accessed:
$ ls /cvmfs/cvm19.cern.ch/Connect to the first publisher machine:
$ ssh -i ~/.ssh/id_rsa_cvm19 root@cvm19-publisher-1-$ID.cern.chThe public and gateway keys can be retrieved from the gateway machine and stored in ($HOME/keys). The repository can be initialized for publishing:
$ cvmfs_server mkfs -o root -k ~/keys -u gw,/var/spool/cvmfs/cvm19.cern.ch/tmp/,http://cvm19-gw-$ID.cern.ch:4929/api/v1 -w http://cvm19-gw-$ID.cern.ch/cvmfs/cvm19.cern.ch cvm19.cern.chThe same steps can be repeated on the second publisher machine (cvm19-publisher-2-$ID.cern.ch). Concurrent transactions can now be started from the two publisher machines, as long as the paths do not conflict. Feel free to experiment before moving on to the next step of the tutorial.
With the repository gateway and the two publishers up and running, this part of the tutorial covers the Conveyor job system. The Conveyor server is started on the gateway machine and the Conveyor worker daemon is started on the two publisher machines. At that point, it will be possible to submit publication jobs to the Conveyor system.
The Conveyor system depends on RabbitMQ and a SQL database as backing services. For convenience, a Docker Compose file is provided on the gateway machine which starts the RabbitMQ and PostgreSQL services in containers. Connect to the gateway machine and run:
$ cd ~/conveyor-services && docker-compose up -dFor convenience, the PostgreSQL credentials are (user: "postgres", pass: "password"), while the RabbitMQ credentialas are (user: "guest", pass: "guest").
After the backing services are up, the database schema used by the Conveyor server should be created
$ psql -h localhost -p 5432 -U postgres -W -d cvmfs -f initdb/create_conveyor_schema.sqlExample Conveyor configuration files are provided in this repo inside conveyor-config, for the frontend machine (config_front.toml), publisher (config_publisher.toml), and gateway (config_gw.toml). The host names should be adjusted in each configuration file using your actual $ID value. Afterward, place the configuration files on the corresponding machine at /etc/cvmfs/conveyor/config.toml).
The Conveyor system can now be started. On the gateway machine, start the Conveyor server:
$ systemctl start conveyor-server@rootOn the publishers, start the Conveyor workers:
$ systemctl start conveyor-worker@rootThe logs of these services can be inspected as follows:
$ journalctl -u conveyor-server@rootFrom the frontend, jobs can be submitted with the conveyor submit command. Please see the scripts submit_jobs.sh and test_transaction.sh for examples.
The final part of the tutorial covers the notification system. The notification service is started on the gateway machine and can be used to distributed the repository manifest to the subscribers of the notification system.
Copy the file, config_notify.json to the gateway machine, at /etc/cvmfs/notify/config.json. Start the notification service:
$ systemctl enable cvmfs-notify && systemctl start cvmfs-notifyTo test the notifications from the frontend VM, you can use the cvmfs_swissknife tool. The following sets up a subscription for messages related to the current repository:
$ cvmfs_swissknife notify -s -u http://cvm19-gw-$ID.cern.ch:4930/api/v1/subscribe -t cvm19.cern.ch -cThe following command, publishes the current manifest of the repository to all subscribers:
cvmfs_swissknife notify -p -u http://cvm19-gw-$ID.cern.ch:4930/api/v1/publish -r http://cvm19-gw-$ID.cern.ch/cvmfs/cvm19.cern.chThe CVMFS mountpoint can also subscribe to notifications by setting the following variable:
CVMFS_NOTIFICATION_SERVER=http://cvm19-gw-$ID.cern.ch:4930/api/v1/subscribeinside /etc/cvmfs/config.d/cvm19.cern.ch.conf.
- CernVM-FS ReadTheDocs.