Storage Descriptor / SRR
The Storage Descriptor format, also known as a Storage Resource Reporting (SRR) record, is a JSON object that describes a storage system. This includes information about which protocol endpoints are available and about storage accounting information.
The WLCG Storage Space accounting project has a goal of enabling the high level overview of the total and available space provided by the WLCG infrastructure. dCache support WLCG Storage Resource Reporting, which is for service discovery and reporting capacity usage.
The storage-descriptor/SRR JSON object is stored as a regular file within dCache. This allows clients to download the information using any of the supported transfer protocols. Through the file’s permissions, it is also possible to control who is able to obtain this information.
How the file is generated
dCache is supplied with a script called dcache-storage-descriptor
. Running this script will combine static information (from dCache configuration) and dynamic information (from the info service) to generate a file containing the Storage Descriptor JSON Object. This file is stored on the local filesystem, as /var/spool/dcache/storage-descriptor.json
by default.
Once the file is written, it must be imported into dCache. This could be achieved by NFS-mounting dCache and configuring the script to write into dCache directly. Alternatively, it may be uploaded using any of the supported protocols (HTTP, FTP, dcap, xrootd) with any of the supported authentication schemes (username+password, X.509, Kerberos, OIDC, macaroons). Note that the dcache-storage-descriptor
script does not upload the file itself (unless it writes into a mounted dCache).
To maintain the liveliness of the information, it is recommended to run the dcache-storage-descriptor
script periodically using a cron job. This cron job could also upload the file into dCache.
Setting up dCache for Storage Descriptor
The following steps are needed to enable Storage Descriptor.
1. Ensure services are running
There are two dCache services on which the dcache-storage-descriptor
script relies: info
and httpd
.
The info
service collects information from other parts of dCache and caches the results.
The httpd
service provides an HTTP endpoint for admin and script access. The dcache-storage-descriptor
script uses the httpd
service to obtain the dynamic information it needs from the info
service.
These services may already be running; however, if not, dCache layout files need to be updated so they are running. There are no requirements on the domains within which these services run, nor on the hosts on which these domains run.
2. Review the storage-descriptor properties.
The dcache-storage-descriptor
script uses dCache’s standard configuration system to adjust how it collects information and to provide some static details.
The script is run independently from dCache: it is not a service and is not run within a domain. Therefore, configuration for the script must not appear in any of the domain- or service-specific sections of the layout file. Instead, the script’s behaviour may be adjusted by adding configuration to the top of the layout file, or in the /etc/dcache/dcache.conf
file.
Some of the properties default values are placeholders and must be modified. In particular, the storage-descriptor.unique-id
must be configured with the unique identifier for this dCache instance. The default value (dcache.example.org
) is not appropriate.
Some properties have default values that may be correct, but should be reviewed. The storage-descriptor.http.host
property is an example. This describes the host name of the machine running the httpd
service. The default (localhost
) is good if the httpd
service is running on the same machine as the script.
In general, you should look at all the configuration options, as listed in the defaults file /usr/share/dcache/defaults/storage-descriptor.properties
, and consider which values should be adjusted.
3. Configure doors
The Storage Descriptor format includes information about which endpoints are available in your dCache instance. The loginbroker tags, published by doors, controls whether or not a door is include in the output.
The storage-descriptor.door.tag
property controls the tag name used by the script to select doors for publishing. The default value is storage-descriptor
, so (by default) any door publishing this tag is described by Storage Descriptor output.
By default, all doors include the storage-descriptor
tag, and consequently are published in the Storage Descriptor output. To suppress publishing a door, configure the door’s loginbroker tags so they exclude this storage-descriptor
tag. This may be done within the dCache configuration or dynamically through the admin interface. The former is persistent when restarting dCache while the latter does not require restarting the door’s domain.
Using dCache configuration
Each door has its own property for controlling which tags are published; for example, WebDAV doors use the webdav.loginbroker.tags
configuration property and FTP doors use the ftp.loginbroker.tags
configuration property. By default, all doors inherit tags from a common default set of tags: dcache.loginbroker.tags
, which (by default) contains the storage-descriptor
tag.
To prevent all doors from being published, update the dcache.loginbroker.tags
configuration property, removing the storage-descriptor
tag.
To prevent publishing doors of a particular type, remove the storage-descriptor
from dcache.loginbroker.tags
and add it to the door-specific configuration (e.g., webdav.loginbroker.tags
for WebDAV doors) for all protocols that should be published. Alternatively, you can update the door-specific configuration for all protocols that should not be published, copying the desired tags from dcache.loginbroker.tags
.
To prevent a specific door from being published, update that door’s definition (in the layout file) to configure the door-specific property; e.g.,
[dCacheDomain/webdav]
webdav.cell.name=WebDAV-S-${host.name}
webdav.net.port=2881
webdav.authz.anonymous-operations=READONLY
webdav.authn.protocol=https
webdav.redirect.on-read=false
webdav.redirect.on-write=false
webdav.loginbroker.tags = dcache-view
Note that any changes to configuration properties requires the corresponding domains to be restarted before they have an effect.
Using the admin interface.
Connect to the door using the \c
command:
[celebrimbor] (local) admin > \c WebDAV-celebrimbor
The prompt will change to indicate that you are now connected to that specific door.
The info
command will show the current loginbroker tags:
[celebrimbor] (WebDAV-celebrimbor@dCacheDomain) admin > info
--- cache-login-strategy (Processes mapping requests) ---
gPlazma login cache: CacheStats{hitCount=0, missCount=0, loadSuccessCount=0, loadExceptionCount=0, totalLoadTime=0, evictionCount=0}
gPlazma map cache: CacheStats{hitCount=0, missCount=0, loadSuccessCount=0, loadExceptionCount=0, totalLoadTime=0, evictionCount=0}
gPlazma reverse map cache: CacheStats{hitCount=0, missCount=0, loadSuccessCount=0, loadExceptionCount=0, totalLoadTime=0, evictionCount=0}
--- lb (Registers the door with a LoginBroker) ---
LoginBroker : LoginBrokerTopic@local
Protocol Family : http
Protocol Version : 1.1
Port : 2880
Addresses : [localhost/127.0.0.1]
Tags : [cdmi, dcache-view, glue, srm, storage-descriptor]
Root : /
Read paths : [/]
Write paths : [/]
Update Time : 5 SECONDS
Update Threshold : 10 %
Last event : UPDATE_SENT
--- path-mapper (Mapping between request paths and dCache paths with OwnCloud Sync client-specific path trimming.) ---
Root path : /
--- pool-monitor (Maintains runtime information about all pools) ---
last refreshed = 2019-11-22 10:38:34.824 (20 seconds ago)
refresh count = 6
active refresh target = [>SpaceManager@local]
--- resource-factory (Exposes dCache resources to Milton WebDAV library) ---
Allowed paths: /
IO queue :
In the above example, the door is publishing five tags: cdmi
, dcache-view
, glue
, srm
and storage-descriptor
. To remove this door from storage-descriptor output, use the lb set tags
command:
[celebrimbor] (WebDAV-celebrimbor@dCacheDomain) admin > lb set tags cdmi dcache-view glue srm
The info command will now show the storage-descriptor
tag is no longer listed:
[celebrimbor] (WebDAV-celebrimbor@dCacheDomain) admin > info
--- cache-login-strategy (Processes mapping requests) ---
gPlazma login cache: CacheStats{hitCount=0, missCount=0, loadSuccessCount=0, loadExceptionCount=0, totalLoadTime=0, evictionCount=0}
gPlazma map cache: CacheStats{hitCount=0, missCount=0, loadSuccessCount=0, loadExceptionCount=0, totalLoadTime=0, evictionCount=0}
gPlazma reverse map cache: CacheStats{hitCount=0, missCount=0, loadSuccessCount=0, loadExceptionCount=0, totalLoadTime=0, evictionCount=0}
--- lb (Registers the door with a LoginBroker) ---
LoginBroker : LoginBrokerTopic@local
Protocol Family : http
Protocol Version : 1.1
Port : 2880
Addresses : [localhost/127.0.0.1]
Tags : [cdmi, dcache-view, glue, srm]
Root : /
Read paths : [/]
Write paths : [/]
Update Time : 5 SECONDS
Update Threshold : 10 %
Last event : UPDATE_SENT
--- path-mapper (Mapping between request paths and dCache paths with OwnCloud Sync client-specific path trimming.) ---
Root path : /
--- pool-monitor (Maintains runtime information about all pools) ---
last refreshed = 2019-11-22 10:41:35.064 (7 seconds ago)
refresh count = 12
active refresh target = [>SpaceManager@local]
--- resource-factory (Exposes dCache resources to Milton WebDAV library) ---
Allowed paths: /
IO queue :
Note that this change is not permanent: restarting the domain will return the tags to their configured values.
4. Configure tape information
If a site has no tape storage to report, this step may be skipped.
To configure tape usage reporting, the configuration property storage-descriptor.paths.tape-info
must be modified to point to an XML file maintained by the site.
The default value for this property is /usr/share/dcache/xml/tape-info-empty.xml
, which is a file delivered with dCache. This tape-info-empty.xml
file serves two purposes: first, it serves as a realistic file for sites without any tape storage; second, it provides detailed information on how data should be structured within a “live” document for sites with tape storage.
Sites that should report tape usage information must provide a “live” document that adheres to this XML file format. It is the site’s responsibility to acquire the required information and to ensure the liveliness of this information.
Note: this tape-info file has the same format as for GLUE-based tape storage accounting. A common file may be used to satisfy both uses.
5. Install dependencies
The dcache-storage-descriptor
script requires the xsltproc
command. As this is not included as a dependency in the dCache package, it may need to be installed manually.
In RedHat-derived distributions, this is usually located within the libxslt
package, and may be installed using yum:
yum -y -d 1 install libxslt
In Debian-derived distributions, this is usually located within the xsltproc
package, and may be installed using apt:
apt install xsltproc
6. Run the script manually
As a simple test, try running the script manually. This should be sufficient to provide a JSON file:
dcache-storage-descriptor
|JSON available at /var/spool/dcache/storage-descriptor.json
Note: the script does not need to be run as root; however, it must have sufficient permissions to write the output JSON file.
You can also supply the URL from which the script should take the XML data as a command-line option; e.g.,
dcache-storage-descriptor http://static-data.example.org:8080/info
|JSON available at /var/spool/dcache/storage-descriptor.json
The supplied URL may be anything that curl understands; for example, the XML info data may be stored in a file and the script run against that saved data.
curl -o /tmp/info.xml http://localhost:2288/info
| % Total % Received % Xferd Average Speed Time Time Time Current
| Dload Upload Total Spent Left Speed
|100 166k 100 166k 0 0 6930k 0 --:--:-- --:--:-- --:--:-- 7242k
dcache-storage-descriptor file:/tmp/info.xml
|JSON available at /var/spool/dcache/storage-descriptor.json
Once the Storage Descriptor output has been generated, it may be inspected. In particular, look for any example.org
entries, which point that further configuration is necessary.
7. Configure cron
Configure cron to run a small script that generates the Storage Descriptor output and uploads this into dCache.
To do this via NFS, mount dCache anywhere; e.g.,
mkdir /dcache
mount -o vers=4.1 localhost:/ /dcache
Update the configuration, so the script writes the output directly into dCache; e.g.,
storage-descriptor.output.path = /dcache/storage-descriptor.json.new
As a final step, the cron job would rename the file /dcache/storage-descriptor.json.new
to /dcache/storage-descriptor.json
. This is done to make the update atomic: a client reading the dCache file /storage-descriptor.json
will either get the complete old version or the complete new version, but never see partial content.
To upload the file using WebDAV, you can use any standard client. For example, the following curl command uploads the file using username + password authentication.
curl -u fakeUser:fakePassword -T /var/spool/dcache/storage-descriptor.json http://dcache-webdav-door.example.org:2880/specific-path/
Different authentication schemes (like X.509, username+password, Kerberos, Macaroon, trusted-host, OIDC, …) are supported in dCache. For details, please see the authentication section of dCache User Guide’s WebDAV chapter.
Please note that the path to the script and the output of the result depend on the package you are running and your configuration.
8. Ensure file is readable through HTTP
The Storage Descriptor file may be stored anywhere in dCache namespace; however, WLCG currently require that the file be readable via HTTP and the URL recorded within CRIC.
Currently, WLCG will read the file using an X.509 robot credential with VOMS asserting WLCG experiment VO membership. File permissions and ownership should be chosen to allow read access for such clients.
Configurable properties of dCache Storage Descriptor
Below is table that comprises list of configurable storage’s properties and their definitions. Note that any value that with ${...}
indicate that the value depends on either dcache properties or the package.
Properties | Definition | Default value | Possible values |
---|---|---|---|
storage-descriptor.name | The human-readable name that describes this dCache instance. | ||
storage-descriptor.unique-id | A unique identifier for your dCache instance. | dcache.example.org | |
storage-descriptor.quality-level | The “quality” of the dCache instance. | production | development or testing or pre-production or production |
storage-descriptor.http.host | Configuration options on where to fetch dynamic information. The name of the machine that is running the dCache web server. This is used to build the URI for fetching dCache’s current state. | localhost | |
storage-descriptor.http.port | The TCP port the dCache web server is running on. This is used to build the URI for fetching dCache’s current state. | 2288 | |
storage-descriptor.paths.tape-info | Nearline accounting. The location of the nearline storage XML file. Sites with nearline storage should modify this value to point to a file that they maintain. Sites without nearline storage should leave this value alone. | ${dcache.paths.share} /xml/tape-info-empty.xml | |
storage-descriptor.door.tag | Login-provider tag. The tag that doors identify themselves with before they are published. | storage-descriptor | |
storage-descriptor.output.path | Output path. The location where the JSON output is written. | /var/spool/dcache/storage-descriptor.json or ${dcache.home}/var/spool/dcache/storage-descriptor.json | |
storage-descriptor.xslt.path | XSLT path. The location of the XSLT stylesheet that transforms the info service’s XML into the Storage Descriptor JSON format. | ${dcache.paths.share} /xml/xslt/storage-descriptor.xsl |
WLCG Storage Resource Reporting
The WLCG Storage Resource Reporting (SRR) is JSON based file that describes storage resources according to WCLG operational team specified format.
The dCache implementation is integrated into frontend service and exposed as REST-API. To access SRR reporting a frontend service must be defined, if not exist:
[srrDomain]
[srrdDomain/frontend]
frontend.authn.basic=true
frontend.authn.protocol=http
frontend.authz.anonymous-operations=READONLY
frontend.srr.shares=user:/cms,store:/cms
NOTE: By default, the access to SRR information is restricted to localhost only.
If desired, the access to the srr information can be made public as with corresponding configuration:
frontend.srr.public=true
The service produces desired json output which contains storageshares
that represented by space reservations and pool groups, if configured. The frontend.srr.shares
controls which pools groups should be published, for example:
frontend.srr.shares=user:/cms,store:/cms
publishes pool groups user and store for VO cms and will produce output like:
"storageshares" : [ {
"name" : "store",
"timestamp" : 1601977212,
"totalsize" : 5973622320626816,
"usedsize" : 4904609242438918,
"assignedendpoints" : [ "all" ],
"vos" : [ "/cms" ]
}, {
"name" : "user",
"timestamp" : 1601977212,
"totalsize" : 4078599175816242,
"usedsize" : 4025729976567280,
"assignedendpoints" : [ "all" ],
"vos" : [ "/cms" ]
} ]
The WLCG SRR uses the following info-provider properties to control the generated json output:
info-provider.se-unique-id=
info-provider.se-name=
info-provider.dcache-architecture=
nfo-provider.dcache-quality-level=
storage-descriptor.door.tag=