dCache 2.1 Release Notes

Highlights:

Table of contents

Upgrade Instructions

Incompatibilities

Please consider the following changes when upgrading from a version before dCache 2.1.0:

Compatibility

It is safe to mix pools of releases 1.9.12-11, 1.9.13-4 or newer with 2.1. Head nodes and doors must be upgraded to 2.1 together and cannot be mixed with head nodes or doors of releases before 2.1. Components of different 2.1 releases can be mixed freely.

dCache 2.1.2

Service SSH2

Instead of ignoring a NullPointerException a clear error message is returned to the user.

Packaging

Enforce that packaged files are not world-writable.

Changelog 2.1.1-1 to 2.1.2-1

dCache 2.1.1

Service: admin

Color highlighting in the SSH admin shell only used if the client connected with terminal.

Service: gplazma

The kpwd file contains support for user+password; such files may contain entries that identify a user based on whether the user-supplied password hashes to the stored password hash.
The support for updating the kpwd file was broken. Now you can add a new user to the kpwd file by:
dcache kpwd dcuseradd <newuser> -u <12345> -g <1234> -h / -r / -f / -w read-write -p <password>

Service: broadcast

Messages are no longer sent to disabled SpaceManager.

Service: nfs4

Fix chimera database connection leak.

Service: webdav

There was a problem involving webdav / http and some special cases of files with a colon in their name. This is now fixed.

Service: info-provider

dCache now publishes the EMI version for the doors in addition to publishing the EMI version of the PoolManager node. If the dCache software doesn't come from EMI then no such number is published.

Changelog 2.1.0-1 to 2.1.1-1

dCache 2.1.0

Service: gplazma

NIS plugin added

A NIS identity and mapping plugin was added. The name of the plugin is nis and can be configured in glazma.conf, eg:

identity requisite nis gplazma.nis.server=NIS.EXAMPLE.ORG gplazma.nis.domain=NIS.DOMAIN

The gplazma.nis.* properties can also be placed in dcache.conf or the layout file.

Kerberos plugin supports password authentication

The krb5 plugin can now be used for password authentication by calling out to JAAS, the Java Authentication and Authorization Service. A proper JAAS setup needs to be in place, see the next section for an example.

Service: nfsv3,nfsv41

Kerberos authentication added

Add support RPCSEC_GSS security. To enable it the following configuration is required:

The dCache NFS implementation supports the following RPCSEC_GSS QOPs (quality of protection):

NONE
authentication only
INTEGRITY
RPC requests integrity validation
PRIVACY
RPC requests encryption

These correspond to krb5, krb5i and krb5p mount options, for example:

mount -o krb5i server:/export /local/path

Notice, that all data access with NFS 4.1 uses the same QOP as it was specified for mount, e.g, if privacy was requested at the mount time, then all NFS traffic including data coming from pools will be encrypted.

ACL query and update through NFS 4.1

Chimera ACLs can now be queried and updated through a mounted NFS 4.1 file system. No special configuration is required. Eg:

$ nfs4_getfacl /pnfs/desy.de/data/generated/acl-test
$ nfs4_setfacl -a A::tigran@desy.afs:arw

SRM support for file protocol

nfsv41 doors now register with LoginBroker using the file:// protocol. This allows SRM to produce TURLs for this protocol.

Service: webadmin,httpd

Background image in webpages uses SVG

All administrative webpages generated by dCache contain a background image containing the current version number. This file used to be a PNG. Starting with dCache 2.1 the file is now an SVG file. Note that Internet Explorer before version 9 does not support SVG and will thus not render the background image.

Feature parity between webadmin and httpd services

The webadmin service should now support (almost) all features of the older httpd service. We invite people to test the webadmin and report any problems. If no problems appear then we consider to remove the httpd service in a future dCache release.

Service: poolmanager

Weighted random pool selection added

dCache 2.0 introduced configurable pool selection algorithms. dCache 2.1 adds a small pool selection algorithm for weighted random selection. The partition type of the new selection algorithm is wrandom. The weight for the write pool selection is free space / total free space. Read pool selection is random with a uniform distribution.

The wrandom pool selection is functionally a subset of the wass pool selection (the behaviour corresponds to wass with breakeven=0, gap=0, performancecostfactor=0, spacecostfactor=1, p2p=0, alert=0, halt=0, fallback=0, slope=0, idle=0).

Staging from tape without tape location removed

In previous releases pool manager would initiate a stage for any file if a disk copy was not online. It did so even for files for which no tape location was known. Starting with dCache 2.1, pool manager will only generate a stage request for files with a known tape location.

Sites that rely on the previous behaviour to import data stored to tape without dCache should contact support@dcache.org.

Service: pool

Recovering cached replicas

During startup pools detect and recover lost meta data. They use various sources to reconstruct the state of the replica, such as the access latency and retention policy of the file. Until this release pools did however ignore information about whether files are already stored on tape. Thus a custodial nearline file would be marked precious even though it was flushed to tape. With this release such files will be marked as cached.

Service: admin

repinfoof command added

A summary of all disk replicas can now be generated using the new repinfoof command available at the root level of the admin system.

Color highlighting added

The SSH admin shell now uses rudimentary color highlighting. Color output is suppressed if the client does not request a PTY. In particular this is the case when using the SSH client in a pipe within a script. Color highlighting can be disabled completely by setting admin.colors.enable to false.

Tab completion added

Rudimentary tab completion was added. The output of the help command is parsed to complete dCache shell commands.

The current implementation suffers from a number of problems caused by inability to parse all help strings. This will be improved in future releases.

SSH 2 support added

Previous releases only supported the SSH 1 protocol. This protocol is known to be insecure. With this release we add support for the SSH 2 protocol.

The two implementations are unfortunately not integrated and thus version 2 of the protocol is only supported on a separate port. The default port is 22224. Which version is supported is controlled by the sshVersion property.

Support for version 1 is temporarily kept in dCache. This is because the dCache GUI only supports version 1. It should however be expected that version 1 will be removed from dCache in the near future. At this point configuration properties specific to SSH 2 will likely be renamed.

Service: pinmanager

Fixed misconfiguration of the database connection pool.

Service: billing

Configurable format for billing files added

The output format for messaging being written to the billing files is now configurable. Have a look at usr/share/dcache/defaults/billing.properties for details about available formats.

Billing database reimplemented

Modified the database schema for billing. On first start of the updated dCache this will trigger an attempt to update the existing database schema automatically. If the billing database does not yet exist, it needs to be created by

createdb -U srmdcache billing

When the domain in which the billing cell runs has been started it is recommended to stop it temporarily in order to migrate pre-existing data into the new database schema. There are two different scripts to achieve this. One is for Fermilab and the other for the rest of the world. Fermilab users who previously had been running a plotting (histogram graph) web page should run

psql -U srmdcache -d billing -f /usr/share/dcache/migration/migrate_from_preexistent.sql

All others should run

psql -U srmdcache -d billing -f /usr/share/dcache/migration/migrate_from_messageinfo.sql

Downgrade is not possible once upgraded.

Billing plots

When using the billing database, the httpd service is able to generate plots from the information in the database. Support is enabled by setting the billingToDb property to yes for the httpd service. The plots are available under http://admin.example.org:2288/billingHistory/.

Service: webdav

Encoding fixes for file names containing non-ASCII characters.

Service: xrootd

The core xrootd protocol implementation has been moved to an external project called xrootd4j. This allows the code to be reused in other projects, and it serves as a simple framework for testing plugins for xrootd4j and dCache.

The xrootd door in dCache and the xrootd support in pools have been updated to use the xrootd4j library. The notable change is that the interfaces for authorization and authentication plugins have changed. Thirdparty plugins have to be updated to support dCache 2.1.

The Alice token authorization and the GSI authentication plugins bundled with dCache have been updated to support the new interfaces.

For details on xrootd4j and xrootd4j plugins visit the xrootd4j homepage.

Configuration files

Escaping in configuration files

This release resolves two related bugs in how dCache configuration is read. Previously, a dollar symbol that isn't part of a reference would swallow the following character ("$123" would be read as "$23"). The other bug was that, if line that ends with a dollar symbol or a potential reference then everything from the dollar symbol to the end of that line is lost ("a line ending with a dollar$" would be read as "a line ending with a dollar" and the line "another${line" would be read as "another").

With this release of dCache, non-reference dollars behave like any other character. A "$123" in the configuration will be read as "$123". A double dollar symbol is now considered an escape sequence and is replaced with a single dollar sign.

Immutable properties

Several properties in dCache's configuration system are not intended for modification. Modifying such properties will have unintended side effects. With this release such properties are now flagged as immutable and trying to override the value of these properties will cause an error to be logged when dCache is started.

Parametrized expansion

The configuration system now supports expansion of parameters that themself contain parameters. Ie the expression ${foo-${bar}} now first expands ${bar} and then expands the resulting parameter.

Trailing whitespace

Trailing white space is now stripped from all properties.

Chimera

New checksum command

The command chimera-cli checksum was added to query the checksum of a file.

Change setfacl arguments

Previously the setfacl arguments contained an explicit index to order the ACEs. With this release chimera-cli setfacl uses ACE order implicit in the order of arguments, eg:

chimera-cli.sh setfacl /pnfs/desy.de/data USER:123:lfx:A GROUP:123:lfx:D

Miscellaneous

Configurable port numbers for cell communication

The listening TCP port for dCache cells communication can now be configured using the broker.messaging.port property. Previously only the UDP port for the discovery service could be configured and the actual communication port was allocated randomly.

Logging improvements

Minor logging and error reporting improvements have been made in most services.

Command line utility for listing TCP and UDP ports

The dcache ports command was added to list the configured UDP and TCP ports and port ranges used by the services configured on the given host.

GLUE info provider

Fix GLUE2 compliance. Be sure you have at least v2.0.8 of glue-schema RPM installed on the node running the info-provider.

GLUE info provider publishes EMI version

EMI requires us to publish, within the GLUE 2.0 DIT, some EMI information. This information is that the distribution is EMI and which version of EMI is installed.

The full requirement is to gather this information and publish a dCache version and EMI version for each door and a single dCache version and EMI version for the overall dCache instance. The EMI version should come from the contents of the /etc/emi-version file.

This release of dCache adds support for publishing a single EMI version based on the /etc/emi-version file on whichever machine runs the info-provider. This information is published as two additional attributes:

GLUE2EntityOtherInfo=DistributionName=EMI
GLUE2EntityOtherInfo=DistributionVersion=<contents of /etc/emi-version>

If the file /etc/emi-version is not found (or isn't readable) then these two attributes are not published.

Build system uses Maven

Although the build system has no direct influence on the use of dCache, it is worthing noting that this release is now build with Maven rather than Ant. One visible change is that dCache is split into more JAR files and that the classpath is generated differently.

Script for migrating from 1.9.5 removed

Starting with this release, the migration script is no longer included. A direct upgrade from 1.9.5 is not supported. We recommend that sites first upgrade to 1.9.12 and then to subsequent versions.

Third party libraries upgraded

Several third party libraries have been upgraded. See the following table for details about the version in dCache 2.0 vs dCache 2.1.

Library2.02.1
Grizzly 1.9.19 2.1.8
JNA 3.3.0 3.4.0
SLF4J 1.6.1 1.6.4
Milton WebDAV 1.5.10 1.6.8
Spring Core 3.0.5 3.0.6
AspectJ 1.6.10 1.6.12
Logback 0.9.30 1.0.0
Guava r09 10.0.1
PostgreSQL JDBC 9.0-8019.1-901
Netty 3.2.4 3.2.7
Berkeley DB for Java Edition4.1.10 4.1.17
Parboiled 1.0.0 1.0.2
Liquibase 2.0.1 2.0.3
ActiveMQ 5.4.2 5.4.3

Changelog 2.0.0 to 2.1.0

Greyed out entries have been merged into the 2.0 branch.