OSiRIS can provide access to your CephFS space via our NFS servers if you are on the MSU or UM campus. Please email firstname.lastname@example.org if interested in using OSiRIS via NFS so we can setup the necessary ‘user mapping’ from your UMICH or other local user to your OSiRIS identity. Once configured, files owned by your OSiRIS identity will show as owned by your local (non-osiris) identity when listed in the NFS mount. Groups will still show as ‘nobody’ but actual group permissions will be respected as determined by your OSiRIS group memberships. We can also map selected OSiRIS groups to local groups if there is an appropriate correlation.
OSiRIS storage is mounted on flux-login nodes at /nfs/osiris (flux-login.arc-ts.umich.edu). You will automatically have the requisite Kerberos credentials when you login. Your virtual organization space will be directly under this path. For example: /nfs/osiris/mycouname
You can copy from here to other paths mounted on flux-login, or work with the data directly for testing or proof of concept (please do not run compute intensive jobs on the login nodes).
HPCC users at MSU can access OSiRIS storage on globus-01.hpcc.msu.edu at /mnt/cephfs. After login you will need to run ‘kinit’ and enter your password to manually obtain Kerberos credentials.
Mounting NFS requires Kerberos credentials. Your client will require a keytab and users of the space require credentials to verify their identity.
If interested in mounting NFS on your client please send an email to email@example.com and OSiRIS admins can obtain a keytab for your client as well as assist with configuration. We also have to configure a ‘user mapping’ to map your local system user to your OSiRIS identity. It is not strictly required but if not setup then your files will all show as owned by the NFS ‘nobody’ user.
For reference, the NFS servers are:
Your client must have rpc.gssd and gssproxyd running. These should startup automatically if /etc/krb5.keytab exists. If you have just installed a keytab and need to start them on RHEL7 (or CentOS 7):
systemctl start rpc-gssd.service systemctl start gssproxy.service
You should also set a default_realm in /etc/krb5.conf under libdefaults. For example:
/etc/krb5.conf: [libdefaults] default_realm = UMICH.EDU
On your client system the /etc/idmapd.conf file should have a domain that matches your institution. At UM that domain is ‘umich.edu’. At MSU that domain is ‘hpcc.msu.edu’. For example:
/etc/idmapd.conf: [General] # The default is the host's DNS domain name. Domain = umich.edu
A typical mount command might look like this:
mount -t nfs4 -o sec=krb5,nfsvers=4.1,noacl um-nfs01.osris.org:/cephfs /mnt/cephfs/
Or in fstab:
um-nfs01.osris.org:/cephfs /mnt/cephfs nfs sec=krb5,nfsvers=4.1,noacl,_netdev,rw 0 0