Managing a GWS

This article explains the responsibilities of the Group Workspace (GWS) manager. It covers:

  • The role of the GWS Manager
  • Managing users
  • Managing storage effectively
  • Security
  • Keeping informed

The role of the GWS Manager

When a GWS is created it is important that the designated GWS Manager understands the responsibilities associated with the role. The GWS Manager has a duty to:

  • Ensure that GWS is being used appropriately: this may include enforcement of limits on particular users.
  • Advertise the URL for requesting access to the GWS.
  • Respond to e-mail authorisation requests from CEDA.
  • Manage disk and tape effectively: specifically the use of the Elastic Tape system to back-up or migrate data.
  • Communicate GWS etiquette to the project scientists.
  • Manage additional services such as sharing of GWS data via HTTP server.
  • Manage the closing down of the GWS effectively: all GWSs have a termination date and data may be lost if not managed effectively.
  • Communicate any issues to the CEDA Helpdesk.

Managing users

Authorising access to the GWS

When your GWS has been set up, users can submit requests for access to the GWS via the JASMIN accounts portal: the new GWS will appear in the list of  JASMIN Services. An access request from a user will trigger an e-mail to you that asks you to approve (or refuse) the request. The e-mail will include details of the user and their intended use of the resource. As GWS manager, you are now responsible for approving these requests (this is a change from the previous situation where you confirmed your approval to the CEDA helpdesk who then actioned the approval). Now the approval is instant.

IMPORTANT: in order for this approval process to work, the GWS manager's own account needs to have been migrated to the JASMIN accounts portal. 

Migrate your account

File system permissions and groups

File system access to a GWS is managed using a Unix group that begins with "gws_". You should apply for access yourself and you may wish to set up a directory structure as recommended in the  GWS introductory article.

A list of the user IDs that have access to a given GWS can be found by using the "getent group" command and piping it through "grep" to select only your GWS. For example:

$ getent group | grep gws_cedaproc<br>gws_cedaproc:*:26015:fchami,kleanthis,hearnsha,vbennett,iwi,sdonegan,jrainnie,amwaterfall,lawrence,astephens,mpritcha,mjuckes,gparton,astephen,pjkersha,rpetrie,archread,alisonp,eaconway,spepler,et_jasmin,sventour,scallagh,rsmith013,coan,wgarland
	
You can lookup a specific user ID with the following:
$ getent passwd | grep astephen
astephen:*:29775:26030:Ag Stephens:/home/users/astephen:/bin/bash
	

Maintaining group permissions throughout the GWS

In order to maintain the group permissions throughout the GWS the highest level directory has the "sticky bit" set. This means that the default group for all files and directories created within the GWS will be the relevant "gws_*" access group. This is particularly useful to enable data within the GWS to be shared amongst collaborators. If users have a specific need to modify the group permissions they can do so using "chgrp" command.

Making directory contents writable by other members of the GWS

If a user wishes to make their files/directories writable by others in the GWS they can follow the procedure here using the "umask" command:

Make a directory (and set it the permission so that the group can read/write to it):
$ mkdir --mode=u+rwx,g+rws,o-rwx testdir
$ ls -l testdir
drwxrws--- 2 mpritcha gws_cedaproc 4096 Jan 26 14:36 testdir
Check the umask:
$ umask
0022
Modify the "umask" so that any new file or directory that you create will be writable anyone with the group permission:
$ umask 002
$ touch testdir/newfile
$ ls -l testdir
-rw-rw-r-- 1 mpritcha gws_cedaproc 0 Jan 26 14:39 newfile

Quota, resource allocation and GWS lifetime

The overall usage of a GWS can be determined with the  pan_df command:

$ pan_df -H /group_workspaces/jasmin2/ncas_generic/ Filesystem             <br>Size   Used  Avail   Use%          Mounted on panfs://panmanager02.jc.rl.ac.uk/group_workspaces/jasmin2   <br>       60T   465G    60T   1%      /group_workspaces/jasmin2/ncas_generic/

In this example, the raw capacity of the GWS is 60TB (measured in TB, defined using powers of 10), but to obtain space available to users this should be divided by roughly 1.2, resulting in around 50TB of free space. Of this, 465GB is currently in use. The factor of 1.2 can depend on the number of small files stored in the GWS because lots of small files take up more space than expected.

There is also a ‘live’ list of GWSs and the available space left on the  JASMIN Dashboard. The dashboard “Storage status” tab also has a live “tube diagram” of the JASMIN storage blade sets and available space.

You can use the “find” command together with “-atime” or “-mtime” to select files accessed or modified more than a certain length of time ago. For example, to find files which were accessed more than 1 year ago:

$ find /group_workspaces/jasmin/upscale/cache -type f -atime +365

CEDA runs a fortnightly check of the contents of all GWSs. As a GWS Manager you will receive e-mails summarising the usage and contents of the GWS. If you wish for additional directories to be scanned and summarised please contact the  CEDA Helpdesk with details.

The typical lifetime of a GWS is 3 years. All GWS managers are expected to actively manage the space during its lifetime and plan for the eventual reclamation of the space by deleting and migrating data to other locations. Typically data might be written to Elastic Tape (see below) and some final outputs would be curated in the CEDA Archive. In the latter case please note that you should discuss the requirements with the  CEDA Helpdesk.

Managing storage effectively

Migrating data to tape

Proactive data management is an important part of providing an effective GWS. We recommend that the GWS Manager discusses use of the space with the project team to ensure that the use of disk and tape are being optimised. This may involve use of the  Elastic Tape system for backup or data migration (from disk to tape).

Requesting a change to the GWS size

Although it is helpful to provide the best estimate of required allocation at the time of initially requesting the GWS, a GWS Manager may request a change in size (increase or decrease) of the GWS during its lifetime. We would positively encourage you to be honest about your requirements so that others can make use of this expensive resource if you are not using it until later in your project, or if you no longer require all the space you originally requested.

Requests for an increase in GWS size will be considered by the Consortium Manager with responsibility for managing an overall allocation to that particular scientific community. Depending on available resources and competing demand, it may not always be possible to increase the allocation, and you may be asked to move data to Elastic Tape to free up disk space.

Security

User account security is very important in a multi-user environment such as JASMIN. As a GWS Manager you have a responsibility to users of your GWS but also to all other GWS users in helping to maintain a safe and secure system in which productive scientific work can be done. There is a strict policy of one-user-one-key, and on no account must any user make use of the SSH key of another user to gain access to any part of the JASMIN infrastructure. Private keys MUST be protected by a strong passphrase. Please encourage adherence to these rules by users of your GWS. Any infringements may be dealt with swiftly by removal of user access. No offensive, obscene or otherwise unauthorised data may be stored in the GWS or anywhere else within JASMIN. Users should not store any data of a personal or sensitive nature in the GWS.

Keeping informed

Please maintain contact throughout the life of the GWS via the following channels:

If you are aware that a user who has access to your GWS leaves your project or, for whatever reason, no longer needs to be a member of the GWS, please let the  CEDA Helpdesk know. Arrangements may need to be made to transfer the ownership of files and/or directories to another member of the GWS to ensure continued access to the data.

Still need help? Contact Us Contact Us