40m QIL Cryo_Lab CTN SUS_Lab TCS_Lab OMC_Lab CRIME_Lab FEA ENG_Labs OptContFac Mariner WBEEShop
  TCS elog  Not logged in ELOG logo
Message ID: 203     Entry time: Tue Nov 14 19:08:00 2017
Author: Jon Richardson 
Type: Computing 
Category: Network architecture 
Subject: Rsync Server for Automatic LDAS Backups 

I implemented an access point for LDAS to pull data from the TCS lab EPICS frame archive (fb4:/frames) via rsync. The setup is analogous to what is already running at the 40m for automated backups. Here are the implementation details in case we want to replicate this in other W. Bridge labs.

Two lab machines are needed, the frame builder machine (fb4; 10.0.1.156) and a second machine to handle the network interfacing with the outside world (tcs-ws; 10.0.1.168).

1. Set up an NFS mount on tcs-ws to remotely access the frame archive on fb4.

i. NFS server-side setup:

a. Install the required packages

controls@fb4:~$ sudo apt-get install rpcbind nfs-common nfs-kernel-server

b. Add the following line to the file /etc/exports

/frames 10.0.1.168(rw,sync,no_root_squash)

c. Restart the NFS-related services

controls@fb4:~$ sudo /etc/init.d/rpcbind restart

controls@fb4:~$ sudo /etc/init.d/nfs-common restart

controls@fb4:~$ sudo /etc/init.d/nfs-kernel-server restart

ii. NFS client-side setup:

a. Install the required packages

controls@tcs-ws:~$ sudo apt-get install rpcbind nfs-common

b. Add the following line to the file /etc/fstab

10.0.1.156:/frames /fb4/frames nfs rw,nofail,sync,hard,intr 0 0

c. Create the directory for the mount point, then set ownership and permissions

controls@tcs-ws:~$ sudo mkdir /fb4/frames

controls@tcs-ws:~$ sudo chmod -R 775 /fb4

controls@tcs-ws:~$ sudo chown -R controls.root /fb4

c. Mount the new network drive

controls@tcs-ws:~$ sudo mount -a

2. Configure the rsync daemon on tcs-ws.

i. Create a new file named /etc/rsyncd.conf with the following content. These settings match those of the 40m setup.

max connections = 10

read only = yes

log file = /var/tmp/rsyncd.log

list = yes

uid = controls

gid = controls

use chroot = yes

strict modes = yes

pid file = /var/run/rsyncd.pid

 

[ldasaccess]

        comment = For LDAS access to TCS lab frame files

        read only = yes

        path = /fb4/frames

        hosts allow = ldas-grid.ligo.caltech.edu,localhost

ii. Kill, then restart the rsync daemon. The daemon may not be already running.

controls@tcs-ws:~$ sudo kill `cat /var/run/rsyncd.pid`

controls@tcs-ws:~$ sudo rsync --daemon

3. Open a port through the gateway firewall for LDAS to access.

To do this, configure a new port forwarding on the linksys gateway router in the usual way (access the router settings via http://10.0.1.1 from the web browser of any subnet machine). For the TCS lab, the external-facing gateway port 2046 is forwarded to port 873 of tcs-ws (the standard rsync port).

Security is handled by the tcs-ws rsync daemon. Its config file allows outside access to only the hostname ldas-grid.ligo.caltech.edu, and that access is read-only and restricted to the /fb4/frames directory.

4. Testing.

For testing purposes, another outside machine name can be temporarily appended to the "hosts allow" parameter of /etc/rsyncd.conf. For example, I appended my office desktop machine. From the outside machine, the connectability of the rsync server can be tested with:

user@outside-hostname:~$rsync -dt rsync://131.215.115.216:2046/ldasaccess

If successful, the command will return an output similar to

drwxr-xr-x        4096 2017/08/28 16:13:31 .
drwxr-xr-x        4096 2017/11/14 02:30:38 full
drwxr-xr-x        4096 2017/08/28 16:13:38 trend

showing the contents of the frame archive.

ELOG V3.1.3-