NetDRMS - a shared data management system

Introduction

In order to process, archive, and distribute the substantial quantity of solar data captured by the Atmospheric Imaging Assembly (AIA) and Helioseismic and Magnetic Imager (HMI) instruments on the Solar Dynamics Observatory (SDO), the Joint Science Operations Center (JSOC) has developed its own data-management system, NetDRMS. This system comprises two PostgreSQL databases, multiple file systems, a tape back-up system, and software to manage these components. Related sets of data are grouped into data series, each, conceptually, a table of data where each row of data typically associated with an observation time, or a Carrington rotation. As an example, the data series hmi.M_45s contains the HMI 45-second cadence magnetograms, both observation metadata and image FITS files. The columns contain metadata, such as the observation time, the ID of the camera used to acquire the data, the image rotation, etc. One column in this table contains an ID that refers to a set of data files, typically a set of FITS files that contain images.

The Data Record Management System (DRMS) is the subsystem that contains and manages the "DRMS" database of metadata and data-file-locator information. One component is a software library, written in C, that provides client programs, also known as "DRMS modules", with an Application Programming Interface (API) that allows the users to access these data. The Storage Unit Management System (SUMS) is the subsystem that contains and manages the "SUMS" database and associated storage hardware. The database contains information needed to locate data files that reside on hardware. The entire system as a whole is typically referred to as DRMS. The user interfaces with the DRMS subsystem only, and the DRMS subsystem interfaces with SUMS - the user does not interact with SUMS directly. The JSOC provides NetDRMS to non-JSOC institutions so that those sites can take advantage of the JSOC-developed software to manage large amounts of solar data.

A NetDRMS site is an institution with a local NetDRMS installation. It does not generate the JSOC-owned production data series (e.g., hmi.M_720s, aia.lev1) that Stanford generates for scientific use. A NetDRMS site can generate its own data, production or otherwise. That site can create software that uses NetDRMS to generate its own data series. But it can also act as a "mirror" for individual data series. When acting as a mirror for a Stanford data series, the site downloads from Stanford DRMS database information and stores it in its own NetDRMS database, and it downloads SUMS files, and stores them in its own SUMS subsystem. As the data files are downloaded to the local SUMS, the SUMS database is updated with the information needed to manage the data files. It is possible for a NetDRMS site to mirror the DRMS data of any other NetDRMS site, but at this point, the only site whose data are currently mirrored is the Stanford JSOC.

Installing NetDRMS

Installing the NetDRMS system requires:

• selecting appropriate machines to host DRMS, SUMS, the PostgreSQL relational database management system software, and database clusters [ Selecting Hosts ]

• installing PostgreSQL [ Installing PosgreSQL ]

• instantiating two PostgreSQL clusters, one for DRMS and one for SUMS [ [[#initialize-pg]|Initializing PostgreSQL] ]
• creating PostgreSQL users, databases, relations, procedures, and other objects
• installing CFITSIO
• installing packages to the system Python 3, or installing a new distribution, like Anaconda

• installing the NetDRMS software code tree, which includes code to create DRMS libraries and modules and SUMS libraries [ Installing NetDRMS ]

• initializing storage hardware such as hard drives or SSD drives

• running the SUMS daemon (which accepts and processes SUMS requests from DRMS clients) [ Running SUMS]

• creating NetDRMS user accounts

Optional steps include:

• registering for JSOC-data-series subscriptions and running NetDRMS software to receive, in real time, data updates [ Registering for Subscriptions ]

• installing JSOC-specific project code that is not part of the base NetDRMS installation; the JSOC maintains code to generate JSOC-owned data that is not generally of interest to NetDRMS sites, but sites are welcome to obtain downloads of that code. Doing so involves additional configuration to the base NetDRMS system.
• installing Slony PostgreSQL data-replication software to become a provider of your site's data
• installing a webserver that hosts several NetDRMS CGIs to allow web access to your data
• installing the Virtual Solar Observatory (VSO) software to become a VSO provider of data

For best results, and to facilitate debugging issues, please follow these steps in order.

Selecting Host Machines

The optimal hardware configuration will likely depend on your needs, but the following recommendations should suffice for most sites. DRMS and SUMS can share a single host machine. The most widely used and tested Linux distributions are Fedora-based, and at the time of this writing, CentOS is the most popular. Sites have successfully used openSUSE too, but if possible, we would recommend using CentOS.

Installing PostgreSQL

1. Select a host machine, <PostgreSQL host>, to act as the PostgreSQL database server. Please visit https://www.postgresql.org/docs for system requirements and other information germane to installation.

2. Install the needed PostreSQL server packages on <PostgreSQL host>; the following assumes a Fedora-based Linux system such as CentOS (documentation for other distributions, such as Debian and openSUSE can be found online).

   1. Visit https://yum.postgresql.org/repopackages.php to locate and download the PostgreSQL "repo" rpm file appropriate for your OS and architecture. Each repo rpm contains a yum configuration file that can be used to install all supported PostgreSQL releases. You should install the latest version if possible (version 12, as of the time of this writing). Although you can use your browser to download the file, it might be easier to use Linux command-line tools:

      $ curl -O https://download.postgresql.org/pub/repos/yum/reporpms/EL-7-x86_64/pgdg-redhat-repo-latest.noarch.rpm

   2. Install the yum repo configuration file (pgdg-redhat-all.repo) from the downloaded repo rpm file:

      $ sudo rpm -i pgdg-redhat-repo-latest.noarch.rpm

      This installs the repo configuration file to /etc/yum.repos.d/.

   3. Find the names of the PostgreSQL packages needed from the repository; the following assumes PostgreSQL 12, but should you want to install an older version, replace "12" with one of 94, 95, 96, 10, or 11:

      $ yum list --disablerepo='*' --enablerepo=pgdg12 2>/dev/null | grep -Eo '^.*postgresql[0-9]*\.' | cut -d '.' -f 1
      postgresql12
      $ yum list --disablerepo='*' --enablerepo=pgdg12 2>/dev/null | grep -Eo '^.*postgresql.*devel\.' | cut -d '.' -f 1 
      postgresql12-devel
      $ yum list --disablerepo='*' --enablerepo=pgdg12 2>/dev/null | grep -Eo '^.*postgresql.*libs\.' | cut -d '.' -f 1 
      postgresql12-libs
      $ yum list --disablerepo='*' --enablerepo=pgdg12 2>/dev/null | grep -Eo '^.*postgresql.*server\.' | cut -d '.' -f 1 
      postgresql12-server

   4. Use yum to install all four packages:

      $ sudo yum install <packages>

      where <packages> are the package names determined in the previous step (postgresql12 postgresql12-devel postgresql12-libs postgresql12-server).

3. Depending on where the package files are installed, you might need to add the PostgreSQL command to your PATH environment variable. To test this, run:

   $ psql -V
   psql (PostgreSQL) 12.1

   If the psql command cannot be found, then add the PostgreSQL binaries path to PATH:

   $ rpm -ql postgresql12
   /usr/pgsql-12/bin/clusterdb
   ...

   $ export PATH=/usr/pgsql-12/bin/clusterdb:$PATH

4. The rpm package installation will have created the PostgreSQL superuser Linux account <PostgreSQL superuser> (i.e., postgres); <PostgreSQL superuser> will own the PostgreSQL database clusters and server processes that will be created in the following steps. To perform the next steps, you will need to become user postgres:

   $ sudo su postgres -

5. Create the database cluster for the two database instances (one instance for DRMS data, and one for SUMS data). PostgreSQL is a database management system that supports multiple independent database instances. The disk files needed for data storage for each database instance reside on a disk storage location known as a database cluster. Each cluster contains storage for one or more database instances - in the case of NetDRMS, the DRMS database and the SUMS database should share a single cluster. Create the database clusters:

   $ initdb --locale=C -D <PostgreSQL cluster>

   where <PostgreSQL cluster> should be /var/lib/pgsql/netdrms. Use this path, unless there is some good reason you cannot. initdb will initialize the cluster data directory (identified by the -D argument). This will result in the creation of template databases, configuration files, and other items.

6. Each cluster will contain two configuration files you need to edit: postgresql.conf and pghba.conf. Please refer to the PostgreSQL documentation to properly edit these files. Here are some brief suggestions:

   1. postgresql.conf

      1. listen_addresses specifies the interface on which the postgres server processes will listen for incoming connections. You will need to ensure that connections can be made from all machines that will run DRMS modules (the modules connect to both the DRMS and SUMS databases), so change the default 'localhost' to '*', which causes the servers to listen on all interfaces:

         listen_addresses = '*'

      2. port is the server port on which the server listens for connections. The default is port = 5432, and most likely this is a good port number to use.

      3. logging_collector controls whether on not stdout and stderr are logged to a file in the database cluster (in the log or pg_log directory, depending on release). By default it is off - set it so on in each cluster.

         logging_collector = on

      4. log_rotation_size sets the maximum size, in kilobytes, of a log file. Set this to 0 to disable rotation, otherwise a new log will be created after the current one grows to some size.

      5. log_rotation_age set the maximum age, in minutes, of a log file. Set this to 1d (1 day) so that each day a new log file is created.

         log_rotation_age = 1d

      6. log_min_duration_statement is the amount of time, in milliseconds, a query must run before triggering a log entry. Set to this 1000 so that only long-running queries, over a second, will be logged.

      7. shared_buffers is the size of shared-memory buffers. For a server dedicated to a single database cluster, this should be about 25% of the total memory.

         shared_buffers = 32GB

   2. pg_hba.conf controls the methods by which client authentication is achived (HBA stands for host-based authentication). It will likely take a little time to understand and properly edit this configuration file. If you are not familiar with networking concepts (such as subnets, name resolution, reverse name resolution, CIDR notation, IPv4 versus IPv6, network interfaces, etc.) then now is the time to become familiar.
      
      This configuration file contains a set of columns that identify which user can access which database from which machines. It also defines the method by which authenticaton occurs. When a user attempts to connect to a database, the server transverses this list looking for the first row that matches. Once this row is identified, the user must authenticate - if authentication fails, the connection is rejected. The server does not attempt additional rows. Here are the recommended entries:

      # local superuser connections
      local   all       all                           trust
      
      # non-local superuser connections
      host    all       postgres XXX.XXX.XXX.XXX/YY   trust
      
      # non-superuser connections (which can be made from any non-server machines only)
      host    netdrms   all      XXX.XXX.XXX.XXX/YY   md5

      The columns specify:

      1. TYPE - this column defines the type of socket connection made (Unix-domain, TCP/IP, the encryption used, etc.). local is only relevant to Unix-domain local connections from the database server host <PostgreSQL host> itself. Since only postgres will log into the database server, the first row above applies to the administrator only. host is only relevant to TCP/IP connections, regardless of the encryption status of the connection.

      2. DATABASE - this column identifies the database to which the user has access. Whenever a user attempt to connect to the database server, they specify a database to access. That database must be in the DATABASE column. We recommend using netdrms for non-superusers, blocking such users from accessing all databases except the DRMS one. Conversely, we recommend using all for the superuser so they can access both the DRMS and SUMS databases (and any other that might exist).
         
         NOTE: You are using the database name netdrms}} in {{{pg_hba.conf, even though you have not actually created that database yet. This is OK; you will do so once you start the PostgreSQL cluster instance.

      3. USER - this column identifies which users can access the specified databases.

      4. ADDRESS - this column identifies the host IP addresses (or host names, but do not use those) from which a connection is allowed. To specify a range of IP addresses, such as those on a subnet, use a CIDR address. This column should be empty for local connections.

      5. AUTH-METHOD - this column identifies the type authentication to use. We recommend using either trust or md5. When trust is specified, PostreSQL will unconditionally accept the connection to the database specified in the row. If md5 is specified, then the user will be required to provide a password. If you follow the recommendations above, then for the local row, any user who can log into the database server can access any database in the cluster without any further authentication. Generally only a superuser will be able to log into the database server, so this choice makes sense. For non-local connections by postgres, the Linux PostreSQL superuser postgres can access any database on the server without further authentication. For the remaining non-local non-postgres connections, users will need to provide a password.

Initializing PostgreSQL

1. To initialize PostgreSQL, including creating databases, you must first start the cluster instance. To do so, become <PostgreSQL superuser> and run:

   $ sudo su - postgres
   $ pg_ctl start -D <PostgreSQL cluster>

   You previous created <PostgreSQL cluster>, which will most likely be /var/lib/pgsql/netdrms.

2. Ensure the configuration files you created work. This can be done by attempting to connect to the database server as <PostgreSQL superuser> with psql from <PostgreSQL host>:

   $ sudo su - <PostgreSQL superuser>
   $ ssh <PostgreSQL host>
   $ psql -h localhost
   psql (8.4.1)
   Type "help" for help.
   
   postgres=#

   You should not see any errors, and you should see the postres=# superuser psql prompt.

   1. Make .pgpass files and ensure that they work. You'll know you've done it right when the production user can connect to the database via "psql" without being prompted for a password. To do this, create a .pgpass file in the production user's home directory. Please click here for information on the .pgpass file, or read the Postgres documentation web site for more information. It is important that the permissions for the .pgpass file are set to 600, readable only to the individual user. You will need to adjust your pg_hba.conf settings in Postgres in order for the .pgpass file to correctly work, and if you need to change pg_hba.conf later, you'll need to recycle the database to get it to see the new settings. It is important that you fully test your .pgpass access with at least one user before proceeding; much depends on its working. If you cannot get it to work and need to step backward with less security, add the
      local    local     trust line back into pg_hba.conf and restart the database using % pg_ctl restart.

3. Create the DRMS database in the DRMS cluster, and create the SUMS database in the SUMS cluster:
   
   % su postgres
   % createdb --locale C -E LATIN1 -T template0 data # create the DRMS database in the DRMS-database cluster
   % createdb --locale C -E LATIN1 -T template0 -p 5434 data_sums # create the SUMS database in the SUMS-database cluster. NOTE: The -E flag sets the character encoding of the characters stored in the database. LATIN1 is not a great choice (it would have been better to have used SQL_ASCII or UTF8), but that is what was chosen at Stanford so we're stuck with it, which means remote sites that have become series subscribers are stuck with it too.

4. Install the required DB-server languages:
   
   % createlang -h <db server host> -p 5432 -U postgres plpgsql data # Add the plpgsql language to the DRMS database
   % createlang -h <db server host> -p 5432 -U postgres plperl data # Add the plperl language to the DRMS database
   % createlang -h <db server host> -p 5432 -U postgres plperlu data # Add the plperlu 'unstrusted' language to the DRMS database
   
   At this time, there are no auxiliary languages needed for the SUMS database.

5. Create various tables and DRMS database functions needed by the DRMS library. You will need the NetDRMS source code for this:
   
   # Create the 'admin' schema and tables within this schema; create the 'drms' schema.
   # Create the sumsadmin database user (which can delete rows from any DRMS data-series record DB table - used for the data-series archive == -1 feature); create the 'jsoc' database user.
   # In order to read from table _jsoc.sl_table (which may not exist), there must be a jsoc role
   # that has SELECT permissions on this table. If no _jsoc.sl_table exists, there is no need
   # for the jsoc role to exist, however its existence in the absence of a _jsoc.sl_table is
   # innocuous, so we always create role jsoc.
   # The database function drms_replicated() runs a query to read from _jsoc.sl_table.
   % psql -h <db server host> -p 5432 -U postgres data -f $JSOCROOT/base/drms/scripts/NetDRMS.sql
   
   # Create the PostgreSQL functions used by DRMS.
   % su postgres
   % cd $JSOCROOT/base/drms/scripts
   % ./createpgfuncs.pl data # Create functions in the DRMS database

6. Create database accounts for DRMS users. To use DRMS software/modules, a user of this software must have an account on the DRMS database (a DRMS series is implemented as several database objects). The software, when run, will log into a user account on the DRMS database - by default, the name of the user account is the name of the linux user account that the DRMS software runs under.

   1. Run the newdrmsuser.pl script. This script, and some other Perl scripts that follow, have a dependency on the DBD::Pg Perl package. Please ensure this package has been installed before proceeding. When you run newdrmsuser.pl, you will be prompted for the postgres dbuser password:
      
      % $JSOCROOT/base/drms/scripts/newdrmsuser.pl data <db server host> 5432 <db user> <initial password> <db user namespace> user 1
      
      where <db user> is the name of the user whose account is to be created and <db user namespace> is the namespace DRMS should use when running as the db user and reading or writing database tables. DRMS uses <db user namespace> to store user-specific database information, including DRMS data series information owned by that user. The namespace is a logical container of database objects, like database tables, sequences, functions, etc. The names of all objects are qualified by the namespace. For example, to unambiguously refer to the table "mytable", you prepend the name with the namespace. So, for example, if this table is in the su_production namespace (container), then you refer to the table as "su_production.mytable". In this way, there can be other tables with the same name, but that reside in a different namespace (e.g., su_arta.mytable is a different table that just happens to have the same name). Please see the NOTE in this page for assistance with choosing a namespace. <initial password> is the initial password for this account. This is another useful place for you to test your .pgpass files if you have access to a home account for testing purposes, such as your own user account. You may have a mis-configuration in your pg_hba.conf file that would make it appear that .pgpass was not working.

   2. Have the user that owns the account change the password:
      
      % psql -h <db server host> -p 5432 data
      data=> ALTER USER <db user> WITH PASSWORD '<new password>';
      
      where <new password> is the replacement for the original password. It must be enclosed in single quotes.

   3. Have the user put their password in their .pgpass file. Please click here for information on the .pgpass file. This file allows the user to login to their database account without having to provide a password at a prompt.

   4. Create a db account for the linux production user (the name is the value of the SUMS_MANAGER parameter in config.local). The name of the database user for this linux user is the same as the name of the linux user (typically 'production'). Follow the previous steps to use newdrmsuser.pl to create this database account. A good namespace for this account is <drms site>_production - this is what you'd use for <db user namespace>.

   5. Create a password for the sumsadmin DRMS database user, following the "ALTER USER" directions above. The user was created by the NetDRMS.sql script above.

   6. OPTIONALLY, create a table to be used for DRMS version control:
      % psql -h <db server host> -p 5432 -U <postgres administrator> data
      data=> CREATE TABLE drms.minvers(minversion text default '1.0' not null);
      data=> GRANT SELECT ON drms.minvers TO public;
      data=> INSERT INTO drms.minvers(minversion) VALUES(<version>);
      where <version> is the minimum DRMS version that a DRMS module must have before it can connect to the DRMS database.

Set Up the SUMS database

1. Although the SUMS data cluster and SUMS database have been already created, you must create certain tables and users in this newly created database.

   1. Create the production user in the SUMS database:
      
      % psql -h <db server host> -p 5434 data_sums -U postgres
      data_sums=# CREATE USER <db production user> PASSWORD '<password>';

   2. Create a read-only user in the SUMS database (so users can read the SUMS DB tables):
      
      % psql -h <db server host> -p 5434 data_sums -U postgres
      data_sums=# CREATE USER readonlyuser PASSWORD '<password>';
      data_sums=# GRANT CONNECT ON DATABASE data_sums TO readonlyuser;

   3. Put the DRMS production db user into the sumsadmin group:
      
      % psql -h <db server host> -p 5432 data -U postgres
      data=# GRANT sumsadmin TO <db production user>;
      
      sum_rm, when run properly by the linux production user, will attempt to connect to the DRMS database as <db production user>. By putting it into the sumsadmin DB user group, we are giving sum_rm the ability to delete any record in any DRMS data-series record table. This permission is required for the archive == -1 implementation; this is the feature that causes SUMS to delete DRMS records from series whose archive flag is -1 when the DRMS records' SUs are deleted.

   4. Put the production user's password into the .pgpass file. Please click here for information on the .pgpass file.

   5. Create the SUMS database tables:
      
      % psql -h <db server host> -p 5434 -U production -f base/sums/scripts/postgres/create_sums_tables.sql data_sums
      % psql -h <db server host> -p 5434 -U postgres data_sums
      data_sums=# ALTER SEQUENCE sum_ds_index_seq START <min val> RESTART <min val> MINVALUE <min val> MAXVALUE <max val>
      
      where <min val> is <drms site code> << 48, and and <max val> is <min val> + 281474976710655 (2^48 - 1), and <drms site code> is the value of the DRMS_SITE_CODE parameter in config.local.

   6. SUMS data files are organized into "partitions" which are implemented as directories. Each partition must be named /SUM[0-9]+ (e.g., /SUM0, /SUM1, ..., /SUM58, ..., /SUM99, /SUM100, /SUM101, ...). Each directory must be owned by the production linux user (e.g., "production"). The linux group to which the directories belong must be the SUMS-user group (set-up in step 1b. in the Users and Environment section, e.g. sumsuser). All SUMS users must be a member of this group. For example, if linux user art will be using DRMS and running DRMS modules that access SUMS files, then art must be a member of the SUMS user group (e.g., sumsuser). You are free to create as few or many of these partitions as you desire. Create these directories now.
      
      NOTE: Please avoid using file systems that limit the number of directories and/or files. For example, the EXT3 file system limits the number of directories to 64K. That number is far too small for SUMS usage.

   7. Initialize the sum_partn_avail table with the names of these partitions. For each SUMS partition run the following:
      
      % psql -h <db server host> -p 5434 -U postgres data_sums
      data_sums=# INSERT INTO sum_partn_avail (partn_name, total_bytes, avail_bytes, pds_set_num, pds_set_prime) VALUES ('<SUMS partition path>', <avail bytes>, <avail bytes>, 0, 0);
      
      where <SUMS partition path> is the full path of the partition (the path must be enclosed in single quotes) and <avail bytes> is some number less than the number of bytes in the directory (multiply the number of blocks in the directory by the number of bytes per block). The number does not matter, as long as it is not bigger than the total number of bytes available. SUMS will adjust this number as needed.

Test your Postgres database installations

1. Make sure you as production and at least one other user name can log in to both the sums and drms database instances without a password prompt using psql and your .pgpass file.

2. Do a \dt in both databases and check that you can see tables listed.
3. Select * from sum_partn_avail table and make sure that your sums partitions are accurately entered.

Third Party Software for NetDRMS

You will need the following third party packages and main package libraries installed before compiling or the compilation will not work. Please note that these are examples from some successful installations, but your own machine may already be configured correctly or it may need an entirely different bunch of stuff installed to get to the same place. It's possible that even with the following installed, during your make you may see that you need further packages or libraries.

-- Development and standard package for postgres. Choose your version - this example shows packages for 9.3:
postgresql93.x86_64
postgresql93-devel.x86_64
postgresql93-libs.x86_64
postgresql93-plperl.x86_64
postgresql93-plpython.x86_64
postgresql93-pltcl.x86_64
postgresql93-server.x86_64

--Perl for scripts: V. 5.10 minimum; you may want development libraries installed. (Note that your OS may be relying on an old version of Perl and installing a new one directly on top of it may cause you strange and unexpected problems; parallel installation may be necessary.)

--Python, version 2.7 or higher (Note that some CentOS versions expect a lower version of Python for their own purposes, and installing directly on top of the existing Python may cause unexpected problems):
python33-python.x86_64
python33-python-devel.x86_64
python33-python-libs.x86_64

--Cfitsio development and standard packages:
cfitsio.x86_64
cfitsio-devel.x86_64

--OpenSSL, LibSSH2

--A compiler, choose either icc or gcc - you don't have to install these specific packages, these are only guides:
gcc.x86_64
libgcc.x86_64

--Development package and headers for C (gcc examples given here):
glibc-devel.x86_64
glibc-headers.x86_64

--Some compression stuff:
zlib.x86_64
zlib-devel.x86_64

--If you're going to be communicating regularly with the JSOC for replicated data, you may also need:
openssh.x86_64
openssh-clients.x86_64
openssh-server.x86_64
openssl.x86_64
openssl-devel.x86_64

--To build hpn-ssh for regular file exchange with JSOC:
See instructions on http://www.psc.edu/index.php/hpn-ssh , which will first instruct you to get the OpenSSH source code from OpenSSH.org. You will also need to install the "patch" package if it's not on your machine already, to put your hpn-ssh code together.

--If you're installing the JMD, you'll need Java installed along with its development library and the tools in tar.x86_64

Installing NetDRMS and SUMS

• Initialize your linux environment for NetDRMS installation (to be done by a superuser or sudoer):

• Create a production linux user <production user> (named drms-production by default):

$ sudo useradd <production user>
$ sudo passwd <production user>
Changing password for user <production user>.
New password:
Retype new password:
passwd: all authentication tokens updated successfully.
$

<production user> becomes the value of the SUMS_MANAGER parameter in the config.local file.

1. Create the linux group <SUMS users>, to which all SUMS users belong, including <production user>, e.g. sums-users:

$ sudo groupadd sums-users

1. Add all SUMS users (users who will read/write SUMS data files) to <SUMS users>:

$ sudo usermod -a -G sums-users drms-production
$ id drms-production
uid=1002(drms-production) gid=1002(drms-production) groups=1002(drms-production),1003(sums-users)

1. Each user of DRMS, including the production user, must set two environment variables in their environment:

% setenv JSOCROOT <DRMS source tree root>
% setenv JSOC_MACHINE <OS and CPU>

<DRMS source tree root> is the root of the DRMS source tree installed by the production linux user, and <OS and CPU> is "linux_x86_64", if DRMS was installed on a machine with a Linux OS and a 64-bit processor, or "linux_avx", if DRMS was installed on a machine with a Linux OS and a 64-bit processor that supports Advanced Vector Extensions (which supports an extended instruction set). You may wish to have the NetDRMS software installed and compiled before you put the $JSOC_MACHINE variable into play.

1. Create the SUMS log directory on the SUMS server machine, if it does not already exist. The name/path for this directory is defined in config.local in the SUMS_LOG_BASEDIR parameter. The actual directory must match the value of this parameter, which defaults to /usr/local/logs/SUM. You are free to change this path in SUMS_LOG_BASEDIR, to, say, /var/log/sums or whatever is consistent with your system logs. This directory must be writeable by the linux production user.

2. Obtain a NetDRMS tarball from http://jsoc.stanford.edu/netdrms/dist/. Extract the tarball into <DRMS root>, a directory that serves as the root for the entire NetDRMS code tree, including binaries. A typical choice for <DRMS root> is /opt/netdrms-X.X or /usr/local/netdrms-X.X. To allow for future updates, it is best to make a link from /opt/netdrms to /opt/netdrms-X.X:

$ sudo mkdir -p /opt/netdrms-9.3
$ cd /opt/netdrms-9.3
$ sudo curl -O 'http://jsoc.stanford.edu/netdrms/dist/netdrms_9.3.tar.gz'
$ sudo tar xvzf netdrms_9.3.tar.gz
$ cd /opt
$ sudo ln -S /opt/netdrms-9.3 netdrms

2. Create the config.local file, using <DRMS root>/config.local.template as a template. This file contains a number of configuration parameters, along with detailed descriptions of what they control and suggested values for those parameters. When installing NetDRMS updates, copy the existing and latest config.local to the new <DRMS root> and edit the copy as needed, using the new config.local.template in <DRMS root> to obtain information about parameters new to the newer release. Please request from the JSOC a value for DRMS_SITE_CODE. This code uniquely identifies each NetDRMS installation. Each site has one value for each NetDRMS installation.

3. Compile NetDRMS. The DRMS part of NetDRMS must be compiled with a C compiler. NetDRMS supports both the GNU C compiler (gcc), and the Intel C++ compiler (icc). Certain JSOC-specific code requires Fortran compilation. For those projects, NetDRMS supports the GNU Fortran compiler (gfortran), and the Intel Fortran compiler (ifort). SUMS is implemented as a Python daemon, so no compilation step is needed. Both GNU and Intel are used, so feel free to use either. By default, Intel compilers are used. There are two methods for changing the compilers:
4. you can set the following environment variables:

   • COMPILER - set to icc for the Intel compiler, and to gcc for the GNU compiler FCOMPILER - set to ifort for the Intel compiler, and to gfortran for the GNU compiler

5. you can edit the make_basic.mk file in <DRMS root>; to select the Intel compilers, edit the COMPILER and FCOMPILER make variables declared near the top of the file:

# use Intel compilers
COMPILER = icc
FCOMPILER = ifort
# use GNU compilers
COMPILER = gcc
FCOMPILER = gfortran

A NetDRMS configuration script is part of the release and it resides in <JSOC root>. configure, a csh script, will run shell scripts and a Python script. It creates several directories in <DRMS root>:

• bin - a directory that contains links to all executables in the DRMS code tree
• include - a directory that contains links to all the header files in the DRMS code tree
• jsds - a directory that contains links to all JSOC Series Definition (JSD) files
• lib - a directory that contains links to all libraries in the DRMS code tree
• localization - this directory contains project-specific make files and various files that contain the processed parameter information from config.local
• scripts - a directory that contains links to all script files in the DRMS code tree

To make NetDRMS, run:

$ cd <DRMS root>
$ sudo ./configure

configure will place the resulting compiled files into a architecture-dependent directory in <DRMS root>. There are two possible names for this directory: _linux_x86_64 and _linux_avx (for hosts that support Advanced Vector Extensions). To see which directory to expect, you can run the jsoc_machine.csh csh script:

$ build/jsoc_machine.csh
linux_avx

Running SUMS Services

To launch the SUMS daemon, sumsd.py, use the start-mt-sums.py script:

$ ssh <production user>@<SUMS host>
$ sudo python3 start-mt-sums.py daemon=<path>/sumsd.py ports=6102 --instancesfile=sumsd-instances.txt --logfile=sumsd-6102-20190627.txt --loglevel=info

The complete usage is:

usage: start-mt-sums.py daemon=<path to daemon> ports=<listening ports> [ --instancesfile=<instances file path> ] [ --loglevel=<critical, error, warning, info, or debug>] [ --logfile=<file name> ] [ --quiet ]

optional arguments:
  -h, --help            show this help message and exit
  -i <instances file path>, --instancesfile <instances file path>
                        the json file which contains a list of all the
                        sumsd.py instances running
  -l LOGLEVEL, --loglevel LOGLEVEL
                        specifies the amount of logging to perform; in order
                        of increasing verbosity: critical, error, warning,
                        info, debug
  -L <file name>, --logfile <file name>
                        the file to which sumsd logging is written
  -q, --quiet           do not print any run information

required arguments:
  d <path to daemon>, daemon <path to daemon>
                        path of the sumsd.py daemon to launch
  p <listening ports>, ports <listening ports>
                        a comma-separated list of listening-port numbers, one
                        for each instance to be spawned

start-mt-sums.py will fork one or more sumsd.py daemon processes. The ports argument identifies the SUMS host ports on which sumsd.py will listen for client (DRMS module) requests. One sumsd.py process will be invoked per port specified. The instances file and log file reside in the path identified by the SUMLOG_BASEDIR config.local parameter. The instances file is used to track the running instances of sumsd.py and is used by stop-mt-sums.py to identify running daemons.

To stop one or more SUMS services, use the stop-mt-sums.py script:

$ ssh <production user>@<SUMS host>
$ sudo python3 stop-mt-sums.py daemon=<path>/sumsd.py --ports=6102 --instancesfile=sumsd-instances.txt

The complete usage is:

usage: stop-mt-sums.py [ -h ] daemon=<path to daemon> [ ---ports=<listening ports> ] [ --instancesfile=<instances file path> ] [ --quiet ]

optional arguments:
  -h, --help            show this help message and exit
  -p <listening ports>, --ports <listening ports>
                        a comma-separated list of listening-port numbers, one
                        for each instance to be stopped
  -i <instances file path>, --instancesfile <instances file path>
                        the json file which contains a list of all the
                        sumsd.py instances running
  -q, --quiet           do not print any run information

required arguments:
  d <path to daemon>, daemon <path to daemon>
                        path of the sumsd.py daemon to halt

Registering for Subscriptions

A NetDRMS site can optionally register for a data-series subscription to any NetDRMS site that offers such a service. The JSOC NetDRMS offers subscriptions, but at the time of this writing, no other site does. Once a site registers for a data series subscription, the site will become a mirror for that data series. The subscription process ensures that the mirroring site will receive regular updates made to the data series by the serving site. The subscribing site can configure the interval between updates such that the mirror can synchronize with the server and receive updates within a couple of minutes, keeping the mirror up-to-date in (almost) real time.

To register for a subscription, run the subscribe.py script (included in the base NetDRMS installation). This script makes subscription requests to the serving site's subscription-manager. The process entails the creation of a snapshot of the data-series at the serving site. Those data are downloaded, via HTML, to the subscribing site, where they are ingested by subscribe.py. Ingestion results in the creation of the DRMS database objects that maintain and store the data series. At this time, no SUMS data files are downloaded. Instead, and optionally, the IDs for the series' SUMS Storage Units (SU) are saved in a database relation. Other NetDRMS daemons can make use of this relation to automatically download and ingest the SUs into the subscriber's SUMS. The Remote SUMS Client, rsums-clientd.py, manages this list of SUs, making SU-download requests to another client-side daemon, Remote SUMS, rsumsd.py. rsumsd.py accepts SU requests from rsums-clientd.py, downloading SUs via scp - each scp instance downloads multiple SUs.

The automatic download of data-series SUs is optional. They can be downloaded on-demand as well. In fact, if the subscribing NetDRMS site were to automatically download an SU, then delete the SU (there is a method to do this, described later), then an on-demand download is the only way to re-fetch the deleted SU. On-demand downloads happen automatically; any DRMS module that attempts to access an SU (like with a show_info -P command) that is not present for any reason will trigger an rsumsd.py request. The module will pause until the SU has been downloaded, then automatically resume its operation on the previously missing SU.

As rsumsd.py uses scp to automatically download SUs, SSH public-private keys must be created at the subscribing site, and the public key must be provided to the serving site. Setting this up requires coordinated work at both the susbscribing and serving sites:

1. On the subscribing site, run

$ sudo su - <production user>
$ ssh-keygen -t rsa

This will allow you to create a passphrase for the key. If you choose to do this, then save this phrase for later steps. In the home directory of <production user>, ssh-keygen will create a public key named id_rsa.pub.

1. Provide id_rsa.pub to the serving site

2. The serving site must then add the public key to its list of authorized keys. If the .ssh directory does not exist, then the serving site must first create this directory and give it 0700 permissions. If the authorized_keys file in .ssh does not exist, then it must first be created and given 0644 permissions:

$ sudo su - <subscription production user>
$ mkdir .ssh
$ chmod 0700 .ssh
$ cd .ssh
$ touch authorized_keys
$ chmod 0644 authorized_keys

Once the .ssh and authorized_keys files exist and have the proper permissions, the serving site administrator can then add the client site's public key to its list of authorized keys:

$ sudo su - <subscription production user>
$ cd <subscription production user home directory>/.ssh
$ cat id_rsa.py >> authorized_keys

1. If an SSH passphrase was chosen in step 1, then back at the client site, <production user> must start an ssh-agent instance to automate the passphrase authentication. If no passphrase was provided in step 1, this step can be skipped. Otherwise, run (assuming bash syntax - read the man page for csh syntax):

$ sudo su - <production user>
$ ssh-agent > ~/.ssh-agent
$ source ~/.ssh-agent # needed for ssh-add, and also for rsumsd.py and get_slony_logs.pl
$ ssh-add ~/.ssh/id_rsa

To keep ingested data series synchronized with changes made to it at the serving site, a client-side cron tab runs periodically. It runs get_slony_logs.pl, a perl script that uses scp to download "slony log files" - SQL files that insert, delete, or update database relation rows. get_slony_logs.pl communicates with the Slony-I replication software running at the serving site. Slony-I generates these log (SQL) files at the server which are then downloaded by the client.

To register for a subscription to a new series, run:

You may find that a subscription has gotten out of sync, for various reasons, with the serving site's data series (accidental deletion of database rows, for example). subscribe.py can be used to alleviate this problem. Run the following to re-do the subscription registration:

Finally, there might come a time where you no longer which to hold on to a registration. To remove the subscription from your set of registered data series run:

for example, the JSOC maintains time-distance analysis code that is part of the JSOC DRMS code tree, but it is not part of the base NetDRMS package provided to remote sites; it is possible for a NetDRMS site to install such project code by modifying a configuration file (config.local); this may require the installation of third-party software, such as math libraries and mpi.

Performing a Test Run

At this point, it is a good idea to test your installation. Although you have no DRMS/SUMS data at this point, running show_series is a good way to test various components, like authentication, database connection, etc. To test SUMS, however, you will need to have a least one DRMS data series that has SUMS data. You can obtain such a data series by using the subscription system.

Test DRMS by running the show_series command:

$ show_series

If you see no errors, then life is good.

After you have a least one data series, then you can do more thorough testing. For example, you can run:

$ show_info -j <DRMS data series>

To test SUMS (once you have some data files in your NetDRMS), you can run:

$ show_info -P <DRMS record-set specification>

To update to a newer NetDRMS release, simply create a new directory to contain the build, copy the previous config.local into the new <JSOC root> and edit it if new parameters have been added to config.local, and follow the directions for compiling DRMS. Any previous-release daemons that were running will need to be shut down, and the daemons in the newer release started.

Deciding what's next

You may wish to run a JMD or use Remote SUMS. The decision should be discussed with JSOC personnel. Once you've made this decision and installed the appropriate software (see below for Remote SUMS), you'll need to populate your DRMS database with data. For this, you'll need to be a recipient of Slony subscription data. We recommend contacting the JSOC directly to become a subscriber.

Remote SUMS

A local NetDRMS may contain data produced by other, non-local NetDRMSs. Via a variety of means, the local NetDRMS can obtain and ingest the database information for these data series produced non-locally. In order to use the associated data files (typically image files), the local NetDRMS must download the storage units (SUs) associated with these data series too. There are currently two methods to facilitate these SU downloads. The Java Mirroring Daemon (JMD) is a tool that can be installed and configured to download SUs automatically as the series data records are ingested into the local NetDRMS. It fetches these SUs before they are actually used. It can obtain the SUs from any other NetDRMS that has the SUs, not just the NetDRMS that originally produced them. Remote SUMS is a built-in tool that comes with NetDRMS. It downloads SUs as needed - i.e., if a module or program requests the path to the SU or attempts to read it, and it is not present in the local SUMS yet, Remote SUMS will download the SUs. While the SUs are being downloaded, the initiating module or program will poll waiting for the download to complete.

Several components compose Remote SUMS. On the client side, the local NetDRMS, is a daemon that must be running (rsumsd.py). There also must exist some database tables, as well as some binaries used by the daemon. On the server side, all NetDRMS sites that wish to act as a source of SUs for the client, is a CGI (rs.sh). This CGI returns file-server information (hostname, port, user, SU paths, etc.) for the SUs the server has available in response to requests that contain a list of SUNUMs. When the client encounters requests for remote SUs that are not contained in the local SUMS, it requests the daemon to download those SUs. The client code then polls waiting for the request to be serviced. The daemon in turn sends requests to all rs.sh CGIs at all the relevant providing sites. The owning sites return the file-server information to the daemon, and then the daemon downloads the SUs the client has requested, via scp, and notifies the client module once the SUs are available for use. The client module will then exit from its polling code and continue to use the freshly downloaded SUs.

To use Remote SUMS, the config.local configuration file must first be configured properly, and NetDRMS must be re-built. Here are the relevant config.local parameters:

• JMD_IS_INSTALLED - This must be set to 0 for Remote SUMS use. Currently, either the JMD or the Remote SUMS features can be used, but not both at the same time.
• RS_REQUEST_TABLE - This is the database table used by the local module and the rsumsd.py daemon running at the local site for communicating SU-download requests. Upon encountering a non-native SUNUM, DRMS will insert a new record into this table to intiate a request for the SUNUM from the owning NetDRMS. The Remote SUMS daemon will service the request and update this record with results.
• RS_SU_TABLE - This is the database table used by the Remote SUMS daemon to track SUs downloaded from the providing sites.
• RS_DBHOST - This is the local database-server host that contains the database that contain the requests and SU tables.
• RS_DBNAME - This is the database on the host that contains the requests and SU tables.
• RS_DBPORT - This is the port on the local on which the database-server host accepts connections.
• RS_DBUSER - This is the database user account that the Remote SUMS daemon uses to manage the Remote SUMS requests.
• RS_LOCKFILE - This is the path to a file that ensures that only one Remote SUMS daemon instance runs.
• RS_LOGDIR - This is the directory into which the Remote SUMS daemon logs are written.
• RS_REQTIMEOUT - This is the timeout, in minutes, for a new SU request to be accepted for processing by the daemon. If the daemon encounters a request older than this value, it will reject the new request.
• RS_DLTIMEOUT - This is the timeout, in minutes, for an SU to download. If the time the download takes exceeds this value, then all requests waiting for the SU to download will fail.
• RS_MAXTHREADS - The maximum number of download threads that the Remote SUMS daemon is permitted to run simultaneously. One thread is one scp call.
• RS_BINPATH - The NetDRMS-binary-path that contains the external programs needed by the Remote SUMS daemon (jsoc_fetch, vso_sum_alloc, vso_sum_put).

After setting-up config.local, you must build or re-build NetDRMS:

% cd $JSOCROOT
% configure
% make

It is important to ensure that three binaries needed by the Remote SUMS daemon have been built: jsoc_fetch, vso_sum_alloc, vso_sum_put.

Ensure that Python >= 2.7 is installed. You will need to install some package if they are not already installed: psycopg2, ...

An output log named rslog_YYYYMMDD.txt will be written to the directory identified by the RS_LOGDIR config.local parameter, so make sure that directory exists.

Provide all providing NetDRMS sites your public SSH key. They will need to put that key in their authorized_keys file.

Create the client-side Remote SUMS database tables. Run:

% $JSOCROOT/base/drms/scripts/rscreatetabs.py op=create tabs=req,su

Start the rsumsd.py daemon as the user specified by the RS_DBUSER config.local parameter. As this user, start an ssh-agent process and add the public key to it:

% ssh-agent -c > $HOME/.ssh-agent_rs
% source $HOME/.ssh-agent_rs
% ssh-add $HOME/.ssh/id_rsa

This will allow you to create a public-private key that has a passphrase while obviating the need to manually enter that passphrase when the Remote SUMS daemon runs scp.

Start SUMS:

% $JSOCROOT/base/sums/scripts/sum_start.NetDRMS >& <log dir>/sumsStart.log

Substitute your favorite log directory for <log dir>. There is another daemon, sums_procck.py, that keeps SUMS up and running once it is started. Redirecting to a log will preserve important information that this daemon prints. To stop SUMS, use $JSOCROOT/base/sums/scripts/sum_stop.NetDRMS.

Start the Remote SUMS daemon:

% $JSOCROOT/base/drms/scripts/rsumsd.py

Subscribing to Series

• To learn about how your institution, using its NetDRMS installation, can maintain a mirror of DRMS data that receives real-time updates, click here.