13647: Merge branch 'master' into 13647-keepstore-config

[arvados.git] / doc / install / install-keepstore.html.textile.liquid

---
layout: default
navsection: installguide
title: Install Keepstore servers
...
{% comment %}
Copyright (C) The Arvados Authors. All rights reserved.

SPDX-License-Identifier: CC-BY-SA-3.0
{% endcomment %}

Keepstore provides access to underlying storage for reading and writing content-addressed blocks, with enforcement of Arvados permissions.  Keepstore supports a variety of cloud object storage and POSIX filesystems for its backing store.

h3. Plan your storage layout

In the steps below, you will configure a number of backend storage volumes (like local filesystems and S3 buckets) and specify which keepstore servers have read-only and read-write access to which volumes.

It is possible to configure arbitrary server/volume layouts. However, in order to provide good performance and efficient use of storage resources, we strongly recommend using one of the following layouts:

# Each volume is writable by exactly one server, and optionally readable by one or more other servers. The total capacity of all writable volumes is the same for each server.
# Each volume is writable by all servers. Each volume has enough built-in redundancy to satisfy your requirements, i.e., you do not need Arvados to mirror data across multiple volumes.

We recommend starting off with two Keepstore servers.  Exact server specifications will be site and workload specific, but in general keepstore will be I/O bound and should be set up to maximize aggregate bandwidth with compute nodes.  To increase capacity (either space or throughput) it is straightforward to add additional servers, or (in cloud environments) to increase the machine size of the existing servers.

By convention, we use the following hostname pattern:

<div class="offset1">
table(table table-bordered table-condensed).
|_Hostname_|
|keep0.@uuid_prefix@.your.domain|
|keep1.@uuid_prefix@.your.domain|
</div>

Keepstore servers should not be directly accessible from the Internet (they are accessed via "keepproxy":install-keepproxy.html), so the hostnames only need to resolve on the private network.

h2. Install Keepstore

On Debian-based systems:

<notextile>
<pre><code>~$ <span class="userinput">sudo apt-get install keepstore</span>
</code></pre>
</notextile>

On Red Hat-based systems:

<notextile>
<pre><code>~$ <span class="userinput">sudo yum install keepstore</span>
</code></pre>
</notextile>

Verify that Keepstore is functional:

<notextile>
<pre><code>~$ <span class="userinput">keepstore --version</span>
</code></pre>
</notextile>

h3. Create a superuser token

If you haven't already done so, create a superuser token.

{% include 'create_superuser_token' %}

h3. Update cluster config file

Add or update the following sections of @/etc/arvados/config.yml@ as needed. Refer to the examples and comments in the "default config.yml file":{{site.baseurl}}/admin/config.html for more information.

<notextile>
<pre><code>Clusters:
  <span class="userinput">uuid_prefix</span>:
    SystemRootToken: zzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzz
    Services:
      Keepstore:
        InternalURLs:
          "http://<span class="userinput">keep0.uuid_prefix.example.com</span>:25107/": {}
    API:
      MaxKeepBlobBuffers: 128
</code></pre>
</notextile>

h3. Notes on storage management

On its own, a keepstore server never deletes data.  The "keep-balance":install-keep-balance.html service determines which blocks are candidates for deletion and instructs the keepstore to move those blocks to the trash.

When a block is newly written, it is protected from deletion for the duration in @BlobSigningTTL@.  During this time, it cannot be trashed or deleted.

If keep-balance instructs keepstore to trash a block which is older than @BlobSigningTTL@, and @BlobTrashLifetime@ is non-zero, the block will be moved to "trash".  A block which is in the trash is no longer accessible by read requests, but has not yet been permanently deleted.  Blocks which are in the trash may be recovered using the "untrash" API endpoint.  Blocks are permanently deleted after they have been in the trash for the duration in @BlobTrashLifetime@.

Keep-balance is also responsible for balancing the distribution of blocks across keepstore servers by asking servers to pull blocks from other servers (as determined by their "storage class":{{site.baseurl}}/admin/storage-classes.html and "rendezvous hashing order":{{site.baseurl}}/api/storage.html).  Pulling a block makes a copy.  If a block is overreplicated (i.e. there are excess copies) after pulling, it will be subsequently trashed and deleted on the original server, subject to @BlobTrash@ and @BlobTrashLifetime@ settings.

h3. Configure storage volumes

Available storage volume types include POSIX filesystems and cloud object storage.

* To use a POSIX filesystem, including both local filesystems (ext4, xfs) and network file system such as GPFS or Lustre, follow the setup instructions on "Filesystem storage":configure-fs-storage.html
* If you are using S3-compatible object storage (including Amazon S3, Google Cloud Storage, and Ceph RADOS), follow the setup instructions on "S3 Object Storage":configure-s3-object-storage.html
* If you are using Azure Blob Storage, follow the setup instructions on "Azure Blob Storage":configure-azure-blob-storage.html

h2. Run keepstore as a supervised service

h3. Start the service (option 1: systemd)

If your system does not use systemd, skip this section and follow the "runit instructions":#runit instead.

If your system uses systemd, the keepstore service should already be set up. Restart it to read the updated configuration, and check its status:

<notextile>
<pre><code>~$ <span class="userinput">sudo systemctl restart keepstore</span>
~$ <span class="userinput">sudo systemctl status keepstore</span>
&#x25cf; keepstore.service - Arvados Keep Storage Daemon
   Loaded: loaded (/etc/systemd/system/keepstore.service; enabled; vendor preset: enabled)
   Active: active (running) since Tue 2019-09-10 14:16:29 UTC; 1s ago
     Docs: https://doc.arvados.org/
 Main PID: 25465 (keepstore)
    Tasks: 9 (limit: 4915)
   CGroup: /system.slice/keepstore.service
           └─25465 /usr/bin/keepstore
[...]
</code></pre>
</notextile>

h3(#runit). Start the service (option 2: runit)

Install runit to supervise the keepstore daemon.  {% include 'install_runit' %}

Install this script as the run script @/etc/sv/keepstore/run@ for the keepstore service:

<notextile>
<pre><code>#!/bin/sh

exec 2>&1
GOGC=10 exec keepstore
</code></pre>
</notextile>

h2. Set up additional servers

Repeat the above sections to prepare volumes and bring up supervised services on each Keepstore server you are setting up.

h2. Restart the API server and controller

After adding all of your keepstore servers to the Services section, make sure the cluster config file is up to date on the API server host, and restart the API server and controller processes to ensure the changes are applied.

<pre>
sudo systemctl restart nginx arvados-controller
</pre>

h2(#testing). Testing keep

Install the "Python SDK":{{site.baseurl}}/sdk/python/sdk-python.html

@ARVADOS_API_HOST@ and @ARVADOS_API_TOKEN@ must be set in the environment.

You should now be able to use @arv-put@ to upload collections and @arv-get@ to fetch collections:

<pre>
$ echo "hello world!" > hello.txt

$ arv-put --portable-data-hash hello.txt
2018-07-12 13:35:25 arvados.arv_put[28702] INFO: Creating new cache file at /home/example/.cache/arvados/arv-put/1571ec0adb397c6a18d5c74cc95b3a2a
0M / 0M 100.0% 2018-07-12 13:35:27 arvados.arv_put[28702] INFO:

2018-07-12 13:35:27 arvados.arv_put[28702] INFO: Collection saved as 'Saved at 2018-07-12 17:35:25 UTC by example@example'
59389a8f9ee9d399be35462a0f92541c+53

$ arv-get 59389a8f9ee9d399be35462a0f92541c+53/hello.txt
hello world!
</pre>