RFS on CSD3 (RFS-NFS)

Note

While this is a supported option for data storage and has the same resilience and protections against data loss, it has not yet been officially launched as a separate service alongside the standard RFS offering.

Until it is launched, we refer to the service here by it’s internal name ‘RFS-NFS’. We expect to launch with a different name to help users and PIs to distinguish between the two services.

Setup and configuration changes are currently processed manually and may require additional time to complete.

Overview

The storage used for RFS can be made available on the CSD3 login nodes and storage gateways (see RDS page) in order to allow it to be accessed as a internal filesystem similar to RDS and RCS. This is mounted via the NFS protocol and allows the relevant NFS commands to be used to set or modify permissions/ACLs if required. RFS-NFS projects are not directly available outside CSD3 over the CUDN, nor via SMB/CIFS. Any data transfers happen over a connection to one of the CSD3 login nodes or dedicated data transfer gateways.

Location

RFS-NFS projects are mounted on CSD3 under the /rfs/project/ area as /rfs/project/rfs-<PROJECT_ID> where PROJECT_ID is a unique identifier on our servers. Users also have a rfs area in their home directory with links to any RFS-NFS projects that reference the project name, e.g. /home/lb884/rfs/rfs-my-projectname-zYtKx53xkfY would link to /rfs/project/rfs-zYtKx53xkfY.

Permissions

Similar to the new RDS permission structure, RFS-NFS projects have two associated user groups

  • A managers group with full access to all data and ability to change permissions - rfs-<PROJECT_ID>-managers

  • A users group with no automatic access to data unless a manager has granted it - rfs-<PROJECT_ID>-users

A manager can use standard POSIX commands such as chgrp and chmod to change the group ownership of a directory or file to be the users group and grant read/write access to it.

$ chgrp rfs-zYtKx53xkfY-users datafile.txt
$ chmod g+rw datafile.txt

More advanced permissions can be set using the nfs4_setfacl command, for instance to give specific users access to a directory. The corresponding nfs4_getfacl command lists the current ACLs in place.

$ nfs4_getfacl data_directory

# file: data_directory
A:fdg:rfs-zYtKx53xkfY-managers@hpc.cam.ac.uk:rwaDdxtTnNcCoy
A:fdi:OWNER@:rwaDdxtTnNcCoy
A:fdg:Administrators@hpc.cam.ac.uk:rwaDdxtTnNcCoy
A::OWNER@:rwaDdxtTnNcCoy
A::GROUP@:rwaDxtncy
A::EVERYONE@:rxtncy

$ nfs4_setfacl -a A::rfs-zYtKx53xkfY-users@hpc.cam.ac.uk:RW data_directory

Purchasing

If you are interested in making use of this storage type, please contact the helpdesk initially at support@hpc.cam.ac.uk so we can discuss your requirements and ensure any order is setup in the correct way. Purchasing/increasing storage space and managing user roles are done as normal via the self-service storage portal. As the setup process is currently a manual one, please allow slightly longer for new projects to be made available.