Summary

lib-52.nas.prod.nor.internal with ip address 10.195.64.66

Key Stakeholders

• DigLab - primary users of the NAS

• LTP - manages the NAS hardware, active directory groups objects used for access control, our Norfile shares, and the Windows NAS that this system is paired with

• CID - manages the OS, Samba config. and rsync to norfile

• Informatics - manages Cybercommons' remote worker: replication on validated bags to Norfile and AWS S3.

Assets and Configuration

Postfix Email

Postfix has been configured to relay mail via relay.ou.edu with IP-based authentication, so there’s no requirement that we send-as lib-noreply@ou.edu.

NAS storage in /srv shared via Samba

• /srv/workspace as //lib-52.sooner.net.ou.edu/workspace2

• /srv/bagit shared as //lib-52.sooner.net.ou.edu/bagit2

Configured as Samba shares for use by the DigiLab folks.

Share access is managed by groups in Activity Directory

• SOONER\lib-digilab-bagit-read

• SOONER\lib-digilab-bagit-write

• SOONER\lib-digilab-workspace-read

• SOONER\lib-digilab-workspace-write

Snapshots

Everything on /srv has regular snapshots based on btrfs and snapper. These live in btrfs subvolumes under /srv/snapshot.

See /etc/snapper/configs/srv , /etc/cron.daily/snapper, /etc/cron.hourly/snapper for details.

Btrfs is now deprecated in CentOS/RHEL, but we’re probably good until we upgrade CentOS major versions.

Norfile Mounted Filesystems

Filesystems from norfile are mounted on the NAS to support scripts that push data from lib-52 to shares at norfile.

• //norfile.net.ou.edu/UL-DIGILAB/workspace2 /mnt/autofs/norfile/UL-DIGILAB-workspace2

• //norfile.net.ou.edu/UL-BAGIT /mnt/autofs/norfile/UL-BAGIT

• //norfile.net.ou.edu/UL-DIGILAB/bagit2 /mnt/autofs/norfile/UL-DIGILAB-bagit2

These were initially configured in autofs, but that didn’t work reliably, so they are currently managed in fstab. They were previoulsy managed by automount, but we’ve had reliability issues with that.

These are used by two rsync scripts

• /etc/cron.daily/rsync-to-norfile-bagit

• /etc/cron.daily/rsync-to-norfile-workspace

which backup files from /srv/bagit and /srv/workspace, respectively. These mounts are not reshared or otherwise directly used by the lab.

Additional Mounted Filesystems

These mount points provide access to the DigiLab’s working directories for Cybercommon’s replication process. These mount points are managed by the autofs configs.

• //10.195.64.34/bagit → /mnt/autofs/nas1

• //10.195.64.66/bagit2 (lib-52)→ /mnt/autofs/nas2

Cybercommons

The adminq and workerq components are running on the VM as systemd services. The workerq service manages replication of bagged digital objects to Norfile and AWS S3.

• oulib-celery-workerq.service

• oulib-celery-adminq.service

These currently need:

• //10.195.64.34/bagit mounted as /mnt/autofs/nas1/bagit

• //10.195.64.66/bagit2 mounted as /mnt/autofs/nas2/bagit2 ← this is a local file system

• //norfile.net.ou.edu/UL-BAGIT mounted as /mnt/autofs/norfile/UL-BAGIT

Security

Monitoring

Backup and Restore