OC heart File-Service
This is a modal window.
Das Video konnte nicht geladen werden, da entweder ein Server- oder Netzwerkfehler auftrat oder das Format nicht unterstützt wird.
Formale Metadaten
| Titel |
| |
| Serientitel | ||
| Anzahl der Teile | 22 | |
| Autor | ||
| Mitwirkende | ||
| Lizenz | CC-Namensnennung - Weitergabe unter gleichen Bedingungen 3.0 Unported: Sie dürfen das Werk bzw. den Inhalt zu jedem legalen und nicht-kommerziellen Zweck nutzen, verändern und in unveränderter oder veränderter Form vervielfältigen, verbreiten und öffentlich zugänglich machen, sofern Sie den Namen des Autors/Rechteinhabers in der von ihm festgelegten Weise nennen und das Werk bzw. diesen Inhalt auch in veränderter Form nur unter den Bedingungen dieser Lizenz weitergeben. | |
| Identifikatoren | 10.5446/42773 (DOI) | |
| Herausgeber | ||
| Erscheinungsjahr | ||
| Sprache |
Inhaltliche Metadaten
| Fachgebiet | ||
| Genre | ||
| Abstract |
|
ownCloud conference, 201613 / 22
1
7
10
11
13
16
18
20
22
00:00
Fuzzy-ClusteranalyseRechenwerkVirtualisierungFamilie <Mathematik>WärmeübergangInformationsspeicherungInformationsmanagementMusterspracheDesintegration <Mathematik>Interface <Schaltung>SynchronisierungSkalierbarkeitNetzwerk-gebundene SpeicherungVollständiger VerbandKerberos <Kryptologie>DateisystemSoftwareNamensraumBenutzerfreundlichkeitDatenbankMaschinenschreibenPerspektiveSoftwareTypentheorieWellenpaketBildschirmfensterIntegralProgrammierumgebungBitEinfach zusammenhängender RaumErwartungswertGerichteter GraphGrundraumInhalt <Mathematik>MereologieSpeicherabzugVirtuelle MaschineQuick-SortSystemaufrufVersionsverwaltungSystemprogrammFamilie <Mathematik>Automatische HandlungsplanungCASE <Informatik>NormalvektorVerzeichnisdienstGraphische BenutzeroberflächeGemeinsamer SpeicherFächer <Mathematik>QuaderAuthentifikationInformationsspeicherungProtokoll <Datenverarbeitungssystem>BaumechanikService providerElektronische PublikationClientPunktwolkeOpen SourceDifferenteAutorisierungKerberos <Kryptologie>Hook <Programmierung>MultiplikationsoperatorURLDienst <Informatik>VirtualisierungBenutzerbeteiligungInterface <Schaltung>PRINCE2MusterspracheMobiles InternetFacebookUnternehmensarchitekturComputeranimation
07:47
TelekommunikationSchlussregelSchriftzeichenerkennungSynchronisierungKerberos <Kryptologie>StellenringInformationsspeicherungFehlermeldungClientLesen <Datenverarbeitung>VerzeichnisdienstMeta-TagPERM <Computer>StatistikInhalt <Mathematik>Primitive <Informatik>BruchrechnungCodeMathematikTelekommunikationDateiverwaltungBildschirmfensterSynchronisierungBenutzeroberflächeArithmetisches MittelBitGerichteter GraphGrundraumMaßerweiterungMereologieZentralisatorOvalKonfigurationsraumVersionsverwaltungVerzeichnisdienstNamensraumGraphische BenutzeroberflächeVollständigkeitGemeinsamer SpeicherInformationsspeicherungLesen <Datenverarbeitung>SchnelltastePlastikkarteElektronische PublikationSkalierbarkeitClientPunktwolkePasswortEndliche ModelltheorieKerberos <Kryptologie>NeuroinformatikNetzwerk-gebundene SpeicherungWeb logFront-End <Software>LoginMultiplikationsoperatorSchlussregelDienst <Informatik>PortscannerTypentheorieEinfach zusammenhängender RaumGeradeStrömungsrichtungVolltextInterface <Schaltung>Computeranimation
15:23
VerzeichnisdienstInformationsspeicherungLesen <Datenverarbeitung>SynchronisierungATMStandardabweichungMathematikKontrollstrukturGemeinsamer SpeicherSpeicherabzugFokalpunktEinfach zusammenhängender RaumFuzzy-ClusteranalyseSchriftzeichenerkennungMathematikProdukt <Mathematik>BildschirmfensterSynchronisierungBitEinfach zusammenhängender RaumGeradeInverser LimesMereologieMomentenproblemProjektive EbeneSpeicherabzugTabelleVirtuelle MaschineZentrische StreckungVerschlingungServerStochastische AbhängigkeitVerzeichnisdienstATMDistributionenraumGemeinsamer SpeicherSchnittmengeOffene MengeAuthentifikationProtokoll <Datenverarbeitungssystem>Installation <Informatik>Elektronische PublikationSkalierbarkeitClientPunktwolkeOpen SourceWeb SiteAutorisierungMini-DiscKerberos <Kryptologie>Hook <Programmierung>SystemplattformStandardabweichungSchreiben <Datenverarbeitung>Rechter WinkelDienst <Informatik>Interface <Schaltung>PRINCE2GamecontrollerMobiles InternetSoftware Development KitPerspektiveZusammenhängender GraphWurzel <Mathematik>Graphische BenutzeroberflächeStabilitätstheorie <Logik>Verbindungsloser ServerErweiterte Realität <Informatik>Computeranimation
Transkript: Englisch(automatisch erzeugt)
00:14
Hello Thank you for having us here. It's my first time at this type of open source conference
00:21
And I like to get in touch with the community and to learn how it works here And how people think and how people decide a few of you. I met during the last two years I think but most of most of you who are new to me So thanks for having me and us here my colleague Michael and me from the University of Augsburg in Bavaria somewhere near Munich
00:48
What I learned is that everybody from us has a different approach a different perspective on own cloud or What he wants to get from it? What what are the priorities? so it's no difference with us and I today want to tell you the story of
01:05
Two guys we call them own cloud and file service and obviously they love each other or we want To find out whether they want to fall in love So we decided on cloud would be the girl and
01:20
File service would be the boy so the princess and the prince and this shiny armor They are waiting and the gap is large you see and will they? Step over the gap will they come together? Will they perhaps join have a nice time in the park will they bring sorry
01:41
Will they bear fruit will they have kids together? Will they grow old together Or will they settle it with well, it's not a love story Let's at least do business together make it a success story
02:01
So we will look into it how it ends First we start with the expectations of others so the king and the queen Obviously have their own opinions about how this should go what they expect from this alliance and I tell you what I think what we should expect from this people want something
02:23
Which I would call data virtualization if you ask Google they mean something a little bit different at what we mean But what is data virtualization? Virtualization from my perspective is a lot of things like resource Utilization and having a lot of test machines and there are different things of on virtualization, but the main core
02:42
Thing is I think to lose to loosen the ties between something you want and physical entities So if you have virtual network Then you want to have network and not to care about the boxes if you have what? Virtual service you want to have a lot of virtual service and not to care about Geolocations networks or any physical entities so for example with mobility
03:05
I don't know. What is the talk in the world, but in Germany we have a lot of Car manufacturers, and they will all want to become mobility service providers so mobility as a service That's the goal of the industry as far as we see this in Germany so previously you bought a car and
03:25
You took care about the car now They would like to sell you mobility and give you a car a train a plane whatever you need They take your money and Let you let them think so that's the deal They take care about all the problems, and you have to pay so bad to have a window lock-in
03:45
With own clouds you don't have to outsource the thing you want to get so you can to virtualize it in-house so perhaps the deal is not so bad as its mobility, but Take care So what the king and the queen expect from data virtualization from the alliance between
04:03
own cloud or cloud storage and the file service is they want data virtualization which means The user of the data does not care about where the data sits how it's transported how it's organized Nothing you want to access it and use it wherever and whenever it's needed
04:20
Literally okay, so the suitors we have on cloud she What has she to recommend herself I think one thing is clear from beginning. There's a usage pattern Everybody knows this now cloud storage, so there's the sink so she brings people together in this case devices
04:42
You bring mobile devices into data usage and the other thing is you share with people you couldn't access before because they were not a part of your LDAP So this is the sink and share usage pattern she That's that's nice on her okay, and the other thing she brings in Perhaps useful if you have to manage a file service an enterprise file service
05:02
She has a web GUI or on the on the desktop clients here is a client an explorer integration One stop one place where you could put in all the features you cannot do on the command line you cannot do Or you want to do the manually one place where users can change the quota Users can do whatever they need to do in the file service or in the cloud storage
05:24
Is she ready yet is she old enough is she grown up? Well, we have to find out the first thing happened she now has got a thing called external storage interface and That's the place where they could hook up possibly
05:42
There's the thing you're probably we had in beginning Is the primary storage and the primary storage is let's think about it as her apartment She organizes stuff there She rules it She's everything in her database and the database tells the truth about her apartment and the database is small and tiny and
06:01
It's put in her handbag. He is different. He's on the secondary storage It's his apartment, and he does things differently now. Yes. I know it's and stuff and Just look on my workbench. You will find it there Okay, that's her side, and what's about him. So what's that? What has he to offer?
06:22
Well, he has old reliable capable Performant connections, so he has a protocol called SMB. It's been there for quite some time probably you heard there's an SMB 2 & 3 and you should look on into them because they improved quite a lot and Perhaps you haven't found out the tools. Normally don't tell you which version you use
06:41
so please try to use at least an SMB 2 version and there's NFS and it's as Well, it's old and now but it has a few advantages and it allows you to connect to server machines It allows you to connect old to old POSIX software. So perhaps
07:00
It's interesting for her to look at that and here's another important thing. He owns the content Normally her here everywhere you need to content Facebook on a single machine her today without content It's boring. So he has the content in our environment. So our perspective University they were collecting data inside the file service literally for decades. The data is sitting there
07:26
She has no access to this data and meet the family. There's more to him for example the Authentication authorization infrastructure. He lots knows a lot about active directory 11 cameras Is he ready to give up his freedom? Well, I don't know but I want to tell about him a little bit
07:47
That you get to know him and you get an impression whether he could give up his freedom and would be interested His name is called campus file systems. Oh, that's how it's called at our place So now every computer in the campus you have access and obviously if you have used VPN
08:01
It's basically a central scalable NAS central means we have one NAS at the university and you can connect Access data over SMB and NFS v4 Almost equally so the same file the same directory almost equally we're fighting very hard that it's equally as far as we can get
08:22
It has one Unified global namespace and he has a special interest he cares about ACLs Because NFS v4 ACLs is the best common denominator we found to Take care about permissions. So now we think about
08:44
It's a card version. Oh, sorry, perhaps not It has to be so What is now the the the way the path they can get to to happiness? Yeah
09:01
First step the question three. So who makes the first step who will start she or he? Then they will learn probably that communication is very important each relationship. You're probably already noticed and Then we find out what they have to share and there should be some rules if you move in together you perhaps need
09:21
need some rules and Transparency, we'll see what that is. And then we find out is there a happy ever after for own cloud and file service so The question is who makes the first step we decided it's time to for her
09:40
Which means own cloud to make the first step and helped a little bit along We developed a user backend for Kerberos, which means it's possible to intercept the login credentials Use this credentials to create a Kerberos ticket and then discard the password. This means we can access The file service as a data, which is stored without actually saving the password then we use bind FS and
10:04
Kerberos ticket to remount the NFS share and told own cloud to access the File service through bind FS as a search type local the first date looked very promising we were able to log in into own cloud sync the
10:26
Sync the data to devices But later we discovered some communication problems mainly the update issue I mean own cloud does not pick up all changes which are made in the file service when it's not coming through own clouds
10:40
And the problem is because we are using the we are syncing the complete home directory We have a lot of hidden dot files Configuration files and a lot of stuff which makes it very hard to scan through it so Communication is important at every relationship. So how does she pick up on changes he makes so
11:06
Staying in sync is the question we Found some issues or Problems one is all is already addressed in a github issue Which is the scanner relies on a propagated m-type, which is always possible with external storage today
11:26
We heard it's a there's a SMB SMB notification Problem as a notification extension is used to solve this problem over SMB But we are not using SMB currently. So maybe then you must find some other
11:41
Solution for our problem regularly full scans are very slow Because of the reasons I mentioned earlier because a lot of files are there also a lot of small hidden files So it's very complicated We took approximately 10 minutes to scan a home directory and with 25,000 users users it would take a while and
12:02
We also discovered that some e-texts are not propagated correctly, but we had an old old lot version Maybe it's already fixed. I'm not sure about that and we had also some problems because The file service can be accessed through windows or Linux or Mac computers There are also files inside it
12:22
Which are not compliant to the own cloud naming restrictions. This means the client is very good in picking in prohibited prohibiting File names which are not according to the rules and coming into own cloud You can't get it into over the sync line or what a web interface that a problem is if they're really inside
12:43
The external storage the client the sync line has a problem in getting it out It didn't fail gracefully it stops abruptly Restarts the complete synchronization would face again at the same So if you have a file that starts with a if a problem, you're never Getting the sink of the other files because it always stops at a
13:05
So It's my part. We continue sharing. So the first step was made With the connection so that they can mount the data the second problem you found out this next step we're
13:24
Running against is does he does she pick up the changes? Okay, you got this we could get to this back later Now the external storage interface is I don't do I understand it is only for synchronization but we would like to have sharing in our file service and
13:42
We think that it's possible because we have rich ACLs in place there and To get the The way own cloud handles sharing permissions In sync or some in cooperation with the fight service. We have to understand both sides So I start with the permissions on the own cloud side as we understood that
14:05
it in 2005 looking in the code there is the permission model model called crudes create read update delete share so If there's a documentation what you want to achieve with this in in on cloud, please show me
14:28
Sorry, okay So five permissions we have read well, that's very simple you want to read the file directory Share can share
14:40
Someone is allowed to set sharing well self-explaining Can edit if you do can edit on the GUI you have three permissions set if you have a directory because you have set create update and delete and If it's a file you only have update so if a distinction between files and directories File is the file itself
15:02
Directory is everything in the directory. I have the confusion about change and update Yeah, so as far as we we got now Let's look on the ACLs and that's a little bit confusing overwhelming for in the in the first step
15:20
Short overview, so these are NFS before ACLs They look almost the same as NTFS Windows ACLs almost the same. Okay. It's not the same. We have your 14 bits and 14 bits can be set on files directories file inherit directory inherit as in Windows There are a few hiccups. So for example, you have a right modify and an append and
15:44
Nobody implements this you always have right and append and so it narrows down on the permissions You need in the end really is so primitive. It's only stored in NFS before there's no usage of it at all Right ACL and change ownership is almost the same as we will find out
16:02
Now this is a projection of crudes inside ACLs as we would try it as we would understand it so every place where we have an R is read so capital R right hand small our left hand and One could try to do it this way if we would
16:23
Change the sharing API to write a sales if a sharing is done. So bottom line We could talk about this tables longer the bottom line is They Were the POSIX mode it's ancient already, but it's still there and it's very limited. There were the POSIX ACLs and
16:45
Who is using them? Okay, and then we have the NTF ACLs probably if you have some Windows machine you're using them even if you don't want to and then there are the NFS before ACLs they are as I said quite similar and
17:04
If you use them the right way both of them then you can like it's done in our file service Get from both sides what you want so you write on one side as you would like to write it and then you Add some extra that the other side is happy and then you go on the other side and you see what you want to
17:20
see and then as crudes I Think it can be mapped on NTFS or NFS before ACLs. It requires some reasonable compromises, but I think it could be done Would it be worth doing it? Well, I have to ask you For Windows, Windows, I think they were the first to have 14 bits in permissions
17:45
And if you go in the GUI, they don't Show you with 14 bits. They show you read Change it would be write and read and full control of it would be read write and can share Set ACLs, so they don't use all the 14 bits. So why not projecting it down as they do it?
18:09
These two steps would make so making synchronization possible making sharing possible would enhance greatly the service to our users so to the kits of the prince and the princess a
18:25
Lot of other things can be done you said we wrote transparency someone said before platform So we would like to see on each way you access the service the same features So for example, obviously we can browse and access the data
18:42
but you would we would like to set the share on the command line from the NFS side and get it exposed on the mobile client over on cloud or to see over the NFS side What is shared with me what is shared by me we can use links for this links are not Synchronized with own clouds you can we can
19:01
And try to not show them on the window side and use Windows links there. We think this could be done but this is a lot of work. So the fourth step if we get there Last question. Will there be a happy ever after for the two of them? Well, it depends on you. I guess a few things we would need need from
19:24
You is so please explain to us the scanning the design the known issues The triggers and how we could optimize it. We have the GPFS running in the back It has a very powerful scanning engine. It would be very good to hook this together
19:42
explain the sharing where could we get in there and Write ACLs and let own cloud depend perhaps on ACLs or obey ACLs Well from my perspective, I would own cloud like to ask to focus on its core features
20:01
so sync and share data reliable scalable and Well, keep own cloud open and connected don't invent everything again and again like Authentication authorization the best thing for us is if you can plug it in Once again for the NFS interface our installation at the moment is the way we could have
20:25
independent own cloud installations talking as a user in person issue Personation as the user to the file service the file service would not mind whether there's one two or ten installations independent if own cloud talks to the Active Directory or the LDAP and to the file service over NFS over standard protocol
20:44
scaling gets easier, so Keep it open keep it connected keep designed in the way that it uses what's already out there and Then perhaps the two of them will have an happy ever after in the sunset. Yes
21:31
Which distribution are we using at the different components? So there are different answers to this currently where we must admit that we are using AIX for the NFS v4 export on the GPFS
21:41
site and it's obvious that this will not last forever because IBM itself is switching from AIX there to Nisha Open source project which is part of their product comes as rpm with them and this would run Well on every Linux they currently support
22:01
they currently support so GPFS has the File either the disk access and the export and the disk access is more restricted on the OS on the Linux OS And the export is not so restricted. So I think they support SUSE, Red Hat and partly Debian Ubuntu and On cloud we are running on Ubuntu, but the own cloud server
22:25
I stress this is not root on the file service. The own cloud server is a client So it gets the credentials of the user creates a Kerberos ticket and then just uses NFS Okay other questions So someone over there promised to talk to tell us something later so I come back to this thank you much