Policies for Using Online Directories and Accounts

From GlueXWiki
Revision as of 17:42, 22 November 2013 by Wolin (Talk | contribs)

Jump to: navigation, search

Draft - for discussion - Draft

This note is intended to jump-start a discussion on how to organize online directories and how to use online accounts. Comments, suggestions and criticisms are welcome. Our hope is to come to general consensus and expect developers to follow the guidelines fairly soon.


Elliott Wolin, Dave Lawrence, Mark Dalton
22-Nov-2013


Below we discuss suggested best practices concerning allocation of directories on the online file server, as well as guidelines for using the various accounts available on the online computer system. Our recommendations are based long-term on experience from CLAS, experience from the Hall D offline software effort, GlueX-doc-1892 developed as part of the 12GEV planning process concerning this topic, and discussions with Serguei P and others.


Goals

The single most important goal is to protect the production software deployment directories from accidental overwrite. Note that the worst case is not simply causing the system to hang or crash, rather it is to cause the system to appear to work but not work properly. Many days of data taking could in principle be lost if this happens.

Another important goal is to provide a suitable environment for developers. This should that allow for simple, rapid development, testing and installation of new code, and easy collaboration among developers. Note that we have already implemented a code build and management system that will not be discussed further here except to show how it furthers the goals discussed in this document.

Finally, for those of us who will be on call, another goal is to minimize the number of calls we get at 3am.


Directory Strategy

Almost all directories of interest reside on the gluonfs1 file server in /gluex. This area is visible on all computers and ROCs in the online cluster, and can be seen from all accounts. This includes the main operator account, hdops, as well as individual accounts. It is critical to get the protections in this area correct so that code can be developed and tested by individuals, installed by system installers (via the hdsys account), and used but not overwritten by the hdops account. Of course the hdops account will need to have write access to some directories, for logging, backup and the like.

In analogy with the offline, the main code deployment directory is /gluex/builds, with many named builds appearing underneath. This area must be read-only to hdops, and only writeable from the hdsys account. Operators and developers must be able to rely on finding working code in the build areas, with the exception of the devel build, which by its very nature is unstable.

Again as in the offline, /gluex/Subsystems should be used by groups of developers to share code, and group protections here should be set up to allow this. Note that in general you need "umask 002" to allow for shared code development in a single area.

Similarly, /gluex/Users is for individual use. Note you can also use /home/<your-username>, although system protections might be somewhat stricter here than in /gluex/Users.


Account Strategy

Retrieved from "https://halldweb.jlab.org/wiki/index.php?title=Policies_for_Using_Online_Directories_and_Accounts&oldid=53013"