Versions Compared

Old Version 27

changes.mady.by.user Stephen Kolmann

Saved on

compared with

New Version 28

changes.mady.by.user Stephen Kolmann

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

RCOS is a Linux-style data storage service, RDS is accessible via SFTP from an RCOS serverusing the following servers:

Use hpc.sydney.edu.au for data transfers between Artemis HPC and RCOS RDS only. Use research-data-ext.sydney.edu.au or research-data-int.sydney.edu.au for transfers between RCOS RDS and any other location.

The path to your RCOS folder RDS directory on all three servers is /rds/PRJ-<Project>, where <Project> is your abbreviated project name as specified in your RDMP the corresponding Researcher Dashboard (DashR) project (do not include the angle brackets).

...

.

Warning

Your RCOS RDS directory is not visible in /rds. You must type cd /rds/PRJ-<Project> to access your directory. You cannot reach it by browsing in a GUI SFTP window or by typing "ls" in /rds.

There are many ways of establishing a SFTP session. You can use any of the below methods to access RCOSRDS via SFTP. If you need to access to an internal service (rcosresearch-data-int-int or hpc) from off-campus, first connect to the University VPN, then connect to the relevant internal service.

...

Warning

In all examples below, whenever you see angle brackets < >, replace whatever is inside the angle brackets AND the angle brackets with the content relevant to you. For example, if you see <UniKey>, replace it with your UniKey. If your UniKey was abcd1234, replace <UniKey> with abcd1234.

Connecting to

...

RDS using FileZilla

FileZilla is a freely available SFTP client. You can download a copy from their website: http://filezilla-project.org. Recently, the FileZilla installer comes bundled with affiliate software. Ensure you select "no" when asked if you wish to install affiliate software. Only say "yes" to installing FileZilla.

To transfer data from your local computer to RCOS RDS using FileZilla, follow these steps:

...

If you successfully logged on, you will see a message saying “Directory listing of “/home/<unikey>” successful”. The final step is to change directories to your RCOS RDS directory:

    12. Type /rds/PRJ-<Project> in the remote site field, remembering to replace <Project> with your short project name, as specified in Researcher Dashboard (DashR).

Info

If you do not complete step 12, your data will be saved in /home/<unikey>, which is not accessible to Artemis HPC or your group members.


Warning

Your RCOS RDS directory is not visible in /rds. You must type /rds/PRJ-<Project>, as specified in step 12, to access your directory. You cannot reach it by navigating the directory tree.

...

Warning

Do not store research data in your home directories on rcosresearch-data-int.sydney.edu.au or rcosresearch-data-intext.sydney.edu.au. These directories have limited storage and are provided to store environment configuration files and SSH keys only. We will ask you to move your data to /rds/PRJ-<Project> if you store excessive amounts of data in your RCOS home directory.

To transfer data between RCOS RDS and your local computer, drag and drop files between the left-hand side (local files) and the right-hand side (RCOS RDS files).

Connecting to

...

RDS using CyberDuck

Download Cyberduck from https://cyberduck.io, then open Cyberduck and connect to RCOSRDS:

  1. Click Open Connection.
  2. Select SFTP (SSH File Transfer Protocol) from the drop-down menu at the top of the Open Connection box.
  3. In the Server field, type research-data-ext.sydney.edu.au.
  4. In the Username field, type your UniKey.
  5. In the Password field, type your UniKey password.
  6. Click Connect.
  7. When the Unknown fingerprint box appears, click the Always check box in the lower-left hand corner, then click Allow.

...

You can then transfer data to and from your local computer and RCOS RDS by dragging and dropping files between your computer’s file explorer and the Cyberduck window.

Connecting to

...

RDS using command-line SFTP

If you have access to a Linux terminal, you can use the command line program sftp to transfer files between your local computer and RCOSRDS. Open a Linux Terminal, such as Cygwin on Windows, or the built-in Terminal apps on MacOS or Linux, and type the following to connect to RCOSRDS:

Code Block
language
linenumbersfalse
sftp <UniKey>@research-data-ext.sydney.edu.au

...

You can use SFTP commands to navigate the filesystem on your local and remote computers. A summary of SFTP commands is shown in the table below. If you connected using the SFTP command above, your local computer is your computer and the remote computer is RCOSthe remote server that mounts RDS.

SFTP Command

Description

cd <directory>

Change directory on the remote computer

ls

List files on the remote computer

lcd

Change directory on your local computer

lls

List files on your local computer

pwd

Present working directory on the remote computer

lpwd

Present working directory on your local computer

mkdir <directory>

Make a directory on the remote computer

lmkdir <directory>

Make a directory on your local computer

put <file(s)>

Copy files from your local computer to the remote computer

get <file(s)>

Copy files from the remote computer to your local computer

Using scp or rsync

scp and rsync can be used on research-data-int.sydney.edu and hpc.sydney.edu.au only. research-data-ext.sydney.edu.au only allows SFTP connections. An example rsync command to transfer data from your local computer to RCOS RDS is:

Code Block
language
linenumbersfalse
rsync -tvxPr /path/to/my/files <UniKey>@research-data-int.sydney.edu.au:/rds/PRJ-<Project>/

Intermittent "permission denied" errors when accessing RCOS data

If you are a member of 5 or more DashR projects, you may occasionally experience intermittent "permission denied" errors when accessing data on RCOS. If you're impacted by this, you can perform data transfers to/from RCOS using a server called rdocpk00605.srv.sydney.edu.au (equivalent to research-data-int.sydney.edu.au) instead. Log into this server via SSH using your unikey and password (avoid using SSH key pairs for authentication). You can use this server in the same way as the existing RCOS servers. For example, via FileZilla, CyberDuck or Linux command line tools such as scp, SFTP or SSH.

You can also use krb-dm.hpc.sydney.edu.au, which is equivalent to an Artemis login node. Use krb-dm.hpc.sydney.edu.au when transferring data between Artemis and RCOS, and use rdocpk00605.srv.sydney.edu.au when transferring data between anywhere else and RCOS.

Why does this happen?

In our current RCOS storage system, anyone who is a member of more than 16 "groups" may randomly experience permission problems when accessing RCOS projects. The root cause of the problem is the strict implementation of the NFS protocol (RFC 5531) delivered by the NFS Linux client (ie the RCOS server trying to access RCOS data) when it uses the default AUTH_SYS authentication.

To work around this 16 group limit, we have created an RCOS server that uses Kerberos authentication instead of the default AUTH_SYS authentication. Kerberos is a security mechanism granting access to resources based on a TGT (Ticket Granting Ticket) issued by a trusted source (in our case Active Directory). Kerberos TGTs are the 'passport' allowing you to write into your RCOS areas. They are granted automatically on login except when SSH public keys are used (this particular case is discussed in detail in the following troubleshooting section). TGTs are renewed automatically up to a maximum of 7 days. After 7 days, you will have to log out and log in again to get a new TGT.

Troubleshooting errors on rdocpk00605.srv.sydney.edu.au or krb-dm.hpc.sydney.edu.au

If you are getting 'Permission denied' errors while using rdocpk00605.srv.sydney.edu.au or krb-dm.hpc.sydney.edu.au, the most probable cause is you failed to acquire a valid Kerberos ticket or your previous Kerberos ticket expired. Try logging out and logging in again, ensuring you do not use any SSH key pairs. For example, you could try logging in with this command:

Code Block
languagebash
ssh -o PubKeyAuthentication=no <Unikey>@rdocpk00605.srv.sydney.edu.au
Warning

When you log in into RCOS services using public SSH keys, there is no password crosscheck against the University Active Directory system. As a consequence, you will not get a Kerberos TGT.

You can confirm whether you successfully acquired a valid Kerberos ticket by executing "klist" after logging in via SSH. Your klist output should look similar to the below output:

Code Block
ssh <Unikey>@rdocpk00605.srv.sydney.edu.au
(...)

[<Unikey>@rdocpk00605 ~]$ klist
Ticket cache: FILE:/tmp/krb5cc_492169_hGsjQu
Default principal: <Unikey>@SHARED.SYDNEY.EDU.AU

Valid starting     Expires            Service principal
07/31/18 09:07:34  07/31/18 19:07:34  krbtgt/SHARED.SYDNEY.EDU.AU@SHARED.SYDNEY.EDU.AU
	renew until 08/07/18 09:07:34
07/31/18 09:55:53  07/31/18 19:07:34  nfs/nas-fs86-prd-1.shared.sydney.edu.au@SHARED.SYDNEY.EDU.AU
	renew until 08/07/18 09:07:34

If you failed to get a Kerberos TGT automatically on login, you can still request one using the "kinit" command.

Code Block
[<Unikey>@rdocpk00605 ~]$ klist
klist: No credentials cache found (ticket cache FILE:/tmp/krb5cc_492169_hGsjQu)

[<Unikey>@rdocpk00605 ~]$ touch /rds/PRJ-ICT/test3
touch: cannot touch `/rds/PRJ-ICT/test3': Permission denied

[<Unikey>@rdocpk00605 ~]$ kinit <Unikey>@SHARED.SYDNEY.EDU.AU
Password for <Unikey>@SHARED.SYDNEY.EDU.AU: 

[<Unikey>@rdocpk00605 ~]$ touch /rds/PRJ-ICT/test3
[<Unikey>@rdocpk00605 ~]$ ll /rds/PRJ-ICT/test3
-rw-r--r--. 1 <Unikey> rdn-core-ict 0 Jul 31 11:52 /rds/PRJ-ICT/test3

...