Migrating IBM Spectrum Conductor to use root squashed shared file systems

Root squash refers to a reduction of the access rights for the remote superuser (root) when using identity authentication. IBM Spectrum Conductor supports instance group deployments to root squashed shared file systems by specifying export ROOT_SQUASH_INSTALL=Y during installation to a shared file system (such as IBM Spectrum Scale). However, if you have installed IBM Spectrum Conductor without this parameter setting, and now want your IBM Spectrum Conductor installation to support root squash, you can migrate your installation to support root squash by completing these manual steps after installing and configuring IBM Spectrum Conductor.

Before you begin

  1. Within a IBM Spectrum Conductor environment, Docker does not support root squashed installations and root squash instance group deployments.
  2. In this task you will stop and restart the instance groups, and therefore, must be a cluster administrator, consumer administrator, or have the Instance Groups View, Instance Groups Control, Services View and Services Control permissions. Before you stop instance groups, ensure you have shut down all notebook kernels, and closed all applications associated with the instance group that you want to stop.
  3. This task also requires a step as the user with superuser permissions to log in to a host that can access the $EGO_TOP IBM Spectrum Conductor installation directory.

Procedure

  1. Ensure correct permissions for the EGO log and work directories required by IBM Spectrum Conductor: set them to locations that are not root squash enabled, using the EGO_WORKDIR and EGO_LOGDIR parameters in the ego.conf configuration file on each host in your cluster. For example: 
    # EGO working and logging directory
EGO_WORKDIR=/myworkdirectory/work
EGO_LOGDIR=/mylogdirectory/log
    Once you complete this change to the ego.conf file on each host, restart EGO on all hosts in the cluster:
    egosh ego restart all

    This step is required after installing IBM Spectrum Conductor for a root squash enabled installation.

  2. Stop all instance groups:
    1. From the cluster management console, select Workload > Instance Groups.
    2. Select all of the instance groups.
    3. Click Stop.
    4. Confirm your selection.
  3. Stop the elk-shipper and SparkCleanup services:
    1. Select System & Services > EGO Services > Services, and click the System Services tab.
    2. Locate elk-shipper within the Service name column. In the Actions menu, select Stop, and then click OK to confirm.
    3. Click the Other Services tab.
    4. Locate SparkCleanup within the Service name column. In the Actions menu, select Stop, and then click OK to confirm.
  4. Set the execution user for the elk-shipper and SparkCleanup services as the cluster administrator OS user:
    1. Select System & Services > EGO Services > Service Profiles, and click the System Services tab.
    2. Click elk-shipper within the Service name column to open the service profile for this service.
    3. Locate the ego:ActivitySpecification section, and click the value for ego:ExecutionUser, and change it to the cluster administrator OS user name.

      If the ego:ExecutionUser field does not yet exist in this section, from the Actions menu, select Insert "ego:ExecutionUser" to add it to the section. Next, click the field for the value of ego:ExecutionUser, and specify the cluster administrator OS user name as the value.

    4. Click Save.
    5. Select System & Services > EGO Services > Service Profiles, and click the Other Services tab.
    6. Click SparkCleanup within the Service name column to open the service profile for this service.
    7. Repeat steps 4.c and 4.d for the SparkCleanup service.
  5. Change the owning user and group for the metadata for the elk-shipper and SparkClean services:
    1. As a superuser, log in to a host that can access the $EGO_TOP IBM Spectrum Conductor installation directory and navigate to this installation directory.
    2. Run the following commands (the following examples use $CLUSTER_ADMIN as the cluster administrator OS user name, and $CLUSTER_ADMIN_GRP is the user group for the cluster administrator):
      1. find $EGO_TOP/integration/elk -name "shipper*" -o -name "filebeat*" | xargs -I % sh -c 'chown -R $CLUSTER_ADMIN:$CLUSTER_ADMIN_GRP %;'
      2. find $EGO_TOP/conductorspark/logs -name "cleanup*" | xargs -I % sh -c 'chown -R $CLUSTER_ADMIN:$CLUSTER_ADMIN_GRP %;'
  6. Start the elk-shipper and SparkCleanup services:
    1. Select System & Services > EGO Services > Services, and click the System Services tab.
    2. Locate elk-shipper within the Service name column. In the Actions menu, select Start, and then click OK to confirm.
    3. Click the Other Services tab.
    4. Locate SparkCleanup within the Service name column. In the Actions menu, select Start, and then click OK to confirm.
  7. Disable the ExecProxy EGO service from starting automatically:
    1. From the cluster management console, select System & Services > EGO Services > Service Profiles.
    2. In the list of services, click ExecProxy.
      The ExecProxy service profile displays.
    3. In the <sc:StartType> tag, change the text from AUTOMATIC to MANUAL.
    4. Click Save. The service must be stopped to apply the change. Click OK to stop the service.
  8. Start all instance groups:
    1. From the cluster management console, select Workload > Instance Groups.
    2. Select all of the instance groups.
    3. Click Start.
    4. Confirm your selection.

Results

Your existing version of IBM Spectrum Conductor now supports root squashed shared file systems.