2. Installation and Administration Guide¶

2.1. Preface¶

2.1.1. Overview¶

This guide provides information about how to use the rasdaman array database system, in particular: installation and system administration.

For storage of multi-dimensional array data, rasdaman can be configured to use some conventional database system (such as PostgreSQL) or use its own storage manager. For the purpose of this documentation, we will call the conventional database system to which rasdaman is interfaced the base DBMS, understanding that this base DBMS is in charge of all alphanumeric data maintained as relational tables or object-oriented semantic nets.

This guide is specific for rasdaman enterprise.

2.1.2. Audience¶

The information in this manual is intended primarily for database and system administrators.

2.1.3. Rasdaman Documentation Set¶

This manual should be read in conjunction with the complete rasdaman documentation set which this guide is part of. The documentation set in its completeness covers all important information needed to work with the rasdaman system, such as programming and query access to databases, guidance to utilities such as raswct, release notes, and additional information on the rasdaman wiki.

2.2. Installation¶

This page describes installation of rasdaman enterprise Debian or RPM packages. With your purchase, you have received a login to the rasdaman download area, which will be necessary to setup the installation and updating of rasdaman packages.

Hardware & Software Requirements

It is recommended to have at least 8 GB main memory. Disk space depends on the size of the databases, as well as the requirements of the base DBMS of rasdaman chosen. The footprint of the rasdaman installation itself is around 400 MB.

Rasdaman is continuously tested on the platforms listed below. The rasdaman code has been developed on SUN/Solaris and HP-UX originally, and has been ported to IBM AIX, SGI IRIX, and DEC Unix - but that was way back in the last millennium.

Ubuntu 18.04, 20.04
CentOS 7

The rasdaman engine in the packages uses embedded SQLite for managing its array metadata. The geo service component, petascope, currently relies on a PostgreSQL database by default, but can be reconfigured with an embedded H2 database instead if desired.

License Key

In order to run a rasdaman server you have to obtain a licence from rasdaman GmbH. This licence key encodes, among others, the number of cores and the server’s interface name (such as “eth0”) and corresponding MAC address. The following commands are usually used to obtain this information:

# interface name + IP address
$ ifconfig
# alternatively
$ ip link

# number of CPUs
$ cat /proc/cpuinfo
# alternatively
$ nproc

After communicating these ingredients to rasdaman GmbH in the course of a licence purchase, a licence key file will be provided which has to be stored on the machine where the rasdaman server runs.

Compatibility

Rasdaman community and enterprise cannot run in parallel on the same machine. If you plan to have both installations on the same machine, make sure they reside in different directories and are not active at the same time. Rasdaman databases created with rasdaman community are upwards compatible with rasdaman enterprise.

Support

For support in installing rasdaman and any other question you may contact rasdaman GmbH at www.rasdaman.com.

2.2.1. Debian-based systems¶

Currently the following Debian-based distributions are supported:

Ubuntu 18.04 / 20.04

2.2.1.1. Installation¶

Copy the rasdaman license key to /opt/rasdaman/etc, e.g:
```
$ sudo mkdir -p /opt/rasdaman/etc
$ sudo cp rmankey /opt/rasdaman/etc
```
Note

This has to be done before installing rasdaman.
Import the rasdaman repository public key to the apt keychain (make sure to replace USERNAME / PASSWORD with your download credentials):
```
$ wget -O - https://USERNAME:PASSWORD@download.rasdaman.com/Download/rasdaman.gpg | \
  sudo apt-key add -
```
Note

You may need to update the ca-certificates package to allow SSL-based applications (e.g. apt-get update or wget/curl) to check for the authenticity of SSL connections:
```
$ sudo apt-get install ca-certificates
```

Add the rasdaman repository to apt (make sure to replace USERNAME / PASSWORD with your download credentials):

stable: these packages are only updated on stable releases of rasdaman, and hence recommended for operational production installations.

# For ubuntu 22.04
$ echo "deb [arch=amd64] https://USERNAME:PASSWORD@download.rasdaman.com/Download/deb jammy stable" \
  | sudo tee /etc/apt/sources.list.d/rasdaman.list

# For ubuntu 20.04
$ echo "deb [arch=amd64] https://USERNAME:PASSWORD@download.rasdaman.com/Download/deb focal stable" \
  | sudo tee /etc/apt/sources.list.d/rasdaman.list

# For ubuntu 18.04
$ echo "deb [arch=amd64] https://USERNAME:PASSWORD@download.rasdaman.com/Download/deb bionic stable" \
  | sudo tee /etc/apt/sources.list.d/rasdaman.list

testing: updated more frequently with beta releases, so aimed for feature testing in less-critical installations.

# For ubuntu 22.04
$ echo "deb [arch=amd64] https://USERNAME:PASSWORD@download.rasdaman.com/Download/deb jammy testing" \
  | sudo tee /etc/apt/sources.list.d/rasdaman.list

# For ubuntu 20.04
$ echo "deb [arch=amd64] https://USERNAME:PASSWORD@download.rasdaman.com/Download/deb focal testing" \
  | sudo tee /etc/apt/sources.list.d/rasdaman.list

# For ubuntu 18.04
$ echo "deb [arch=amd64] https://USERNAME:PASSWORD@download.rasdaman.com/Download/deb bionic testing" \
  | sudo tee /etc/apt/sources.list.d/rasdaman.list

rasdaman can be installed now:

$ sudo apt-get update
$ sudo apt-get install rasdaman

If during the install you get a prompt like the below, type N (default option):

Configuration file `/etc/opt/rasdaman/petascope.properties'
 ==> Modified (by you or by a script) since installation.
 ==> Package distributor has shipped an updated version.
   What would you like to do about it ?  Your options are:
    Y or I  : install the package maintainer's version
    N or O  : keep your currently-installed version
      D     : show the differences between the versions
      Z     : start a shell to examine the situation
 The default action is to keep your current version.
*** petascope.properties (Y/I/N/O/D/Z) [default=N] ?

If you are automating the installation (in a script for example), you can bypass this prompt with an apt-get option as follows:

$ apt-get -o Dpkg::Options::="--force-confdef" install -y rasdaman

You will find the rasdaman installation under /opt/rasdaman/. Finally, to make rasql available on the PATH for your system user:

$ source /etc/profile.d/rasdaman.sh

Check that the rasdaman server can answer queries:

$ rasql -q 'select c from RAS_COLLECTIONNAMES as c' --out string

Typical output:

rasql: rasdaman query tool v1.0, rasdaman v10.0.0 -- generated on 26.02.2020 08:44:56.
opening database RASBASE at localhost:7001...ok
Executing retrieval query...ok
Query result collection has 0 element(s):
rasql done.

Check that petascope is initialized properly, typically at this URL:
```
http://localhost:8080/rasdaman/ows
```
If SELinux is running then possibly some extra configuration is needed to get petascope run properly. See here for more details.

2.2.1.2. Updating¶

The packages are updated whenever a new rasdaman version is released. To update your installation:

$ sudo apt-get update
$ sudo service rasdaman stop
$ sudo apt-get install rasdaman

Note

You may need to update the ca-certificates package to allow SSL-based applications (e.g. yum update or wget/curl) to check for the authenticity of SSL connections:

$ sudo apt-get install ca-certificates

2.2.2. RPM-based systems¶

Currently the following RPM-based distributions are supported:

CentOS 7
CentOS 7, linked against GDAL 2.x

2.2.2.1. Installation¶

Copy the rasdaman license key to /opt/rasdaman/etc, e.g:
```
$ sudo mkdir -p /opt/rasdaman/etc
$ sudo cp rmankey /opt/rasdaman/etc
```
Note

This has to be done before installing rasdaman.

Add the stable rasdaman repository to yum (make sure to replace USERNAME / PASSWORD with your download credentials). The stable repository is only upated on stable releases of rasdaman, and hence recommended for operational production installations.

- If GDAL 1.x is installed from the standard packages: ::

    $ sudo curl "https://USERNAME:PASSWORD@download.rasdaman.com/Download/rpm/stable/CentOS/7/x86_64/rasdaman.repo" \
                -o /etc/yum.repos.d/rasdaman.repo

- If GDAL 2.x has been manually compiled: ::

    $ sudo curl "https://USERNAME:PASSWORD@download.rasdaman.com/Download/rpm/stable/CentOS/7_gdal2/x86_64/rasdaman.repo" \
                -o /etc/yum.repos.d/rasdaman.repo

Alternatively, you can enable the testing repository which is updated more frequently with beta releases, so aimed for feature testing in less-critical installations:

If GDAL 1.x is installed from the standard packages:

$ sudo curl "https://USERNAME:PASSWORD@download.rasdaman.com/Download/rpm/testing/CentOS/7/x86_64/rasdaman.repo" \
            -o /etc/yum.repos.d/rasdaman.repo

If GDAL 2.x has been manually compiled:

$ sudo curl "https://USERNAME:PASSWORD@download.rasdaman.com/Download/rpm/testing/CentOS/7_gdal2/x86_64/rasdaman.repo" \
            -o /etc/yum.repos.d/rasdaman.repo

Edit the file downloaded, replacing “USERNAME” and “PASSWORD” with the same user name and password, respectively, as obtained from rasdaman GmbH or one of its authorized retailers.

Note

You may need to update the ca-certificates package to allow SSL-based applications (e.g. yum update or wget/curl) to check for the authenticity of SSL connections:

$ sudo yum install -y ca-certificates

The rasdaman packages should be available now via yum:

$ sudo yum clean all
$ sudo yum update
$ sudo yum search rasdaman

Output:

rasdaman.x86_64 : Rasdaman extends standard relational database systems with the ability
                  to store and retrieve multi-dimensional raster data

Add the EPEL repository to yum (official page), needed for several dependencies of the rasdaman package:
```
$ sudo yum install epel-release
```
Install the rasdaman package:
```
$ sudo yum install rasdaman
```
You will find the rasdaman installation under /opt/rasdaman/. To make rasql available on the PATH for your system user:
```
$ source /etc/profile.d/rasdaman.sh
```
Note

If petascope has problems connecting to rasdaman, check this FAQ entry for some advice.

Check that the rasdaman server can answer queries:

$ rasql -q 'select c from RAS_COLLECTIONNAMES as c' --out string

Typical output:

rasql: rasdaman query tool v1.0, rasdaman v10.0.0 -- generated on 26.02.2020 08:44:56.
opening database RASBASE at localhost:7001...ok
Executing retrieval query...ok
Query result collection has 0 element(s):
rasql done.

Check that petascope is initialized properly, typically at this URL:
```
http://localhost:8080/rasdaman/ows
```
If SELinux is running then likely some extra configuration is needed to get petascope run properly. See here for more details.

2.2.2.2. Updating¶

The packages are updated whenever a new version of rasdaman is released. To download an update perform these steps:

$ sudo yum clean all
$ sudo service rasdaman stop
$ sudo yum update rasdaman

Note

You may need to update the ca-certificates package to allow SSL-based applications (e.g. yum update or wget/curl) to check for the authenticity of SSL connections:

$ sudo yum install -y ca-certificates

2.2.3. Customizing the package installation¶

When installing or updating rasdaman from the official packages, the process can be optionally customized with an installation profile (see example installer configuration).

To customize when installing rasdaman for the first time, it is necessary to first download the package install profile from here.
When updating an existing rasdaman installation, you can find the default package install profile in your installation at /opt/rasdaman/share/rasdaman/installer/profiles/package/install.toml.

Download / copy the install.toml file to some place, e.g. $HOME/rasdaman_install.toml, and make any desired changes to it before installing or updating rasdaman. Make sure that the RAS_INSTALL_PATH environment variable is set to point to the custom profile, e.g.

export RAS_INSTALL_PATH="$HOME/rasdaman_install.toml"

When you install or update rasdaman afterwards, the configuration process will take the custom profile into account instead of the default one.

2.3. Running rasdaman¶

This section provides a high-level overview on how start/stop rasdaman and petascope, monitor them, and configure for typical usage.

Most of the time the information presented here is sufficient for operating a rasdaman service; for deeper understanding on how it works behind the scenes, please check the Server Administration section.

2.3.1. Service Control¶

2.3.1.1. rasdaman¶

A rasdaman service script allows to start/stop rasdaman, e.g.

$ service rasdaman start
$ service rasdaman stop
$ service rasdaman force-stop
$ service rasdaman status

It can be similarly referenced with systemctl, e.g.

$ systemctl start rasdaman
$ systemctl stop rasdaman
$ systemctl status rasdaman

The service script can be customized by updating environment variables in /etc/default/rasdaman (create the file if it does not exist). The default settings can be seen below.

▶ show

See also the dedicated pages on configuration and log files and administration.

2.3.1.2. petascope¶

Check this section on how to start / stop the petascope component of rasdaman.

2.3.2. Service monitoring¶

To help with monitoring the health of a running rasdaman service, a watch_rasdaman.sh script is provided in /opt/rasdaman/bin. It performs status checks on rasdaman by sending a test rasql query, and to petascope by sending a test WCS GetCapabilities request. If a problem is detected in the response, then rasdaman and/or petascope will be restarted, unless this is prevented via the appropriate options. To support the restart actions, it should be executed with root or a user that has sudo rights. Various information is logged to stdout, as well as /opt/rasdaman/log/watch_rasdaman.sh.log. In case of problems, the script can be configured to send an email notification.

To see usage details and a list of all options, execute watch_rasdaman.sh --help; in short:

watch_rasdaman.sh [ --email-config <C> ] [ --petascope-endpoint <E> ]
                  [ --no-restart-rasdaman ] [ --no-restart-petascope ]
                  [ --rmanhome <path> ]

It is recommended to execute it regularly with a cron job, e.g. every 10 minutes:

$ sudo su # switch to root user
$ crontab -e

*/10 * * * * /opt/rasdaman/bin/watch_rasdaman.sh --email-config ~/.email.cfg

Note

Executing the script as root is safe, the only system-modifying actions it makes are: logging information in /opt/rasdaman/log/watch_rasdaman.sh.log, and potentially restarting rasdaman, and restarting tomcat if external servlet container deployment is configured in petascope.properties.

2.3.3. Configure rasdaman¶

Rasdaman is a multi-server multi-user system. The server processes available must be configured initially, which is done in file $RMANHOME/etc/rasmgr.conf. For distribution, this configuration contains ten server processes going by a name like, for example, N1. If this is fine then you can just leave it as it is. If you want to change this by modifying server startup parameters or increasing the number of server processes available then see rascontrol Invocation for details on how to do this.

2.3.4. Configure petascope¶

Petascope is the geo Web service frontend of rasdaman. It adds geo semantics on top of arrays, thereby enabling regular and irregular grids based on the OGC coverage standards.

To implement the geo semantics, petascope uses a relational database for the geo-related metadata. Currently, PostgreSQL and H2 / HSQLDB are supported. The package post-install script will automatically set up PostgreSQL for use by petascope. The steps approximately performed by the script are listed below.

The default setup can be changed in the petascope.properties configuration file.

2.3.4.1. PostgreSQL¶

PostgreSQL is automatically configured when rasdaman is installed, so doing the below is not usually necessary; we list the steps as documentation of how is PostgreSQL configured by default:

If postgres has not been initialized yet:
```
$ sudo service postgresql initdb
```
If the output is ‘Data directory is not empty!’ then this step is skipped.
Trust-based access in PostgreSQL is enabled by adding the below configuration before the ident lines to /etc/postgresql/9.4/main/pg_hba.conf on Debian 8, or /var/lib/pgsql/data/pg_hba.conf on CentOS 7:
```
host    all   petauser   localhost       md5
host    all   petauser   127.0.0.1/32    md5
host    all   petauser   ::1/128         md5
```
Reload PostgreSQL so that the new configuration will take effect:
```
$ sudo service postgresql reload
```
Add a petascope user, for example petauser, to PostgreSQL:
```
$ sudo -u postgres createuser -s petauser -P
> enter password
```
In $RMANHOME/etc/petascope.properties set the spring.datasource.username/spring.datasource.password and metadata_user/metadata_pass options accordingly to this user / password. The password is randomly generated.
Copy /opt/rasdaman/share/rasdaman/war/rasdaman.war to the Tomcat webapps directory (/var/lib/tomcat/webapps on CentOS 7) and restart Tomcat.

Following successful deployment, petascope accepts OGC W*S requests at URL http://localhost:8080/rasdaman/ows.

2.3.4.2. H2 / HSQLDB¶

To alternatively set up H2 / HSQLDB for use by petascope instead of PostgreSQL:

Create a directory that will host petascopedb and the H2 driver:
```
$ mkdir /opt/rasdaman/geodb
```
Make sure the user running the webserver serving petascope can read/write to the folder above. For example, Tomcat webserver which uses tomcat user
```
$ sudo chown -R tomcat: /opt/rasdaman/geodb
```
However, if embedded deployment is enabled in petascope.properties, then the owner should be the rasdaman user which runs rasdaman
```
$ sudo chown -R rasdaman: /opt/rasdaman/geodb
```

Download the driver and place it in the created directory. For example, download a H2 driver

$ cd /opt/rasdaman/geodb
$ wget https://repo1.maven.org/maven2/com/h2database/h2/1.4.200/h2-1.4.200.jar

Configure database settings in petascope.properties file, see details.
Restart the webserver running petascope (or rasdaman if embedded tomcat).

2.3.4.3. SELinux configuration¶

If SELinux is enabled (result of getenforce is enforcing) then permissions for the tomcat user which is running petascope need to be configured properly if petascope is running in an external servlet container (as opposed to embedded):

Allow to load the gdal-java native library (via JNI)
Read / write files in /tmp/rasdaman_*
Make HTTP requests to rasdaman and get back results on ports 7001-7010 (these are default, specified in $RMANHOME/etc/rasmgr.conf).

Before proceeding, a SELinux utility package needs to be installed on CentOS 7:

$ sudo yum install policycoreutils-python

There are two ways to configure SELinux in order to enable petascope:

Change from enforcing to permissive for Tomcat:
```
$ semanage permissive -a tomcat_t
```
Create specific rules for the tomcat user and register with SELinux.

Create a rule config file tomcat_config.te with this contents:

▶ show

Create a shell script deployse.sh to generate a binary package from this config file:

▶ show

Run the script to load the binary package module to SELinux:
```
$ sudo ./deployse.sh tomcat_config
```

Restart Tomcat with sudo service tomcat restart; now rasdaman should be able to import data to petascope via WCSTImport and get data from rasdaman via WCS / WMS / WCPS.

2.3.4.4. SSL/TLS configuration¶

Transport Layer Security (TLS) and its predecessor, Secure Sockets Layer (SSL), are technologies which allow web browsers and web servers to communicate over a secured connection. To configure it for petascope and secore web applications for Tomcat, check the official guide.

2.4. Installed Files and Data¶

2.4.1. Top-level directories¶

As common with rasdaman, we refer to the installation location as $RMANHOME below; the default is /opt/rasdaman. The table below lists the top-level directories found in $RMANHOME after a fresh installation.

Directory	Description
`bin`	rasdaman executables, e.g. rasql, start_rasdaman.sh, …
`data`	Path where the server stores array tiles as files; this directory can get big, it is recommended to make it a link to a sufficiently large disk partition.
`etc`	Configuration files, e.g. rasmgr.conf
`include`	C++ API development headers.
`lib`	C++ and Java API libraries.
`log`	`rasmgr` and `rasserver` log files.
`share`	Various artefacts like documentation, python/javascript clients, example data, migration scripts, etc.

2.4.2. Executables¶

Rasdaman executables are found in $RMANHOME/bin; the table below lists the various binaries and scripts. More detailed information on these components is provided in the Server Architecture Section.

Executables	Description
`rasserver`	Client queries are evaluated by a `rasserver` worker process.
`rasmgr`	A manager process that controls `rasserver` processes and client/server pairing.
`rascontrol`	A command-line frontend for `rasmgr`.
`directql`	A rasserver that can execute queries directly, bypassing the client/server protocol; useful for debugging.
`rasql`	A command-line client for sending queries to a `rasserver` (as assigned by the `rasmgr`).
`start_rasdaman.sh`	Start `rasmgr` and the worker `rasservers` as configured in `$RMANHOME/etc/rasmgr.conf`. More details here.
`stop_rasdaman.sh`	Shutdown rasdaman, embedded petascope and embedded secore if enabled. More details here.
`watch_rasdaman.sh`	Helper script for monitoring an operational rasdaman service. Details in section on Service monitoring.
`create_db.sh`	Initialize the rasdaman metadata database (RASBASE).
`update_dh.sh`	Applies migration scripts to RASBASE.
`rasdaman_insertdemo.sh`	Insert three demo collections into rasdaman (used in the rasdaman Query Language Guide).
`petascope_insertdemo.sh`	Insert geo-referenced demo coverage in petascope.
`migrate_petascopedb.sh`	Applies database migrations on petascopedb. More details here.
`wcst_import.sh`	Tool for convenient and flexible import of geo-referenced data into petascope. More details here.
`prepare_issue_report.sh`	Helps preparing a report for an issue encountered while operating rasdaman. More details here.
`rasfed.jar`	Federation daemon.

2.4.2.1. start_rasdaman.sh¶

This script starts rasdaman. Normally rasdaman is installed from packages, and instead of executing this script directly one would execute service rasdaman start. Any options to be passed on to start_rasdaman.sh can be set in /etc/default/rasdaman in this case; see more details.

To start a specific service (rasdaman, rasfed, or embedded petascope) the --service (core | rasfed | petascope) option can be used(core refers to rasmgr + rasserver only).

Since v10.0 the rasmgr port can be specified with -p, --port. Additionally, for security and usability reasons, start_rasdaman.sh will refuse running if executed with root user; this can be overriden if needed with the --allow-root option.

The script will use various environment variables, if they are set before it is executed:

RASMGR_PORT - the port on which rasmgr will listen when started, and to which client applications will connect in order to send queries to rasdaman. This variable will be overrided by the value of option --port, if specified. By default if none are specified, the port is set to 7001.
RASLOGIN - rasdaman admin credentials which will be used for starting rasmgr non-interactively. See more details on the format and how is this setting used here. If not set, the script defaults to using rasadmin/rasadmin credentials; see here on how to change these defaults.
JAVA_OPTS - options passed on to the java command when used to start the OGC frontend of rasdaman (petascope) if it is configured for embedded deployment. If not set, it defaults to -Xmx4000m

Check -h, --help for all details.

2.4.2.2. stop_rasdaman.sh¶

This script stops rasdaman. Normally rasdaman is installed from packages, and instead of executing this script directly one would execute service rasdaman stop. Any options to be passed on to stop_rasdaman.sh can be set in /etc/default/rasdaman in this case; see more details.

The script stops rasmgr, rasservers, rasfed, and petascope (if configured for embedded deployment) in the correct order with a regular TERM signal to each process; this ensures that the services exit properly. In some cases, a process may be hanging instead of exiting on the TERM signal; since rasdaman v10.0, stop_rasdaman.sh will detect and report such cases. It is prudent to then check the relevant process logs, and if it appears that there is no reason for the process hanging one can force-stop it with stop_rasdaman.sh --force, or manually do it by sending it a KILL signal (e.g. kill -KILL <pid>).

To stop a specific service the --service (core | rasfed | petascope ) option can be used. Since v10.0 the rasmgr port can be specified with -p, --port.

The script will use various environment variables, if they are set before it is executed:

RASMGR_PORT - the port on which rasmgr was set to listen when it was started. This variable will be overrided by the value of option --port, if specified. By default if none are specified, the port is set to 7001.
RASLOGIN - rasdaman admin credentials which will be used for stopping rasmgr non-interactively. See more details on the format and how is this setting used here. If not set, the script defaults to using rasadmin/rasadmin credentials; see here on how to change these defaults.

Check -h, --help for all details.

2.4.2.3. migrate_petascopedb.sh¶

This script is used to migrate coverages imported by wcst_import, OWS Service metadata and WMS 1.3 layers. For more details see Meta Database Connectivity and Configure petascope.

There are 2 types of migration:

Migrate petascopedb v9.4 or older to a newer rasdaman version. After the migration, the old petascopedb is backed up at petascope_94_backup.
Migrate petascopedb v9.5 or newer to a different database name or different database (e.g. PostgreSQL to HSQLDB).

Note

The petascope Web application must not be running (e.g in Tomcat) while migrating to a different database (type 2 above) to protect the existing data integrity.

2.4.3. Configuration files¶

Configurations are automatically loaded upon rasdaman start. After any modification a restarthas to be performed for the change to take effect.

Server rasdaman configuration files can be found in $RMANHOME/etc:

`rasmgr.conf`	allows fine-tunning the rasdaman servers, e.g. number of servers, names, database connection
`petascope.properties`	set petascope properties, e.g. backend/rasdaman connection details, CRS resolver URLs, features
`secore.properties`	secore configuration
`rasfed.properties`	federation daemon configuration

Logging output of petascope and secore is configured in their respective config files, while logging output of rasdaman is controlled via the below configuration files:

`log-rasmgr.conf`	log output of rasmgr
`log-server.conf`	log output of rasserver worker processes
`log-client.conf`	log output of client applications, e.g., rasql

rasdaman uses the Easylogging++ library for logging in its C++ components. Log properties can be configured as documented on the EasyLogging GitHub page.

The enterprise license file rmankey is also found in the etc directory.

External, potentially relevant configuration files are:

postgresql	`/var/lib/pgsql/data/{postgresql.conf,pg_hba.conf}` or `/etc/postgresql/9.X/{postgresql.conf,pg_hba.conf}`
tomcat	`/etc/tomcat/`, `/etc/default/tomcat`

2.4.4. Log files¶

rasdaman

rasdaman server logs are placed in $RMANHOME/log/. The server components feed the following files where uid represents a unique identifier of the process, and pid is a Linux process identifier:

rasserver.<uid>.<pid>.log: rasserver worker logs: at any time there are several rasservers running (depending on the settings in rasmgr.conf) and each has a unique log file.
rasmgr.<pid>.log: rasmgr log: there is only one rasmgr process running at any time.
rasfed.log: rasfed log: there is only one rasfed process running at any time; on rasdaman restart the output from the new process is appended to the same log file.
watch_rasdaman.sh.log: Log from the watch_rasdaman.sh script is appended to this file whenever it is executed.

Note

ls -ltr is a useful command to see the most recently modified log files at the bottom when debugging recently executed queries.

petascope & secore

It is highly recommended to set a specific log file however in the log4j configuration section in petascope.properties (e.g. log4j.appender.rollingFile.File=/var/log/tomcatN/petascope.log). Be careful that this location needs to be write accessible by the Tomcat user. The same can be set for SECORE in secore.properties.

2.4.5. Temporary files¶

Rasdaman stores various data temporarily in /tmp/rasdaman\_* directories, in particular:

/tmp/rasdaman\_conversion/ - format-encoded data, such as TIFF, NetCDF, etc., is in some cases temporarily stored here before decoding into rasdaman. This also happens always when encoding query processing results into some format for export. The intermediate data is quickly removed as soon as the encoding or decoding process is finished.

Temporarily, however, this directory can get rather large: if you export array result that encodes into a 1GB TIFF file, then the directory will contain 1GB of data for some time; if 10 such queries run concurrently, then it may contain up to 10GB of data. For this reason we recommend to check the size of /tmp during installation, and make sure it is large enough. It is always recommended to make /tmp a separate partition, so as to prevent system-wide problems in case the filesystem is filled up with data.
/tmp/rasdaman\_petascope/ - contains small temporary files generated during data import with the wcst_import tool.
/tmp/rasdaman\_transaction\_locks/ - during query read/write transaction, rasdaman generates various empty lock files in this directory. As the files are empty, the size of this directory is minimal.

While rasdaman is running this directory must not be removed, otherwise it may lead to data corruption.

2.4.6. Demo data & programs¶

2.4.6.1. Example database¶

A demonstration database is provided as part of the delivery package which contains the collections and images described in the Query Language Guide. To populate this database, first install the system as described here, and then invoke:

$ rasdaman_insertdemo.sh

The demo database occupies marginal disk space, and is a straightforward way to show that the rasdaman installation has been successfull.

2.4.6.2. Example programs¶

Several example programs are provided in the c++ and java subdirectories of $RMANHOME/share/rasdaman/examples. Each directory contains a Makefile plus .cc and .java sources, resp.

2.4.6.3. Makefile¶

The Makefile helps to compile and link the sample C++ / Java sources files delivered. It is a good source for hints on the how-tos of compiler and linker flags.

Note

All programs, once compiled and linked, print a usage synopsis when invoked without parameter.

2.4.6.4. `query.cc`¶

Sends a hardwired query to a running rasdaman system:

In addition, it demonstrates how to work with the result set returned from rasdaman. The query can easily be changed, or made a parameter to the program.

2.4.6.5. `Query.java`¶

Sends the following hardwired query if one is not provided as a parameter:

2.4.6.6. `AvgCell.java`¶

This program computes the average cell value from all images of a given collection on client side. Note that it requires grayscale images. A good candidate collection is mr from the demo database.

2.5. Access Interfaces¶

Rasdaman services can be invoked in several ways: through command line, Web requests, and custom programs connecting via the C++ and Java APIs.

2.5.1. Command Line Tools¶

Queries can be submitted to the command line tool rasql. Complete control over the server is provided through several utilities, in particular rasmgr; see rascontrol Invocation for details. All tools can communicate with local and remote rasdaman servers.

2.5.2. Web Services¶

Several Web services are available with rasdaman. They are implemented as servlets, hence independent from the array engine and only available if started in a servlet container such as Tomcat or jetty. They can be accessed under the common context path /rasdaman.

/rasdaman/ows exposes geo Web Services based on the interface standards of the Open Geospatial Consortium (OGC Web Services, OWS). Supported OGC standards are:
- Web Coverage Service (WCS)
- Web Coverage Processing Service (WCPS)
- Web Map Service (WMS) suites
/rasdaman/def provides access to a Coordinate Reference System (CRS) Resolver Service, SECORE. It is identical to the one deployed by OGC, where http://www.opengis.net/def/crs is the branch for CRS served by SECORE.
/rasdaman/rasql provides support for submitting rasql queries and receiving results with standard HTTP requests. Requests must specify three mandatory parameters:

username

rasdaman login name under which the query will be executed

password

password corresponding to the login

query

rasql query string, properly encoded for URI embedding

Example:
```
http://localhost:8080/rasdaman/rasql
    ?username=rasguest
    &password=rasguest
    &query=select%20encode%28mr2%2C%22png%22%29%20from%20mr
```

Note

rasql servlet also supports rasdaman user credentials in basic authentication header. In this case, username and password parameters are not required as the credentials are extracted from the header.

The diagram below illustrates the OGC service architecture of rasdaman:

▶ show

2.5.3. Rasdaman Web Admin Tools [RE]¶

The rasdaman Web administration interface contains several browser-based tools for server administration available at endpoint /rasdaman/admin, e.g.

http://localhost:8080/rasdaman/admin

When visiting this endpoint, a login form will require entering a valid rasdaman user, which has at least one of the following privileges: PRIV_SERVER_MGMT, PRIV_OWS_STATISTICS, PRIV_USER_MGMT, PRIV_ROLE_MGMT, PRIV_TRIGGER_MGMT.

On successful login, the admin dashboard is shown with the following components:

Web rascontrol: exposes partial functionality of the command-line rascontrol tool; in particular, it allows to stop / start individual rasdaman servers, and check their status in real time.
Statistic collection: a reporting tool that allows monitoring incoming requests to petascope, with flexible aggregation and filtering capabilities.
Web access control: tools that allow to manage local users, roles, and triggers in rasdaman.

2.5.3.1. Web rascontrol¶

This is a web application which provides part of the rascontrol functionality. As such it is a convenience interface which is not essential for operating rasdaman; it is just as well possible to manage rasdaman exclusively by way of the command-line rascontrol and the rasdaman service script. Figure 2.1 shows a sample screenshot of the tool.

Figure 2.1 Web rascontrol screenshot¶

Presently the following actions, or commands, are possible (right-most column):

Start this server.
Stop this server. This will only be performed if the server is idle at that moment; a busy server process with an open transaction will not react.
Kill this server. This will kill the server immediately, irrespective of its state. Any open transaction will be lost.

Any eventual error messages will be displayed in the top message line.

The logged in user must have the following system privileges: PRIV_LIST_SERVERS to see the list of configured rasservers, and PRIV_SERVER_MGMT to be able to start/stop/kill them.

Note

Currently it is not possible to start or stop the whole rasdaman system via this tool – technically, rasmgr needs to be started and stopped via command line.

2.5.3.2. Request statistic interface¶

This is a reporting tool which allows to filter and aggregate statistics information about incoming requests to petascope services (WCS, WMS, WCPS, rasql). Figure 2.2 shows a sample screenshot of the tool.

The logged in user must have the PRIV_OWS_STATISTICS system privilege to be able to see the access statistics.

Figure 2.2 Request statistic screenshot¶

Statistic collection is disabled by default in petascope.properties by setting stats_time_resolution to empty. One can enable this feature by specifying a valid time resolution (one of day / hour / minute / second), which determines the smallest interval for which request statistics is aggregated and stored. When enabled, the following information is collected and stored in petascopedb per each time interval:

country from which the request originated; for this purpose GeoLite2 is used, a database file which allows to resolve a country name from an external IP address. Creative Commons License from MaxMind. The following rules apply in special cases:
- if the request is made from localhost, then the country will be set to "Localhost".
- if the country cannot be resolved from the request IP, it will be set to "Unknown".
service (WCS, WCPS, WMS, rasql)
coverage name if applicable: WCS DescribeCoverage / GetCoverage and WMS GetMap; otherwise, the following rules apply:
- WCPS query referencing one or more coverages: only the first coverage name in the query is considered.
- WCS GetCapabilities and WMS GetCapabilities: the coverage name is set to "GetCapabilities".
- rasql queries: the coverage name is set to "ows".
requesting username. If basic authentication header is not enabled, then the username is set to empty.
time in milliseconds to evaluate all requests
the total size in bytes of all responses
the number of successful and failed requests

For example, if time resolution is set to minute, then within one minute (between 0 and 59 seconds), petascope will sum evaluation time, response size, and number of successful and failed requests for each unique triple (country, service, coverage name). By the end of each time interval, the collected data will be flushed to database and cleared for the next interval.

2.5.3.3. Web access control¶

The Web access control interface allows an administrator to manage users, roles, and triggers in rasdaman. The interface can be found in the Access Control section of the Web Admin Tools. Please read the rasdaman access control document for more information Access Control [RE].

2.5.3.3.1. User Management¶

The top panel contains:

Username textbox - identifier ([a-zA-Z_][a-zA-Z0-9_]*)
Password textbox - any string

Note

Passwords will never be shown; admin can update password for any user.
Grant/Revoke roles dropdown - a list of roles which can be granted to the user
Clear button - clear all textboxes and checkboxes
Insert button - insert a new (non-existing) user
Update button - update password and granted roles for an existing user

The main panel contains a table with 3 columns:

User Names column - list all existing users.

Note

System users used by petascope (highlighted with red color, e.g rasadmin and rasguest) cannot be deleted, hence there are no Delete buttons in the Action column.
Granted Role Names column - list all granted roles for corresponding users
Action column - contains Delete buttons which allows to delete corresponding users

Figure 2.3 User management web access control interface.¶

To see the users and their privileges, as well as perform actions such as creating / dropping users and granting them privileges, the logged in user should have the following system privileges granted: PRIV_LIST_USERS, PRIV_USER_MGMT, PRIV_LIST_ROLES, PRIV_GRANT, and PRIV_REVOKE.

2.5.3.3.2. Role Management¶

The top panel contains:

Role name textbox - identifier ([a-zA-Z_][a-zA-Z0-9_]*); cannot start with PRIV_ as this prefix is reserved for system privileges
Grant/Revoke roles dropdown - a list of roles which can be granted to a role or revoked from a role
Grant/Revole to users dropdown - a list of users which a role can be granted to
Grant/Revole trigger exemptions dropdown - a list of triggers for which exemptions can be granted to a role
Clear button - clear all textboxes and checkboxes
Insert button - insert a new (non-existing) role
Update button - update an existing role with the granted roles / trigger exemptions

The main panel contains a table with 5 columns:

Role Names column - list all existing roles

Note

System roles (with prefix PRIV_ and highlighted with red color, e.g: PRIV_SELECT) cannot be deleted, hence no Delete buttons in Action column.
Granted Role Names column - list of all granted roles for corresponding roles
Granted User Names column - list of all users which are granted by corresponding roles
Granted Trigger Names - column - list of all granted triggers for corresponding roles
Action column - contains Delete buttons which allows to delete corresponding roles

Figure 2.4 Role management web access control interface.¶

To see the roles and their privileges, as well as perform actions such as creating / dropping roles and granting them privileges, the logged in user should have the following system privileges granted: PRIV_LIST_USERS, PRIV_ROLE_MGMT, PRIV_LIST_ROLES, PRIV_LIST_TRIGGERS, PRIV_GRANT, and PRIV_REVOKE.

2.5.3.3.3. Trigger Management¶

The top panel contains:

Trigger name textbox - identifier ([a-zA-Z_][a-zA-Z0-9_]*)

Note

Trigger name is extracted automatically from the trigger query definition in View & Edit Query dialog.
View & Edit Query button - open a dialog which contains a textarea to allow one to write triger query definition.
Grant/Revoke to roles dropdown - a list of roles to which a trigger exemption can be granted to
Clear button - clear all textboxes and checkboxes
Insert button - add a new (non-existing) trigger
Update button - update the query and granted roles for an existing trigger

The main panel contains a table with 3 columns:

Trigger Names column - list of all existing triggers.
Granted Role Names column - list of all roles which are granted by corresponding triggers
Action column - contains Delete buttons which allows to delete corresponding triggers

Figure 2.5 Triggers management web access control¶

To see the triggers, as well as perform actions such as creating / dropping triggers and granting exemptions, the logged in user should have the following system privileges granted: PRIV_LIST_TRIGGERS, PRIV_LIST_ROLES, PRIV_TRIGGER_MGMT, PRIV_GRANT, and PRIV_REVOKE.

2.5.3.3.4. HTTP Headers & Authentication¶

Rasdaman can be configured to require authentication on incoming WCS/WCPS/WMS requests. This is done via the authentication_type setting in petascope.properties, which accepts the following values:

basic_header enables basic header authentication, so that requests will be required to provide credentials for an existing rasdaman user. If the request does not have valid credentials, an error with HTTP code 401 Unauthorized Error is returned.

Moreover, petascope checks the assigned roles of the provided user from the incoming request to determine if the user can do a specific task or not. For example, a user will not be allowed to delete a coverage unless it has the PRIV_DELETE privilege (more details here).

This is the default value for authentication_type when rasdaman is first installed.
An empty string, i.e. authentication_type=, disables request authentication in petascope. All requests will be forwarded to rasdaman with the credentials specified in petascope.properties by rasdaman_user / rasdaman_pass for read-only queries, and rasdaman_admin_user / rasdaman_admin_pass for update queries which make changes in the database.

2.5.4. Basic header authentication¶

For incoming requests, rasdaman-geo requires credentials attached in HTTP headers when authentication_type=basic_header is set in petascope.properties. The valid format of the credentials must be:

Authorization: Basic encode_in_base64(username:password)

For example, if username is admin and password is admin and the client is curl, one need to construct this request:

curl -H "Authorization: Basic YWRtaW46YWRtaW4=" \
     "http://localhost:8080/rasdaman/ows?
      service=WCS&version=2.0.1&request=DeleteCoverage&coverageId=test_coverage"

or simpler with the --user option:

curl --user "rasadmin:rasadmin" \
     "http://localhost:8080/rasdaman/ows?
      service=WCS&version=2.0.1&request=DeleteCoverage&coverageId=test_coverage"

Note

If basic authentication is not enabled in rasdaman, depending on the request, rasdaman uses one of the users configured by rasdaman_user and rasdaman_admin_user settings in petascope.properties appropriately to run a rasql query.

Note

Using wcst_import to insert/update coverages to petascope will require to specify credentials when running script wcst_import.sh. Check wcst_import.sh -h for optional parameters -i, --identity-file or -u, --user USER_NAME.

Note

WSClient (at http://YOUR_SERVER/rasdaman/ows) will detect if petascope requires authentication to show a login form via this API http://YOUR_SERVER/rasdaman/admin/authisactive. If it is the case, one needs to provide valid credentials to login and WSClient keeps the credentials in Web Browser’s local storage. After that, any requests to petascope will be added basic authentication in HTTP header implicitly.

2.5.5. APIs¶

Programmatic access is available through self-programmed code using the C++ and Java interfaces; see the C++ and Java Guide for details.

2.6. Server Architecture¶

The parallel server architecture of rasdaman offers a scalable, distributed environment to efficiently process even very large numbers of concurrent client requests. Yet, server administration is easy to accomplish, with only few things to do to have a smoothly running, highly performant installation. Moreover, the system is implemented in a special high availability technique where most server management operations can be done with the server up and running, limiting the need for a server shutdown to the absolute minimum.

In this Section the general rasdaman server architecture is outlined. It is recommended to study this section so as to understand server administration terminology used in the next Section.

2.6.1. Executables Overview¶

The following executables are provided in the bin/ directory, among others:

rasmgr is the central rasdaman request dispatcher;
rasserver is the rasdaman server engine, it should not be generally invoked in a standalone manner;
rascontrol allows to interactively control the rasdaman server by communicating with rasmgr;
rasfed is the federation daemon, which enables efficient query query distribution in federated rasdaman networks;
rasql is the command-line based query tool, explained in detail in the rasdaman Query Language Guide.

2.6.2. Server Manager and Server¶

2.6.2.1. Overview and Terminology¶

The rasdaman server configuration consists of one dispatcher process per computer, rasmgr (we will refer to it as manager in the sequel), and server processes, rasserver (referred to as servers), of which at a given time none, one, or several ones can be running. All server processes are under control of the manager. Server manager and rasdaman server(s) all run on the same physical hardware, the rasdaman host.

The servers resolve requests, thereby generating calls to the relational database system which in turn accesses its database files. For the purpose of this manual, the relational server together with the database it maintains are collectively called the database. The machine the relational database server runs on is referred to as database host (Figure 2.6).

Figure 2.6 Overall server hierarchy, introducing the terminology for rasdaman hardware and software environment¶

2.6.2.2. Server Structure in General¶

The manager accepts client requests and assigns server instances to them, taking them from the pool of server processes it maintains. In distributed installations, it keeps contact to the managers on other machines to further dispatch client requests across all the rasdaman servers available. Whenever needed, the administrator can launch further server instances, or shut them down again.

Upon system configuration definition (see rascontrol Invocation), a unique name is assigned to each server identifying it to the manager.

Each rasdaman server is assigned to a relational database server, laid down in the manager configuration file. Databases can be registered and associated to particular rasdaman servers at any time.

rasdaman hosts and database hosts are identified by their resp. host name in common domain address form, e.g., martini.rasdaman.com or 199.198.197.50.

Rascontrol is the interactive front-end to rasmgr and, as such, the main utility for user and system management. It provides the necessary functions to manage the whole system configuration, to add and remove user, to change their rights, and to obtain information about system activity.

The rasdaman server, i.e., rasserver, is controlled by the manager which starts and stops server instances. Hence, the rasserver executable should not (and actually cannot) be invoked directly.

2.6.2.3. Dynamic Server Assignment¶

The process of client/server communication and server scheduling is done as follows (see numbers in Figure 2.7).

The client starts every OPENDB and BEGIN TRANSACTION request with an HTTP call to the manager, providing the required service type (RPC, HTTP, etc.) and the database name, together with user name and password.
The manager’s answer is the server ID of a free server, or an error message in case no server is available or access is denied for the given login.
Client-Server communication to perform the database requests.
Upon CLOSEDB and ABORT/COMMIT TRANSACTION the server informs the manager that it is available again. This is also done upon a client timeout.

These negotiation steps are performed between client library and server, hence transparent to the application.

The rasdaman server system is started by invoking the server manager rasmgr (see Running the Manager). If it finds a configuration file, them autopmatically all servers indicated will be started; alternatively, server configuration can be done directly through rascontrol (see rascontrol Invocation).

Figure 2.7 Internal server management¶

2.6.2.4. System Start-up¶

Invocation of the rasmgr executable must be done under the operating system login under which the rasdaman installation has been done, usually (and recommended) rasdaman. The service script /etc/init.d/rasdaman (when rasdaman is installed from the packages) automatically takes care of this.

2.6.2.5. Authentication¶

On every machine hosting rasdaman servers a separate manager has to run. The manager maintains an authorization file, $RMANHOME/etc/rasmgr.auth. It should not be changed by the administrator, as they are generated, maintained, and overwritten by the manager.

Figure 2.8 rasdaman federation¶

2.6.2.6. rasdaman Manager Defaults¶

The manager’s default name is the hostname (the one reported by the UNIX command hostname), but it can be changed (see the change command). By default, it listens to port 7001 for incoming requests and uses port 7001 for outgoing requests:

2.6.2.7. Port Number Recommendations¶

To keep overview of the ports used, it is recommended to use the following schema (there is, however, no restriction preventing from choosing another schema - just keep an overview...):

use port number 7001 for the server manager;
use port numbers 7002 to 7999 for rasdaman servers.

2.6.3. Storage backend¶

rasdaman can store array data in two different ways:

Arrays in a file system directory, array metadata in SQLite; this is default.
Everything in PostgreSQL: arrays in BLOBs, array metadata in tables.

Note

rasdaman enterprise additionally supports access to pre-existing archives of any structure.

The array storage variant is fixed in the packages to sqlite, i.e. the default recommended option.

2.6.3.1. Storing arrays in a file system directory¶

In this storage variant, a particular directory gets designated to hold rasdaman arrays (maintained by rasdaman) and their metadata (maintained by an SQLite instance embedded in rasdaman).

The recommended directory location is $RMANHOME/data/; administrators may configure this to be a symbolic link to some other location, possibly another filesystem than where $RMANHOME resides (so as to keep programs and data separate). Alternatively, the path can be changed in the -connect option in rasmgr.conf.

The data directory will contain the named database. Currently only one database is supported, but this may change in future. Default database name, assumed by all tools, is RASBASE. While it can be changed this is not recommended as all tools will need to receive an extra parameter indicating the changed name.

The database name needs to be communicated to rasdaman in the $RMANHOME/etc/rasmgr.conf configuration file. Specifically, the connect string should be an absolute path to the RASBASE database (note that variables are not recognized in the script, therefore $RMANHOME has to be spelt out). Assuming the default values described above and a rasdaman installation directory of $RMANHOME=/opt/rasdaman, the corresponding configuration line might look like this:

define dbh rasdaman_host -connect /opt/rasdaman/data/RASBASE

Caution

For a customized data directory location it is recommended to use a symbolic link, rather than modify installation defaults.

2.6.4. Query Result Caching [RE]¶

2.6.4.1. Overview¶

Query results can be cached in a shared memory area of the server’s main memory. Cache contents is shared among all rasserver processes running on the same computer. Cache coherence (i.e., automatic adaptation of the cache contents after database updates) is ensured.

A cached result is used by a subsequent query if a subexpression in this query matches with the cached result; in this case, the cached result replaces the query expression, thereby speeding up processing of the query. Results do not have to match exactly; if a larger array is cached than a query needs then the subset needed will be extracted and reused, which still provides the query with a performance gain.

Measurements have shown speedups of several orders of magnitude in presence of cache contents reuse.

Key cache parameters are configurable by the administrator. By default, the cache is disabled; it needs to be activated through the cache control commands described below.

2.6.4.2. Cache Reuse¶

A query can use a cached item if it contains an occurrence of the expression that has produced the cached element, and if this expression has been applied to the same array object the query wants to access. Note that the decision considers what base data item (i.e., array) has been used – in other words, an expression can benefit from the cache only if it addresses the same array.

2.6.4.2.1. Scope¶

The unit of caching is a single result item, either an array, or a tile, or a scalar. As rasql queries are set-oriented one query may access several arrays, and may deliver more than one item. In the cache, each such item constitutes a separate, independent entry. Subsequent queries check the cache for useful elements on the level of single elements. Therefore, even if only some array results can be reused in a query addressing a set of arrays then the query still can benefit from the matches found.

For avoiding doubts, no complete queries (select ... from .. where) can be cached, but array access and operations up to complete select and where clauses, including data format encoding.

Several situations are possible, they are explained below in turn.

2.6.4.2.2. Reuse of Full Query Result¶

Cached results can be used in several situations:

Exact match: An expression result is already in the cache. The result will be used, no further evaluation of the corresponding expression is necessary.
Subexpression match: An expression in the incoming query contains a subexpression which has been evaluated earlier and, hence, is in the cache. The cached subexpression result will be pasted into the expression, thereby reducing the computational effort needed.
Partial match: An expression in the incoming query contains a matching subexpression, but with only partial overlap in the domain of the cached array. The cached result will be used as much as possible, the non-cached cells of the expression will be computed.

2.6.4.3. Cache Rule Concepts¶

Caching can be controlled through so-called cache rules. These define patterns of (sub-) expressions to be cached whenever they occur. Cache rules consist of regular expressions over the query language functions, so-called query rules, together with variable bindings, here called argument rules. For example, the following cache rule defines that the result of every application of log() applied to the array identified by OID 123 should be kept in cache:

Rule N: log(x) x=1234

Below the concepts are explained in turn.

2.6.4.3.1. Query Rule¶

A query rule is a string representation of some query subexpression occurring in a select or where clause. It consists of concrete function invocations and wildcards.

Concrete function invocations are written as they would be written in rasql. These function invocations may contain variables or subexpressions; in case of variables, the concrete binding is done in the Arguments Rule described below.

Operator wildcards allow expressing any position of an operator in some nested expression. The underscore symbol (_) is used as a wildcard symbol; it matches any number of nested invocations of any function supported by rasql.

The query rule syntax is given by the following rule set:

(empty string)

This matches any query expression, i.e.: all expression results (including all subexpressions) will be cached. Such a rule should be defined very consciously as it will cause a massive cache utilization.
_

Same as above: matches any expression.
f(_)

where f is a function symbol defined in rasql.

This matches exactly a (sub-) expression log(x), such as in
```
select log(x) from x
```
In the following query, log(x) will be cached / can be reused from cache:
```
select abs(log(x)) from x
```
Arity of the function (its number of parameters) is ignored, i.e., a single _ represents any parameter list. The function symbol can represent a scalar as well as an induced operation.

For example, log(_) matches log() invocations with any argument, be it a concrete variable or a subexpression itself;
- it matches: log(x) and log(x+abs(y))
- it does not match: log(x)+log(y) because the topmost operation is an addition.
See below for binding variables to concrete array OIDs.
( _ op _ )

where op is an infix function symbol defined in rasql. This symbol can represent a scalar as well as an induced operation.

For example,
- it matches: (x+(y*z)) and (log(x)+log(y))
- it does not match: (x*(y+z))

( case _ end )

This matches all case expressions, for example:

case when x > 0 then 1 when x < 0 then -1 else 0 end

( marray _ )

This matches all marray expressions.

marray _ values f()

This matches all marray expressions containing an invocation of f().
( condense _ )

This matches all condense expressions.
All of the above expressions can be nested.

Anytime a rule matches the corresponding expression result gets cached. In case of nested functions this may mean that several rules match; in this case, each match will get cached, even if they are part of a more encompassing rule. For example, consider the following rules:

Rule 1: log(_)

Rule 2: ( _ + _ )

In this setup, in an expression log(x+y) the results of both x+y and log(x+y) get cached.

2.6.4.3.2. Argument Rules¶

An argument rule is attached to a query rule with the purpose of specifying further which expression results should be cached. An argument rule consists of a list of variable/OID pairs where the variables must occur in the query rule:

var1 = oid1, var2 = oid2, ..., varN = oidN

Example: log(x) x=1234

This rule will only fire when a log() operator is applied to the array with OID 1234.

2.6.4.3.3. Rule Evaluation¶

During evaluation of a rule, a matching of the Query Rule is done based on the concrete settings of the Argument Rule (if any). Results of expressions found this way will be put into the cache.

For example, if collection C has two arrays with object identifiers 123 and 456 and collection D has two arrays with object identifiers 78 and 90. The query select C+D from C, D will yield four results, as it will be executed for each pair of objects from C and D. Using an arguments rule one can restrict which of these four results will put into the cache:

If there is no argument rule then the overall rule matches all four results of the query;
If there is one argument rule C=123 then the overall rule matches those two results of the query where the object addressed is involved;
If there are two argument rules C=123, D=78 then the overall rule matches only one of the query results, that is: the combination in which both array objects addressed are participating;
If there are two argument rules C=123, D=123 then the overall rule does not match any of results, as the object identified by 123 will never occur in a D position.

2.6.4.4. Cache Management¶

For cache maintenance, the rascontrol syntax is extended with additional statements. As usual, these can be put into the rasmgr.conf configuration file or issued through an interactive rascontrol shell.

Periodically rasmgr performs cache maintenance which involves checking correctness of all cache data, removing invalid records, and releasing memory if more space is needed. Upon termination of rasmgr, the whole cache is released.

Without any cache control command (see Query Cache Control [RE]) the cache remains disabled.

2.6.4.5. How to Find Cache Rules¶

The following method helps to find suitable cache rules. The rascontrol commands used here are documented in Query Cache Control [RE].

add a match-all-rule:
```
define cache rule -query "_"
```
execute the query under consideration (e.g., using the rasql command-line tool)
inspect the cache to see how the cache component interprets the query:
```
list cache
```
if the query as such should be cached, define a rule by copy-pasting the query expression string listed. This will cache exactly that expression.

If a more general pattern is to be defined, replace too specific parts of the query string listed by an underscore and add the resulting expression as a new cache rule. Remove the match-all-rule, rerun the query and check whether cache performance is as expected.

2.7. Server Administration¶

This Section explains on how to manage a rasdaman service on a lower level: start up and shut down individual server workers, as well as how to monitor and influence server state.

It is recommended to first study the previous section so as to understand server administration terminology used here.

2.7.1. General Procedure¶

2.7.1.1. `rasmgr` vs. `rascontrol`¶

It is important to distinguish between the manager, rasmgr, and its control front-end, rascontrol. The manager runs as a background process, supervising activity of local (and possibly remote) rasdaman servers. Interaction between user (i.e., administrator) and the manager takes place through the interactive control front end.

In the sequel, it is first described how to launch the manager rasmgr, then rascontrol commands are detailed.

2.7.1.2. Important Security Note¶

To remain compatible with older rasdaman versions, clients use login “rasguest” / password “rasguest” by default (i.e., when no user and password are explicitly set by the application). In the distribution configuration, this user is defined to have read-only access to the databases, so that users can access but not manipulate databases without authentication.

Therefore, the administrator is strongly urged to adapt authentication settings to the local security policy before switching databases online.

See Users and Their Rights to learn more about user management mechanisms.

2.7.2. Running the Manager¶

2.7.2.1. Manager Startup¶

Starting up the rasdaman system is done by invoking the rasdaman manager, rasmgr, from a shell under the rasdaman operating system login. Usually the manager will be sent to the background:

$ rasmgr &

Starting rasmgr is the only direct action to be done on it. Any further administration is performed using rascontrol.

Note that, unless a server configuration has been defined already, no rasdaman server is available just by starting the manager.

2.7.2.2. Invocation Synopsis¶

Manager invocation synopsis:

$ rasmgr [--help] [--hostname h] [--port p]

where

--help: print this help
--hostname h: host on which the manager process is running is accessible under name / IP address h (default: output of Unix command hostname)
--port p: manager will listen to port number p (default: 7001)

2.7.2.3. Examples¶

To start a manager which will listen at port 7001:

$ rasmgr --port 7001

2.7.3. `rascontrol` Invocation¶

The manager front end, rascontrol, is a command-line interface used for rasdaman administration. It allows to define the whole rasdaman system configuration, including start up and shut down of server instances and user logins and rights.

To secure access to the server administration facilities, rascontrol performs a login process requesting login name and password similar to the Unix rlogin command. User name must be one of the users defined in the rasdaman authentication list (see Users and Their Rights).

2.7.3.1. `rascontrol` Synopsis¶

$ rascontrol [-h|--help] [--host *h*] [--port *n*] [--prompt *n*]
             [--quiet]
             [--login|--interactive|--execute *cmd*|--testlogin]

where

--host h

name of the host where the manager runs (default: localhost)

-h, --help

this help

--port n

port number at which the manager listens to requests (default: 7001)

--prompt n

change rascontrol prompt as follows:

0 - prompt ‘>’
1 - prompt ‘rasc>’
2 - prompt ‘user:host>’

(default: 2)

--quiet

quiet, don’t print header (default for --login and --testlogin)

--login

print login and password, obtained from interactive input, to stdout, then exit (see Script Use below)

--interactive

read login and password from environment variable RASLOGIN instead of requesting it interactively

--execute cmd

execute single *cmd* and exit (batch mode); all text following -x until end of line is passed as command; this option implicitly assumes -e

--testlogin

just do a login and nothing else to check whether the login/password combination provided in the RASLOGIN variable is valid

2.7.3.2. Interactive Use¶

In interactive use, rascontrol will be invoked with the host parameter only. Following successful authentication, rascontrol accepts command line input from stdin.

Here is an example session (mypasswd will not be echoed on screen):

▶ show

2.7.3.3. Script Use¶

Alternatively to interactive login, user and password information can be taken from the environment variable RASLOGIN. This variant is suitable for batch scripting in conjunction with the -x option.

The following example shows how first the RASLOGIN is set appropriately:

$ export RASLOGIN=`rascontrol --login`

...and then a sample Unix shell script which starts all rasdaman servers defined in the system configuration, performing implicit login from the environment variable contents which has been obtained from the previous command and pasted into the shell script:

#!/bin/bash
export RASLOGIN=rasadmin:mytotallyencryptedpassword
rascontrol -x up srv -all

2.7.3.4. Comments in Scripts¶

To enhance legibility of scripts, rascontrol accepts comments in the usual shell syntax: Lines beginning with a hash sign ‘#’ will be ignored, whatever they may contain. An example is usage in shell here documents (type man sh in your favourite shell for further information on this feature):

$ rascontrol <<EOF
# this is the command submitted to rascontrol:
list srv -all
# now terminate rascontrol:
exit
# the following line terminates rascontrol input:
EOF
$

2.7.4. rascontrol Command List¶

2.7.4.1. Command Synopsis¶

help

exit

list

up

down

define

remove

change

save

display information (general or about specific command)

exit rascontrol

list info about the current status of the system

start server(s)

stop rasdaman server(s) or server manager(s)

define a new object

remove an object

change parameters of objects

make configuration changes permanent

In the remainder of this section, commands are explained in detail, sorted by the targets they affect.

2.7.5. Server Hosts¶

2.7.5.1. Define Server Hosts¶

define host h -net n -port p

h: symbolic host name
-net n: set network host name to n
-port p: port on which the rasdaman manager will listen

2.7.5.2. Change Server Host Settings¶

change host h [-name n] [-net x] [-port p]
            [-uselocalhost [on|off] ]

h: host name whose entry is to be updated
-name n: change host name to n
-net x: change network name to x
-port p: change port number to p
-uselocalhost [on|off]: use domain name localhost (IP address 127.0.0.1) instead of regular network host name; usually this speeds up communication a little (default: on)

Note that it is not possible to change network name or port for a host while this server is running.

uselocalhost works only for the master manager and is on by default. This means that the servers running on manager master host should

2.7.5.3. Remove Server Host Definitions¶

remove host h

h: host name whose entry is to be deleted

Remove host h from the definition table.

It is not possible to remove a host definition while the corresponding host has active servers.

2.7.5.4. Status Information¶

list host

List all hosts currently defined.

2.7.6. rasdaman Servers¶

2.7.6.1. Define rasdaman Servers¶

define srv s -host h -type t -port p -dbh d
    [-autorestart [on|off] [-countdown c]
    [-xp options]

s: a unique, not yet used name for the server
-host h: name of the host where the server will run
-type t: communication type: t is r for RPC, h for http
-port p: the RPC program number for RPC servers (recommended: 0x2999001 - 0x2999999), TCP/IP port for http servers (recommended: 7002 - 7999)
-dbh d: database host where the relational database server to which the rasdaman server connects will run
-autorestart a: for a=``on``: automatically restart rasdaman server after unanticipated termination for a=``off``: don’t restart (default: a=``on``)
-countdown *c: for c>``0``: restart rasdaman server after c requests for c=``0``: run rasdaman server indefinitely (default: c=``1000``)
-xp options: pass option string options to server upon start (default: no options, i.e., empty string)

Option -xp must be the last option. Everything following “-xp” until end of line is considered to be “options” and will be passed, at startup time, to the server.

2.7.6.2. Change Server Settings¶

change srv s [-name n] -type t [-port p] [-dbh d]
        [-autorestart [on|off] [-countdown c]
        [-xp options]

s: change settings for server s
-name n: change server name to n
-port p: change port number to p
-dbh d: new database host where the relational database server runs to which the rasdaman server connects
-autorestart a: for a=on: automatically restart rasdaman server after unanticipated termination for a=off: don’t restart
-countdown c: for c>0: restart rasdaman server after c requests for c=0: run rasdaman server indefinitely
-xp options: pass option string options to server upon start

Option -xp must be the last option. Everything following “-xp” until end of line is considered to be “options” and will be passed, at startup time, to the server.

Restrictions:

The server host cannot be changed.
The server name cannot be changed while the server is up.
The new settings will be used only next time the server starts.

2.7.6.3. Remove rasdaman Server Definitions¶

remove srv s

s: server name whose entry is to be deleted

Remove server s from the definition table.

It is not possible to remove a server definition while the corresponding server is up and running

2.7.6.4. Status Information¶

list srv [ s | -host h | -all ] [-p]

s: give information about server s
-host h: give information about all servers running on host h information is requested
-all: list information about all servers on all hosts (default)
-p: additionally list configuration information

The first is variant prints status information of the currently defined server(s); if s is provided, then only server s is listed.

2.7.7. Database Hosts¶

2.7.7.1. Define Database Hosts¶

define dbh h [-connect c]

h: a unique symbolic database host name, usually the host machine name
-connect c: the connection string used to connect rasserver to the database server
-user u: the user name (optional) used to connect rasserver to the base DBMS server; for PostrgreSQL, using this parameter automatically implies trust authentication.
-passwd p: the password (optional) used to connect rasserver to the base DBMS server; for PostrgreSQL, using this parameter automatically implies trust authentication.

2.7.7.2. Change Database Host Settings¶

change dbh h [-name n] [-connect c]

h: database host whose entry is to be changed
-name n: change symbolic database host name to n
-connect c: change connect string to c
-user u: the user name used to connect rasserver to the base DBMS server; using this optional parameter automatically implies ident-based authentication.
-passwd p: the password used to connect rasserver to the base DBMS server; using this optional parameter automatically implies ident-based authentication.

The connection parameters can be changed at any time, however the servers will get the information only when they are restarted.

2.7.7.3. Remove Database Host Definitions¶

remove dbh h

h: database host name whose entry is to be deleted

Remove database host h from the definition table.

It is not possible to remove a database host definition while this database host has active servers connected to it.

2.7.7.4. Status Information¶

list dbh: List all relational database hosts currently defined.

2.7.8. Databases¶

Databases represent the physical database itself, together with the relational database server accessing them. It is possible to have multiple database definitions in the rasdaman server environment which are distinguished by the database host; the interpretation, then, is that the same contents (be it the same physical database or a mirrored copy) is available through relational servers running on the different hosts mentioned. In other words, when a client opens a database, the server manager can freely choose any of the database hosts on which the database indicated is defined.

The pair (database,database host) must be unique.

2.7.8.1. Define Databases¶

define db d -dbh db

d: define database with name d
-dbh db: set database host name to db

2.7.8.2. Change Database Settings¶

change db d -name n

d: database whose name is to be changed
-name n: change to new database name n

2.7.8.3. Remove Database Definitions¶

remove db d -dbh db

d: name of database to be removed
-dbh db: host name of database to be removed

Remove definition of database d from the definition table. The database itself remains unchanged, it is not physically deleted.

It is not possible to remove a database definition while the corresponding database has open transactions.

2.7.8.4. Status Information¶

list db [ d | -dbh h | -all ]

d: give information about servers connected to database d
-dbh h: give information about all servers connected to database d via database host h
-all: list information about all servers connected to any known database (default)

List relational database(s) defined.

2.7.9. Query Cache Control [RE]¶

For administrating the cache (cf. Query Result Caching [RE]), the rascontrol command language is extended as described below. Quick information can be retreived with help cache in rascontrol.

2.7.9.1. Cache size¶

Initial definition of a cache (such as in rasmgr.conf) is accomplished as follows:

define cache -size S

where S is an integer number with an optional modifier suffix of k (for kilobytes) M (for Megabytes) or G (for Gigabytes) or T (for Terabytes), for example: 500M.

A cache in use can be resized through

change cache -size S

If this means an increase over the current cache size, more shared memory is allocated. If it means reducing the current cache then cache records get evicted according to the cache policy until the new size is reached.

The cache is disabled by setting it to size 0 (zero):

change cache -size 0

2.7.9.2. Cache rules¶

Add a new cache rule on query expression Q and all variable bindings:

define cache rule -query "Q" ( -arg var = val )

Example: The following rule establishes that the results of all query expressions be cached which are obtained from adding some logarithm result to object x (concretely identified by OID 1234).

define cache rule -query "(x+log(_))" -arg x=1234

2.7.9.3. Cache eviction¶

Remove a particular cache rule, identified by its position number as given by a list command:

remove cache rule -pos p

where p is a positive integer indicating the position number of the rule as printed by the list command.

The sequence of rules may change dynamically, therefore it is strongly recommended to determine the current position of a cache rule immediately before its deletion (and not rely on some earlier listing).

All stored cache records not matching any remaining cache rule will be evicted from the cache.

2.7.9.4. Cache inspection¶

Print current memory usage and all cached records:

list cache

Print all cache rules in use. Cache rules are numbered sequentially in no particular order:

list cache rule

Adding or deleting a rule may change the sequence completely, therefore it is strongly recommended to determine the current position of a cache rule immediately before its deletion.

2.7.9.5. Cache Start-up and Shutdown¶

Cache Start

up cache

Start the shared query cache: without this command caching will be turned off. This is automatically performed by service rasdaman start and start_rasdaman.sh

Cache Shutdown

down cache [ -force ]

-force: stop immediately without waiting for transaction end

Stop the shared query cache. This is automatically performed by service rasdaman stop and stop_rasdaman.sh

2.7.10. Server Start-up and Shutdown¶

Server Start

up srv [ s | -host h | -all ]

s: start only server s
-host s: start all servers on host h; this requires that a manager has been started on this host previously.
-all: start all servers defined; note that only those servers can be started on whose host a manager is currently running.

Look up the named server(s) in the definition list, and start the specified one(s) using the previously defined individual startup parameters.

At least one of the options s, -host s, and -all must be present.

Server Shutdown

down srv [ s | -host h | -all ] [-force] [-kill]

s: name of the server to be stopped
-host s: terminate all servers on host h
-all: terminate all servers
-force: send SIGTERM immediately, don’t wait for transaction end
-kill: send SIGKILL immediately, don’t wait for transaction end

This command shuts down the indicated server(s). At least one of the options s, -host s, and -all must be present.

Without -force and -kill, the server is marked for shut down and will actually be terminated by sending SIGTERM after completing the current transaction. With -force and -kill, the server is terminated instantaneously; this should be handled with extreme caution, as experience shows that relational database systems react differently on such a situation: usually a running transaction is aborted (which is the desired behavior), but sometimes the running transaction is committed (most likely leaving the database in an inconsistent state). See a Unix manual for the difference between SIGTERM and SIGKILL signals.

The manager on host h is not terminated.

2.7.11. Users and Their Rights¶

See Access Control [RE].

2.7.12. Server Control Options¶

The following options can be passed to the server when it is started by the server manager using the up srv command. Option settings are defined for a particular server using the rascontrol command change srv -xp which passes the rest of the line after -xp on to the server upon starting it (see rasdaman Servers).

--log logfile: print log to logfile. If logfile is stdout, then log output will be printed to standard output. (default: $RMANHOME/log/rasserver.serverid.serverpid.log)
--timeout t: client time out in seconds for sign-of-life signal. If no t indicated: 300 sec; if set to 0, no sign-of-life check is done.
--transbuffer b: set maximum size of transfer buffer to b bytes (default: 10 MB = 10000000 bytes)
--cachelimit c: specifies upper limit in bytes on using memory for caching (default: 0)
--enable-tilelocking: perform tile-level locking on insert / update / delete (default: whole database is locked)

2.7.13. Distributed Query Processing¶

Rasdaman can form a federation network for query answering. In such a setup, rasmgrs facing congestion (i.e., all rasserver worker processes busy) will try to acquire a free server from some other rasmgr’s holding in the federation.

2.7.13.1. Session-based server assignment¶

As always in rasdaman, acquisition and release of server processes is done on session level: when a client opens a new connection, it gets a server assigned; when it closes the connection, this server is released and put back into the pool of available processes. Hence, for optimal load balance clients should strive to have short-running sessions and not keep open connections unduly for a long time.

2.7.13.2. Federation network¶

The federation network is defined in a decentralized way: each rasmgr knows peers from which it accepts requests, and to which it can send requests. To this end, each rasmgr maintains an inpeer and outpeer list:

The inpeer list contains those hosts from which this node’s rasmgr will accept requests.
The outpeer list contains those hosts which this node’s rasmgr will ask for server processes on local session overflow.

By manipulating these two lists administrators can exercise fine-grain security policy in a rasdaman federation network.

Note that the federation connectivity graph is not necessarily symmetric: a rasmgr may send requests to some other rasmgr, but not accept requests, and vice versa, depending on the individual configuration.

Each host individually respects these statements, there is no global rasdaman federation configuration.

2.7.13.3. Federation node addressing¶

Addressing is based on hostnames, where a hostname in the sequel is one of

a domain name, resolvable by this rasmgr’s host
an IP address

All inpeer and outpeer statements accumulate so that host identifiers can be added and removed incrementally.

2.7.13.4. Security¶

A rasmgr request for a server process on another host is treated by the incoming host in the same way as any such incoming client request. The requesting rasmgr authenticates via the login and password which the originating client used for authenticating against rasdaman in the first place.

This implies that a client approaching such a federation must be known in all federation nodes. See Users and Their Rights for details on users and the various permissions they can have on a database.

If neither any inpeer nor any outpeer is defined (either interactively through rascontrol or by way of settings in rasmgr.conf) then this rasdaman instance will act completely standalone and will neither send nor accept peer requests.

2.7.13.5. Define peers¶

define inpeer hostname

hostname: host from which requests for rasdaman server process assignment will be accepted by this rasmgr

define outpeer hostname [-port portnumber]

hostname: host from which this rasmgr may request a rasdaman server process
portnumber: port number at which the rasfed on that host is listening (default: 7000)

2.7.13.6. List peers¶

list inpeer

list outpeer

These commands list all currently defined inpeers and outpeers, respectively.

2.7.13.7. Remove peers¶

remove inpeer hostname

remove outpeer hostname

These commands remove hostname hostname listed from the list of peers.

2.7.13.8. Examples¶

define inpeer www.acme.com

define inpeer 192.168.28.10

2.7.13.9. Caveat: fluctuating IPs¶

In cloud environments, IP addresses are maintained dynamically and can change for a given host between reboots. Hence, when growing a rasdaman federation by launching new VMs care must be taken that the in- and outpeers received the proper current IP address.

2.7.13.10. Restrictions¶

In the current version, the queries are distributed only if the receiving rasmgr has no locally assigned rasservers. This limitation will be removed in the next release.

2.7.14. Miscellaneous¶

2.7.14.1. Help¶

help

Display top level help page

help [command]
command help

Display information specific to command

(both syntax variants are equivalent)

2.7.14.2. Version Information¶

list version

version: display rasdaman server version.

2.7.14.3. Save Changes to Disk¶

save

The save operation writes the current configuration and authorization values to disk. All changes done during the session thus become permanent.

2.7.14.4. `rascontrol` Termination¶

exit

terminates rascontrol.

2.8. Federations [RE]¶

rasdaman enterprise offers intra-query parallelization, that is: splitting of complex queries into sub-queries executed in parallel on a configurable set of compute nodes. Distribution is determined by criteria like data location in the networks and “breakpoints” in the query where minimal data transport occurs. In particular for complex queries and big data such methods are known to boost performance dramatically.

2.8.1. Federation daemon¶

A separate background process per host, rasfed, collects metadata about rasdaman instances in the known network. To this end, rasfed periodically contacts all known nodes to gather information used for dispatching and optimization. Nodes known are those specified as inpeer and/or outpeer in rasfed.properties.

The following adjustments can be made editing /opt/rasdaman/etc/rasfed.properties:

enable activates or deactivates rasdaman’s federation capabilities
when running start_rasdaman.sh. Can be one of yes and no.
- Default: no
- Need to change: YES to enable federation capabilities
peerServiceUrl - URL of a central federation service that provides a list of federation peers. The peers will be added to rasfed’s peer registry in addtion to any currently existing peers.
- Default: empty
- Need to change: NO
publicKeysDir - Directory containing public keys of the external peers allowed to send queries to this node.
- Default: /opt/rasdaman/etc/keys/federation
- Need to change: NO
peerFetchingInterval - set the number of seconds, at which rasfed contacts the peer service URL for obtaining new peers.
- Default: 1800 (30 minutes)
- Need to change: NO
rasdamanDatabaseConnectivityString set the connectivity string to the database administered by rasdaman.
- Default: jdbc:sqlite:/opt/rasdaman/data/RASBASE
- Need to change: YES when changed in rasmgr.conf
rasdamanDatabaseUser set the username for the above database.
- Default: rasdaman
- Need to change: NO for sqlite, YES for other backend DBMS
rasdamanDatabasePassword set the password for the above username.
- Default: rasdaman
- Need to change: NO for sqlite, YES for other backend DBMS
rasdamanUrl URL of rasdaman database serving raster data
- Default: http://localhost:7001
- Need to change: YES when changed in rasmgr.conf
rasdamanDatabase name of rasdaman database serving raster data. Recommendation: use rasdaman standard name, RASBASE.
- Default: RASBASE
- Need to change: YES when changed in rasmgr.confg
rasdamanUser A rasdaman user that has at least READ rights to the rasdaman service.
- Default: rasguest
- Need to change: YES when changed in rasdaman
rasdamanPassword set the password for the above username.
- Default: rasguest
- Need to change: YES when changed in rasdaman
listeningPort set the port on which rasfed listens.
- Default: 7000
- Need to change: NO
hostname set the hostname advertised by the current node in the federation; must coincide with what other nodes use in inpeer statements.
- Default: output of hostname command
- Need to change: YES when the hostname is not consistent in the federation
maxNumberOfRestartTries set the number of restarts rasfed should perform in case of an error, until it gives up.
- Default: 5
- Need to change: NO
noContactMaxTime set the maximal period (in milliseconds) during which a peer server doesn’t send any messages, before being consider inactive.
- Default: 30000 (30 seconds)
- Need to change: NO
pathToRasdamanBinaries set the path to rasdaman bin directory.
- Default: /opt/rasdaman/bin
- Need to change: NO
penaltyTimeForBeingInactive set the period (in milliseconds) for which an inactive server is ignored. After that, a new attempt to contact the inactive server is made.
- Default: 60000 (60 seconds)
- Need to change: NO
statusMessageUpdateTimeInterval set the polling interval in milliseconds.
- Default: 10000 (10 seconds)
- Need to change: NO
restartServiceDelay set the number of milliseconds that need to pass between consecutive restarts, in case of failure.
- Default: 1000 (1 second)
- Need to change: NO
healthCheckTimeout set the number of milliseconds that a node has to respond to a health check message before being considered unhealthy.
- Default: 500 (0.5 seconds)
- Need to change: NO
petascopeEndPoint is the endpoint URL of petascope on this peer node. NOTE: the endpoint must be accessible from other peer nodes. Usually it is http://hostname:8080/rasdaman/ows with the hostname as configured above.
- Default: http://localhost:8080/rasdaman/ows
- Need to change: YES when a new hostname for this node is set

In summary, customization is typically required for hostname and petascopeEndPoint only, as well as the rasdamanUser and rasdamanPassword when they change in rasdaman.

2.8.2. Enabling trust¶

In order to accept queries from another federation member, trust must be established first. This is done by placing the public key of the trusted peer in /opt/rasdaman/etc/keys/federation.

Similarly, the local public key must be placed on federation members which should accept queries from the local node. The local public key can be found in /opt/rasdaman/etc/keys/local and will have the name hostname.pub where $hostname is the name advertised in the federation by the local node.

The keys are also used for autheticating federation requests.

2.8.3. Disabling federation access¶

Disabling network communication between nodes can be preset in rasfed.properties by setting enable to no and restarting rasdaman. Alternatively, communication with particular nodes can be stopped as follows.

2.8.3.1. No queries to outpeers¶

In rasfed.properties, for the outpeers that you want to disable, do one of the following:

Delete outpeer lines
Put outpeer lines in comments (i.e., prefix with “#”)
Add option -disable to the define outpeers lines

2.8.3.2. No queries from inpeers¶

In rasfed.properties, for the inpeers that you want to disable, do one of the following:

Delete inpeer lines
Put inpeer lines in comments (i.e., prefix with “#”)
Add option -disable to the define inpeers lines

2.8.3.3. Restart server¶

If rasfed.properties has been edited, rasdaman needs to be restart on this node to make changes effective.

2.8.4. Federation Configuration Example¶

The following configuration scheme works well for setting up a federation between machine A and machine B.

Important: on both machines ports 7000-7011, as well as 8080 have to be opened to external peer nodes (rasfed - 7000, rasmgr - 7001, rasservers - 7002 - 7011, petascope - 8080).

2.8.4.1. machine A¶

IP: 1.2.3.4
In /etc/hosts:

127.0.0.1 A
5.6.7.8   B

In /opt/rasdaman/etc/rasfed.properties:

hostname=A
petascopeEndPoint=http://A:8080/rasdaman/ows
...

# add at the following lines at the end of the file
define inpeer B -role-map read < read
define outpeer B -role-map read > read

Establish trust by placing the public key file B.pub in /opt/rasdaman/etc/keys/federation. B.pub is automatically generated on machine B when rasdaman starts, under /opt/rasdaman/etc/keys/local/B.pub. After placing the public key B.pub in the corresponding directory, rasdaman needs to restart.

2.8.4.2. machine B¶

IP: 5.6.7.8
In /etc/hosts:

127.0.0.1 B
1.2.3.4   A

In /opt/rasdaman/etc/rasfed.properties:

hostname=B
petascopeEndPoint=http://B:8080/rasdaman/ows
...
# add at the following lines at the end of the file
define inpeer A -role-map read < read
define outpeer A -role-map read > read

Establish trust by placing the public key file A.pub in /opt/rasdaman/etc/keys/federation. A.pub is automatically generated on machine A when rasdaman starts, under /opt/rasdaman/etc/keys/local/A.pub. After placing the public key A.pub in the corresponding directory, rasdaman needs to restart.

Note

The -role-map parameter defines the translation between the authorization info passed in subqueries. In the example of machine A, all users from machine B having role read will be able to do federated queries. See Federated Access Control [RE] for more details.

2.9. Security¶

2.9.1. General¶

There are several security measures available, which should be considered seriously. Among them are the access right mechanisms found in Tomcat, rasdaman, and PostgreSQL. We highly recommend to make use of these.

For Tomcat and PostgreSQL please refer to the pertaining documentation. The servlet is safe against SQL injection attacks - we are not aware of any means for the user to send custom queries to the PostgreSQL server or the rasdaman server. XSRF and XSS represent no danger to the service because there is no user generated content available.

For rasdaman, we recommend to change the default user passwords in rasdaman (rasguest/rasguest for read-only access, rasadmin/rasadmin for read-write and administrator access) to not run into the Oracle “Scott/tiger” trap. Even better, use additional separate, private users. The rasdaman service doesn’t use cookies.

2.9.2. Reset default passwords¶

This is a quick guide to reset the default rasdaman users, rasguest and rasadmin, which are created when the system is first installed and initialized. Pre-requisites: rasdaman must be up and running.

Reset rasguest

Update password in rasdaman:
$ rasql -q 'ALTER USER rasguest SET PASSWORD TO "newpassword"' \
        --user rasadmin --passwd rasadmin
Update rasdaman_pass (for read-only access from petascope) in /opt/rasdaman/etc/petascope.properties to set it to the newpassword.

Update rasdamanPassword in /opt/rasdaman/etc/rasfed.properties to set it to the newpassword.
Grant PRIV_OWS_WCS_PROCESS_COV role so that the rasguest user will be able to run WCPS queries:
$ rasql -q 'GRANT PRIV_OWS_WCS_PROCESS_COV to rasguest' \
        --user rasadmin --passwd rasadmin

Reset rasadmin

Update password in rasdaman:
$ rasql -q 'ALTER USER rasadmin SET PASSWORD TO "newpassword"' \
        --user rasadmin --passwd rasadmin
Update rasdaman_admin_pass (for read-write access from petascope) in /opt/rasdaman/etc/petascope.properties to set it to the newpassword.
Update RASLOGIN env variable in /etc/default/rasdaman:
# get an md5 hash of the new password
$ echo -n "newpassword" | md5sum | awk '{ print $1; }'

# update the previous md5 hash of RASLOGIN by editing the file
$ nano /etc/default/rasdaman

# login credentials for non-interactive rasdaman start/stop
RASLOGIN=rasadmin:<new md5 password hash>

Restart rasdaman:
```
sudo systemctl restart rasdaman
```

Restart tomcat (if external tomcat is configured in petascope.properties):

tomcat_service=$(systemctl list-units | grep -i tomcat)
sudo systemctl $tomcat_service restart

2.10. Backup¶

Both software and hardware can fail, therefore it is prudent to establish regular backup procedures. For rasdaman in particular a couple of things should be considered for inclusion in a backup:

The rasdaman database, which normally can be found in /opt/rasdaman/data. The SQL database itself in this directory, RASBASE, is fairly small; the TILES subdirectory may be large as it contains all the array data, but if backup disk space is not scarce then it is definitely recommended to backup as well. Incremental backups of the TILES with rsync for example should work well without unnecessary duplicated data copying, unless existing data areas are often updated. Example with rsync:
```
# backup small RASBASE to /backup/rasdamandb
rsync -avz /opt/rasdaman/data/RASBASE /backup/rasdamandb/

# backup potentially large TILES dir to /backup/rasdamandb
rsync -avz /opt/rasdaman/data/TILES /backup/rasdamandb/
```

The petascopedb geo metadata database is usually small and worth backing up. By default it is stored in PostgreSQL and can be extracted into a small compressed archive as follows:

# create backup in a gzip archive petascopedb.sql.gz
sudo -u postgres pg_dump petascopedb | gzip > /backup/petascopedb.sql.gz

If necessary, it can be restored with

# if a petascopedb already exists it needs to be renamed, as otherwise
# restoring over an existing petascopedb will corrupt it
sudo -u postgres psql -c "ALTER DATABASE petascopedb RENAME TO petascopedb_existing_backup"

# create an empty petascopedb
sudo -u postgres createdb petascopedb

# restore backup petascopedb.sql.gz (use cat if it's not a gzip archive)
zcat petascopedb.sql.gz | sudo -u postgres psql -d petascopedb --quiet > /dev/null

Alternatively, if the above fails for some reason, petascopedb can be backup with this command:

# note that /backup/petascopedb_backup will contain a large number of compressed files
sudo -u postgres pg_dump -j 8 -Fd petascopedb -f /backup/petascopedb_backup

If necessary, it can be restored with

sudo -u postgres pg_restore -j 8 -d petascopedb /backup/petascopedb_backup

The rasdaman configuration files in /opt/rasdaman/etc, but also consider the bin and share directories which may be useful in case of package update problems, as well as maybe log files in the log directory.
```
# backup everything except the data dir, which is handled in step 1. above
rsync -avz --exclude='data/' /opt/rasdaman /backup/
```

2.11. Migration¶

Sometimes it is necessary to migrate the installation from one machine (OLD) to another (NEW). This section outlines the steps on how to do this.

Make sure rasdaman is installed and functional on the NEW machine.
Stop rasdaman and an external tomcat if installed on both the OLD and NEW machine, e.g:
```
sudo service rasdaman stop
sudo service tomcat9 stop
```
Make a backup of the rasdaman and petascope databases on the OLD machine by following step 1. of the backup guide and copy the backup to the NEW machine.
Restore the database backups on the NEW machine by following step 2. of the backup guide.
Make a backup of the config files on the NEW machine (/opt/rasdaman/etc), then copy relevant configuration from the OLD to the NEW machine, in particular:
- rasmgr.conf can probably copied as is, but check if the -host setting is correct for the NEW machine;
- most settings from petascope.properties can be copied as is, except the ones for database configuration (spring.* and metadata*);
- if federation is enabled on the OLD machine then most settings from rasfed.properties can be copied, but carefully check the hostname setting;
- /etc/default/rasdaman can be copied as is usually;
If UDFs have been registered on the OLD machine:
- if the NEW machine is the same OS and CPU architecture as the OLD then the UDF libraries can probably be synced by copying the /opt/rasdaman/share/rasdaman/udf directory;
- otherwise, they will likely need to be recompiled on the NEW machine;
Make sure that the /opt/rasdaman directory is owned by the rasdaman user, to avoid any permission issues caused by copying with other system users:
```
sudo chown -R rasdaman: /opt/rasdaman
```

Finally start rasdaman and tomcat:

sudo service rasdaman start
sudo service tomcat9 start

2.12. Uninstallation¶

When uninstalling rasdaman, you can execute the following commands to ensure that all installed files and services are fully removed from the system.

▶ show

2.13. Troubleshooting¶

2.13.1. General¶

The first step in troubleshooting problems should be to look into the server logs.

Start with checking the rasmgr and rasserver logs for any errors. If this does not provide any clues, check the petascope.log or catalina.out.

Next, investigate the status of rasdaman and external Tomcat if applicable with systemctl rasdaman status (and similar for Tomcat). Inspect the output of ps aux | grep ras to list details about the rasdaman processes, or top for CPU and memory usage.

It can be useful to double check the system memory usage with free -m, and disk space usage with df -h.

2.13.2. Manually stop rasdaman¶

If stopping rasdaman fails, it may be necessary to manually stop it:

▶ show

Checking the server logs could provide further information on why stopping rasdaman failed in the first place.

2. Installation and Administration Guide¶

2.1. Preface¶

2.1.1. Overview¶

2.1.2. Audience¶

2.1.3. Rasdaman Documentation Set¶

2.2. Installation¶

2.2.1. Debian-based systems¶

2.2.1.1. Installation¶

2.2.1.2. Updating¶

2.2.2. RPM-based systems¶

2.2.2.1. Installation¶

2.2.2.2. Updating¶

2.2.3. Customizing the package installation¶

2.3. Running rasdaman¶

2.3.1. Service Control¶

2.3.1.1. rasdaman¶

2.3.1.2. petascope¶

2.3.2. Service monitoring¶

2.3.3. Configure rasdaman¶

2.3.4. Configure petascope¶

2.3.4.1. PostgreSQL¶

2.3.4.2. H2 / HSQLDB¶

2.3.4.3. SELinux configuration¶

2.3.4.4. SSL/TLS configuration¶

2.4. Installed Files and Data¶

2.4.1. Top-level directories¶

2.4.2. Executables¶

2.4.2.1. start_rasdaman.sh¶

2.4.2.2. stop_rasdaman.sh¶

2.4.2.3. migrate_petascopedb.sh¶

2.4.3. Configuration files¶

2.4.4. Log files¶

2.4.5. Temporary files¶

2.4.6. Demo data & programs¶

2.4.6.1. Example database¶

2.4.6.2. Example programs¶

2.4.6.3. Makefile¶

2.4.6.4. query.cc¶

2.4.6.5. Query.java¶

2.4.6.6. AvgCell.java¶

2.5. Access Interfaces¶

2.5.1. Command Line Tools¶

2.5.2. Web Services¶

2.5.3. Rasdaman Web Admin Tools [RE]¶

2.5.3.1. Web rascontrol¶

2.5.3.2. Request statistic interface¶

2.5.3.3. Web access control¶

2.5.3.3.1. User Management¶

2.5.3.3.2. Role Management¶

2.5.3.3.3. Trigger Management¶

2.5.3.3.4. HTTP Headers & Authentication¶

2.5.4. Basic header authentication¶

2.5.5. APIs¶

2.6. Server Architecture¶

2.6.1. Executables Overview¶

2.6.2. Server Manager and Server¶

2.6.2.1. Overview and Terminology¶

2.6.2.2. Server Structure in General¶

2.6.2.3. Dynamic Server Assignment¶

2.6.2.4. System Start-up¶

2.6.2.5. Authentication¶

2.6.2.6. rasdaman Manager Defaults¶

2.6.2.7. Port Number Recommendations¶

2.6.3. Storage backend¶

2.6.3.1. Storing arrays in a file system directory¶

2.6.4. Query Result Caching [RE]¶

2.6.4.1. Overview¶

2.6.4.2. Cache Reuse¶

2.6.4.2.1. Scope¶

2.6.4.2.2. Reuse of Full Query Result¶

2.6.4.3. Cache Rule Concepts¶

2.6.4.3.1. Query Rule¶

2.6.4.3.2. Argument Rules¶

2.6.4.3.3. Rule Evaluation¶

2.6.4.4. Cache Management¶

2.6.4.5. How to Find Cache Rules¶

2.7. Server Administration¶

2.7.1. General Procedure¶

2.7.1.1. rasmgr vs. rascontrol¶

2.7.1.2. Important Security Note¶

2.4.6.4. `query.cc`¶

2.4.6.5. `Query.java`¶

2.4.6.6. `AvgCell.java`¶

2.7.1.1. `rasmgr` vs. `rascontrol`¶

2.7.3. `rascontrol` Invocation¶

2.7.3.1. `rascontrol` Synopsis¶

2.7.14.4. `rascontrol` Termination¶