Install Keepstore servers

  1. Introduction
  2. Update config.yml
  3. Install keepstore package
  4. Restart the API server and controller
  5. Confirm working installation
  6. Note on storage management


Keepstore provides access to underlying storage for reading and writing content-addressed blocks, with enforcement of Arvados permissions. Keepstore supports a variety of cloud object storage and POSIX filesystems for its backing store.

Plan your storage layout

In the steps below, you will configure a number of backend storage volumes (like local filesystems and S3 buckets) and specify which keepstore servers have read-only and read-write access to which volumes.

It is possible to configure arbitrary server/volume layouts. However, in order to provide good performance and efficient use of storage resources, we strongly recommend using one of the following layouts:

  1. Each volume is writable by exactly one server, and optionally readable by one or more other servers. The total capacity of all writable volumes is the same for each server.
  2. Each volume is writable by all servers. Each volume has enough built-in redundancy to satisfy your requirements, i.e., you do not need Arvados to mirror data across multiple volumes.

We recommend starting off with two Keepstore servers. Exact server specifications will be site and workload specific, but in general keepstore will be I/O bound and should be set up to maximize aggregate bandwidth with compute nodes. To increase capacity (either space or throughput) it is straightforward to add additional servers, or (in cloud environments) to increase the machine size of the existing servers.

By convention, we use the following hostname pattern:


Keepstore servers should not be directly accessible from the Internet (they are accessed via keepproxy), so the hostnames only need to resolve on the private network.

Update cluster config

Configure storage volumes

Fill in the Volumes section of config.yml for each storage volume. Available storage volume types include POSIX filesystems and cloud object storage. It is possible to have different volume types in the same cluster.

  • To use a POSIX filesystem, including both local filesystems (ext4, xfs) and network file system such as GPFS or Lustre, follow the setup instructions on Filesystem storage
  • If you are using S3-compatible object storage (including Amazon S3, Google Cloud Storage, and Ceph RADOS), follow the setup instructions on S3 Object Storage
  • If you are using Azure Blob Storage, follow the setup instructions on Azure Blob Storage

There are a number of general configuration parameters for Keepstore. They are described in the configuration reference. In particular, you probably want to change API/MaxKeepBlobBuffers to align Keepstore’s memory usage with the available memory on the machine that hosts it.

List services

Add each keepstore server to the Services.Keepstore section of /etc/arvados/config.yml .

        # No ExternalURL because they are only accessed by the internal subnet.
          "": {}
          "": {}
          # and so forth

Install keepstore

Red Hat, AlmaLinux, and Rocky Linux

# dnf install keepstore

Debian and Ubuntu

# apt install keepstore

Start the service

# systemctl enable --now keepstore
# systemctl status keepstore

If systemctl status indicates it is not running, use journalctl to check logs for errors:

# journalctl -n12 --unit keepstore

Restart the API server and controller

Make sure the cluster config file is up to date on the API server host then restart the API server and controller processes to ensure the configuration changes are visible to the whole cluster.

# systemctl restart nginx arvados-controller
# arvados-server check

Confirm working installation

We recommend using the Cluster diagnostics tool.

Here are some other checks you can perform manually.

Log into a host that is on your private Arvados network. The host should be able to contact your your keepstore servers (eg keep[0-9]

ARVADOS_API_HOST and ARVADOS_API_TOKEN must be set in the environment.

ARVADOS_API_HOST should be the hostname of the API server.

ARVADOS_API_TOKEN should be the system root token.

Install the Command line SDK

Check that the keepstore server is in the keep_service “accessible” list:

$ arv keep_service accessible

If keepstore does not show up in the “accessible” list, and you are accessing it from within the private network, check that you have properly configured the geo block for the API server .

Next, install the Python SDK

You should now be able to use arv-put to upload collections and arv-get to fetch collections. Be sure to execute this from inside the cluster’s private network. You will be able to access keep from outside the private network after setting up keepproxy .

Liquid error: No such template ‘arv_put_example’

Note on storage management

On its own, a keepstore server never deletes data. Instead, the keep-balance service determines which blocks are candidates for deletion and instructs the keepstore to move those blocks to the trash. Please see the Balancing Keep servers for more details.

Previous: Cluster diagnostics tool Next: Configure filesystem storage

The content of this documentation is licensed under the Creative Commons Attribution-Share Alike 3.0 United States licence.
Code samples in this documentation are licensed under the Apache License, Version 2.0.