g Lite WMS Match Making GPBOX PEP Vo
g. Lite WMS Match. Making & GPBOX PEP: Vo. Views support. Integration status The g. Lite WMS Team M. Cecchi INFN CNAF
Brief description of BDII – ISM – MM interactions to support VOViews. –WMS/GPBOX interaction description of the upgrade
BDII / ISM / MM interactions – The BDII is queried by the ISM purchasers threads in the WMS to timely retrieve/insert/update information about the resources. – A Class. Ad representation of the CE/SE information is generated and inserted into the ISM – Each attribute published in the subschema as a MULTI-VALUE tag is converted to a Class. Ad Expression List. The algorithm how to map LDIF to Class. Ad: –for each VOView insert a unique entry in the ISM having: • a Class. Ad representation of the CE informationmerged with the VOView attributes • Overlapping CE attributes are overridden by the ones in the VOView
VOViews integration status ldapsearch -h wn-04 -01 -03 -a. cr. cnaf. infn. it -p 2135 -x -b "mds-vo-name=local, o=grid dn: Glue. VOView. Local. Id=cmsgold, Glue. CEUnique. ID= wn-0401 -03 -a. cr. cnaf. infn. it: 2119/jobmanager-lcglsfcms, mds-vo-name=local, o=grid ldif . . . dn: Glue. CEUnique. ID = Glue. CEAccess. Control. Base. Rule: VO: cms wn-04 -01 -03 a. cr. cnaf. infn. it: 2119/jobmanagerlcglsf-cms, mds-vo-name=local, o=grid Glue. CEAccess. Control. Base. Rule: SC: GOLD . . . dn: Glue. VOView. Local. Id=cmssilver, Glue. CEUnique. ID=wn. cr. cnaf. infn. it: 2119/jobmanager-lcglsf-cms, mds-voname=local, o=grid Glue. CEAccess. Control. Base. Rule: VO: cms. . Glue. CEAccess. Control. Base. Rule: VO: cms Glue. CEAccess. Control. Base. Rule: SC: SILVER Class. AD . . . Glue. CEUnique. ID/Glue. VOView. Local. Id = ”cmsgold”; In the ISM each entry (CE or VOViews) is apart identified by a unique key: Glue. CEUnique. ID/Glue. VOView. Local. Id having their attributes spread according to the above algorithm. Glue. VOView. Local. Id = ”cmssilver”; Glue. CEUnique. ID= ”wn. cr. cnaf. infn. it: 2119/job manager-lcglsf-cms, mds-voname=local, o=grid” Glue. CEUnique. ID= ”wn. cr. cnaf. infn. it: 2119/jobm anager-lcglsf-cms, mds-voname=local, o=grid” . . . Glue. CEAccess. Control. Base. Rule = { “VO: cms”, “SC: GOLD” }; Glue. CEAccess. Control. Base. Rule = { “VO: cms”, “SC: SILVER” }; . . .
VOViews integration status Another example: cms VOViewed, ATLAS a single CE. dn: Glue. VOView. Local. Id=cmsgold, Glue. CEUnique. ID= wn-0401 -03 -a. cr. cnaf. infn. it: 2119/jobmanager-lcglsfcms, mds-vo-name=local, o=grid ldif . . . dn: Glue. CEUnique. ID = Glue. CEAccess. Control. Base. Rule: VO: cms wn-04 -01 -03 a. cr. cnaf. infn. it: 2119/jobmanagerlcglsf-cms, mds-vo-name=local, o=grid Glue. CEAccess. Control. Base. Rule: SC: GOLD . . . dn: Glue. VOView. Local. Id=cmssilver, Glue. CEUnique. ID=wn. cr. cnaf. infn. it: 2119/jobmanager-lcglsf-cms, mds-voname=local, o=grid . . . Glue. CEAccess. Control. Base. Rule: VO: cms Glue. CEAccess. Control. Base. Rule: VO: atlas. . . Glue. CEAccess. Control. Base. Rule: VO: cms Glue. CEAccess. Control. Base. Rule: SC: SILVER. . . Class. AD Glue. CEUnique. ID= ”wn. cr. cnaf. infn. it: 2119/jobman ager-lcglsf-cms, mds-voname=local, o=grid”; . . . Glue. CEAccess. Control. Base. Rule = { “VO: atlas” }; . . . Glue. VOView. Local. Id = ”cmsgold”; Glue. VOView. Local. Id = ”cmssilver”; Glue. CEUnique. ID= ”wn. cr. cnaf. infn. it: 2119/job manager-lcglsf-cms, mds-voname=local, o=grid” Glue. CEUnique. ID= ”wn. cr. cnaf. infn. it: 2119/jobm anager-lcglsf-cms, mds-voname=local, o=grid” . . . Glue. CEAccess. Control. Base. Rule = { “VO: cms”, “SC: GOLD” }; Glue. CEAccess. Control. Base. Rule = { “VO: cms”, “SC: SILVER” }; . . .
VOViews integration status – The VOView support, according to Glue Schema 1. 2 and following design updates, has now been integrated in the g. Lite R 3. 1. The effort here was mainly devoted to have the maximum level of flexibility by the WMS (to manage all the various approaches recently emerged). – A backport to R 3. 0 is in progress (at least we were asked. . . ). – The Vo. View approach affects the ISM structure, the MM and the PEP modules.
BDII / ISM / MM interactions – To perform the match-making the g. Lite Resource Broker couples the information from the ISM on one side (CE Ads) and from the JDL (Request Ads) on the other side. – This is technically done via a symmetric Class. Ad match where – to – The requirement expressions of the Request Ad (JDL) AND the CE Ad –All the stuff relating ACLs has to be expressed in the Authorization. Check formula in each CE ad: . . . Authorization. Check = member(other. Certificate. Subject, Glue. CEAccess. Control. Base. Rule) OR member("VO: " + other. Virtual. Organisation, Glue. CEAccess. Control. Base. Rule); Close. Output. SECheck =. . . requirements = Authorization. Check AND Close. Output. SECheck; . . .
VOViews integration status User JDL CE Ads [ Glue. VOView. Local. Id = ”cmsgold”; Glue. VOView. Local. Id = ”cmssilver”; Glue. CEUnique. ID= ”wn. cr. cnaf. infn. it: 2119/jobm anager-lcglsf-cms, mds-voname=local, o=grid” Executable="/bin/ls"; Certificate. Subject=”/C=IT /O=INFN/OU=Personal Certificate/L=CNAF/CN=Joh n Smith/CN=proxy Virtual. Organisation = “cms”. . . ] requirements = Authorization. Check AND Close. Output. SECheck; Glue. CEAccess. Control. Base. Rule = { “VO: cms”, “SC: GOLD” }; Glue. CEAccess. Control. Base. Rule = { “VO: cms”, “SC: SILVER” }; . . . The request contrived by the WMS/PEP for GPBOX RESOURCE LIST: J. Smith = /CMS/Prod -> gold GPBOX (1) ”wn. cr. cnaf. infn. it: 2119/jobmanager-lcglsf-cms, mds-vo -name=local, o=grid”/”cmsgold” (2) ”wn. cr. cnaf. infn. it: 2119/jobmanager-lcglsf-cms, mds-vo -name=local, o=grid”/”cmssilver” SERVICE QUALITY LIST (formerly 'aggregation-tag'): (1) GOLD (2) SILVER (1) = ACCEPT (2) = DENY
. . . Authorization. Check = member(other. Certificate. Subject, Glue. CEAccess. Control. Base. Rule) || member(strcat("VO: ", other. Virtual. Organisation), Glue. CEAccess. Control. Base. Rule) || FQANmember(strcat("VOMS: ", other. VOMS_FQAN), Glue. CEAccess. Control. Base. Rule); requirements = Authorization. Check && Close. Output. SECheck; . . .
- Slides: 9
