Report on the INFNGRID Globus evaluation Massimo Sgaravatto

Report on the INFN-GRID Globus evaluation Massimo Sgaravatto INFN Padova for the INFN Globus group globus@infn. it

Why Globus ? n n n Some basic services (security, information services, resource management, …) must be deployed in order to implement and use a Grid for real applications Globus identified as possible Grid framework providing these services WP “Installation and Evaluation of the Globus Toolkit” of the INFN-GRID Project n n Evaluation of the Globus toolkit (effectiveness, completeness, robustness, ease of use, …) Provide feedback to the Globus team n n Bringing attention to existing problems and requirements Providing fixes to some problems

Globus activities within INFN n Activities driven by the following work plan n n n n Not only a simple evaluation n n Evaluation of Globus security services Evaluation of Grid Information Service Evaluation of Globus services for resource management Evaluation of Globus tools for data management Evaluation of Globus HBM for fault monitoring Evaluation of Globus GEM for execution environment management Globus deployment and installation tools Some existing shortcomings addressed Specific configurations and customizations implemented INFN-GRID Globus evaluation activities performed between June 2000 and January 2001 “Official” Globus 1. 1. 3 (1. 1. 4 for MPICH-G 2) release tested

Globus security services n The Globus GSI security model seems to satisfy the INFN community current requirements on security n n One time login mechanism Use of X 509 certificates Possibility for extending relations of trust to multiple CA’s without having to interfere with their X. 500 naming scheme Some shortcomings n Need for limited (by scope or purpose) proxies n n Memory leaks in the GAA library n n Now partially solved with newer code Interface between GSI and AFS n n Fixed: patches provided by INFN Cryptic diagnostics n n Globus team is already addressing this problem Already addressed with gsiklog No tools for group management n Addressed with new CAS service

INFN customizations on security n n n INFN-CA CRL distribution Centralized management of the grid-mapfile n n Goal: Ease the sharing of the same access policies (represented by the grid-mapfiles) for groups of hosts with common purposes Proposed system n Central repository (LDAP server) to store user certificates (subjects) and to define groups of users n n n Certificates published by CA manager Group manager responsible for editing group memberships (using a LDAP client) Resource owners (Globus administrators) periodically (i. e. cron job) “connect” to this repository, “download” the subject of the certificates that meet a specified criterion (e. g. all users of group X), and produce grid-mapfile entries

Globus Information Services n INFN implemented a hierarchical structure of GIS based on geographical entities n n n Site GIIS’s Local GRIS’s registered at the site GIIS Root GIIS where local GIIS’s are registered

INFN GIS Topology Top Level INFN GIIS Dc=mi, Dc=infn, dc=it, o=grid Dc=pd, Dc=infn, GIIS dc=it, o=grid GIIS Milano Padova GRIS

root GIIS 1 st level query focus on a set of resources 2 nd and 3 rd level query Get more updated info A global view Scheduling/ Resource discovery High Availability ldbm backend (? ) GIIS replication (? ) GIIS ……. . GRIS GRIS GRIS

Globus Information Services n Problems n Performance n n Querying the root GIIS server, on the worst case the whole namespace must be searched The overall response time is limited by the slowest response of a descendant Poor GRIS performance (shell backend) Example (querying a site GIIS): n n n ~ 1 sec. When cache is on ~ 5 -10 sec. When cache expired and GIIS and GRIS not busy > 1 min. when cache expired and GRIS busy

Globus Information Services n Other problems n Pull model n n Security and access controls n n n Mixed push/pull model more suitable Any GRIS can register itself to a GIIS No access control when searching the GIS Fault tolerance n No automatic failover mechanisms

Globus Information Services n Most of these problems already addressed or are being addressed with the new MDS development n n n n Improved GRIS performance Improved GIIS performance (e. g. support for GIIS timeouts) Integration of GSI security and access control Support for customized indexes Support for pluggable information providers Support for both registration and invitation …

Globus Information Services n Other INFN customisations n n INFN-GIS browser Tools (MRTG based) to monitor LDAP servers n n n Entries returned Connections On-going MDS-2. 1 alpha evaluation

INFN-GIS browser

Resource Management n Evaluation of Globus GRAM n Focus on possible use of GRAM as uniform interface to different underlying local resource management systems n n n Tests with Condor, LSF and PBS as LRMS INFN WAN Condor pool as Globus resource The model is fine, but lack of “robustness” (needed for real production environments) n Memory leaks in the Globus job manager n n n Scalability (one job manager for each job) Reliability (the job manager is not persistent) n n Fixed: patches provided by our group were fed back to Globus Addressed with the new jobmanager (by Condor team) New resource management architecture foreseen with GRAM -2

Resource Management n Default GRAM Reporter (Information providers) not enough for our needs (in particular considering PC farms): n n n Many useless attributes (at least for our needs), attributes not calculated (always defined as 0), some attributes not properly calculated, important information (e. f. needed by a resource broker) missing We are addressing this problem in the context of the Data. Grid Project Submission of Condor jobs to Globus resources n Condor-G n Useful as a reliable job submission service n n n Persistent queue of jobs Logging information Exploitation of the new persistent Globus jobmanager Reliable (two phase commit) submission protocol Glide. In Evaluation of MPICH-G 2 vs. MPICH n Some shortcomings found (lack of support for shared memory, worse latency performance for small messages wrt. MPICH)

Data management n n Tests with GASS Tests with Grid. FTP alpha release 2 n n n Capability of resuming an interrupted file transfer successfully tested Support for the GSI authentication mechanisms successfully tested Throughput tests n n Increasing number of parallel streams and fixed file size and fixed number of streams TCP buffer size block size

Other services n Fault Monitoring (HBM) n n n Evaluation of HBM for fault detection (for “system” and “user” processes) … but the HBM package is not seeing active development Execution Environment Management (GEM) n n Evaluation of GEM as service for “code migration” … but Globus now provides only limited capabilities (executable staging)

Globus installation tools n INFN-GRID Globus installation toolkit n n n To make easier and more “automatic” the installation of the Globus toolkit To shorten the installation time (very long using the standard install procedures) Support for specific customisations and configurations Quick distribution of patches Support for distribution of new tools and packages Proven to be successful n n Used to setup a INFN GRID Testbed and also outside (CERN, FNAL, …) Used as installation tool for Data. Grid Testbed 0

INFN-GRID Installation toolkit n Characteristics n n n n n Distribution of binary files Distribution of the packages needed to install/use Globus Distribution of various Globus flavoured compilations (kerberos, MPICH, AFS) Support for the most used platforms in the HENP community (Linux RH, Solaris) Binary file relocation supported Latest patches included (e. g. fixes for Globus jobmanager memory leaks) Support for local customisations (hook to support different CA’s, support for different GIS configurations, support for different LRMS, …) Support for distribution of new tools and packages (certretrieve, GDMP, …) Upgrade and uninstall procedures Documentation

New Globus packaging n Modular packages for individual components n n More open development process Possibility to build and install only desired packages Simpler customization Contributions from INFN included

Conclusions n The Globus toolkit can provide basic services useful to create and deploy usable Grids, but various shortcomings and issues must be addressed n n Globus developers already addressed/ing most of them Other info n Report on the INFN-GRID Globus Evaluation n n Response from Globus team to “Report on the INFN-GRID Globus Evaluation” n n http: //www. infn. it/globus/Docs/infn-globus-evaluation. pdf http: //www. isi. edu/~annc/infn/responsetoinfn. pdf http: //www. infn. it/globus