Testbed and Authorisation EU Data Grid Testbed 1
Testbed and Authorisation • • • EU Data. Grid Testbed 1 Job Lifecycle Software releases Authorisation at your site Grid/Web integration More EDG and TB information Andrew Mc. Nab - Manchester HEP - 2 May 2002
EU Data. Grid • Officially started 1 st January 2001 • Partners: CERN, CNRS, ESA, INFN, NIKHEF, PPARC • Other contributions from HEP institutes (eg in Nordu. Grid countries) and other Grid projects (eg core UK e-Science) • Management and software organised into Work Packages: – – – – WP 1 Resource Management (“job submission”) WP 2 Data Management WP 3 Information and Monitoring Services WP 4 Fabric Management (eg local installation and management tools) WP 5 Mass Storage WP 6 Testbeds (include Integration and support for the Testbed grid. ) WP 7 Networking WP 8, 9, 10 Applications Andrew Mc. Nab - Manchester HEP - 2 May 2002
Andrew Mc. Nab - Manchester HEP - 2 May 2002
Software Releases • Have 3 major releases to coincide with three yearly Testbeds 1, 2 and 3 • Have minor releases every 2 months, and then patch level releases between those: currently at 1. 1. 4 (deployed last week) • Currently, the only supported platform is Red. Hat 6. 2 on Intel. • Software is stored in a central CVS and published via a public HTTP server (http: //datagrid. in 2 p 3. fr) in RPM format. • This includes EDG-authored software, a distribution of Globus (contributed by Grid. PP) and any external packages and updates not included in out-of-the-box Red. Hat 6. 2. • The official installation procedure is to use LCFG, contributed by Edinburgh and customised by WP 4. • Will support Red. Hat 7. 2 in next release. Andrew Mc. Nab - Manchester HEP - 2 May 2002
Authorisation at a site • a. k. a “how do I maintain the list of certificate names (people) that can use my Testbed site? ” • WP 6 provides a standard way of publishing lists of certificate names via an LDAP server, and selecting subsets based on group or “Virtual Organisation” (eg experiment) affiliation. • gridmapdir patch to Globus provides dynamic user account allocation from a pool. • Each LHC experiment maintains a “VO Server” and populates it with the DNs of their members. • VO’s also exist for WP 6, Ba. Bar and Grid. PP. Andrew Mc. Nab - Manchester HEP - 2 May 2002
Going from UID to Grid ID • Want to remove “long term” use of local Unix credentials (ie UID numbers) • Dynamic, pool accounts allow temporary mapping of Grid identities onto a local UID. • Have prototype certificate-based filesystem, with which files can be “owned” by a certificate DN – rights are controlled by an Access Control List. • This part of a wider framework (“Slash. Grid”) for creating “Grid-aware” filesystems, including remote file access. • An ACL format in XML is being agreed as part of this – gacl library will provide a reference implementation/API. Andrew Mc. Nab - Manchester HEP - 2 May 2002
Grid/Web Integration • Grid. PP website uses Grid. Site, a certificate based web management system. • Provides write access using Grid certificates loaded into unmodified web browsers. – Allows editing via forms, uploading files, /. style “news weblogs”, and automatic file history recording. • Uses same ACL format as Slash. Grid: – groups of DN’s managed through the website – fine-grained read, write and admin access control, so multiple people can maintain one subdirectory. • Intend to blur the line between filesystem and Web using Grid tools: – access Grid. Site server through local filesystem via Slash. Grid. – access remote resources via web browser, respecting file ACL’s and running remote CGI scripts using pool accounts/Slash. Grid filesystems. Andrew Mc. Nab - Manchester HEP - 2 May 2002
More information • Main EDG site is http: //www. eu-datagrid. org/ – each Work Package has a website, usually with documents, mailing list archives etc about its software. • WP 6 Testbed information at http: //marianne. in 2 p 3. fr/ – includes links to software repository, User and Installation Guides, bug tracking Bugzilla etc. • UK Testbed support: http: //www. gridpp. ac. uk/tbsupport/ • Slash. Grid: http: //www. gridpp. ac. uk/slashgrid/ • Grid. Site: http: //www. gridpp. ac. uk/gridsite/ Andrew Mc. Nab - Manchester HEP - 2 May 2002
Summary • EDG producing middleware components as part of a consistent distribution for testbed sites. • Situation evolving rapidly, but central aim of job submission “to the Grid” via a Resource Broker is working. • Software available to interested sites, and web and mailing list resources exist for support. • Tools to remove UID dependency and integrate Grid/Web are being developed. Andrew Mc. Nab - Manchester HEP - 2 May 2002
- Slides: 9