Universit degli Studi di Bari Corso di Laurea
Università degli Studi di Bari – Corso di Laurea Specialistica in Informatica “Tecnologia dei Servizi “Grid e cloud computing” A. A. 2009/2010 Giorgio Pietro Maggi giorgio. maggi@ba. infn. it, http: //www. ba. infn. it/~maggi Lezione 7 b - 9 Dicembre 2009 Il materiale didattico usato in questo corso è stato mutuato da quello utilizzato da Paolo Veronesi per il corso di Griglie Computazionali per la Laurea Specialistica in Informatica tenuto nell’anno accademico 2008/09 presso l’Università degli Studi di Ferrara. Paolo Veronesi paolo. veronesi@cnaf. infn. it, pveronesi@unife. it http: //www. cnaf. infn. it/~pveronesi/unife/ Tecnologia dei Servizi “Grid e cloud computing” - Lezione 7 b 0
Defining the Grid p. A Grid is the combination of networked resources and the corresponding middleware, which provides services for the user. Tecnologia dei Servizi “Grid e cloud computing” - Lezione 7 b 1
The EGEE Project p Aim of EGEE: “to establish a seamless European Grid infrastructure for the support of the European Research Area (ERA)” p EGEE n 1 April 2004 – 31 March 2007 n 71 partners in 27 countries, federated in regional Grids p EGEE-II n 1 April 2007 – 30 April 2008 n Expanded consortium p EGEE-III n 1 May 2008 – 30 April 2010 n Transition to sustainable model Tecnologia dei Servizi “Grid e cloud computing” - Lezione 7 b 2
Enabling Grid for E-scienc. E project Flagship Grid infrastructure project cofunded by the European Commission starting from April 2004 Entering now in the 3° phase Archeology Astronomy Astrophysics Civil Protection Comp. Chemistry Earth Sciences Finance Fusion Geophysics High Energy Physics Life Sciences Multimedia Material Sciences … Tecnologia dei Servizi “Grid e cloud computing” - Lezione 7 b >250 sites 48 countries >50, 000 CPUs >20 Peta. Bytes >10, 000 users >150 VOs >150, 000 jobs/day 3
Defining the Grid p. A Grid is the combination of networked resources and the corresponding middleware, which provides services for the user. Tecnologia dei Servizi “Grid e cloud computing” - Lezione 7 b 4
EGEE Infrastructure Tecnologia dei Servizi “Grid e cloud computing” - Lezione 7 b 5
EGEE Infrastructures p Production service n n p Pre-production service n n n p Scaling up the infrastructure with resource centres around the globe Stable, well-supported infrastructure, running only well-tested and reliable middleware Run in parallel with the production service (restricted nr of sites) First deployment of new versions of the g. Lite middleware Test-bed for applications and other external functionality T-Infrastructure (Training&Education) n n Complete suite of Grid elements and application (Testbed, CA, VO, monitoring, support, …) Everyone can register and use GILDA for training and testing Tecnologia dei Servizi “Grid e cloud computing” - Lezione 7 b 20 sites on 3 continents 6
EGEE Operations Process p Geographically distributed responsibility for operations: n n There is no “central” operation Regional Operation Centers p n p p Tools are developed/hosted at different sites: p GOC DB (RAL), SAM (CERN), GStat (Taipei), CIC Portal (Lyon) Highlights: Grid operator on duty operation Distributed n 10 teams working in weekly rotation Evolving and maturing procedures n Crucial in improving site stability and management Procedures being in introduced into and shared with the Operations coordination related infrastructure projects n n n p Responsible or resource centers in their region Weekly operations meetings Regular ROC managers meetings Series of EGEE Operations Workshops Procedures described in Operations Manual n n Introducing new sites Site downtime scheduling Suspending a site Escalation procedures; etc. Tecnologia dei Servizi “Grid e cloud computing” - Lezione 7 b 7
Improved reliability through multi-level monitoring Doubled size and usage without impact on operations Central probes (SAM) Local probes Network monitoring Tecnologia dei Servizi “Grid e cloud computing” - Lezione 7 b 8
EGEE operations Operations Coord. Centre (OCC) - management, oversight of all operational and support activities Regional Operations Centres (ROC) - providing the core of the support infrastructure, each supporting a number of resource centres within its region Resource Centres (RC) - providing resources (computing, storage, network…) - At FZK, coordination and management of user support, single point of contact for users Tecnologia dei Servizi “Grid e cloud computing” - Lezione 7 b 9
Monitoring Visualization Tecnologia dei Servizi “Grid e cloud computing” - Lezione 7 b 10 10
The EGEE support infrastructure • RC A • RC B • RC C CIC Portal • ROCBC • ROC N Other. Grids Other Grids VO TPM C VO TPM B VO TPM A • ROCBC • ROC N COD Network Support VOSupport VO VO Support BC A GGUS Central System TPM Other. Grids Other Grids Tecnologia dei Servizi “Grid e cloud computing” - Lezione 7 b Deployment Middleware Deployment support Middleware Middleware support support 11
Defining the Grid p. A Grid is the combination of networked resources and the corresponding middleware, which provides services for the user. Tecnologia dei Servizi “Grid e cloud computing” - Lezione 7 b 12
g. Lite Middleware Distribution p Combines components from different providers n n p Focus on providing a deployable MW distribution for EGEE production service n p Middleware services + configuration tools Follows a service oriented approach n p Condor and Globus (via VDT) LCG EGEE Others Usage of webservices where useful and possible performance-wise Complemented by application-level servcies Tecnologia dei Servizi “Grid e cloud computing” - Lezione 7 b 13
Production Grid Middleware Key factors in EGEE Grid Middleware Development: 1. Strict software process Use industry standard software engineering methods n Software configuration management, version control, defect tracking, automatic build system, … 2. h t a tion p ) uc s Conservative approach in what softwareuto used io ro d Avoid “cutting-edge” software e op t t n Deployment on over 200 sites a homogenous d cannots assume n a needspeto work with many underlying environment – middleware ( y software flavors ng t Avoid evolving standards Lo roto n Evolving standards p change quickly (and sometime significantly cf. m OGSI vs. WSRF) fro – impossible to keep pace on > 200 sites Tecnologia dei Servizi “Grid e cloud computing” - Lezione 7 b 14
g. Lite Process Development Directives Error Fixing Software s ve cti re Di External Software Integration Certification Pre-Production Deployment Packages Problem Production Infrastructure Fail Integration Tests Testbed Deployment Fail Pass Functional Tests Installation Guide, Release Notes, etc Tecnologia dei Servizi “Grid e cloud computing” - Lezione 7 b Pass Pre-Production Deployment Pass Fail Scalability Tests 15
g. Lite Software Process p Technical Coordination Group (TCG) n gathers & prioritizes user requirements from HEP, biomed, (industry), sites g. Lite development is client-driven! Software from EGEE-JRA 1 and other projects n JRA 1 preview testbed (currently being set up) n p p p early exposure to users of “uncertified” components SA 3 Integration Team n Ensures components are deployable and work n Deployment Modules implemented high-level g. Lite node types p (WMS, CE, R-GMA Server, VOMS Server, FTS, etc) Build system now spun off into the ETICS project (Jan 2006) SA 3 Certification Team n Merge of the JRA 1 testing and SA 1 certification teams n Dedicated testbed; test release candidates and patches n Develop test suites SA 1 Pre-Production System n Scale tests by users n p p Tecnologia dei Servizi “Grid e cloud computing” - Lezione 7 b 16
Building Software for the Grid Applications Environmental Sciences Life & Pharmaceutical Sciences Geo Sciences Middleware APST Globus GT 4 Condor Courtesy IBM Platform Infrastructure Unix Windows JVM Tecnologia dei Servizi “Grid e cloud computing” - Lezione 7 b TCP/IP MPI . Net Runtime VPN 17 SSH
Building Software for the Grid Applications Environmental Sciences Life & Pharmaceutical Sciences Geo Sciences Upper Middleware & Tools Middleware APST Globus GT 4 Lower Middleware Platform Infrastructure Unix Windows JVM Tecnologia dei Servizi “Grid e cloud computing” - Lezione 7 b TCP/IP MPI . Net Runtime Condor Bonds Courtesy IBM, VPN 18 SSH
Defining the Grid p. A Grid is the combination of networked resources and the corresponding middleware, which provides services for the user. Tecnologia dei Servizi “Grid e cloud computing” - Lezione 7 b 19
EGEE Applications p >270 VOs from several scientific domains n n n n n Astronomy & Astrophysics Civil Protection Computational Chemistry Comp. Fluid Dynamics Computer Science/Tools Condensed Matter Physics Earth Sciences Fusion High Energy Physics Life Sciences Further applications under evaluation Applications have moved from testing to routine and daily usage p ~80 -95% efficiency Tecnologia dei Servizi “Grid e cloud computing” - Lezione 7 b 20
The Future of Grids p Increasing the number of infrastructure users by increasing awareness n n p Increasing the number of applications by improving application support and middleware functionality n p Improved usability through high level grid middleware extensions Increasing the grid infrastructure n n p Dissemination and outreach Training and education Incubating related projects Ensuring interoperability between projects Protecting user investments n Towards a sustainable grid infrastructure Tecnologia dei Servizi “Grid e cloud computing” - Lezione 7 b 21
Grid Interoperability p Incubator for new Grid efforts world-wide n p Leading role in building world-wide Grids through interoperation efforts n n p Bilateral: EGEE/OSG, EGEE/NDGF, EGEE/NAREGI, EGEE/Unicore/DEISA Multilateral: Grid Interoperability Now (GIN) GIN Experiences and requirements fed back into standardization process (OGF) n p Infrastructure and application efforts Many EGEE members area directors, WG chairs, WG members Contacts with industry strengthened n Industry Days, Industry Task Force, Business Associates Programme Tecnologia dei Servizi “Grid e cloud computing” - Lezione 7 b 22
EGEE working with related infrastructure projects GIN Tecnologia dei Servizi “Grid e cloud computing” - Lezione 7 b 23
Evolution National European e-Infrastructure Global Testbeds Routine Usage Tecnologia dei Servizi “Grid e cloud computing” - Lezione 7 b Utility Service 24
l l Need to prepare permanent, common Grid infrastructure Ensure the long-term sustainability of the European e-Infrastructure independent of short project funding cycles Coordinate the integration and interaction between National Grid Infrastructures (NGIs) Operate the production Grid infrastructure on a European level for a wide range of scientific disciplines Must be no gap in the support of the production grid Tecnologia dei Servizi “Grid e cloud computing” - Lezione 7 b 25
Summary Grids represent a powerful new tool for science Today we have a window of opportunity to move grids from research prototypes to permanent production systems (as networks did a few years ago) EGEE offers … p … a mechanism for linking together people, resources and data of many scientific community p … a basic set of middleware for gridfying applications with documentation, training and support p … regular forums for linking with grid experts, other communities and industry Tecnologia dei Servizi “Grid e cloud computing” - Lezione 7 b 26
g. Lite Middleware overview Tecnologia dei Servizi “Grid e cloud computing” - Lezione 7 b 27
Grid Middleware p When using a PC or workstation you n n p p p Login with a username and password (“Authentication”) Use rights given to you (“Authorisation”) Run jobs Manage files: create them, read/write, list directories Components are linked by a bus Operating system One admin domain Tecnologia dei Servizi “Grid e cloud computing” - Lezione 7 b • When using a Grid you – Login with digital credentials (“Authentication”) – Use rights given you (“Authorisation”) – Run jobs – Manage files: create them, read/write, list directories • Services are linked by the Internet • Middleware • Many admin domains 28
EGEE Project and g. Lite • Enabling Grids for E-scienc. E (EGEE) is the largest multi-disciplinary grid infrastructure in the world – – • Brings together more than 120 European organisations Consists of 250 sites in 48 countries and more than 68, 000 CPUs Is available to some 8, 000 users 24 hours a day, 7 days a week Processes more than 150, 000 jobs per day from different scientific domains g. Lite is the middleware powering the EGEE infrastructure and many other related projects – – – Is an integrated set of components designed to enable resource sharing among different institutions Pulls together contributions from many other projects, including LCG and VDT Enable users with a large set of services Tecnologia dei Servizi “Grid e cloud computing” - Lezione 7 b 29
The “global” grid e-Infrastructures adopting g. Lite e-Infrastructures interoperable or in progress to be made interoperable with g. Lite Tecnologia dei Servizi “Grid e cloud computing” - Lezione 7 b 30
Additional Infrastructures: GILDA • EGEE provides a training infrastructure: GILDA (Grid INFN Laboratory for Dissemination Activities) – – – Runs the entire g. Lite stack protocols Used to demonstrate EGEE grid technology project Supports beginner and expert training courses on g. Lite • Adopted by several Grid projects worldwide • Own Certification Authority • Available 365 days for everyone ! • Used in the ISSGC schools series • Since 2007 other middleware than g. Lite are tested on GILDA Tecnologia dei Servizi “Grid e cloud computing” - Lezione 7 b 31
The GILDA t-Infrastructure (https: //gilda. ct. infn. it) • 20 sites in 3 continents • > 11000 certificates issued, >20% renewed at least once • > 250 courses, training events, official university curricula • > 2, 000 hits on the web site from >100 different countries • > 4. 5 TB of training material downloaded from the web site Tecnologia dei Servizi “Grid e cloud computing” - Lezione 7 b 32
g. Lite in the Grid “ecosystem” Condor Globus My. Proxy . . . EDG OSG, … . . . VDT Data. TAG LCG Cross. Grid . . . SRM Grid. CC Next. Grid EGEE interactive DEISA USA … EU Used in Future grids Tecnologia dei Servizi “Grid e cloud computing” - Lezione 7 b 33
The Middleware structure • Applications have access both to Higher -level Grid Services and to Foundation Grid Middleware • Higher-Level Grid Services are supposed to help the users building their computing infrastructure but should not be mandatory • Foundation Grid Middleware actually developed in EGEE – – – Must be complete and robust Should allow interoperation with other major grid infrastructures Should not assume the use of Higher-Level Grid Services Tecnologia dei Servizi “Grid e cloud computing” - Lezione 7 b 34
g. Lite infrastructure Workload Management System (WMS) Data Management Tecnologia dei Servizi “Grid e cloud computing” - Lezione 7 b 35
Typical Job workflow voms glite-job-submit myjob. jdl Myjob. jdl Information Executable = “grid. Test”; Input Sandbox Std. Error = “stderr. log”; Replica Std. Output = “stdout. log”; Service Input. Sandbox = {“/home/joda/test/grid. Test”}; Catalog JDL Output. Sandbox = {“stderr. log”, “stdout. log”}; User Interface -prox y-ini t JDL Author. Service Input. Data = “lfn: testbed 0 -00019”; Data. Access. Protocol = “gridftp”; Requirements = other. Architecture==“INTEL” && other. Op. Sys==“LINUX”; Rank = “other. Glue. Host. Benchmark. SF 00”; Job Submit Event Output Sandbox Input Sandbox Resource Broker Storage Element Job Logging & Book-keeping Job Submission Service Job Status Tecnologia dei Servizi “Grid e cloud computing” - Lezione 7 b Output Sandbox GSI data acc/transf Computing Element 36
Security System Tecnologia dei Servizi “Grid e cloud computing” - Lezione 7 b 37
g. Lite Security • Authentication based on X. 509 PKI infrastructure – – – • Certificate Authorities (CA) issue (long lived) certificates identifying individuals (much like a passport) Trust between CAs and sites is established (offline) In order to reduce vulnerability, Grid user identification is done by (short lived) proxies of their certificates Proxies can – – Be delegated to a service such that it can act on the user’s behalf Include additional attributes (like VO information via the VO Membership Service VOMS) Be stored in an external proxy store (My. Proxy) Be renewed (in case they are about to expire) Tecnologia dei Servizi “Grid e cloud computing” - Lezione 7 b 38
Which CA are trusted in LCG/EGEE? http: //www. eugridpma. org/ “The EUGrid. PMA is the international organization to coordinate the trust fabric for e-Science grid authentication in Europe. It collaborates with the regional peers APGrid. PMA for the Asia-Pacific and The Americas Grid PMA in the International Grid Trust Federation. The charter document defines the group's objective, scope and operation. It is the basis for the guidelines documents on the accreditation procedure, the Authentication profile for X. 509 secured "classic" certification authorities and other IGTF recognised Profiles. “ In LCG/EGEE CA are installed on machine trough rpms. Tecnologia dei Servizi “Grid e cloud computing” - Lezione 7 b 39
Conventional grid security Bob Cert request Certification Authority (CA) Bob´s Grid certificate grid-proxy-init - Single sign-on - Delegation through proxy certificate Grid resources (B) User Interface (UI) Grid resources (A) Sysadmin A : - Create user “grid 1“ - Map Bob´s certificate to “grid 01“ Tecnologia dei Servizi “Grid e cloud computing” - Lezione 7 b Sysadmin B : - Create user “user 001“ - Map Bob´s certificate to “user 001“ - Manual user “mapping“ - No info about VOs 40
g. Lite: VOMS p Virtual Organization Membership Service (VOMS) n EGEE/g. Lite enhancement for VO management Provides information on user's relationship with Virtual Organization (VO) Membership Group membership Roles of user Multiple VO User can register to multiple VOs and create an aggregate proxy Access ressources in every registered VO Backward compatibility Extra VO related information in users proxy certificate Users proxy can still be used with non VOMS-aware services 7 Maggio 2009 – Paolo Veronesi Tecnologia dei Servizi “Grid e cloud computing” - Lezione 7 b Griglie Computazionali - Lezione 007 41 41
g. Lite: VOMS - Web interface p Requires a valid certificate from a recognized CA imported on the browser p VO user can Query membership details Register himself in the VO Needs a valid certificate Track his requests p VO manager can Handle requests from users Administer the VO p Everybody can Get information about the VO Tecnologia dei Servizi “Grid e cloud computing” - Lezione 7 b 42
g. Lite – Enhanced security in g. Lite Bob Cert request Certification Authority (CA) Bob´s Grid certificate VO membership request User Interface (UI) VO Service VO Grid resources (A) VO Database VO Manager voms-proxy-init Automatic mapping for Bob Grid resources (B) VO Account Pool Tecnologia dei Servizi “Grid e cloud computing” - Lezione 7 b 43
LCAS & LCMAPS • At resources level, authorization info is extracted from the proxy and processed by LCAS and LCMAPS • Local Centre Authorization Service (LCAS) – – • Checks if the user is authorized Checks if the user is banned at the site Local Credential Mapping Service (LCMAPS) – – Map remote credentials to local credentials (eg. different UNIX uid/gid) Map also VOMS group and roles (full support of FQAN) enables privileges separations Tecnologia dei Servizi “Grid e cloud computing” - Lezione 7 b 44
- Slides: 45