PowerPoint - University of Manchester

Download Report

Transcript PowerPoint - University of Manchester

Testbed and Authorisation
•
•
•
•
•
•
EU DataGrid
Testbed 1 Job Lifecycle
Software releases
Authorisation at your site
Grid/Web integration
More EDG and TB information
Andrew McNab - Manchester HEP - 2 May 2002
EU DataGrid
• Officially started 1st January 2001
• Partners: CERN, CNRS, ESA, INFN, NIKHEF, PPARC
• Other contributions from HEP institutes (eg in NorduGrid countries)
and other Grid projects (eg core UK e-Science)
• Management and software organised into Work Packages:
–
–
–
–
–
–
–
–
WP1 Resource Management (“job submission”)
WP2 Data Management
WP3 Information and Monitoring Services
WP4 Fabric Management (eg local installation and management tools)
WP5 Mass Storage
WP6 Testbeds (include Integration and support for the Testbed grid.)
WP7 Networking
WP8,9,10 Applications
Andrew McNab - Manchester HEP - 2 May 2002
Andrew McNab - Manchester HEP - 2 May 2002
Software Releases
• Have 3 major releases to coincide with three yearly Testbeds 1, 2 and 3
• Have minor releases every 2 months, and then patch level releases
between those: currently at 1.1.4 (deployed last week)
• Currently, the only supported platform is RedHat 6.2 on Intel.
• Software is stored in a central CVS and published via a public HTTP
server (http://datagrid.in2p3.fr) in RPM format.
• This includes EDG-authored software, a distribution of Globus
(contributed by GridPP) and any external packages and updates not
included in out-of-the-box RedHat 6.2.
• The official installation procedure is to use LCFG, contributed by
Edinburgh and customised by WP4.
• Will support RedHat 7.2 in next release.
Andrew McNab - Manchester HEP - 2 May 2002
Authorisation at a site
• a.k.a “how do I maintain the list of certificate names
(people) that can use my Testbed site?”
• WP6 provides a standard way of publishing lists of
certificate names via an LDAP server, and selecting subsets
based on group or “Virtual Organisation” (eg experiment)
affiliation.
• gridmapdir patch to Globus provides dynamic user account
allocation from a pool.
• Each LHC experiment maintains a “VO Server” and
populates it with the DNs of their members.
• VO’s also exist for WP6, BaBar and GridPP.
Andrew McNab - Manchester HEP - 2 May 2002
Going from UID to Grid ID
• Want to remove “long term” use of local Unix credentials
(ie UID numbers)
• Dynamic, pool accounts allow temporary mapping of Grid
identities onto a local UID.
• Have prototype certificate-based filesystem, with which
files can be “owned” by a certificate DN
– rights are controlled by an Access Control List.
• This part of a wider framework (“SlashGrid”) for creating
“Grid-aware” filesystems, including remote file access.
• An ACL format in XML is being agreed as part of this
– gacl library will provide a reference implementation/API.
Andrew McNab - Manchester HEP - 2 May 2002
Grid/Web Integration
• GridPP website uses GridSite, a certificate based web management
system.
• Provides write access using Grid certificates loaded into unmodified
web browsers.
– Allows editing via forms, uploading files, /. style “news weblogs”,
and automatic file history recording.
• Uses same ACL format as SlashGrid:
– groups of DN’s managed through the website
– fine-grained read, write and admin access control, so multiple people can
maintain one subdirectory.
• Intend to blur the line between filesystem and Web using Grid tools:
– access GridSite server through local filesystem via SlashGrid.
– access remote resources via web browser, respecting file ACL’s and
running remote CGI scripts using pool accounts/SlashGrid filesystems.
Andrew McNab - Manchester HEP - 2 May 2002
More information
• Main EDG site is http://www.eu-datagrid.org/
– each Work Package has a website, usually with documents,
mailing list archives etc about its software.
• WP6 Testbed information at http://marianne.in2p3.fr/
– includes links to software repository, User and Installation
Guides, bug tracking Bugzilla etc.
• UK Testbed support:
http://www.gridpp.ac.uk/tbsupport/
• SlashGrid: http://www.gridpp.ac.uk/slashgrid/
• GridSite: http://www.gridpp.ac.uk/gridsite/
Andrew McNab - Manchester HEP - 2 May 2002
Summary
• EDG producing middleware components as part of a
consistent distribution for testbed sites.
• Situation evolving rapidly, but central aim of job
submission “to the Grid” via a Resource Broker is
working.
• Software available to interested sites, and web and
mailing list resources exist for support.
• Tools to remove UID dependency and integrate
Grid/Web are being developed.
Andrew McNab - Manchester HEP - 2 May 2002