Introduction to Globus Toolkit 4 at LA Grid
Download
Report
Transcript Introduction to Globus Toolkit 4 at LA Grid
Introduction to Globus
Toolkit 4
at LA Grid
CIS 6612 – Autonomic Grid Computing
Summer 2006
Presenters
Fernando Farfán Mayelin Felipe
Agnostics
Diego López
Ramakrishna
Varadarajan
OUTLINE
WEB SERVICES FUNDAMENTALS
GRID FUNDAMENTALS
OGSA, WSRF & GT4
LAGRID @ CIS.FIU.EDU
DEVELOPING WS IN LAGRID
Unsecured Examples
Secure Examples
GETTING READY FOR LAGRID
Get a Globus Identity certificate signed by the
Certificate Authority.
http://www.cs.fiu.edu/~esj/globus.html
Enroll as a Secure Globus User with Eric
Johnson.
Set these environment variables:
1.
2.
Set $GLOBUS_LOCATION to /depot/globus-4
Set $ANT_HOME to /depot/ant-1.x
SETTING UP LAGRID
ENVIRONMENT
Download the examples
1.
2.
3.
go to http://www.gt4book.com/
go to Downloads
select to download the source code for the
MathService examples and the FileBuy application
Untar/unzip the file
1.
tar -xvzf gt4book-examples.tar.gz
GT4 JAVA WS CORE
Building web services using GT4.
Stateful web services!
Following WSRF specifications.
WRITE A STATEFUL WEB
SERVICE IN 5 SIMPLE STEPS!!
1.
2.
3.
4.
5.
Define the WS interface with WSDL.
Implement the service with Java.
Define the deployment parameters with
WSDD.
Compile everything and generate a GAR
file with Ant.
Deploy the service with GT4 tool.
OUR FIRST EXAMPLE:
MathService
A simple Math web service.
Operations:
Addition
Subtraction
Get Value.
Resources:
Value (integer)
Last operation performed (String).
MathService: THE 5 STEPS.
Step 1: The WSDL
The Definition
The Port
Type
<?xml
version="1.0"
encoding="UTF-8"?>
<definitions name="MathService"
<?xml
version="1.0" encoding="UTF-8"?>
ThetargetNamespace="http://www.globus.org/namespaces/
Messages
<definitions
…>
examples/MathService_instance“
…>
The
Response
and
Request
Types
<?xml version="1.0"
encoding="UTF-8"?>
name="MathPortType"
…<portType
<definitions
…>
wsrp:ResourceProperties="tns:MathResourceProperties">
</definition>
The<operation
Resource
Properties
<?xml
version="1.0"
encoding="UTF-8"?>
<message
name="AddInputMessage">
name="add">
<definitions
…>
<part
name="parameters"
element="tns:add"/>
<input
message="tns:AddInputMessage"/>
<xsd:element
name=“Value”
/>
<xsd:element
name="add"type=“xsd:int”
type="xsd:int"/>
</message>
<output message="tns:AddOutputMessage"/>
<xsd:element
name=“LastOp”
type=“xsd:string” />
<xsd:element
<message
name="AddOutputMessage">
</operation>
… name="addResponse">
<part<xsd:complexType/>
name="parameters" element="tns:addResponse"/>
</portType>
<xsd:element
name=“MathResourceProperties”>
</xsd:element>
</message>
</definitions>
…
</definitions>
</definitions>
</xsd:element>
MathService: THE 5 STEPS.
Step 1: The WSDL
Steps to write a WSDL document:
Write the root element <definitions>
Write the <portType>
Write an input and output <message> for each
operation in the PortType
Write the <types>, which includes declaring the
request and response elements, along with the
resource properties.
MathService:THE 5 STEPS
Step 2: Implementation in Java
The Bare Bones
The Resource
Properties
package
org.globus.examples.services.core.first.impl;
/* Resource
properties */
import
java.rmi.RemoteException;
privateorg.globus.examples.stubs.MathService_instance.*;
int value;
import
privateorg.globus.wsrf.*;
String lastOp;
import
import org.globus.wsrf.impl.*;
/* Get/Setters for the RPs */
public class
int getValue()
{
public
MathService
return value;
implements
Resource, ResourceProperties {
} …
}
public synchronized void setValue(int value) {
this.value = value;
}
MathService: THE 5 STEPS
Step 2: Implementation in Java
The Web Service Java class includes:
Declaration for the ResourcePropertySet
Declaration for the Resource Properties
Constructor – resource properties are initialized
Get/Setters for the Resource Properties
Methods for the remotely accessible operations
MathService: THE 5 STEPS.
Step 3: Configuring the Deployment - WSDD
<?xml version="1.0" encoding="UTF-8"?>
<deployment name="defaultServerConfig" xmlns="http://xml.apache.org/axis/wsdd/"
xmlns:java="http://xml.apache.org/axis/wsdd/providers/java"
xmlns:xsd="http://www.w3.org/2001/XMLSchema">
<service name="examples/core/first/MathService" provider="Handler"
use="literal" style="document">
<parameter name="className"
value="org.globus.examples.services.core.first.impl.MathService"/>
<wsdlFile>
share/schema/examples/MathService_instance/Math_service.wsdl
</wsdlFile>
<parameter name="allowedMethods" value="*"/>
<parameter name="handlerClass“
value="org.globus.axis.providers.RPCProvider"/>
<parameter name="scope" value="Application"/>
<parameter name="providers" value="GetRPProvider"/>
<parameter name="loadOnStartup" value="true"/>
</service>
</deployment>
WEB SERVICES IN GT4
Agnostic Question
What purpose does JNDI play within the GT4
environment?
The Java Naming and Directory Interface allow us
to build directory-enabled applications. This will
make our Web service available to client
connections through a Web services container.
A service (identified by its path) will want to locate
its resource home.
It can also interact with a variety of directories
such as LDAP.
MathService: THE 5 STEPS.
Step 4: Create a GAR file with Ant
Process the WSDL to add missing pieces.
Create stub classes from the WSDL.
Compile stub classes.
Compile service implementation.
Organize all files into its specific directory structure.
./globus-build-service.sh –d <service base directory> -s <service’s WSDL file>
$ ./globus-build-service.sh \
-d org/globus/examples/services/core/first \
-s schema/examples/MathService_instance/Math.wsdl
MathService:THE 5 STEPS.
Step 5: Deploy the Service into a Web
Service Container
Uses Ant.
Unpacks the GAR.
Copies the WSDL, compiled stubs, compiled
implementation & WSDD into the GT4 directory
tree.
$ sudo –u globus globus-deploy-gar \
org_globus_examples_services_core_first.gar
$ sudo –u globus globus-undeploy-gar \
org_globus_examples_services_core_first
MathService:
THE CLIENT
Tests the service invoking both the add and
subtract operations.
$ java -cp ./build/stubs/classes/:$CLASSPATH \
org.globus.examples.clients.MathService_instance.Client \
https://la-blade-01.cs.fiu.edu:8443/wsrf/services/core/first/MathService
AxisFault
faultCode: {http://schemas.xmlsoap.org/soap/envelope/}Server.userException
faultSubcode:
faultString: java.io.IOException: No socket factory for 'https' protocol
faultActor:
faultNode:
faultDetail: ...
HOW TO MAKE THE SERVICE
SECURE??
Create the security-config.xml file.
<securityConfig xmlns="http://www.globus.org">
<authz value="none"/>
</securityConfig>
Modify the deploy-server.wsdd file.
<parameter name="securityDescriptor"
value="etc/org_globus_examples_services_core_first/securityconfig.xml"/>
Add the following to the client.
static {
Util.registerTransport();
}
…
((Stub)mathFactory)._setProperty(
Constants.GSI_SEC_CONV, Constants.ENCRYPTION);
((Stub)mathFactory)._setProperty(
Constants.AUTHORIZATION,
NoAuthorization.getInstance());
Our acknowledge to
Ramakrishna!
HOW TO MAKE THE SERVICE
SECURE??
Let’s run it again…
$ java -cp ./build/stubs/classes/:$CLASSPATH \
org.globus.examples.clients.MathService_instance.Client \
https://la-blade-01.cs.fiu.edu:8443/wsrf/services/core/first/MathService
Current value: 15
Current value: 10
Is it secure now?
Not really… We just fooled it to make it
secure.
WEB SERVICES IN GT4
Agnostic Question
How do I create a Grid infrastructure? Can we use
any machine which has the Globus Toolkit's Grid
Services installed on it?
To build a Grid, we recommend that you download the
Globus Toolkit and follow the instructions in the Globus
Toolkit System Administrator's Guide. Both of these are
available at the Globus website,
http://www.globus.org/toolkit/. The documentation will take
you through the process of building the Globus Toolkit
software, setting up a Grid information service, setting up
a certificate authority or using someone else's, installing
the Globus resource management tools on your servers,
and installing Globus client tools and libraries for your
users.
GRID SECURITY
INFRASTRUCTURE
Basis for GT4 Security layer.
Covers the three pillars of secure
communication:
Privacy.
Integrity.
Authentication.
Family of components (low/high level) to offer
security features to programmers.
GRID SECURITY
INFRASTRUCTURE
Level security:
Transport-level
Message-level
Authentication
X.509 Digital certificates.
Username/Password
Authorization schemes:
Server-Side
Client-Side
Custom
Credential delegation and
single sign-on
Proxy Certificates
Different levels of security:
Container
Service
Resource.
SECURE EXAMPLES: WRITING A
SECURE MathServer
Add security to the MathService example.
Now, four operations:
add
subtract
multiply
divide
We will be able to configure each operation
with a different security configuration.
DEMO:
SECURE MathServer
<securityConfig xmlns="http://www.globus.org">
<authz value="none"/>
<method name="add">
<auth-method>
<GSISecureConversation/>
</auth-method>
</method>
<method name="subtract">
<auth-method>
<GSISecureMessage/>
</auth-method>
</method>
<method name="multiply">
<auth-method>
<GSISecureConversation/>
<GSISecureMessage/>
</auth-method>
</method>
<method name="divide">
<auth-method>
<GSITransport/>
</auth-method>
</method>
<!-- Default for other methods -->
<auth-method>
<GSISecureConversation/>
<GSISecureMessage/>
<GSITransport/>
</auth-method>
</securityConfig>
• The service
Modify the security-config-auth.xml
1
2
4
5
6
3
add of
multiply
divide
method
method
method
can can
only
can
only
bebe
invoked
be be
subtract
only
Theserver-side
No
rest
the
methods
authorization
can
be
must
be
performed.
using
invoked
GSI
using
with
Secure
any
GSIofConversation.
Transport
Secure
the authentication
Message.
Conversation orsecurity).
(transport-level
methods.
GSI Secure
Message.
DEMO:
SECURE MathServer
The Client
Programatically:
((Stub)math)._setProperty(Constants.
GSI_SEC_CONV,Constants.ENCRYPTION);
Security descriptor:
String secDecFile =
“path/to/security-descriptor.xml”;
((Stub)math)._setProperty(Constants.
CLIENT_DESCRIPTOR_FILE, secDescFile);
DEMO:
SECURE MathServer
Client call 1: GSI Transport Client
[add]
ERROR: GSI Secure Conversation authentication required for
"{MathService_instance_4op}add" operation.
[subtract] ERROR: GSI Secure Message authentication required for
"{MathService_instance_4op}subtract" operation.
[multiply] ERROR: GSI Secure Conversation or GSI Secure Message
authentication required for
"{MathService_instance_4op}multiply" operation.
Division was successful
Current value: 30
Client call 2: GSI Secure Conversation Client
Addition was successful
[subtract] ERROR: GSI Secure Message authentication required for
"{http://www.globus.org/namespaces/examples/
MathService_instance_4op}subtract" operation.
Multiplication was successful
Division was successful
Current value: 180
GLOBUS TOOLKIT 4
Agnostic Question
Once I've installed the Globus Toolkit, how do
others find out that my machine is available
on the Grid, and how can I find out what other
machines are on the Grid?
Grid exists as a number of groups who are
building experimental and production grid
infrastructures for their own purposes.
Virtual organizations using the same Grid
technology to build their infrastructures.
GLOBUS TOOLKIT 4
Agnostic Question
If I submit a job using Globus Toolkit 4, is the
execution management module capable of
executing the job parallel on different
machines on the grid?
No, this is one of the current limitations of GT4.
GLOBUS TOOLKIT 4
Agnostic Question
What are the research challenges that the Globus
Alliance is currently addressing? What do you think
are the limitations of the current Globus toolkit
implementations?
End-to-end resource management and adaptation
techniques.
Automated techniques for negotiation of resource usage,
policy, and accounting in large-scale grid environments.
High-performance communication methods and protocols.
GLOBUS TOOLKIT 4
Agnostic Question
One of the main challenges with today's
Internet, is the amount of useless information
out there, how does GT4 currently ensure
that the services being offered or registered
provide both quality and are in demand?
Globus Toolkit provides mechanisms to address
resource discovery and security issues.
GARA: General-purpose Architecture for
Reservation and Allocation
GLOBUS TOOLKIT 4
Agnostic Question
How effective is the GT4 book in expanding the
practical uses of Grid Computing? Does the author
focus on both scientific and non-scientific
applications running on the Grid?
Part IV: The FileBuy Application:
Multiple services deployed across several machines.
Highlights some design patterns commonly found in GT4based systems.
GLOBUS TOOLKIT 4
Agnostic Question
Are there any current GT4 IDE software tools?
Globus Service Build Tools
http://gsbt.sourceforge.net/
GT4IDE: Eclipse 3 plug-in that will allow GT4
programmers to develop WSRF Java Web Services
easily.
globus-build-service: The same Ant buildfile + script
included in the tutorial.
GLOBUS TOOLKIT 4
Agnostic Question
How do you envision the Grid in the future?
In your opinion, how much will GT4 make
Grid adoption easier in the future?
The needs for Grids have been identified.
How many grid-enabled applications we’ll see?
To grid-enable an application is a challenge.
New challenges in security.
USEFUL LINKS
Our site! [COMING SOON]
http://www.cis.fiu.edu/~mfelip01/CIS6612/GT4_project.html
Globus toolkit 4 Programmer’s Tutorial
http://gdp.globus.org/gt4-tutorial/
Globus toolkit 4: Programming Java Services
http://www.gt4book.com/
OASIS.
http://www.oasis-open.org/
The Globus Alliance;
http://www.globus.org/