SKR5800_LectureIntroduction_to_Globus
Download
Report
Transcript SKR5800_LectureIntroduction_to_Globus
Introduction to Globus
PHENIX experiment uses Grid to
transfer 270 TB of data to Japan
During the polarized proton-proton run that ended in
June at the Relativistic Heavy Ion Collider (RHIC) at
Brookhaven, Grid tools were used by the PHENIX
experiment to send recently acquired data to a
regional computing centre for the experiment in
Japan. Brookhaven National Laboratory, on Long
Island, New York, is home to the RHIC/ATLAS
Computing Facility (RCF/ACF), which is the main
computing centre for experiments at RHIC and a
Tier-1 computing centre for ATLAS. The PHENIX
regional computing centre in Japan (CCJ) is at the
RIKEN research centre on its Wako campus close to
Tokyo.
Daily rates of data transferred from the PHENIX experiment to the CCJ
computing centre in Japan (blue), and the integrated data volume (red). Overall,
270 TB of data were transferred.
Introduction
The Globus Project provides middleware services for grid
environments.
There are four main components of Globus:
The Grid Security Infrastructure (GSI) provides
Authentication and authorization services using public key
certificates and Kerberos authentication.
The Globus Resource Management architecture
provides:
a language for specifying application requirements
mechanisms for immediate and advance reservations of one or
more computational components.
interfaces for submitting jobs to remote machines.
Introduction (cont.)
The Globus Information Management architecture
provides:
a distributed scheme for publishing and retrieving information
about resources in the wide area environment.
A distributed collection of information servers is accessed by
higher-level services that perform resource discovery,
configuration and scheduling.
The Globus Data Management architecture provides
two fundamental components:
A universal data transfer protocol for grid computing
environments called GridFTP
Replica Management infrastructure for managing multiple
copies of shared data sets.
The Globus Approach
The Globus toolkit provides a range of
basic Grid services
These services are simple and orthogonal
Security, information, fault detection,
communication, resource management, ...
Can be used independently, mix and match
Programming model independent
For each there are well-defined APIs
Standards are used extensively
E.g., LDAP, GSS-API, X.509, ...
Grid Security Infrastructure
Single-sign on, run anywhere [if authorized]
Standards based (GSS, SSL, X.509)
GSS-API Interface
Identity/credential mapping at each resource
Limited delegation of rights
Integrated into wide variety of tools
Globus Resource Management
Secure shell, FTP,
Storage Resource Broker
Grid Security Infrastructure (cont.)
Based on public key technology
Standard X.509 certificate, same as certificates
used for the Web
Each user has:
a Grid user id (called a Subject Name)
/C=US/O=Globus/O=University of Southern
California/OU=Information Sciences Institute/CN=Ann
Chervenak
a private key (like a password)
a certificate signed by a Certificate Authority (CA)
A “gridmap” file at each site specifies
grid-id to local-id mapping
Authentication Model
Authentication is done on a “user” basis
No communication of plaintext passwords
Most sites will use conventional account
mechanisms
Single authentication step allows access to all grid
resources
You must have an account on a resource to use
that resource
Sites may use “generic” Grid accounts
Not common, but Globus can deal with it
Certificate Based Authentication
User has a certificate, signed by a trusted
“certificate authority” (CA)
User’s private key is used to encode a challenge
string
Public key is used to decode the challenge
Certificate contains user’s name and public key
Globus project operates a CA
If you can decode it, you know the user
Treat your private key carefully!!
Private key is stored in encrypted form
User Proxies
Minimize exposure of user’s private key
A temporary credential for use by our
computations
We call this a user proxy certificate
Allows process to act on behalf of user
User-signed user proxy certificate stored in local file
Proxy’s private key is not encrypted
Rely on file system security, proxy certificate file
must be readable only by the owner
Delegation
Remote creation of a user proxy
Allows remote process to act on behalf
of the user
Avoids sending passwords or private
keys across the network
User
Assignment of
credentials to
“user proxies”
User Proxy
Globus
Credential
GRAM
Process
GSI
Process
Kerberos
Single sign-on
via “grid-id”
Site 2
Site 1
Ticket
CREDENTIAL
Authenticated
interprocess
communication
Mutual
user-resource
authentication
Process
GRAM
Process
GSI
GSSAPI:
multiple
Public Key low-level
mechanisms
Certificate
Process
Process
Mapping
to local ids
Resource Management
Globus Resource Allocation Manager (GRAM)
Globus Arch. for Reservation and Allocation
Uniform interface to resource management
Co-allocation of compute resources
Immediate and advance reservation of network and
computers in prototype form
Fault detection service
Network measurement tools
Code management and distribution
infrastructure
Resource Management
Resource Specification Language (RSL) is
used to communicate requirements
The Globus Resource Allocation Manager
(GRAM) API allows programs to be started on
remote resources, despite local heterogeneity
A layered architecture allows applicationspecific resource brokers and co-allocators to
be defined in terms of GRAM services
Resource Management Architecture
RSL
specialization
Broker
RSL
Queries
& Info
Application
Ground RSL
Information
Service
Co-allocator
Simple ground RSL
Local
resource
managers
GRAM
GRAM
GRAM
LSF
EASY-LL
NQE
Resource Specification Language
Common notation for exchange of
information between components
RSL provides two types of information:
Resource requirements: Machine type,
number of nodes, memory, etc.
Job configuration: Directory, executable,
args, environment
API provided for manipulating RSL
RSL Syntax
Elementary form: parenthesis clauses
Operators Supported:
<, <=, =, >=, > , !=
Some supported attributes:
(attribute op value [ value … ] )
executable, arguments, environment, stdin,
stdout, stderr, resourceManagerContact,
resourceManagerName
Unknown attributes are passed through
May be handled by subsequent tools
Constraints: “&”
For example:
& (count>=5) (count<=10)
(max_time=240) (memory>=64)
(executable=myprog)
“Create 5-10 instances of myprog, each on
a machine with at least 64 MB memory that
is available to me for 4 hours”
Multirequest: “+”
A multirequest allows us to specify multiple
resource needs, for example
+ (& (count=5)(memory>=64)
(executable=p1))
(&(network=atm) (executable=p2))
Execute 5 instances of p1 on a machine with at
least 64M of memory
Execute p2 on a machine with an ATM connection
Multirequests are central to co-allocation
Co-allocation
Simultaneous allocation of a resource
set
Handled via optimistic co-allocation based
on free nodes or queue prediction
In the future, advance reservations will
also be supported
A Co-allocation Multirequest
+( & (resourceManagerContact=
“flash.isi.edu:754:/C=US/…/CN=flash.isi.edu-fork”)
(count=1)
(label="subjob A")
Different resource
(executable= my_app1)
managers
)
Different ( & (resourceManagerContact=
counts
“sp139.sdsc.edu:8711:/C=US/…/CN=sp097.sdsc.edu-lsf")
(count=2)
(label="subjob B")
Different executables
(executable=my_app2)
)
Job Submission Interfaces
Globus Toolkit includes several command line
programs for job submission
globus-job-run: Interactive jobs
globus-job-submit: Batch/offline jobs
globusrun: Flexible scripting infrastructure
Others are building better interfaces
General purpose
Condor-G, PBS, GRD, Hotpage, etc
Application specific
ECCE’, Cactus, Web portals
Grid Information Services
Publish and retrieve information about
system elements
Used for discovery, configuration,
scheduling
Distributed collection of information
servers and index nodes
LDAP V3 as wire protocol and API
Examples of Useful Information
Characteristics of a compute resource
Characteristics of a network
IP address, software available, system
administrator, networks connected to, OS version,
load
Bandwidth and latency, protocols, logical topology
Characteristics of the Globus infrastructure
Hosts, resource managers
Grid Information Service
Provide access to static and dynamic
information regarding system components
A basis for configuration and adaptation in
heterogeneous, dynamic environments
Requirements and characteristics
Uniform, flexible access to information
Scalable, efficient access to dynamic data
Access to multiple information sources
Decentralized maintenance
The Globus Toolkit
Metacomputing Directory Service
Store information in a distributed directory
Directory can be updated by
Directory stored in collection of LDAP servers
Information providers and tools
Applications (i.e., users)
Backend tools which generate info on demand
Information dynamically available to
Tools
Applications
Directory Service Functions
White Pages
Yellow Pages
Look up the IP number, amount of memory, etc.,
associated with a particular machine
Find all the computers of a particular class or with a
particular property
Temporary inconsistencies are often considered
okay
In a distributed system, you often do not know the
state of a resource until you actually use it
Information is often used as “hints”
Information itself can contain ttl, etc.
MDS Approach
Application
Based on LDAP
Globus specific schema
Lightweight Directory Access
Protocol v3 (LDAPv3)
Standard data model
Standard query protocol
LDAP API
GRIS
…
GIIS
Host-centric representation
Globus specific tools
Middleware
GRIS, GIIS
Data discovery, publication,…
SNMP
…
NWS
NIS
LDAP
Grid Resource Information Service
Server which runs on each resource
Given the resource DNS name, you can find the GRIS
server (well known port = 2135)
Provides resource specific information
Much of this information may be dynamic
“White pages” lookup of resource information
Load, process information, storage information, etc.
GRIS gathers this information on demand
Ex: How much memory does machine have?
“Yellow pages” lookup of resource options
Ex: Which queues on machine allow large jobs?
Grid Index Information Service
GIIS describes a class of servers
Gathers information from multiple GRIS servers
Each GIIS is optimized for particular queries
Ex1: Which Alliance machines are >16 process SGIs?
Ex2: Which Alliance storage servers have >100Mbps
bandwidth to host X?
Akin to web search engines
Organization GIIS
The Globus Toolkit ships with one GIIS
Caches GRIS info with long update frequency
Useful for queries across an organization that rely on
relatively static information
Referral Service
Links together multiple GRIS and/or
GIIS servers into a single LDAP
namespace
Referral servers contain no actual
content
Data Grid Services
Access to remote data
Transport services
Uniform access to diverse, remote storage
management systems
Cache management
Standards based (GSI, FTP protocol)
Client API, Extensible server, support for third party
transfer
Replica Management
Data Intensive Issues Include
…
High-speed, reliable access to remote data
Automated discovery of “best” copy of data
Manage replication to improve performance
Co-schedule compute, storage, network
Enforce access control on data
The Globus Data Grid
Two major components:
1. Data Transport and Access
Common protocol
Secure, efficient, flexible, extensible data movement
Family of tools supporting this protocol
2. Replica Management Architecture
Simple scheme for managing:
multiple copies of files
collections of files
Motivation for a Common
Data Access Protocol
Existing distributed data storage systems
DPSS, HPSS: focus on high-performance access, utilize
parallel data transfer, striping
DFS: focus on high-volume usage, dataset replication,
local caching
SRB: connects heterogeneous data collections, uniform
client interface, metadata queries
Problems
Incompatible protocols
Each require custom client
Partitions available data sets and storage devices
Each protocol has subset of desired functionality
A Common, Secure, Efficient
Data Access Protocol
Common, extensible transfer protocol
Decouple low-level data transfer mechanisms
from the storage service
Advantages:
New, specialized storage systems are automatically
compatible with existing systems
Existing systems have richer data transfer functionality
Interface to many storage systems
HPSS, DPSS, file systems
Plan for SRB integration
Replica Management
Maintain a mapping between logical names for
files and collections and one or more physical
locations
Important for many applications
Example: CERN HLT data
Multiple petabytes of data per year
Copy of everything at CERN (Tier 0)
Subsets at national centers (Tier 1)
Smaller regional centers (Tier 2)
Individual researchers will have copies
Globus Approach to Replica
Management
Identify replica cataloging and reliable
replication as two fundamental services
Layer on other Grid services: GSI, transport,
information service
Use LDAP as catalog format and protocol, for
consistency
Use as a building block for other tools
Advantage
These services can be used in a wide variety of
situations
Replica Manager Components
Replica catalog definition
Low-level replica catalog API
LDAP object classes for representing logical-tophysical mappings in an LDAP catalog
globus_replica_catalog library
Manipulates replica catalog: add, delete, etc.
High-level reliable replication API
globus_replica_manager library
Combines calls to file transfer operations and calls to
low-level API functions: create, destroy, etc.
Replica Catalog Structure:
A Climate Modeling Example
Replica Catalog
Logical Collection
Logical Collection
C02 measurements 1998
C02 measurements 1999
Filename: Jan 1998
Filename: Feb 1998
…
Location
Location
jupiter.isi.edu
sprite.llnl.gov
Filename: Mar 1998
Filename: Jun 1998
Filename: Oct 1998
Protocol: gsiftp
UrlConstructor:
gsiftp://jupiter.isi.edu/
nfs/v6/climate
Filename: Jan 1998
…
Filename: Dec 1998
Protocol: ftp
UrlConstructor:
ftp://sprite.llnl.gov/
pub/pcmdi
Logical
File Parent
Logical File
Logical File
Jan 1998
Feb 1998
Size: 1468762
Replica Catalog Services
as Building Blocks: Examples
Combine with information service to build
replica selection services
E.g. “find best replica” using performance info
from NWS and MDS
Use of LDAP as common protocol for info and
replica services makes this easier
Combine with application managers to build
data distribution services
E.g., build new replicas in response to frequent
accesses
Relationship to Metadata Catalogs
Metadata services describe data contents
Must support a variety of metadata catalogs
Have defined a simple set of object classes
MCAT being one important example
Others include LDAP catalogs, HDF
Community metadata catalogs
Agree on set of attributes
Produce names needed by replica catalog:
Logical collection name
Logical file name
A Model Architecture for Data Grids
Metadata
Catalog
Attribute
Specification
Logical Collection and
Logical File Name
Application
Selected
Replica
gsiftp commands
Replica
Catalog
Multiple Locations
Replica
Selection
Tape Library
Replica Location 1
Disk Cache
Replica Location 2
MDS
Performance
Information and
Predictions
Disk Cache
Disk Array
NWS
Replica Location 3
Fault Detection:
Globus Heartbeat Monitor
Detect and report “failure” of component of a
computation
Limited by ability to distinguish between network
partition and system failure
Optionally used within Globus Toolkit to
monitor status of system processes
Can also be used to construct special fault
monitors for applications
Example: Netsolve
Fault Detection (cont.)
Goal: make low-level operations reliable
No libraries for checkpoint and restart
Can’t “checkpoint” a socket
Only application knows how to checkpoint
and restart
Likewise, storage system must do logging
Heartbeat Monitor
Application Level
Fault Handler
!
Application
Data
Collector
HBM
Data
Collector
System Monitoring Tools
Process and Host
Heartbeat
Process and Host
Heartbeat
Host 1
Process Status
Inquiry
HBM
Monitor
Register/
Unregister
Host 2
Process Status
Inquiry
Monitored
Process
Monitored
Process
Monitored
Process
HBM
Monitor
Register/
Unregister
Monitored
Process
Monitored
Process
Monitored
Process