ppt - GridLab
advertisement
WP 10 Information Services Giovanni Aloisio, Massimo Cafaro, Italo Epicoco giovanni.aloisio@unile.it massimo.cafaro@unile.it italo.epicoco@unile.it University of Lecce, Italy Outline Grid Information Services Globus Toolkit 2.x MDS Configuring & adding information providers GridLab WP 10 activities Work in progress Massimo Cafaro 2nd GridLab Conference Eger - Hungary, March 31 - April 1 2003 Grid Information Services System information is critical to operation of the grid and construction of applications What resources are available? Resource discovery What is the “state” of the grid? Resource selection How to optimize resource use Application configuration and adaptation? We need a general information infrastructure to answer these questions Massimo Cafaro 2nd GridLab Conference Eger - Hungary, March 31 - April 1 2003 Examples of useful Information Characteristics of a compute resource IP address, software available, system administrator, networks connected to, OS version, load Characteristics of a network Bandwidth and latency, protocols, logical topology Massimo Cafaro 2nd GridLab Conference Eger - Hungary, March 31 - April 1 2003 Grid Information: facts of Life Information is always old changing system state need to provide quality metrics Distributed state hard to obtain complexity of global snapshot Component will fail Scalability and overhead Many different usage scenarios heterogeneous policy, different information organizations, different queries, etc. Massimo Cafaro 2nd GridLab Conference Eger - Hungary, March 31 - April 1 2003 Grid Information Service Provide access to static and dynamic information regarding system components A basis for configuration and adaptation in heterogeneous, dynamic environments Requirements and characteristics Uniform, flexible access to information Scalable, efficient access to dynamic data Access to multiple information sources Decentralized maintenance Massimo Cafaro 2nd GridLab Conference Eger - Hungary, March 31 - April 1 2003 Information Sources, Many Views R R ? R VO C R R R R ? R VO A R R ? R Massimo Cafaro R R R ? VO B 2nd GridLab Conference Eger - Hungary, March 31 - April 1 2003 R R R What is a Virtual Organization? • • Facilitates the workflow of a group of users across multiple domains who share (some of) their resources to solve particular classes of problems Collates and presents information about these resources in a uniform view Massimo Cafaro 2nd GridLab Conference Eger - Hungary, March 31 - April 1 2003 Outline Grid Information Services Globus Toolkit 2.x MDS Configuring & adding information providers GridLab WP 10 activities Work in progress Massimo Cafaro 2nd GridLab Conference Eger - Hungary, March 31 - April 1 2003 Two Classes of MDS Servers Grid Resource Information Service (GRIS) Supplies information about a specific resource Configurable to support multiple information providers LDAP as inquiry protocol Grid Index Information Service (GIIS) Supplies collection of information which was gathered from multiple GRIS servers Supports efficient queries against information which is spread across multiple GRIS server LDAP as inquiry protocol Massimo Cafaro 2nd GridLab Conference Eger - Hungary, March 31 - April 1 2003 MDS 2.2 Architecture Customized Aggregate Directories Users Enquiry A A Protocol Registration Protocol R R R R Standard Resource Description Services Massimo Cafaro 2nd GridLab Conference Eger - Hungary, March 31 - April 1 2003 Information Protocols Grid Resource Registration Protocol Support information/resource discovery Designed to support machine/network failure Grid Resource Inquiry Protocol Query resource description server for information Query aggregate server for information LDAP V3.0 in Globus Massimo Cafaro 2nd GridLab Conference Eger - Hungary, March 31 - April 1 2003 MDS 2.2 Service Architecture VO-specific Aggregate Directories discovery (GRIP?) ? A A lookup (GRIP) registration (GRRP) R R R standard Resource Description services Dynamic Registration via Reg. Protocol (GRRP) Resource Inquiry via Info. Protocol (GRIP) Co-located with resource on network Resource Discovery (via GRIP or other) Using GRIP allows resource/directory hierarchy Massimo Cafaro 2nd GridLab Conference Eger - Hungary, March 31 - April 1 2003 R Distributed Services R R R R D R R R R R R R R R R registration messages D R R R R R R R R replicated directories R R R R R R D fault-partition D R R divergent directories R R VO-A VO-B Service scales with Grid growth Loose consistency model tolerates failures Interoperability by GRIP/GRRP protocols Massimo Cafaro 2nd GridLab Conference Eger - Hungary, March 31 - April 1 2003 R R Metacomputing Directory Service Uses LDAP as Inquiry Access information in a distributed directory Directory represented by collection of LDAP servers Each server optimized for particular function Directory can be updated by: Information providers and tools Applications (i.e., users) Backend tools which generate info on demand Information dynamically available to tools and applications Massimo Cafaro 2nd GridLab Conference Eger - Hungary, March 31 - April 1 2003 LDAP Details Lightweight Directory Access Protocol IETF Standard Stripped down version of X.500 DAP protocol Supports distributed storage/access (referrals) Supports authentication and access control Defines: Network protocol for accessing directory contents Information model defining form of information Namespace defining how information is referenced and organized Massimo Cafaro 2nd GridLab Conference Eger - Hungary, March 31 - April 1 2003 MDS Components LDAP 3.0 Protocol Engine Based on OpenLDAP with custom backend Integrated caching Information providers Delivers resource information to backend APIs for accessing & updating MDS contents C, Java, PERL (LDAP API, JNDI) Various tools for manipulating MDS contents Command line tools, Shell scripts & GUIs Massimo Cafaro 2nd GridLab Conference Eger - Hungary, March 31 - April 1 2003 Grid Resource Information Service Server which runs on each resource Given the resource DNS name, you can find the GRIS server well known port = 2135 Provides resource specific information Much of this information may be dynamic Load, process information, storage information, etc. GRIS gathers this information on demand “White pages” lookup of resource information Ex: How much memory does machine have? Massimo Cafaro 2nd GridLab Conference Eger - Hungary, March 31 - April 1 2003 Grid Index Information Service GIIS describes a class of servers Gathers information from multiple GRIS servers Each GIIS is optimized for particular queries Ex1: Which Alliance machines are >16 process SGIs? Ex2: Which Alliance storage servers have >100Mbps bandwidth to host X? Akin to web search engines Organization GIIS The Globus Toolkit ships with one GIIS Caches GRIS info with long update frequency Useful for queries across an organization that rely on relatively static information (Ex1 above) “Yellow pages” lookup Ex: Which machines have large memory? Massimo Cafaro 2nd GridLab Conference Eger - Hungary, March 31 - April 1 2003 Server Registration A GRIS or GIIS server can be configured to (de-) register itself during startup/shutdown Targets specified in configuration file Soft-state registration protocol Good behavior in case of failure Allows for federations of information servers E.g. Argonne GRIS can register with both Alliance and DOE GIIS servers Massimo Cafaro 2nd GridLab Conference Eger - Hungary, March 31 - April 1 2003 Soft-state Registration Periodic notification “Service/resource is available” Expected-frequency metadata Automatic directory construction Add new resources to directory Invite resources to join new directory Self-cleaning Reduce occurrence of “dead” references Massimo Cafaro 2nd GridLab Conference Eger - Hungary, March 31 - April 1 2003 Hierarchical MDS Deployment GIIS GIIS GRISes Massimo Cafaro 2nd GridLab Conference Eger - Hungary, March 31 - April 1 2003 MDS Commands LDAP defines a set of standard commands ldapsearch, etc. Globus Toolkit defines MDS-specific commands grid-info-search, grid-info-host-search APIs are defined for C, Java, etc. C: OpenLDAP client API ldap_search_s(), … Java: JNDI Massimo Cafaro 2nd GridLab Conference Eger - Hungary, March 31 - April 1 2003 Information Services API RFC 1823 defines an IETF draft standard client API for accessing LDAP databases Connect to server Pose query which returns data structures contains sets of object classes and attributes Functions to walk these data structures Globus does not provide an LDAP API and recommends the use of OpenLDAP, an open source implementation of RFC 1823. LDAP APIs available in other languages E.g. Java JDNI, Perl, Python, etc. Massimo Cafaro 2nd GridLab Conference Eger - Hungary, March 31 - April 1 2003 MDS 2.2 Features Security Mechanisms GSI mutual-authentication Fine-grained access control by GSI name Performance Enhancements Better query speeds Less stale information New Information Model (schema) Better representation of computers Cleaner namespace management Massimo Cafaro 2nd GridLab Conference Eger - Hungary, March 31 - April 1 2003 MDS 2.2 Software Stack OpenLDAP 2.0.x Implements LDAPv3 protocol Client and server components Cyrus-SASL Generic security We provide loadable SASL/GSS plugin Globus GSI Provides GSS-API interface to PKI Shared library used by our SASL plugin Massimo Cafaro 2nd GridLab Conference Eger - Hungary, March 31 - April 1 2003 MDS 2.2 Information Model Structural information Resource hierarchy maps to objects Named positions in LDAP DIT Merged information Some parents “join” child data Simplifies common query patterns Auxiliary information Uniform representation of leaf/parent data Uses LDAP auxiliary objectclasses Massimo Cafaro 2nd GridLab Conference Eger - Hungary, March 31 - April 1 2003 GRIS Host Objects CPU hn= hostname RAM DISK CPU VM OS NET software=OS OS dev group=CPUs CPU CPU dev group=memory RAM dev=cpu 0 dev=cpu 1 CPU CPU VM dev=RAM RAM Massimo Cafaro dev=VM VM dev group=disk DISK dev group=net NET dev=/scratch1 DISK dev=eth0 NET 2nd GridLab Conference Eger - Hungary, March 31 - April 1 2003 GRIS Object Hierarchy Mds-Host-name=hostname Mds-Software-Deployment=operating system Mds-Device-Group-name=processors Mds-Device-name=cpu 0 Mds-Device-Group-name=memory Mds-Device-name=physical memory Mds-Device-name=virtual memory Mds-Device-Group-name=filesystems Mds-Device-name=/scratch1 Mds-Device-name=/scratch2 Mds-Device-Group-name=networks Mds-Device-name=eth0 Massimo Cafaro 2nd GridLab Conference Eger - Hungary, March 31 - April 1 2003 GRIS Structural Class Hierarchy Mds Attr: Mds-validfrom (like createtime) Attr: Mds-validto (accuracy metadata) Attr: Mds-keepto (discard metadata) MdsHost MdsDevice MdsDeviceGroup MdsSoftwareDeployment Every MDS object: name, time metadata Massimo Cafaro 2nd GridLab Conference Eger - Hungary, March 31 - April 1 2003 GRIS Auxiliary Class Examples MdsCpu Once per CPU Once per CPU Once per SMP Once per MPP Attr: Mds-Cpu-vendor Attr: Mds-Cpu-model Attr: Mds-Cpu-speedMHz MdsCpuCache Attr: Mds-Cpu-Cache-L1kB MdsCpuSmp Attr: Mds-Cpu-Smp-size MdsCpuTotal Attr: Mds-Cpu-Total-count Massimo Cafaro 2nd GridLab Conference Eger - Hungary, March 31 - April 1 2003 GRIS Auxiliary Class Examples MdsCpuFree (once per SMP) Attr: Mds-Cpu-Free-1minX100 Attr: Mds-Cpu-Free-5minX100 Attr: Mds-Cpu-Free-15minX100 MdsCpuTotalFree (once per MPP) Attr: Mds-Cpu-Total-Free-1minX100 Attr: Mds-Cpu -Total-Free-5minX100 Attr: Mds-Cpu -Total-Free-15minX100 Massimo Cafaro 2nd GridLab Conference Eger - Hungary, March 31 - April 1 2003 Client Tools Globus Toolkit includes 2 command line client tools for querying MDS services grid-info-search: General purpose client grid-info-search –h <host> -p <port> -b <base> \ -T <timeout> [<filter>] [<attributes>] -x: Anonymous access grid-info-host-search: Same as grid-info-search, but defaults to GRIS standard port E.g. grid-info-host-search –h localhost Both clients can search for specific system information and filter results. Massimo Cafaro 2nd GridLab Conference Eger - Hungary, March 31 - April 1 2003 Filtering Filters allow selection of object based on relational operators =, ~=,<=, >= grid-info-search “cputype=*” Compound filters can be construct with Boolean operations &, |, ! grid-info-search “(&(cputype=*)(cpuload1<=1.0))” grid-info-search “(&(hn~=sdsc.edu)(latency<=10))” Hints: white space is significant use -L for LDIF format Massimo Cafaro 2nd GridLab Conference Eger - Hungary, March 31 - April 1 2003 Outline Grid Information Services Globus Toolkit 2.x MDS Configuring & adding information providers GridLab WP 10 activities Work in progress Massimo Cafaro 2nd GridLab Conference Eger - Hungary, March 31 - April 1 2003 Configuration files for Registration dc-n1.isi.edu GIIS grid-info-site-policy.conf grid-info-resource-register.conf grid-info-resource-ldif.conf GRIS dc-n2.isi.edu grid-info-resource-register.conf grid-info-resource-ldif.conf Massimo Cafaro 2nd GridLab Conference Eger - Hungary, March 31 - April 1 2003 GRIS Configuration files for Registration A resource that is hosting a GIIS grid-info-site-policy.conf Determines whether to accept incoming registrations Accept everything, or only registrations from the resources explicitly defined in this conf file (can use wildcards) Massimo Cafaro Default policy is to only accept registrations from self, and from port 2135 In a hierarchical GIIS environment, this file must be modified from the default 2nd GridLab Conference Eger - Hungary, March 31 - April 1 2003 grid-info-site-policy.conf Default Policy Data: objectclass: MdsRegistrationPolicy policydata: (&(Mds-Service-hn=mako.isi.edu)(Mds-Service-port=2135)) Change ‘policydata’ to this for completely open policy: (Mds-Service-hn=*) Change ‘policydata’ to this to restrict to 2 specific hosts: (&(|(Mds-Service-hn=dc-n2.isi.edu)(Mds-Service-hn=dcn3.isi.edu))(Mds-Service-port=2135)) Massimo Cafaro 2nd GridLab Conference Eger - Hungary, March 31 - April 1 2003 Configuration files for Registration A resource registering GRIS information with a GIIS grid-info-resource-register.conf Which GIIS’s this GRIS should register to, and how GIIS could be on the same machine, but may not be grid-info-resource-ldif.conf Determines which GRIS providers are active and available to send data to the GIIS’s that this GRIS is registering with Massimo Cafaro 2nd GridLab Conference Eger - Hungary, March 31 - April 1 2003 Registering a GRIS with a GIIS dn: <LDAP add object DN> regtype: mdsreg2 reghn: <host to send reg to> regport: <port to send reg to> regperiod: <how often to send reg (seconds)> [service attribute/value]... where service attribute entries depend on the type of LDAP object being published $GLOBUS_LOCATION/etc/grid-info-resource-register.conf Massimo Cafaro 2nd GridLab Conference Eger - Hungary, March 31 - April 1 2003 Example GRIS on dc-n2 registers with GIIS on dc-n1 dn: Mds-Vo-Op-name=register, Mds-Vo-name=site, o=grid regtype: mdsreg2 reghn: dc-n1.isi.edu regport: 2135 regperiod: 600 type: ldap hn: dc-n2.isi.edu port: 2135 rootdn: Mds-Vo-name=local, o=grid ttl: 1200 timeout: 20 mode: cachedump cachettl: 30 $GLOBUS_LOCATION/etc/grid-info-resource-register.conf Massimo Cafaro 2nd GridLab Conference Eger - Hungary, March 31 - April 1 2003 Registration Control Parameters regperiod How often this GRIS will send a message to the GIIS noting its existence ttl How long the recieving GIIS should keep the registration information before assuming that the GRIS is no longer available In general ttl should be: ttl = 2 x (regperiod) cachettl Recommendation to the GIIS about how long to maintain in cache, the GRIS information provided by this resource $GLOBUS_LOCATION/etc/grid-info-resource-register.conf Massimo Cafaro 2nd GridLab Conference Eger - Hungary, March 31 - April 1 2003 MDS 2.2 GRIS Providers grid-info-cpu reports CPU/load info grid-info-fs reports filesystem info grid-info-mem reports RAM/VM info grid-info-net reports NIC/net info grid-info-os reports OS info grid-info-platform reports arch. info grid-info-merged merges all host info* Extensible for other sources, e.g. GRAM Massimo Cafaro 2nd GridLab Conference Eger - Hungary, March 31 - April 1 2003 GRIS Dispatch Logic For each provider: 1. 2. 3. Could search intersect provider? No, then skip. Is provider cache stale? Yes, then refill. Apply search filter to cache data. Combine all intersecting providers’ results Massimo Cafaro 2nd GridLab Conference Eger - Hungary, March 31 - April 1 2003 GRIS Response Issues MDS 2.2 is lazy Probes are not issued unless queried Some system probes are slow “Best” probe may take several seconds How to avoid stale data? Clients set time-out per query GRIS/GIIS define time-out per source Fresh data found before timeout is returned Cache fill continues after client time-out Massimo Cafaro 2nd GridLab Conference Eger - Hungary, March 31 - April 1 2003 New Information Providers Decide what information to publish into MDS Create a program that implements the I/O interface requirements of a GRIS Information Provider Enable the information provider for an MDS installation Massimo Cafaro 2nd GridLab Conference Eger - Hungary, March 31 - April 1 2003 New Information Providers Decide what information to publish into MDS OID: conflict avoidance OID Registered with IANA Private Enterprise Numbers http://www.iana.org/cgi-bin/enterprise.pl 1.3.6.1.4.1.3536.* Globus OID subspace 1.3.6.1.4.1.3536.2.* Globus Info Services OID subspace 1.3.6.1.4.1.3536.2.6.* MDS OID subspace GridLab project OID: 1.3.6.1.4.1.3536.2.6.3536.9 Object Naming: conflict avoidance ISI will coordinate prefix naming. Request a prefix from: mailto:mds-oid-registrar@globus.org GridLab prefix: “GridLab” Schema Data Modeling problem LDAP schema syntax problem $GLOBUS_LOCATION/etc/grid-info-resource.schema Massimo Cafaro 2nd GridLab Conference Eger - Hungary, March 31 - April 1 2003 New Information Providers Create your program Any language. The only requirements are the I/O interface of your program: Must be callable by fork and exec from the slapd process You can pass in arguments to your program Must return data in LDIF format Massimo Cafaro Data returned must match the LDAP schema RFC 2849 2nd GridLab Conference Eger - Hungary, March 31 - April 1 2003 New Information Providers Enable your new information provider by adding a configuration block $GLOBUS_LOCATION/etc/grid-info-resource-ldif.conf # generate memory info every minute dn: Mds-Device-Group-name=memory, Mds-Host-hn=mako.isi.edu, Mds-Vo-name=local, o=grid objectclass: GlobusTop objectclass: GlobusActiveObject objectclass: GlobusActiveSearch type: exec path: /globus/libexec base: grid-info-mem-linux args: -devclassobj -devobjs -dn Mds-Host-hn=mako.isi.edu,Mds-Vo-name=local,o=grid validto-secs 60 -keepto-secs 60 cachetime: 60 timelimit: 10 sizelimit: 3 Massimo Cafaro 2nd GridLab Conference Eger - Hungary, March 31 - April 1 2003 New Information Providers dn Where the object lives in the DIT These lines must be included: objectclass: GlobusTop objectclass: GlobusActiveObject objectclass: GlobusActiveSearch type: exec path Path to the information provider program base Name of the information provider program args Arguments to be passed to the information provider program cachetime In seconds, how long GRIS will consider the data to not be stale timelimit In seconds, how long the GRIS should wait for the information provider to return data before giving up on it sizelimit Max number of LDIF objects to be read from the output of the information provider $GLOBUS_LOCATION/etc/grid-info-resource-ldif.conf Massimo Cafaro 2nd GridLab Conference Eger - Hungary, March 31 - April 1 2003 Outline Grid Information Services Globus Toolkit 2.x MDS Configuring servers & adding information providers GridLab WP 10 activities Work in progress Massimo Cafaro 2nd GridLab Conference Eger - Hungary, March 31 - April 1 2003 GridLab WP 10 Tasks T10.1 Analysis of current state of the art GIS. Completed T10.2 Comparison of GIS capabilities and GridLab dynamic grid computing requirements. Completed T10.3 Specification of information model. Completed T10.4 Security mechanisms & policies. T10.5 Development of extended GIS T10.6 Development of high-level APIs Massimo Cafaro 2nd GridLab Conference Eger - Hungary, March 31 - April 1 2003 GridLab WP 10 Deliverables D10.1 Analysis report. Delivered D10.2 Requirements & specification. Delivered D10.3 Prototype release. Delivered D10.4 Extended GIS release D10.5 First release report D10.6 Second release report Massimo Cafaro 2nd GridLab Conference Eger - Hungary, March 31 - April 1 2003 GridLab WP 10 Milestones M10.1 Month 3 Requirements analysis report. On time M10.2 Month 6 Technical specification. On time M10.3 Month 12 Prototype GIS server. On time M10.4 Month 24 First release of GIS M10.5 Month 36 Documented second release of GIS Massimo Cafaro 2nd GridLab Conference Eger - Hungary, March 31 - April 1 2003 Requirements of GridLab MDS Performance Scalability Security Uniformity Expressiveness Extensibility Multiple sources Dynamic data Flexible access Deployability Decentralized control Massimo Cafaro 2nd GridLab Conference Eger - Hungary, March 31 - April 1 2003 WP 10: Current release MDS schema extension to provide information about: Services Software Users Firewalls Virtual Organizations Certification Authorities Access to MDS We developed a GSI enabled version of gSOAP supporting mutual authentication and delegation of credentials Developed GSI enabled Web Services in order to: Register information Unregister information Lookup information Generic MDS search Developed GSI enabled clients for the above functionalities Massimo Cafaro 2nd GridLab Conference Eger - Hungary, March 31 - April 1 2003 Implementation GT 2.x based C based Uses LDAP API WEB SERVICE GSI enabled; uses gSOAP Toolkit WSDL description for clients Massimo Cafaro 2nd GridLab Conference Eger - Hungary, March 31 - April 1 2003 The gSOAP Tooolkit by Robert Van Engelen, Florida State University, USA development environment for C/C++ Web services easy-to-use RPC compiler: produces the stub and skeleton routines to integrate (existing) C or C++ applications into SOAP/XML Web services automatically maps native C/C++ application data types to semantically equivalent XML types and vice versa simple API relieving the user from the burden of SOAP details SOAP 1.1/1.2 and WSDL 1.1 Zlib compression, SSL encryption, and streaming direct internet message encapsulation (DIME) 2nd GridLab Conference Massimo Cafaro Eger - Hungary, March 31 - April 1 2003 The GSI plugin for gSOAP By Massimo Cafaro, Daniele Lezzi (University of Lecce) and Robert Van Engelen (FSU) Overrides gSOAP callbacks to provide transport-level GSI security Provides mutual authentication and delegation of credentials Very simple API relieving the user from the burden of GSI details Massimo Cafaro 2nd GridLab Conference Eger - Hungary, March 31 - April 1 2003 A GSI enabled client Massimo Cafaro 2nd GridLab Conference Eger - Hungary, March 31 - April 1 2003 A GSI enabled, threaded Web Service Massimo Cafaro 2nd GridLab Conference Eger - Hungary, March 31 - April 1 2003 Information about Services GridLab-Mds-Service-name: service name GridLab-Mds-Service-port: service port GridLab-Mds-Service-type: service protocol GridLab-Mds-Service-description: service description GridLab-Mds-Service-publisher: service publisher Massimo Cafaro 2nd GridLab Conference Eger - Hungary, March 31 - April 1 2003 Information about Software GridLab-Mds-Software-name: name GridLab-Mds-Software-version: version GridLab-Mds-Software-path: pathname GridLab-Mds-Software-totalLicences: number of total software licences GridLab-Mds-Software-freeLicence: number of available software licences GridLab-Mds-Software-licenceInfo: information about software licence GridLab-Mds-Software-startupEnvironment: multi-valued software startup environmental variables GridLab-Mds-Software-executable: software executable GridLab-Mds-Software-arguments: multi-valued software arguments GridLab-Mds-Software-description: software description GridLab-Mds-Software-helpURL: software help URL 2nd GridLab Conference GridLab-Mds-Software-usage: usage Massimo Cafaro Eger - Hungary,software March 31 - April 1 2003 Information about Users GridLab-Mds-User-ID: user’s login name on local resource GridLab-Mds-User-Mapped-DN: multi-valued attribute representing the Distinguished Name mapped on the user GridLab-Mds-User-homedir: user’s home directory GridLab-Mds-User-shell: user’s shell GridLab-Mds-User-UID: user’s UID GridLab-Mds-User-GID: user’s GID GridLab-Mds-User-comment: a short comment about the user Massimo Cafaro 2nd GridLab Conference Eger - Hungary, March 31 - April 1 2003 Information about Firewall GridLab-Mds-Firewall-hostname: firewall hostname GridLab-Mds-Firewall-ports: multi-valued attribute representing open ports (range) GridLab-Mds-Firewall-validityTime: time frame during which open ports ranges are valid GridLab-Mds-Firewall-adminDN: Distinguished Name of firewall administrator Massimo Cafaro 2nd GridLab Conference Eger - Hungary, March 31 - April 1 2003 Information about VOs GridLab-Mds-Vo-name: Virtual Organization to which a specified computational resource belongs to GridLab-Mds-Vo-helpDeskPhoneNumber: multivalued help desk phone number GridLab-Mds-Vo-helpDeskURL: URL pointing to a Virtual Organization’s web page GridLab-Mds-Vo-adminName: administrator name of the VO Massimo Cafaro 2nd GridLab Conference Eger - Hungary, March 31 - April 1 2003 Information about CAs GridLab-Mds-Certificate-Subj: Distinguished Name of the recognized certification authority GridLab-Mds-Certificate-version: CA’s certificate version GridLab-Mds-Certificate-serialNumber: CA’s certificate serial number GridLab-Mds-Certificate-signatureAlgorithm: CA’s certificate signature algorithm GridLab-Mds-Certificate-issuer: CA’s certificate issuer GridLab-Mds-Certificate-validity-from: beginning date of the CA’s certificate validity GridLab-Mds-Certificate-validity-to: end date of the CA’s certificate validity GridLab-Mds-Certificate-publicKeyAlgorithm: CA’s certificate public key algorithm 2nd GridLab Conference GridLab-Mds-Certificate-RSAPublicKey: CA’s certificate RSA Massimo Cafaro Eger - Hungary, March 31 - April 1 2003 MDS Web Service gridlab_search this method can be used to query an arbitrary MDS server to retrieve specific information gridlab_getServiceDescription this method can be used to get the description of the service Massimo Cafaro 2nd GridLab Conference Eger - Hungary, March 31 - April 1 2003 MDS Web Service gridlab_register_service this method allows the user to register a new service. gridlab_unregister_service this method removes an existing service from the GIS gridlab_lookup_service this method lookups an existing service and returns the information about the services that have been found. It contacts the supplied MDS server on the default port Massimo Cafaro 2nd GridLab Conference Eger - Hungary, March 31 - April 1 2003 MDS Web Service gridlab_register_software this method allows the user to register a new software package gridlab_unregister software this method removes an existing software package from the GIS gridlab_lookup software this method lookups an existing software package and returns all the information about the software. It contacts the supplied MDS server on the default port Massimo Cafaro 2nd GridLab Conference Eger - Hungary, March 31 - April 1 2003 MDS Web Service gridlab_register_firewall this method allows the registration of information about a firewall installed on the grid resource. gridlab_unregister_firewall this method removes information about a registered firewall from the GIS gridlab_lookup_firewall this method lookups firewall information. It contacts the suppliedMDS server on the default port Massimo Cafaro 2nd GridLab Conference Eger - Hungary, March 31 - April 1 2003 MDS Web Service gridlab_register_vo this method allows the user to register the virtual organization to which the grid resource belongs. gridlab_unregister_vo this method removes information about a Virtual organization from the GIS gridlab_lookup_vo this method lookups information about a specified virtual organization. It contacts the supplied MDS server on the default port Massimo Cafaro 2nd GridLab Conference Eger - Hungary, March 31 - April 1 2003 MDS Web Service gridlab_lookup_user this method lookups the information about a specified user. It contacts the supplied MDS server on the default port gridlab_lookup_cert this method lookups the information about a specified certification authority. It contacts the supplied MDS server on the default port Massimo Cafaro 2nd GridLab Conference Eger - Hungary, March 31 - April 1 2003 Outline Grid Information Services Globus Toolkit 2.x MDS Configuring & adding information providers GridLab WP 10 activities Work in progress Massimo Cafaro 2nd GridLab Conference Eger - Hungary, March 31 - April 1 2003 WP10: Current Activities Configuration of the GridLab MDS to allow GSI connections through SASL binding Development of C APIs (library) to access MDS Anonymous Binding and GSI-SASL Binding Analisys of the GT3 Index Service To migrate GridLab MDS when GT3 is ready for production Development of information providers for: Information about jobs submitted to PBS scheduler Information about PBS queues Development of GSI-plugin for gSOAP Massimo Cafaro 2nd GridLab Conference Eger - Hungary, March 31 - April 1 2003 GridLab MDS – SASL Configuration MDS supports the following security features Authentication through Cyrus SASL Privacy and integrity protections through the use of TLS Access Control to database entries based on LDAP authorization information IP address Domain name Others Massimo Cafaro 2nd GridLab Conference Eger - Hungary, March 31 - April 1 2003 GridLab MDS – SASL configuration grid-info-slapd.conf it sets basic access control rules and sets anonymous binding. Additionally, this file designates the GIIS and GRIS provider components to OpenLDAP, establishes LDAP and MDS information schema, and defines back ends supported by the slapd server. The anonymousbind and access to parameters in this file set anonymous binding and access control, respectively. grid-info-site-policy.conf it controls the acceptance of registration messages by a GIIS. This file can be used to create an open policy where all registrants are welcome, or a closed system whereby only specified resources can register with a GIIS. grid-info-resource-register.conf it lists the GIIS servers to which a GRIS or “child” GIIS will register directly. The default is to register to the local GIIS on the host. This file identifies host names, ports, and time values that control registration messages from a GRIS or GIIS to a GIIS server. Massimo Cafaro 2nd GridLab Conference Eger - Hungary, March 31 - April 1 2003 GridLab MDS – SASL configuration Mutual authentication between GRIS-GIIS and GIISGIIS in a hierarchy In file grid-info-resource-register.conf set: bindmethod: AUTHC-ONLY SASL authorization is performed through: Screening against the grid-mapfile Static ACLs stored in file grid-info-slapd.conf To activate SASL authorization set, in file grid-info-slapd.conf: Anonymousbind no Access to <what> [by <who> <access>]+ Massimo Cafaro What: select the entries and/or attributes to which the access apply Who: which entities are granted access (DN) Access: specifies the type of access granted (search, read, write, compare, …) 2nd GridLab Conference Eger - Hungary, March 31 - April 1 2003 GT3 Index Service MDS functionality appears throughout GT3 GT3 GRAM service data (GRAM reporter) GT3 Index Service (GIIS) OGSI Service Data interface Information services capabilities are now more tightly integrated in (the right places in) GT3 than they were in GT2. Massimo Cafaro 2nd GridLab Conference Eger - Hungary, March 31 - April 1 2003 GT3 Index Service Dynamic service data creation and management via information provider programs Aggregation of service data from multiple instances Registration of Grid service instances Massimo Cafaro 2nd GridLab Conference Eger - Hungary, March 31 - April 1 2003 GT3 ServiceDataProviders SimpleSystemInformation Java native system probe. This provider enumerates the following data; CPU count, Memory statistics, OS type, and Logical Disk Volumes. HostScriptProvider Linux-specific set of shell scripts that monitor system-specific host data. Massimo Cafaro 2nd GridLab Conference Eger - Hungary, March 31 - April 1 2003 GT3 Index Service Three main mechanisms Poll Automated cache refilling Subscribe to / receive notifications from arbitrary services The Index Service will aggregate Service Data it receives No fixed schema for resource data Information Providers now output XML fragments Massimo Cafaro 2nd GridLab Conference Eger - Hungary, March 31 - April 1 2003 GT2 & 3 Index Service differences Subscription & notifications This subsumes the role of the GRIS backend server module in GT2 GRAM, GridFTP, … Service Data providers These Service Data sources subsume the role of the sample GRAM and host-information provider scripts in GT2 Service Data Descriptions in Service Type WSDL These subsume the role of MDS schema written in the RFC2252 LDAP schema format. Massimo Cafaro 2nd GridLab Conference Eger - Hungary, March 31 - April 1 2003 C APIs for accessing MDS struct mdsInfo *gridlab_search (char *giis, int port, char *base_dn, int scope, char **attributes, char *filter, int verbose) Binds anonimously to an MDS server and queries it struct mdsInfo *gridlab_search_auth() Binds through GSI-SASL to an MDS server and queries it Massimo Cafaro 2nd GridLab Conference Eger - Hungary, March 31 - April 1 2003 New Information Providers To publish queues information Currently working on the OpenPBS scheduler Massimo Cafaro 2nd GridLab Conference Eger - Hungary, March 31 - April 1 2003 GSI plugin for gSOAP Continuous development to ensure compatibility with the latest gSOAP version Addition of new features, as requested by the users Massimo Cafaro 2nd GridLab Conference Eger - Hungary, March 31 - April 1 2003 References GridLab WP 10 Information Services http://www.gridlab.org/WorkPackages/wp-10/index.html Globus Toolkit MDS http://www.globus.org gSOAP Toolkit http://www.cs.fsu.edu/~engelen/soap.html GSI plugin for gSOAP http://sara.unile.it/~cafaro/gsi-plugin.html Massimo Cafaro 2nd GridLab Conference Eger - Hungary, March 31 - April 1 2003
