Globus Toolkit 4 By: Jeton Bacaj, Joel Lathrop, Fugang Wang & Andrew Younge http://blackrose02.rit.edu/wiki/doku.php?id=grid:seminar1:gt4 Rochester Institute of Technology 10:33:24 Service Oriented Cyberinfrastructure Lab, http://blackrose02.rit.edu 1 Outline • Introduction • Components – – – – Execution Management Information Services Data Management Security • Globus Implementation – – – – Architectural overview Globus and Rocks Todo Job submission • Summary 10:33:24 Service Oriented Cyberinfrastructure Lab, http://blackrose02.rit.edu 2 Introduction to Globus Toolkit • What is Globus? – A “grid” toolkit – The goal is, “Letting people share computing power, databases, and other tools securely online across corporate, institutional, and geographic boundaries without sacrificing local autonomy.” • Modular Architecture – Made of many components – Not all components are inter-dependent – Can install single, isolated components • Globus Advantages – – – – 10:33:24 Scalable Well documented API Open source Widely used Service Oriented Cyberinfrastructure Lab, http://blackrose02.rit.edu 3 Introduction (cont) • Components organized into classes – Execution Management • Initiation, monitoring, management, scheduling, and coordination of remote computational tasks – Information Services • Monitoring, managing logs, archiving data, etc. – Data Management • Data location, transfer, and management – Security • Authentication, mapping Globus credentials with other forms of credentials – Common Runtime • A collection of APIs allowing integration with different languages and platforms 10:33:24 Service Oriented Cyberinfrastructure Lab, http://blackrose02.rit.edu 4 Execution Management • Community Scheduler Framework – Interface to resource schedulers • Grid TeleControl Protocol – WRSF-enabled service interface for control of remote instruments • Workspace Management – Dynamic fostering of managing workspaces on hosts • Grid Resource Allocation & Management – “GRAM”; the bread ‘n butter of Globus Toolkit’s Execution Management – deploying and monitoring jobs on a Grid • Used to incorporate a wide variety of other grid and cluster services such as Condor, PBS, LSF, SGE, BOINC and more! 10:33:24 Service Oriented Cyberinfrastructure Lab, http://blackrose02.rit.edu 5 Information Services Some of the services that are included on Globus Toolkit: • MDS – Collects data about different resources about the grid – By default, uses WSRF for polling operations – WebMDS uses MDS that formats data in XML into HTML using XSLT style sheets • Indexing – Services register with this component so others can utilize those resources – Caches resources of the registered services (speed obviously) • Trigger – What it sounds like - if there is a condition that’s met, an alert is raised (notification via email for example) – Monitors behavior - looks at the data with some preconfigured tests to see if trigger conditions are met 10:33:24 Service Oriented Cyberinfrastructure Lab, http://blackrose02.rit.edu 6 Data Management and Replication • Data Management – GridFTP • A Souped up version of FTP that’s secure, robust and efficient • Good for bulk data. – Reliable File Tranfter (RFT) • More reliable, job based file transfer using web services • Data Replication – Replica Location Service (RLS) • Keeps track of location of the copies in the grid – Data Replication Service (DRS) • Higher level merge of RFT and RLS 10:33:24 Service Oriented Cyberinfrastructure Lab, http://blackrose02.rit.edu 7 Grid Security Infrastructure - GSI • Conform to X.509 based PKI standard • Certificate – Used to identify and authenticate – Structure • (subjID, publicKey, CA’s ID, CA’s signature) • Coded in X.509 format – Host, service, user, proxy • Mutual authentication – Use SSL/TLS to exchange certificates – Prove identity by signing a message with private key 10:33:24 Service Oriented Cyberinfrastructure Lab, http://blackrose02.rit.edu 8 Grid Security Infrastructure - GSI • Confidential communication – By default no encryption – Easy to setup a shared key encryption • Securing private key – Pass phrase protected private key • Proxy and certificate delegation – Chain of trust – RFC 3820 10:33:24 Service Oriented Cyberinfrastructure Lab, http://blackrose02.rit.edu 9 GSI - MyProxy • MyProxy credential management service Grid Front End User_home CA 10:33:24 MyProxy Server Service Oriented Cyberinfrastructure Lab, http://blackrose02.rit.edu 10 GSI - MyProxy • MyProxy credential management service User_mobile Grid Front End MyProxy Server 10:33:24 Service Oriented Cyberinfrastructure Lab, http://blackrose02.rit.edu 11 MyProxy Commands • MyProxy related commands in GT4 myproxy-init: store proxy credential myproxy-store: store end-entity credential myproxy-logon: retrieve a stored credential myproxy-retrieve: retrieve end-entity credential myproxy-destroy: remove credential myproxy-info: query stored credentials myproxy-change-pass-phrase: change password encrypting private key 10:33:24 Service Oriented Cyberinfrastructure Lab, http://blackrose02.rit.edu 12 GSI - In Practice • User certificate generation User generates certificate request and private key USER$ echo export GLOBUS_LOCATION=/usr/local/globus-4.0.6 >> ~/.bashrc USER$ $GLOBUS_LOCATION/etc/globus-user-env.sh USER$ grid-cert-request Private key(passphrase protected): ~/.globus/userkey.pem Certificate request: ~/.globus/usercert_request.pem ! Mail the certificate request to the administrator as prompted 10:33:24 Service Oriented Cyberinfrastructure Lab, http://blackrose02.rit.edu 13 GSI - In Practice • User certificate generation User generates certificate request and private key CA signs the certificate globus$ grid-ca-sign –in usercert-request.pem -out signed_USER.pem globus$ sudo cp signed_USER.pem /home/USER/.globus/usercert.pem 10:33:24 Service Oriented Cyberinfrastructure Lab, http://blackrose02.rit.edu 14 GSI - In Practice • User certificate generation User generates certificate request and private key CA signs the certificate Add entry in gridmap file /etc/grid-security/grid-mapfile "/O=Grid/OU=GlobusTest/OU=simpleca-lilac03.rit.edu/OU=rit.edu /CN=FIRST_NAME LAST_NAME" USER 10:33:24 Service Oriented Cyberinfrastructure Lab, http://blackrose02.rit.edu 15 Grid Architecture Grid users lilac03.rit.edu Main Globus Server globus-4.0.6 grid scheduler Certificate Authority lilac04.rit.edu Rocks frontend globus 4.0.3 Rocks queue manager clover.rit.edu VALinux Rocks? lilac02.rit.edu compute-0-0 lilac01.rit.edu compute-0-2 lilac05.rit.edu compute-0-1 lilac08.rit.edu compute-0-3 10:33:24 clover02.rit.edu clover03.rit.edu Condor/PBS/BOINC clover04.rit.edu Service Oriented Cyberinfrastructure Lab, http://blackrose02.rit.edu ... ?? ... 16 Progress • Main Globus installation – – – – – – Used Ubuntu Linux 7.10 Server Compiled and installed version 4.0.6 of Globus Setup security using Simple-CA Configured postgresql RFT Database Started Globus container Added test users and submitted test jobs • Rocks Cluster – Installed the frontend on lilac04.rit.edu – Added Globus, Ganglia, and SGE roles to the frontend – Installed clients on other lilac machines. 10:33:24 Service Oriented Cyberinfrastructure Lab, http://blackrose02.rit.edu 17 Todo List • Link Rocks frontend to main Globus installation – Configure the Certificates – Setup and test GridFTP between machines – Update /etc/grid-security/grid-mapfile • Test the grid using by submitting a job to a remote resource (Rocks) • Setup independent CA behind a firewall using MyProxy – Would enhance security and simplify usage 10:33:24 Service Oriented Cyberinfrastructure Lab, http://blackrose02.rit.edu 18 Submitting a Job • Submitting a simple job xero@lilac03:~$ globusrun-ws -submit -c /bin/echo ROAR Submitting job...Done. Job ID: uuid:a07e6908-fbb8-11dc-884b-000874d2a480 Termination time: 03/28/2008 04:45 GMT Current job state: Active Current job state: CleanUp Current job state: Done Destroying job...Done. • Job submission in Globus gets more complicated quickly – Have to use large xml (RSL) files to specify job details – Use a job_epr.xml file to monitor job status – Make sure job results are retrieved 10:33:24 Service Oriented Cyberinfrastructure Lab, http://blackrose02.rit.edu 19 Summary • The Globus Toolkit is a powerful middleware application that allows one to build a multi-level grid computing system that can span spatially and administratively different computing systems. • Setting up and managing a grid using Globus is a lot of work! • Globus can work with a wide variety of clusters, queuing systems or other grid technologies in order to provide the largest amount of resources – System integration is unmatched by anything else – Many tools already available for free – Easy API to create custom tools for specific needs 10:33:24 Service Oriented Cyberinfrastructure Lab, http://blackrose02.rit.edu 20 Questions? • Ask, and ye shall receive … 10:33:24 Service Oriented Cyberinfrastructure Lab, http://blackrose02.rit.edu 21 References Foster, "A Globus Primer: Describing Globus Toolkit 4," 2005. I. Foster, "Globus Toolkit 4: Software for Service-Oriented Systems," in Proc. Network And Parallel Computing: IFIP International Conference, 2005, pp. 2-13. C. K. Ian Foster, "Globus: a Metacomputing Infrastructure Toolkit," Iternational Journal of High Performance Computing Applications, vol. 11, iss. 2, pp. 115-128, 1997. L. P. N. M. C. K. I. F. M. D. Jennifer M. Schopf Ioan Raicu, "Monitoring and Discovery in a Web Services Framework: Functionality and Performance of Globus Toolkit MDS4," Argonne National Laboratory2005. W. Allcock, J. Bresnahan, R. Kettimuthu, and M. Link, "The Globus Striped GridFTP Framework and Server," in Proc. SC '05: Proceedings of the 2005 ACM/IEEE conference on Supercomputing, Washington, DC, USA, 2005, p. 54. H. Kanemitsu and Y. Urano, "On the method for realizing globally and locally accessible resource management for WS-GRAM," in Proc. Web Services, 2007. ICWS 2007. IEEE International Conference on, 2007, pp. 1201-1204. X. Zhang and J. M. Schopf, Performance Analysis of the Globus Toolkit Monitoring and Discovery Service, MDS2, 2004. I. N. Borja Sotomayor Lisa Childers, Globus Toolkit 4 Programming Java Services, Morgan Kaufmann, 2006. 10:33:24 Service Oriented Cyberinfrastructure Lab, http://blackrose02.rit.edu 22