220 likes | 425 Views
Towards Deployment of EMIR in Federated Grid Infrastructures. Shiraz Memon Jülich Supercomputing Center. EGI Technical Forum Prague, 18.09.2012. Outline. Motivation Introduction to EMIR Deployment in a Federation Adding a DSR Node in the Hierarchy Setting up the GSR Node
E N D
Towards Deployment of EMIR in Federated Grid Infrastructures Shiraz Memon Jülich Supercomputing Center EGI Technical Forum Prague, 18.09.2012
Outline • Motivation • Introduction to EMIR • Deployment in a Federation • Adding a DSR Node in the Hierarchy • Setting up the GSR Node • Detailed Configurations • Leaf and Intermediate DSR Nodes • GSR • Information Model EMI TF 2012, Prague
Motivation • Federation: Internet based network of administratively distributed computing and data resources/services • Service Discovery in a Federation • Robust • Fault Tolerant • Avoid bottle-necks • Self contained/reionalisedadministration • Consistent at the Federation Level • Filtering EMI TF 2012, Prague
Centralised Service Discovery <-- Central Operational Database NGI DE NGI FR NGI NL NGI UK EMI TF 2012, Prague
EMIR Introduction EMI TF 2012, Prague
EMIR: A distributed Registry • Designed from scratch to support federations • Aim to unify service discovery of all the EMI services’ endpoints • Self contained/decentralized registry • REST-ful API • Hierarchical Network • Organise EMIR nodes (called DSR) in a rooted tree • Event based synchronisation: propagating events from leaf to the root node (called GSR) • Handles failures occurred within the hierarchy • P2P Network • Variation of Pastry DHT • Always form at root (GSR) the level • Bootstraps from a globally published List containing addresses of all the root nodes • Eventual consistent replication of GSRs EMI TF 2012, Prague
EMIR: Security • Decentralised Security at every EMIR node • Authentication • Fully integrated with EMI’s cAnL (JAVA) • SSL/TLS • Credential types: EEC, Proxy • (DER, PEM, P12, JKS) • Trust Anchors: CA directories (IGTF), JKS • Access Control • Coarse Grained • Single Access Control List (ACL) file containing subject’s DN and associated pre-defined roles (very similar to GridMap file) • Highly Simplified with restrictions • Fine Grained: comprised of • User attributes file: Mapping of User DN’s with multi-valued attributes • A directory of XACML policies: XML file containing • Customisable but complex EMI TF 2012, Prague
Clients • EMIR Service Endpoint Publisher (EMIR-SERP) • Registers When Started • Updates Periodically • Supports X.509 certificates • gInfo • Fetch and Translates endpoint information from BDII into EMIR data format (JSON) EMI TF 2012, Prague
Federated Deployment and Configurations EMI TF 2012, Prague
Two NGIs Amsterdam https://gsr.ngi.de https://gsr.ngi.hu Publish Global List https://egi.eu/gsr.txt EGI.eu https://gsr.ngi.de https://gsr.ngi.hu GSR GSR NGI-DE P2P replication NGI-HU DSR DSR Berlin Budapest Jülich LRZ KIT SZTAKI NIIF BME DSR DSR DSR DSR DSR DSR EMIR-SERP EMIR-SERP EMIR-SERP EMIR-SERP EMIR-SERP EMIR-SERP EMI TF 2012, Prague
Handling Failovers Amsterdam https://gsr.ngi.de https://gsr.ngi.hu Publish Global List https://egi.eu/gsr.txt EGI.eu https://gsr.ngi.de https://gsr.ngi.hu GSR GSR NGI-DE P2P replication NGI-HU DSR DSR Berlin Budapest Jülich LRZ KIT SZTAKI NIIF BME DSR DSR DSR DSR DSR DSR EMIR-SERP EMIR-SERP EMIR-SERP EMIR-SERP EMIR-SERP EMIR-SERP EMI TF 2012, Prague
Adding a DSR Node HPC DSR NGI DSR Child Of 1. Send Request including DN or PK of the DSR 2. Feedback 3. Start the DSR Server EMI TF 2012, Prague
Configuring Leaf & Intermediate Nodes: HPC Center / NGI Level • EMIR Node’s and Parent’s HTTP(s) Address • Path to the Trust store and Credentials • Add allowed Service Provider’s (SP) DNs into the ACL file: In an EMIR hierarchy, SPs are Nodes • Define database properties (URL, DB, Collection) • Define Filters (list of Endpoint IDs) • Outgoing: to block the specific records from propagation • Incoming: to block the records from registrations EMI TF 2012, Prague
Setting up a GSR (P2P) Node NGI GSR EGI 1. Send GSR URL to the Federation Operator 2. Feedback 3. (Re-)Publish Global List with Requested URL EMI TF 2012, Prague
Configuration • Similar to the DSR node • URL of the global list containing addresses of other GSRs <<Global>> GSR Global List <<Global>> GSR <<Global>> GSR <<Global>> GSR EMI TF 2012, Prague
Information Model EMI TF 2012, Prague
Information Model • GLUE 2.0 Vocabulary to represent Services and Service Endpoints • JSON for registration only • XML based registrations will be supported in the future versions • Querying: JSON and XML documents • Schema Free EMI TF 2012, Prague
List of GLUE 2.0 Attributes EMI TF 2012, Prague
Conclusion • EMIR: Distributed Service Endpoint Registry • Support for multiple type of topologies • Hierarchical • P2P • Schema Free Information Model • Robust, Simple to use, and Scalable • Ideal for Grid Federations EMI TF 2012, Prague
Thank you! EMI TF 2012, Prague
EMIR at EGI TF • Training (Tomorrow) • Information Systems Workshop (on Thursday) • Latency Results of EMIR in multi-tier deployment EMI TF 2012, Prague
Links • Documentation • Wiki • Code • Packages • Contacts => EMI Forum EMI TF 2012, Prague