330 likes | 494 Views
Introduction to Globus Toolkit 4 at LA Grid. CIS 6612 – Autonomic Grid Computing Summer 2006. OUTLINE. WEB SERVICES FUNDAMENTALS GRID FUNDAMENTALS OGSA, WSRF & GT4 LAGRID @ CIS.FIU.EDU DEVELOPING WS IN LAGRID Unsecured Examples Secure Examples. GETTING READY FOR LAGRID.
E N D
Introduction to Globus Toolkit 4 at LA Grid CIS 6612 – Autonomic Grid Computing Summer 2006
OUTLINE • WEB SERVICES FUNDAMENTALS • GRID FUNDAMENTALS • OGSA, WSRF & GT4 • LAGRID @ CIS.FIU.EDU • DEVELOPING WS IN LAGRID • Unsecured Examples • Secure Examples
GETTING READY FOR LAGRID • Get a Globus Identity certificate signed by the Certificate Authority.http://www.cs.fiu.edu/~esj/globus.html • Enroll as a Secure Globus User with Eric Johnson. • Set these environment variables: • Set $GLOBUS_LOCATION to /depot/globus-4 • Set $ANT_HOME to /depot/ant-1.x
SETTING UP LAGRID ENVIRONMENT • Download the examples • go to http://www.gt4book.com/ • go to Downloads • select to download the source code for the MathService examples and the FileBuy application • Untar/unzip the file • tar -xvzf gt4book-examples.tar.gz
GT4 JAVA WS CORE • Building web services using GT4. • Stateful web services! • Following WSRF specifications.
WRITE A STATEFUL WEB SERVICE IN 5 SIMPLE STEPS!! • Define the WS interface with WSDL. • Implement the service with Java. • Define the deployment parameters with WSDD. • Compile everything and generate a GAR file with Ant. • Deploy the service with GT4 tool.
OUR FIRST EXAMPLE: MathService • A simple Math web service. • Operations: • Addition • Subtraction • Get Value. • Resources: • Value (integer) • Last operation performed (String).
MathService: THE 5 STEPS. Step 1: The WSDL The Definition <?xml version="1.0" encoding="UTF-8"?> <definitions name="MathService" targetNamespace="http://www.globus.org/namespaces/ examples/MathService_instance“ …> … </definition> The Port Type <?xml version="1.0" encoding="UTF-8"?> <definitions …> <portType name="MathPortType" wsrp:ResourceProperties="tns:MathResourceProperties"> <operation name="add"> <input message="tns:AddInputMessage"/> <output message="tns:AddOutputMessage"/> </operation> … </portType> </definitions> The Messages <?xml version="1.0" encoding="UTF-8"?> <definitions …> <message name="AddInputMessage"> <part name="parameters" element="tns:add"/> </message> <message name="AddOutputMessage"> <part name="parameters" element="tns:addResponse"/> </message> </definitions> The Response and Request Types <?xml version="1.0" encoding="UTF-8"?> <definitions …> <xsd:element name="add" type="xsd:int"/> <xsd:element name="addResponse"> <xsd:complexType/> </xsd:element> </definitions> The Resource Properties <xsd:element name=“Value” type=“xsd:int” /> <xsd:element name=“LastOp” type=“xsd:string” /> <xsd:element name=“MathResourceProperties”> … </xsd:element>
MathService: THE 5 STEPS. Step 1: The WSDL Steps to write a WSDL document: • Write the root element <definitions> • Write the <portType> • Write an input and output <message> for each operation in the PortType • Write the <types>, which includes declaring the request and response elements, along with the resource properties.
MathService:THE 5 STEPS Step 2: Implementation in Java The Bare Bones package org.globus.examples.services.core.first.impl; import java.rmi.RemoteException; import org.globus.examples.stubs.MathService_instance.*; import org.globus.wsrf.*; import org.globus.wsrf.impl.*; public class MathService implements Resource, ResourceProperties { … } The Resource Properties /* Resource properties */ private int value; private String lastOp; /* Get/Setters for the RPs */ public int getValue() { return value; } public synchronized void setValue(int value) { this.value = value; }
MathService: THE 5 STEPSStep 2: Implementation in Java The Web Service Java class includes: • Declaration for the ResourcePropertySet • Declaration for the Resource Properties • Constructor – resource properties are initialized • Get/Setters for the Resource Properties • Methods for the remotely accessible operations
MathService: THE 5 STEPS.Step 3: Configuring the Deployment - WSDD <?xml version="1.0" encoding="UTF-8"?> <deployment name="defaultServerConfig" xmlns="http://xml.apache.org/axis/wsdd/" xmlns:java="http://xml.apache.org/axis/wsdd/providers/java" xmlns:xsd="http://www.w3.org/2001/XMLSchema"> <service name="examples/core/first/MathService" provider="Handler" use="literal" style="document"> <parameter name="className" value="org.globus.examples.services.core.first.impl.MathService"/> <wsdlFile> share/schema/examples/MathService_instance/Math_service.wsdl </wsdlFile> <parameter name="allowedMethods" value="*"/> <parameter name="handlerClass“ value="org.globus.axis.providers.RPCProvider"/> <parameter name="scope" value="Application"/> <parameter name="providers" value="GetRPProvider"/> <parameter name="loadOnStartup" value="true"/> </service> </deployment>
WEB SERVICES IN GT4Agnostic Question What purpose does JNDI play within the GT4 environment? The Java Naming and Directory Interface allow us to build directory-enabled applications. This will make our Web service available to client connections through a Web services container. A service (identified by its path) will want to locate its resource home.It can also interact with a variety of directories such as LDAP.
MathService: THE 5 STEPS.Step 4: Create a GAR file with Ant • Process the WSDL to add missing pieces. • Create stub classes from the WSDL. • Compile stub classes. • Compile service implementation. • Organize all files into its specific directory structure. ./globus-build-service.sh –d <service base directory> -s <service’s WSDL file> $ ./globus-build-service.sh \ -d org/globus/examples/services/core/first \ -s schema/examples/MathService_instance/Math.wsdl
MathService:THE 5 STEPS. Step 5: Deploy the Service into a Web Service Container • Uses Ant. • Unpacks the GAR. • Copies the WSDL, compiled stubs, compiled implementation & WSDD into the GT4 directory tree. $ sudo –u globus globus-deploy-gar \ org_globus_examples_services_core_first.gar $ sudo –u globus globus-undeploy-gar \ org_globus_examples_services_core_first
MathService:THE CLIENT • Tests the service invoking both the add and subtract operations. $ java -cp ./build/stubs/classes/:$CLASSPATH \ org.globus.examples.clients.MathService_instance.Client \ https://la-blade-01.cs.fiu.edu:8443/wsrf/services/core/first/MathService AxisFault faultCode: {http://schemas.xmlsoap.org/soap/envelope/}Server.userException faultSubcode: faultString: java.io.IOException: No socket factory for 'https' protocol faultActor: faultNode: faultDetail: ...
HOW TO MAKE THE SERVICE SECURE?? • Create the security-config.xml file.<securityConfig xmlns="http://www.globus.org"> <authz value="none"/></securityConfig> • Modify the deploy-server.wsddfile.<parameter name="securityDescriptor" value="etc/org_globus_examples_services_core_first/security-config.xml"/> • Add the following to the client.static { Util.registerTransport();}…((Stub)mathFactory)._setProperty( Constants.GSI_SEC_CONV, Constants.ENCRYPTION);((Stub)mathFactory)._setProperty( Constants.AUTHORIZATION, NoAuthorization.getInstance()); Our acknowledge to Ramakrishna!
HOW TO MAKE THE SERVICE SECURE?? • Let’s run it again… • Is it secure now?Not really… We just fooled it to make it secure. $ java -cp ./build/stubs/classes/:$CLASSPATH \ org.globus.examples.clients.MathService_instance.Client \ https://la-blade-01.cs.fiu.edu:8443/wsrf/services/core/first/MathService Current value: 15 Current value: 10
WEB SERVICES IN GT4Agnostic Question How do I create a Grid infrastructure? Can we use any machine which has the Globus Toolkit's Grid Services installed on it? To build a Grid, we recommend that you download the Globus Toolkit and follow the instructions in the Globus Toolkit System Administrator's Guide. Both of these are available at the Globus website, http://www.globus.org/toolkit/. The documentation will take you through the process of building the Globus Toolkit software, setting up a Grid information service, setting up a certificate authority or using someone else's, installing the Globus resource management tools on your servers, and installing Globus client tools and libraries for your users.
GRID SECURITY INFRASTRUCTURE • Basis for GT4 Security layer. • Covers the three pillars of secure communication: • Privacy. • Integrity. • Authentication. • Family of components (low/high level) to offer security features to programmers.
Level security: Transport-level Message-level Authentication X.509 Digital certificates. Username/Password Authorization schemes: Server-Side Client-Side Custom Credential delegation and single sign-on Proxy Certificates Different levels of security: Container Service Resource. GRID SECURITY INFRASTRUCTURE
SECURE EXAMPLES: WRITING A SECURE MathServer • Add security to the MathService example. • Now, four operations: • add • subtract • multiply • divide • We will be able to configure each operation with a different security configuration.
DEMO:SECURE MathServer <securityConfig xmlns="http://www.globus.org"> <authz value="none"/> <method name="add"> <auth-method> <GSISecureConversation/> </auth-method> </method> <method name="subtract"> <auth-method> <GSISecureMessage/> </auth-method> </method> <method name="multiply"> <auth-method> <GSISecureConversation/> <GSISecureMessage/> </auth-method> </method> <method name="divide"> <auth-method> <GSITransport/> </auth-method> </method> <!-- Default for other methods --> <auth-method> <GSISecureConversation/> <GSISecureMessage/> <GSITransport/> </auth-method> </securityConfig> • The service Modify the security-config-auth.xml No server-side authorization must be performed. The add method can only be invoked using GSI Secure Conversation. The multiply method can be invoked using GSI Secure Conversation or GSI Secure Message. The divide method can only be invoked using GSI Transport (transport-level security). The rest of the methods can be invoked with any of the authentication methods. The subtract method can only be invoked using GSI Secure Message. 1 2 4 5 6 3
DEMO:SECURE MathServer • The Client • Programatically:((Stub)math)._setProperty(Constants. GSI_SEC_CONV,Constants.ENCRYPTION); • Security descriptor:String secDecFile = “path/to/security-descriptor.xml”;((Stub)math)._setProperty(Constants. CLIENT_DESCRIPTOR_FILE, secDescFile);
DEMO:SECURE MathServer • Client call 1: GSI Transport Client [add] ERROR: GSI Secure Conversation authentication required for "{MathService_instance_4op}add" operation. [subtract] ERROR: GSI Secure Message authentication required for "{MathService_instance_4op}subtract" operation. [multiply] ERROR: GSI Secure Conversation or GSI Secure Message authentication required for "{MathService_instance_4op}multiply" operation. Division was successful Current value: 30 • Client call 2: GSI Secure Conversation Client Addition was successful [subtract] ERROR: GSI Secure Message authentication required for "{http://www.globus.org/namespaces/examples/ MathService_instance_4op}subtract" operation. Multiplication was successful Division was successful Current value: 180
GLOBUS TOOLKIT 4Agnostic Question Once I've installed the Globus Toolkit, how do others find out that my machine is available on the Grid, and how can I find out what other machines are on the Grid? Grid exists as a number of groups who are building experimental and production grid infrastructures for their own purposes. Virtual organizations using the same Grid technology to build their infrastructures.
GLOBUS TOOLKIT 4Agnostic Question If I submit a job using Globus Toolkit 4, is the execution management module capable of executing the job parallel on different machines on the grid? No, this is one of the current limitations of GT4.
GLOBUS TOOLKIT 4Agnostic Question What are the research challenges that the Globus Alliance is currently addressing? What do you think are the limitations of the current Globus toolkit implementations? • End-to-end resource management and adaptation techniques. • Automated techniques for negotiation of resource usage, policy, and accounting in large-scale grid environments. • High-performance communication methods and protocols.
GLOBUS TOOLKIT 4Agnostic Question One of the main challenges with today's Internet, is the amount of useless information out there, how does GT4 currently ensure that the services being offered or registered provide both quality and are in demand? Globus Toolkit provides mechanisms to address resource discovery and security issues. GARA: General-purpose Architecture for Reservation and Allocation
GLOBUS TOOLKIT 4Agnostic Question How effective is the GT4 book in expanding the practical uses of Grid Computing? Does the author focus on both scientific and non-scientific applications running on the Grid? Part IV: The FileBuy Application: Multiple services deployed across several machines. Highlights some design patterns commonly found in GT4- based systems.
GLOBUS TOOLKIT 4Agnostic Question Are there any current GT4 IDE software tools? Globus Service Build Tools http://gsbt.sourceforge.net/ • GT4IDE: Eclipse 3 plug-in that will allow GT4 programmers to develop WSRF Java Web Services easily. • globus-build-service: The same Ant buildfile + script included in the tutorial.
GLOBUS TOOLKIT 4Agnostic Question How do you envision the Grid in the future? In your opinion, how much will GT4 make Grid adoption easier in the future? The needs for Grids have been identified. How many grid-enabled applications we’ll see? To grid-enable an application is a challenge. New challenges in security.
USEFUL LINKS • Our site! [COMING SOON]http://www.cis.fiu.edu/~mfelip01/CIS-6612/GT4_project.html • Globus toolkit 4 Programmer’s Tutorialhttp://gdp.globus.org/gt4-tutorial/ • Globus toolkit 4: Programming Java Serviceshttp://www.gt4book.com/ • OASIS.http://www.oasis-open.org/ • The Globus Alliance;http://www.globus.org/