530 likes | 694 Views
Developing Grid Services on LA Grid. Acknowledgement. Fernando Ferfan Mayelin Felipe Borja Sotomayor Lisa Childers. OUTLINE. WEB SERVICES FUNDAMENTALS GRID FUNDAMENTALS OGSA, WSRF & GT4 DEVELOPING WS IN LAGRID Unsecured Examples Secure Examples. Web Services.
E N D
Acknowledgement • Fernando Ferfan • Mayelin Felipe • Borja Sotomayor • Lisa Childers
OUTLINE • WEB SERVICES FUNDAMENTALS • GRID FUNDAMENTALS • OGSA, WSRF & GT4 • DEVELOPING WS IN LAGRID • Unsecured Examples • Secure Examples
Web Services • Designed to support interoperable machine-to-machine interaction over a network. • Uses a previously described interface (WSDL). • Communicates using messages via HTTP enclosed in a SOAP envelope. • Allows intercommunication amongst different platform and/or programming languages. • OASIS and the W3C responsible for the standardization of web services. • WS-I established to improve interoperability.
WEB SERVICES Advantages • Web Services are platform and language independent. • Most Web Services use HTTP for transmitting messages. • Web services can be combined to provide an integrated service.
WEB SERVICES Disadvantages • Overhead – transmitting messages in XML • Lack of versatility - not as many features as other distributed computing technologies
Typical Web Service Invocation The Globus Toolkit 4 Tutorial. http://gdp.globus.org/gt4-tutorial/
Detailed Web Service Invocation The Globus Toolkit 4 Tutorial. http://gdp.globus.org/gt4-tutorial/
Server Side handles HTTP messages provides a 'living space' for applications that must be accessed by different clients handles SOAP requests andresponses The Globus Toolkit 4 Tutorial. http://gdp.globus.org/gt4-tutorial/
stateless vs. stateful web service • Stateless web services don’t “remember” information from one invocation to another whereas stateful Web Services do. • When Web Services are used just to create Internet-based applications with loosely coupled clients and servers, they can be stateless. The service can be restarted without concern of previous interactions. • When Web Services are used to create Grid Applications, they are generally required to be stateful.
Stateful web services example login Buyer Amazon.com login ok, your shopping cart id is 0x800 logout login and my id is 0x800 Your shopping cart has …
Problems • No standard on how to do this • Client needs to have special code • Some protocol specific features like cookies can be used
OUTLINE • WEB SERVICES FUNDAMENTALS • GRID FUNDAMENTALS • OGSA, WSRF & GT4 • DEVELOPING WS IN LAGRID • Unsecured Examples • Secure Examples
WHAT’S A GRID ANYWAYS? • GRID SYSTEM: A system that … • Coordinates resources that are not subject to centralized control. • Using standard, open, general-purpose protocols and interfaces. • To deliver nontrivial qualities of service. • GRID COMPUTING: The field of computing science which concerns with Grid Systems. • A GRID: an actual, working Grid system (i.e. LAGrid). • THE GRID: Accessible to the general public, in the same sense that The Internet is publicly accessed.
Grid Services • So, what are these grid services? • Grid services are web services that are customized to grid environment • Similar to web services they provide the glue to interact with heterogeneous systems • Why do we need them? • What do they provide?
Achieving Statefulness • The state is kept in a separate entity called a resource. • Each resource has a unique key. The Globus Toolkit 4 Tutorial. http://gdp.globus.org/gt4-tutorial/
Achieving Statefulness What do you think are the tradeoffs of providing the state explicitly within the request message or maintaining the state implicitly within system components with which the web service can interact? • Web service could maintain the resource identity as static service state, thus obviating the need to pass that identity in the WS-Addressing endpoint reference. • This design choice implies a one-to-one mapping from Web service endpoints to stateful resources and thus a need for a unique Web service endpoint for each stateful resource.
Web Services vs. Grid Services • Though web services are great, some key things that are required on the grid are missing • State management • Global Service Naming • Reference resolution • more …
Web Services vs. Grid Services • Wait a minute ! I can do all those things with web services, can’t I? • YES ! You can • But, • The standards don’t provide (yet) the required mechanisms. Work is being done to figure out the best way to do these things
OUTLINE • WEB SERVICES FUNDAMENTALS • GRID FUNDAMENTALS • OGSA, WSRF & GT4 • DEVELOPING WS IN LAGRID • Unsecured Examples • Secure Examples
OGSA Introduction • Grid systems and applications aim to integrate, virtualize and manage resources and services within distributed, heterogeneous, dynamic “virtual organizations” • Items needed • Computers, application services, data, and other resources need to be accessed within different organizations • Standardization • Open Grid Services Architecture (OGSA) • Is a service-oriented architecture (SOA), that addresses the need for standardization by defining a set of core capabilities and behaviors that address key concerns in Grid systems • SOA: A perspective of software architecture that defines the use of services to support the requirements of software users. Enables the creation of applications that are built by combining loosely coupled and interoperable services • wikipedia.com
OGSA • OPEN GRID SERVICES ARCHITECTURE (OGSA) • VO Management Service. • Resource Discovery and Management Service. • Job Management Service. • … security, data management, etc.
OGSA is the architecture, OGSI is the infrastructure. Grid service interface standard Methods allow access to Grid service As well as Grid service state (SDE) Optional factory interface Naming and referencing of Grid services Extends WSDL 1.1 (GWSDL) Handle resolver Notifications OGSI Registry Grid Service Reference (GSR) Grid Service Handle (GSH) Publish GSR Service Consumer Service Provider Bind Client Grid Service Reply Legend program boundary request flow module boundary reply flow Grid Service Reference Open Grid Service Infrastructure (OGSI) - 2001 • OGSI Grid service locator: • Multiple GHSs + GSRs + interface description
Grid Services as seen by OGSI • Connect to the grid service • Ask the server to create an instance for you • Get a unique global pointer to it • Interact with the service
OGSI Issues • Confusion and Criticism from web services folks • Modeling stateful resource with Web services • Web service Resource Framework (WS-RF) 2004
WSRF • Stands for Web Services Resource Framework • Improves on the concept of Web Services by creating a separate view for the resource state. • Simplifies WSDL and reduces message size and complexity (XML gets heavy and complicated fast) • Modular (users decide which specification to use)
WS-Resource • Provides a means of expressing the relationship between stateful resources and web services • The WS-Resource has an XML resource property document defined using XML schema. • The requestor can determine the WS-Resource type by retrieving the portType • Web service programming paradigm is used to interact with the resource
OGSI to WSRF* * www.globus.org/wsrf
WSRF Specification • WSRF Resource Properties. • WSRF Resource Lifetime. • WSRF Base Faults. • WSRF Service Group.
GT1 Grid GT2 OGSI Started far apart in apps & tech Have been converging WSRF WSDL 2, WSDM WSDL, WS-* Web HTTP Web Services and Grids - OGSA • OGSI problems solved by WSRF
Programming Grid Services (GT4) • Basic steps involved in creating a grid service • Create the interface using WSDL • Specify the portTypes, messages and data encoding • Generate Stubs • Add functionality • Compile and Build the code using Globus libraries • Create a GAR (Grid Archive) • Deploy it
OGSA, WSRF & GT4 B. Sotomayor and L. Childers. Globus Toolkit 4, Programming Java Services. 2006. The Morgan Kaufmann Series in Networking.
OUTLINE • WEB SERVICES FUNDAMENTALS • GRID FUNDAMENTALS • OGSA, WSRF & GT4 • DEVELOPING WS IN LAGRID • Unsecured Examples • Secure Examples
GT4 Java WS Core • Java WS Core provides APIs and tools for developing Grid services. • Includes a container based on Apache Axis to host various GT4 services implemented in Java, such as GRAM, RFT, MDS-Index, and our own custom Web Services. • Following WSRF specifications.
GT4 Services • What feature/service is most useful to you as you work with GT4 Toolkit? • The globus-build-service.sh and globus-deploy-gar scripts use Ant to create and deploy the GAR file so we don’t need to worry about: • Processing the WSDL file • Creating the stub classes from the WSDL • Compiling the stub classes • Compiling the service implementation • Organizing all the files into a very specific directory structure
Creating a Grid Service (GT4) • Define the WS interface with WSDL. • Implement the service. • Define the deployment parameters. • Compile everything and generate a GAR file. • Deploy the service.
OUR EXAMPLE: MathService • A simple Math web service. • Operations: Addition & Subtraction & Get Value. • Resources: Value (integer) & Last operation performed (String).
MathService: THE 5 STEPS. • Step 1: The WSDL. The Definition <?xml version="1.0" encoding="UTF-8"?> <definitions name="MathService" targetNamespace="http://www.globus.org/namespaces/ examples/MathService_instance“ …> … </definition> The Port Type <?xml version="1.0" encoding="UTF-8"?> <definitions …> <portType name="MathPortType" wsrp:ResourceProperties="tns:MathResourceProperties"> <operation name="add"> <input message="tns:AddInputMessage"/> <output message="tns:AddOutputMessage"/> </operation> … </portType> </definitions> The Messages <?xml version="1.0" encoding="UTF-8"?> <definitions …> <message name="AddInputMessage"> <part name="parameters" element="tns:add"/> </message> <message name="AddOutputMessage"> <part name="parameters" element="tns:addResponse"/> </message> </definitions> The Response and Request Types <?xml version="1.0" encoding="UTF-8"?> <definitions …> <xsd:element name="add" type="xsd:int"/> <xsd:element name="addResponse"> <xsd:complexType/> </xsd:element> </definitions> The Resource Properties <portType name="MathPortType" wsrp:ResourceProperties="tns:MathResourceProperties"> <!-- operations --> </portType>
MathService: THE 5 STEPS. • Step 2: Implementing the Service in Java The Bare Bones package org.globus.examples.services.core.first.impl; import java.rmi.RemoteException; import org.globus.examples.stubs.MathService_instance.*; import org.globus.wsrf.*; import org.globus.wsrf.impl.*; public class MathService implements Resource, ResourceProperties { … } The Resource Properties /* Resource properties */ private int value; private String lastOp; /* Get/Setters for the RPs */ public int getValue() { return value; } public synchronized void setValue(int value) { this.value = value; }
MathService: THE 5 STEPS. • Step 3: Configuring the Deployment (WSDD) The Service Name <service name=“examples/core/first/MathService” provider=“Handler" use="literal" style="document”> The WSDL File <wsdlFile>share/schema/examples/MathService_instance/Math_service.wsdl </wsdlFile> Load on Startup <parameter name="loadOnStartup" value="true"/> The Common Parameters <parameter name="allowedMethods" value="*"/> <parameter name="handlerClass" value="org.globus.axis.providers.RPCProvider"/> <parameter name="scope" value="Application"/>
MathService: THE 5 STEPS. • Step 4: Create a GAR file with Ant • Process the WSDL to add missing pieces. • Create stub classes from the WSDL. • Compile stub classes. • Compile service implementation. • Organize all files into its specific directory structure. ./globus-build-service.sh –d <service base directory> -s <service’s WSDL file> $ ./globus-build-service.sh \ -d org/globus/examples/services/core/first \ -s schema/examples/MathService_instance/Math.wsdl or $ ./globus-build-service.sh first
MathService: THE 5 STEPS. • Step 5: Deploy the Service into a Web Service Container • Uses Ant. • Unpacks the GAR. • Copies the WSDL, compiled stubs, compiled implementation & WSDD into the GT4 directory tree. $ sudo –u globus globus-deploy-gar \ org_globus_examples_services_core_first.gar $ sudo –u globus globus-undeploy-gar \ org_globus_examples_services_core_first
MathService: THE CLIENT • Tests the service invoking both the add and substract operations. $ java -cp ./build/stubs/classes/:$CLASSPATH \ org.globus.examples.clients.MathService_instance.Client \ https://la-blade-01.cs.fiu.edu:8443/wsrf/services/core/first/MathService AxisFault faultCode: {http://schemas.xmlsoap.org/soap/envelope/}Server.userException faultSubcode: faultString: java.io.IOException: No socket factory for 'https' protocol faultActor: faultNode: faultDetail: ...
MAKE THE SERVICE SECURE! • Create the security-config.xml file.<securityConfig xmlns="http://www.globus.org"> <authz value="none"/></securityConfig> • Modify the deploy-server.wsdd file.<parameter name="securityDescriptor" value="etc/org_globus_examples_services_core_first/security-config.xml"/> • Add the following to the client.static { Util.registerTransport();}…((Stub)mathFactory)._setProperty( Constants.GSI_SEC_CONV, Constants.ENCRYPTION);((Stub)mathFactory)._setProperty( Constants.AUTHORIZATION, NoAuthorization.getInstance()); Our acknowledge to Ramakrishna!
MAKE THE SERVICE SECURE! • Is it secure now?Not really… We just added the skeleton to make it secure. • Let’s run it again… $ java -cp ./build/stubs/classes/:$CLASSPATH \ org.globus.examples.clients.MathService_instance.Client \ https://la-blade-01.cs.fiu.edu:8443/wsrf/services/core/first/MathService Current value: 15 Current value: 10
GRID SECURITY INFRASTRUCTURE • Basis for GT4 Security layer. • Covers the three pillars of secure communication: • Privacy. • Integrity. • Authentication. • Family of components (low/high level) to offer security features to programmers.
Level security: Transport-level Message-level Authentication X.509 Digital certificates. Username/Password Authorization schemes: Server-Side Client-Side Custom Credential delegation and single sign-on Proxy Certificates Different levels of security: Container Service Resource. GRID SECURITY INFRASTRUCTURE
WRITING A SECURE MathServer • Add security to the MathService example. • Now, four operations: • add • subtract • multiply • divide • We will be able to configure each operation with a different security configuration.
SECURE MathServer <securityConfig xmlns="http://www.globus.org"> <authz value="none"/> <method name="add"> <auth-method> <GSISecureConversation/> </auth-method> </method> <method name="subtract"> <auth-method> <GSISecureMessage/> </auth-method> </method> <method name="multiply"> <auth-method> <GSISecureConversation/> <GSISecureMessage/> </auth-method> </method> <method name="divide"> <auth-method> <GSITransport/> </auth-method> </method> <!-- Default for other methods --> <auth-method> <GSISecureConversation/> <GSISecureMessage/> <GSITransport/> </auth-method> </securityConfig> • The service Modify the security-config-auth.xml No server-side authorization must be performed. The add method can only be invoked using GSI Secure Conversation. The multiply method can be invoked using GSI Secure Conversation or GSI Secure Message. The divide method can only be invoked using GSI Transport (transport-level security). The rest of the methods can be invoked with any of the authentication methods. The subtract method can only be invoked using GSI Secure Message. 1 2 4 5 6 3
SECURE MathServer • The Client • Programatically:((Stub)math)._setProperty(Constants. GSI_SEC_CONV,Constants.ENCRYPTION); • Security descriptor:String secDecFile = “path/to/security-descriptor.xml”;((Stub)math)._setProperty(Constants. CLIENT_DESCRIPTOR_FILE, secDescFile);