1 / 10

Gridification progress report

Gridification progress report. David Groep, Oscar Koeroo Wim Som de Cerff, Gerben Venekamp Martijn Steenbakkers. Job repository. Policy. Policy. Gridification Architecture. WP4 non. -. gridification. WP4 non. -. gridification. Grid. Grid. Gridification component. Scheduler.

mimi
Download Presentation

Gridification progress report

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Gridification progress report David Groep, Oscar Koeroo Wim Som de Cerff, Gerben Venekamp Martijn Steenbakkers

  2. Job repository Policy Policy Gridification Architecture WP4 non - gridification WP4 non - gridification Grid Grid Gridification component Scheduler Gridification component Scheduler (WP1) (WP1) Non - WP4 subsystem Non - WP4 subsystem External to fabric FabNAT Globus Gatekeeper FabNAT Globus Gatekeeper Internal to fabric Resource request in JDL In VOMS - signed, established security context ComputingElement ComputingElement SE SE RMS RMS StorageElement (WP5) LCAS farms LCMAPS plug - ins uid/gid uid/gid static list static list other other tokens tokens wallclocktime wallclocktime quota check quota check Configuration Configuration Mgmt, Mgmt, resource use resource use Installation Installation Mgmt Mgmt Credential Rep. Policy FLIDS (Configuration Mgmt) (Configuration Mgmt)

  3. LCAS accept policy allowed GSI AuthN timeslot LCAS authZ call out banned LCMAPS open, learn,&run: … and return legacy uid C=IT/O=INFN /L=CNAF/CN=Pinco Palla/CN=proxy Original Gatekeeper TLS auth VOMSpseudo-cert Job Manager fork+exec args, submit script assist_gridmap Jobmanager-* Authentication control flow EDG gatekeeper

  4. Local Centre Authorization Service (LCAS) • Current version LCAS-1.1 • Authorization plugin framework • Authorization decision based on proxy certificate and RSL • 3 plugins provided: lcas_userallow.mod, lcas_userban.mod, lcas_timeslots.mod • Documentation: http://www.dutchgrid.nl/DataGrid/wp4/lcas/edg-lcas-1.1/ • Future developments • VOMS plugin (authorization decision based on VO, (sub)group, role) • Delivery: end of July • LCAS-2.0: • Server implementation (API does hopefully not change) • Use policy description language (pdl) from LCMAPS • Upgrade API plugins to LCMAPS plugin API (introspect) • Delivery: July/August

  5. Local Credential Mapping Service (LCMAPS) • LCMAPS-1.0 (more in David’s talk) • Plug-in framework, driven by comprehensive policy description language • Mapping based on user identity, VO affiliation, site-local policy • Provides local credentials needed for jobs in fabric • Supports standard UNIX credentials (incl. pool accounts), AFS tokens, Krb5 • Delivery LCMAPS + plugins: end of June • Apidoc: http://www.dutchgrid.nl/DataGrid/wp4/lcmaps/edg-lcmaps-0.0.1/apidoc/html/index.html

  6. LCMAPS – modules • Modules represent atomic functionality • VOMS from role info and local mapfile assign gid (A) • PoolAccounts from username assign unique uid (A) • PoolGroups from (VOMS) groupname assign unique gid (A) • LocalAccount from username assign local existing unique uid (A) • AFS/Krb5 get token based on user DN info (A) • POSIX processsetuid() and setegid() (E) • POSIX LDAP update distributed user database (E) • Krb5 run job via k5cert (E) • …

  7. edg-gatekeeper • Current version: edg-gatekeeper-2.1 • Supports LCAS-1.1 (either “dlopened” or linked in) • Independent from globus-gatekeeper (based on GT-2.2) • Future versions: • edg-gatekeeper-2.2 • Supports LCAS-1.1 and LCMAPS-1.0 • Delivered with LCMAPS-1.0 (end of June) • edg-gatekeeper-2.3 • Supports LCAS-2.0 and LCMAPS-1.0 • Delivered with LCAS-2.0 (July/August)

  8. Job Repository • Keeps a log of incoming and stores local job info • Repository and access API • LDAP directory • Store job status, credential mapping (plugin LCMAPS), job description • Release: september 2003 • Still required ? (RMS ?)

  9. FabNat and FLIdS • FabNat • Provides a method for streaming connections to be chnnelled into local fabric • Information provider and tunnel request specification (RSL) • Foreseen delivery: November • Still required ?? • Fabric Local Identity Service (FLIdS) • Automated CA with policy engine • Perl script with SSL module (openssl calls) • Foreseen delivery: September • Still required ??

  10. Timetable gridification components

More Related