60 likes | 208 Views
Job Repository. Oscar Koeroo JRA3. Content. Where does it do what? Goal of Job Repository How does it work (database schema) To Be Done…. Where does it do what?. The glite-gatekeeper uses the LCMAPS framework for its enhanced usermapping capabilities
E N D
Job Repository Oscar Koeroo JRA3
Content • Where does it do what? • Goal of Job Repository • How does it work (database schema) • To Be Done…
Where does it do what? • The glite-gatekeeper uses the LCMAPS framework for its enhanced usermapping capabilities • The LCMAPS framework provides usermapping from DN + VOMS attributes to Unix UIDs and GIDs • Job Repository is primarily a LCMAPS plug-in # LCMAPS Policies: voms: localaccount -> posix_enf | vomsextract vomsextract -> vomslocalgroup vomslocalgroup -> vomspoolgroup vomspoolgroup -> vomspoolaccount vomspoolaccount -> jobrep jobrep -> posix_enf standaard: localaccount -> jobrep | poolaccount poolaccount -> jobrep jobrep -> posix_enf | posix_enf
Goal of Job Repository • Its goal is to log all the mapping information into a relational database • Which user (identified with a DN) submitted what kind of job (based on the RSL) • Which certificate chain has been used per job (linked to this user) • Which set of VOMS Attributes did the user use this time and which jobs have been executed with them • Which VOMS attribute mapped into which primary GID • Which VOMS attributes mapped into which secundary GIDs • Keep hold of the job status through the batch system’s unique identifier (batch system independent) • Using any kind of database with the same code • Done though ‘iodbc’ (starting with a MySQL database)
users • user_id • dn user_certificates • cert_id • user_id • subject • valid_from • valid_until • cert : blob • first_use • parent_cert_id How does it work (database schema) uservoms • user_voms_id • user_id • voms_id • issuer_id issuer_certificates • issuer_id • cert : blob vomsjobs • job_id • user_voms_id • use_time issuers • issuer_id • dnsname • serverca jobs • job_id • user_id • gridjob_id • rsl • submit_cert_id • retrieve_cert_id • job_start • job_end • metric_info • jobtype • lrms_id • creation_time job_credentials • job_id • credential_id • use_time job_status • job_id • status • status_change credentials • credential_id • uid • uid_name • gid • gid_name voms_issuers • voms_id • issuer_id job_credential_groups • job_id • credential_group_id • use_time mapping_voms_pgid • pgid • voms_id • use_time credential_groups • credential_group_id • sgid • sgid_name mapping_voms_sgid • job_id • credential_id • use_time voms • voms_id • fqan
TBD • Performance upgrade • Perhaps a slight change on the schema can speed up the total proces • Current performance with globus-job-runs: 20 jobs per second sustained or 100 jobs burst per second (burst lasting max 3 seconds, needing a cooldown of 20 seconds) Note: globus-job-runs can exceed 100 jobs per second with success without the Job Repository • Using ‘iodbc 3.52.2’ • Slight interface change • Code reorganization