GLOBUS Toolkit - Grid Deployment
Download
Report
Transcript GLOBUS Toolkit - Grid Deployment
GLOBUS Toolkit Grid Deployment
Boro Jakimovski
Marjan Gusev
Institute of Informatics
Faculty of Natural Sciences and Mathematics
University of Sts. Cyril and Metodius
Skopje, Macedonia
Grid technology
Flexible, secure, coordinated resource
sharing among dynamic collections of
individuals, institutions, and resource
Grid architecture
Defined using services and protocols
Using the “sand hourglass” model similar to the
TCP/IP protocol stack
From “The Anatomy of the Grid: Enabling Scalable Virtual Organizations”
Grid architecture
Fabric – resource specific
operations
Connectivity – main
communication and
authentication proto.
Resource – usage,
monitoring, control of single
resource
Collective – global
interactions between
collections of resources
APPLICATION
COLLECTIVE
RESOURCE
CONNECTIVITY
FABRIC
Globus Toolkit™
No “official” Grid standards exist
but
Globus Toolkit™ has emerged as the de facto
standard for several important Connectivity,
Resource, and Collective protocols
Fabric
Contains
Computational resources
Storage resources
Network resources
Code resources
Catalogs
Globus toolkit
defined by vendorsupplied interfaces not
physical characteristics
enquiry software for
detection of capabilities
and delivers this
information to higher
lever services
Connectivity
Contains services allowing
Communicaion
Transport
Routing
Naming
Globus toolkit
Communication
Authentication
Authentication
Single sign on
Delegaion
Integration with local
security solutions
User-based trust
relationships
TCP/IP
GSI – Grid Security
Infrastructure
TLS – Transport Layer
Security protocols
X.509 certificates
User-based trusts
GAA – Generic
Authorization and Access
interface
Helps integration with local
policies
Resource
Contains services for
Information – structure
and state of the resource
Management – negotiate
access, perform
operations, accounting
Globus toolkit
GRIP(S) – Grid Resource
Information Protocol
(Service)
Based on LDAP
GRRP – Grid Resouce
Registration Protocol
GRAM – Grid Resource
Access and Management
protocol
GridFTP
Uses sercurity protocols
Collective
Contains global Grid
services
Directory services
Co-allocation, scheduling
Monitoring
Data replication
Grid-enabled
programming systems
Workload management
Software discovery
Community authorization
Accounting
Globus toolkit
GIIS – Grid Information
Index Server
DUROC co-allocator
MPICH-G2
Globus Toolkit™ components
Security
GSI – Grid Security Infrastructure
Resource Management
GRAM – Grid Resource Allocation Manager
Information Services
MDS – Monitoring and Discovery Service
globusrun
RSL
gatekeeper
job manager
DUROC – Dynamically-Updated Request Online Coallocator
GRIS – Grid Resource Information Service
GIIS – Grid Index Information Service
MDS Client
Data Management
GridFTP
GASS
GSI example
User
Single sign-on via “grid-id”
& generation of proxy cred.
User Proxy
Proxy
credential
Or: retrieval of proxy cred.
from online repository
Remote process
creation requests*
GSI-enabled Authorize
Site A
GRAM server Map to local id
(Kerberos)
Create process
Generate credentials
Computer
Process
Kerberos
ticket
Communication*
Local id
Restricted
proxy
Ditto
Remote file
access request*
* With mutual authentication
Site C
(Kerberos)
Storage
system
GSI-enabled
GRAM server
Site B
(Unix)
Computer
Process
Local id
Restricted
proxy
GSI-enabled
FTP server
Authorize
Map to local id
Access file
Globus Toolkit™ installation
Choose packages (Client/Server/SDK)
Source packages
Binary packages
Extra packages
GPT – Globus Packaging Tool
Used for install/build disrtibution packages
gpt-install <options> <package-name>
<flavor[s]>
gpt-build <options> <package-name>
<flavor[s]>
gpt-postinstall
Globus Toolkit™ packages
Package
Flavor
Data Management Client
gcc32dbg
Data Management SDK
gcc32dbg
Data Management Server
gcc32dbg
Information Services Client
gcc32dbgpthr
Information Services Server
gcc32dbgpthr
Information Services SDK
gcc32dbgpthr
Resource Management Client
gcc32dbg
Resource Management SDK
gcc32dbg
Resource Management Server
gcc32dbg
Replica
gcc32dbgpthr
GSI
gcc32dbg
Globus Toolkit™ installation
After deploying the selected packages and running
gpt-postinstall we execute
setup-gsi – configures grid serurity
In order to use the installation we need to acquire
certificates
user certificate
host certificate
grid-cert-request – creates usercert-request.pem
grid-cert-request –host <hostname> – creates
host.req
LDAP certificate
grid-cert-request –cn “ldap/hostname” – creates
server.req
Globus Toolkit™ installation
Globus services installation
In /etc/services insert
Gsigatekeeper 2119/tcp #Globus Gatekeeper
gsiftp
2811/tcp #GridFTP
xinetd/globus-gatekeeper
service gsigatekeeper {
socket_type = stream
protocol = tcp
wait = no
user = root
server = GLOBUS_LOCATION/sbin/globus-gatekeeper
server_args = -conf GLOBUS_LOCATION/etc/globusgatekeeper.conf
disable = no
}
Similar for grid-ftp
Globus Toolkit™ verification
To test the functionality of the gatekeeper
execute
grid-proxy-init -debug -verify
globus-personal-gatekeeper –start
Starts personal proxy and returns our contact string
hostname:4589:/O=Grid/O=Globus/CN=Your Name
To execute a command we use
globus-job-run <contact> /bin/date
Globus Toolkit™ verification
MDS test
SXXgris start – starts the GRIS/GIIS server
grid-info-search -anonymous -L – starts a test
query to the local GRIS
GridFTP test
grid-proxy-init – start the proxy
in.ftpd -s -p 5678 – start the ftp server
globus-url-copy -s "`grid-cert-info subject`“ gsiftp://localhost:5678/tmp/file1
file:///tmp/file2
Globus Toolkit™ clients
GRAM Clients
globus-job-run – online interface for job submition
globus-job-run 'contact string' command
globus-job-submit – batch job submition
globus-job-submit 'contact string' command
globusrun – executes a RSL script
MDS Clients
grid-info-host-search - client to a GRIS server
grid-info-search - client to a GIIS server
grid-info-host-search -p port hostname "LDAP
filter"
grid-info-search [-x]
GridFTP Clients
globus-url-copy
globus-url-copy sourceURL destURL
RSL Example
+( & (resourceManagerContact=
“flash.isi.edu:754:/C=US/…/CN=flash.isi.edu-fork”)
(count=1)
(label="subjob A")
Different resource
(executable= my_app1)
managers
)
Different ( & (resourceManagerContact=
counts
“sp139.sdsc.edu:8711:/C=US/…/CN=sp097.sdsc.edu-lsf")
(count=2)
(label="subjob B")
Different executables
(executable=my_app2)
)
CoG – Community Grid
CoG is a Java based
Globus Toolkit
interface. It can be
used by normal users
for easy access to the
Grid.