Presentation is loading. Please wait.

Presentation is loading. Please wait.

CHEP 2010 Taipei, 19 October 2010 - 1 Predrag Buncic Jakob Blomer, Carlos Aguado Sanchez, Pere Mato, Artem Harutyunyan CERN/PH-SFT.

Published bySydney Edwards Modified over 7 years ago

Similar presentations

Presentation on theme: "CHEP 2010 Taipei, 19 October 2010 - 1 Predrag Buncic Jakob Blomer, Carlos Aguado Sanchez, Pere Mato, Artem Harutyunyan CERN/PH-SFT."— Presentation transcript:

1 CHEP 2010 Predrag.Buncic@cern.ch Taipei, 19 October 2010 - 1 Predrag Buncic Jakob Blomer, Carlos Aguado Sanchez, Pere Mato, Artem Harutyunyan CERN/PH-SFT CernVM: Minimal Maintenance Approach to the Virtualization

2 CHEP 2010 Predrag.Buncic@cern.ch Taipei, 19 October 2010 - 2 Aims to provide a complete, portable and easy to configure user environment in form of a Virtual Machine for developing and running LHC data analysis locally and on the Grid independent of physical software and hardware platform (Linux, Windows, MacOS)  Code check-out, edition, compilation, local small test, debugging, …  Grid submission, data access…  Event displays, interactive data analysis, …  Suspend, resume… Project started 01/01/2008, funded for 4 years Web site: http://cernvm.cern.chhttp://cernvm.cern.ch CernVM R&D Project

3 CHEP 2010 Predrag.Buncic@cern.ch Taipei, 19 October 2010 - 3 CernVM Users ~3250 different IP addresses

4 CHEP 2010 Predrag.Buncic@cern.ch Taipei, 19 October 2010 - 4 CernVM Usage History

5 CHEP 2010 Predrag.Buncic@cern.ch Taipei, 19 October 2010 - 5 Next step PCMac Linux

6 CHEP 2010 Predrag.Buncic@cern.ch Taipei, 19 October 2010 - 6 Is CernVM suitable for deployment on Grid infrastructure? What are the benefits of going CernVM way comparing to more traditional 1) approach to batch node virtualization? 1)Traditional approach: Take “standard” batch node [2GB] and add experiment software [10GB] and generate VM image. Have experiment and security team certify the image, deploy it to all sites and worker nodes. Repeat this procedure 1-2 times per week and per experiment.

7 CHEP 2010 Predrag.Buncic@cern.ch Taipei, 19 October 2010 - 7 1. Minimal Linux OS (SL5) 2. CernVM-FS - HTTP network file system optimized for jus in time delivery of experiment software 3. Configuration and contextualization mechanism CernVM Way

8 CHEP 2010 Predrag.Buncic@cern.ch Taipei, 19 October 2010 - 8 Part #1: Minimal OS image Just enough OS to run LHC applications Built using commercial tool (rBuilder by rPath)  Top-down approach - starting from application and automatically discovering dependencies Small images (250MB), easy to move around

9 CHEP 2010 Predrag.Buncic@cern.ch Taipei, 19 October 2010 - 9 scientific.rpath.org@rpath:sl-5 rpm - imported or encapsulated into conary package cernvm.cern.ch@cvm:cernvm-2 Amazon AMI VMware, VirtualBox, QEMU, KVM, Parallels, HyperV, Xen x86, x86_64 … rBuilder  Initially conceived targeting ISVs (Independent Software vendors) Evolving toward end-to-end solution for process automation  Supports component and image Development -> QA -> Release cycles  Supports deployment of built images on multiple cloud back-ends  Provides several upstream platforms (CentOS, Ubunty, RHEL, rPath Linux, SL5) on which appliance can be based

10 CHEP 2010 Predrag.Buncic@cern.ch Taipei, 19 October 2010 - 10 Repository Versioning conary package manager  inspects every file on the system, detects dependencies, stores application binaries and sources into database and automatically versions components  allows updates, rollbacks and can reproduce exact system configuration at any time using multiple public and private repositories

11 CHEP 2010 Predrag.Buncic@cern.ch Taipei, 19 October 2010 - 11 Built in OS update mechanism Minimal OS configuration translates into less frequent needs for updates and results in more secure virtual environment

12 CHEP 2010 Predrag.Buncic@cern.ch Taipei, 19 October 2010 - 12  Experiment software is changing frequently and we want to avoid need to frequently update, certify and redistribute VM images with every release  Only a small fraction of software release is really used  CernVM-FS: Read-only, network (HTTP) file system optimized for efficient software delivery. See: J.Blomer (PS06-5-434)PS06-5-434) Part #2: CernVM-FS

13 CHEP 2010 Predrag.Buncic@cern.ch Taipei, 19 October 2010 - 13 CernVM-FS 0.48  Deployable on Virtual and Physical machines  Aggressively caches files and supports offline use  Performance equal or better than NFS on LAN, better than AFS on WAN

14 CHEP 2010 Predrag.Buncic@cern.ch Taipei, 19 October 2010 - 14 Security & Integrity Catalogs can be signed with X.509 certificate File integrity is verified on download using SHA1 checksum Access control (requiring users to register their VMs) could be implemented

15 CHEP 2010 Predrag.Buncic@cern.ch Taipei, 19 October 2010 - 15 Proxy Server Proxy Server Proxy Server Proxy Server CernVM HTTP server HTTP server HTTP server HTTP server Proxy Server Proxy Server Scalability Proxy and slave servers could be deployed on strategic locations to reduce latency and provide redundancy Working with ATLAS & CMS Frontier teams to reuse already deployed squid proxy infrastructure

16 CHEP 2010 Predrag.Buncic@cern.ch Taipei, 19 October 2010 - 16 CernVM-FS Summary Separation of responsibilities  We manage and certify VM, experiment manages VO software  VO s/w managers are not given access to VM image  Software installation and testing can be done prior to publishing in exactly the same environment as it will be seen by end use Automated configuration  CernVM-FS is automatically adjusts its configuration parameters based on client’s current location  CernVM clients automatically receive software updates No need for s/w installation/configuration that can easily go wrong Reduced load on experiment support teams Use of standard tools and protocols  Network friendly, scalable cache on client side, site squid caches, CDN.. Security and data integrity  Repository catalogue have checksums are signed and all files have checksums verified on download

17 CHEP 2010 Predrag.Buncic@cern.ch Taipei, 19 October 2010 - 17 There are several ways to contextualize CernVM  Web UI (for individual user)  amiconfig (for Amazon EC2 user)  CernVM Contextualization Agent  Hepix CDROM method Part #3: Contextualization

18 CHEP 2010 Predrag.Buncic@cern.ch Taipei, 19 October 2010 - 18 1. Login to Web interface 2. Create user account 3. Select experiment, appliance flavor and preferences As easy as 1,2,3

19 CHEP 2010 Predrag.Buncic@cern.ch Taipei, 19 October 2010 - 19 [cernvm] organisations = cms repositories = cms,grid users = cms:cms command = cms:/opt/cms/etc/gladein Environment = CMS_ROOT=/opt/cms

20 CHEP 2010 Predrag.Buncic@cern.ch Taipei, 19 October 2010 - 20 Contextualization Summary Basic principles:  Owner of VM instance can contextualize and configure it to run arbitrary service as unprivileged user  Site can use HEPIX method to inject monitoring and accounting hooks w/o functionally modifying the image  If such VM is used to host 3rd party jobs (pilot frameworks) they should run as unprivileged user Wide range of contextualization options does not necessarily compromise security  By allowing VM instances to be contextualized by their owners, we avoid need to build, distribute and audit many different instances  For more info on CernVM contextualization: https://cernvm.cern.ch/project/trac/cernvm/wiki/EC2Contextualization https://cernvm.cern.ch/project/trac/cernvm/wiki/EC2Contextualization

21 CHEP 2010 Predrag.Buncic@cern.ch Taipei, 19 October 2010 - 21 Conclusions CernVM is gaining the trust of users making them comfortable with use of virtualization technology In combination with various contextualization options and CernVM-FS, just one small image can run frameworks of all LHC experiments and be easily moved around requiring far less updates than traditional SL5 worker node Strongly versioned repository provides full account of image content and allows upgrades and rollbacks CernVM-FS provides efficient, scalable, secure, standard and maintenance free way do distribute software in CernVM and physical nodes alike Flexible contextualization options allow the same small image to play different roles reducing the need for creation and certification of specialized images Using maximal process automation we derived minimal OS platform that is ready be deployed on various service infrastructures, does not require significant maintenance effort and does not compromise security

22 CHEP 2010 Predrag.Buncic@cern.ch Taipei, 19 October 2010 - 22 Backup slides

23 CHEP 2010 Predrag.Buncic@cern.ch Taipei, 19 October 2010 - 23 CernVM contextualization service Artem.Harutyunyan@cern.c h CHEP 2010 Taipei, October 21 2010 23

Download ppt "CHEP 2010 Taipei, 19 October 2010 - 1 Predrag Buncic Jakob Blomer, Carlos Aguado Sanchez, Pere Mato, Artem Harutyunyan CERN/PH-SFT."

Similar presentations

Software change management

Software change management
Configuration management

Configuration management
HEPiX Virtualisation Working Group Status, July 9 th 2010

HEPiX Virtualisation Working Group Status, July 9 th 2010
Content Overview Update Process Additional Tools.

Content Overview Update Process Additional Tools.
Grid and CDB Janusz Martyniak, Imperial College London MICE CM37 Analysis, Software and Reconstruction.

Grid and CDB Janusz Martyniak, Imperial College London MICE CM37 Analysis, Software and Reconstruction.
Monitor Linux OS health & performance Monitor log files Monitor JEE app servers Monitor line-of-business applications Monitor databases and web.

Monitor Linux OS health & performance Monitor log files Monitor JEE app servers Monitor line-of-business applications Monitor databases and web.
VAP What is a Virtual Application ? A virtual application is an application that has been optimized to run on virtual infrastructure. The application software.

VAP What is a Virtual Application ? A virtual application is an application that has been optimized to run on virtual infrastructure. The application software.
1 port BOSS on Wenjing Wu (IHEP-CC) 2011-5-10.

1 port BOSS on Wenjing Wu (IHEP-CC)
 To explain the importance of software configuration management (CM)  To describe key CM activities namely CM planning, change management, version management.

 To explain the importance of software configuration management (CM)  To describe key CM activities namely CM planning, change management, version management.
INFSO-RI-508833 Enabling Grids for E-sciencE www.eu-egee.org SA1: Cookbook (DSA1.7) Ian Bird CERN 18 January 2006.

INFSO-RI Enabling Grids for E-sciencE SA1: Cookbook (DSA1.7) Ian Bird CERN 18 January 2006.
Predrag Buncic (CERN/PH-SFT) CernVM - a virtual software appliance for LHC applications C. Aguado-Sanchez 1), P. Buncic 1), L. Franco 1), A. Harutyunyan.

Predrag Buncic (CERN/PH-SFT) CernVM - a virtual software appliance for LHC applications C. Aguado-Sanchez 1), P. Buncic 1), L. Franco 1), A. Harutyunyan.
1 The new Fabric Management Tools in Production at CERN Thorsten Kleinwort for CERN IT/FIO HEPiX Autumn 2003 Triumf Vancouver Monday, October 20, 2003.

1 The new Fabric Management Tools in Production at CERN Thorsten Kleinwort for CERN IT/FIO HEPiX Autumn 2003 Triumf Vancouver Monday, October 20, 2003.
Presented by: Reem Alshahrani. Outlines What is Virtualization Virtual environment components Advantages Security Challenges in virtualized environments.

Presented by: Reem Alshahrani. Outlines What is Virtualization Virtual environment components Advantages Security Challenges in virtualized environments.
Predrag Buncic (CERN/PH-SFT) WP9 - Workshop Summary

Predrag Buncic (CERN/PH-SFT) WP9 - Workshop Summary
EVGM081 Multi-Site Virtual Cluster: A User-Oriented, Distributed Deployment and Management Mechanism for Grid Computing Environments Takahiro Hirofuchi,

EVGM081 Multi-Site Virtual Cluster: A User-Oriented, Distributed Deployment and Management Mechanism for Grid Computing Environments Takahiro Hirofuchi,
Predrag Buncic (CERN/PH-SFT) Introduction to WP9 Portable Analysis Environment Using Virtualization Technology IBM-VM 360, CERNVM,

Predrag Buncic (CERN/PH-SFT) Introduction to WP9 Portable Analysis Environment Using Virtualization Technology IBM-VM 360, CERNVM,
Changes to CernVM-FS repository are staged on an “installation box using a read/write file system interface. There is a dedicated installation box for.

Changes to CernVM-FS repository are staged on an “installation box" using a read/write file system interface. There is a dedicated installation box for.
DPHEP Workshop CERN, December 7 2009 - 1 Predrag Buncic (CERN/PH-SFT) CernVM R&D Project Portable Analysis Environments using Virtualization.

DPHEP Workshop CERN, December Predrag Buncic (CERN/PH-SFT) CernVM R&D Project Portable Analysis Environments using Virtualization.
NA61/NA49 virtualisation: status and plans Dag Toppe Larsen CERN 08.10.2012.

NA61/NA49 virtualisation: status and plans Dag Toppe Larsen CERN
WLCG Overview Board, September 3 rd 2010 P. Mato, P.Buncic Use of multi-core and virtualization technologies.

WLCG Overview Board, September 3 rd 2010 P. Mato, P.Buncic Use of multi-core and virtualization technologies.

Similar presentations

Ads by Google