Presentation on theme: "Andrew McNab - Manchester HEP - 2 May 2002 Testbed and Authorisation EU DataGrid Testbed 1 Job Lifecycle Software releases Authorisation at your site Grid/Web."— Presentation transcript:
Andrew McNab - Manchester HEP - 2 May 2002 Testbed and Authorisation EU DataGrid Testbed 1 Job Lifecycle Software releases Authorisation at your site Grid/Web integration More EDG and TB information
Andrew McNab - Manchester HEP - 2 May 2002 EU DataGrid Officially started 1st January 2001 Partners: CERN, CNRS, ESA, INFN, NIKHEF, PPARC Other contributions from HEP institutes (eg in NorduGrid countries) and other Grid projects (eg core UK e-Science) Management and software organised into Work Packages: –WP1 Resource Management (“job submission”) –WP2 Data Management –WP3 Information and Monitoring Services –WP4 Fabric Management (eg local installation and management tools) –WP5 Mass Storage –WP6 Testbeds (include Integration and support for the Testbed grid.) –WP7 Networking –WP8,9,10 Applications
Andrew McNab - Manchester HEP - 2 May 2002
Software Releases Have 3 major releases to coincide with three yearly Testbeds 1, 2 and 3 Have minor releases every 2 months, and then patch level releases between those: currently at (deployed last week) Currently, the only supported platform is RedHat 6.2 on Intel. Software is stored in a central CVS and published via a public HTTP server (http://datagrid.in2p3.fr) in RPM format. This includes EDG-authored software, a distribution of Globus (contributed by GridPP) and any external packages and updates not included in out-of-the-box RedHat 6.2. The official installation procedure is to use LCFG, contributed by Edinburgh and customised by WP4. Will support RedHat 7.2 in next release.
Andrew McNab - Manchester HEP - 2 May 2002 Authorisation at a site a.k.a “how do I maintain the list of certificate names (people) that can use my Testbed site?” WP6 provides a standard way of publishing lists of certificate names via an LDAP server, and selecting subsets based on group or “Virtual Organisation” (eg experiment) affiliation. gridmapdir patch to Globus provides dynamic user account allocation from a pool. Each LHC experiment maintains a “VO Server” and populates it with the DNs of their members. VO’s also exist for WP6, BaBar and GridPP.
Andrew McNab - Manchester HEP - 2 May 2002 Going from UID to Grid ID Want to remove “long term” use of local Unix credentials (ie UID numbers) Dynamic, pool accounts allow temporary mapping of Grid identities onto a local UID. Have prototype certificate-based filesystem, with which files can be “owned” by a certificate DN –rights are controlled by an Access Control List. This part of a wider framework (“SlashGrid”) for creating “Grid-aware” filesystems, including remote file access. An ACL format in XML is being agreed as part of this –gacl library will provide a reference implementation/API.
Andrew McNab - Manchester HEP - 2 May 2002 Grid/Web Integration GridPP website uses GridSite, a certificate based web management system. Provides write access using Grid certificates loaded into unmodified web browsers. –Allows editing via forms, uploading files, /. style “news weblogs”, and automatic file history recording. Uses same ACL format as SlashGrid: –groups of DN’s managed through the website –fine-grained read, write and admin access control, so multiple people can maintain one subdirectory. Intend to blur the line between filesystem and Web using Grid tools: –access GridSite server through local filesystem via SlashGrid. –access remote resources via web browser, respecting file ACL’s and running remote CGI scripts using pool accounts/SlashGrid filesystems.
Andrew McNab - Manchester HEP - 2 May 2002 More information Main EDG site is –each Work Package has a website, usually with documents, mailing list archives etc about its software. WP6 Testbed information at –includes links to software repository, User and Installation Guides, bug tracking Bugzilla etc. UK Testbed support: SlashGrid: GridSite:
Andrew McNab - Manchester HEP - 2 May 2002 Summary EDG producing middleware components as part of a consistent distribution for testbed sites. Situation evolving rapidly, but central aim of job submission “to the Grid” via a Resource Broker is working. Software available to interested sites, and web and mailing list resources exist for support. Tools to remove UID dependency and integrate Grid/Web are being developed.