Presentation on theme: "Overview of the FutureGrid Software"— Presentation transcript:
1Overview of the FutureGrid Software Presented by Gregor von LaszewskiIndiana UniversityWorkshop on High Performance Applications of Cloud and Grid ToolsArgonne, ILApril 14, 2011
2A more detailed version is available from the FG web site at https://portal.futuregrid.org
3Outline 2 Overview Access Services Management Services Operations Services5. We will not much go into:Base Software and ServicesFabricSoftware for Development & Support Resources345
4Outline 2 Overview Access Services Management Services Operations Services5. We will not much go into:Base Software and ServicesFabricSoftware for Development & Support Resources345
5Goals of the Software Support Diverse User Community Application developers, Middleware developers, System administrators, Educators, Application users Support for Shifting Technology BaseInfrastructure as a Service (IaaS), and Platform as a Service (PaaS) paradigms In IaaS we see less important role of EucalyptusNimbus: Our main IaaS framework. Rapidly evolving Several releases a year, our funded partner!OpenNebula: Important project in EuropeOpenStack: Expected to take large share of user base from Eucalyptus due to strong partners and open source philosophyPaaS are rapidly evolving
6Goals of the Software Support of Diverse Access Models Persistent Endpoints: Unicore, gLite, Genesis II, Nimbus, Eucalyptus, OpenStack, OpenNebula, HPCUser just wants to use a preinstalled frameworkUser wants to compare HPC with framework xDynamically Provisioned Frameworks: install cloned versions with modifications of the above + my own frameworkMiddleware developer provides next generation softwareCommunity: I want to showcase my serviceEnable viral contribution model to services offerend in FutureGrid
7Goals of SoftwareProvide Management Capabilities for Reproducible ExperimentsConveniently define, execute, and repeat application or grid and cloud middleware experiments within interacting software “stacks” that are under the control of the experimenter.Leverage from previous experiments.Terminology: Experiment Session & Apparatus
8Differentiation FG vs. Amazon Multiple alternative IaaS frameworks Control of resource mappingDevelopment of middleware, not just using it OS level work possible not just virtualized environmentWindows and LinuxPerformance comparisonFG vs.TeraGrid » XDEnvironment is customizableDynamically provisioning software as needed onto “bare-metal”exploit both the innovative technologies available and the interactive usage mode of FutureGridRicher environment, not just traditional HPCTG software + IaaS, PaaS & HPCDifferent spectrum of usecomputer science systems, interoperability, clouds, education and bioinformatics
9FG Development and Support Fabric/Resources: FG Fabric: hardware resources: computational resources, storage servers, and network infrastructure including the network impairment device.FG Development and Support Fabric/Resources: servers for portals, ticket systems, task management systems, code repositories, a machine to host an LDAP server and other services.FG Management Services: The management services are centered around FG experiments and the overall system integration, including information services and raining/dynamic provisioning software stacks and environments on the Fabric. FG Access Services:contain variety of services: IaaS, PaaS, SaaS, and classical Libraries that provide a service as an infrastructure to the users such as accessing MPI and others.FG Operations Services: a website, wiki, task management system to coordinate the software development tasks; ticket systemSecurity and Auccounting Services
10Software Roadmap PY1: Enable general services: HPC, Nimbus, Eucalyptus Explore dynamic provisioning via queuing systemExplore raining an environment (Hadoop)PY2:Provide dynamic provisioning via queuing systemDeploy initial version of fg-rain, fg-hadoop, ...Explore replication of experimentsAllow users to contribute images Deploy OpenNebula, OpenStackPY3:Deploy replication of experimentsDeploy replication of comparative studiesPY4:Harden software for distribution
11Outline 2 Overview Access Services Management Services Operations Services5. We will not much go into:Base Software and ServicesFabricSoftware for Development & Support Resources345
12FutureGrid Web Portal: Requirements Present information from diverse sources Status of the Resources, Software, and offered services: Inca, PBS, XCAT, ...Information on how to use FG: Manual, FAQ/IU Knoweledge Base, General information about the projectUnified search: All relevant material integrated in a single search functionRole based access: user, sysadmin, approval committee, editorSupport FG specific processesProject Management: List/create/join/approve projects, provide personal view, list/report resultsExperiment Management: List/create/monitor experiments; image Management: manage images used in experiments,; share/clone/verify images Account Management: Integrate with the FG account management processes, allow interface with SSO services (manage SSH key, OpenID, certificates, ....)Information Dissemination Management: through manual, FAQ/IU Knowledgebase, project & experiment information, editorial workflows, mailinglists/forum, RSS feeds, News, References
13FutureGrid Web Portal: Status Implementation Based on Drupal: proven open CMS with access controlUse of proven Drupal community extensions: no development needed for them, but configurationNew deployment: re-deployment, with FG processes in mind, not just web site Available Features (PY1, PY2 ...)Drupal: forum, news, polls, information tables, page management, user management, theme, book layout (for manual), FAQ, references, OpenIDFG specific: supporting FG processes: account management; project management including FG experts, project approval committee; information dissemination to support FG these processes; SSH key managementFuture Features (FG specific, PY...) :Eucalyptus: Support SSO management features for Eucalyptus (PY2 Q4); Integration of iPlant Atmosphere (PY2 Q2-3)Experiment Management: List/create/monitor experiments (v0 PY3 Q1); image Management: manage images used in experiments (v0 PY2 Q3); share/clone/verify images (v0 PY2 Q4)Account Management: Verify account data in the LDAP server (PY2 Q2)Information Dissemination Management: improve editorial workflows (v1 PY2 Q3), extend RSS feeds (v1 PY2 Q4); unified KB search (PY3)Integration with TG user portal: identify path once XD plan is available to us
15Outline 2 Overview Access Services Management Services Operations Services5. We will not much go into:Base Software and ServicesFabricSoftware for Development & Support Resources345
16Dynamic Provisioning Archit Kulshrestha Gregor von Laszewski Greg Pike Fugang WangArchit Kulshrestha Warren SmithIndiana UniversityTACC5 minutesKey PointsCustomizable environmentNot just images on IaaSOperating system level
18FG RAIN Command fg-rain –h hostfile –iaas nimbus –image img fg-rain –h hostfile –paas dryad …fg-rain –h hostfile –image imgthe default way if I do not care about IaaSfg-rain –h hostfile –paas hadoop … __________________________ | fg-hadoop ....
19Image Management Fugang Wang Andrew Younge Gregor von Laszewski Indiana University5 minutesKey PointsAbstraction layer that deals with all FG images.Service oriented architecture so interaction with other modules could be easily achieved.Layered design so the choose of concrete implementation is flexible. E.g., provide alternative data storage mechanism.
20Image Management Use Cases Requirements Generate Images Upload, search, clone, ... standard formatSecurity reviewAccess images with the same functionality but run on different IaaS frameworksShare Images with colleagues Create an image for me with features x,y,z, allow my FG project team members to loginRequirementsGenerate ImagesNeeded as part of security architectureConsistencyProvide assistance to usersProvide integration with LDAP Store ImagesIntegrate with different image repository systemsIntegrate with image creation module, and dynamic provisioning Access InterfacesCommandline, portal, and REST interfaces
21Image Creation Process Creating deployable imageUser chooses one base magesUser decides who can access the image; what additional software is on the imageImage gets generated; updated; and verifiedImage gets deployedDeployed image gets continuouslyUpdated; and verifiedNote: Due to security requirement an image must be customized with authorization mechanismWe are not creating NxN images as many users will only need the base imageAdministrators will use the same process to create the images that are vetted by themAn image gets customized through integration via a CMS process
22Image Management Implementation Deployment Review Layered architecture; Web Services; Data access abstraction; Command line interface; Python; Integration with FG security frameworkDeploymentFirst deploy a centralized repository store based solution; then expand to provide distributed/replicated based one.First deploy a number of base images and test mechanismIntegrate community contributed imagesReviewContinue to work with security experts (Von Welch formerly NCSA security expert was just hired by IU, ...).
23Image Management Milestones Risks PY1 Designed and prototyped an Image Repository & Generation servicesPrototyped configuration management system for use with bare metal and virtual machinesPY2 Q1 Deliver and test an alpha release of the image generation toolsQ2 Deliver repository on each resourceQ2 Integrate LDAP authentication into image management servicesQ3 Distributed repository databaseQ3 Provide an updated image generation service in beta releasePY3 REST interfaces & Portal interfacePY4Dynamic user pattern governs image creationRisksThere will never be a secure image regardless which technology we useHigh level of integration with the various IaaS technologiesStandards are under developmentSome users may want to bypass the mechanismI have my code developed 30 years ago, please run it .... but ... what about all the exploits ....
25Experiment Management RequirementsAssemble and release resourcesExecute actions on assembled resourcesMonitor actions and resultsRecord and archive information about an experimentAllow experiments to be repeated as run or with modificationsUse CasesWorkflow-based experiment managementInteractive experiment managementA mix of the two
26Experiment Management DesignProvide tools to coordinate experiment executionInteract with a number of FutureGrid servicesSupport several usage modelsWorkflowInteractiveHybridStore experiment information for later useService
27Monitoring and Information Services Presenters:Shava Smallen (SDSC)Piotr Luszczek (UTK)9 minutes
28Monitoring and Information RequirementsUse casesCan a user submit a job to each HPC resource?How much time does it take for a user to create an experiment?What is the number of VM instances deployed in Nimbus and Eucalyptus?How many users are utilizing the system?What is the machine performance (HPCC, SPEC, etc.)What is the utilization of machines?What is the network performance?Detect functional and performance problems on FutureGridCollect basic information and usage about components Compare the performance of FG to other systemsRe-use existing componentsMeasurement results are stored historicallyMinimal system impactFlexible query interface
29Inca http//inca.futuregrid.org Statistics displayed from HPCC performance measurementStatus of basic cloud testsHistory of HPCC performanceInformation on machine partitioning
30Outline 2 Overview Access Services Management Services Operations Services5. We will not much go into:Base Software and ServicesFabricSoftware for Development & Support Resources345
31Security and Account Management Gregor von Laszewski, Gregory Pike, Archit Kulshrestha, Fugang Wang, David LaBissoniereIndiana UniversityUniversity of ChicagoPresenter: Gregor von Laszewski6 minutesKey PointsUse LDAP to achieve a centralized account management framework, though the deployment could be based on replica.Account management through command line and portal.Configuration management system like BCFG2 is used to set access control on images/provisioned systems.
32Security & Account Management Use CasesImmediate acces to HPC, Nimbus, Eucalyptus upon membership of an approved project Audit trail in case of security incidentIntroduction of a FG "credit card", e.g. accounting mechanismKey Management and RevocationRequirementsSingle Sign OnExcept for isolated experimental systemsOpenID integrationAccounting (XD, ...)Auditing (XD TAS, ...)Integration with various Services: HPC, Nimbus, Eucalyptus, Unicore, gLite, Genesis II, ... Consider the security issues involved with Image ManagementIntegration with XD (work with XD)Explore InCommon
33Security Architecture PortalIdentity Management Service LDAP + Portal
34Software Roadmap PY1: Enable general services: HPC, Nimbus, Eucalyptus Explore dynamic provisioning via queuing systemExplore raining an environment (Hadoop)PY2:Provide dynamic provisioning via queuing systemDeploy initial version of fg-rain, fg-hadoop, ...Explore replication of experimentsAllow users to contribute images for "raining"Deploy OpenNebula, OpenStackPY3:Deploy reproducibility of experimentsDeploy reproducibility of comparative studiesPY4:Harden software for distribution