Presentation is loading. Please wait.

Presentation is loading. Please wait.

LCG Pilot Jobs and glexec John Gordon.

Published byMagnus McLaughlin Modified over 8 years ago

Similar presentations

Presentation on theme: "LCG Pilot Jobs and glexec John Gordon."— Presentation transcript:

1 j.c.gordon@rl.ac.uk LCG Pilot Jobs and glexec John Gordon

2 j.c.gordon@rl.ac.uk LCG History  Pilot jobs were designed to deliver workload to sites which are known to work for a VO and to bypass delays in job submission.  Pilot jibs which pull in jobs from a variety of users break the current Acceptable Use Policy in EGEE/WLCG/OSG(?)  Some sites are content that identity change is auditable and that information is available to trace the owner of a job. Some sites insist that the identity of running processes must be transparent to the site.  Glexec was developed at NIKHEF as an acceptable, auditable and secure way to change the identity under which a job runs.  It can run in three modes Do nothing, Log identity change, change identity of job  If glexec is installed in one of these modes at every site then pilot jobs can be set to use it.

3 j.c.gordon@rl.ac.uk LCG Status  Experiments were asked at a recent GDB what they will do if they cannot use pilot jobs at particular sites.  ATLAS, CMS, Alice said they could live with it.  LHCb said it was a showstopper  Sites have a suspicion that VOs will run (are running?) Pilot Jobs anyway.  Some sites have listed their concerns/objections to glexec.  TCG permission is required to add glexec to glite release  If this is done without consensus then it will not be deployed everywhere and VOs will not be able to rely on it.

4 j.c.gordon@rl.ac.uk LCG Example Site Requirements  The UK(I) does not accept glexec in its present state and will not recommend its deployment.  Before we will reconsider its deployment we require to see:  a satisfactory code inspection wrt security.  an AUP with VOs agreed in principle by sites (in general through GDB) and all 4 LHC VOs.  a satisfactory analysis of the effect on the supported batch systems and accounting of identity changes.  glexec should be simple and safe to configure. Simple so that all sysadmins can understand what they are doing and safe so that misconfigurations do not inadvertently lead to security exposures.  The three flavours of glexec should exist as separate binaries and not as one with a configuration switch. Each of these should satisfy all package dependencies. e.g., dependencies should express some requirement for an abstract "glexec" property, which is satisfied by "glexec-null" or "glexec-suid" etc.

5 j.c.gordon@rl.ac.uk LCG Recent Developments  NIKHEF have been willing to consider requirements and countering criticisms  STFC have started a code/architecture review

6 j.c.gordon@rl.ac.uk LCG Future  Some sites object on principle to sudo-like code running on machines with general user access. These sites are unlikely ever to run glexec in full mode but this does not rull out the logging mode  I believe that if concerns are addressed then we can reach a consensus that will enable GDB to recommend the deployment of glexec to TCG

Download ppt "LCG Pilot Jobs and glexec John Gordon."

Similar presentations

CREAM John Gordon GDB November 2009. CREAM number of sites now – gstat2 says 24. Batch systems supported Experiment Tests Feedback from sites. Evaluation.

CREAM John Gordon GDB November CREAM number of sites now – gstat2 says 24. Batch systems supported Experiment Tests Feedback from sites. Evaluation.
Jan 2010 Current OSG Efforts and Status, Grid Deployment Board, Jan 12 th 2010 OSG has weekly Operations and Production Meetings including US ATLAS and.

Jan 2010 Current OSG Efforts and Status, Grid Deployment Board, Jan 12 th 2010 OSG has weekly Operations and Production Meetings including US ATLAS and.
Pilots 2.0: DIRAC pilots for all the skies Federico Stagni, A.McNab, C.Luzzi, A.Tsaregorodtsev On behalf of the DIRAC consortium and the LHCb collaboration.

Pilots 2.0: DIRAC pilots for all the skies Federico Stagni, A.McNab, C.Luzzi, A.Tsaregorodtsev On behalf of the DIRAC consortium and the LHCb collaboration.
LCG Milestones for Deployment, Fabric, & Grid Technology Ian Bird LCG Deployment Area Manager PEB 3-Dec-2002.

LCG Milestones for Deployment, Fabric, & Grid Technology Ian Bird LCG Deployment Area Manager PEB 3-Dec-2002.
SSC2 and Update on Multi-user Pilot Jobs Framework Mingchao Ma, STFC – RAL HEPSysMan Meeting 20/06/2008.

SSC2 and Update on Multi-user Pilot Jobs Framework Mingchao Ma, STFC – RAL HEPSysMan Meeting 20/06/2008.
LCG Accounting Reporting Update John Gordon, CCLRC LCG Grid Deployment Board 5 th April 2006.

LCG Accounting Reporting Update John Gordon, CCLRC LCG Grid Deployment Board 5 th April 2006.
CERN IT Department CH-1211 Genève 23 Switzerland www.cern.ch/i t EIS section review of recent activities Harry Renshall Andrea Sciabà IT-GS group meeting.

CERN IT Department CH-1211 Genève 23 Switzerland t EIS section review of recent activities Harry Renshall Andrea Sciabà IT-GS group meeting.
Monitoring the Grid at local, national, and Global levels Pete Gronbech GridPP Project Manager ACAT - Brunel Sept 2011.

Monitoring the Grid at local, national, and Global levels Pete Gronbech GridPP Project Manager ACAT - Brunel Sept 2011.
Deployment Issues David Kelsey GridPP13, Durham 5 Jul 2005

Deployment Issues David Kelsey GridPP13, Durham 5 Jul 2005
PanDA Multi-User Pilot Jobs Maxim Potekhin Brookhaven National Laboratory Open Science Grid WLCG GDB Meeting CERN March 11, 2009.

PanDA Multi-User Pilot Jobs Maxim Potekhin Brookhaven National Laboratory Open Science Grid WLCG GDB Meeting CERN March 11, 2009.
LCG Plans for Chrsitmas Shutdown John Gordon, STFC-RAL GDB December 10 th, 2008.

LCG Plans for Chrsitmas Shutdown John Gordon, STFC-RAL GDB December 10 th, 2008.
INFSO-RI-508833 Enabling Grids for E-sciencE www.eu-egee.org VO BOX Summary Conclusions from Joint OSG and EGEE Operations Workshop - 3 Abingdon, 27 -

INFSO-RI Enabling Grids for E-sciencE VO BOX Summary Conclusions from Joint OSG and EGEE Operations Workshop - 3 Abingdon, 27 -
EGEE-III INFSO-RI-222667 Enabling Grids for E-sciencE www.eu-egee.org EGEE and gLite are registered trademarks Angela Poschlad (PPS-FZK), Antonio Retico.

EGEE-III INFSO-RI Enabling Grids for E-sciencE EGEE and gLite are registered trademarks Angela Poschlad (PPS-FZK), Antonio Retico.
8-Jul-03D.P.Kelsey, LCG-GDB-Security1 LCG/GDB Security (Report from the LCG Security Group) RAL, 8 July 2003 David Kelsey CCLRC/RAL, UK

8-Jul-03D.P.Kelsey, LCG-GDB-Security1 LCG/GDB Security (Report from the LCG Security Group) RAL, 8 July 2003 David Kelsey CCLRC/RAL, UK
SL6 Status at Oxford. Status  SL6 EMI-3 CREAMCE  SL6 EMI3 WN and gLExec  Small test cluster with three WN’s  Configured using Puppet and Cobbler 

SL6 Status at Oxford. Status  SL6 EMI-3 CREAMCE  SL6 EMI3 WN and gLExec  Small test cluster with three WN’s  Configured using Puppet and Cobbler 
GLite – An Outsider’s View Stephen Burke RAL. January 31 st 2005gLite overview Introduction A personal view of the current situation –Asked to be provocative!

GLite – An Outsider’s View Stephen Burke RAL. January 31 st 2005gLite overview Introduction A personal view of the current situation –Asked to be provocative!
Mine Altunay July 30, 2007 Security and Privacy in OSG.

Mine Altunay July 30, 2007 Security and Privacy in OSG.
Pilot Jobs John Gordon Management Board 23/10/2007.

Pilot Jobs John Gordon Management Board 23/10/2007.
LCG Pilot Jobs + glexec John Gordon, STFC-RAL GDB 7 November 2007.

LCG Pilot Jobs + glexec John Gordon, STFC-RAL GDB 7 November 2007.
Glexec, SCAS & CREAM. Milestones CREAM-CE capable of large-scale direct job submission Glexec & SCAS capable of large-scale use on WN in logging only.

Glexec, SCAS & CREAM. Milestones CREAM-CE capable of large-scale direct job submission Glexec & SCAS capable of large-scale use on WN in logging only.

Similar presentations

Ads by Google