LCG A few slides for the discussion on VOMS Kors Bos, NIKHEF, Amsterdam GDB Oct.4, 2006.

Slides:

Advertisements

Similar presentations

The LHC experiments AuthZ Interoperation requirements GGF16, Athens 16 February 2006 David Kelsey CCLRC/RAL, UK

Advertisements

National Grid's Contribution to LHCb IFIN-HH Serban Constantinescu, Ciubancan Mihai, Teodor Ivanoaica.

Role Based VO Authorization Services Ian Fisk Gabriele Carcassi July 20, 2005.

1 User Analysis Workgroup Update  All four experiments gave input by mid December  ALICE by document and links  Very independent.

LHCb Quarterly Report October Core Software (Gaudi) m Stable version was ready for 2008 data taking o Gaudi based on latest LCG 55a o Applications.

December 17th 2008RAL PPD Computing Christmas Lectures 11 ATLAS Distributed Computing Stephen Burke RAL.

VOMS Alessandra Forti HEP Sysman meeting April 2005.

14 Aug 08DOE Review John Huth ATLAS Computing at Harvard John Huth.

Grid User Management System Gabriele Carcassi HEPIX October 2004.

Maarten Litmaath (CERN), GDB meeting, CERN, 2006/02/08 VOMS deployment Extent of VOMS usage in LCG-2 –Node types gLite 3.0 Issues Conclusions.

23-Oct-03D.P.Kelsey, LCG Security Update, HEPiX1 LCG Security Update HEPiX-HEPNT, TRIUMF, 23 October 2003 David Kelsey CCLRC/RAL, UK

AN INTEGRATED FRAMEWORK FOR VO-ORIENTED AUTHORIZATION, POLICY-BASED MANAGEMENT AND ACCOUNTING Andrea Caltroni 3, Vincenzo Ciaschini 1, Andrea Ferraro 1,

Getting started DIRAC Project. Outline  DIRAC information system  Documentation sources  DIRAC users and groups  Registration with DIRAC  Getting.

INFSO-RI Enabling Grids for E-sciencE LCAS/LCMAPS and WSS Site Access Control boundary conditions David Groep NIKHEF.

Overview of Privilege Project at Fermilab (compilation of multiple talks and documents written by various authors) Tanya Levshina.

Stephen Burke – Data Management - 3/9/02 Partner Logo Data Management Stephen Burke, PPARC/RAL Jeff Templon, NIKHEF.

Role Based VO Authorization Services Ian Fisk Gabriele Carcassi July 20, 2005.

US LHC OSG Technology Roadmap May 4-5th, 2005 Welcome. Thank you to Deirdre for the arrangements.

USATLAS deployment We currently use VOMS Role based authorization in production within USATLAS. In the VO we have defined 4 groups/roles that satisfy our.

VO Box Issues Summary of concerns expressed following publication of Jeff’s slides Ian Bird GDB, Bologna, 12 Oct 2005 (not necessarily the opinion of)

Last update 21/01/ :05 LCG 1Maria Dimou- cern-it-gd Current LCG User Registration, VO management and Authorisation Procedures VOMS workshop

The CMS Top 5 Issues/Concerns wrt. WLCG services WLCG-MB April 3, 2007 Matthias Kasemann CERN/DESY.

Last update 29/01/ :01 LCG 1Maria Dimou- cern-it-gd Maria Dimou IT/GD CERN VOMS server deployment LCG Grid Deployment Board

DIRAC Pilot Jobs A. Casajus, R. Graciani, A. Tsaregorodtsev for the LHCb DIRAC team Pilot Framework and the DIRAC WMS DIRAC Workload Management System.

LCG WLCG Accounting: Update, Issues, and Plans John Gordon RAL Management Board, 19 December 2006.

Author - Title- Date - n° 1 Partner Logo WP5 Status John Gordon Budapest September 2002.

INFSO-RI Enabling Grids for E-sciencE Policy management and fair share in gLite Andrea Guarise HPDC 2006 Paris June 19th, 2006.

1Maria Dimou- cern-it-gd LCG November 2007 GDB October 2007 VOM(R)S Workshop report Grid Deployment Board.

LCG User Level Accounting John Gordon CCLRC-RAL LCG Grid Deployment Board October 2006.

INFSO-RI Enabling Grids for E-sciencE VOMS & MyProxy interaction Emidio Giorgio INFN NA4 Generic Applications Meeting 10 January.

Ákos FROHNER – DataGrid Security n° 1 Security Group TODO

INFSO-RI Enabling Grids for E-sciencE DGAS, current status & plans Andrea Guarise EGEE JRA1 All Hands Meeting Plzen July 11th, 2006.

Stephen Burke – Sysman meeting - 22/4/2002 Partner Logo The Testbed – A User View Stephen Burke, PPARC/RAL.

EGEE is a project funded by the European Union under contract IST New VO Integration Fabio Hernandez ROC Managers Workshop,

1Maria Dimou- cern-it-gd LCG End of the Task Force for VO User Registration of LHC Experiment Users Grid Deployment.

LCG Accounting Update John Gordon, CCLRC-RAL 10/1/2007.

Job Priorities and Resource sharing in CMS A. Sciabà ECGI meeting on job priorities 15 May 2006.

Pledged and delivered resources to ALICE Grid computing in Germany Kilian Schwarz GSI Darmstadt ALICE Offline Week.

ALICE WLCG operations report Maarten Litmaath CERN IT-SDC ALICE T1-T2 Workshop Torino Feb 23, 2015 v1.2.

WLCG Operations Coordination Andrea Sciabà IT/SDC GDB 11 th September 2013.

13 January 2004GDB Geneva, Milos Lokajicek Institute of Physics AS CR, Prague LCG regional centre in Prague

1-2 March 2006 P. Capiluppi INFN Tier1 for the LHC Experiments: ALICE, ATLAS, CMS, LHCb.

Availability of ALICE Grid resources in Germany Kilian Schwarz GSI Darmstadt ALICE Offline Week.

Traceability & Isolation WG Vincent BRILLAULT, CERN/EGI-CSIRT GDB June 2016, CERN.

ATLAS – statements of interest (1) A degree of hierarchy between the different computing facilities, with distinct roles at each level –Event filter Online.

Virtual Organisations and the NGS Mike Jones Research Computing Services e-Science & “The Grid” for Bio/Health Informaticians, IT January 2008.

Jean-Philippe Baud, IT-GD, CERN November 2007

WLCG Tier-2 Asia Workshop TIFR, Mumbai 1-3 December 2006

Ian Bird WLCG Workshop San Francisco, 8th October 2016

Xiaomei Zhang CMS IHEP Group Meeting December

LCG Service Challenge: Planning and Milestones

David Kelsey CCLRC/RAL, UK

Classic Storage Element

Flavia Donno CERN GSSD Storage Workshop 3 July 2007

John Gordon, STFC-RAL GDB 10 October 2007

EGEE VO Management.

AAA from HEP* Perspective

Savannah to Jira Migration

WLCG Accounting Task Force Update Julia Andreeva CERN WLCG Workshop 08

Artem Trunov and EKP team EPK – Uni Karlsruhe

Artem Trunov, Günter Quast EKP – Uni Karlsruhe

Simulation use cases for T2 in ALICE

ALICE – FAIR Offline Meeting KVI (Groningen), 3-4 May 2010

WLCG Collaboration Workshop;

Update on EDG Security (VOMS)

DRM Deployment Readiness Plan

From Prototype to Production Grid

INFNGRID Workshop – Bari, Italy, October 2004

The LHC Computing Grid Visit of Professor Andreas Demetriou

The LHCb Computing Data Challenge DC06

Presentation transcript:

LCG A few slides for the discussion on VOMS Kors Bos, NIKHEF, Amsterdam GDB Oct.4, 2006

LCG 2 VOMS Reminder Reminder to re-register using VOMS/VOMSRS sent to all registered VO users that have not re-registered “As of October 16th 2006 (stoppage of voms.cern.ch), you will no longer be able to use voms-proxy-init to obtain credentials from voms.cern.ch. After this date only lcg-voms.cern.ch will provide this function.” “As of December 11th 2006 (stoppage of lcg- registrar.cern.ch), you will no longer be able to use a grid-proxy, unless you have re-registered at lcg- voms.cern.ch.” Can we switch off the LDAP service on Dec.31? Is there still any LDAP dependance in our software?

LCG 3 VOMS Groups and Roles the way I had understood it.. GroupsRoles MonteCarloVO-Admin ReProcessinglcgadmin Analysisproduction USGrouproot SoftwAdmin VO For Accounting Storage quota For Special privileges Job Priorities Production management By default

LCG 4 VOMS Groups and Roles GroupsRoles Lcg1 ?VO-Admin productionlcgadmin Software ?production usatlasroot software GroupsRoles uscmsVO-Admin Susylcgadmin analysisproduction root HeavyIonscmssoft Higgscmsfrontier StandardModelcmsphedex dcmscmsprod cmst1admin cmst2admin Cmsuser ATLAS CMS Some sites may not be able to implement them all

LCG 5 The n x m explosion (group, role)  Unix uid 8 groups x 11 roles  88 Unix uid combinations 500(?) CMS users  44,000 pool accounts Many sites may not be able to implement that May not be a problem if –Use LDAP Unix User Directories –Collapse several groups and roles into one Unix group –Not all combinations are needed What happens if you run out of pool accounts ? How many pool accounts do sites set up ?

LCG 6 ATLAS Roles: –Grid software administrators (who install software and manage the resources) –Production managers for official productions –Normal users Groups: –Physics groups –Combined performance groups –Detectors & trigger –Computing & central productions

LCG 7 ATLAS Group list –phys-beauty phys-top phys-sm –phys-higgs phys-susy phys-exotics –phys-hi phys-gener phys-lumin –perf-egamma perf-jets perf-flavtag –perf-muons perf-tau trig-pesa –det-indet det-larg det-tile –det-muon soft-test soft-valid –soft-prod soft-admingen-user It is foreseen that initially only group production managers would belong to most of those groups –All Collaboration members would be, at least initially, in “gen-user” –Software installers would be in soft-admin The matrix would therefore be diagonal –Only ~25 group/role combinations would be populated

LCG 8 CMS Simulation and Reconstruction –CMS expects to implement prioritization of simulation activity at the level of the submitter, so one simulation group and one reconstruction group is probably sufficient Analysis Groups –Of order 10 Physics Groups 2 to 3 roles for each of the groups Not all Groups need to be supported at all sites CMS will need to summarize computing usage by individuals by institution or funding source, for accounting purposes –The accounting system will need have the ability to identify the institution or region of the user –VOMS groups are a possibility to implement the functionality by making an extended proxy with the identifying information

LCG 9 VOMS Groups and Roles GroupsRoles lcg1VO-Admin lcgadmin production root GroupsRoles pilotphysicsVO-Admin lcgprodlcgadmin Administrators?production sgmroot user LHCb ALICE ?

LCG 10 ALICE & VOMS © Disney All Rights Reserved ALICE is interested and ready to test VOMS features as soon as they will be deployed USE –WE CAN USE VOMS TO: –PERFORM PRIORITY MANAGEMENTS AMONG DIFFERENT GROUPS/ROLES –PERFORM DISK SPACE pre-ALLOCATION –TAKE ACCOUNTING INFORMATION FOR MONITORING TASKS REQUIREMENTS –10 GROUPS –3 ROLES (admin, prod manager, user) ISSUES –MAPPING OF GROUP PRIVILEGES ON LOCAL JOB MANAGEMENT SYSTEMS

LCG 11 LHCb I only had their slides in pdf format so I could not copy But it sounds much the same as the other expts.

LCG 12 VOMS Issues to be discussed Can we now switch off LDAP servers ? –Nowhere else used in the software? …Ian ? When do the expts implement their groups/roles ? When/how used for Job priorities ?... Jeff ? GPBox, How does it work ? Do we need it ? When ? –What is the plan ? …Ian ? VOMS in Storage ? How done at sites ? –See agenda VOMS and job accounting ? By what ? Groups ? How ? With pilot jobs, no user-level accounting ? VOMS and storage accounting ? By what ? Groups ? How ? –DCAS and/or APEL? …. John?