Andrew McNab - Manchester HEP - 6 November 2001 www.gridpp.ac.uk Old version of website was maintained from Unix command line => needed (gsi)ssh access.

Slides:



Advertisements
Similar presentations
Andrew McNab - Manchester HEP - 15 February 2002 Testbed Release in the UK EDG Testbed 1 GridPP sources of information GridPP VO GIIS and Resource Broker.
Advertisements

Security middleware Andrew McNab University of Manchester.
Andrew McNab - Manchester HEP - 17 September 2002 Putting Existing Farms on the Testbed Manchester DZero/Atlas and BaBar farms are available via the Testbed.
Partner Logo UK GridPP Testbed Rollout John Gordon GridPP 3rd Collaboration Meeting Cambridge 15th February 2002.
29 June 2006 GridSite Andrew McNabwww.gridsite.org VOMS and VOs Andrew McNab University of Manchester.
Andrew McNab - Manchester HEP - 24 May 2001 WorkGroup H: Software Support Both middleware and application support Installation tools and expertise Communication.
Andrew McNab - Manchester HEP - 22 April 2002 EU DataGrid Testbed EU DataGrid Software releases Testbed 1 Job Lifecycle Authorisation at your site More.
Andrew McNab - Manchester HEP - 2 May 2002 Testbed and Authorisation EU DataGrid Testbed 1 Job Lifecycle Software releases Authorisation at your site Grid/Web.
Andrew McNab - Manchester HEP - 31 January 2002 Testbed Release in the UK Integration Team UK deployment TB1 Job Lifecycle VO: Authorisation VO: GIIS and.
Andrew McNab - Manchester HEP - 22 April 2002 EU DataGrid Testbed EU DataGrid Software releases Testbed 1 Job Lifecycle Authorisation at your site More.
Andrew McNab - Manchester HEP - 29/30 March 2001 gridmapdir patch Overview of the problem Constraints from local systems Outline of how it works How to.
Andrew McNab - EDG Access Control - 14 Jan 2003 EU DataGrid security with GSI and Globus Andrew McNab University of Manchester
20 March 2007 VOMS etc Andrew McNabwww.gridsite.org VOMS etc Andrew McNab University of Manchester.
27-29 September 2002CrossGrid Workshop LINZ1 USE CASES (Task 3.5 Test and Integration) Santiago González de la Hoz CrossGrid Workshop at Linz,
K.Harrison CERN, 23rd October 2002 HOW TO COMMISSION A NEW CENTRE FOR LHCb PRODUCTION - Overview of LHCb distributed production system - Configuration.
Joining the Grid Andrew McNab. 28 March 2006Andrew McNab – Joining the Grid Outline ● LCG – the grid you're joining ● Related projects ● Getting a certificate.
Andrew McNab - Manchester HEP - 22 April 2002 UK Rollout and Support Plan Aim of this talk is to the answer question “As a site admin, what are the steps.
Andrew McNab - GACL - 16 Dec 2003 Grid Access Control Language Andrew McNab, University of Manchester
3 May 2006 GridSite Andrew McNabwww.gridsite.org Web Services for Grids in Scripts and C using GridSite Andrew McNab University of.
Andrew McNab - EDG Access Control - 17 Jan 2003 EDG Site Access Control (ie Local Authorisation and Accounts) Andrew McNab, University of Manchester
Andrew McNab - Manchester HEP - 26 June 2001 WG-H / Support status Packaging / RPM’s UK + EU DG CA’s central grid-users file grid “ping”
Security Middleware and VOMS service status Andrew McNab Grid Security Research Fellow University of Manchester.
Andrew McNab - GridPP Security - 24 Feb 2003 GridPP Security Middleware Andrew McNab, University of Manchester
5 November 2001F Harris GridPP Edinburgh 1 WP8 status for validating Testbed1 and middleware F Harris(LHCb/Oxford)
Andrew McNab - Manchester HEP - 5 July 2001 WP6/Testbed Status Status by partner –CNRS, Czech R., INFN, NIKHEF, NorduGrid, LIP, Russia, UK Security Integration.
October, Scientific Linux INFN/Trieste B.Gobbo – Compass R.Gomezel - T.Macorini - L.Strizzolo INFN - Trieste.
3 Sept 2001F HARRIS CHEP, Beijing 1 Moving the LHCb Monte Carlo production system to the GRID D.Galli,U.Marconi,V.Vagnoni INFN Bologna N Brook Bristol.
Andrew McNab - GridSite/G-HTTPS - 17 Feb 2003 GridSite and G-HTTPS update Andrew McNab, University of Manchester
Crossgrid kick-off meeting, Cracow, March 2002 Santiago González de la Hoz, IFIC1 Task 3.5 Test and Integration (
EGEE is a project funded by the European Union under contract IST Testing processes Leanne Guy Testing activity manager JRA1 All hands meeting,
The GridSite Security System Andrew McNab and Shiv Kaushal University of Manchester.
Andrew McNab - Access Control - 28 May 2002 Access Control and User Management (ie Local Authorisation and Accounts) Andrew McNab, University of Manchester.
Grid Execution Management for Legacy Code Applications Grid Enabling Legacy Code Applications Tamas Kiss Centre for Parallel.
05/29/2002Flavia Donno, INFN-Pisa1 Packaging and distribution issues Flavia Donno, INFN-Pisa EDG/WP8 EDT/WP4 joint meeting, 29 May 2002.
Andrew McNab - GridSite/EDG/GGF - 29 Sept 2003 GridSite, EDG and GGF Andrew McNab, University of Manchester
First attempt for validating/testing Testbed 1 Globus and middleware services WP6 Meeting, December 2001 Flavia Donno, Marco Serra for IT and WPs.
Security monitoring boxes Andrew McNab University of Manchester.
Grid Security in a production environment: 4 years of running Andrew McNab University of Manchester.
A Web Server for Basic Grid Services D. Calvet DAPNIA/SEI, CEA Saclay Gif-sur-Yvette Cedex.
Andrew McNab - Manchester HEP - 11 May 2001 Packaging / installation Ready to take globus from prerelease to release. Alex has prepared GSI openssh.
Grid Execution Management for Legacy Code Applications Grid Enabling Legacy Applications.
Andrew McNabSecurity Middleware, GridPP8, 23 Sept 2003Slide 1 Security Middleware Andrew McNab High Energy Physics University of Manchester.
Portal Update Plan Ashok Adiga (512)
2-Sep-02Steve Traylen, RAL WP6 Test Bed Report1 RAL and UK WP6 Test Bed Report Steve Traylen, WP6
Andrew McNab - Manchester HEP - 17 September 2002 UK Testbed Deployment Aim of this talk is to the answer the questions: –“How much of the Testbed has.
Andrew McNabGrid in 2002, Manchester HEP, 7 Jan 2003Slide 1 Grid Work in 2002 Andrew McNab High Energy Physics University of Manchester.
INFSO-RI Enabling Grids for E-sciencE ARDA Experiment Dashboard Ricardo Rocha (ARDA – CERN) on behalf of the Dashboard Team.
Grid Security work in 2004 Andrew McNab Grid Security Research Fellow University of Manchester.
Security Middleware 3 June 2004 Security Middleware Current Status – GridSite deployments – Architecture GridPP2 – Web services.
Andrew McNab - Security issues - 17 May 2002 WP6 Security Issues (some personal observations from a WP6 and sysadmin perspective) Andrew McNab, University.
Andrew McNab - Security issues - 4 Mar 2002 Security issues for TB1+ (some personal observations from a WP6 and sysadmin perspective) Andrew McNab, University.
Andrew McNab - Globus Distribution for Testbed 1 Globus Distribution for Testbed 1 Andrew McNab, University of Manchester
Security Middleware Andrew McNab University of Manchester.
Andrew McNab - Dynamic Accounts - 2 July 2002 Dynamic Accounts in TB1.3 What we could do with what we’ve got now... Andrew McNab, University of Manchester.
15-Feb-02Steve Traylen, RAL WP6 Test Bed Report1 RAL/UK WP6 Test Bed Report Steve Traylen, WP6 PPGRID/RAL, UK
Andrew McNab - Manchester HEP - 10 May 2001 EDG / Globus Meeting, 5-7 April “Obtaining an up-to-date understanding of the state of the Globus Toolkit,
LHCb Grid MeetingLiverpool, UK GRID Activities Glenn Patrick Not particularly knowledgeable-just based on attending 3 meetings.  UK-HEP.
Tests at Saclay D. Calvet, A. Formica, Z. Georgette, I. Mandjavidze, P. Micout DAPNIA/SEDI, CEA Saclay Gif-sur-Yvette Cedex.
Plans for D7.7 The Security Report on the Final Project Release Linda Cornwall, RAL.
Stephen Burke – Sysman meeting - 22/4/2002 Partner Logo The Testbed – A User View Stephen Burke, PPARC/RAL.
Andrew McNab - Globus Distribution for Testbed 1 Status of the Globus Distribution for Testbed 1 Andrew McNab, University of Manchester
11-May-01D.P.Kelsey, Security Update1 GRID Security Update David Kelsey CLRC/RAL, UK
Dave Newbold, University of Bristol14/8/2001 Testbed 1 What is it? First deployment of DataGrid middleware tools The place where we find out if it all.
GridSite status Andrew McNab University of Manchester.
Dave Newbold, University of Bristol21/3/2001 (Short) WP6 Update Where are we? Testbed 0 going (ish); some UK sites being tried out for production (mostly.
June 2000 Globus UK Workshop R. Hughes-Jones Globus Current and Future Organizational / Management uHow do we keep informed of work in UK / HEP? èSimple.
J Jensen / WP5 /RAL UCL 4/5 March 2004 GridPP / DataGrid wrap-up Mass Storage Management J Jensen
UK Testbed Status Testbed 0 GridPP project Experiments’ tests started
Quality Control in the dCache team.
Presentation transcript:

Andrew McNab - Manchester HEP - 6 November Old version of website was maintained from Unix command line => needed (gsi)ssh access. Now replaced this with https based system. Since web browsers’ https and Globus GSI are both based on X509 certificates, can reuse the UK HEP CA user certificates in WWW context. Since have strong user authentification, can allow write access through a web browser.

Andrew McNab - Manchester HEP - 6 November 2001 Getting write access You need: –A normal UK HEP CA user key and certificate –Access to OpenSSL to convert your key and cert to pkcs12 format (GridPP Globus1.1.3 distribution and EDG Globus2.0 both provide RPM’s of OpenSSL.) –An HTTPS web browser (Netscape, Internet Explorer, …) –To mail me with your certificate name (/O=Grid/…) and the area of the website you need write access to. Directories on the website each have an access control list, specifying named groups of people (eg ca) with write access.

Andrew McNab - Manchester HEP - 6 November 2001 Updating pages Once you have your certificate working, pages you can edit will have Edit Page and List Directory links in their footer. Edit Page gives you a form in your web browser window to edit the HTML source of the page. List Directory allows you to create pages (initialised with some example HTML), create sub directories and upload files. Upload is especially flexible, since you can use it to upload HTML pages (even if created with Frontpage), binaries,.doc and.ppt files etc from your desktop machine using your web browser.

Andrew McNab - Manchester HEP - 6 November 2001 Currently being added... Automatic date stamping, and logging of who has edited a page (via a history page.) Viewing / roll back to older versions of a page. Group admins, able to add new users to their group through the website. Add optional per-directory read access control. (All of the above exist in outline form in the code.)

Andrew McNab - Manchester HEP - 6 November 2001 Other users Underlying GridSite program is now also used for the EDG WP6 site: Intend to release the program under GPL (it uses some third party open source code already.) More sites using it => more bugs found, more features added. Also something we could disseminate to other UK grid communities who are providing their users with certificates.

Andrew McNab - Manchester HEP - 6 November 2001 Testbed Tools and Release in the UK Integration Team Globus 2.0alpha. Middleware work packages. Testbed 1 vs Testbed 0. Authorisation issues. What about non-Testbed machines / experiments? Interface with Integration Team work.

Andrew McNab - Manchester HEP - 6 November 2001 Integration Team ~20 people drawn from EDG middleware WP’s and WP6. Intensive integration period at CERN during October. Testbed farm of ten machines at CERN Presentation at CERN on 29th October for sysadmins / local experts –see these talks for technical details: Extend Testbed 1 to partner sites (eg RAL) ~15th Nov. Integration Team members will continue supporting roll- out to all sites - will take to end of 2001?

Andrew McNab - Manchester HEP - 6 November 2001 Testbed 1 Distribution of Globus 2.0 The Testbed 1 Distribution of Globus 2.0alpha was contributed by GridPP. Globus’ own packaging effort makes it much easier to build a binary distribution of RPM’s. WP4 requirements mean RPM distribution has no post- install scripts. We hope the 2.0 installation process will be easier to support than since it’s so much simpler. But, some outstanding problems in underlying alpha release of Globus 2.0 are still being resolved.

Andrew McNab - Manchester HEP - 6 November 2001 Globus related components Globus RPM’s - very few modifications compared to standard Globus 2.0 of ftp.globus.org edgconfig RPM’s - provide static config files and “smart” daemon startup scripts –All configuration parameters in /etc/globus.conf Certificate Authority RPM’s –Modular CA directory now means one RPM per CA that you want to trust (Globus CA not included.)

Andrew McNab - Manchester HEP - 6 November 2001 Work packages’ software WP’s provide their software in RPM packages –again, no postinstall scripts, static config files. Many of the tools (eg WP1 job submission) potentially very useful to experiments outside EDG. WP software has been developed in a modular way –should allow installing subsets on non-Testbed machines

Andrew McNab - Manchester HEP - 6 November 2001 TB1 vs “TB0” Globus installation easier if anything –eg no globus user, no need to configure multiple config files. Need to get UK HEP CA host certs. –But users carry on using UK HEP CA user certs. Local batch system (eg PBS) still manages local farm. Now need to configure WP software too. Need to register with national MDS but also experiment MDS. Need procedure to add new users to grid-mapfile.

Andrew McNab - Manchester HEP - 6 November 2001 Authorisation a.k.a “how do I maintain the grid-mapfile list of certificate names and local user names?” WP6 provides a standard way of publishing lists of certificate names via an LDAP server, and selecting subsets based on group (eg experiment) affiliation. Still leaves the problem of creating new accounts every morning as people “join the Grid” –Either need a formal procedure to do this rigorously at your site –Or use the gridmapdir patch to Globus and dynamic accounts (this is included in the EDG Globus distribution.)

Andrew McNab - Manchester HEP - 6 November 2001 Non-Testbed1 machines / expts “Being part of Testbed 1” involves committing to using the right version of RedHat (6.2), the grid software and some extra packages. But, all of this work has been done in a modular way –some dependencies between modules, but interfaces are spelt out. Should be possible to install some or all of TB1 software on existing farms without matching participation requirements exactly. Would also be possible to use strictly compliant front end machines along with differently configured back end nodes.

Andrew McNab - Manchester HEP - 6 November 2001 Integration => Deployment Part of original idea of EDG Integration Team was that we would help rollout the software in our home country after the integration period. Some preliminary work for this already happening due to people’s involvement in the Integration (whether formally in the IT or not) –One UK site participated in the IT demo of the WP1 job submission last Monday. –MDS being prototyped between some UK sites. –On going tests of globus-globus job submission, gridftp etc between RPM build machine and CERN testbed machines. –Alpha versions of WP software tested at participants’ sites. RAL will participate in first wave of rollout to partner sites. But clearly need some kind of “UK Deployment Team” to help all UK sites get onboard - see John Gordon’s talk / discussion for this.

Andrew McNab - Manchester HEP - 6 November 2001 Summary Testbed 1 Globus Distribution exists –generally better / easier than Globus Middleware software exists –being readied for testing outside Integration Team Testbed 1 has formal requirements for participation –but some scope for using software in other contexts Need to sort out some kind of UK “deployment team”

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.