29 June 2006 GridSite - www.gridsite.org - Andrew McNabwww.gridsite.org GridSite Storage Andrew McNab University of Manchester.

Slides:



Advertisements
Similar presentations
30-31 Jan 2003J G Jensen, RAL/WP5 Storage Elephant Grid Access to Mass Storage.
Advertisements

Security middleware Andrew McNab University of Manchester.
DataGrid is a project funded by the European Union CHEP 2003 – March 2003 – Grid-based access control – n° 1 Grid-based access control for Unix environments,
The Quantum Chromodynamics Grid James Perry, Andrew Jackson, Matthew Egbert, Stephen Booth, Lorna Smith EPCC, The University Of Edinburgh.
Andrew McNab - Manchester HEP - 17 September 2002 Putting Existing Farms on the Testbed Manchester DZero/Atlas and BaBar farms are available via the Testbed.
29 June 2006 GridSite Andrew McNabwww.gridsite.org VOMS and VOs Andrew McNab University of Manchester.
The GridSite Toolbar Shiv Kaushal The University of Manchester All Hands Meeting 2006.
Steve Traylen Particle Physics Department Experiences of DCache at RAL UK HEP Sysman, 11/11/04 Steve Traylen
Data Management Expert Panel - WP2. WP2 Overview.
Data Management Expert Panel. RLS Globus-EDG Replica Location Service u Joint Design in the form of the Giggle architecture u Reference Implementation.
Andrew McNab - Manchester HEP - 2 May 2002 Testbed and Authorisation EU DataGrid Testbed 1 Job Lifecycle Software releases Authorisation at your site Grid/Web.
Andrew McNab - Manchester HEP - 31 January 2002 Testbed Release in the UK Integration Team UK deployment TB1 Job Lifecycle VO: Authorisation VO: GIIS and.
Middleware technology and software quality issues Andrew McNab Grid Security Research Fellow University of Manchester.
Andrew McNab - EDG Access Control - 14 Jan 2003 EU DataGrid security with GSI and Globus Andrew McNab University of Manchester
The GridSite Security Framework Andrew McNab University of Manchester.
The EPIKH Project (Exchange Programme to advance e-Infrastructure Know-How) gLite Grid Services Abderrahman El Kharrim
CP476 Internet Computing Browser and Web Server 1 Web Browsers A client software program that allows you to access and view Web pages on the Internet –Examples.
Data Grid Web Services Chip Watson Jie Chen, Ying Chen, Bryan Hess, Walt Akers.
NETWORK FILE SYSTEM (NFS) By Ameeta.Jakate. NFS NFS was introduced in 1985 as a means of providing transparent access to remote file systems. NFS Architecture.
Andrew McNab - Manchester HEP - 5 March 2002 SlashGrid (“/grid”) Motivation: dynamic-accounts issues Local storage: implementation alternatives Generalisation:
10 May 2007 HTTP - - User data via HTTP(S) Andrew McNab University of Manchester.
Andrew McNab - GACL - 16 Dec 2003 Grid Access Control Language Andrew McNab, University of Manchester
3 May 2006 GridSite Andrew McNabwww.gridsite.org Web Services for Grids in Scripts and C using GridSite Andrew McNab University of.
Security Middleware and VOMS service status Andrew McNab Grid Security Research Fellow University of Manchester.
Andrew McNab - GridPP Security - 24 Feb 2003 GridPP Security Middleware Andrew McNab, University of Manchester
Don Quijote Data Management for the ATLAS Automatic Production System Miguel Branco – CERN ATC
Andrew McNab - SlashGrid, HTTPS, fileGridSite SlashGrid, HTTPS and fileGridSite 30 October 2002 Andrew McNab, University of Manchester
Grid Security work in 2006 Andrew McNab Grid Security Research Fellow University of Manchester.
The GridSite Security System Andrew McNab and Shiv Kaushal University of Manchester.
Andrew McNab - Access Control - 28 May 2002 Access Control and User Management (ie Local Authorisation and Accounts) Andrew McNab, University of Manchester.
ILDG Middleware Status Chip Watson ILDG-6 Workshop May 12, 2005.
D C a c h e Michael Ernst Patrick Fuhrmann Tigran Mkrtchyan d C a c h e M. Ernst, P. Fuhrmann, T. Mkrtchyan Chep 2003 Chep2003 UCSD, California.
Introduction to dCache Zhenping (Jane) Liu ATLAS Computing Facility, Physics Department Brookhaven National Lab 09/12 – 09/13, 2005 USATLAS Tier-1 & Tier-2.
EU DataGrid (EDG) & GridPP Authorization and Access Control User VOMS C CA 2. certificate dn, ca, key 1. request 3. certificate 4. VOMS cred: VO, groups,
EGEE is a project funded by the European Union under contract IST Gap analysis draft v2 Olle Mulmo, David Groep, Joni Hahkala JRA3 Gap, 10.
Security Middleware in GridPP2 5 Feb 2004 Security Middleware in GridPP2 Current Status – GridSite GridPP2 Themes – libgridsite.
Grid Security in a production environment: 4 years of running Andrew McNab University of Manchester.
Andrew McNab - Security - 1 July 2003 Security: Authorization, Access Control and Usage Control Andrew McNab, University of Manchester
Andrew McNab - Grid HTTP/HTTPS extensions Grid HTTP/HTTPS extensions 18 November 2002 Andrew McNab, University of Manchester
Light weight Disk Pool Manager experience and future plans Jean-Philippe Baud, IT-GD, CERN September 2005.
GridSite Web Servers for bulk file transfers & storage Andrew McNab Grid Security Research Fellow University of Manchester, UK.
Andrew McNab - Manchester HEP - 11 May 2001 Packaging / installation Ready to take globus from prerelease to release. Alex has prepared GSI openssh.
Andrew McNabSecurity Middleware, GridPP8, 23 Sept 2003Slide 1 Security Middleware Andrew McNab High Energy Physics University of Manchester.
OSG AuthZ components Dane Skow Gabriele Carcassi.
Derek Ross E-Science Department DCache Deployment at Tier1A UK HEP Sysman April 2005.
Glite. Architecture Applications have access both to Higher-level Grid Services and to Foundation Grid Middleware Higher-Level Grid Services are supposed.
Andrew McNabGrid in 2002, Manchester HEP, 7 Jan 2003Slide 1 Grid Work in 2002 Andrew McNab High Energy Physics University of Manchester.
David Adams ATLAS ATLAS distributed data management David Adams BNL February 22, 2005 Database working group ATLAS software workshop.
Security Middleware 3 June 2004 Security Middleware Current Status – GridSite deployments – Architecture GridPP2 – Web services.
1 AHM, 2–4 Sept 2003 e-Science Centre GRID Authorization Framework for CCLRC Data Portal Ananta Manandhar.
Andrew McNab - Security issues - 17 May 2002 WP6 Security Issues (some personal observations from a WP6 and sysadmin perspective) Andrew McNab, University.
Andrew McNab - Security issues - 4 Mar 2002 Security issues for TB1+ (some personal observations from a WP6 and sysadmin perspective) Andrew McNab, University.
Data Transfer Service Challenge Infrastructure Ian Bird GDB 12 th January 2005.
INFSO-RI Enabling Grids for E-sciencE EGEE is a project funded by the European Union under contract IST Job sandboxes.
Security Middleware Andrew McNab University of Manchester.
Andrew McNab - Dynamic Accounts - 2 July 2002 Dynamic Accounts in TB1.3 What we could do with what we’ve got now... Andrew McNab, University of Manchester.
EGI-InSPIRE RI EGI-InSPIRE EGI-InSPIRE RI Mario Reale – GARR NetJobs: Network Monitoring Using Grid Jobs.
Storage Element Security Jens G Jensen, WP5 Barcelona, May 2003.
New Features of Xrootd SE Wei Yang US ATLAS Tier 2/Tier 3 meeting, University of Texas, Arlington,
Security recommendations DPM Jean-Philippe Baud CERN/IT.
Andrew McNabSlashGrid/GFS BOF, GGF9, 7 Oct 2003Slide 1 SlashGrid = “/grid” Andrew McNab High Energy Physics University of Manchester
Grid Technology CERN IT Department CH-1211 Geneva 23 Switzerland t DBCF GT Standard Protocols in DPM Ricardo Rocha.
Jean-Philippe Baud, IT-GD, CERN November 2007
Third Party Transfers & Attribute URI ideas
StoRM Architecture and Daemons
Model (CMS) T2 setup for end users
Artem Trunov and EKP team EPK – Uni Karlsruhe
A Web-Based Data Grid Chip Watson, Ian Bird, Jie Chen,
INFNGRID Workshop – Bari, Italy, October 2004
Presentation transcript:

29 June 2006 GridSite Andrew McNabwww.gridsite.org GridSite Storage Andrew McNab University of Manchester

29 June 2006 GridSite Andrew McNabwww.gridsite.org Outline GridSite's evolution File servers htcp command Storage farms File location POSIX access SRM etc

29 June 2006 GridSite Andrew McNabwww.gridsite.org GridSite evolution Started as web content management – library-ised, for reuse of GridSite components – EDG/LCG Logging & Bookkeeping; LCAS GridSite CGI becomes GridSite Apache module – 3 rd party CGI/PHP on top of this: GOC etc – Web Services like gLite WM Proxy on CE's Storage is current expansion area for GridSite

29 June 2006 GridSite Andrew McNabwww.gridsite.org GridSite philosophy Aim to reuse as much as possible from mainstream Web and Web Services worlds – Applies both to software and standards – Reduces work needed and ongoing support overhead – We use Apache, OpenSSL, curl, gSOAP, libxml,... Aim for ease of configuration and operation – Try to keep everything in httpd.conf file – Autoconfigure hostname etc as much as possible

29 June 2006 GridSite Andrew McNabwww.gridsite.org File servers Apache web servers are already simple file servers GridSite adds directory or file level access control, in terms of certificate DN, lists of DNs or VOMS attributes Also allows PUT, MOVE and DELETE http(s) methods for writing to disk – All specified by the RFCs, but usually not implemented Along with third-party COPY method, this gives Apache + mod_gridsite very similar functionality to GridFTP – but with the fine grained, VOMS-aware access control

29 June 2006 GridSite Andrew McNabwww.gridsite.org htcp command htcp is similar to scp (or globus-url-copy) Allow copy of files to or from remote server, using grid proxy, VOMS etc credentials: – htcp /tmp/myfile.txt Variants htls, htll, htrm, htmv also allow users to examine remote directories, delete files or rename them. – htls Support GridSite's GridHTTP mode for authentication via HTTPS but bulk file copy via HTTP.

29 June 2006 GridSite Andrew McNabwww.gridsite.org Storage farms As we've gone up in storage, have gone up in number of nodes with storage disk – BaBar UK c.2000 with a Sun raid array and farm of Linux CPU nodes at each site – Sites like Manchester, all storage now on CPU nodes Traditional cluster mechanisms like NFS+automount don't scale up to 1000 nodes So dCache, DPM, xrootd etc have emerged to give access to these disks from other CPU nodes

29 June 2006 GridSite Andrew McNabwww.gridsite.org GridSite storage Our idea is to use GridSite/Apache file servers on the CPU/Disk nodes Aim to be as democratic as possible, since it removes single points of failure/overload Query the state of the files on the disk rather than duplicate this information in a database – This will require use of lock-files on disk for some meta data (compare pool accounts) Provide access via HTTP(S), GridFTP, htcp, POSIX files

29 June 2006 GridSite Andrew McNabwww.gridsite.org File location How to find files on a node without a database? – By querying the nodes directly. We do this with multicast – RFC2756 describes HyperText Cache Protocol which we use to format Do you have? queries and responses – Added a multicast UDP responder to GridSite/Apache module, configured via 2 SiteCast lines in httpd.conf File server just looks for file and replies if it has it – HTCP round trip time between client and server is usually between 200 and 900 microseconds

29 June 2006 GridSite Andrew McNabwww.gridsite.org POSIX file access htcp command supports SiteCast file location – htcp --domain sitecast.hep.man.ac.uk --groups :777 https ://sitecast.hep.man.ac.uk:488/file.txt /tmp/file.txt But would like to be able to access files on other nodes – without applications having to know about this – or without having to copy files temporarily to this CPU node Need POSIX-like access, as we had with NFS etc So we've revived the SlashGrid part of GridSite – This hasn't been actively developed since 2003

29 June 2006 GridSite Andrew McNabwww.gridsite.org SlashGrid Use FUSE kernel module (mainstream in Linux ) – Connects slashgrid daemon to the /grid part of the filesystem – Daemon acts on open(), read(), write(), unlink() etc. We use the code from htcp commands to generate HTTP(S) GET, HEAD, PUT, MOVE, DELETE requests – either absolute URLs or SiteCast location URLs – Uses GSI proxies (including VOMS) if present emacs /grid/https/n0.hep.man.ac.uk:488/mcnab/notes.txt TFile::Open(/grid/https/sitecast.hep.man.ac.uk/d1/file 34.root)

29 June 2006 GridSite Andrew McNabwww.gridsite.org GridFTP access Clients currently assume GridFTP access – So we want to give access to Apache files in /var/www/html – But without breaking.gacl access control We've added a /grid/local/ filesystem – maps requests to local /var/www/html/ directory – enforces any.gacl access restrictions – identifies user from pool accounts, applies DN Lists (including from VOMS) Run standard GridFTP server on this filesystem, in chroot mode SiteCast works with gsiftp:// URLs and /grid/local/ directories

29 June 2006 GridSite Andrew McNabwww.gridsite.org So what we have... Transparent access to files on any other CPU/Disk node on the local farm No need to maintain a database of file location – No resyncing, backing up database, building DB farm etc Files on dead nodes automatically disappear – Unless there is another replica, which is used automatically Read/write access via HTTP(S) (htcp, wget, Firefox), GridFTP (globus-url-copy, lcg-cp,...) and POSIX (/grid/...) All the fine-grained, VOMS-aware access control from GridSite is available, irrespective of the access protocol

29 June 2006 GridSite Andrew McNabwww.gridsite.org What's needed SRM of course! – We are designing an SRM using SiteCast as a backend instead of a database – Map SRM chmod functions to modification of GACL policies This gives us VOMS level access control of files Be able to use SiteCast to locate free space + reservation – Create space lockfiles to reserve space (ie sparse files) Global disk quotas across the site – Allocate disk on N nodes to a VO?

29 June 2006 GridSite Andrew McNabwww.gridsite.org What's needed (2) A set of scripts or services which – monitor SiteCast requests to identify busy files and make more replicas of them – remove unused/expired files – enforces changes to global quotas by shifting / expiring files This way of working means there is no state stored in a site management box – it can go down, be rebooted, reinstalled etc and the day to day business of running jobs carries on.

29 June 2006 GridSite Andrew McNabwww.gridsite.org Advantages SiteCast makes it easy to find replicas, ignoring dead nodes GridSite supports searching multiple multicast groups in order – Query this rack, then other racks, then other machine room. Could form virtual Tier-2's by sharing multicast groups: – SRM at each physical site is able to find files located in the others. CPU nodes can transparently access them via /grid SlashGrid retries on server error, including the SiteCast query – Will automatically switch to another replica even during read() – Admins can replicate files off nodes to be taken down without disturbing running jobs

29 June 2006 GridSite Andrew McNabwww.gridsite.org Architecture Client application htcp cmds /grid/ Queries by multicast Node1 /var/www/html/... /grid/local/ Apache/mod_gridsite UDP responder and HTTP(S) file access GridFTP HTTP(S) Node2Node3Node4 GridFTP in chroot

29 June 2006 GridSite Andrew McNabwww.gridsite.org Conclusion Have combined GridSite file servers and SlashGrid clients to provide transparent access to files on a storage farm. Access also by HTTP/HTTPS/GridHTTP and GridFTP This uses multicast HTCP queries (SiteCast) to find replicas of files Have avoided the need for a database, by ensuring file operations on servers are atomic and using actual file states Now looking at adding an SRM interface and space location + reservation via SiteCast

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.