Initiating Teragrid Sessions Raghu Reddy. Outline Motivation Initial Setup –Certificates –Proxies –Grid-map file entries and DNs Softenv for customizing.

Slides:

Advertisements

Similar presentations

Cross-site data transfer on TeraGrid using GridFTP TeraGrid06 Institute User Introduction to TeraGrid June 12 th by Krishna Muriki

Advertisements

John Kewley CCLRC Daresbury Laboratory NW-GRID Training Event 25 th January 2007 Accessing the NW-GRID (from Linux) John Kewley Grid Technology Group E-Science.

John Kewley CCLRC Daresbury Laboratory NW-GRID Training Event 26 th January 2007 GROWL Scripts and Web Services John Kewley Grid Technology Group E-Science.

MyProxy: A Multi-Purpose Grid Authentication Service

Security Q&A OSG Site Administrators workshop Indianapolis August Doug Olson LBNL.

1 Getting Started with TeraGrid Authentication Jeffrey P. Gardner Pittsburgh Supercomputing Center

Presentation Two: Grid Security Part Two: Grid Security A: Grid Security Infrastructure (GSI) B: PKI and X.509 certificates C: Proxy certificates D:

Andrew McNab - EDG Access Control - 14 Jan 2003 EU DataGrid security with GSI and Globus Andrew McNab University of Manchester

Grid Security. Typical Grid Scenario Users Resources.

Two-factor Authentication Tutorial For NCSA Private Sector Program

Holding slide prior to starting show. Supporting Collaborative Working of Construction Industry Consortia via the Grid - P. Burnap, L. Joita, J.S. Pahwa,

National Center for Supercomputing Applications Integrating MyProxy with Site Authentication Jim Basney Senior Research Scientist National Center for Supercomputing.

National Center for Supercomputing Applications MyProxy and GSISSH Update Von Welch National Center for Supercomputing Applications University of Illinois.

Open Science Grid Use of PKI: Wishing it was easy A brief and incomplete introduction. Doug Olson, LBNL PKI Workshop, NIST 5 April 2006.

Mechanisms to Secure x.509 Grid Certificates Andrew Hanushevsky Robert Cowles Stanford Linear Accelerator Center.

Use of Kerberos-Issued Certificates at Fermilab Kerberos  PKI Translation Matt Crawford & Dane Skow Fermilab.

Copyright B. Wilkinson, This material is the property of Professor Barry Wilkinson (UNC-Charlotte) and is for the sole and exclusive use of the students.

Security Mechanisms The European DataGrid Project Team

ASP.NET 2.0 Chapter 6 Securing the ASP.NET Application.

1c.1 Assignment 2 Preliminaries Review (Full details in assignment write-up.)‏ © 2011 B. Wilkinson/Clayton Ferner. Fall 2011 Grid computing course. Modification.

Simo Niskala Teemu Pasanen

ORNL is managed by UT-Battelle for the US Department of Energy Globus: Proxy Lifetime Endpoint Lifetime Oak Ridge Leadership Computing Facility.

TeraGrid ’06 National Center for Supercomputing Applications Managing Credentials on the TeraGrid with MyProxy Jim Basney.

1 Grids and PKI Bridges (Globus Toolkit) EDUCAUSE/Dartmouth PKI Summit July 26, 2005 Shelley Henderson - USC Jim Jokl - Virginia.

Jens G Jensen CCLRC e-Science Single Sign-on to the Grid Federated Access and Integrated Identity Management.

BaBar WEB job submission with Globus authentication and AFS access T. Adye, R. Barlow, A. Forti, A. McNab, S. Salih, D. H. Smith on behalf of the BaBar.

Scaling Account Creation and Management through the TeraGrid User Portal Contact: Eric Roberts

GRID Centralized management of the Globus grid-mapfile Carlo Rocca INFN, Catania.

December 8 & 9, 2005, Austin, TX SURA Cyberinfrastructure Workshop Series: Grid Technology: The Rough Guide Grid Technology: The Rough Guide Grid Building.

GridFE: Web-accessible Grid System Front End Jared Yanovich, PSC Robert Budden, PSC.

David Spence GOSC Graphical Access to the NGS for All Java GSI-SSHTerm.

Nadia LAJILI User Interface User Interface 4 Février 2002.

National Computational Science National Center for Supercomputing Applications National Computational Science NCSA-IPG Collaboration Projects Overview.

© 2008 Pittsburgh Supercomputing Center So you have a TeraGrid Allocation What now?

Evolution of the Open Science Grid Authentication Model Kevin Hill Fermilab OSG Security Team.

FP6−2004−Infrastructures−6-SSA E-infrastructure shared between Europe and Latin America MyProxy server installation Emidio Giorgio.

August 13, 2003Eric Hjort Getting Started with Grid Computing in STAR Eric Hjort, LBNL STAR Collaboration Meeting August 13, 2003.

1 TeraGrid Data Transfer Jeffrey P. Gardner Pittsburgh Supercomputing Center

Communicating Security Assertions over the GridFTP Control Channel Rajkumar Kettimuthu 1,2, Liu Wantao 3,4, Frank Siebenlist 1,2 and Ian Foster 1,2,3 1.

CHAPTER Creating and Managing Users and Groups. Chapter Objectives Explain the use of Local Users and Groups Tool in the Systems Tools Option to create.

Grid Security in a production environment: 4 years of running Andrew McNab University of Manchester.

Jens G Jensen CCLRC e-Science Single Sign-on to the Grid Authentication and Integrated Identity Management HEPiX, CASPUR, Rome 3-7 April 2006.

Oxford University e-Science Centre 1 Managing Access 4 Dec Managing Access to Resources on the Grid 4 December 2002.

SAN DIEGO SUPERCOMPUTER CENTER Inca TeraGrid Status Kate Ericson November 2, 2006.

Getting started DIRAC Project. Outline  DIRAC information system  Documentation sources  DIRAC users and groups  Registration with DIRAC  Getting.

Table of Contents TopicSlide Administrator Login 2 Administrator Navigations 3 Managing AlternativeDr.com Blogs 4 Managing Dr. Lloyd May Blogs 5 Managing.

Creating and running an application.

SAN DIEGO SUPERCOMPUTER CENTER Inca Control Infrastructure Shava Smallen Inca Workshop September 4, 2008.

Portal Update Plan Ashok Adiga (512)

December 17, 2015 A Secure VO Software for ATLAS Grid User Management Dantong Yu Brookhaven National Lab.

Configuring and Troubleshooting Identity and Access Solutions with Windows Server® 2008 Active Directory®

GSI: Security On Teragrid A Introduction To Security In Cyberinfrastructure By Dru Sepulveda.

VO Box Issues Summary of concerns expressed following publication of Jeff’s slides Ian Bird GDB, Bologna, 12 Oct 2005 (not necessarily the opinion of)

GRID Centralized Management of the Globus grid-mapfile Carlo Rocca, INFN Catania.

1 AHM, 2–4 Sept 2003 e-Science Centre GRID Authorization Framework for CCLRC Data Portal Ananta Manandhar.

Andrew McNab - Dynamic Accounts - 2 July 2002 Dynamic Accounts in TB1.3 What we could do with what we’ve got now... Andrew McNab, University of Manchester.

Open Science Grid Build a Grid Session Siddhartha E.S University of Florida.

Client installation DIRAC Project. DIRAC Client Software  Many operations can be performed through the Web interface  Even more to come  However, certain.

MGRID Architecture Andy Adamson Center for Information Technology Integration University of Michigan, USA.

Gateway Security Summit, January 28-30, 2008 Welcome to the Gateway Security Summit Nancy Wilkins-Diehr Science Gateways Area Director.

The GRIDS Center, part of the NSF Middleware Initiative Grid Security Overview presented by Von Welch National Center for Supercomputing.

Client installation Beijing, 13-15/11/2013. DIRAC Client Software Beijing, /11/2013 DIRAC Tutorial2  Many operations can be performed through the.

A Survey of Certificate Management Processes and Procedures in OSG Gabriel Ghinita and Mine Altunay

Gateways security Aashish Sharma Security Engineer National Center for Supercomputing Applications (NCSA) University of Illinois at Urbana-Champaign.

Bringing Federated Identity to Grid Computing Dave Dykstra CISRC16 April 6, 2016.

Getting Started with TeraGrid Authentication

Creating and running applications on the NGS

CSCI The UNIX System Shell Startup and Variables

Macs without binding to Active Directory

Presentation transcript:

Initiating Teragrid Sessions Raghu Reddy

Outline Motivation Initial Setup –Certificates –Proxies –Grid-map file entries and DNs Softenv for customizing your environment

Motivation Now that you have an account on the Teragrid … –TeraGrid can be more than the sum of its parts –More than single sign-on – A common/consistent environment –A common environment to the extent possible TG_CLUSTER_SCRATCH TG_COMMUNITY TG_EXAMPLES … –Setting up the initial environment can be a little confusing!

Initial Setup for Authentication Certificates/Proxies/DNs … (Terms you need to know) –Certificate Your long term identity A couple of files in “.globus/*.pem” files Use of Certificates/Proxies allow you to login without worrying about passwords on all the different platforms on the TG –Proxy Your short term identity This is what is used to do authentication without passwords with globus tools such as gsissh, tgcp, globus-url-copy, etc. –DN (Distinguished Name) Certificates and Proxies have your “DN” encoded in them –Grid-mapfile Various TG hosts have your “DN” in their grid-mapfile if you are authorized to use that particular resource

How do you get a Proxy? Using a long term certificate The easiest way is to start is to get a Certificate on one of the NCSA Teragrid Resources (done just once) –Login to an NCSA system –Use “grid-cert-request” command (use –help for help) The DN from NCSA cert is already included in the grid-mapfiles of appropriate platforms Once you have certificate, you use “grid-proxy-init” to get a proxy Using a KCA proxy If you have an account at any of the sites that have KCA, then you can get a proxy without getting a long term certificate The sequence of commands are: –Kinit kx509; kxlist With this approach, you will have to add your DN to the gridmap file of various resources. The User Portal will simply this process in the future

Accepted Certificates Authorities Currently the Teragrid Accepts the following CAs –Italian Grid –Japan AIST –Dutch Grid –UK E-Science –NCSA –PSC (No long term User Certs) –SDSC –TACC –USC (No long term User Certs) –Purdue –DoE

Myproxy Repository How do you get a Proxy at resource where you don’t have a certificate? –If you don’t want to manage your certificates at multiple resources, you can use the myproxy server to store your proxy, and retrieve from another site. –Detailed talk on this subject on Wed 11:00 AM –Alternatively you can use KCA as mentioned before

For more information If you are just getting started, a good place to start for authentication issues is:

Softenv What is Softenv – The “.soft” file –A way to manage working env on different platforms –Makes it easy for users to change env (PATH etc.) –Makes it easy for admins to add new software –Most of the time you don’t need to worry about it –You manage this by editing the “.soft” file in your home directory Equivalent to the “.cshrc” or the “.bashrc” files you already know about!

Example Suppose you want to use Totalview-2.3 instead of the default Totalview –Add “+totalview-2.3” to the top of the “.soft” file –Next time you login, this will be the default totalview you get –If want it to take effect this session, then you run the command “resoft” –Even if the admins change the default, this is the one you will be getting when you run totalview

What does the “.soft” file contain? The “.soft” file can consist of the following –Comments: Begin with #, similar to most shells # This is a comment in a.soft file –Packages: Allow you to add specific software +hdf4 –Macros: To set a bunch of –Env variables PATH += ${HOME}/bin What Macros/Keywords are available? Use the “softenv” command to get a listing

What Else? Like any scripting language, there is more! –Pre defined env variables –Conditional statements –Softenv commands such as resoft soft add Etc. –For additional information The man page “man softenv-intro”

Questions?