Presentation is loading. Please wait.

Presentation is loading. Please wait.

Madison, Apr 2010Igor Sfiligoi1 Condor World 2010 Condor-G – A few lessons learned by Igor UCSD.

Published byRosa Carpenter Modified over 7 years ago

Similar presentations

Presentation on theme: "Madison, Apr 2010Igor Sfiligoi1 Condor World 2010 Condor-G – A few lessons learned by Igor UCSD."— Presentation transcript:

1 Madison, Apr 2010Igor Sfiligoi1 Condor World 2010 Condor-G – A few lessons learned by Igor Sfiligoi @ UCSD

2 Madison, Apr 2010Igor Sfiligoi2 How do I use Condor-G ● GlideinWMS ● Part of the development team ● Operate the OSG glidein factory ● Condor-G is used for glidein submission ● OSG Scalability, Reliability and Usability area ● Testing CE scalability using Condor-G – Both production and in-development CE software

3 Madison, Apr 2010Igor Sfiligoi3 Condor-G is old, nothing to learn ● This is what one would expect ● This is why we use Condor-G in glideinWMS ● Solid reliable technology ● Use-and-forget ● etc. ● Turns out, it is not really like that

4 Madison, Apr 2010Igor Sfiligoi4 Condor-G is not old ● Just been around for a long time ● since v6.2 – year 2001 ● It is changing all the time ● New Grid universes added with time – v6.8 adds Condor, GT3 and GT4 – v7.0 adds nordugrid, unicore, pbs and lsf – v7.2 adds Amazon EC2 – v7.4 adds CREAM and GT5 ● Existing protocols being tuned

5 Madison, Apr 2010Igor Sfiligoi5 Some benchmarks first ● As part of the OSG Scalability effort ● Tested ● GT2 (still by far the most used Grid universe in OSG) ● GRAM5 ● CREAM ● Using a mix of v7.4.X and v7.5.X

6 Madison, Apr 2010Igor Sfiligoi6 What about the other universes? ● GT4, the WS-based Globus Gatekeeper has never got wide acceptance in OSG ● Plus Globus has deprecated it (not in Globus 5) ● I plan to test Nordugrid soon ● Just did not have time yet ● Amazon is interesting but it is quite different ● Unicore, pbs, lsf and Condor-C not interesting for OSG right now Do I need to mention GT3?

7 Madison, Apr 2010Igor Sfiligoi7 GT2 performance ● How fast can I submit GT2 jobs? ● It really depends what you want to measure (with 10 jobmanagers, single user) ● Job submission alone – 45 jobs/min ● Job submission while jobs terminating – 33 jobs/min ● Processing job termination – 15 jobs/min ● Processing job termination while jobs being submitted – 7.5 jobs/min

8 Madison, Apr 2010Igor Sfiligoi8 GT2 performance ● How fast can I submit GT2 jobs? ● It also depends how far away are you from the Grid gatekeeper ● Submitting across the world will cut rates in half

9 Madison, Apr 2010Igor Sfiligoi9 GT2 performance ● How fast can I submit GT2 jobs? ● It also depends how many jobs you have in the queue ● Try submitting 20k jobs at the same time and you may have to wait hours to get the first job started! ● Use dagman -maxidle 1000 if you have a lot of jobs

10 Madison, Apr 2010Igor Sfiligoi10 GRAM5 ● What is GRAM5? ● The new non-WS Gatekeeper coming with Globus 5 ● Major scalability improvement over GT2 ● Almost backwards compatible with GT2 ● Removed just streaming support ● Too bad Condor-G relies on this feature in GT2! ● Condor 7.4 adds explicit GT5 support

11 Madison, Apr 2010Igor Sfiligoi11 GRAM5 performance ● Is it really faster than GT2? ● Yes! ● Both submit and termination rates exceeded 100 jobs/min ● But a lot of variation in time ● Average still over 2x of GT2 ● Globus 5.0.0 still has bugs ● Not ready for production yet, but looks promising!

12 Madison, Apr 2010Igor Sfiligoi12 CREAM ● What is CREAM? ● A brand new Grid Gatekeeper coming from Italy ● Web-based, runs inside Tomcat ● State stored in a relational database ● Support of multi-home deployments planned ● Uses its own protocol ● Condor 7.4 adds the CREAM Grid universe

13 Madison, Apr 2010Igor Sfiligoi13 CREAM performance ● How it compares to GT2 and GT5? ● Much faster! ● Consistent rates in the 50 jobs/minute range ● About 5x faster than GT2, and 2x faster than GT5 ● But the reliability is dismal ● Out of 10k jobs, over 2k failed to run! ● We managed to overload the Condor-G client!

14 Madison, Apr 2010Igor Sfiligoi14 How did CREAM overload the client? ● CREAM moves files directly to and from the worker nodes ● No intermediate staging to the CE like in Globus ● Each worker node will independently contact the GridFTP server running on the Condor-G node ● No coordination between WNs Condor-G CREAM WN jo b in files out files Condor-G Globus WN jo b in files out files in files

15 Madison, Apr 2010Igor Sfiligoi15 GridFTP on the client? ● Wait! I have a GridFTP running on my client? ● That can access any file I own? ● Can read /etc/passwd? My tax return? ● Can overwrite ~/.bashrc? ~/.ssh/authorized_keys? ● My proxy is of course needed, but I delegated the proxy to the Grid node! ● I am not sure I want to use CREAM anymore ● But Globus uses an equivalent GASS Server

16 Madison, Apr 2010Igor Sfiligoi16 Condor-G basically insecure! ● It takes a lot of trust to use Condor-G ● At least for GT2, GT5 and CREAM ● If any Grid admin wants to compromise your client node, it can ● And there is no way to prevent that! ● The good news is that vanilla Condor is much more secure ● Condor team tells me remote admins can only access/modify files in the submit directory You have to log in, right?

17 Madison, Apr 2010Igor Sfiligoi17 What about portals? ● Portals can submit Grid jobs for multiple users ● Using user-provided proxies ● I know of portals that use a single system account to host all the user files ● No user run code on the portal node, so why not? ● Makes administration easier ● Use of Condor-G gives every user they serve access to all portal files

18 Madison, Apr 2010Igor Sfiligoi18 The glideinWMS factory ● The glideinWMS factory used that philosophy ● Had to find a solution! ● We now have one user account per user served ● For storing user files and submitting user jobs ● But no logins! ● Factory processes run as a dedicated user ● Need a way to switch to the user account when needed ● But do not want to run as root!

19 Madison, Apr 2010Igor Sfiligoi19 Condor privsep ● Since v7.0, Condor ships with a tool that allows account switching without becoming root ● Sort of a lightweight sudo ● But more limited in scope, thus – easier to configure – more secure, if you can live within the limits ● GlideinWMS v2.4 now uses Condor privsep to operate safely with Condor-G

20 Madison, Apr 2010Igor Sfiligoi20 Condor privsep ● Documentation was a problem ● The switchboard configuration is actually well documented ● But how to use it.... had to look through the code! ● It is relatively easy to use ● But not by hand ● Wrote a python module that made the use simple in glideinWMS

21 Madison, Apr 2010Igor Sfiligoi21 Summary ● Condor-G a wonderful tool to access the Grid ● Easy to use, flexible, etc. ● But its security model can be a real problem ● Not really Condor's fault ● But users only know about Condor, so security implications should be clearly stated ● Condor privsep can help ● Although this is currently not a supported use-case

22 Madison, Apr 2010Igor Sfiligoi22 Condor Week 2010 Additional resources

23 Madison, Apr 2010Igor Sfiligoi23 Links ● OSG Scalability area results ● http://hepuser.ucsd.edu/twiki2/bin/view/UCSDTier2 http://hepuser.ucsd.edu/twiki2/bin/view/UCSDTier2 ● OSG Scalability test tools ● http://sourceforge.net/projects/osgscal/ http://sourceforge.net/projects/osgscal/ ● GlideinWMS home page ● http://www.uscms.org/SoftwareComputing/Grid/WMS/glideinWMS/ http://www.uscms.org/SoftwareComputing/Grid/WMS/glideinWMS/

24 Madison, Apr 2010Igor Sfiligoi24 Acknowledgements ● Many thanks to the whole Condor team for the continuous support ● And in particular to Dan Bradley and Jaime Frey ● This work was partially supported by ● DoE grant DE-FC02-06ER41436 ● NSF grants PHY-0533280, PHY-0612805 and OCI- 0943725

Download ppt "Madison, Apr 2010Igor Sfiligoi1 Condor World 2010 Condor-G – A few lessons learned by Igor UCSD."

Similar presentations

Jaime Frey Computer Sciences Department University of Wisconsin-Madison OGF 19 Condor Software Forum Routing.

Jaime Frey Computer Sciences Department University of Wisconsin-Madison OGF 19 Condor Software Forum Routing.
Overview of local security issues in Campus Grid environments Bruce Beckles University of Cambridge Computing Service.

Overview of local security issues in Campus Grid environments Bruce Beckles University of Cambridge Computing Service.
NorduGrid Grid Manager developed at NorduGrid project.

NorduGrid Grid Manager developed at NorduGrid project.
Dan Bradley Computer Sciences Department University of Wisconsin-Madison Schedd On The Side.

Dan Bradley Computer Sciences Department University of Wisconsin-Madison Schedd On The Side.
CERN LCG Overview & Scaling challenges David Smith For LCG Deployment Group CERN HEPiX 2003, Vancouver.

CERN LCG Overview & Scaling challenges David Smith For LCG Deployment Group CERN HEPiX 2003, Vancouver.
Part 7: CondorG A: Condor-G B: Laboratory: CondorG.

Part 7: CondorG A: Condor-G B: Laboratory: CondorG.
CMS Applications Towards Requirements for Data Processing and Analysis on the Open Science Grid Greg Graham FNAL CD/CMS for OSG Deployment 16-Dec-2004.

CMS Applications Towards Requirements for Data Processing and Analysis on the Open Science Grid Greg Graham FNAL CD/CMS for OSG Deployment 16-Dec-2004.
GRID workload management system and CMS fall production Massimo Sgaravatto INFN Padova.

GRID workload management system and CMS fall production Massimo Sgaravatto INFN Padova.
Expanding scalability of LCG CE A.Kiryanov, PNPI.

Expanding scalability of LCG CE A.Kiryanov, PNPI.
OSG End User Tools Overview OSG Grid school – March 19, 2009 Marco Mambelli - University of Chicago A brief summary about the system.

OSG End User Tools Overview OSG Grid school – March 19, 2009 Marco Mambelli - University of Chicago A brief summary about the system.
GRAM: Software Provider Forum Stuart Martin Computational Institute, University of Chicago & Argonne National Lab TeraGrid 2007 Madison, WI.

GRAM: Software Provider Forum Stuart Martin Computational Institute, University of Chicago & Argonne National Lab TeraGrid 2007 Madison, WI.
Grid Resource Allocation and Management (GRAM) Execution management Execution management –Deployment, scheduling and monitoring Community Scheduler Framework.

Grid Resource Allocation and Management (GRAM) Execution management Execution management –Deployment, scheduling and monitoring Community Scheduler Framework.
Campus Grids Report OSG Area Coordinator’s Meeting Dec 15, 2010 Dan Fraser (Derek Weitzel, Brian Bockelman)

Campus Grids Report OSG Area Coordinator’s Meeting Dec 15, 2010 Dan Fraser (Derek Weitzel, Brian Bockelman)
Scalable Systems Software Center Resource Management and Accounting Working Group Face-to-Face Meeting October 10-11, 2002.

Scalable Systems Software Center Resource Management and Accounting Working Group Face-to-Face Meeting October 10-11, 2002.
GRAM5 - A sustainable, scalable, reliable GRAM service Stuart Martin - UC/ANL.

GRAM5 - A sustainable, scalable, reliable GRAM service Stuart Martin - UC/ANL.
Use of Condor on the Open Science Grid Chris Green, OSG User Group / FNAL Condor Week, April 30 2008.

Use of Condor on the Open Science Grid Chris Green, OSG User Group / FNAL Condor Week, April
Evolution of the Open Science Grid Authentication Model Kevin Hill Fermilab OSG Security Team.

Evolution of the Open Science Grid Authentication Model Kevin Hill Fermilab OSG Security Team.
Open Science Grid OSG CE 0.6.0 Quick Install Guide Siddhartha E.S University of Florida.

Open Science Grid OSG CE Quick Install Guide Siddhartha E.S University of Florida.
Www.cs.wisc.edu/Condor Condor-G A Quick Introduction Alan De Smet Condor Project University of Wisconsin - Madison.

Condor-G A Quick Introduction Alan De Smet Condor Project University of Wisconsin - Madison.
July 11-15, 2005Lecture3: Grid Job Management1 Grid Compute Resources and Job Management.

July 11-15, 2005Lecture3: Grid Job Management1 Grid Compute Resources and Job Management.

Similar presentations

Ads by Google