Presentation is loading. Please wait.

Presentation is loading. Please wait.

CVMFS: Software Access Anywhere Dan Bradley Any data, Any time, Anywhere Project.

Published byHilda Watts Modified over 8 years ago

Similar presentations

Presentation on theme: "CVMFS: Software Access Anywhere Dan Bradley Any data, Any time, Anywhere Project."— Presentation transcript:

1 CVMFS: Software Access Anywhere Dan Bradley dan@hep.wisc.edudan@hep.wisc.edu Any data, Any time, Anywhere Project

2 Outline Benefits of CVMFS to campus grid Installing FUSE client Using Parrot client (non-root) A glideinWMS plugin Existing repositories Hosting your own repository Some best practices Dan Bradley2

3 What is CVMFS? Network filesystem Read-only POSIX interface – FUSE mounted Fetches files via http – Verifies data integrity Aggressive caching – Local disk – Web proxies /cvmfs/MyRepo httpd0 httpd1 httpd2 SQUID local cache CVMFS FUSE client 3Dan Bradley

4 Benefits of CVMFS to Campus Grids Well suited for software distribution: – Easily scalable Local disk cache for repeated access Add more web proxies as needed – Highly available Robust error handling (failover, offline mode) Add more repository mirrors as needed – Secure access over untrusted networks Strong security mechanisms for data integrity – Works across administrative domains Including unprivileged environments (Parrot) Dan Bradley4

5 Truth in Advertising Young project Active development Small team Set expectations accordingly! – e.g. server component rarely used outside CERN, so more rough edges than client, which is used by many LHC sites Dan Bradley5

6 Getting the FUSE Client 1.Install rpm 2.Tell it which http proxies to use 3.Allocate cache space 4.Enable desired repositories Dan Bradley6

7 Installing FUSE Client RPMs are available from CERN and OSG CERN: http://cernvm.cern.ch/portal/filesystem http://cernvm.cern.ch/portal/filesystem OSG: https://twiki.grid.iu.edu/bin/view/Documentation/Release3/InstallCvmfs https://twiki.grid.iu.edu/bin/view/Documentation/Release3/InstallCvmfs Dan Bradley7

8 What if I am not root? Parrot Virtual Filesystem – No root privileges required – Works as job wrapper parrot_run /cvmfs/repo/MyProgram … See http://www.nd.edu/~ccl/software/parrot/http://www.nd.edu/~ccl/software/parrot/ Dan Bradley8

9 Example Parrot Setup $ wget http://www.nd.edu/~ccl/software/files/cctools-3.6.1-x86_64- redhat5.tar.gz $ tar xzf cctools-3.6.1-x86_64-redhat5.tar.gz $ export PATH=`pwd`/cctools-3.6.1-x86_64-redhat5/bin:$PATH $ export HTTP_PROXY=frontier01.hep.wisc.edu:3128 $ parrot_run bash bash-3.2$ ls /cvmfs/grid.cern.ch 3.1.22-0 3.1.39-0 3.1.41-0 3.1.45-03.2.11-1 default etcglite Dan Bradley9

10 Parrot Performance Cost Experience in CMS: For typical CMS jobs, running under Parrot is not much slower Your mileage may vary – Assume 5% performance hit until proven otherwise

11 Parrot Cache CVMFS local cache is in parrot tmp area – Default: /tmp/parrot. – Only one instance of parrot can use it at a time! – Override with parrot_run –t e.g. batch job could put it in per-job tmp dir Comparison to FUSE CVMFS – Local cache not shared between batch slots So uses more bandwidth and disk space – If cache deleted after job runs, successive jobs in same slot must start from scratch Could be a problem for short jobs (e.g. O(1) minute jobs) Dan Bradley11

12 Accessing Multiple Repositories Not efficient in current implementation – Considered an experimental feature – Disallowed by default – But should be ok for occasional switching from one repository to another, say < 0.1 Hz To enable multi-repository access in a single parrot session: export PARROT_ALLOW_SWITCHING_CVMFS_REPOSITORIES=1 Dan Bradley12

13 Accessing Other Repositories By default, Parrot knows about the CERN repositories Can configure Parrot to access other repositories export PARROT_CVMFS_REPO=cms.hep.wisc.edu:pubkey=/path/to/cms. hep.wisc.edu.pub,url=http://cvmfs01.hep.wisc.edu/cvmfs/cms.hep.w isc.edu (Or use equivalent parrot_run –r option.) See Parrot user’s manual for more cvmfs options – e.g. local cache quota Dan Bradley13

14 Use-case: FUSE CVMFS at home, glidein+Parrot abroad Idea: – Job can expect uniform CVMFS access wherever it lands – No need to modify job code for different environments Campus machines we administer OSG machines we don’t administer Dan Bradley14

15 A glideinWMS Job Wrapper If job says it requires CVMFS – Wraps job in parrot – Uses site squid, if possible – Otherwise, need a friendly squid at home May limit scalability Access control? See https://github.com/dcbradley/parrot_glidein_ wrapper https://github.com/dcbradley/parrot_glidein_ wrapper Dan Bradley15

16 glideinWMS CVMFS local cache Two cases: – Using glexec Each job has its own disk cache Deleted when job exits – Not using glexec Cache is saved for lifespan of glidein May improve efficiency for very short jobs Do we need glexec? – Wrapper uses Parrot’s identity boxing feature Provides privilege separation between job and glidein But cannot be 100% trusted yet due to wrapper running in user-controlled environment – work in progress Dan Bradley16

17 glideinWMS parrot_cfg # configure parrot cvmfs options # Here we just set the local cache quota # Only default (CERN) repositories are enabled here PARROT_CVMFS_REPO=" :quota_limit=4000,quota_threshold=2000" # central proxies to use for CVMFS if the local site proxy cannot be used CVMFS_PROXIES="http://cache01.example.edu:8001|http://cache02.example:8001" # CVMFS repository to use to test site web proxy CVMFS_TEST_REPO="http://cvmfs-stratum-one.cern.ch/opt/cms" # path to test to validate cvmfs access CVMFS_TEST_PATH=/cvmfs/cms.cern.ch # If true and parrot can't access CVMFS_TEST_PATH, abort glidein startup. GlideinRequiresParrotCVMFS=false # If true, all jobs are wrapped with parrot, regardless of job's RequireCVMFS attribute. GlideinAlwaysUseParrotWrapper=false Dan Bradley17

18 Example glideinWMS job # tell glidein to wrap the job in parrot # (only relevant if glidein config makes this feature optional) +RequiresCVMFS = True Executable = my_program Output = stdout Error = stderr Queue Dan Bradley18

19 Existing Repositories CERN repositories http://cernvm.cern.ch/portal/cvmfs/examples grid.cern.ch, cms.cern.ch, atlas.cern.ch, etc. http://cernvm.cern.ch/portal/cvmfs/examples OASIS – OSG project under development – VOs may publish files in repository hosted by OSG – Alternative to maintaining files in OSG_APP at all target sites Wisconsin OSG_APP (GLOW OSG site) – VOs write to it like any other OSG_APP Dan Bradley19

20 CVMFS Server Only needed if you wish to create your own repository Lightweight service – Kernel module to detect updates – Program to prepare published files – httpd to serve files – Most I/O done by proxies May also want a mirror server – httpd + periodic sync of repository files Dan Bradley20

21 Managing the Repository Simple case: one software maintainer (cvmfs user) – Updates software tree – Triggers cvmfs publication step – New files show up on clients an hour later (or less) Dan Bradley21

22 Managing the Repository More complicated scenario: implementing OSG_APP with CVMFS – There are many software maintainers – We don’t want them to have to trigger publication Tried periodically running publication – Caused long delays and/or write errors to software maintainers operating at time of publication Instead, using periodic rsync from user- maintained tree into cvmfs software tree – Then publish to cvmfs – Software maintainers are never blocked Dan Bradley22

23 Wisconsin OSG_APP Repository 23 web files httpd CVMFS “shadow tree” writeable tree cvmfs_server publish rsync cvmfs01.hep.wisc.edu web files httpd cvmfs_pull cvmfs03.hep.wisc.edu CE: osggrid01.hep.wisc.edu nfs mount /cvmfs/cms.hep.wisc.edu /cvmfs/pub/cms.hep.wisc.edu worker node /cvmfs/cms.hep.wisc.edu local cache OSG glidein /cvmfs/cms.hep.wisc.edu parrot local cache SQUID cache01

24 Some CVMFS Best Practices Following examples are for HTCondor – Ideas are more general Dan Bradley24

25 Integrating with HTCondor: health check Problem: job runs and fails on machine with broken CVMFS – e.g. cache is on broken/full filesystem How to avoid such black holes: – startd cron job tests for working cvmfs – Publishes MyRepo_CVMFS_Exists = True Actual expression: ifThenElse(isUndefined(LastHeardFrom),CurrentTime,LastHe ardFrom) - 1352866188 < 3600 True until test expires in 1 hour – Job requires TARGET.MyRepo_CVMFS_Exists == True Dan Bradley25

26 check_cvmfs startd cron job See https://github.com/dcbradley/startd_cronhttps://github.com/dcbradley/startd_cron – Basic functional test – Monitor cache space Important if cache does not have its own dedicated partition – Advertise current CVMFS catalog version Dan Bradley26

27 Integration with HTCondor: stale FS Problem: job runs and fails on machine that does not yet see latest cvmfs contents How to avoid this race condition: – startd cron job publishes catalog version: MyRepo_CVMFS_Revision = 4162 – Job should require execute node revision >= submit node revision For OSG jobs, we do this in condor.pm Dan Bradley27

28 Example Job # set the following to output of command: # attr -q -g revision /cvmfs/myrepo +SubmitNodeCVMFSRevision = 1234 Requirements = TARGET.MyRepo_CVMFS_Exists && TARGET.MyRepo_CVMFS_Revision >= SubmitNodeCVMFSRevison Dan Bradley28

29 Links CVMFS website: http://cernvm.cern.ch/portal/filesystem http://cernvm.cern.ch/portal/filesystem Parrot website: http://www.nd.edu/~ccl/software/parrot/ http://www.nd.edu/~ccl/software/parrot/ Parrot CVMFS job wrapper for glideinWMS https://github.com/dcbradley/parrot_glidein_wr apper https://github.com/dcbradley/parrot_glidein_wr apper CVMFS OSG_APP implementation https://github.com/dcbradley/cvmfs_osg_app https://github.com/dcbradley/cvmfs_osg_app HTCondor cvmfs startd cron script https://github.com/dcbradley/startd_cron https://github.com/dcbradley/startd_cron Dan Bradley29

Download ppt "CVMFS: Software Access Anywhere Dan Bradley Any data, Any time, Anywhere Project."

Similar presentations

CERN LCG Overview & Scaling challenges David Smith For LCG Deployment Group CERN HEPiX 2003, Vancouver.

CERN LCG Overview & Scaling challenges David Smith For LCG Deployment Group CERN HEPiX 2003, Vancouver.
Overview of Wisconsin Campus Grid Dan Bradley Center for High-Throughput Computing.

Overview of Wisconsin Campus Grid Dan Bradley Center for High-Throughput Computing.
Andrew McNab - EDG Access Control - 14 Jan 2003 EU DataGrid security with GSI and Globus Andrew McNab University of Manchester

Andrew McNab - EDG Access Control - 14 Jan 2003 EU DataGrid security with GSI and Globus Andrew McNab University of Manchester
Grid and CDB Janusz Martyniak, Imperial College London MICE CM37 Analysis, Software and Reconstruction.

Grid and CDB Janusz Martyniak, Imperial College London MICE CM37 Analysis, Software and Reconstruction.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 5: Managing File Access.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 5: Managing File Access.
Implementing ISA Server Caching. Caching Overview ISA Server supports caching as a way to improve the speed of retrieving information from the Internet.

Implementing ISA Server Caching. Caching Overview ISA Server supports caching as a way to improve the speed of retrieving information from the Internet.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 8: Implementing and Managing Printers.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 8: Implementing and Managing Printers.
Efficiently Sharing Common Data HTCondor Week 2015 Zach Miller Center for High Throughput Computing Department of Computer Sciences.

Efficiently Sharing Common Data HTCondor Week 2015 Zach Miller Center for High Throughput Computing Department of Computer Sciences.
1 Bridging Clouds with CernVM: ATLAS/PanDA example Wenjing Wu 2010-8-27.

1 Bridging Clouds with CernVM: ATLAS/PanDA example Wenjing Wu
CVMFS: Software Access Anywhere Dan Bradley Any data, Any time, Anywhere Project.

CVMFS: Software Access Anywhere Dan Bradley Any data, Any time, Anywhere Project.
1 Introduction to Tool chains. 2 Tool chain for the Sitara Family (but it is true for other ARM based devices as well) A tool chain is a collection of.

1 Introduction to Tool chains. 2 Tool chain for the Sitara Family (but it is true for other ARM based devices as well) A tool chain is a collection of.
Experiences Deploying Xrootd at RAL Chris Brew (RAL)

Experiences Deploying Xrootd at RAL Chris Brew (RAL)
Open Science Grid Software Stack, Virtual Data Toolkit and Interoperability Activities D. Olson, LBNL for the OSG www.opensciencegrid.org International.

Open Science Grid Software Stack, Virtual Data Toolkit and Interoperability Activities D. Olson, LBNL for the OSG International.
A. Mohapatra, HEPiX 2013 Ann Arbor1 UW Madison CMS T2 site report D. Bradley, T. Sarangi, S. Dasu, A. Mohapatra HEP Computing Group Outline  Infrastructure.

A. Mohapatra, HEPiX 2013 Ann Arbor1 UW Madison CMS T2 site report D. Bradley, T. Sarangi, S. Dasu, A. Mohapatra HEP Computing Group Outline  Infrastructure.
HTCondor workflows at Utility Supercomputing Scale: How? Ian D. Alderman Cycle Computing.

HTCondor workflows at Utility Supercomputing Scale: How? Ian D. Alderman Cycle Computing.
Rsv-control Marco Mambelli – Site Coordination meeting October 1, 2009.

Rsv-control Marco Mambelli – Site Coordination meeting October 1, 2009.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 5: Managing File Access.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 5: Managing File Access.
SRM at Clemson Michael Fenn. What is a Storage Element? Provides grid-accessible storage space. Is accessible to applications running on OSG through either.

SRM at Clemson Michael Fenn. What is a Storage Element? Provides grid-accessible storage space. Is accessible to applications running on OSG through either.
1 Dynamic Application Installation (Case of CMS on OSG) Introduction CMS Software Installation Overview Software Installation Issues Validation Considerations.

1 Dynamic Application Installation (Case of CMS on OSG) Introduction CMS Software Installation Overview Software Installation Issues Validation Considerations.
OSG Site Provide one or more of the following capabilities: – access to local computational resources using a batch queue – interactive access to local.

OSG Site Provide one or more of the following capabilities: – access to local computational resources using a batch queue – interactive access to local.

Similar presentations

Ads by Google