© 2008 pittsburgh supercomputing center wan-lustre with kerberos authentication thursday, august...
TRANSCRIPT
© 2008 Pittsburgh Supercomputing Center
WAN-LUSTRE WITH KERBEROS AUTHENTICATION
Thursday, August 14, 2008Ben Bennett
Josephine PalenciaJ. Ray Scott
UPDATE
© 2008 Pittsburgh Supercomputing Center
WAN-LUSTRE WITH KERBEROS AUTHENTICATION
– Introduction– Current Status– How it Looks– Summary– References
© 2008 Pittsburgh Supercomputing Center
INTRODUCTION
MDSMDSOSSOSS OSSOSS OSSOSS
MGSMGS
ClientsClients
Kerberos-enabled
• Lustre Components– Servers
• Management Configuration Server (MGS)
– Mount point
• Meta Data Server (MDS)– Directory structure
• Object Storage Server (OSS)
– Content
– Clients
© 2008 Pittsburgh Supercomputing Center
INTRODUCTION
• Kerberos Components– Servers and clients authenticate with each other
• MGS is in TERAGRID.ORG• MDS, OSS and Clients are in realm local to RP site
– Users authenticate to TERAGRID.ORG realm• Cross-site from local hosts with Lustre id-mapping• TG portal access
– WAN Lustre user directories reside in TERAGRID.ORG realm, which already exists
• Development– Contribute bug fixes to Lustre software base– Be on the SUN/CFS Lustre roadmap
© 2008 Pittsburgh Supercomputing Center
CURRENT STATUS
• Mountable WAN Lustre fs with Kerberos enabled on the TERAGRID– Mount -t lustre mgs.teragrid.org@tcp0:/testfs /lustre-wanMount -t lustre mgs.teragrid.org@tcp0:/testfs /lustre-wan
• Components (for test deployment)– mgs.teragrid.org in TERAGRID.ORG kerberos realm– [mds00w, oss00w, oss01w].psc.teragrid.org in PSC.EDU– Other RP site systems will use their local kerberos realm for
• oss deployment• clients
© 2008 Pittsburgh Supercomputing Center
HOW IT LOOKS
PSC.EDU
MDS OSS1
RP-n
mgs.teragrid.org@tcp0:/testfs /lustre-kw
RP.ANY.EDURP.TERAGRID.ORG
OSS3
OSS2
TERAGRID.ORG
MGS
© 2008 Pittsburgh Supercomputing Center
JOIN IN
• Use latest Lustre v. 1.9.50+• Sites arrange to have keys/keytabs with PSC
© 2008 Pittsburgh Supercomputing Center
SUMMARY
• RP resident OSS's provides local performance from WAN Lustre
• Certificate access to WAN Lustre via pkinit• TG User Portal users get TERAGRID.ORG ticket
automatically– Portlets can access WAN Lustre “for free”
© 2008 Pittsburgh Supercomputing Center
REFERENCETeragrid advanced lustre-wan features Wiki
http:// www.teragridforum.org/mediawiki/index.php?title=Lustre-wan:_advanced_features_testing