addressing the pilot security problem with glexec - from chep 2007
DESCRIPTION
This talk from 2007 provides an overview why Grid-based pilot infrastructures need a tool like glexec. Also provides statistics of its use in 2007.TRANSCRIPT
![Page 1: Addressing the Pilot Security Problem with gLExec - from CHEP 2007](https://reader033.vdocuments.net/reader033/viewer/2022051611/54b6bcc14a7959fa048b45c0/html5/thumbnails/1.jpg)
CHEP'07 Sep 6th, 2007 Pilot Security with gLExec by I. Sfiligoi 1
CHEP 2007
Addressing the Pilot Security Problem With gLExec
by I. Sfiligoi (Fermilab)
in collaboration withD. Yocum (Fermilab)O. Koeroo (NIKHEF)
G. Venekamp (NIKHEF)
![Page 2: Addressing the Pilot Security Problem with gLExec - from CHEP 2007](https://reader033.vdocuments.net/reader033/viewer/2022051611/54b6bcc14a7959fa048b45c0/html5/thumbnails/2.jpg)
CHEP'07 Sep 6th, 2007 Pilot Security with gLExec by I. Sfiligoi 2
Security in the Grid
Grid Site n
Grid Site 1
Grid site k
LocalQueue
LocalQueueGatekeepers decide who to let in
Each user runs ina different sandbox
![Page 3: Addressing the Pilot Security Problem with gLExec - from CHEP 2007](https://reader033.vdocuments.net/reader033/viewer/2022051611/54b6bcc14a7959fa048b45c0/html5/thumbnails/3.jpg)
CHEP'07 Sep 6th, 2007 Pilot Security with gLExec by I. Sfiligoi 3
Pilots and the Grid (1)
Grid Site n
Grid Site 1
Grid site k
LocalQueue
LocalQueue
VOQueue
VO pilotfactory
Gatekeepers know only about the pilots Pilots decide
what jobs to run
Pilots and all usersrun sharing the samelocal identity
![Page 4: Addressing the Pilot Security Problem with gLExec - from CHEP 2007](https://reader033.vdocuments.net/reader033/viewer/2022051611/54b6bcc14a7959fa048b45c0/html5/thumbnails/4.jpg)
CHEP'07 Sep 6th, 2007 Pilot Security with gLExec by I. Sfiligoi 4
Pilots and the Grid (2)
Grid Site n
Grid Site 1
Grid site i
LocalQueue
LocalQueue
VOQueue
VO pilotfactory
Gatekeepers know only about the pilots Pilots decide
what jobs to run
Pilots and all usersrun sharing the samelocal identity
Pilots may run jobs from unwanted users
OK for sites that trust the VO as a wholebut some sites need finer grained control
![Page 5: Addressing the Pilot Security Problem with gLExec - from CHEP 2007](https://reader033.vdocuments.net/reader033/viewer/2022051611/54b6bcc14a7959fa048b45c0/html5/thumbnails/5.jpg)
CHEP'07 Sep 6th, 2007 Pilot Security with gLExec by I. Sfiligoi 5
Pilots and the Grid (3)
Grid Site n
Grid Site 1
Grid site i
LocalQueue
LocalQueue
VOQueue
VO pilotfactory
Gatekeepers know only about the pilots Pilots decide
what jobs to run
Pilots and all usersrun sharing the samelocal identity
Users can steal or corrupt each other's data,
if running on the same node
Any user can impersonate the pilot job
![Page 6: Addressing the Pilot Security Problem with gLExec - from CHEP 2007](https://reader033.vdocuments.net/reader033/viewer/2022051611/54b6bcc14a7959fa048b45c0/html5/thumbnails/6.jpg)
CHEP'07 Sep 6th, 2007 Pilot Security with gLExec by I. Sfiligoi 6
Pilots and the Grid (4)
● Pilots can be a problem for both the Grid sites and pilot owners
● Grid sites– Who is running– Who to hold accountable– Reject jobs from unwanted users
● Pilot owners– Protect its infrastructure from malicious users– Protect users from each other– Avoid being held accountable for user's actions
![Page 7: Addressing the Pilot Security Problem with gLExec - from CHEP 2007](https://reader033.vdocuments.net/reader033/viewer/2022051611/54b6bcc14a7959fa048b45c0/html5/thumbnails/7.jpg)
CHEP'07 Sep 6th, 2007 Pilot Security with gLExec by I. Sfiligoi 7
The (simplified) life of a pilot jobValidate node
Fetch userjob and credentials
Any jobsin queue?
Execute job
Return output
Cleanup job area
Cleanup pilot area
Terminate
yes
no
![Page 8: Addressing the Pilot Security Problem with gLExec - from CHEP 2007](https://reader033.vdocuments.net/reader033/viewer/2022051611/54b6bcc14a7959fa048b45c0/html5/thumbnails/8.jpg)
CHEP'07 Sep 6th, 2007 Pilot Security with gLExec by I. Sfiligoi 8
Introducing gLExec
● A x509 aware (apache) suExec equivalent● Given a proxy and a binary
– authenticates and authorizes
– changes UID/GID
– executes the binary
● Necessarily owned by rootand suided– Not a daemon
Pilot job
User job
gLExec
User proxy +user job executable
Sitepolicies
![Page 9: Addressing the Pilot Security Problem with gLExec - from CHEP 2007](https://reader033.vdocuments.net/reader033/viewer/2022051611/54b6bcc14a7959fa048b45c0/html5/thumbnails/9.jpg)
CHEP'07 Sep 6th, 2007 Pilot Security with gLExec by I. Sfiligoi 9
Pilots with gLExec (1)
Grid Site n
Grid Site 1
Grid site k
LocalQueue
LocalQueue
VOQueue
VO pilotfactory
Sites decide who to let run
Pilots and users run indifferent sandboxes
![Page 10: Addressing the Pilot Security Problem with gLExec - from CHEP 2007](https://reader033.vdocuments.net/reader033/viewer/2022051611/54b6bcc14a7959fa048b45c0/html5/thumbnails/10.jpg)
CHEP'07 Sep 6th, 2007 Pilot Security with gLExec by I. Sfiligoi 10
Pilots with gLExec (2)
Grid Site n
Grid Site 1
Grid site i
LocalQueue
LocalQueue
VOQueue
VO pilotfactory
Sites decide who to let run
Pilots and users run indifferent sandboxes
Like having a gatekeeper on every WN
VO still in chargeof job scheduling
![Page 11: Addressing the Pilot Security Problem with gLExec - from CHEP 2007](https://reader033.vdocuments.net/reader033/viewer/2022051611/54b6bcc14a7959fa048b45c0/html5/thumbnails/11.jpg)
CHEP'07 Sep 6th, 2007 Pilot Security with gLExec by I. Sfiligoi 11
The need for centralized authorization
● With gLExec used by Pilots, sites can have thousands of decision points– A centralized authorization infrastructure helps
keep consistency
● Open Science Grid (OSG) has GUMS/PRIMA– A PRIMA gLExec module exists
Grid SiteLocalQueue
GUMS
![Page 12: Addressing the Pilot Security Problem with gLExec - from CHEP 2007](https://reader033.vdocuments.net/reader033/viewer/2022051611/54b6bcc14a7959fa048b45c0/html5/thumbnails/12.jpg)
CHEP'07 Sep 6th, 2007 Pilot Security with gLExec by I. Sfiligoi 12
gLExec deployment @ Fermilab
● The PRIMA plugin for gLExec was jointly developed by the NIKHEF and Fermilab groups
● Fermilab was the first OSG site to install gLExec on the worker nodes– First release in Oct'06
– Current release deployed in May'07
![Page 13: Addressing the Pilot Security Problem with gLExec - from CHEP 2007](https://reader033.vdocuments.net/reader033/viewer/2022051611/54b6bcc14a7959fa048b45c0/html5/thumbnails/13.jpg)
CHEP'07 Sep 6th, 2007 Pilot Security with gLExec by I. Sfiligoi 13
gLExec/GUMS @ Fermilab
● gLExec deployed and used on more than 500 nodes– Primary user is CDF
● GUMS shown to be very scalable– Routinely handling
more than 500k requests per day
– gLExec contributing for at most 20k
w/gLExec w/gLExecno gLExecno gLExec
![Page 14: Addressing the Pilot Security Problem with gLExec - from CHEP 2007](https://reader033.vdocuments.net/reader033/viewer/2022051611/54b6bcc14a7959fa048b45c0/html5/thumbnails/14.jpg)
CHEP'07 Sep 6th, 2007 Pilot Security with gLExec by I. Sfiligoi 14
gLExec in OSG
● gLExec with PRIMA plugin has been incorporated in VDT 1.8
● OSG sites will be encouraged to deploy it with the upcoming OSG 0.8.0 release
![Page 15: Addressing the Pilot Security Problem with gLExec - from CHEP 2007](https://reader033.vdocuments.net/reader033/viewer/2022051611/54b6bcc14a7959fa048b45c0/html5/thumbnails/15.jpg)
CHEP'07 Sep 6th, 2007 Pilot Security with gLExec by I. Sfiligoi 15
gLExec monitoring
● gLExec keeps a log of all authorization requests– The DN and FQAN of the proxy
– PID of the calling process
– (Sub)processes spawned
– Start times and end times
● Gratia probe uses this data– Gives accounting the real user identity
![Page 16: Addressing the Pilot Security Problem with gLExec - from CHEP 2007](https://reader033.vdocuments.net/reader033/viewer/2022051611/54b6bcc14a7959fa048b45c0/html5/thumbnails/16.jpg)
CHEP'07 Sep 6th, 2007 Pilot Security with gLExec by I. Sfiligoi 16
Summary● Pilots are becoming a reality
– But are introducing new problems
● Yesterday's Grid security mechanisms are not enough anymore– Site admins want fine grained control
– Pilot owners want OS level protection
● gLExec can help solve the technical problems● Fermilab experience positive,
waiting for wide OSG deployment
![Page 17: Addressing the Pilot Security Problem with gLExec - from CHEP 2007](https://reader033.vdocuments.net/reader033/viewer/2022051611/54b6bcc14a7959fa048b45c0/html5/thumbnails/17.jpg)
CHEP'07 Sep 6th, 2007 Pilot Security with gLExec by I. Sfiligoi 17
CHEP 2007Pilot Security with gLExec
Backup slides
![Page 18: Addressing the Pilot Security Problem with gLExec - from CHEP 2007](https://reader033.vdocuments.net/reader033/viewer/2022051611/54b6bcc14a7959fa048b45c0/html5/thumbnails/18.jpg)
CHEP'07 Sep 6th, 2007 Pilot Security with gLExec by I. Sfiligoi 18
gLExec jobs a day @ FNAL
fcdfosg1
fcdfosg2