paralelno i distribuirano računarstvo – primena u praksi beograd 24-25. jun 2008. grid -...

Acad

em

ic a

nd E

ducat ional Gr id Init iat ive o

f Serbia

A E G I S

Paralelno i distribuirano računarstvo – primena u praksi

Beograd24-25. jun 2008.

Grid - korisnicki pristup i razvoj aplikacija

Branko Marović RCUB

A E G I S


AEGIS Certification AEGIS Certification AuthorityAuthority

http://aegis-ca.rcub.bg.ac.yu/ Primljen u EUGridPMA na skupu u Istanbulu 31.5.2007. AEGIS CA Certificate Policy and Certification Practice

Statement RAs

Faculty of Electronic Engineering Institute of Physics CSASA University of Kragujevac University u Priština (Kosovska Mitorvica)

A E G I S


AEGIS Certification AEGIS Certification AuthorityAuthority Names

Issuer: C=RS, O=AEGIS, CN=AEGIS-CA Subject: C=RS, O=AEGIS, OU=XXX, CN=Subject-name Country: Must be “RS” Organization: Must be “AEGIS” OrganizationUnit: Must be the name of the subject's

institute CommonName: First name and last name of the subject for

user certificates, DNS FQDN for server or service certificates

End Entity Certificates Maximum lifetime: 1 year Key length: at least 1024 bits

Person requesting a certificate Presentation in person of valid official identification

document Server/Host/Service certificate

Can be only requested by the administrator of the particular host

The administrator must already have a valid AEGIS certificate

A E G I S


Izdavanje prvog sertifikataIzdavanje prvog sertifikata Instrukcije na http://aegis-ca.rcub.bg.ac.yu/ Formirati PKCS#10 zahtev na nekom od AEGIS UI

računara Osoba se vezuje za sertifikat kroz par e-mail

interakcija, pojavljivanje kod AEGIS CA ili RA sa validnim dokumentom za ličnu identifikaciju i dokazom veze sa institucijom navedenom u zahtevu.

Korisnik treba da u roku od 5 dana pošalje e-mail potpisan dobijenim sertifikatom kojim prihvata svoj novi sertifikat i CP/CPS dokumenat

Korisnik svoj sertifikat može koristiti za pristup Grid-u, za potpisivanje e-mail-ova, autentifikaciju preko Web-a i enkripciju podataka. Može sertifikat koristiti kroz AEGIS i SEE-GRID VOMS server

Objašnjenje ključnih koncepata http://www-unix.globus.org/toolkit/docs/4.0/security/

key-index.html

A E G I S


AEGIS CA Root sertifikat za AEGIS CA Root sertifikat za IE/Outlook (Express)IE/Outlook (Express)

http://aegis-ca.rcub.bg.ac.yu/root_ca_certificate.htm Otvoriti link za sertifikat u CRT formatu i odabrati “Open” Izabrati opciju “Install certificate” Slediti instrukcije u “Certificate Import Wizard”

A E G I S


Ubacivanje korisniUbacivanje korisniččkogkog sertifikata u Outlook Expresssertifikata u Outlook Express

Konvertovati korisnički sertifikat u pkcs#12 format U Outlook Express-u u “Tools / Security” odabrati “Security” tab,

kliknuti na “Digital IDs…”, kliknuti na “Import…” Slediti instrukcije u “Certificate Import Wizard”

A E G I S


Ubacivanje korisničkog Ubacivanje korisničkog sertifikata u Internet Explorersertifikata u Internet Explorer

U ranijim koracima je Root sertifikat već importovan, a korisnički sertifikat konvertovan u pkcs#12 format

U Internet Explorer-u u “File / Open” otvoriti pkcs#12 sertifikat Slediti instrukcije u “Certificate Import Wizard”

A E G I S


Registracija na VOMS Registracija na VOMS serveruserveru

Instrukcije nahttp://aegis-ca.rcub.bg.ac.yu/instructions_voms.html

Za registraciju je neophodno da sertifikat prethodno bude uvežen u browser:http://aegis-ca.rcub.bg.ac.yu/instructions_imp.html

Otvoriti Web stranu VOMS servera AEGIS VO: https://voms.phy.bg.ac.yu:8443/voms/aegis/ SEEGRID VO: https://voms.irb.hr:8443/voms/seegrid/

Nudi se izbor sertifikata/ključa za pristup i potpisivanje

A E G I S


Registracija na VOMS Registracija na VOMS serveruserveru

Posle utvrđenog identiteta potrebno je popuniti web formular sa podacima za kontakt i o ustanovi

Slediti dalje instrukcije putem e-mail-a, koje treba izvršiti u roku od 24 sata – može se tražiti provera veze sa institucijom članicom VO ako se ne vidi na osnovu sertifikata

A E G I S


Izdavanje narednih Izdavanje narednih sertifikatasertifikata Zahtevi za re-key sertifikata koji su potpisani

važećim sertifikatom izdatim od CA akreditovanim od EUGridPMA će biti potpisani bez prethodne procedure jer je identitet korisnika već utvrđen.

Korišćeni sertifikat i zahtev treba da se odnose na istu osobu, e-mail i instituciju.

CA/RA i dalje mora da proveri da li osoba ima vezu sa institucijom navedenom u zahtevu – dovoljno je da je e-mail institucionalni.

A E G I S


Generisanje sertifikata Generisanje sertifikata i sigurnosti sigurnostSertifikati i ključevi Rooot AEGIS-CA sertifikat se čuva na više prenosivih medijuma na

sigurnoj lokaciji Koriste se lozinke od bar 15 karaktera. CA manager i CA operater

jedini znaju root password. Sertifikati se generišu na izolovanom računaru, u kancelariji sa

ograničenim pristupom. Čuva se lista generisanih sertifikata.CA računar Na računaru je instaliran CentOS operativni sistem sa minimumom

servisa - apliciraju se sve security zakrpe. Jedina korisnička aplikacija CSP (Cryptographic Service Provider)

softver Vrši se nadyor i praćene eventualnih modifikacija softvera. Računar ima CD-RW uređaj i USB konektore za backup. Hard disk se stavlja u HDD rack, čuva se na sigurnoj lokaciji. Vrši se backup na CD-ROM i USB flash-u koji se takođe čuvaju

sigurnoj lokaciji. Postojaće i off-site backup.CA Sajt Na CA sajtu je omogućena isključivo pretraga (ne i listanje) izdatih

sertifikata. Kada se sertifikat povuče, obnavlja se CRL, koja se odmah objavljuje

na CA sajtu. CRL se takodje obnavlja na svakih 30 dana, bez obzira da li je bilo povučenih sertifikata.

A E G I S


EventsEvents Recorded events

Certification requests Issued certificates Requests for revocation Issued CRL’s Login/logout/reboot of the signing machine

Archived events Certification requests Issued certificates Requests for revocation Issued CRL’s All e-mail messages of correspondence between RA

and CA

A E G I S


CA KontaktCA Kontakt

http://aegis-ca.rcub.bg.ac.yu/

University of Belgrade Computer CenterKumanovska bbBeograd 126119Serbia

Phone: +381 11 3031257, +381 11 3031258Fax: +381 11 3031259e-mail: [email protected]

Dušan Radovanoviće-mail: [email protected]

http://aegis-ca.rcub.bg.ac.yu/

A E G I S


RA KontaktRA Kontakt Beograd

Antun Balaž

Institut za FizikuScientific Computing LabPregrevica 118Beograd 200423

Phone: +381 11 3162190Fax: +381 11 3713152e-mail: [email protected]

Zaharije Radivojević

Faculty of Electrinic EngineeringBulevar Kralja Aleksandra 73Beograd 135505

Phone: +381 11 3218392e-mail: [email protected]

KragujevacMiloš Ivanović

CSASA University of KragujevacJovana Cvijića b.b.34000 Kragujevac

Phone: +381 34 301920e-mail: [email protected]

UI: local machine on which the user defines his jobs.All commands to the grid are issued from a UI

RB: the heart of the grid. Sends the jobs on the grid and keeps track of them

LB: a SQL database in which each changing of status of a job is registered

CE: the server of a LRMS (LSF, PBS, Torque…)

WN: CPUs that actually execute the jobs

BDII: LDAP database with info on LCG resources

SE: output files are written on storage resources throughout the grid

LFC: files stored on a SE are registered in the catalog

gLite Job WorkflowgLite Job Workflow

A E G I S


gLite Job WorkflowgLite Job Workflow The user defines his job on his User Interface by writing a JDL.

The JDL is submitted to the Resource Broker.

From now on, the RB notifies the L&B about every change in status of the job.

The RB parses the JDL and queries the BDII in order to find the best CE matching the job requirements.

The RB sends the job to the Computing Element proposed by the BDII.

The CE submits the job and sends it to one of the underlying Worker Nodes.

Usually, at the end a job writes its output files to a Storage Element and, if the operation is successful, it registers them in the LFC catalog, so that they’ll be available to all grid users.

The log files are usually sent back to the RB and then to the UI, so that the user can check that the job has really run as expected.

A E G I S


WMProxy commandsWMProxy commands glite-wms-job-list-match

Lists resources matching a job description Performs the matchmaking without submitting the job

glite-wms-job-submit Submits a job for execution

glite-wms-job-cancel Cancels the given job

glite-wms-job-status Displays the status of the job

glite-wms-job-output Returns the job-output (the OutputSandbox files) to the

user glite-wms-job-logging-info

Displays logging information about submitted jobs (all the events “pushed” by the various components of the WMS)

Very useful for debug purposes

A E G I S


Getting proxy certificateGetting proxy certificate

[branko@grid02 branko]$ voms-proxy-init -voms seegrid:/seegrid/RS/App/VIVE

Your identity: /C=RS/O=AEGIS/OU=UOB/CN=Branko MarovicEnter GRID pass phrase:Creating temporary

proxy ...................................... DoneContacting voms.grid.auth.gr:15040

[/C=GR/O=HellasGrid/OU=auth.gr/CN=voms.grid.auth.gr] "seegrid" Done

Creating proxy ......................................................................... Done

Your proxy is valid until Wed Mar 26 04:57:56 2008

[branko@grid02 branko]$ glite-wms-job-delegate-proxy --noint -d VIVE_delegate

Connecting to the service https://wms.phy.bg.ac.yu:7443/glite_wms_wmproxy_server

Your proxy has been successfully delegated to the WMProxy:https://wms.phy.bg.ac.yu:7443/glite_wms_wmproxy_server

with the delegation identifier: VIVE_delegate

A E G I S


Job description Job description languagelanguage

[branko@grid02 branko]$ cat test.jdl Executable = "test_program";Arguments = "Argument value";

StdOutput = "std.out";StdError = "std.err";InputSandbox = {"test_program", "test_data"};OutputSandbox = {"std.out", "std.err"};

[branko@grid02 branko]$ cat test_programdatels -lcat test_data

A E G I S


Site matchingSite matching[branko@grid02 branko]$ glite-wms-job-list-match -d VIVE_delegate test.jdl


COMPUTING ELEMENT IDs LIST The following CE(s) matching your job requirements have been found:

*CEId* - c01.grid.etfbl.net:2119/jobmanager-pbs-seegrid - ce.grid.pmf.unsa.ba:2119/jobmanager-pbs-seegrid - ce.seegridtest.sci.am:2119/jobmanager-pbs-seegrid - ce.ulakbim.gov.tr:2119/jobmanager-lcgpbs-seegrid - ce001.fmi.uni-sofia.bg:2119/jobmanager-lcgpbs-seegrid - ce002.ipp.acad.bg:2119/jobmanager-lcgpbs-seegrid - ce01.isabella.grnet.gr:2119/jobmanager-pbs-seegrid - cluster1.csk.kg.ac.yu:2119/jobmanager-pbs-seegrid - cox01.grid.metu.edu.tr:2119/jobmanager-lcgpbs-seegrid - grid-ce.feit.ukim.edu.mk:2119/jobmanager-lcgpbs-seegrid - grid01.rcub.bg.ac.yu:2119/jobmanager-pbs-seegrid - gw01.seegrid.grid.pub.ro:2119/jobmanager-lcgpbs-seegrid - sn0.hpcc.sztaki.hu:2119/jobmanager-lcgpbs-seegrid - tbit01.nipne.ro:2119/jobmanager-lcgpbs-seegrid - testbed001.grid.ici.ro:2119/jobmanager-pbs-seegrid - ce001.grid.uni-sofia.bg:2119/jobmanager-lcgpbs-seegrid - grid01.elfak.ni.ac.yu:2119/jobmanager-pbs-seegrid - ce01.afroditi.hellasgrid.gr:2119/jobmanager-pbs-seegrid - grid1.irb.hr:2119/jobmanager-pbs-grid - ce001.imbm.bas.bg:2119/jobmanager-lcgpbs-seegrid - yildirim.grid.boun.edu.tr:2119/jobmanager-lcgpbs-seegrid - ce.phy.bg.ac.yu:2119/jobmanager-pbs-seegrid - ce.grid.tuiasi.ro:2119/jobmanager-lcgpbs-seegrid - ce01.grid.renam.md:2119/jobmanager-lcgpbs-seegrid - rti29.etf.bg.ac.yu:2119/jobmanager-pbs-seegrid - ce01.mosigrid.utcluj.ro:2119/jobmanager-pbs-seegrid - ce64.phy.bg.ac.yu:2119/jobmanager-pbs-seegrid - grid-ce.ii.edu.mk:2119/jobmanager-pbs-seegrid - grid01.cg.ac.yu:2119/jobmanager-pbs-seegrid

A E G I S


Job submissionJob submission[branko@grid02 branko]$ glite-wms-job-submit -d VIVE_delegate -o ID -

r ce01.isabella.grnet.gr:2119/jobmanager-pbs-seegrid test.jdl


The job has been successfully submitted to the WMProxyYour job identifier is:

https://wms.phy.bg.ac.yu:9000/vjTIoKdEp27xtXRyA2Wgow

The job identifier has been saved in the following file:/home/branko/ID

Job Statuses Submitted: job is entered by the user to the UI but not yet transferred to NS

or WMP Waiting: job has been accepted by the NS or WMP but not yet processed Ready: job has been processed (matchmaking) but not yet transferred to the

CE Scheduled: job is waiting in the queue of the CE Running: job is running on a WN Done: job exited or it’s considered in a terminal state by CondorC Aborted: job processing was aborted by WMS Canceled: job has been canceled on user request Cleared: output of the job has been retrieved after job successful conclusion

A E G I S


Job status checkJob status check[branko@grid02 branko]$ glite-wms-job-status -i ID

BOOKKEEPING INFORMATION:

Status info for the Job : https://wms.phy.bg.ac.yu:9000/vjTIoKdEp27xtXRyA2WgowCurrent Status: Submitted Submitted: Tue Mar 25 17:43:31 2008 CET

[branko@grid02 branko]$ glite-wms-job-status -i ID


Status info for the Job : https://wms.phy.bg.ac.yu:9000/vjTIoKdEp27xtXRyA2WgowCurrent Status: Running Status Reason: Job successfully submitted to GlobusDestination: ce01.isabella.grnet.gr:2119/jobmanager-pbs-seegridSubmitted: Tue Mar 25 17:43:31 2008 CET

[branko@grid02 branko]$ glite-wms-job-status -i ID


Status info for the Job : https://wms.phy.bg.ac.yu:9000/vjTIoKdEp27xtXRyA2WgowCurrent Status: Done (Success)Exit code: 0Status Reason: Job terminated successfullyDestination: ce01.isabella.grnet.gr:2119/jobmanager-pbs-seegridSubmitted: Tue Mar 25 17:43:31 2008 CET

A E G I S


Result retrievalResult retrieval[branko@grid02 branko]$ glite-wms-job-output -i ID

Connecting to the service https://147.91.84.25:7443/glite_wms_wmproxy_server

JOB GET OUTPUT OUTCOME

Output sandbox files for the job:

https://wms.phy.bg.ac.yu:9000/vjTIoKdEp27xtXRyA2Wgow

have been successfully retrieved and stored in the directory:

/tmp/glite/glite-ui/branko_vjTIoKdEp27xtXRyA2Wgow

A E G I S


Result viewingResult viewing[branko@grid02 branko]$ cat

/tmp/glite/glite-ui/branko_vjTIoKdEp27xtXRyA2Wgow/std.out Tue Mar 25 18:44:18 EET 2008total 16-rw------- 1 sgmsegri006 seegridsgm 196 Mar 25 18:44

https_3a_2f_2fwms.phy.bg.ac.yu_3a9000_2fvjTIoKdEp27xtXRyA2Wgow.output-rw-r--r-- 1 sgmsegri006 seegridsgm 0 Mar 25 18:44 std.err-rw-r--r-- 1 sgmsegri006 seegridsgm 29 Mar 25 18:44 std.out-rw-r--r-- 1 sgmsegri006 seegridsgm 19 Mar 25 18:44 test_data-rwxr-xr-x 1 sgmsegri006 seegridsgm 25 Mar 25 18:44 test_program-rw------- 1 sgmsegri006 seegridsgm 0 Mar 25 18:44 tmp.yAlPV31197This is test file.

A E G I S


Final job statusFinal job status[branko@grid02 branko]$ glite-wms-job-status -i ID


Status info for the Job : https://wms.phy.bg.ac.yu:9000/vjTIoKdEp27xtXRyA2WgowCurrent Status: Cleared Status Reason: user retrieved output sandboxDestination: ce01.isabella.grnet.gr:2119/jobmanager-pbs-seegridSubmitted: Tue Mar 25 17:43:31 2008 CET

[branko@grid02 branko]$ glite-wms-job-logging-info -i ID -v 2...Event: RegJob- arrived = Tue Mar 25 17:43:31 2008 CET- host = wms.phy.bg.ac.yu- ns = https://147.91.84.25:7443/glite_wms_wmproxy_server- nsubjobs = 0- source = NetworkServer- src_instance = https://147.91.84.25:7443/glite_wms_wmproxy_server- timestamp = Tue Mar 25 17:43:31 2008 CET- user = /C=RS/O=AEGIS/OU=UOB/CN=Branko Marovic...Event: Done- arrived = Tue Mar 25 17:49:11 2008 CET- exit_code = 0- host = wms.phy.bg.ac.yu- reason = Job terminated successfully...Event: Clear- arrived = Tue Mar 25 17:58:56 2008 CET- host = wms.phy.bg.ac.yu- reason = USER

[branko@grid02 branko]$ edg-job-cancel -i ID

A E G I S


Submission to several Submission to several serversservers[branko@grid02 branko]$ ./submit_job test.jdl

Submiting to ce.ulakbim.gov.tr:2119/jobmanager-lcgpbs-seegridSubmiting to grid-ce.feit.ukim.edu.mk:2119/jobmanager-lcgpbs-seegridSubmiting to ce002.ipp.acad.bg:2119/jobmanager-lcgpbs-seegridSubmiting to grid01.rcub.bg.ac.yu:2119/jobmanager-pbs-seegrid

[branko@grid02 branko]$ glite-wms-job-status -i test.jdl.jobs.list

------------------------------------------------------------------1 : https://wms.phy.bg.ac.yu:9000/vjTIoKdEp27xtXRyA2Wgow2 : https://wms.phy.bg.ac.yu:9000/rD3QCuJnyTSrBU-E7RgbKA3 : https://wms.phy.bg.ac.yu:9000/95uZFKG4QwQAUDKOmY8hxA4 : https://wms.phy.bg.ac.yu:9000/8FhrKyCPu8vokUHQENXkPQa : allq : quit------------------------------------------------------------------Choose one or more jobId(s) in the list - [1-4]all:2


Status info for the Job : https://wms.phy.bg.ac.yu:9000/rD3QCuJnyTSrBU-E7RgbKACurrent Status: Ready Status Reason: unavailableDestination: grid-ce.feit.ukim.edu.mk:2119/jobmanager-lcgpbs-seegridSubmitted: Tue Mar 25 18:34:18 2008 CET*************************************************************

paralelno i distribuirano računarstvo – primena u praksi beograd 24-25. jun 2008. grid -...

Documents