Introduction to Globus Toolkit 4 at LA Grid

1
Introduction to Globus Toolkit 4 at LA Grid

• CIS 6612 Autonomic Grid Computing
• Summer 2006

Presenters Fernando Farfán Mayelin Felipe
Agnostics Diego López Ramakrishna Varadarajan
2
OUTLINE

• WEB SERVICES FUNDAMENTALS
• GRID FUNDAMENTALS
• OGSA, WSRF GT4
• LAGRID _at_ CIS.FIU.EDU
• DEVELOPING WS IN LAGRID
• Unsecured Examples
• Secure Examples

3
GETTING READY FOR LAGRID

• Get a Globus Identity certificate signed by the
  Certificate Authority.http//www.cs.fiu.edu/esj/
  globus.html
• Enroll as a Secure Globus User with Eric Johnson.
• Set these environment variables
• Set GLOBUS_LOCATION to /depot/globus-4
• Set ANT_HOME to /depot/ant-1.x

4
SETTING UP LAGRID ENVIRONMENT

• Download the examples
• go to http//www.gt4book.com/
• go to Downloads
• select to download the source code for the
  MathService examples and the FileBuy application
• Untar/unzip the file
• tar -xvzf gt4book-examples.tar.gz

5
GT4 JAVA WS CORE

• Building web services using GT4.
• Stateful web services!
• Following WSRF specifications.

6
WRITE A STATEFUL WEB SERVICE IN 5 SIMPLE STEPS!!

1. Define the WS interface with WSDL.
2. Implement the service with Java.
3. Define the deployment parameters with WSDD.
4. Compile everything and generate a GAR file with
   Ant.
5. Deploy the service with GT4 tool.

7
OUR FIRST EXAMPLE MathService

• A simple Math web service.
• Operations
• Addition
• Subtraction
• Get Value.
• Resources
• Value (integer)
• Last operation performed (String).

8
MathService THE 5 STEPS. Step 1 The WSDL
The Definition lt?xml version"1.0"
encoding"UTF-8"?gt ltdefinitions
name"MathService" targetNamespace"http//www
.globus.org/namespaces/ examples/MathService_inst
ance gt lt/definitiongt
The Port Type lt?xml version"1.0"
encoding"UTF-8"?gt ltdefinitions gt ltportType
name"MathPortType" wsrpResourceProperties"t
nsMathResourceProperties"gt ltoperation
name"add"gt ltinput message"tnsAddInputMe
ssage"/gt ltoutput message"tnsAddOutputMes
sage"/gt lt/operationgt lt/portTypegt lt/definitio
nsgt
The Messages lt?xml version"1.0"
encoding"UTF-8"?gt ltdefinitions gt ltmessage
name"AddInputMessage"gt ltpart
name"parameters" element"tnsadd"/gt lt/messagegt lt
message name"AddOutputMessage"gt ltpart
name"parameters" element"tnsaddResponse"/gt lt/me
ssagegt lt/definitionsgt
The Response and Request Types lt?xml
version"1.0" encoding"UTF-8"?gt ltdefinitions gt
ltxsdelement name"add" type"xsdint"/gt
ltxsdelement name"addResponse"gt
ltxsdcomplexType/gt lt/xsdelementgt lt/definition
sgt
The Resource Properties ltxsdelement
nameValue typexsdint /gt ltxsdelement
nameLastOp typexsdstring /gt ltxsdelement
nameMathResourcePropertiesgt lt/xsdelementgt
9
MathService THE 5 STEPS. Step 1 The WSDL

• Steps to write a WSDL document
• Write the root element ltdefinitionsgt
• Write the ltportTypegt
• Write an input and output ltmessagegt for each
  operation in the PortType
• Write the lttypesgt, which includes declaring the
  request and response elements, along with the
  resource properties.

10
MathServiceTHE 5 STEPS Step 2 Implementation
in Java
The Bare Bones package org.globus.examples.servic
es.core.first.impl import java.rmi.RemoteExcepti
on import org.globus.examples.stubs.MathService_i
nstance. import org.globus.wsrf. import
org.globus.wsrf.impl. public class MathService
implements Resource, ResourceProperties

The Resource Properties / Resource properties
/ private int value private String lastOp /
Get/Setters for the RPs / public int getValue()
return value public synchronized void
setValue(int value) this.value value
11
MathService THE 5 STEPSStep 2 Implementation
in Java

• The Web Service Java class includes
• Declaration for the ResourcePropertySet
• Declaration for the Resource Properties
• Constructor resource properties are initialized
• Get/Setters for the Resource Properties
• Methods for the remotely accessible operations

12
MathService THE 5 STEPS.Step 3 Configuring the
Deployment - WSDD
lt?xml version"1.0" encoding"UTF-8"?gt ltdeploymen
t name"defaultServerConfig" xmlns"http//xml.apa
che.org/axis/wsdd/" xmlnsjava"http//xml.apache.
org/axis/wsdd/providers/java" xmlnsxsd"http//ww
w.w3.org/2001/XMLSchema"gt ltservice
name"examples/core/first/MathService"
provider"Handler" use"literal"
style"document"gt ltparameter name"className"
value"org.globus.examples.services.core.first
.impl.MathService"/gt ltwsdlFilegt share/schema/ex
amples/MathService_instance/Math_service.wsdl lt/w
sdlFilegt ltparameter name"allowedMethods"
value""/gt ltparameter name"handlerClass val
ue"org.globus.axis.providers.RPCProvider"/gt
ltparameter name"scope" value"Application"/gt
ltparameter name"providers" value"GetRPProvider
"/gt ltparameter name"loadOnStartup"
value"true"/gt lt/servicegt lt/deploymentgt
13
WEB SERVICES IN GT4Agnostic Question

• What purpose does JNDI play within the GT4
  environment?
• The Java Naming and Directory Interface allow us
  to build directory-enabled applications. This
  will make our Web service available to client
  connections through a Web services container.
• A service (identified by its path) will want to
  locate its resource home.It can also interact
  with a variety of directories such as LDAP.

14
MathService THE 5 STEPS.Step 4 Create a GAR
file with Ant

• Process the WSDL to add missing pieces.
• Create stub classes from the WSDL.
• Compile stub classes.
• Compile service implementation.
• Organize all files into its specific directory
  structure.

./globus-build-service.sh d ltservice base
directorygt -s ltservices WSDL filegt
./globus-build-service.sh \ -d
org/globus/examples/services/core/first \ -s
schema/examples/MathService_instance/Math.wsdl
15
MathServiceTHE 5 STEPS. Step 5 Deploy the
Service into a Web Service Container

• Uses Ant.
• Unpacks the GAR.
• Copies the WSDL, compiled stubs, compiled
  implementation WSDD into the GT4 directory tree.

sudo u globus globus-deploy-gar \
org_globus_examples_services_core_first.gar
sudo u globus globus-undeploy-gar \
org_globus_examples_services_core_first
16
MathServiceTHE CLIENT

• Tests the service invoking both the add and
  subtract operations.

java -cp ./build/stubs/classes/CLASSPATH \
org.globus.examples.clients.MathService_instance.
Client \ https//la-blade-01.cs.fiu.edu8443/
wsrf/services/core/first/MathService
AxisFault faultCode http//schemas.xmlsoap.org/
soap/envelope/Server.userException
faultSubcode faultString java.io.IOException
No socket factory for 'https' protocol
faultActor faultNode faultDetail ...
17
HOW TO MAKE THE SERVICE SECURE??

• Create the security-config.xml file.ltsecurityConf
  ig xmlns"http//www.globus.org"gt ltauthz
  value"none"/gtlt/securityConfiggt
• Modify the deploy-server.wsdd file.ltparameter
  name"securityDescriptor" value"etc/org_globus_ex
  amples_services_core_first/security-config.xml"/gt
• Add the following to the client.static
  Util.registerTransport()((Stub)mathFactory).
  _setProperty( Constants.GSI_SEC_CONV,
  Constants.ENCRYPTION)((Stub)mathFactory)._setPro
  perty( Constants.AUTHORIZATION,
  NoAuthorization.getInstance())

Our acknowledge to Ramakrishna!
18
HOW TO MAKE THE SERVICE SECURE??

• Lets run it again

java -cp ./build/stubs/classes/CLASSPATH \
org.globus.examples.clients.MathService_instance.
Client \ https//la-blade-01.cs.fiu.edu8443/
wsrf/services/core/first/MathService Current
value 15 Current value 10

• Is it secure now?Not really We just fooled it
  to make it secure.

19
WEB SERVICES IN GT4Agnostic Question

• How do I create a Grid infrastructure? Can we
  use any machine which has the Globus Toolkit's
  Grid Services installed on it?
• To build a Grid, we recommend that you download
  the Globus Toolkit and follow the instructions in
  the Globus Toolkit System Administrator's Guide.
  Both of these are available at the Globus
  website, http//www.globus.org/toolkit/. The
  documentation will take you through the process
  of building the Globus Toolkit software, setting
  up a Grid information service, setting up a
  certificate authority or using someone else's,
  installing the Globus resource management tools
  on your servers, and installing Globus client
  tools and libraries for your users.

20
GRID SECURITY INFRASTRUCTURE

• Basis for GT4 Security layer.
• Covers the three pillars of secure communication
• Privacy.
• Integrity.
• Authentication.
• Family of components (low/high level) to offer
  security features to programmers.

21
GRID SECURITY INFRASTRUCTURE

• Level security
• Transport-level
• Message-level
• Authentication
• X.509 Digital certificates.
• Username/Password
• Authorization schemes
• Server-Side
• Client-Side
• Custom

• Credential delegation and single sign-on
• Proxy Certificates
• Different levels of security
• Container
• Service
• Resource.

22
SECURE EXAMPLES WRITING A SECURE MathServer

• Add security to the MathService example.
• Now, four operations
• add
• subtract
• multiply
• divide
• We will be able to configure each operation with
  a different security configuration.

23
DEMOSECURE MathServer
ltsecurityConfig xmlns"http//www.globus.org"gt
ltauthz value"none"/gt ltmethod name"add"gt
ltauth-methodgt ltGSISecureConversat
ion/gt lt/auth-methodgt lt/methodgt
ltmethod name"subtract"gt ltauth-methodgt
ltGSISecureMessage/gt
lt/auth-methodgt lt/methodgt ltmethod
name"multiply"gt ltauth-methodgt
ltGSISecureConversation/gt
ltGSISecureMessage/gt lt/auth-methodgt
lt/methodgt ltmethod name"divide"gt
ltauth-methodgt ltGSITransport/gt
lt/auth-methodgt lt/methodgt lt!-- Default for
other methods --gt ltauth-methodgt
ltGSISecureConversation/gt
ltGSISecureMessage/gt ltGSITransport/gt
lt/auth-methodgt lt/securityConfiggt

• The service

Modify the security-config-auth.xml
No server-side authorization must be performed.
The add method can only be invoked using GSI
Secure Conversation.
The multiply method can be invoked using GSI
Secure Conversation or GSI Secure Message.
The divide method can only be invoked using GSI
Transport (transport-level security).
The rest of the methods can be invoked with any
of the authentication methods.
The subtract method can only be invoked using GSI
Secure Message.
1
2
4
5
6
3
24
DEMOSECURE MathServer

• The Client
• Programatically((Stub)math)._setProperty(Constan
  ts. GSI_SEC_CONV,Constants.ENCRYPTION)
• Security descriptorString secDecFile
  path/to/security-descriptor.xml((Stub)math)._s
  etProperty(Constants. CLIENT_DESCRIPTOR_FILE,
  secDescFile)

25
DEMOSECURE MathServer

• Client call 1 GSI Transport Client

add ERROR GSI Secure Conversation
authentication required for "MathService_inst
ance_4opadd" operation. subtract ERROR GSI
Secure Message authentication required for
"MathService_instance_4opsubtract"
operation. multiply ERROR GSI Secure
Conversation or GSI Secure Message
authentication required for "MathService_instan
ce_4opmultiply" operation. Division was
successful Current value 30

• Client call 2 GSI Secure Conversation Client

Addition was successful subtract ERROR GSI
Secure Message authentication required for
"http//www.globus.org/namespaces/examples/
MathService_instance_4opsubtract"
operation. Multiplication was successful Division
was successful Current value 180
26
GLOBUS TOOLKIT 4Agnostic Question

• Once I've installed the Globus Toolkit, how do
  others find out that my machine is available on
  the Grid, and how can I find out what other
  machines are on the Grid?
• Grid exists as a number of groups who are
  building experimental and production grid
  infrastructures for their own purposes.
• Virtual organizations using the same Grid
  technology to build their infrastructures.

27
GLOBUS TOOLKIT 4Agnostic Question

• If I submit a job using Globus Toolkit 4, is the
  execution management module capable of executing
  the job parallel on different machines on the
  grid?
• No, this is one of the current limitations of
  GT4.

28
GLOBUS TOOLKIT 4Agnostic Question

• What are the research challenges that the Globus
  Alliance is currently addressing? What do you
  think are the limitations of the current Globus
  toolkit implementations?
• End-to-end resource management and adaptation
  techniques.
• Automated techniques for negotiation of resource
  usage, policy, and accounting in large-scale grid
  environments.
• High-performance communication methods and
  protocols.

29
GLOBUS TOOLKIT 4Agnostic Question

• One of the main challenges with today's
  Internet, is the amount of useless information
  out there, how does GT4 currently ensure that the
  services being offered or registered provide both
  quality and are in demand?
• Globus Toolkit provides mechanisms to address
  resource discovery and security issues.
• GARA General-purpose Architecture for
  Reservation and Allocation

30
GLOBUS TOOLKIT 4Agnostic Question

• How effective is the GT4 book in expanding the
  practical uses of Grid Computing? Does the author
  focus on both scientific and non-scientific
  applications running on the Grid?
• Part IV The FileBuy Application
• Multiple services deployed across several
  machines.
• Highlights some design patterns commonly found
  in GT4- based systems.

31
GLOBUS TOOLKIT 4Agnostic Question

• Are there any current GT4 IDE software tools?
• Globus Service Build Tools http//gsbt.sourceforg
  e.net/
• GT4IDE Eclipse 3 plug-in that will allow GT4
  programmers to develop WSRF Java Web Services
  easily.
• globus-build-service The same Ant buildfile
  script included in the tutorial.

32
GLOBUS TOOLKIT 4Agnostic Question

• How do you envision the Grid in the future? In
  your opinion, how much will GT4 make Grid
  adoption easier in the future?
• The needs for Grids have been identified.
• How many grid-enabled applications well see?
• To grid-enable an application is a challenge.
• New challenges in security.

33
USEFUL LINKS

• Our site! COMING SOONhttp//www.cis.fiu.edu/mf
  elip01/CIS-6612/GT4_project.html
• Globus toolkit 4 Programmers Tutorialhttp//gdp.
  globus.org/gt4-tutorial/
• Globus toolkit 4 Programming Java
  Serviceshttp//www.gt4book.com/
• OASIS.http//www.oasis-open.org/
• The Globus Alliancehttp//www.globus.org/