Gridification progress report - PowerPoint PPT Presentation

About This Presentation
Title:

Gridification progress report

Description:

Gridification progress report David Groep, Oscar Koeroo Wim Som de Cerff, Gerben Venekamp Martijn Steenbakkers Gridification Architecture Authentication control flow ... – PowerPoint PPT presentation

Number of Views:25
Avg rating:3.0/5.0
Slides: 11
Provided by: DavidG271
Learn more at: http://www.dutchgrid.org
Category:

less

Transcript and Presenter's Notes

Title: Gridification progress report


1
Gridification progress report
  • David Groep, Oscar Koeroo
  • Wim Som de Cerff, Gerben Venekamp
  • Martijn Steenbakkers

2
Gridification Architecture
  • WP4 non
  • -
  • gridification
  • WP4 non
  • -
  • gridification
  • Grid
  • Grid
  • Scheduler
  • Gridification component
  • Gridification component
  • Scheduler
  • (WP1)
  • (WP1)
  • Non
  • -
  • WP4 subsystem
  • Non
  • -
  • WP4 subsystem
  • External to fabric
  • FabNAT
  • FabNAT
  • Globus Gatekeeper
  • Globus Gatekeeper
  • Internal to fabric
  • Resource request in JDL
  • In VOMS
  • -

signed, established
  • security context
  • ComputingElement
  • ComputingElement
  • SE
  • SE
  • RMS
  • RMS
  • StorageElement
  • (WP5)
  • LCAS
  • farms
  • LCMAPS
  • plug
  • -
  • ins
  • uid/gid
  • uid/gid
  • static list
  • static list
  • other
  • other
  • tokens
  • tokens
  • wallclocktime
  • wallclocktime
  • quota check
  • quota check
  • Configuration
  • Configuration
  • Mgmt,
  • Mgmt,
  • resource use
  • resource use
  • Installation
  • Installation
  • Mgmt
  • Mgmt
  • Credential Rep.
  • Policy
  • FLIDS
  • (Configuration Mgmt)
  • (Configuration Mgmt)

3
Authentication control flow EDG gatekeeper
4
Local Centre Authorization Service (LCAS)
  • Current version LCAS-1.1
  • Authorization plugin framework
  • Authorization decision based on proxy certificate
    and RSL
  • 3 plugins provided lcas_userallow.mod,
    lcas_userban.mod, lcas_timeslots.mod
  • Documentation http//www.dutchgrid.nl/DataGrid/wp
    4/lcas/edg-lcas-1.1/
  • Future developments
  • VOMS plugin (authorization decision based on VO,
    (sub)group, role)
  • Delivery end of July
  • LCAS-2.0
  • Server implementation (API does hopefully not
    change)
  • Use policy description language (pdl) from LCMAPS
  • Upgrade API plugins to LCMAPS plugin API
    (introspect)
  • Delivery July/August

5
Local Credential Mapping Service (LCMAPS)
  • LCMAPS-1.0 (more in Davids talk)
  • Plug-in framework, driven by comprehensive policy
    description language
  • Mapping based on user identity, VO affiliation,
    site-local policy
  • Provides local credentials needed for jobs in
    fabric
  • Supports standard UNIX credentials (incl. pool
    accounts), AFS tokens, Krb5
  • Delivery LCMAPS plugins end of June
  • Apidoc http//www.dutchgrid.nl/DataGrid/wp4/lcmap
    s/edg-lcmaps-0.0.1/apidoc/html/index.html

6
LCMAPS modules
  • Modules represent atomic functionality
  • VOMS from role info and local mapfile assign gid
    (A)
  • PoolAccounts from username assign unique uid (A)
  • PoolGroups from (VOMS) groupname assign unique
    gid (A)
  • LocalAccount from username assign local existing
    unique uid (A)
  • AFS/Krb5 get token based on user DN info (A)
  • POSIX process setuid() and setegid() (E)
  • POSIX LDAP update distributed user database (E)
  • Krb5 run job via k5cert (E)

7
edg-gatekeeper
  • Current version edg-gatekeeper-2.1
  • Supports LCAS-1.1 (either dlopened or linked
    in)
  • Independent from globus-gatekeeper (based on
    GT-2.2)
  • Future versions
  • edg-gatekeeper-2.2
  • Supports LCAS-1.1 and LCMAPS-1.0
  • Delivered with LCMAPS-1.0 (end of June)
  • edg-gatekeeper-2.3
  • Supports LCAS-2.0 and LCMAPS-1.0
  • Delivered with LCAS-2.0 (July/August)

8
Job Repository
  • Keeps a log of incoming and stores local job info
  • Repository and access API
  • LDAP directory
  • Store job status, credential mapping (plugin
    LCMAPS), job description
  • Release september 2003
  • Still required ? (RMS ?)

9
FabNat and FLIdS
  • FabNat
  • Provides a method for streaming connections to be
    chnnelled into local fabric
  • Information provider and tunnel request
    specification (RSL)
  • Foreseen delivery November
  • Still required ??
  • Fabric Local Identity Service (FLIdS)
  • Automated CA with policy engine
  • Perl script with SSL module (openssl calls)
  • Foreseen delivery September
  • Still required ??

10
Timetable gridification components
Component Release Integration
LCMAPS-1.0 ( edg-gatekeeper-2.2) End of June July ? (after VOMS)
LCAS-2.0 (server VOMS plugin) End of July August
Job Repository End of August September ??
FLIDS September ??
FABNAT November ??
Write a Comment
User Comments (0)
About PowerShow.com