Andrew McNab Grid in 2002, Manchester HEP, 7 Jan 2003 Slide 1

Grid Work in 2002

Andrew McNab

High Energy PhysicsUniversity of Manchester

Andrew McNab Grid in 2002, Manchester HEP, 7 Jan 2003 Slide 2

Overview

• Globus packaging• Testbed at Manchester• Testbed Support for GridPP• www.gridpp.ac.uk• GridSite• SlashGrid• GACL / Authorization WG• G-HTTPS• Summary

Andrew McNab Grid in 2002, Manchester HEP, 7 Jan 2003 Slide 3

Globus packaging for RH Linux

• Globus RPM’s were the first “public” Grid thing we started providing, back in spring 2000.

• Globus is the underlying software for most current Grid testbeds – including EDG + BaBar + SAM

• These became the basis of EDG releases in 2001 and we’ve provided updates during 2002 (currently at v24)

• This is becoming routine but still labour-intensive: so we’re handing over to NBI.dk, who already maintain a NorduGrid distribution.

Andrew McNab Grid in 2002, Manchester HEP, 7 Jan 2003 Slide 4

Testbed at Manchester

• We’ve been involved with the EDG and GridPP testbeds since Dec 2001– we were the first UK site to join

the EDG testbed in fact

• Started with 4 machines, and has now grown to 16.

• Allows us to maintain production and development sites at the same time.

• Hands-on - “cheap and cheerful” approach.• But gives experience for gridifying the farms

Andrew McNab Grid in 2002, Manchester HEP, 7 Jan 2003 Slide 5

Testbed Support for GridPP

• This has come together a lot during 2002.– Now 3 other Support people as well as me

(Bristol, IC and RAL)

• As well as website, now have:– tb-support@jiscmail.ac.uk mailing list– fortnightly phone conferences– detailed site installation instructions

• Next phase will involve more support for other sites, especially ones without Grid experts.

• But at end of 2002 have a stable release, ready for experiments.

Andrew McNab Grid in 2002, Manchester HEP, 7 Jan 2003 Slide 6

www.gridpp.ac.uk

• We started running a website for the UK HEP Grid in 2000 (www.ukhepgrid.org.uk)– When GridPP was formed, we changed to

www.gridpp.ac.uk

• Initially provided software and support pages.• Now used by most groups within GridPP to

publish pages.– Using GridSite they manage pages themselves.

• Initially physically hosted in HEP group – now hosted on two machines in MC machine

room, administered by us

Andrew McNab Grid in 2002, Manchester HEP, 7 Jan 2003 Slide 7

GridSite: Grid/Web integration

• GridSite system has user authentification• Maintains lists of users in different groups

– Each directory has a list of groups who can modify its webpages (“Grid ACL”)

– Group admins can modify group membership

• Website allows you to upload files, edit pages– Devolves the work of maintaining the site

down to each subgroup

• Now used by GridPP, EDG Testbed website, UK e-Science Engineering Task Force and Level 2 Grid websites.

Andrew McNab Grid in 2002, Manchester HEP, 7 Jan 2003 Slide 8

SlashGrid: Grid filesystems

• Almost all EDG sites use Manchester’s pool accounts system– get a temporary Unix UID when you run a job

• SlashGrid adds to this by controlling disk access and file ownership– Use Grid ACL’s to say who owns each directory– Enforced at kernel level so all programs see it

• Unix ID doesn’t matter: Grid ID does• Also provides a remote filesystem using https

– Like AFS, but Grid credentials and web servers

Andrew McNab Grid in 2002, Manchester HEP, 7 Jan 2003 Slide 9

Grid Access Control Lists

• Our GACL format provides a way of writing ACLs using Grid credentials– user certificate names, group certificates

etc

• GridSite/SlashGrid use this format already• Other projects (eg EDG Storage Element)

taking it up• Now part of the authorisation work in

Global Grid Forum (GGF)– GGF: world wide standards body for Grids– I co-chair the Authorisation Working Group

Andrew McNab Grid in 2002, Manchester HEP, 7 Jan 2003 Slide 10

Extending HTTPS - G-HTTPS

• Normal HTTPS is already very Grid-like• Work now underway to add more Grid features

– need to avoid breaking existing HTTPS– our G-HTTPS proposal designed to do this

• Delegation from client to server– so get all the benefits discussed already

• Servers can return the ACL along with the file– so if I cache a copy locally, I know who I can

share the copy with

• Relevant EDG groups involved; taking it to GGF

Andrew McNab Grid in 2002, Manchester HEP, 7 Jan 2003 Slide 11

Summary

• Globus packaging work tailing off• Manchester maintains presence in

Testbeds• We’re making a significant contribution to

Testbed Support• GridSite, SlashGrid and GACL “products”

being taken up by EDG and others• Security work feeding into new Grid-wide

standards