Upload
marjory-franklin
View
212
Download
0
Embed Size (px)
Citation preview
Andrew McNab Grid in 2002, Manchester HEP, 7 Jan 2003 Slide 1
Grid Work in 2002
Andrew McNab
High Energy PhysicsUniversity of Manchester
Andrew McNab Grid in 2002, Manchester HEP, 7 Jan 2003 Slide 2
Overview
• Globus packaging• Testbed at Manchester• Testbed Support for GridPP• www.gridpp.ac.uk• GridSite• SlashGrid• GACL / Authorization WG• G-HTTPS• Summary
Andrew McNab Grid in 2002, Manchester HEP, 7 Jan 2003 Slide 3
Globus packaging for RH Linux
• Globus RPM’s were the first “public” Grid thing we started providing, back in spring 2000.
• Globus is the underlying software for most current Grid testbeds – including EDG + BaBar + SAM
• These became the basis of EDG releases in 2001 and we’ve provided updates during 2002 (currently at v24)
• This is becoming routine but still labour-intensive: so we’re handing over to NBI.dk, who already maintain a NorduGrid distribution.
Andrew McNab Grid in 2002, Manchester HEP, 7 Jan 2003 Slide 4
Testbed at Manchester
• We’ve been involved with the EDG and GridPP testbeds since Dec 2001– we were the first UK site to join
the EDG testbed in fact
• Started with 4 machines, and has now grown to 16.
• Allows us to maintain production and development sites at the same time.
• Hands-on - “cheap and cheerful” approach.• But gives experience for gridifying the farms
Andrew McNab Grid in 2002, Manchester HEP, 7 Jan 2003 Slide 5
Testbed Support for GridPP
• This has come together a lot during 2002.– Now 3 other Support people as well as me
(Bristol, IC and RAL)
• As well as website, now have:– [email protected] mailing list– fortnightly phone conferences– detailed site installation instructions
• Next phase will involve more support for other sites, especially ones without Grid experts.
• But at end of 2002 have a stable release, ready for experiments.
Andrew McNab Grid in 2002, Manchester HEP, 7 Jan 2003 Slide 6
www.gridpp.ac.uk
• We started running a website for the UK HEP Grid in 2000 (www.ukhepgrid.org.uk)– When GridPP was formed, we changed to
www.gridpp.ac.uk
• Initially provided software and support pages.• Now used by most groups within GridPP to
publish pages.– Using GridSite they manage pages themselves.
• Initially physically hosted in HEP group – now hosted on two machines in MC machine
room, administered by us
Andrew McNab Grid in 2002, Manchester HEP, 7 Jan 2003 Slide 7
GridSite: Grid/Web integration
• GridSite system has user authentification• Maintains lists of users in different groups
– Each directory has a list of groups who can modify its webpages (“Grid ACL”)
– Group admins can modify group membership
• Website allows you to upload files, edit pages– Devolves the work of maintaining the site
down to each subgroup
• Now used by GridPP, EDG Testbed website, UK e-Science Engineering Task Force and Level 2 Grid websites.
Andrew McNab Grid in 2002, Manchester HEP, 7 Jan 2003 Slide 8
SlashGrid: Grid filesystems
• Almost all EDG sites use Manchester’s pool accounts system– get a temporary Unix UID when you run a job
• SlashGrid adds to this by controlling disk access and file ownership– Use Grid ACL’s to say who owns each directory– Enforced at kernel level so all programs see it
• Unix ID doesn’t matter: Grid ID does• Also provides a remote filesystem using https
– Like AFS, but Grid credentials and web servers
Andrew McNab Grid in 2002, Manchester HEP, 7 Jan 2003 Slide 9
Grid Access Control Lists
• Our GACL format provides a way of writing ACLs using Grid credentials– user certificate names, group certificates
etc
• GridSite/SlashGrid use this format already• Other projects (eg EDG Storage Element)
taking it up• Now part of the authorisation work in
Global Grid Forum (GGF)– GGF: world wide standards body for Grids– I co-chair the Authorisation Working Group
Andrew McNab Grid in 2002, Manchester HEP, 7 Jan 2003 Slide 10
Extending HTTPS - G-HTTPS
• Normal HTTPS is already very Grid-like• Work now underway to add more Grid features
– need to avoid breaking existing HTTPS– our G-HTTPS proposal designed to do this
• Delegation from client to server– so get all the benefits discussed already
• Servers can return the ACL along with the file– so if I cache a copy locally, I know who I can
share the copy with
• Relevant EDG groups involved; taking it to GGF
Andrew McNab Grid in 2002, Manchester HEP, 7 Jan 2003 Slide 11
Summary
• Globus packaging work tailing off• Manchester maintains presence in
Testbeds• We’re making a significant contribution to
Testbed Support• GridSite, SlashGrid and GACL “products”
being taken up by EDG and others• Security work feeding into new Grid-wide
standards