1 / 29

Scaling NVO Services to the Teragrid

Scaling NVO Services to the Teragrid. Roy Williams Conrad Steenberg Matthew Graham Joe Jacob Ray Plante. NESSSI NVO Extensible Secure Scalable Service Infrastructure. Services are science-oriented Services are made by trusted developers from the science community

kateb
Download Presentation

Scaling NVO Services to the Teragrid

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Scaling NVO Services to the Teragrid Roy Williams Conrad Steenberg Matthew Graham Joe Jacob Ray Plante

  2. NESSSINVO Extensible Secure Scalable Service Infrastructure • Services are science-oriented • Services are made by trusted developers from the science community • Web forms OR command line (Python API) • Built-in security (X.509 certificates) • Very large jobs can be run • Easy to get a certificate • No complex install needed by client • Different levels of certificate get different service • Is installed on Teragrid • Services can be part of a workflow

  3. Desired Characteristics of NVO Services • Service oriented architecture • Services should be easily and quickly deployable and usable on workstations or supercomputers • Services deployed, managed, and upgraded by their developers • Service developers/deployers are trusted users • Service developer acts as a broker between computing customer and computer center • Service users authenticated with “graduated security” • Easy to start, but great power is possible • Asynchrony for compute intensive jobs • Jobs submitted to batch queue • Unique sessionID may be used to monitor job & return results • From “clicking” to “scripting” • Services may be accessed by clicking on a web page or with scripted client codes • Authentication for web clicking comes from a certificate store • Scripted access requires a certificate (strong or weak) straight from the client • Services as workflow components • A service user may be another service (a computer, not a human!)

  4. A “Graduated Security” Model Power user Scripted access Portal-Based Big-iron computing.... Full TeraGrid account - browser access More science.... Get NVO weak certificate - access logged, but identity not verified Some science.... Web form - anonymous access, small jobs

  5. Traditional Grid Security client I will do exactly what you want. Show us your Certificate!

  6. Graduated Security client May I have your Request and your Certificate?

  7. Certificates The Virtual Observatory as a Virtual Organization This is a US driver’s licence. In the US it proves identity strongly. It is like a strong certificate. This is a loyalty card where I buy food. (You can put a false address on the application.) It is like a weak certificate. This is a $50 gift card at a bookstore. It does not prove my identity in any way. It is like an anonymous certificate.

  8. service implementationweb formspython APIgraduated security certificatescertificate chainsroot certificatesproxy certificatesproxy certificate chains2nd level proxy chainsxformssecure https redirectionteragrid security policecaltech security policeNCSA security policechown directory ownershipNFS root-squashingPBS stdout permissionspubcookie

  9. Proxy Certificates A proxy is a copy of a certificate with a 24-hour expiry date It is safer than sending the full certificate. A proxy can come from a certificate store released by username/password A proxy can be built with a local tool eg nesssi_proxy_init or globus_proxy_init

  10. Web Portal certificate repository certificate policies node select user account fetch proxy node SOAP http web form nesssi web portal queue client nesssi node node sandbox storage open http

  11. Commandline Portal certificate policies node select user account node queue client nesssi node certificate node Secure SOAP sandbox storage build proxy open http Teragrid cluster

  12. Exercise: Running a Nesssi Service see http://us-vo.org/nesssi

  13. The NVO Certificate Authority The NVO now has a certificate authority ... go to Exercise 1

  14. Getting an NVO login

  15. The Web Portal

  16. Getting a proxy certificate ... go to Exercise 2 web portal command line % cd $NVOSS_HOME % source bin/setup.csh [snip] All set up for the 2006 NVO Summer School. % cd nesssi % java NesssiInit YourUsername YourPassword /tmp/x509up_u501 % ls -l /tmp/x* -rw------- 1 roy wheel 2231 Sep 1 12:40 /tmp/x509up_u501 is this your UID?

  17. SessionID and Sandbox • Identify which job we are talking about • 32 character hex string eg cb28d0753a7fec9a485981f741d425ec • Used to monitor a running job sessionID = nesssiServer.cutout.init() msg = server.cutout.monitor(sessionID) • Used to form URL where results appear, eg • http://dtf-test1.sdsc.teragrid.org:8080/clarens/shell/cb/cb28d0753a7fec9a485981f741d425ec/cutouts/index.html • If you lose the sessionID, you lose your job

  18. Monitoring a Nesssi job <NesssiMonitor> <Service>Cutout</Service> <Uname>ux400560</Uname> <SessionID>774daf5ef52facc68cb03db4b1fdc815</SessionID> <Sandbox>http://dtf-test1.sdsc.teragrid.org:8080/ clarens/shell/77/774daf5ef52facc68cb03db4b1fdc815</Sandbox> <Result>http://dtf-test1.sdsc.teragrid.org:8080/ clarens/shell/77/774daf5ef52facc68cb03db4b1fdc815/cutouts/index.html</Result> <QueueStatus>149.envoy.cacr.calte roy batch C8845cb 11516 1 -- -- 60:00 R -- </QueueStatus> </NesssiMonitor> service name running as this user session ID sandbox URL results URL queue status (R = running)

  19. Example: SleepyAdd web portal nesssiServer=nesssi.client('https://dtf-test1.sdsc.teragrid.org:8443/clarens/',debug=0) # nesssiServer=nesssi.client('https://dtf-test1.sdsc.teragrid.org:8443/clarens/',debug=0) sessionID = nesssiServer.sleepyadd.init() print "Your session ID is", sessionID # Run: sleep 30 seconds then add 52 and 344 nesssiServer.sleepyadd.run(sessionID, "-time 30 -n 52 -m 344") command line

  20. Monitoring the Run <NesssiMonitor> <Service>Sleepyadd</Service> <Uname>ux400560</Uname> <SessionID>a3a167a383111c0cbd6941325b8659aa</SessionID> <Result>http://dtf-test1.sdsc.teragrid.org:8080/clarens/shell/a3/a3a167a383111c0cbd6941325b8659aa/batch.out</Result> <Sandbox>http://dtf-test1.sdsc.teragrid.org:8080/clarens/shell/a3/a3a167a383111c0cbd6941325b8659aa</Sandbox> <QueueStatus>305875.dtf-mgmt1.sds ux400560 dque Ca3a167 -- 1 -- -- 18:00 Q --</QueueStatus> </NesssiMonitor> Key n is 52 Key m is 344 Key time is 30 Sleeping for 30 seconds Waking up... Sum of 52 and 344 is 396

  21. Mosaic Service ... go to Exercise 3 nesssiServer=nesssi.client('https://envoy.cacr.caltech.edu:8443/clarens/',debug=0) mosaic_loc = "-ra 49.1 -dec 60.1 -rawidth 0.5 -decwidth 0.5 -filt f -bgcorr 0" session = nesssiServer.dpossMosaic.mosaic(mosaic_loc) print "Your session ID is %s." % session msg = dbsvr.dpossMosaic.monitor(session) print msg

  22. nesssiServer. dpossMosaic.mosaic ( “-ra 49.1 -dec 60.1 -rawidth 0.5 -decwidth 0.5 -filt f -bgcorr 0”)

  23. Coadd Service nesssiServer=nesssi.client('https://envoy.cacr.caltech.edu:8443/clarens/',debug=0) # Initialize the service sessionID = nesssiServer.hyperatlas.init() print "Session id is ", sessionID # Arguments for service, the coaddition to do args = "-bandpass z1 -ra 170.08 -dec 13.275 -rawidth 1.0 -decwidth 1.0"

  24. -bandpass z1 -ra 170.08 -dec 13.275 -rawidth 1.0 -decwidth 1.0

  25. Cutout Service ... go to Exercise 4 nesssiServer=nesssi.client('https://envoy.cacr.caltech.edu:8443/clarens/',debug=0) sessionID = nesssiServer.cutout.init() print "Session id is ", sessionID # Upload locations file remoteinputfile = "/shell/%2s/%s/inputfile.xml" % (sessionID[0:2], sessionID) nesssiServer.upload_file(inputfile, remoteinputfile) # Arguments for service, surveys to use and cutout size args = "-surveys PQ:gr,PQ:gi,PQ:z1,PQ:z2,SDSS:r,SDSS:i,SDSS:z,2MASS:k,2MASS:h " args += "-size 64" # Run service nesssiServer.cutout.run(sessionID, args)

  26. Cutout Monitoring

  27. cutouts from Palomar-Quest, SDSS, 2MASS of sources from Veron quasar catalog

More Related