1 / 29

Grid - korisnicki pristup i razvoj aplikacija Branko Marović RCUB

Grid - korisnicki pristup i razvoj aplikacija Branko Marović RCUB. AEGIS Certification Authority. http://aegis-ca.rcub.bg.ac.yu/ Primljen u EUGridPMA na skupu u Istanbulu 31.5.2007. AEGIS CA Certificate Policy and Certification Practice Statement RAs Faculty of Electronic Engineering

nyla
Download Presentation

Grid - korisnicki pristup i razvoj aplikacija Branko Marović RCUB

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Grid - korisnicki pristup i razvoj aplikacija Branko Marović RCUB

  2. AEGIS Certification Authority • http://aegis-ca.rcub.bg.ac.yu/ • Primljen u EUGridPMA na skupu u Istanbulu 31.5.2007. • AEGIS CA Certificate Policy and Certification Practice Statement • RAs • Faculty of Electronic Engineering • Institute of Physics • CSASA University of Kragujevac • University u Priština (Kosovska Mitorvica)

  3. AEGIS Certification Authority • Names • Issuer: C=RS, O=AEGIS, CN=AEGIS-CA • Subject: C=RS, O=AEGIS, OU=XXX, CN=Subject-name • Country: Must be “RS” • Organization: Must be “AEGIS” • OrganizationUnit: Must be the name of the subject's institute • CommonName: First name and last name of the subject for user certificates, DNS FQDN for server or service certificates • End Entity Certificates • Maximum lifetime: 1 year • Key length: at least 1024 bits • Person requesting a certificate • Presentation in person of valid official identification document • Server/Host/Service certificate • Can be only requested by the administrator of the particular host • The administrator must already have a valid AEGIS certificate

  4. Izdavanje prvog sertifikata • Instrukcije na http://aegis-ca.rcub.bg.ac.yu/ • Formirati PKCS#10 zahtev na nekom od AEGIS UI računara • Osoba se vezuje za sertifikat kroz par e-mail interakcija, pojavljivanje kod AEGIS CA ili RA sa validnim dokumentom za ličnu identifikaciju i dokazom veze sa institucijom navedenom u zahtevu. • Korisnik treba da u roku od 5 dana pošalje e-mail potpisan dobijenim sertifikatom kojim prihvata svoj novi sertifikat i CP/CPS dokumenat • Korisnik svoj sertifikat može koristiti za pristup Grid-u, za potpisivanje e-mail-ova, autentifikaciju preko Web-a i enkripciju podataka. Može sertifikat koristiti kroz AEGIS i SEE-GRID VOMS server • Objašnjenje ključnih koncepata • http://www-unix.globus.org/toolkit/docs/4.0/security/key-index.html

  5. AEGIS CA Root sertifikat za IE/Outlook (Express) • http://aegis-ca.rcub.bg.ac.yu/root_ca_certificate.htm • Otvoriti link za sertifikat u CRT formatu i odabrati “Open” • Izabrati opciju “Install certificate” • Slediti instrukcije u “Certificate Import Wizard”

  6. Ubacivanje korisničkogsertifikata u Outlook Express • Konvertovati korisnički sertifikat u pkcs#12 format • U Outlook Express-u u “Tools / Security” odabrati “Security” tab, kliknuti na “Digital IDs…”, kliknuti na “Import…” • Slediti instrukcije u “Certificate Import Wizard”

  7. Ubacivanje korisničkog sertifikata u Internet Explorer • U ranijim koracima je Root sertifikat već importovan, a korisnički sertifikat konvertovan u pkcs#12 format • U Internet Explorer-u u “File / Open” otvoriti pkcs#12 sertifikat • Slediti instrukcije u “Certificate Import Wizard”

  8. Registracija na VOMS serveru • Instrukcije nahttp://aegis-ca.rcub.bg.ac.yu/instructions_voms.html • Za registraciju je neophodno da sertifikat prethodno bude uvežen u browser:http://aegis-ca.rcub.bg.ac.yu/instructions_imp.html • Otvoriti Web stranu VOMS servera • AEGIS VO: https://voms.phy.bg.ac.yu:8443/voms/aegis/ • SEEGRID VO: https://voms.irb.hr:8443/voms/seegrid/ • Nudi se izbor sertifikata/ključa za pristup i potpisivanje

  9. Registracija na VOMS serveru • Posle utvrđenog identiteta potrebno je popuniti web formular sa podacima za kontakt i o ustanovi • Slediti dalje instrukcije putem e-mail-a, koje treba izvršiti u roku od 24 sata – može se tražiti provera veze sainstitucijom članicom VO ako se ne vidi na osnovu sertifikata

  10. Izdavanje narednih sertifikata • Zahtevi za re-key sertifikata koji su potpisani važećim sertifikatom izdatim od CA akreditovanim od EUGridPMA će biti potpisani bez prethodne procedure jer je identitet korisnika već utvrđen. • Korišćeni sertifikat i zahtev treba da se odnose na istu osobu, e-mail i instituciju. • CA/RA i dalje mora da proveri da li osoba ima vezu sa institucijom navedenom u zahtevu – dovoljno je da je e-mail institucionalni.

  11. Generisanje sertifikata i sigurnost Sertifikati i ključevi • Rooot AEGIS-CA sertifikat se čuva na više prenosivih medijuma na sigurnoj lokaciji • Koriste se lozinke od bar 15 karaktera. CA manager i CA operater jedini znaju root password. • Sertifikati se generišu na izolovanom računaru, u kancelariji sa ograničenim pristupom. • Čuva se lista generisanih sertifikata. CA računar • Na računaru je instaliran CentOS operativni sistem sa minimumom servisa - apliciraju se sve security zakrpe. • Jedina korisnička aplikacija CSP (Cryptographic Service Provider) softver • Vrši se nadyor i praćene eventualnih modifikacija softvera. • Računar ima CD-RW uređaj i USB konektore za backup. • Hard disk se stavlja u HDD rack, čuva se na sigurnoj lokaciji. • Vrši se backup na CD-ROM i USB flash-u koji se takođe čuvaju sigurnoj lokaciji. Postojaće i off-site backup. CA Sajt • Na CA sajtu je omogućena isključivo pretraga (ne i listanje) izdatih sertifikata. • Kada se sertifikat povuče, obnavlja se CRL, koja se odmah objavljuje na CA sajtu. CRL se takodje obnavlja na svakih 30 dana, bez obzira da li je bilo povučenih sertifikata.

  12. Events • Recorded events • Certification requests • Issued certificates • Requests for revocation • Issued CRL’s • Login/logout/reboot of the signing machine • Archived events • Certification requests • Issued certificates • Requests for revocation • Issued CRL’s • All e-mail messages of correspondence between RA and CA

  13. CA Kontakt http://aegis-ca.rcub.bg.ac.yu/ University of Belgrade Computer Center Kumanovska bb Beograd 126119 Serbia Phone: +381 11 3031257, +381 11 3031258 Fax: +381 11 3031259 e-mail: aegis-ca@aegis-ca.rcub.bg.ac.yu Dušan Radovanović e-mail: dusan.radovanovic@rcub.bg.ac.yu

  14. RA Kontakt • Beograd Antun Balaž Institut za Fiziku Scientific Computing Lab Pregrevica 118 Beograd 200423 Phone: +381 11 3162190 Fax: +381 11 3713152 e-mail: antun@phy.bg.ac.yu Zaharije Radivojević Faculty of Electrinic Engineering Bulevar Kralja Aleksandra 73 Beograd 135505 Phone: +381 11 3218392 e-mail: zaki@galeb.etf.bg.ac.yu • Kragujevac Miloš Ivanović CSASA University of Kragujevac Jovana Cvijića b.b. 34000 Kragujevac Phone: +381 34 301920 e-mail: mivanovic@kg.ac.yu

  15. gLite Job Workflow RB: the heart of the grid. Sends the jobs on the grid and keeps track of them BDII: LDAP database with info on LCG resources UI: local machine on which the user defines his jobs. All commands to the grid are issued from a UI LB: a SQL database in which each changing of status of a job is registered CE: the server of a LRMS (LSF, PBS, Torque…) LFC: files stored on a SE are registered in the catalog SE: output files are written on storage resources throughout the grid WN: CPUs that actually execute the jobs

  16. gLite Job Workflow • The user defines his job on his User Interface by writing a JDL. • The JDL is submitted to the Resource Broker. • From now on, the RB notifies the L&B about every change in status of the job. • The RB parses the JDL and queries the BDII in order to find the best CE matching the job requirements. • The RB sends the job to the Computing Element proposed by the BDII. • The CE submits the job and sends it to one of the underlying Worker Nodes. • Usually, at the end a job writes its output files to a Storage Element and, if the operation is successful, it registers them in the LFC catalog, so that they’ll be available to all grid users. • The log files are usually sent back to the RB and then to the UI, so that the user can check that the job has really run as expected.

  17. WMProxy commands • glite-wms-job-list-match • Lists resources matching a job description • Performs the matchmaking without submitting the job • glite-wms-job-submit • Submits a job for execution • glite-wms-job-cancel • Cancels the given job • glite-wms-job-status • Displays the status of the job • glite-wms-job-output • Returns the job-output (the OutputSandbox files) to the user • glite-wms-job-logging-info • Displays logging information about submitted jobs (all the events “pushed” by the various components of the WMS) • Very useful for debug purposes

  18. Getting proxy certificate [branko@grid02 branko]$ voms-proxy-init -voms seegrid:/seegrid/RS/App/VIVE Your identity: /C=RS/O=AEGIS/OU=UOB/CN=Branko Marovic Enter GRID pass phrase: Creating temporary proxy ...................................... Done Contacting voms.grid.auth.gr:15040 [/C=GR/O=HellasGrid/OU=auth.gr/CN=voms.grid.auth.gr] "seegrid" Done Creating proxy ......................................................................... Done Your proxy is valid until Wed Mar 26 04:57:56 2008 [branko@grid02 branko]$ glite-wms-job-delegate-proxy --noint -d VIVE_delegate Connecting to the service https://wms.phy.bg.ac.yu:7443/glite_wms_wmproxy_server Your proxy has been successfully delegated to the WMProxy: https://wms.phy.bg.ac.yu:7443/glite_wms_wmproxy_server with the delegation identifier: VIVE_delegate

  19. Job description language [branko@grid02 branko]$ cat test.jdl Executable = "test_program"; Arguments = "Argument value"; StdOutput = "std.out"; StdError = "std.err"; InputSandbox = {"test_program", "test_data"}; OutputSandbox = {"std.out", "std.err"}; [branko@grid02 branko]$ cat test_program date ls -l cat test_data

  20. Site matching [branko@grid02 branko]$ glite-wms-job-list-match -d VIVE_delegate test.jdl Connecting to the service https://wms.phy.bg.ac.yu:7443/glite_wms_wmproxy_server COMPUTING ELEMENT IDs LIST The following CE(s) matching your job requirements have been found: *CEId* - c01.grid.etfbl.net:2119/jobmanager-pbs-seegrid - ce.grid.pmf.unsa.ba:2119/jobmanager-pbs-seegrid - ce.seegridtest.sci.am:2119/jobmanager-pbs-seegrid - ce.ulakbim.gov.tr:2119/jobmanager-lcgpbs-seegrid - ce001.fmi.uni-sofia.bg:2119/jobmanager-lcgpbs-seegrid - ce002.ipp.acad.bg:2119/jobmanager-lcgpbs-seegrid - ce01.isabella.grnet.gr:2119/jobmanager-pbs-seegrid - cluster1.csk.kg.ac.yu:2119/jobmanager-pbs-seegrid - cox01.grid.metu.edu.tr:2119/jobmanager-lcgpbs-seegrid - grid-ce.feit.ukim.edu.mk:2119/jobmanager-lcgpbs-seegrid - grid01.rcub.bg.ac.yu:2119/jobmanager-pbs-seegrid - gw01.seegrid.grid.pub.ro:2119/jobmanager-lcgpbs-seegrid - sn0.hpcc.sztaki.hu:2119/jobmanager-lcgpbs-seegrid - tbit01.nipne.ro:2119/jobmanager-lcgpbs-seegrid - testbed001.grid.ici.ro:2119/jobmanager-pbs-seegrid - ce001.grid.uni-sofia.bg:2119/jobmanager-lcgpbs-seegrid - grid01.elfak.ni.ac.yu:2119/jobmanager-pbs-seegrid - ce01.afroditi.hellasgrid.gr:2119/jobmanager-pbs-seegrid - grid1.irb.hr:2119/jobmanager-pbs-grid - ce001.imbm.bas.bg:2119/jobmanager-lcgpbs-seegrid - yildirim.grid.boun.edu.tr:2119/jobmanager-lcgpbs-seegrid - ce.phy.bg.ac.yu:2119/jobmanager-pbs-seegrid - ce.grid.tuiasi.ro:2119/jobmanager-lcgpbs-seegrid - ce01.grid.renam.md:2119/jobmanager-lcgpbs-seegrid - rti29.etf.bg.ac.yu:2119/jobmanager-pbs-seegrid - ce01.mosigrid.utcluj.ro:2119/jobmanager-pbs-seegrid - ce64.phy.bg.ac.yu:2119/jobmanager-pbs-seegrid - grid-ce.ii.edu.mk:2119/jobmanager-pbs-seegrid - grid01.cg.ac.yu:2119/jobmanager-pbs-seegrid

  21. Job submission [branko@grid02 branko]$ glite-wms-job-submit -d VIVE_delegate -o ID -r ce01.isabella.grnet.gr:2119/jobmanager-pbs-seegrid test.jdl Connecting to the service https://wms.phy.bg.ac.yu:7443/glite_wms_wmproxy_server The job has been successfully submitted to the WMProxy Your job identifier is: https://wms.phy.bg.ac.yu:9000/vjTIoKdEp27xtXRyA2Wgow The job identifier has been saved in the following file: /home/branko/ID Job Statuses • Submitted: job is entered by the user to the UI but not yet transferred to NS or WMP • Waiting: job has been accepted by the NS or WMP but not yet processed • Ready: job has been processed (matchmaking) but not yet transferred to the CE • Scheduled: job is waiting in the queue of the CE • Running: job is running on a WN • Done: job exited or it’s considered in a terminal state by CondorC • Aborted: job processing was aborted by WMS • Canceled: job has been canceled on user request • Cleared: output of the job has been retrieved after job successful conclusion

  22. Job status check [branko@grid02 branko]$ glite-wms-job-status -i ID BOOKKEEPING INFORMATION: Status info for the Job : https://wms.phy.bg.ac.yu:9000/vjTIoKdEp27xtXRyA2Wgow Current Status: Submitted Submitted: Tue Mar 25 17:43:31 2008 CET [branko@grid02 branko]$ glite-wms-job-status -i ID BOOKKEEPING INFORMATION: Status info for the Job : https://wms.phy.bg.ac.yu:9000/vjTIoKdEp27xtXRyA2Wgow Current Status: Running Status Reason: Job successfully submitted to Globus Destination: ce01.isabella.grnet.gr:2119/jobmanager-pbs-seegrid Submitted: Tue Mar 25 17:43:31 2008 CET [branko@grid02 branko]$ glite-wms-job-status -i ID BOOKKEEPING INFORMATION: Status info for the Job : https://wms.phy.bg.ac.yu:9000/vjTIoKdEp27xtXRyA2Wgow Current Status: Done (Success) Exit code: 0 Status Reason: Job terminated successfully Destination: ce01.isabella.grnet.gr:2119/jobmanager-pbs-seegrid Submitted: Tue Mar 25 17:43:31 2008 CET

  23. Result retrieval [branko@grid02 branko]$ glite-wms-job-output -i ID Connecting to the service https://147.91.84.25:7443/glite_wms_wmproxy_server JOB GET OUTPUT OUTCOME Output sandbox files for the job: https://wms.phy.bg.ac.yu:9000/vjTIoKdEp27xtXRyA2Wgow have been successfully retrieved and stored in the directory: /tmp/glite/glite-ui/branko_vjTIoKdEp27xtXRyA2Wgow

  24. Result viewing [branko@grid02 branko]$ cat /tmp/glite/glite-ui/branko_vjTIoKdEp27xtXRyA2Wgow/std.out Tue Mar 25 18:44:18 EET 2008 total 16 -rw------- 1 sgmsegri006 seegridsgm 196 Mar 25 18:44 https_3a_2f_2fwms.phy.bg.ac.yu_3a9000_2fvjTIoKdEp27xtXRyA2Wgow.output -rw-r--r-- 1 sgmsegri006 seegridsgm 0 Mar 25 18:44 std.err -rw-r--r-- 1 sgmsegri006 seegridsgm 29 Mar 25 18:44 std.out -rw-r--r-- 1 sgmsegri006 seegridsgm 19 Mar 25 18:44 test_data -rwxr-xr-x 1 sgmsegri006 seegridsgm 25 Mar 25 18:44 test_program -rw------- 1 sgmsegri006 seegridsgm 0 Mar 25 18:44 tmp.yAlPV31197 This is test file.

  25. Final job status [branko@grid02 branko]$ glite-wms-job-status -i ID BOOKKEEPING INFORMATION: Status info for the Job : https://wms.phy.bg.ac.yu:9000/vjTIoKdEp27xtXRyA2Wgow Current Status: Cleared Status Reason: user retrieved output sandbox Destination: ce01.isabella.grnet.gr:2119/jobmanager-pbs-seegrid Submitted: Tue Mar 25 17:43:31 2008 CET [branko@grid02 branko]$ glite-wms-job-logging-info -i ID -v 2 ... Event: RegJob - arrived = Tue Mar 25 17:43:31 2008 CET - host = wms.phy.bg.ac.yu - ns = https://147.91.84.25:7443/glite_wms_wmproxy_server - nsubjobs = 0 - source = NetworkServer - src_instance = https://147.91.84.25:7443/glite_wms_wmproxy_server - timestamp = Tue Mar 25 17:43:31 2008 CET - user = /C=RS/O=AEGIS/OU=UOB/CN=Branko Marovic ... Event: Done - arrived = Tue Mar 25 17:49:11 2008 CET - exit_code = 0 - host = wms.phy.bg.ac.yu - reason = Job terminated successfully ... Event: Clear - arrived = Tue Mar 25 17:58:56 2008 CET - host = wms.phy.bg.ac.yu - reason = USER [branko@grid02 branko]$ edg-job-cancel -i ID

  26. Submission to several servers [branko@grid02 branko]$ ./submit_job test.jdl Submitingto ce.ulakbim.gov.tr:2119/jobmanager-lcgpbs-seegrid Submitingto grid-ce.feit.ukim.edu.mk:2119/jobmanager-lcgpbs-seegrid Submitingto ce002.ipp.acad.bg:2119/jobmanager-lcgpbs-seegrid Submitingto grid01.rcub.bg.ac.yu:2119/jobmanager-pbs-seegrid [branko@grid02 branko]$ glite-wms-job-status -i test.jdl.jobs.list ------------------------------------------------------------------ 1 : https://wms.phy.bg.ac.yu:9000/vjTIoKdEp27xtXRyA2Wgow 2 : https://wms.phy.bg.ac.yu:9000/rD3QCuJnyTSrBU-E7RgbKA 3 : https://wms.phy.bg.ac.yu:9000/95uZFKG4QwQAUDKOmY8hxA 4 : https://wms.phy.bg.ac.yu:9000/8FhrKyCPu8vokUHQENXkPQ a : all q : quit ------------------------------------------------------------------ Choose one or more jobId(s) in the list - [1-4]all:2 BOOKKEEPING INFORMATION: Status info for the Job : https://wms.phy.bg.ac.yu:9000/rD3QCuJnyTSrBU-E7RgbKA Current Status: Ready Status Reason: unavailable Destination: grid-ce.feit.ukim.edu.mk:2119/jobmanager-lcgpbs-seegrid Submitted: Tue Mar 25 18:34:18 2008 CET *************************************************************

More Related