EMI INFSO-RI-261611 Catalogue synchronization & ACL propagation Fabrizio Furano (CERN IT-GT-DMS)

Slides:

Advertisements

Similar presentations

Software Frame Simulator (SFS) Technion CS Computer Communications Lab (236340) in cooperation with ECI telecom Uri Ferri & Ynon Cohen January 2007.

Advertisements

CTO Office Reliability & Security Distinctions and Interactions Hal Lockhart BEA Systems.

Component Patterns – Architecture and Applications with EJB copyright © 2001, MATHEMA AG Component Patterns Architecture and Applications with EJB JavaForum.

Technical Architectures

CS533 - Concepts of Operating Systems 1 Remote Procedure Calls - Alan West.

ECEN5053 SW Eng of Dist Systems, Arch Des Part 3, Univ of Colorado, Boulder1 Architectural Design of Distributed Systems, Part 3 ECEN5053 SW.

Computer Science 162 Section 1 CS162 Teaching Staff.

O. Keeble, F. Furano, A. Manzi, A. Ayllon, I. Calvet, M. Hellmich DPM Workshop 2014 DPM Monitoring.

Service Broker Lesson 11. Skills Matrix Service Broker Service Broker, provides a solution to common problems with message delivery and consistency that.

 Cloud computing  Workflow  Workflow lifecycle  Workflow design  Workflow tools : xcp, eucalyptus, open nebula.

W. Sliwinski – eLTC – 7March08 1 LSA & Safety – Integration of RBAC and MCS in the LHC control system.

EMI INFSO-RI EMI Quality Assurance Processes (PS ) Alberto Aimar (CERN) CERN IT-GT-SL Section Leader EMI SA2 QA Activity Leader.

1 Apache. 2 Module - Apache ♦ Overview This module focuses on configuring and customizing Apache web server. Apache is a commonly used Hypertext Transfer.

JCOP Workshop September 8th 1999 H.J.Burckhart 1 ATLAS DCS Organization of Detector and Controls Architecture Connection to DAQ Front-end System Practical.

The Grid Component Model: an Overview “Proposal for a Grid Component Model” DPM02 “Basic Features of the Grid Component Model (assessed)” -- DPM04 CoreGrid.

EMI INFSO-RI SA2 - Quality Assurance Alberto Aimar (CERN) SA2 Leader EMI First EC Review 22 June 2011, Brussels.

EGEE is a project funded by the European Union under contract IST Testing processes Leanne Guy Testing activity manager JRA1 All hands meeting,

A DΙgital Library Infrastructure on Grid EΝabled Technology ETICS Usage in DILIGENT Pedro Andrade

Experiment Support CERN IT Department CH-1211 Geneva 23 Switzerland t DBES PhEDEx Monitoring Nicolò Magini CERN IT-ES-VOS For the PhEDEx.

Component frameworks Roy Kensmil. Historical trens in software development. ABSTRACT INTERACTIONS COMPONENT BUS COMPONENT GLUE THIRD-PARTY BINDING.

XML Web Services Architecture Siddharth Ruchandani CS 6362 – SW Architecture & Design Summer /11/05.

The huge amount of resources available in the Grids, and the necessity to have the most up-to-date experimental software deployed in all the sites within.

SOA-14: Deploying your SOA Application David Cleary Principal Software Engineer.

The european ITM Task Force data structure F. Imbeaux.

Middleware for Grid Computing and the relationship to Middleware at large ECE 1770 : Middleware Systems By: Sepehr (Sep) Seyedi Date: Thurs. January 23,

Legion - A Grid OS. Object Model Everything is object Core objects - processing resource– host object - stable storage - vault object - definition of.

6 th dCache WS | Daniel Becker| 18 April 2012 | 1 Daniel Becker 6 th dCache workshop, Zeuthen, April 18, 2012 The HTTP Federation.

Stephen Burke – Data Management - 3/9/02 Partner Logo Data Management Stephen Burke, PPARC/RAL Jeff Templon, NIKHEF.

The Process Manager in the ATLAS DAQ System G. Avolio, M. Dobson, G. Lehmann Miotto, M. Wiesmann (CERN)

Jini Architecture Introduction System Overview An Example.

A PPARC funded project Common Execution Architecture Paul Harrison IVOA Interoperability Meeting Cambridge MA May 2004.

Architecture View Models A model is a complete, simplified description of a system from a particular perspective or viewpoint. There is no single view.

EMI is partially funded by the European Commission under Grant Agreement RI SA2 – Development Tools Andres Abad Rodriguez SA2.4 Tools Activity Leader.

EGEE-III INFSO-RI Enabling Grids for E-sciencE EGEE and gLite are registered trademarks Using GStat 2.0 for Information Validation.

INFSO-RI Enabling Grids for E-sciencE ARDA Experiment Dashboard Ricardo Rocha (ARDA – CERN) on behalf of the Dashboard Team.

AMQP, Message Broker Babu Ram Dawadi. overview Why MOM architecture? Messaging broker like RabbitMQ in brief RabbitMQ AMQP – What is it ?

Group Communication Theresa Nguyen ICS243f Spring 2001.

Component Patterns – Architecture and Applications with EJB copyright © 2001, MATHEMA AG Component Patterns Architecture and Applications with EJB Markus.

The new FTS – proposal FTS status. EMI INFSO-RI /05/ FTS /05/ /05/ Bugs fixed – Support an SE publishing more than.

Grid Technology CERN IT Department CH-1211 Geneva 23 Switzerland t DBCF GT Upcoming Features and Roadmap Ricardo Rocha ( on behalf of the.

JAliEn Java AliEn middleware A. Grigoras, C. Grigoras, M. Pedreira P Saiz, S. Schreiner ALICE Offline Week – June 2013.

EMI INFSO-RI Software Quality Assurance in EMI Maria Alandes Pradillo (CERN) SA2.2 Task Leader.

SPI NIGHTLIES Alex Hodgkins. SPI nightlies  Build and test various software projects each night  Provide a nightlies summary page that displays all.

EMI INFSO-RI EMI Quality Assurance Tools Lorenzo Dini (CERN) SA2.4 Task Leader.

EMI INFSO-RI Catalogue synchronization & ACL propagation Fabrizio Furano (CERN IT-GT)

Slide 1 2/22/2016 Policy-Based Management With SNMP SNMPCONF Working Group - Interim Meeting May 2000 Jon Saperia.

Copyright © 2004, Keith D Swenson, All Rights Reserved. OASIS Asynchronous Service Access Protocol (ASAP) Tutorial Overview, OASIS ASAP TC May 4, 2004.

Copyright 2007, Information Builders. Slide 1 iWay Web Services and WebFOCUS Consumption Michael Florkowski Information Builders.

INFSO-RI ETICS Local Setup Experiences A Case Study for Installation at Customers Location 4th. All Hands MeetingUwe Müller-Wilm VEGA Bologna, Nov.

From Use Cases to Implementation 1. Structural and Behavioral Aspects of Collaborations  Two aspects of Collaborations Structural – specifies the static.

Active-HDL Server Farm Course 11. All materials updated on: September 30, 2004 Outline 1.Introduction 2.Advantages 3.Requirements 4.Installation 5.Architecture.

EMI is partially funded by the European Commission under Grant Agreement RI Common Authentication Library Daniel Kouril, for the CaNL PT EGI CF.

EMI INFSO-RI Testbed for project continuous Integration Danilo Dongiovanni (INFN-CNAF) -SA2.6 Task Leader Jozef Cernak(UPJŠ, Kosice, Slovakia)

From Use Cases to Implementation 1. Mapping Requirements Directly to Design and Code  For many, if not most, of our requirements it is relatively easy.

EMI INFSO-RI Catalogue synchronization & ACL propagation Fabrizio Furano (CERN IT-GT)

EMI is partially funded by the European Commission under Grant Agreement RI Future Proof Storage with DPM Oliver Keeble (on behalf of the CERN IT-GT-DMS.

AMSA TO 4 Advanced Technology for Sensor Clouds 09 May 2012 Anabas Inc. Indiana University.

EMI INFSO-RI Catalogue synchronization & ACL propagation Fabrizio Furano (CERN IT-GT)

Dynamic Federation of Grid and Cloud Storage Fabrizio Furano, Oliver Keeble, Laurence Field Speaker: Fabrizio Furano.

Implementation of GLUE 2.0 support in the EMI Data Area Elisabetta Ronchieri on behalf of JRA1’s GLUE 2.0 Working Group INFN-CNAF 13 April 2011, EGI User.

Federating Data in the ALICE Experiment

Argus EMI Authorization Integration

Jean-Philippe Baud, IT-GD, CERN November 2007

Project Management: Messages

Dynamic Storage Federation based on open protocols

OGF PGI – EDGI Security Use Case and Requirements

Self Healing and Dynamic Construction Framework:

Peer-to-peer networking

THE STEPS TO MANAGE THE GRID

Replication Middleware for Cloud Based Storage Service

Presentation transcript:

EMI INFSO-RI Catalogue synchronization & ACL propagation Fabrizio Furano (CERN IT-GT-DMS)

2 EMI INFSO-RI Apr 2011 F.Furano - Catalogue Synchronization & ACL propagation Various catalogues keep information that is related – E.g. LFC keeps info about the content of remote Storage Elements, each one with its own catalogue A change in the permissions of a file in LFC is not automatically reflected by the peripheric catalogue If a SE looses a file, the LFC does not know If a new file is not correctly registered -> dark data Keeping them in sync is a very hard problem Namespace scanning for diffs is an expensive workaround The problem

3 EMI INFSO-RI Apr 2011 F.Furano - Catalogue Synchronization & ACL propagation Make the various catalogues/SE able to talk to each other – In order to exchange messages that keep them synchronized – 2 directions: Central Catalogue->SE (downstream) – e.g. to propagate changes in the permissions SE->Central Catalogue (upstream) – e.g. to propagate info about lost and missing files The idea

4 EMI INFSO-RI Apr 2011 F.Furano - Catalogue Synchronization & ACL propagation Looking for good ways to reliably communicate and cooperate Communication SE1 SEn SE2 SE or exp. catalogue subscribes to the relevant topics (e.g. “Changes”) SE sends to the appropriate topics (e.g. “Lost”) Subscribes to the relevant topics (e.g. “Lost”) SE Sends to the appropriate topics (e.g. “Changes”) Central Catalogue Other catalogue/SE e.g. ATLAS Broker(s)

5 EMI INFSO-RI Apr 2011 F.Furano - Catalogue Synchronization & ACL propagation Types of interactions What can we do with this? – Fix inconsistencies as they are found “SE1 apparently lost file X” – Prevent inconsistencies by sending messages when something happens “File X has new access permissions” “SE1 has a new file Y” – Ev. allow a central system to query the others to synchronize itself “Who has file Z”? “Do you still have file W?”

6 EMI INFSO-RI Apr 2011 F.Furano - Catalogue Synchronization & ACL propagation The architecture Central Catalogue Central Catalogue Msg brokers Upstream topic “SEMsg_upstream” NotAvailable(sfn) [ FileCreated(sfn) ] Adapter Downstream topic “SEMsg_downstream” Chmod(sfn) SE or other Catalogue A file can be N/A if: - it was requested to a DB that does not know it - OR if it was requested to a GridFTP that does not find it (trickier) Fix info! Adapter Fix info! Uses a virtual destination, e.g. : Consumer.DPNS1.SEMsg_downstream the broker queues messages for this endpoint if it disconnects momentarily. Uses a virtual destination, e.g. : Consumer.LFC1.SEMsg_upstream the broker queues messages for this endpoint if it disconnects momentarily.

7 EMI INFSO-RI Apr 2011 F.Furano - Catalogue Synchronization & ACL propagation SEMsg The current implementation is a component called SEMsg – Built to be robust, efficient and easy to integrate – Plugin-based (ev. with “null” plugins), loaded at runtime (dlopen) A plugin that performs actions (in the catalogue) when a message comes A plugin that performs SE(Catalogue)-specific actions when a message has to be sent through the API 5 plugins available by now: LFC producer+consumer, DPM producer+consumer, Python consumer – Provides a configurable daemon that consumes and dispatches the notifications – Provides commands to manually send notifications As well as a simple C/C++ API to send them hides message composition and the security implementation crafted to avoid bringing in complex build dependencies – The same tools are used for the LFC and DPM prototype, loading different sets of plugins Hence, more sets of plugins can be added, to talk to other systems

8 Security DPM consumer plugin DPM consumer plugin Default producer plugin Default producer plugin Producer API, e.g. NotifyChmod(sfn) NotifyNotAvailable(sfn) Producer API, e.g. NotifyChmod(sfn) NotifyNotAvailable(sfn) LFC EMI INFSO-RI Apr 2011 F.Furano - Catalogue Synchronization & ACL propagation Detail - SEMsg plugins Security LFC consumer plugin LFC consumer plugin LFC producer plugin LFC producer plugin Producer API, e.g. NotifyChmod(sfn) NotifyNotAvailable(sfn) Producer API, e.g. NotifyChmod(sfn) NotifyNotAvailable(sfn) DPM Msg brokers These implement some kind of realtime storage aggregation Must be robust, fast and low latency To be able to trust them and build an evolving thing

9 EMI INFSO-RI Apr 2011 F.Furano - Catalogue Synchronization & ACL propagation SEMsg Encapsulates the message-related aspects into a clear subsystem Simple to use and integrate in other systems Completely asynchronous, multithreaded design Does everything (in background) to keep the consumer connection UP The API never hiccups in case of conn troubles/broker restart The consumer may live as a daemon or be started within another daemon LFC/DPM use the external daemon Also provides commands to send the notifications – E.g. to manually notify that a set of files is not available Natively supports the bulk operations defined in the protocol – Automatic creation of bulk notifications from the internal queues. – No need for weird APIs or complex implementations.

10 EMI INFSO-RI Apr 2011 F.Furano - Catalogue Synchronization & ACL propagation Security (1/2) We can: – Guarantee the identity of the senders – Make sure that the content has not changed – Support SSL connections to the brokers (=comm encryption) Everything is X509-based, described in detail in the docs Performance is good (hundreds/s), space for improvement, probably not needed now – The bulk messages help a lot here The messages are signed using SHA1 – We treat messages as we do with PGP for s Future: implement some form of whitelisting

11 EMI INFSO-RI Apr 2011 F.Furano - Catalogue Synchronization & ACL propagation Security (2/2) The communicating entities are in general SEs, hence machines running with: – a host certificate – a service certificate Now we have a way to be sure about the sender’s identity – The notifications are never destructive by construction – We might like to have a way to filter senders – Whitelisting seems a way to go – We need anyway some real-world experience

12 EMI INFSO-RI Apr 2011 F.Furano - Catalogue Synchronization & ACL propagation New entry: the Python plugin One more consumer plugin, in the SEMsg distribution, with the DPM and LFC ones Associates python funcs to SEMsg notifications – Fully configurable in the SEMsg config file and generic e.g. The notification FileNotAvailable invokes the function ‘func1’ from the module ‘module1’ passing its content as parameters – Fast: invokes natively the Python C API – Benefits from the SEMsg structure, e.g. the security The Python script only deals with the action to be performed Tested with Python 2.4, 2.5, 2.6

13 EMI INFSO-RI Apr 2011 F.Furano - Catalogue Synchronization & ACL propagation Upcoming: ATLAS DDM The first usage of the Python plugin is going to be to invoke the ATLAS DDM tools – The “DDM problematic file catalogue” can be directly fed with notifications coming from SEMsg, i.e. coming from: SEs, when they detect a missing file Manual invokation of the CLI with lists of files – In practice, an instance of the SEMsgdaemon will sniff the notifications and forward them through the Python plugin

14 EMI INFSO-RI Apr 2011 F.Furano - Catalogue Synchronization & ACL propagation The Dec demonstrator was OK Now the libs/tools are available in the glite and EMI builds as a pre-release – All interested catalogues can use it – Documentation available in the TWiki, including the plugins – The instrumentation of LFC/DPM is finding its way to the SVN :-) Installed in the DPM nightly testbed – Just a matter of installing a couple of RPMs from ETICS and setting a few options v1.1.0beta is available

15 EMI INFSO-RI Apr 2011 F.Furano - Catalogue Synchronization & ACL propagation What’s next Sync with the other SE developers (STORM, dCache) Sync with LCGDM and provide the LFC/DPM instrumentation Start deploying the ATLAS instance and some real world test instances of LFC/DPM – Robustness tests + ev. fixes/additions in SEMsg/DPM/LFC At each step, keep an eye on the applicability to the computing models + ev. fixes/additions Would be really useful to understand if the protocol is descriptive enough Then, we’ll drop the ‘beta’

16 EMI INFSO-RI Apr 2011 F.Furano - Catalogue Synchronization & ACL propagation Making catalogues and SEs interact seems a good way to attack the consistency problem – It’s a form of realtime interaction between SEs and catalogues – By definition, it won’t mathematically kill the inconsistencies, but will help making a much better system – Will be interesting to explore the possibilities of the technology and of the implementation SEMsg is available as a pre-release until EMI-2 Protocol and SEMsg documentation in the Wiki Feedbacks are welcome The messaging (test) infrastructure and the tools seem really OK Conclusions

17 EMI INFSO-RI Apr 2011 F.Furano - Catalogue Synchronization & ACL propagation Thank you EMI is partially funded by the European Commission under Grant Agreement INFSO-RI