CernVM WebAPI CernVM Users Workshop 2015 Ioannis Charalampidis, PH/SFT CERN, 5 March 2015

Agenda Origins of CernVM WebAPI Components of CernVM WebAPI Running multiple projects in the same VM Hands-on CernVM WebAPI Ioannis Charalampidis - CernVM WebAPI 2

CernVM WebAPI Origins 2011 : 2.0 – BOINC Project First time where virtualization is used 1 1 Ioannis Charalampidis - CernVM WebAPI 3

CernVM WebAPI Origins Conceived as an additional burden to some volunteers 1 1 Ioannis Charalampidis - CernVM WebAPI 4

CernVM WebAPI Origins Want to volunteer BOINC Users Mostly with good computer skills Can we also target the rest of the audience? 1 1 Ioannis Charalampidis - CernVM WebAPI 5

CernVM WebAPI Origins Web apps are simple, run everywhere and require no manual installations 1 1 Ioannis Charalampidis - CernVM WebAPI 6

CernVM WebAPI Origins Virtualization is widespread: Code it once, deploy it everywhere 1 1 Ioannis Charalampidis - CernVM WebAPI 7

CernVM WebAPI Origins 1 1 Ioannis Charalampidis - CernVM WebAPI 8

CernVM WebAPI Origins Raw computing power available to web apps 1 1 Ioannis Charalampidis - CernVM WebAPI 9

CernVM WebAPI Start and Control Virtual Computing Resources through your web browser Web Virtualization 1 1 Ioannis Charalampidis - CernVM WebAPI 10

CernVM WebAPI Does all the heavy-lifting for the user : Missing hypervisor? Install it! Improperly configured hypervisor? Fix it! Missing resources? Download them! One-click solution to desktop virtualization 1 1 Ioannis Charalampidis - CernVM WebAPI 11

CernVM WebAPI // Request API Access CVM.startCVMWebAPI(function(plugin) { // Open Session plugin.requestSession(" function(session) { // Start VM session.start(); }); Javascript code for starting a VM 1 1 Ioannis Charalampidis - CernVM WebAPI 12

Under the Hood Javascript Library Javascript Library libCernVM Library libCernVM Library WebAPI Daemon WebSocket CernVM WebAPI components Web BrowserSystem Daemon 2 2 Ioannis Charalampidis - CernVM WebAPI 13

Under the Hood - libCernVM libCernVM Library libCernVM Library Session { config } VM Instance libCernVM interfaces with the Hypervisor Ioannis Charalampidis - CernVM WebAPI 14

Under the Hood - libCernVM Missing Power Off Runnig Saved CreateStartSave DestroyStopResume Each session is implemented as an FSM 2 2 Ioannis Charalampidis - CernVM WebAPI 15

Under the Hood – Javascript Javascript Library Javascript Library High-level calls cvmwebapi.js provides the higher-level abstraction Install Logic Lower-level ws:// protocol Lower-level ws:// protocol 2 2 Ioannis Charalampidis - CernVM WebAPI 16

Under the Hood – Javascript Embedded UI First-time install instructions Micro-UI injected in the website for guiding the user 2 2 Ioannis Charalampidis - CernVM WebAPI 17

Under the Hood – Daemon WebAPI Daemon WebAPI Daemon WebServer (mongoose) WebServer (mongoose) Lower-level ws:// protocol Lower-level ws:// protocol Auth Logic Auth Logic libCernVM The daemon is just the glue between the javascript interface and libCernVM 2 2 Ioannis Charalampidis - CernVM WebAPI 18

Security & Trust Be secure, or you are a potential botnet node … 2 2 Ioannis Charalampidis - CernVM WebAPI 19

Security & Trust … Public Key domain.com Private Key domain.com WebAPI Public Key WebAPI Private Key Sign Validate VMCP Response Sign Validate WebAPI Daemon CERNdomain.com 2 2 Ioannis Charalampidis - CernVM WebAPI 20

Security & Trust - VMCP WebAPI Daemon WebAPI Daemon 1) Open Session Referrer: domain.com Web Server vmp.domain.co m Web Server vmp.domain.co m VMCP: vmcp.domain.com/vm2 2) Request Config 3) Sign response Private Key domain.com libCernVM 4) Forward request 5) Respond 2 2 Ioannis Charalampidis - CernVM WebAPI 21

Hypervisor Interaction with the VM Virtual Machine WebAPI Setup port forwarding Check Notify WebServer Browser Application Connect to API Port 2 2 Ioannis Charalampidis - CernVM WebAPI 22

WebAPI in Production CERN 60 – Public Computing Challenge 2 2 Ioannis Charalampidis - CernVM WebAPI 23

WebAPI in Production During the challenge detailed analytics were collected 2 2 Ioannis Charalampidis - CernVM WebAPI 24

WebAPI in Production 2 2 Used in cernvm-online.cern.ch For testing your contextualization image directly from the browser Used in Virtual Atom Smasher game For starting the worker nodes (simulation agents) that players need Ioannis Charalampidis - CernVM WebAPI 25

Multiple projects with WebAPI A VM can be easily booted from the browser However, starting a VM per project can consume resources Why not use lightweight virtualization (Linux Containers) inside a single VM? A ‘dumb’ scheduler: DumbQ Ioannis Charalampidis - CernVM WebAPI 26

Multiple projects with WebAPI # Server configuration project1:50:sft.cern.ch:sft.cern.ch/bootstraps/pj1/init.sh Project2:30:sft.cern.ch:sft.cern.ch/bootstraps/pj2/init.sh cernvm-fork pj1/init.sh cernvm-fork pj1/init.sh Free CPU Slot 50% Chance 30% Chance 3 3 Ioannis Charalampidis - CernVM WebAPI 27

Multiple projects with WebAPI Very simple integration with your current setup Your script runs in a standard CernVM environment This is not a scheduler, you have to use your own (as your current set-up perhaps) DumbQ provides the information required to identify the volunteer 3 3 Ioannis Charalampidis - CernVM WebAPI 28

Hands-on (?) Step-by-step tutorial: webapi/wiki/Tutorial-Intro 4 4 Ioannis Charalampidis - CernVM WebAPI 29