EGEE-III INFSO-RI-222667 Enabling Grids for E-sciencE Feb. 06, 2009 www.eu-egee.org Introduction to High Performance and Grid Computing Faculty of Sciences,

Slides:



Advertisements
Similar presentations
EU 2nd Year Review – Jan – Title – n° 1 WP1 Speaker name (Speaker function and WP ) Presentation address e.g.
Advertisements

Workload management Owen Maroney, Imperial College London (with a little help from David Colling)
INFSO-RI Enabling Grids for E-sciencE Workload Management System and Job Description Language.
FP7-INFRA Enabling Grids for E-sciencE EGEE Induction Grid training for users, Institute of Physics Belgrade, Serbia Sep. 19, 2008.
Grid Computing, B. Wilkinson, 20045a.1 Security Continued.
Grid Security Infrastructure Tutorial Von Welch Distributed Systems Laboratory U. Of Chicago and Argonne National Laboratory.
A Computation Management Agent for Multi-Institutional Grids
SEE-GRID-SCI Hands-On Session: Workload Management System (WMS) Installation and Configuration Dusan Vudragovic Institute of Physics.
INFSO-RI Enabling Grids for E-sciencE EGEE Middleware The Resource Broker EGEE project members.
The EPIKH Project (Exchange Programme to advance e-Infrastructure Know-How) gLite Grid Services Abderrahman El Kharrim
DESIGNING A PUBLIC KEY INFRASTRUCTURE
INFSO-RI Enabling Grids for E-sciencE Security, Authorisation and Authentication Mike Mineter Training, Outreach and Education National.
Makrand Siddhabhatti Tata Institute of Fundamental Research Mumbai 17 Aug
The EDGeS project receives Community research funding 1 Specific security needs of Desktop Grids Desktop Grids Desktop Grids EDGeS project EDGeS project.
FESR Consorzio COMETA Grid Introduction and gLite Overview Corso di formazione sul Calcolo Parallelo ad Alte Prestazioni (edizione.
EGEE-II INFSO-RI Enabling Grids for E-sciencE EGEE and gLite are registered trademarks Simply monitor a grid site with Nagios J.
INFSO-RI Enabling Grids for E-sciencE Logging and Bookkeeping and Job Provenance Services Ludek Matyska (CESNET) on behalf of the.
Certificate-Based Operations. Module Objectives By the end of this module participants will be able to: Define how cryptography is used to secure information.
Enabling Grids for E-sciencE Workload Management System on gLite middleware Matthieu Reichstadt CNRS/IN2P3 ACGRID School, Hanoi (Vietnam)
DataGrid WP1 Massimo Sgaravatto INFN Padova. WP1 (Grid Workload Management) Objective of the first DataGrid workpackage is (according to the project "Technical.
INFSO-RI Enabling Grids for E-sciencE Workload Management System Mike Mineter
EGEE-II INFSO-RI Enabling Grids for E-sciencE EGEE and gLite are registered trademarks Information System on gLite middleware Vincent.
INFSO-RI Enabling Grids for E-sciencE Sofia, 22 March 2007 Security, Authentication and Authorisation Mike Mineter Training, Outreach.
E-science grid facility for Europe and Latin America E2GRIS1 Raúl Priego Martínez – CETA-CIEMAT (Spain)‏ Itacuruça (Brazil), 2-15 November.
EGEE-II INFSO-RI Enabling Grids for E-sciencE EGEE and gLite are registered trademarks Security and Job Management.
GLite Information System(s) Antonio Juan Rubio Montero CIEMAT 10 th EELA Tutorial. Madrid, May 7 th -11 th,2007.
Security, Authorisation and Authentication.
June 24-25, 2008 Regional Grid Training, University of Belgrade, Serbia Introduction to gLite gLite Basic Services Antun Balaž SCL, Institute of Physics.
EGEE-III INFSO-RI Enabling Grids for E-sciencE Feb. 06, Introduction to High Performance and Grid Computing Faculty of Sciences,
E-infrastructure shared between Europe and Latin America 12th EELA Tutorial for Users and System Administrators gLite Information System.
INFSO-RI Enabling Grids for E-sciencE Security in gLite Gergely Sipos MTA SZTAKI With thanks for some slides to.
E-infrastructure shared between Europe and Latin America FP6−2004−Infrastructures−6-SSA gLite Information System Pedro Rausch IF.
1 Grid2Win: porting of gLite middleware to Windows Dario Russo INFN Catania
Security fundamentals Topic 5 Using a Public Key Infrastructure.
Glite. Architecture Applications have access both to Higher-level Grid Services and to Foundation Grid Middleware Higher-Level Grid Services are supposed.
INFSO-RI Enabling Grids for E-sciencE Αthanasia Asiki Computing Systems Laboratory, National Technical.
High-Performance Computing Lab Overview: Job Submission in EDG & Globus November 2002 Wei Xing.
FP6−2004−Infrastructures−6-SSA E-infrastructure shared between Europe and Latin America Alexandre Duarte CERN IT-GD-OPS UFCG LSD 1st EELA Grid School.
FP6−2004−Infrastructures−6-SSA E-infrastructure shared between Europe and Latin America Grid2Win: Porting of gLite middleware to.
FP6−2004−Infrastructures−6-SSA E-infrastructure shared between Europe and Latin America gLite Information System Claudio Cherubino.
EGEE-III INFSO-RI Enabling Grids for E-sciencE EGEE and gLite are registered trademarks Grid2Win : gLite for Microsoft Windows Roberto.
E-infrastructure shared between Europe and Latin America gLite Information System(s) Manuel Rubio del Solar CETA-CIEMAT EELA Tutorial, Mérida,
Security, Authorisation and Authentication Mike Mineter, Guy Warner Training, Outreach and Education National e-Science Centre
WLCG Authentication & Authorisation LHCOPN/LHCONE Rome, 29 April 2014 David Kelsey STFC/RAL.
EGEE-II INFSO-RI Enabling Grids for E-sciencE Practical using WMProxy advanced job submission.
13th EELA Tutorial, La Antigua, 18-19, October E-infrastructure shared between Europe and Latin America FP6−2004−Infrastructures−6-SSA
FESR Trinacria Grid Virtual Laboratory gLite Information System Muoio Annamaria INFN - Catania gLite 3.0 Tutorial Trigrid Catania,
EGI-InSPIRE RI Grid Training for Power Users EGI-InSPIRE N G I A E G I S Grid Training for Power Users Institute of Physics Belgrade.
1 Grid Security Jinny Chien Academia Sinica Computing Centre Deployment team.
Consorzio COMETA - Progetto PI2S2 UNIONE EUROPEA Grid2Win : gLite for Microsoft Windows Elisa Ingrà - INFN.
EGEE-II INFSO-RI Enabling Grids for E-sciencE Authentication, Authorisation and Security Mike Mineter, National e-Science Centre.
EGEE-II INFSO-RI Enabling Grids for E-sciencE Authentication, Authorisation and Security Emidio Giorgio INFN Catania.
Introduction to Computing Element HsiKai Wang Academia Sinica Grid Computing Center, Taiwan.
The EPIKH Project (Exchange Programme to advance e-Infrastructure Know-How) gLite Grid Introduction Salma Saber Electronic.
INFSO-RI Enabling Grids for E-sciencE Sofia, 17 March 2009 Security, Authentication and Authorisation Mike Mineter Training, Outreach.
Enabling Grids for E-sciencE Work Load Management & Simple Job Submission Practical Shu-Ting Liao APROC, ASGC EGEE Tutorial.
Enabling Grids for E-sciencE Claudio Cherubino INFN DGAS (Distributed Grid Accounting System)
Security, Authorisation and Authentication Mike Mineter,
Authentication, Authorisation and Security
Workload Management System on gLite middleware
Authorization and Authentication in gLite
gLite Information System(s)
Workload Management System ( WMS )
Introduction to Grid Technology
CRC exercises Not happy with the way the document for testbed architecture is progressing More a collection of contributions from the mware groups rather.
Grid Security Jinny Chien Academia Sinica Grid Computing.
gLite Information System(s)
EGEE Middleware: gLite Information Systems (IS)
gLite Information System
Information Services Claudio Cherubino INFN Catania Bologna
Presentation transcript:

EGEE-III INFSO-RI Enabling Grids for E-sciencE Feb. 06, Introduction to High Performance and Grid Computing Faculty of Sciences, University of Novi Sad Dusan Vudragovic Scientific Computing Laboratory Institute of Physics Belgrade Serbia Architecture and Services of gLite Middleware Introduction to High Performance and Grid Computing

Enabling Grids for E-sciencE EGEE-III INFSO-RI Set of basic Grid services Job submission/management File transfer (individual, queued) Database access Data management (replication, metadata) Monitoring/Indexing system information Introduction to High Performance and Grid Computing 2

Enabling Grids for E-sciencE EGEE-III INFSO-RI Grid services Authentication (CA) Authorization (VOMS) Information System User Interface (UI) Computing Element (CE) Storage Element (SE) Workload Management System (WMS) Introduction to High Performance and Grid Computing 3

Enabling Grids for E-sciencE EGEE-III INFSO-RI Authentication (1/10) Cryptography – To implement the security infrastructure, cryptography uses mathematical algorithms that provide important building blocks –Corresponding definitions for the above symbols:  Plaintext: M  Cyphertext: C  Encryption with key K1 : E K1 (M) = C  Decryption with key K2 : D K2 (C) = M –Algorithms  Symmetric: K1 = K2  Asymmetric: K1 ≠ K2 Introduction to High Performance and Grid Computing 4 K2K2 K1K1 Encryption Decryption MCM

Enabling Grids for E-sciencE EGEE-III INFSO-RI Authentication (2/10) Cryptography :: Symmetric Algorithms –The same key is used for encryption and decryption (no public key, only secret keys available.) –Advantages  Fast –Disadvantages  Exchange of secret keys needed: – how to distribute the keys?  the number of keys is O(n 2 ) – Examples:  DES  3DES  AES Introduction to High Performance and Grid Computing 5 AB Hi!3$rHi! AB 3$rHi!3$r

Enabling Grids for E-sciencE EGEE-III INFSO-RI Authentication (3/10) Cryptography :: Public Key Algorithms (Asymmetric) –Every user has two keys: one private (secret) and one public:  it is impossible to derive the private key from the public one  a message encrypted by one key can be decrypted only by the other one. –No exchange of private key is possible.  the sender cyphers using the public key of the receiver  the receiver decrypts using his own private key;  the number of keys is O(n). –Examples: RSA (1978) Introduction to High Performance and Grid Computing 6 B keys public private A keys publicprivate AB Hi!3$rHi! AB cy7Hi! 3$r cy7

Enabling Grids for E-sciencE EGEE-III INFSO-RI Authentication (4/10) Cryptography :: Digital Signature –A calculates the hash of the message (with a one-way hash function) –A encrypts the hash using his private key: the encrypted hash is the digital signature –A sends the signed message to B –B calculates the hash of the message and verifies it with A, decyphered with A’s public key –If two hashes equal: message wasn’t modified; A cannot repudiate it. Introduction to High Performance and Grid Computing 7 B This is some message Digital Signature A This is some message Digital Signature This is some message Digital Signature Hash(A) A keys publicprivate Hash(B) Hash(A) = ?

Enabling Grids for E-sciencE EGEE-III INFSO-RI Authentication (5/10) Digital Certificates –A’s digital signature is safe if:  A’s private key is not compromised  B knows A’s public key –How can B be sure that A’s public key is really A’s public key and not someone else’s?  A third party guarantees the correspondence between public key and owner’s identity.  Both A and B must trust this third party –Two models proposed to build trust:  X.509: hierarchical organization (used in Grid)  PGP: “web of trust” (person to person) Introduction to High Performance and Grid Computing 8

Enabling Grids for E-sciencE EGEE-III INFSO-RI Authentication (6/10) Certification Authorities –The “third party” is called Certification Authority (CA). –Responsibilities of CA:  Issue Digital Certificates (containing public key and owner’s identity) for users, programs and machines  Check identity and the personal data of the requestor  Registration Authorities (RAs) do the actual validation  Revoke certificates in case of a compromise  Renew certificates in case of expiration  Periodically publish a list of revoked certificates through web repository  Certificate Revocation Lists (CRL): contain all the revoked certificates –CA certificates are self-signed Introduction to High Performance and Grid Computing 9

Enabling Grids for E-sciencE EGEE-III INFSO-RI Authentication (7/10) X.509 Certificates –An X.509 Certificate contains:  owner’s public key;  identity of the owner (DN);  info on the CA;  time of validity;  Serial number;  digital signature of the CA Introduction to High Performance and Grid Computing 10 Public key Subject: C=RS, O=AEGIS, OU=Institute of Physics Belgrade, CN=Dusan Vudragovic Issuer: C=RS, O=AEGIS, CN=AEGIS-CA Not before: Apr 6 14:08: GMT Not after: Apr 6 14:08: GMT Serial number: 95 (0 x 5F) CA Digital signature Structure of a X.509 certificate

Enabling Grids for E-sciencE EGEE-III INFSO-RI Authentication (8/10) The Grid Security Infrastructure (GSI) –Based on X.509 PKI:  every user/host/service has an X.509 certificate;  certificates are signed by trusted (by the local sites) CA’s;  every Grid transaction is mutually authenticated:  Ali sends his certificate; B verifies signature in A’s certificate; B sends A a challenge string; A encrypts the challenge string with his private key; A sends encrypted challenge to B B uses A’s public key to decrypt the challenge. B compares the decrypted string with the original challenge If they match, B verifies A’s identity and A can not repudiate it. Introduction to High Performance and Grid Computing 11 A B A’s certificate Verify CA signature Random phrase Encrypt with A.’ s private key Encrypted phrase Decrypt with A’s public key Compare with original phrase

Enabling Grids for E-sciencE EGEE-III INFSO-RI Authentication (9/10) X.509 Proxy Certificate –Proxy: GSI extension to X.509 Identity Certificates  signed by the normal end entity cert (or by another proxy). –It enables single sign-on. –It supports some important features:  Delegation  Mutual authentication –It has a limited lifetime (minimized risk of “compromised credentials”) –User enters pass phrase, which is used to decrypt private key –Private key is used to sign a proxy certificate with its own, new public/private key pair. Introduction to High Performance and Grid Computing 12 User certificate file Private Key (Encrypted) Pass Phrase User Proxy certificate file

Enabling Grids for E-sciencE EGEE-III INFSO-RI Authentication (10/10) Delegation –Delegation = remote creation of a (second level) proxy credential  New key pair generated remotely on server  Client signs proxy cert and returns it –Allows remote process to authenticate on behalf of the user Introduction to High Performance and Grid Computing 13

Enabling Grids for E-sciencE EGEE-III INFSO-RI Authorization (1/7) Multi-institution issues Introduction to High Performance and Grid Computing 14

Enabling Grids for E-sciencE EGEE-III INFSO-RI Authorization (2/7) Grid solution: use of VOs Introduction to High Performance and Grid Computing 15

Enabling Grids for E-sciencE EGEE-III INFSO-RI Authorization (3/7) Use delegation to establish dynamic distributed system Introduction to High Performance and Grid Computing 16 Computing Center VO Rights Computing Center Service

Enabling Grids for E-sciencE EGEE-III INFSO-RI Authorization (4/7) VOMS server –Virtual organizations (VOs) are groups of Grid users (authenticated through digital certificates) –VO Management Service (VOMS) serves as a central repository for user authorization information, providing support for sorting users into a general group hierarchy, keeping track of their roles,etc. –VO Manager, according to VO policies and rules, authorizes authenticated users to become VO members –Resource centers (RCs) may support one or more VOs, and this is how users are authorized to use computing, storage and other Grid resources –VOMS allows flexible approach to A&A on the Grid Introduction to High Performance and Grid Computing 17

Enabling Grids for E-sciencE EGEE-III INFSO-RI Authorization (5/7) VOMS Ingredients –Attribute Certificates: AC is a PKI container, defined in RFC 3281, capable of containing a set of attributes tied to a specific identity. It is the system used by VOMS to issue its attributes. –VOMS groups: /aegis/scl –VOMS roles: /Role=VO-Admin  Roles can be defined for groups as well –FQAN (Fully Qualified Attribute Name) is a compact way to represent user’s membership in a group, along with its role holdership, if any  Syntax: /Role= /Capability=NULL where the /Capability=NULL may be omitted, since it refers to a deprecated feature of VOMS  /aegis/scl/Role=NULL/Capability=NULL Introduction to High Performance and Grid Computing 18

Enabling Grids for E-sciencE EGEE-III INFSO-RI Authorization (6/7) Attribute Certificate –FQAN are included in an Attribute Certificate –Attribute Certificates are used to bind a set of attributes (like membership, roles, authorization info etc) with an identity –ACs are digitally signed –VOMS uses AC to include the attributes of a user in a proxy certificat Introduction to High Performance and Grid Computing 19

Enabling Grids for E-sciencE EGEE-III INFSO-RI Authorization (7/7) VOMS Architecture Introduction to High Performance and Grid Computing 20 VOMS Core Service (vomsd) VOMS Admin Service Admin Service SOAP Web User Interface Authorization Database voms-proxy-init voms-admin CLI Web browser GSI SOAP + SSL HTTPS VOMS Server

Enabling Grids for E-sciencE EGEE-III INFSO-RI Information System (1/10) Collect information of grid resources –Discovering new added resources –Monitoring load and health status Publish these information –Periodically updated –Well know data model Used by –Users searching a concrete resource –WMS allocating and managing jobs –Other monitoring services Basic data model –Grid Laboratory Uniform Environment (GLUE) Schema. Two architectures in glite3 –gLite Information System (BDII)  BDII over Globus MDS (Monitoring and Discovery System).  OpenLDAP interface. –Relational Grid Monitoring Architecture (R-GMA)  Based on the GMA (Grid Monitoring Architecture) standard from the Grid Global Forum  Information in SQL relational databases  Web Services. Introduction to High Performance and Grid Computing 21

Enabling Grids for E-sciencE EGEE-III INFSO-RI Information System (2/10) GLUE Schema :: Overview –A schema of objects and attributes describing Grid resources and its relationships.  Originally a EU-DataTAG and US-iVDGL coordinated effort.  Current participants: EGEE, OSG, Globus and NorduGrid.  A way to describe Grid info Statically and dynamically supplied Hierarchically represented Independently of the framework (LDAP, XML, SQL…) Introduction to High Performance and Grid Computing 22

Enabling Grids for E-sciencE EGEE-III INFSO-RI Information System (3/10) GLUE Schema :: Site Element Introduction to High Performance and Grid Computing 23

Enabling Grids for E-sciencE EGEE-III INFSO-RI Information System (4/10) GLUE Schema :: Cluster Element Introduction to High Performance and Grid Computing 24

Enabling Grids for E-sciencE EGEE-III INFSO-RI Information System (5/10) GLUE Schema :: Computing Element Introduction to High Performance and Grid Computing 25

Enabling Grids for E-sciencE EGEE-III INFSO-RI Information System (6/10) gLite Information System Levels –Resource level: Grid Resource Information Server (GRIS)  One GRIS on top of each CE, SE, WMS, MyProxy (no WNs).  Sensors and scripts get status of concrete resources statically (e.g. GlueCEUniqueID) or dynamically (e.g. GlueCEStateWaitingJobs) –Site level: Grid Index Information Server (GIIS)  Compiles all the information of the different GRISes in a site.  gLite recommends using a BDII instead of a GIIS Improves robustness and stability. Called the site BDII. –Top level: Berkeley DB Information Index (BDII)  Keeps all Grid information about the VOs (generally only one).  Stores information from local BDIIs or GIISes in its database.  Only queries sites that are included in a configuration file. Introduction to High Performance and Grid Computing 26

Enabling Grids for E-sciencE EGEE-III INFSO-RI Information System (7/10) Introduction to High Performance and Grid Computing 27

Enabling Grids for E-sciencE EGEE-III INFSO-RI Information System (8/10) LDAP Model –Way of collecting info  Pull model (higher level servers periodically query lower level servers)  All servers are based on LDAP Inherit hierarchical structure (tree-like) LDAP Data Information Format (LDIF) –Users get info with  Generic applications ldapsearch (BDII:2170 ports) Graphical UIs (BDII web; LDAP GUIs) Always can get information about specific resources (maybe more up-to- date) by querying directly the site BDIIs, GIISes or GRISes.  Querying VO info with lcg-infosites or lcg-info tools Introduction to High Performance and Grid Computing 28

Enabling Grids for E-sciencE EGEE-III INFSO-RI Information System (9/10) R-GMA Overview –Added from EDG Project –Based on the GMA standard from the GGF –Information in SQL relational databases (a DB per VO) –Query syntax is a SQL subset –Simple consumer-producer model –Web Services oriented –CLI and Web user interface –Allows self-logging applications –R-GMA offers a global view of the VO information  In one large relational DB: virtual database.  Registry stores localization tuples (database rows) published by producers: Standard Tables: CE state in GLUE Schema (by R-GMA-GIN) Applications specific tables (e.g. self-logging with Log4j) Access by SQL queries through a WS interface. Introduction to High Performance and Grid Computing 29

Enabling Grids for E-sciencE EGEE-III INFSO-RI Information System (10/10) Introduction to High Performance and Grid Computing 30

Enabling Grids for E-sciencE EGEE-III INFSO-RI User Interface (UI) UI is the user’s interface to the Grid - Command-line interface to –Attribute/Proxy certificate –Job operations  To submit a job  Monitor its status  Retrieve output – Data operations  Upload file to SE  Create replica  Discover replicas –Other grid services To run a job user creates a JDL (Job Description Language) file Introduction to High Performance and Grid Computing 31

Enabling Grids for E-sciencE EGEE-III INFSO-RI Computing Element (CE) Introduction to High Performance and Grid Computing 32 Homogeneous set of worker nodes (WNs) Grid gate node Local resource management system: Condor / PBS / LSF master Gatekeeper Job request Loc. Info system Logging A&A Information system L&B A CE is a grid batch queue with a “grid gate” front-end:

Enabling Grids for E-sciencE EGEE-III INFSO-RI Storage Element (SE) Storage elements hold files: write once, read many Replica files can be held on different SE: –“close” to CE; share load on SE File Catalogue - what replicas exist for a file and where are they? Introduction to High Performance and Grid Computing 33 Loc. Info System Event Logging A&A GridFTP Disk arrays or tapes Info system L&B Gatekeeper File transferRequests

Enabling Grids for E-sciencE EGEE-III INFSO-RI Workload Management System Introduction to High Performance and Grid Computing 34

Enabling Grids for E-sciencE EGEE-III INFSO-RI Introduction to High Performance and Grid Computing 35 Job management requests (submission, cancellation) expressed via a Job Description Language (JDL)

Enabling Grids for E-sciencE EGEE-III INFSO-RI Introduction to High Performance and Grid Computing 36 Keeps submission Requests Requests are kept for a while, waiting for for a while, waiting for being dispatched If there is no matching resource available

Enabling Grids for E-sciencE EGEE-III INFSO-RI Introduction to High Performance and Grid Computing 37 Repository of resource information information Updated via notifications and/or active polling on sources Provide matchmaker With information to decide best resources for request.

Enabling Grids for E-sciencE EGEE-III INFSO-RI Introduction to High Performance and Grid Computing 38 Finds an appropriate CE or resource for job request according to the information from ISM. Taking into account job preferences, resource status, policies on resources

Enabling Grids for E-sciencE EGEE-III INFSO-RI Introduction to High Performance and Grid Computing 39 Performs the actual job submission and monitoring Normally it is Condor.

Enabling Grids for E-sciencE EGEE-III INFSO-RI Introduction to High Performance and Grid Computing 40 Computing Element is the place where you jobs run

Enabling Grids for E-sciencE EGEE-III INFSO-RI Workload Manager Proxy WMProxy –Provides access to WMS functionality through a Web Services based interface –Each job submitted to a WMProxy Service is given the delegated credentials of the user who submitted it. –These credentials can then be used to perform operations requiring interactions with other services –WMProxy advantages:  web service, SOAP  job collections, DAG jobs, shared and compressed  sandboxes –WMProxy caveats:  needs delegated credentials  Delegate once,submit many Introduction to High Performance and Grid Computing 41

Enabling Grids for E-sciencE EGEE-III INFSO-RI Workload Manager (WM) –Is responsible for  Calls Matchmaker to find the resource which best matches the job requirements.  Interacting with Information System and File catalog.  Calculates the ranking of all the matchmaked resource Information Supermarket (ISM) –is responsible for  basically consists of a repository of resource information that is available in read only mode to the matchmaking engine Job Adapter –is responsible for  making the final touches to the JDL expression for a job, before it is passed to CondorC for the actual submission  creating the job wrapper script that creates the appropriate execution environment in the CE worker node transfer of the input and of the output sandboxes Introduction to High Performance and Grid Computing 42

Enabling Grids for E-sciencE EGEE-III INFSO-RI Job Controller (JC) –Is responsible for  Converts the condor submit file into ClassAd  hands over the job to CondorC Condor –responsible for  performing the actual job management operations: job submission, removal Log Monitor –is responsible for  watching the Condor log file  intercepting interesting events concerning active jobs events affecting the job state machine  triggering appropriate actions. Introduction to High Performance and Grid Computing 43

Enabling Grids for E-sciencE EGEE-III INFSO-RI Task Queue –Gives the possibility to keep track of the requests if no resources are immediatelly avalaible –Non-matching requests will be retried periodically (eager scheduling) –Or wait for notification of avalaible resources (lazy scheduling) Introduction to High Performance and Grid Computing 44

Enabling Grids for E-sciencE EGEE-III INFSO-RI Introduction to High Performance and Grid Computing 45 Computing Element is built on a homogeneous farm of computing nodes (called Worker Nodes) Also there are many components inside CE such as gatekeeper, globus-jobmanager,..

Enabling Grids for E-sciencE EGEE-III INFSO-RI Introduction to High Performance and Grid Computing 46 Gatekeeper Grants access to the CE and map grid user to a local user id.

Enabling Grids for E-sciencE EGEE-III INFSO-RI Introduction to High Performance and Grid Computing 47 Batch System A cluster of compute nodes controlled by a head node. handles the job execution Example: Torque (Open PBS), PBS

Enabling Grids for E-sciencE EGEE-III INFSO-RI Introduction to High Performance and Grid Computing 48 UI Network Daemon Job Contr. - CondorG Workload Manager LFC Inform. Service Computing Element Storage Element CE characts & status SE characts & status WMS Location of files Characteristics of resources

Enabling Grids for E-sciencE EGEE-III INFSO-RI Introduction to High Performance and Grid Computing 49 UI Network Daemon Job Contr. - CondorG Workload Manager LFC Inform. Service Computing Element Storage Element CE characts & status SE characts & status RB storage Input Sandbox files JDL waiting submitted Daemon responsible for accepting incoming requests WMS glite-wms-job-submit myjob.jdl

Enabling Grids for E-sciencE EGEE-III INFSO-RI Introduction to High Performance and Grid Computing 50 UI Network Daemon Job Contr. - CondorG Workload Manager LFC Inform. Service Computing Element Storage Element CE characts & status SE characts & status RB storage waiting submitted Job Status WM: responsible to take the appropriate actions to satisfy the request Job WMS

Enabling Grids for E-sciencE EGEE-III INFSO-RI Introduction to High Performance and Grid Computing 51 UI Network Daemon Job Contr. - CondorG Workload Manager LFC Inform. Service Computing Element Storage Element CE characts & status SE characts & status RB storage waiting submitted Match- Maker/ Broker Where this job can be executed ? WMS

Enabling Grids for E-sciencE EGEE-III INFSO-RI Introduction to High Performance and Grid Computing 52 UI Network Daemon Job Contr. - CondorG Workload Manager LFC Inform. Service Computing Element Storage Element CE characts & status SE characts & status RB storage waiting submitted Match- Maker/ Broker Matchmaker: responsible to find the “best” CE where to submit a job WMS

Enabling Grids for E-sciencE EGEE-III INFSO-RI Introduction to High Performance and Grid Computing 53 UI Network Daemon Job Contr. - CondorG Workload Manager LFC Inform. Service Computing Element Storage Element CE characts & status SE characts & status RB storage waiting submitted Match- Maker/ Broker Where is the needed InputData ? What is the status of the Grid ? WMS

Enabling Grids for E-sciencE EGEE-III INFSO-RI Introduction to High Performance and Grid Computing 54 UI Network Daemon Job Contr. - CondorG Workload Manager LFC Inform. Service Computing Element Storage Element CE characts & status SE characts & status RB storage waiting submitted Match- Maker/ Broker CE choice WMS

Enabling Grids for E-sciencE EGEE-III INFSO-RI Introduction to High Performance and Grid Computing 55 WMS UI Network Daemon Job Contr. - CondorG Workload Manager LFC Inform. Service Computing Element Storage Element CE characts & status SE characts & status RB storage waiting submitted Job Adapter JA: responsible for the final “touches” to the job before performing submission (e.g. creation of wrapper script, etc.)

Enabling Grids for E-sciencE EGEE-III INFSO-RI Introduction to High Performance and Grid Computing 56 UI Network Daemon Job Contr. - CondorG Workload Manager LFC Inform. Service Computing Element Storage Element CE characts & status SE characts & status RB storage JC: responsible for the actual job management operations (done via CondorG) Job submitted waiting ready WMS

Enabling Grids for E-sciencE EGEE-III INFSO-RI Introduction to High Performance and Grid Computing 57 WMS UI Network Daemon Job Contr. - CondorG Workload Manager LFC Inform. Service Computing Element Storage Element CE characts & status SE characts & status RB storage Job Input Sandbox files submitted waiting ready scheduled

Enabling Grids for E-sciencE EGEE-III INFSO-RI Introduction to High Performance and Grid Computing 58 UI Network Daemon Job Contr. - CondorG Workload Manager LFC Inform. Service Computing Element Storage Element RB storage Input Sandbox submitted waiting ready scheduled running “Grid enabled” data transfers/ accesses Job WMS

Enabling Grids for E-sciencE EGEE-III INFSO-RI Introduction to High Performance and Grid Computing 59 UI Network Daemon Job Contr. - CondorG Workload Manager LFC Inform. Service Computing Element Storage Element RB storage Output Sandbox files submitted waiting ready scheduled running done WMS

Enabling Grids for E-sciencE EGEE-III INFSO-RI Introduction to High Performance and Grid Computing 60 UI Network Daemon Job Contr. - CondorG Workload Manager LFC Inform. Service Computing Element Storage Element RB storage Output Sandbox submitted waiting ready scheduled running done glite-wms-get-output WMS

Enabling Grids for E-sciencE EGEE-III INFSO-RI Introduction to High Performance and Grid Computing 61 UI Network Daemon Job Contr. - CondorG Workload Manager LFC Inform. Service Computing Element Storage Element RB storage Output Sandbox files submitted waiting ready scheduled running done cleared WMS

Enabling Grids for E-sciencE EGEE-III INFSO-RI Introduction to High Performance and Grid Computing 62 UI Logging & Bookkeeping Network Daemon Job Contr. - CondorG Workload Manager Computing Element LB: receives and stores job events; processes corresponding job status Log of job events Job status glite-wms-job-status glite-wms-job-logging-info WMS LB proxy

Enabling Grids for E-sciencE EGEE-III INFSO-RI Other Grid services PX (MyProxy) FTS (File Transfer Service) LFC (Logical File Catalog) AMGA (ARDA Metadata Grid Application) Introduction to High Performance and Grid Computing 63