Download presentation
Presentation is loading. Please wait.
Published byKaren Casey Modified over 8 years ago
1
GOCDB Status / Roadmap david.meredith@stfc.ac.uk Daresbury Labs, Warrington (nr Liverpool)
2
GOCDB Status Lots of recent change (EGI/EMI/v4/RT) = Heavy GGUS traffic; responding to user issues has been timely, especially in first few weeks (expected after major release v4 – slowing now). John Casson back at 50%. Many instances where user permissions not properly propagated between v3 + v4 (users with political roles do not have corresponding technical roles). Varied fire-fighting / admin – usually requires manual interaction with the DB (PL/SQL). Decommissioned a number of ROCs and moved sites to newly created NGIs (e.g SW Europe, NW Europe). Lots of more simple bug fixes (largely RexEx refinements / validation).
3
Bug and Task lists have grown (normal after major release). 18 Recorded bugs https://savannah.cern.ch/bugs/?group=gocdbhttps://savannah.cern.ch/bugs/?group=gocdb 30 Savannah tasks / dev requests https://savannah.cern.ch/task/?group=gocdbhttps://savannah.cern.ch/task/?group=gocdb 13 Savannah Support tasks https://savannah.cern.ch/support/?group=gocdbhttps://savannah.cern.ch/support/?group=gocdb 15 RT tasks / dev requests in requirements queue All require merging in RT Servers recently updated to support secure SSLReneogotiation (an important security vulnerability with the SSL protocol – MiM attacks). Most browsers now support (RFC 5746); Firefox, IE, Chrome, and Opera (Safari not yet). Currently running with httpd ‘SSLInsecureRenegotiation on’ until consuming services are patched/updated (temporary). A number of hardware failures affecting the Oracle cluster. Plans to move to more resilient hardware, and from Oracle 11.1.7 to 11.2. DNS updated (goc.egi.eu), Wiki moved. GOCDB Status
4
Next TODOs / Priorities Re-establish failover (e.g. at Fraunhofer Institute which is switched with DNS). Probably use Oracle streams. Resurrected ‘gocdb-failover@jismail’ Review/prioritise list of dev requests and tasks - have started merging Savannah and RT tickets this week but some permission issues (today). Service endpoint URLs and GLUE2 service type naming (today). Work through bug list and dev request lists. Other: Unit and Integration test suite (vital for understanding/confidence in code), review Oracle PL/SQL PROM API, improve inline phpDoc
5
Key RT Requirements Tickets #931 – New roles in GOCDB and renaming of existing roles GM added Chief Operations Officer (COO – Political Role only) but does not yet have permissions over all regions / NGIs (would have synchronization implications for regionalizing the infrastructure). Merge ‘Regional Staff’ + ‘Regional Front Line Supporter’ into ‘Regional Ops Staff’ Repercussions on other tools ? #939 – Requirement for Certification Status history (p3) Will require new timestamp's and audit/history table(s) to record these changes and corresponding PI methods (maybe GUI support too?). Currently don’t record who did the change (required). Data exists (nothing is deleted). But Not trivial to add queries and PI support. #940 – Site status transitions (p only 3 effective roles – Proj/Reg/Site (finer grained permissions don’t exist…..are they required? Seems so) Need to enforce rules about which site status transitions are allowed (and by whom) in the site certification procedure, e.g. examples of disallowed transitions: Closed –> Any Suspended –> Certified (only allowable by Regional Manager) Candidate –> Certified Candidate –> Suspended
6
#941 – Enhance Browsing Functionality #971 Customize views Filter views - browse sites/services by country, browse all beta services..) #972 All entries displayed #943 – Mask Site from entire EGI community / Regionalization (need a clear view which does not exist yet - to discuss in jra1) Require a way to restrict the visibility? of sites at the EGI level – requires partitioning of data into REG/EGI/GROUP (new groupings in gocdb). Could we just install a regional GOCDB? (does not seem to answer req) Related to regional model and synchronization (e.g. ticket # 931). # 945 - New Early Adopter downtime type Rely on ‘Beta’ Service flag (t/f). or Create a new EA group to identify those EA sites (no). # 973 - Declare downtimes on VOs / list which VOs are supported by particular services GOCDB does not store VO info (yet). Probably need to retrieve EGI VOs from Ops Portal WS to keep VO info up to date/valid. Related. OK
7
# 979 – Extensions for decommissioned ROCs/NGIs Query decommissioned ROCs in PI/GUI. New requirement to query history of NGI associations (history data already exists, new PI method(s) with date IN parameters) #987 – Handling virtual sites (Virtual Service Groups) Requirement: Availability stats for virtual or logical groupings of services: i.e. all WMS within a region, all ops tools and so on… The term ‘Virtual sites’ is misleading…rather ‘Service Groups’ (new object type/tables/pre-populate group/GUI update/PI update). # 944 – GOCDB Service Type Definitions / GLUE2.0 #720 – Collect the GLUE2.0 compatible service-type names from MW providers #975 - Record Service Endpoint URL for new services (e.g. Unicore) Next...
8
RT#944 Service Type Definitions (New GOCDB Service Types, e.g. for Globus and UNICORE) Proposal to unify the service types used in GOCDB with GLUE2.0. GOCDB currently defines proprietary names for service types. https://wiki.egi.eu/wiki/GOCDB_Input_System_User_Documentation#Service_Endpoints
9
GLUE2 Service_t (Open Enum)GOCDB org.teragrid gridftpglobus-GRIDFTP org.teragrid.prewsgramGRAM5 org.teragrid.gsi-opensshglobus-GSISSHD org.teragrid.ws-gram? org.teragrid.ws-delegation? org.teragrid.rft TeraGrid? org.teragrid.condor-g? org.teragrid.globus-mds4? org.teragrid.srb TeraGrid? org.glite.lb gLiteLB org.glite.fts gLiteFTS org.glite.wms gLiteWMS ?gLite-APEL ?UI ?UNICOREX unicore6.Gatewayunicore-gateway unicore6.Registryunicore-registry … GLUE2 recommends a reverse-DNS NS syntax: ‘Domain.ServiceType’ NS MAY be related to middleware, organization etc. GOCDB is not GLUE2 compliant, but probably a good idea to adopt the same enum values. Repercussions: 1.Adopting new naming scheme for new service types (few). 2.Renaming existing service types (lots?). EGI Service Registry: https://twiki.cern.ch/twiki/bin/view/EMI/EMIRegistry https://twiki.cern.ch/twiki/bin/view/EMI/EMIRegistry Still in design phase (as of Dec 2010). EMIRegistry will endorse GLUE2.0. Planning to extend the list of ‘Service_t’ for EMI services (nothing formalized yet). Service Type Definitions
10
Capability_t Enum data.access.flatfiles data.access.relational data.access.xml data.management.replica data.management.storage data.management.transfer data.naming.resolver executionmanagement.jobdescription executionmanagement.jobexecution executionmanagement.jobmanager executionmanagement.reservation information.discovery information.logging information.model information.monitoring information.provenance security.accounting security.authentication security.authorization security.credentialstorage …more not shown… Prior discussions around pre-appending the GOCDB Service Type value with a generic ‘functionality’ flag (RT #300); Service_t = ‘ - ’ e.g. CE-glite-WMS, CE-globus-GRAM5 The discussed Functionality flag corresponds to the ‘Capability_t’ open enum as defined by GLUE2. Values originally defined by OGSA (OGF-GFD80 http://www.ogf.org/documents/GFD.80.pdf ). http://www.ogf.org/documents/GFD.80.pdf Rather than pre-appending Service_t with Capability_t, better to define a bag/collection of capabilities (a single service can have >1capability, more inline with GLUE2 which defines ‘1-to-*’ card). EMIRegistry: Currently under discussion whether to include the Capability_t attributes. If they do, they will probably extend the attribute list if necessary. Service Capability
11
Complete definition of the GLUE2.0 ‘Service_t’ matrix. For each GOCDB Service Endpoint object: Define new service types using the (EGI/EMI) ‘Service_t’ enum list. Re-name existing GOCDB service types if not too many repercussions? Q: Add new ‘Capabilities’ property bag/collection for each service ? Service Type + Capability – Summary
12
(Reliable) Service Discovery Service registries can’t always be relied upon; often populated dynamically, if the service fails, the registry will not be updated - bootstrap problem (LF, KB). GOCDB required to statically record what should be available in the registry (definitive source for monitoring). To do this for container based services, the URL is required (next). URL Service Locations Container based services: Multiple instances of the same service type can be hosted on a single box. URLs distinguish between those instances (without the URL, those services cannot be distinguished – not enough to just to use hostname:port, KB). Example for Unicore-X; https://host:8443/services/TargetSystemFactoryService?res=default_target_syste m_factory https://host:8443/services/TargetSystemFactoryService?res=other_target_system _factory Q: Should GOCDB record endpoint service URLs ? – GOCDB is not a service registry like a LDAP/BDII with a GLUE2.0 schema, but…. #975: New Service Endpoint URL field for new services (UNICORE)
13
Site ServiceEndpoint Downtime Name Domain… Hostname Service_t Host IP Host DN… AdminDomain Service 1 Service_t *Capability_t Endpoint 1 URL * WSDL Downtime GOCDBGLUE2.0 2 Possible Impls for GOCDB: 1) Add new Endpoint entity with same 1-to-* card 2) Add (1) URL field for SE and repeat SE to represent different URLs
Similar presentations
© 2025 SlidePlayer.com. Inc.
All rights reserved.