Presentation is loading. Please wait.

Presentation is loading. Please wait.

John Gordon, STFC-RAL GDB 10 October 2007

Published byLisa Kennedy Modified over 6 years ago

Similar presentations

Presentation on theme: "John Gordon, STFC-RAL GDB 10 October 2007"— Presentation transcript:

1 John Gordon, STFC-RAL GDB meeting @CERN, 10 October 2007
Pilot Jobs + glexec John Gordon, STFC-RAL GDB 10 October 2007

2 Pilot Jobs We spend a lot of time discussing glexec
But do not forget that the real user requirement is for Pilot Jobs glexec is a way to meet the sites requirements for identifying the user who runs the payload. If sites have further reservations about pilot jobs apart from glexec then they should raise them now, as glexec will be a waste of time if it does not permit pilot jobs

3 Pilot Jobs Policy See Dave Kelsey's talk today

4 David Groep gave two presentations at CHEP describing the technical background.

5 Pilot Jobs and gLExec On success: the site will set the uid/gid to the new user’s job On failure: glexec will return with an error, and pilot job can terminate or obtain other user’s job

6 History Pilot jobs were designed to deliver workload to sites which are known to work for a VO and to bypass delays in job submission. Pilot jibs which pull in jobs from a variety of users break the current Acceptable Use Policy in EGEE/WLCG/OSG(?) Some sites are content that identity change is auditable and that information is available to trace the owner of a job. Some sites insist that the identity of running processes must be transparent to the site. Glexec was developed at NIKHEF as an acceptable, auditable and secure way to change the identity under which a job runs. It can run in three modes Do nothing, Log identity change, change identity of job If glexec is installed in one of these modes at every site then pilot jobs can be set to use it.

7 Status Experiments were asked at a recent GDB what they will do if they cannot use pilot jobs at particular sites. ATLAS, CMS, Alice said they could live with it. LHCb said it was a showstopper Sites have a suspicion that VOs will run (are running?) Pilot Jobs anyway. Some sites have listed their concerns/objections to glexec. TCG permission is required to add glexec to glite release If this is done without consensus then it will not be deployed everywhere and VOs will not be able to rely on it.

8 Example Site Requirements
The UK(I) does not accept glexec in its present state and will not recommend its deployment. Before we will reconsider its deployment we require to see: a satisfactory code inspection wrt security. an AUP with VOs agreed in principle by sites (in general through GDB) and all 4 LHC VOs. a satisfactory analysis of the effect on the supported batch systems and accounting of identity changes. glexec should be simple and safe to configure. Simple so that all sysadmins can understand what they are doing and safe so that misconfigurations do not inadvertently lead to security exposures. The three flavours of glexec should exist as separate binaries and not as one with a configuration switch. Each of these should satisfy all package dependencies. e.g., dependencies should express some requirement for an abstract "glexec" property, which is satisfied by "glexec-null" or "glexec-suid" etc.

9 Recent Developments Lots of discussions at CHEP07 and EGEE07
Sites are gaining confidence I have heard several say they may be prepared to run it now Perhaps not in identity switch mode. David has been generous with his time to answer queries and discuss issues.

10 Remaining Issues LCAS/LCMAPS on each worker node does not scale
Library version now ready.

11 What Now? Are we ready to recommend to TCG that this be given a deployment priority Pass to SA3 for certification PPS Production Get Pilot Jobs Policy approved How long will this take?

Download ppt "John Gordon, STFC-RAL GDB 10 October 2007"

Similar presentations

Oxford Jan 2005 RAL Computing 1 RAL Computing Implementing the computing model: SAM and the Grid Nick West.

Oxford Jan 2005 RAL Computing 1 RAL Computing Implementing the computing model: SAM and the Grid Nick West.
SSC2 and Update on Multi-user Pilot Jobs Framework Mingchao Ma, STFC – RAL HEPSysMan Meeting 20/06/2008.

SSC2 and Update on Multi-user Pilot Jobs Framework Mingchao Ma, STFC – RAL HEPSysMan Meeting 20/06/2008.
John Gordon CCLRC RAL Grid Operations Centre Update Trevor Daniels LCG Grid Deployment Board 10 th November 2003.

John Gordon CCLRC RAL Grid Operations Centre Update Trevor Daniels LCG Grid Deployment Board 10 th November 2003.
8-Jul-03D.P.Kelsey, LCG-GDB-Security1 LCG/GDB Security (Report from the LCG Security Group) RAL, 8 July 2003 David Kelsey CCLRC/RAL, UK

8-Jul-03D.P.Kelsey, LCG-GDB-Security1 LCG/GDB Security (Report from the LCG Security Group) RAL, 8 July 2003 David Kelsey CCLRC/RAL, UK
GLite – An Outsider’s View Stephen Burke RAL. January 31 st 2005gLite overview Introduction A personal view of the current situation –Asked to be provocative!

GLite – An Outsider’s View Stephen Burke RAL. January 31 st 2005gLite overview Introduction A personal view of the current situation –Asked to be provocative!
Pilot Jobs John Gordon Management Board 23/10/2007.

Pilot Jobs John Gordon Management Board 23/10/2007.
Www.egi.eu EGI-InSPIRE RI-261323 EGI-InSPIRE www.egi.eu EGI-InSPIRE RI-261323 Direct gLExec integration with PanDA Fernando H. Barreiro Megino CERN IT-ES-VOS.

EGI-InSPIRE RI EGI-InSPIRE EGI-InSPIRE RI Direct gLExec integration with PanDA Fernando H. Barreiro Megino CERN IT-ES-VOS.
LCG Pilot Jobs + glexec John Gordon, STFC-RAL GDB 7 November 2007.

LCG Pilot Jobs + glexec John Gordon, STFC-RAL GDB 7 November 2007.
Glexec, SCAS & CREAM. Milestones CREAM-CE capable of large-scale direct job submission Glexec & SCAS capable of large-scale use on WN in logging only.

Glexec, SCAS & CREAM. Milestones CREAM-CE capable of large-scale direct job submission Glexec & SCAS capable of large-scale use on WN in logging only.
US LHC OSG Technology Roadmap May 4-5th, 2005 Welcome. Thank you to Deirdre for the arrangements.

US LHC OSG Technology Roadmap May 4-5th, 2005 Welcome. Thank you to Deirdre for the arrangements.
A PanDA Backend for the Ganga Analysis Interface J. Elmsheuser 1, D. Liko 2, T. Maeno 3, P. Nilsson 4, D.C. Vanderster 5, T. Wenaus 3, R. Walker 1 1: Ludwig-Maximilians-Universität.

A PanDA Backend for the Ganga Analysis Interface J. Elmsheuser 1, D. Liko 2, T. Maeno 3, P. Nilsson 4, D.C. Vanderster 5, T. Wenaus 3, R. Walker 1 1: Ludwig-Maximilians-Universität.
LCG Introduction John Gordon, STFC GDB September 14 th 2011.

LCG Introduction John Gordon, STFC GDB September 14 th 2011.
Accounting Update John Gordon and Stuart Pullinger January 2014 GDB.

Accounting Update John Gordon and Stuart Pullinger January 2014 GDB.
EGEE-II INFSO-RI-031688 Enabling Grids for E-sciencE www.eu-egee.org EGEE and gLite are registered trademarks New Authorization Service Christoph Witzig,

EGEE-II INFSO-RI Enabling Grids for E-sciencE EGEE and gLite are registered trademarks New Authorization Service Christoph Witzig,
LCG Report from GDB John Gordon, STFC-RAL MB meeting February24 th, 2009.

LCG Report from GDB John Gordon, STFC-RAL MB meeting February24 th, 2009.
OSG Site Admin Workshop - Mar 2008Using gLExec to improve security1 OSG Site Administrators Workshop Using gLExec to improve security of Grid jobs by Alain.

OSG Site Admin Workshop - Mar 2008Using gLExec to improve security1 OSG Site Administrators Workshop Using gLExec to improve security of Grid jobs by Alain.
LCG Support for Pilot Jobs John Gordon, STFC GDB December 2 nd 2009.

LCG Support for Pilot Jobs John Gordon, STFC GDB December 2 nd 2009.
Workload management, virtualisation, clouds & multicore Andrew Lahiff.

Workload management, virtualisation, clouds & multicore Andrew Lahiff.
LCG Pilot Jobs and glexec John Gordon.

LCG Pilot Jobs and glexec John Gordon.
DIRAC Pilot Jobs A. Casajus, R. Graciani, A. Tsaregorodtsev for the LHCb DIRAC team Pilot Framework and the DIRAC WMS DIRAC Workload Management System.

DIRAC Pilot Jobs A. Casajus, R. Graciani, A. Tsaregorodtsev for the LHCb DIRAC team Pilot Framework and the DIRAC WMS DIRAC Workload Management System.

Similar presentations

Ads by Google