Presentation is loading. Please wait.

Presentation is loading. Please wait.

Www.egi.eu EGI-Engage is co-funded by the Horizon 2020 Framework Programme of the European Union under grant number 654142 STFC Daresbury Labs, Warrington,

Published byAdrian Woods Modified over 9 years ago

Similar presentations

Presentation on theme: "Www.egi.eu EGI-Engage is co-funded by the Horizon 2020 Framework Programme of the European Union under grant number 654142 STFC Daresbury Labs, Warrington,"— Presentation transcript:

1 www.egi.eu EGI-Engage is co-funded by the Horizon 2020 Framework Programme of the European Union under grant number 654142 STFC Daresbury Labs, Warrington, UK GOCDB A Site/Service Registry and CMDB david.meredith@stfc.ac.k

2 212/25/2015 https://wiki.egi.eu/wiki/GOCDB Insert footer here

3 312/25/2015 A Configuration Management Database (CMBD) for e-Infrastructures Portal+ REST API to register + manage domain objects in an e-Infrstr: – Projects, NGIs, Sites, Services/Endpoints/Types, ServiceGroups, Downtimes, Users, Roles, Contacts Static attributes, manual input + validation, mandatory/optional Multi-tenant (1 or more projects hosted in same instance) Comprehensive Role based permissions model Enforces a number of Business Rules and policies Extensible; add custom (Key=Value) pairs to domain objects Fine grained resource filtering/grouping using tagging Defines what resources should be present, rather than live/current status of services/infrstr Bootstraps other systems: Top BDII, Monitoring, Ops portal, Accounting, ACLs. GUI is legacy, could be modernised, but the backend Domain-Model is pretty solid/extensible. Insert footer here

4 412/25/2015 Domain Model Comparison Insert footer here GLUE2 (subset) GOCDB (subset) GOCDB (NGI)

5 512/25/2015 Projects/Sites/Services/ServiceGroups Insert footer here 5 EGI EUDAT EGI

6 612/25/2015 Group Management, Roles, Rules Insert footer here R Projects, NGIs, Sites + ServiceGroups self-manage their own users: –Users request Roles over objects –Users with existing roles Grant, Deny, Revoke requests Roles enable fine-grained Actions over objects Enforces a variety of business rules: ‘NGI’ or ‘Project’ level role needed to update the CertificationStatus of a child Site (e.g. suspend site) Prevents sites self-certifying Many others…

7 712/25/2015 Insert footer here Resource Grouping With Scope Tags Insert footer here 1.Resource owners tag their NGIs, Sites, Services, ServiceGroups with one or more scope tags 2.Tags used to define resource categories/groups without duplicating Single resource can be tagged multiple times Maintains integrity of information across different groups, projects, etc… 3.E.g. EGI filters resources to include only ‘EGI’ tagged resources, new tags can be added as required Service AService B Scope Tags Filter using ‘scope’ and ‘scope_match’ (Portal+API) EGI TEST CLIP

8 812/25/2015 Extension Properties: Add Custom (Key=Value) Pairs to NGIs, Sites, Services, Endpoints, ServiceGroups Insert footer here Sample Glue attributes as extension properties on a ServiceEndpoint Sample Glue attributes as extension properties on a Service

9 912/25/2015 REST style API to Query in XML Insert footer here.... 9 Queries are filtered using URL parameters Proprietary XML Similar to GLUE2 XML: flat rather than deeply nested XML docs Could render same data in GLUE2 XML/JSON Extensions follow GLUE2 XML API is read only Also published on failover server (goc.dl.ac.uk, sync’d hourly)

10 1012/25/2015 Current Roadmap Insert footer here Federated Identity Access (SAML/Shib/IdP) – Alternative to x509 to authenticate users – Done; testing underway on gocdb-test Improve Role Model for multi-tenant – Projects hosted in same instance can define different Roles/rules per-project – Done; testing to start soon Enhance the Change Logging (EUDAT) – Record every role request, denial, acceptance, revocation, deletion (Done, released v5.4) – Record every change to a domain object (who did what, when, pre-post diff). TODO Coming soon: v5.5

11 1112/25/2015 Future Roadmap (under review) To Consider: Move GOCDB into the InfoSys space? Insert footer here

12 1212/25/2015 1.Extend GOC’s data model for InfoSys 1.Add new attributes to existing objects (~trivial) 2.Add new object types to domain model e.g. GLUE2 Share (~doable) 3.Render GOC’s data in GLUE2 XML/JSON (~doable) 2.Browse/upload (key=value).properties file for adding/updating a bulk of attributes defined on a Site, Service, Endpoint (approved) 1.EUDAT: publish K=V template files for their community (or upload xml/json?) 2.Approved, see RT: https://rt.egi.eu/rt/Ticket/Display.html?id=9427https://rt.egi.eu/rt/Ticket/Display.html?id=9427 3.A REST service to POST.props files / CRUD operations (~doable) – Would enable client-scripting for adding/updating dynamic attributes – Impt: Could use existing Role/Authentication model 1.Existing user registers a new GOCDB account using a host cert 2.Use the host cert to request Roles over target sites/services 3.Existing user grants role requests 4.Use host cert to authenticate the script on HTTP POST/PUT 5.This account can be self-managed as normal; revoke roles, delete… Insert footer here one time Candidate Items/ Future Roadmap

13 1312/25/2015 Summary Now: GOCDB currently supports static attributes + manual input/editing Role based permissions model enforces a range of business rules/policy Records what resources should be available, e.g. for bootstrapping BDIIs Data model is extensible via custom (Key=Val) pairs Future: Consider moving GOCDB more into the InfoSys space ? Addition of a REST services for CRUD + dynamic attributes has been discussed in the past, but was not explored further… Time to re-consider? – Happy to record new RT if requested by TF – Would need some further-investigation, load-testing etc.. Misc/FYI EUDAT funded new dev on 6mth project + EGI-Engage funding confirmed I’ll be away for next 2 weeks, but will re-engage after hols Insert footer here

14 1412/25/2015 Extra slides Insert footer here

15 1512/25/2015 Resource Filtering using Scope-Tags + Custom Extension Properties Insert footer here Filtering by scope Tags in API get_site&scope=EGI,CLIP&scope_match=any|all Filtering by custom Extension Properties (Key=value) pairs in API get_service&extensions=(VO=)AND(VO2=bar) NOT(V04=) 1.Resources can be tagged using one or more Scope Tags 2.Allows filtering in Portal and API 3.Used to declare project affiliations + resource grouping/categories 4.No duplication of information Filter using a combination of scope tags and custom properties

Download ppt "Www.egi.eu EGI-Engage is co-funded by the Horizon 2020 Framework Programme of the European Union under grant number 654142 STFC Daresbury Labs, Warrington,"

Similar presentations

Service Manager for MSPs

Service Manager for MSPs
Copyright B. Wilkinson, 2008. This material is the property of Professor Barry Wilkinson (UNC-Charlotte) and is for the sole and exclusive use of the students.

Copyright B. Wilkinson, This material is the property of Professor Barry Wilkinson (UNC-Charlotte) and is for the sole and exclusive use of the students.
7.1 © 2004 Pearson Education, Inc. Exam 70-290 Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 7: Introducing Group Accounts.

7.1 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 7: Introducing Group Accounts.
Lecture slides prepared for “Computer Security: Principles and Practice”, 2/e, by William Stallings and Lawrie Brown, Chapter 4 “Overview”.

Lecture slides prepared for “Computer Security: Principles and Practice”, 2/e, by William Stallings and Lawrie Brown, Chapter 4 “Overview”.
FHIRFarm – How to build a FHIR Server Farm (quickly)

FHIRFarm – How to build a FHIR Server Farm (quickly)
©2011 Quest Software, Inc. All rights reserved. Steve Walch, Senior Product Manager Blog: November, 2011 Partner Training Webcast.

©2011 Quest Software, Inc. All rights reserved. Steve Walch, Senior Product Manager Blog: November, 2011 Partner Training Webcast.
Shibboleth: New Functionality in Version 1 Steve Carmody July 9, 2003 Steve Carmody July 9, 2003.

Shibboleth: New Functionality in Version 1 Steve Carmody July 9, 2003 Steve Carmody July 9, 2003.
Login Screen This is the Sign In page for the Dashboard New User Registration Enter Id and Password to sign In.

Login Screen This is the Sign In page for the Dashboard New User Registration Enter Id and Password to sign In.
Global Customer Partnership Council Forum | 2008 | November 18 1IBM - GCPC MeetingIBM - GCPC Meeting IBM Lotus® Sametime® Meeting Server Deployment and.

Global Customer Partnership Council Forum | 2008 | November 18 1IBM - GCPC MeetingIBM - GCPC Meeting IBM Lotus® Sametime® Meeting Server Deployment and.
Tweaking the Certificate Lifecycle for the UK eScience CA John Kewley NGS Support Centre Manager & Service Manager for the UK e-Science CA

Tweaking the Certificate Lifecycle for the UK eScience CA John Kewley NGS Support Centre Manager & Service Manager for the UK e-Science CA
Integrating and managing your Engaging Networks data Top ten data features.

Integrating and managing your Engaging Networks data Top ten data features.
Www.egi.eu EGI-InSPIRE RI-261323 EGI-InSPIRE www.egi.eu EGI-InSPIRE RI-261323 EG recent developments T. Ferrari/EGI.eu ADC Weekly Meeting 15/05/2012 1.

EGI-InSPIRE RI EGI-InSPIRE EGI-InSPIRE RI EG recent developments T. Ferrari/EGI.eu ADC Weekly Meeting 15/05/
CSU - DCE 0735 - Internet Security... Privacy Overview - Fort Collins, CO Copyright © XTR Systems, LLC Setting Up & Using a Site Security Policy Instructor:

CSU - DCE Internet Security... Privacy Overview - Fort Collins, CO Copyright © XTR Systems, LLC Setting Up & Using a Site Security Policy Instructor:
Introduction to SEQUEL. What is SEQUEL? Acronym for Structural English Query Language Acronym for Structural English Query Language Standard language.

Introduction to SEQUEL. What is SEQUEL? Acronym for Structural English Query Language Acronym for Structural English Query Language Standard language.
1 Schema Registries Steven Hughes, Lou Reich, Dan Crichton NASA 21 October 2015.

1 Schema Registries Steven Hughes, Lou Reich, Dan Crichton NASA 21 October 2015.
Module 10 Administering and Configuring SharePoint Search.

Module 10 Administering and Configuring SharePoint Search.
EGEE-II INFSO-RI-031688 Enabling Grids for E-sciencE www.eu-egee.org EGEE and gLite are registered trademarks R-GMA Now With Added Authorization Steve.

EGEE-II INFSO-RI Enabling Grids for E-sciencE EGEE and gLite are registered trademarks R-GMA Now With Added Authorization Steve.
Www.egi.euEGI-InSPIRE RI-261323 www.egi.eu EGI-InSPIRE RI-261323 EGI Future activities Peter Solagna – EGI.eu.

RI EGI-InSPIRE RI EGI Future activities Peter Solagna – EGI.eu.
37 Copyright © 2007, Oracle. All rights reserved. Module 37: Executing Workflow Processes Siebel 8.0 Essentials.

37 Copyright © 2007, Oracle. All rights reserved. Module 37: Executing Workflow Processes Siebel 8.0 Essentials.
Www.egi.eu EGI-InSPIRE RI-261323 EGI-InSPIRE www.egi.eu EGI-InSPIRE RI-261323 (Present and) Future of the EGI Services for WLCG Peter Solagna – EGI.eu.

EGI-InSPIRE RI EGI-InSPIRE EGI-InSPIRE RI (Present and) Future of the EGI Services for WLCG Peter Solagna – EGI.eu.

Similar presentations

Ads by Google