12th September 2007UK e-Science All Hands Meeting1 John Kewley Grid Technology Group e-Science Centre STFC Daresbury Laboratory [email protected] GROWL.

12th September 2007 UK e-Science All Hands Meeting 1

John KewleyGrid Technology Group

e-Science CentreSTFC Daresbury Laboratory

[email protected]

GROWL Scripts: Lightweight Access to Grid

Resources


GROWLCollaborative project between CCLRC (now STFC) Daresbury Laboratory and the Universities of Cambridge and Lancaster, funded by the JISC VRE programme.

Project Objectives: to produce a lightweight client-side Grid connection toolkit.

Project completed January 2007


GROWLGROWL addresses the three barriers that newcomers find when using the Grid for the first time:

1. Setting up the client-side middleware2. Handling of certificates3. Job submission in the presence of firewalls

This talk looks at GROWL Scripts, GROWL Web Services takes a different approach


• Typically need to be root to install (according to documentation)

• Software must be downloaded from various locations

• There are many choices for type of installation (too many options?)

Client Middleware: Problems


InstallationGROWL scripts provide an alternative way of

installing Grid middleware on your client Linux machine to that given on the NGS website:

Advantages:• Don't need to be a privileged user• Will download client middleware packages for

your system (assuming it is supported)• Minimal setup/configuration• About 10–15 mins (if all goes well !)


The Virtual Data Toolkit (VDT) is an easy to install and configure ensemble of grid middlewarehttp://vdt.cs.wisc.edu

GROWL Scripts installs the pre-WS globus client from VDT, as well as gsi-enabled openssl and the best known (IGTF accredited) CA certificates.


1. Download GROWL Scripts$ cd$ wget http://www.growl.org.uk/Growl.tar.gz

2. Install into home directory$ tar -zxvf Growl.tar.gz

3. Build VDT client (a software distribution that includes globus)$ cd Growl; make VDT

Before using any GROWL Scripts, bash users shouldsource ~/Growl/setup.sh

while csh users shouldsource ~/Growl/setup.csh

Installing Grid Client using GROWL


Certificate helper scripts– mk-cert– growl-info, growl-login, growl-logout

VDT client installation of globus and MyProxy– grid-proxy-init, grid-proxy-info– globus-job-submit, globus-job-run– gsissh, gsiscp, openssl– myproxy-init, myproxy-info, myproxy-logon

GROWL wrapper scripts– growl-submit, growl-status, growl-get-output,– growl-sh, growl-cp, growl-mkdir, growl-rm, growl-mv,– growl-pwd, growl-which, growl-get-jobmanager, growl-queue

GROWL Scripts: Contents


Hard to remember openssl commands are wrapped for you

– Fewer passwords need to be entered– Correct file and directory permissions are applied

Certificate Manipulation


mk-cert$ openssl pkcs12 –in mykey.p12 \ -clcerts –nokeys -out usercert.pem <Pass1>

$ openssl pkcs12 –in mykey.p12 \ –nocerts -out userkey.pem <Pass1> <Pass2> <Pass2> [confirm]

$ chmod 444 usercert.pem$ chmod 400 userkey.pem

$ mv userkey.pem ~/.globus$ mv usercert.pem ~/.globus$ chmod 700 ~/.globus

$ mk-cert mykey.p12 <Pass1> [<Pass2>]


growl-loginIf you need to upload your certificate to MyProxy and

generate a local proxy, growl-login is provided:

$ grid-proxy-init... <grid-password>

$ myproxy-initYour identity: /C=UK/O=eScience/OU=CLRC/L=DL/CN=john kewleyEnter GRID pass phrase for this identity: <grid-password>...Enter MyProxy pass phrase: <myproxy-pass>Verifying - Enter MyProxy pass phrase: <myproxy-pass>

$ growl-loginPassword to protect MyProxy credential: <myproxy-pass>Enter GRID pass phrase for this id: <grid-password>


growl-infoA wrapper for grid-cert-info, grid-proxy-info and myproxy-info$ growl-infoCertificate Information (including validity)--------------------------------------------subject= /C=UK/O=eScience/OU=CLRC/L=DL/CN=john kewleynotBefore=Jun 15 16:10:35 2006 GMTnotAfter=Jun 15 16:10:35 2007 GMT

Local proxy certificate(s)--------------------------subject : /C=UK/O=eScience/OU=CLRC/L=DL/CN=john kewleyissuer : /C=UK/O=eScience/OU=CLRC/L=DL/CN=john kewleyidentity : /C=UK/O=eScience/OU=CLRC/L=DL/CN=john kewleytype : Proxy draft (pre-RFC) compliant impersonation proxystrength : 512 bitspath : /tmp/x509up_u13445timeleft : 11:57:19


GROWL job submissionHelp with transparency - user shouldn't really need to know

– Machine's jobmanager– Home directory location– Location in your path of executable

Firewall problems minimised


Running a grid job (1)

$ growl-submit dl1.nw-grid.ac.uk hostnamehttps://dl1.nw-grid.ac.uk:64010/792/116475/

$ growl-status https://dl1.nw-grid.ac.uk:64010/792/116475/PENDING

$ growl-status https://dl1.nw-grid.ac.uk:64010/792/116475/DONE

$ growl-get-output https://dl1.nw-grid.ac.uk:64010/792/116475/comp023.nw-grid.ac.uk

$ growl-submit -c dl1.nw-grid.ac.uk hostname

$ growl-statusPENDING

$ growl-statusDONE

$ growl-get-outputcomp021.nw-grid.ac.uk


Globus + FirewallsClient Grid Resource

globus-job-submit

Results

gsiscp

jobmanager

sshdgsissh /GSI-SSHTerm

globus-job-get_result


GROWL + FirewallsClient Grid Resource

growl-submit

jobmanager

sshd

globus-job-get-outputgrowl-get-output (using gsissh)


growl-submit:• uses growl-get-jobmanager to obtain default

parallel queue, rather than defaulting to jobmanager-fork

• uses growl-which to get full path of executable, ensuring it is in your path

growl-get-output:• uses gsissh to do remote retrieval, avoiding

client firewall problem

Advantages


Equivalents of many of the standard unix command tools are provided for remote filestore manipulation.

growl-ls : contents of directorygrowl-mkdir : (sub)directory creationgrowl-rm : file removalgrowl-mv : renaming/moving filesgrowl-which : finds executable in your pathgrowl-pwd : prints your home directory on the grid resourcegrowl-sh : gsissh wrapper (using default ports)growl-cp : remote file copying, including "3rd party"

An additional parameter (the grid resource) is required

Remote filestore manipulation


growl-cp can be used to stage and retrieve files. The syntax follows that of scp. It can also be used for "3rd party" file transfers

For 3rd party transfers to work, there has to be a route through all firewalls between the 2 remote resources in one direction or the other

$ growl-cp my_input_file.txt dl1.nw-grid.ac.uk:.

$ growl-cp dl1.nw-grid.ac.uk:my_output.txt .

$ growl-cp lv1.nw-grid.ac.uk:my_file.txt dl1.nw-grid.ac.uk:.

Remote file copying using growl-cp


growl-cp (1)Client Grid Resources

B

A



B

A



B

A


1. Easy way to build VDT2. As above + certificate scripts3. As above + use of job submission features

Usage patterns


1. Scripting help for a simplistic DIY meta-scheduler2. Use of Java CoG-kit + GSI-SSHTERM on Windows

Current/future work


Summary1. Useful as an easy way to build VDT2. Simpler job submission:

– less need be known about Grid resources– less firewall pain for retrieving data

3. Firewall-aware 3rd party file copying

http://www.growl.org.uk/

12th September 2007UK e-Science All Hands Meeting1 John Kewley Grid Technology Group e-Science Centre STFC Daresbury Laboratory [email protected] GROWL.

Documents