─юъєьхэЄ тч Є шч ъ¤°р яюшёъютющ ьр°шэ√. └фЁхё юЁшушэры№эюую фюъєьхэЄр : http://acat02.sinp.msu.ru/presentations/GGtut/Dev-08-Information1.pdf
─рЄр шчьхэхэш : Sat Jul 6 22:29:40 2002
─рЄр шэфхъёшЁютрэш : Mon Oct 1 20:33:35 2012
╩юфшЁютър:

Grid Information Service (Meta-Directory Service 2)
Globus ToolkitTM Developer Tutorial The Globus ProjectTM
Argonne National Laboratory USC Information Sciences Institute http://www.globus.org/
Copyright (c) 2002 University of Chicago and The University of Southern California. All Rights Reserved. This presentation is licensed for use under the terms of the Globus Toolkit Public License. See http://www.globus.org/toolkit/download/license.html for the full text of this license.

Section Overview
l l l l

MDS review Information model Client tools and APIs Configuring servers and adding service providers

March 25, 2002

Globus ToolkitTM Developer Tutorial: MDS-2

2

Globus MDS Review
l

Meta Directory Service (MDS)
н Globus Toolkit implementation of a Grid Info Service

l

System information is critical to operation of the grid and construction of applications A basis for configuration and adaptation in heterogeneous, dynamic environments Requirements and characteristics
н Uniform, flexible access to information н Scalable, efficient access to dynamic data н Access to multiple information sources н Decentralized maintenance

l

l

March 25, 2002

Globus ToolkitTM Developer Tutorial: MDS-2

3

"Classic" MDS Architecture (MDS-1)
l

Resources push information into a central organization server via regular updates (globus-gram-reporter), where it can be retrieved by clients. Regular updates don't scale as the number of resources grow rapidly. Commercial LDAP servers are optimized for "read" requests, and can't handle frequent "write" requests. If organization server is unavailable, no information is available.
clients query organization server for current information. LDAP Organization Server
Directory contains info from A and B gram-reporter

l

l

Client 1 Client 2 Client 3

Resource A
gram-reporters periodically update LDAP server's information.
gram-reporter

Resource B
Globus ToolkitTM Developer Tutorial: MDS-2 4

March 25, 2002

"Standard" MDS Architecture (MDS-2)
l

Resources run a standard information service (GRIS) which speaks LDAP and provides information about the resource (no searching). GIIS provides a "caching" service much like a web search engine. Resources register with GIIS and GIIS pulls information from them when requested by a client and the cache as expired. GIIS provides the collective-level indexing/searching function. Client 1
Clients 1 and 2 request info directly from resources.

l

l

Resource A
GRIS

Resource B
GRIS

Client 2
Client 3 uses GIIS for searching collective information.

GIIS requests information from GRIS services as needed.

Client 3

GIIS
Cache contains info from A and B 5

March 25, 2002

Globus ToolkitTM Developer Tutorial: MDS-2

MDS-2 Service Architecture
?
discovery (GRIP?) lookup (GRIP) registration (GRRP) VO-specific Aggregate Directories

A

A

R
l l

R

R

R

standard Resource Description services

Dynamic Registration via Reg. Protocol (GRRP) Resource Inquiry via Info. Protocol (GRIP)
н Co-located with resource on network

l

Resource Discovery (via GRIP or other)
н Using GRIP allows resource/directory hierarchy

March 25, 2002

Globus ToolkitTM Developer Tutorial: MDS-2

6

Distributed Services
R R R R R R D R R D
registration messages

R R

R R R R

RR RR
fault-partition

D

R RR R

RR RR

R R

D

R R R R
VO-B

R R

replicated directories

divergent directories

VO-A
l l l

Service scales with Grid growth Loose consistency model tolerates failures Interoperability by GRIP/GRRP protocols
Globus ToolkitTM Developer Tutorial: MDS-2 7

March 25, 2002

Soft-state Registration
l

Periodic notification
н "Service/resource is available" н Expected-frequency metadata

l

Automatic directory construction
н Add new resources to directory н Invite resources to join new directory

l

Self-cleaning
н Reduce occurrence of "dead" references

March 25, 2002

Globus ToolkitTM Developer Tutorial: MDS-2

8

MDS-2 Implementation
l

Grid Information Service (GRIS)
н Provides resource description н Modular content gateway

l

Grid Index Information Service (GIIS)
н Provides aggregate directory н Hierarchical groups of resources

l

Lightweight Dir. Access Protocol (LDAP)
н Standard with many client implementations н Used for GRIP (and GRRP currently)

March 25, 2002

Globus ToolkitTM Developer Tutorial: MDS-2

9

New MDS-2.1 Features
l

Security Mechanisms
н GSI mutual-authentication н Fine-grained access control by GSI name

l

Performance Enhancements
н Better query speeds н Less stale information

l

New Information Model (schema)
н Better representation of computers н Cleaner namespace management

March 25, 2002

Globus ToolkitTM Developer Tutorial: MDS-2

10

MDS-2.1 External Software Stack
l

OpenLDAP 2.0.x (.14)
н Implements LDAPv3 protocol н Client and server components

l

Cyrus-SASL
н Generic security н We provide loadable SASL/GSS plugin

l

Globus GSI
н Provides GSS-API interface to PKI н Shared library used by our SASL plugin

March 25, 2002

Globus ToolkitTM Developer Tutorial: MDS-2

11

MDS 2.1 Security
l l

PKI authentication Static authorization
н Class, attribute, object name rules

l

"Self" authorization
н Semi-dynamic rule н Requires "owner" attribute on objects

l

Dynamic authorization
н Directory-based group lists (or future CAS) н Per-object access rule attributes н LDAP dynamic authorization (beta?)

March 25, 2002

Globus ToolkitTM Developer Tutorial: MDS-2

12

MDS 2.1 Information Model
l

Structural information
н Resource hierarchy maps to objects н Named positions in LDAP DIT

l

Merged information
н Some parents "join" child data н Simplifies common query patterns

l

Auxiliary information
н Uniform representation of leaf/parent data н Uses LDAP auxiliary objectclasses

March 25, 2002

Globus ToolkitTM Developer Tutorial: MDS-2

13

GRIS Host Objects
CPU CPU hn= hostname RAM DISK VM NET software= OS OS dev group= CPUs CPU CPU dev group= memory RAM dev=cpu 0 dev=cpu 1 CPU CPU VM dev group= disk DISK dev group= net NET OS

dev= RAM RAM
March 25, 2002

dev=VM VM

dev=/scratch1 DISK

dev= eth0 NET
14

Globus ToolkitTM Developer Tutorial: MDS-2

GRIS Object Hierarchy
Mds-Host-name=hostname
Mds-Software-Deployment=operating system Mds-Device-Group-name=processors
Mds-Device-name= cpu 0

Mds-Device-Group-name=memory
Mds-Device-name=physical memory Mds-Device-name=virtual memory

Mds-Device-Group-name= filesystems
Mds-Device-name=/scratch1 Mds-Device-name=/scratch2

Mds-Device-Group-name=networks
Mds-Device-name=eth0
March 25, 2002 Globus ToolkitTM Developer Tutorial: MDS-2 15

GRIS Structural Class Hierarchy
Mds
Attr : Mds-validfrom (like createtime) Attr : Mds-validto (accuracy metadata) Attr : Mds-keepto (discard metadata)

MdsHost MdsDevice MdsDeviceGroup MdsSoftwareDeployment
l

Every MDS object: name, time metadata

March 25, 2002

Globus ToolkitTM Developer Tutorial: MDS-2

16

GRIS Auxiliary Class Examples
MdsCpu
Attr: Mds-Cpu-vendor Attr: Mds-Cpu-model Attr: Mds-Cpu-speedMHz
l

Once per CPU

MdsCpuCache
Attr: Mds-Cpu-Cache-L1kB
l

Once per CPU Once per SMP Once per MPP
17

MdsCpuSmp
Attr: Mds-Cpu-Smp-size
l

MdsCpuTotal
Attr: Mds-Cpu-Total-count
March 25, 2002

l

Globus ToolkitTM Developer Tutorial: MDS-2

GRIS Auxiliary Class Examples
MdsCpuFree (once per SMP)
Attr: Mds-Cpu-Free-1minX100 Attr: Mds-Cpu-Free-5minX100 Attr: Mds-Cpu-Free-15minX100

MdsCpuTotalFree (once per MPP)
Attr: Mds-Cpu-Total-Free-1minX100 Attr: Mds-Cpu -Total-Free-5minX100 Attr: Mds-Cpu -Total-Free-15minX100

March 25, 2002

Globus ToolkitTM Developer Tutorial: MDS-2

18

Client Tools
l

Globus Toolkit includes 2 command line client tools for querying MDS services
н grid-info-search: General purpose client
> grid-info-search нh -p -b \ -T [] [] > -x: Anonymous access

н grid-info-host-search : Same as grid-infosearch, but defaults to GRIS standard port
> E.g. grid-info-host-search нh localhost
l

Both clients can search for specific system information and filter results.
Globus ToolkitTM Developer Tutorial: MDS-2 19

March 25, 2002

LDAP Client C API
l

RFC 1823 defines an IETF draft standard C client API for accessing LDAP databases
н Connect to server н Pose query which returns data structures contains sets of object classes and attributes н Functions to walk these data structures

l

Globus Toolkit uses OpenLDAP client library

March 25, 2002

Globus ToolkitTM Developer Tutorial: MDS-2

20

LDAP Client API: Other Languages
l

Java
н JNDI is a standard Java package for accessing LDAP directories н Used by Java CoG

l

Python
н Has libraries that wrap the OpenLDAP client н Used with PyGlobus

l

Perl
н Has modules for LDAP access

March 25, 2002

Globus ToolkitTM Developer Tutorial: MDS-2

21

LDAP exercises
l l

Go to the "ldap" subdirectory Documentation
н RFC 1823: The LDAP Application Programming Interface н Howes and Smith, LDAP: Programming Directory-Enabled Applications with Lightweight Directory Access Protocol, MacMillan 1997 ISBN 1-57870-000-0

l

Follow instructions in the file README

March 25, 2002

Globus ToolkitTM Developer Tutorial: MDS-2

22

Configuring Servers and Adding Service Provider

March 25, 2002

Globus ToolkitTM Developer Tutorial: MDS-2

23

Configuration files for Registration
dc-n1.isi.edu
grid-info-site-policy.conf grid-info-resource-register.conf grid-info-resource- ldif.conf

GIIS

GRIS

dc-n2.isi.edu
grid-info-resource-register.conf grid-info-resource-ldif .conf

GRIS

March 25, 2002

Globus ToolkitTM Developer Tutorial: MDS-2

24

Configuration files for Registration
l

A resource that is hosting a GIIS
н grid-info-site-policy.conf
> Determines whether to accept incoming registrations > Accept everything, or only registrations from the resources explicitly defined in this conf file (can use wildcards)
l

Default policy is to only accept registrations from self, and from port 2135 In a hierarchical GIIS environment, this file must be modified from the default

l

March 25, 2002

Globus ToolkitTM Developer Tutorial: MDS-2

25

grid-info-site-policy.conf
Default Policy Data: objectclass: MdsRegistrationPolicy

policydata : (&(Mds-Service-hn=mako.isi .edu)(Mds-Service-port=2135))

Change `policydata' to this for completely open policy: (Mds-Service-hn=*) Change `policydata' to this to restrict to 2 specific hosts: (&(|(Mds-Service- hn=dc-n2.isi.edu)(Mds-Service-hn=dcn3.isi.edu))(Mds-Service-port=2135))

March 25, 2002

Globus ToolkitTM Developer Tutorial: MDS-2

26

Configuration files for Registration
l

A resource registering GRIS information with a GIIS
н grid-info-resource-register.conf
> Which GIIS's this GRIS should register to, and how > GIIS could be on the same machine, but may not be

н grid-info-resource- ldif.conf
> Determines which GRIS providers are active and available to send data to the GIIS's that this GRIS is registering with

March 25, 2002

Globus ToolkitTM Developer Tutorial: MDS-2

27

Registering a GRIS with a GIIS
l l l l l l

dn: regtype: mdsreg2 reghn: regport: regperiod: н where service attribute entries depend on the type of LDAP object being published
(seconds)

>

$GLOBUS_LOCATION/etc/grid-info-resource-register.conf
March 25, 2002 Globus ToolkitTM Developer Tutorial: MDS-2 28

GRIS on dc-n2 registers with GIIS on dc-n1
l l l l l l l l l l l l l

Example

dn: Mds-Vo-Op-name=register, Mds-Vo-name=site, o=grid regtype: mdsreg2 reghn: dc-n1.isi.edu regport: 2135 regperiod: 600 type: ldap hn: dc-n2.isi.edu port: 2135 rootdn: Mds-Vo-name=local, o=grid ttl: 1200 timeout: 20 mode: cachedump cachettl: 30

$GLOBUS_LOCATION/etc/grid-info-resource-register.conf
March 25, 2002 Globus ToolkitTM Developer Tutorial: MDS-2 29

Registration Control Parameters
l

regperiod
н How often this GRIS will send a message to the GIIS noting its existence

l

ttl
н How long the recieving GIIS should keep the registration information before assuming that the GRIS is no longer available н In general ttl should be: ttl = 2 x (regperiod)

l

cachettl
н Recommendation to the GIIS about how long to maintain in cache, the GRIS information provided by this resource

$GLOBUS_LOCATION/etc/grid-info-resource-register.conf
March 25, 2002 Globus ToolkitTM Developer Tutorial: MDS-2 30

MDS-2.1 GRIS Providers
l l l l l l l l

grid-info-cpu reports CPU/load info grid-info-fs reports filesystem info grid-info-mem reports RAM/VM info grid-info-net reports NIC/net info grid-info-os reports OS info grid-info-platform reports arch. info grid-info-merged merges all host info* Extensible for other sources, e.g. GRAM

March 25, 2002

Globus ToolkitTM Developer Tutorial: MDS-2

31

GRIS Dispatch Logic
l

For each provider:
н Could search intersect provider? No, then skip. н Is provider cache stale? Yes, then refill. н Apply search filter to cache data.

l

Combine all intersecting providers' results

March 25, 2002

Globus ToolkitTM Developer Tutorial: MDS-2

32

GRIS Response Issues
l

MDS 2.0 and 2.1 are lazy
н Probes are not issued unless queried

l

Some system probes are slow
н "Best" probe may take several seconds

l

How to avoid stale data?
н Clients set time-out per query н GRIS/GIIS define time-out per source н Fresh data found before timeout is returned н Cache fill continues after client time-out

March 25, 2002

Globus ToolkitTM Developer Tutorial: MDS-2

33

2.1 GRIS Provider Times
OS Platfor m Os Cpu Mem Fs Net Merge total OLD
March 25, 2002

RH 6.2 0.04 0.06 0.28 0.12 0.14 0.45 0.80 1.89 10.01

RH7.1 0.03 0.04 0.15 0.10 0.09 0.17 0.37 0.95 N/A

Irix

Solaris

8.29

18.27
34

Globus ToolkitTM Developer Tutorial: MDS-2

New Information Providers
l

Decide what information to publish into MDS Create a program that implements the IO interface requirements of a GRIS Information Provider Enable the information provider for an MDS installation

l

l

March 25, 2002

Globus ToolkitTM Developer Tutorial: MDS-2

35

New Information Providers
l

Decide what information to publish into MDS
н OID: conflict avoidance
> OID Registered with IANA Private Enterprise Numbers l http://www.iana.org/cgi-bin/enterprise.pl l 1.3.6.1.4.1.3536.* Globus OID subspace l 1.3.6.1.4.1.3536.2.* Globus Info Services OID subspace l 1.3.6.1.4.1.3536.2.6.* MDS OID subspace > ISI will delegate sub-trees of the Globus Info Srvcs OID space l mailto:mds-oid-registrar@globus.org l OR, register your own with IANA

н Object Naming: conflict avoidance
> ISI will coordinate prefix naming. Request a prefix from: l mailto:mds-oid -registrar@globus.org

н Schema
> Data Modeling problem > LDAP schema syntax problem > $GLOBUS_LOCATION/etc/grid-info-resource.schema
March 25, 2002 Globus ToolkitTM Developer Tutorial: MDS-2 36

New Information Providers
l

Create your program
н Any language. The only requirements are the I/O interface of your program:
> Must be callable by fork and exec from the slapd process
l

You can pass in arguments to your program Data returned must match the LDAP schema RFC 2849

> Must return data in LDIF format
l l

March 25, 2002

Globus ToolkitTM Developer Tutorial: MDS-2

37

New Information Providers
l

Enable your new information provider by adding a configuration block
$GLOBUS_LOCATION/etc/grid-info-resource-ldif .conf
н # generate memory info every minute н dn : Mds-Device-Group-name=memory, Mds-Host- hn =mako.isi.edu , Mds-Vo-name=local, o=grid н objectclass: GlobusTop н objectclass: GlobusActiveObject н objectclass: GlobusActiveSearch н type: exec н path: /globus/libexec н base: grid-info-mem-linux н args : -devclassobj -devobjs -dn Mds-Host-hn= mako .isi.edu,Mds -Voname=local,o=grid -validto -secs 60 -keepto -secs 60 н cachetime : 60 н timelimit: 10 н sizelimit: 3

l

March 25, 2002

Globus ToolkitTM Developer Tutorial: MDS-2

38

New Information Providers
l l

l

l

l

l

l

l

dn н Where the object lives in the DIT These lines must be included: н objectclass : GlobusTop н objectclass : GlobusActiveObject н objectclass : GlobusActiveSearch н type: exec path н Path to the information provider program base н Name of the information provider program args н Arguments to be passed to the information provider program cachetime н In seconds, how long GRIS will consider the data to not be stale timelimit н In seconds, how long the GRIS should wait for the information provider to return data before giving up on it sizelimit н Max number of LDIF objects to be read from the output of the information provider

$GLOBUS_LOCATION/etc/grid-info-resource-ldif .conf
March 25, 2002 Globus ToolkitTM Developer Tutorial: MDS-2 39