grid technology: the rough guide

December 8 & 9, 2005, Austin, TXSURA Cyberinfrastructure Workshop Series: Grid Technology: The Rough Guide

Grid Technology: The Rough Guide

Grid Building Hands-On SessionAshok Adiga, Texas Advanced Computing

CenterVictor Bolet, Georgia State University


Grid Lab Session

• Overview:– Laptop Environment– Pacman Install– Globus Install and Config– Configure GSI– Certificates– Command Line Job Submission– GridFTP


Grid Lab Session

• Overview: (cont)– Ganglia Install– CondorG– MyProxy– Using a Grid Portal: SURAGrid– Portal Job Submission– Wrap Up


Grid Lab Session

• Components– GridPort – CondorG– SimpleCA – Globus– MyProxy – Ganglia

• Hardware– Portal Server – MPI Cluster– CA Server – Laptops (Grid

Nodes)– Ganglia Server


Laptop Environment• Red Hat Enterprise 2.6.11• Bash shell

– Root Account: login: root password: Unx4me.– User Account: login: griduser password: griduser

• Log in as griduser – Right click on desktop and select “Open Terminal”

(you will need 2 terminals)

• Login as root in one of the terminal windows– In one of the terminals type: su –– Enter the root password

• Files for workshop are located in /root/workshop


Network Setup• Grids are picky about networks• Host names

– For a host cert, the fully qualified host name must be in there

– When using services, host names are provided to call back to send status information

• Firewalls– GridFTP, status messages can be blocked

• On your laptop:– Applications menu -> System Settings -> Network– In the DNS tab, set the Hostname to be

• labXX.tacc.utexas.edu (replace XX with your number)

– File -> Save and then File -> Quit


Time Setup• Grid security requires that the times on

the hosts match up well– Grid-proxy-init

• On a host that thinks it is 11am• You get a proxy valid from 11am today

– Globusrun to a host• To a host that thinks that it is 10am• Does not allow you to run - your proxy isn’t valid

• Check the time on your laptop– If it isn’t correct:

• Use the date command to correct it– date [MMDDhhmm.ss]


Pacman Install• In the root window, change into the vdt directory:

– cd /usr/local/vdt

• Fetch the pacman tarball:– wget

http://physics.bu.edu/pacman/sample_cache/tarballs/pacman-latest.tar.gz

• Expand the tarball:– tar zxvf pacman-latest.tar.gz

• Install Pacman:– cd pacman-3.15/– source setup.sh


Globus Install and Config• In the root window, change to Globus install directory

– cd /usr/local/vdt• Fetch Globus package using Pacman: (for the classroom)

– pacman -get http://129.114.2.195/pacman/vdt_136_cache:Globus• To fetch the Globus package outside the classroom use: (note:

this is usually a 200-300mb download)– pacman -get http://www.cs.wisc.edu/vdt/vdt_136_cache:Globus

• Installation Prompts:– Answer ‘n’ to the following:

Where would you like to install CA files?Choices: r (root) - install into /etc/grid-security/certificates (existing CA files will be preserved) l (local) - install into

$VDT_LOCATION/globus/share/certificates n (no) - do not install

– Answer ‘y’ to all other prompts


Configure GSI• In the root window, change to the install directory:

– cd /usr/local/vdt• Configure Globus GSI:

– source setup.sh– mkdir /etc/grid-security – gpt-build /root/workshop/globus_simple_ca_bffae137_setup-0.17.tar.gz

gcc32dbg– gpt-postinstall (NOTE: Ignore Warning Messages)– /usr/local/vdt/globus/setup/globus_simple_ca_bffae137_setup/setup-gsi -default

• Copy Certificates:– cd /etc/grid-security/certificates– tar xvf /root/workshop/certs.tar

• Link the Globus Files– /root/workshop/gsi_certlinks.sh– This script does the following:

ln -s /etc/grid-security/certificates /usr/local/vdt/globus/TRUSTED_CAln -s /etc/grid-security/certificates /usr/local/vdt/globus/etc/certificatesln -s /etc/grid-security/globus-host-ssl.conf /usr/local/vdt/globus/etc/globus-host-ssl.confln -s /etc/grid-security/globus-user-ssl.conf /usr/local/vdt/globus/etc/globus-user-ssl.confln -s /etc/grid-security/grid-security.conf /usr/local/vdt/globus/etc/grid-security.conf


Obtaining Host & User certificates

• simpleCA used as Certificate Authority in this hands-on session– Part of Globus Toolkit distribution– Server side code pre-installed for hands-

on– Client utilities were created and

packaged during simpleCA server install• globus_simple_ca_bffae137_setup-0.17.tar.gz

– For detailed documentation see: http://www.globus.org/toolkit/docs/4.0/admin/docbook/ch07.html

• installing and configuring simpleCA server • signing user & host certificates


Certificates

• Globus Certificates are stored in 2 places:– Host / Server Certificates:

• /etc/grid-security/certificates

– User Certificates (private key):• ~/.globus


Requesting Certificates• Generate Host Certificate Request (in root window):

– source /usr/local/vdt/setup.sh– grid-cert-request –host `hostname`– (answer yes to the warning about fully qualified names)– cp /usr/local/vdt/globus/etc/hostkey.pem /etc/grid-security/

• Generate User Certificate Request (in griduser window):– source /usr/local/vdt/setup.sh – grid-cert-request

• Enter your name• set a passphrase (Need to remember this!!!)

• Certificates are ready to be Signed:– Inform the Instructor your certificates are ready


Grid Security Files (local certs)

• Verify policy files and “.0” files (in griduser window):– ls /etc/grid-security/certificates

• Generate a proxy certificate:– grid-proxy-init– enter pass phrase used to generate

certificate• Verify the certificate details:

– grid-cert-info– grid-cert-info –subject


Command Line Job Submission

• Verify your DN is in the current grid-mapfile on bandera.tacc.utexas.edu

• Test the certificate (GRAM Authentication):– globusrun –a -r bandera.tacc.utexas.edu

• Try a simple job:– globus-job-run bandera.tacc.utexas.edu

/bin/hostname


GridFTPCreate a test file to copy

– echo “1 2 3 4 5” > /tmp/<hostname>numbers.txt

• Copy the file to bandera using GridFTP– globus-url-copy file:///tmp/<hostname>numbers.txt \

gsiftp://bandera.tacc.utexas.edu/tmp/<hostname>numbers.txt

• See your file on Bandera (instructor to display)


Ganglia Monitoring Tool• Collector Machine: lab01 (preinstalled)• URL: http://129.114.2.195/ganglia• Collector machine runs gmetad service• Grid nodes report to lab01 through

local gmond service• Server install

documentation/download: – http://ganglia.sourceforge.net – Version 3.0.1


Ganglia Install• Install gmond Service: (in root window)

– rpm –i /root/workshop/ganglia-gmond-3.0.1-1.i386.rpm• edit /etc/gmond.conf

– Under cluster: • name=<hostname>• owner=“Your Name”

– Under udp_send_channel:• comment out (#) the mcast_join statement• add a "host = labXX.staff.utexas.edu" statement

– Under udp_recv channel:• comment out (#) the mcast_join statement• comment out (#) the bind statement

• Restart gmond– service gmond restart

• Go to URL and see your node:– http://129.114.2.195/ganglia


Condor Install, Config, Startup

• Installs & configures all of Condor– We’ll just be using the Condor-G and DAGMan parts

• In the root window, change to Globus install directory– cd /usr/local/vdt

• Fetch Condor package using Pacman: (for the classroom)– pacman -get http://129.114.2.195/pacman/vdt_136_cache:Condor

• To fetch the Globus package outside the classroom use: (note: this is a 100mb download)– pacman -get http://www.cs.wisc.edu/vdt/vdt_136_cache:Condor

• Installation Prompts:– Would you like Condor to run automatically?

• Yes• Update root environment so that you can use Condor

– source /usr/local/vdt/setup.sh• Start the Condor Master (which starts all other Condor daemons)

– cd /usr/local/vdt/condor/sbin/– ./condor_master

• You should see the condor daemons running as the condor user– ps -eaf | grep condor


Using Condor-G

• Working in the griduser window• Update the environment

– source /usr/local/vdt/setup.sh

• Look at the condor commands in /usr/local/vdt/condor/bin– condor_q to look at queued jobs– condor_submit to submit a condor job– condor_rm to remove a submitted job


Simple Condor Submission• Create a simple condor submit script

called, say, globus-ls.sub containing:Universe = globusglobusscheduler = bandera.tacc.utexas.eduExecutable = /bin/lsArguments = /usr/binTransfer_Executable = falseOutput = ls.outError = ls.errqueue

• Then do a condor_submit globus-ls.sub• You can do a condor_q to watch your job

run• Can also try to submit jobs to other labXX

systems, if you are in the grid-mapfile there


MyProxy• Install MyProxy client (In root window):

– cd /usr/local/vdt– pacman -get http://www.cs.wisc.edu/vdt/vdt_136_cache:MyProxy

• MyProxy host name:– pecos.tacc.utexas.edu– for MyProxy server installation instructions, see:

http://www.globus.org/toolkit/docs/4.0/security/myproxy/admin-index.html

• Load MyProxy Certificate:– myproxy-init -s pecos.tacc.utexas.edu -l <portal_username>

* portal_username is the same as your wireless account– enter User Certificate passphrase – enter MyProxy password– Need to Remember this Password!!


Using a Grid Portal: SURAGrid

• Based on GridPort– Quick install instructions:

• http://gridport.net/main/quickstart-download.html

• Log into the User Portal:– https://gridportal.sura.org– Username: (same as wireless account name – ie lab01)– Password: (same as username)

• Retrieve MyProxy Certificate:– Click on “Proxy Management” tab– Click “Get New Proxy”– Enter username and password used in

myproxy-init– Verify subject of MyProxy certificate


SURAGrid Portal (cont.)

• File Management tab:– Select Host: bandera.tacc.utexas.edu– Manage local files on bandera

• Job Submission tab:– Host: bandera.tacc.utexas.edu– Port: 2119 (default)– Executable: /bin/hostname– Standard Output:

/home/griduser/hostname.out– Use File Management tab to see if file is there


Wrap Up

Questions?

grid technology: the rough guide

Documents