IGE showcases‎ > ‎

Adhoc-VOMS

1)          Showcase infrastructure

Showcase infrastructure consists of the following components:

1)            Grid infrastructure – used for running jobs and transfer files.

2)            AdHoc application – used for managing virtual organizations and access to grid infrastructure.

3)            VOMS server – used as a placeholder for virtual organizations.

Each component is explained below.

 

1.1)      Grid infrastructure

The AdHoc showcase is installed and configured on two virtual machines working in grid infrastructure. Two hosts that are placed in PSNC environment are enlisted in Table 1.

Grid host #

Hostname

IP address

1

adhoc1.reef.man.poznan.pl

150.254.161.245

2

adhoc2.reef.man.poznan.pl

150.254.161.246

Table 1: Showcase grid infrastructure

 

Both hosts have GT 5.2 installed (Gram5, GridFTP), LCAS & LCMAPS and LLGT installed and configured.

 

1.2)      AdHoc application

AdHoc is a tool for managing virtual organizations and access to grid infrastructure in a user friendly manner. More information is included in the AdHoc documentation.

AdHoc is installed on grid servers and consists of the following components:

1)            AdHoc Core – Grid host 2.

2)            AdHoc GUI – Grid host 2.

3)            AdHoc Agents – agents are responsible for granting privileges to resources (hosts) on grid infrastructure and interacting with VOMS server. There is one agent installed on each Grid host:

1.            Resource agent - Grid host 1.

2.            Resource agent - Grid host 2.

3.            VOMS agent – Grid host 2.

Showcase should be conducted using the AdHoc GUI application which can be accessed on:

                      https://adhoc2.reef.man.poznan.pl/adhoc

 

1.3)      VOMS server

VOMS server is a system used to classify users who are part of a Virtual Organization (VO). This service was installed and configured by TUDO and is available at the following address :

https://vomrs01.grid.tu-dortmund.de:8443/voms/adhoc/

For both AdHoc and VOMS server to work properly CAs that the certificate of a person who is doing the showcase is signed with have to be known to VOMS server and AdHoc. Most of the NGI and well known CAs are in the VOMS server and AdHoc repositories.

 

2)          Showcase scenario

2.1)      The story

3 scientists from 3 different projects want to use their resources (exchange data via ftp and run jobs on their hosts). They are:

1)            Scientist A (Jan Kowalski: p12) has a computational node with high power and storage (Grid host 1).

2)            Scientist B (Michal Orzechowski: p12) has a computational node with high power and storage (Grid host 2).

3)            Scientist C (You) wants to execute jobs and transfer files on Scientist A and B's nodes.

 

All three of them are in three different organizations and they don't share resources. For them to allow each other to use their resources would be very difficult and would involve their administrators work to:

1)            Add each DN to grid-mapfile on each host. or

2)            Create a virtual organization in VOMS, add all to this organization and add mappings in grid-mapfile.

All of which would involve:

1)            VOMS Admin.

2)            Node admins.

 

The alternative solution is to use AdHoc which would involve participation of only the scientists who would do 3-step operation:

1)            Create a VO in AdHoc.

2)            Add themselves to the VO in AdHoc.

3)            Add computational nodes to the VO in AdHoc.

2.2)      Scenario for execution

2.2.1)   Log in to AdHoc and add yourself to the infrastructure

In order to do that you have to import your .p12 file into your browser. The next step is to run adhoc (https://adhoc2.reef.man.poznan.pl/adhoc). You should see a form (see Diagram 1), then fill in the form and press OK button.


Fill in the blanks as enlisted in Table 1.

Name

Value

DN

User Distinguished Name

Name

User name and surname

OrganizationID

Certificate authority

E-mail

User e-mail

Table 2: Fill the form to add yourself to AdHoc

 

Once a user is added correctly, you should see the AdHoc GUI view (see Diagram 2).


 

The AdHoc GUI view can be divided into the following sections:

1)            Information about the logged user – his/her name and Distinguished Name (DN).

2)            The West Panel:

1.            Shows all users that can be used in AdHoc (taken from VOMS server). Users are grouped by their CAs.

2.            Shows all VO from VOMS server that are part of AdHoc. In these place we can create new VO.

3.            Shows all resources (hosts available in the grid – currently the two from Table 2).

3)            The Central Panel – in this place you can view and manage virtual organizations, user resources and VOs and the resources.

4)            The East Panel – shows detailed information about selected object e.g. users or resources.

 

2.2.2)   Execute a test job 1

To correctly generate proxy you need to add line in file /etc/vomses

"adhoc" "vomrs01.grid.tu-dortmund.de" "15013" "/C=DE/O=GermanGrid/OU=TU-Dortmund/CN=host/vomrs01.grid.tu-dortmund.de" "adhoc"

 

Furthermore create file “vomrs01.grid.tu-dortmund.de.lsc” in directory /etc/grid-security/vomsdir/adhoc. The contenct of the file was presented below

/C=DE/O=GermanGrid/OU=TU-Dortmund/CN=host/vomrs01.grid.tu-dortmund.de

/C=DE/O=GermanGrid/CN=GridKa-CA

 

Generate a proxy and execute a simple job on one of the grid hosts (see Table 2).

voms-proxy-init -voms adhoc

globusrun -o -r adhoc1.reef.man.poznan.pl:2119/jobmanager-fork-poll '&(executable="/bin/hostname")'


As the result, you should receive information:

GRAM Job submission failed because authentication with the remote server failed (error code 7)


The error appeared due to the fact that our user is not permitted to run jobs on the host by the LCAS / LCMAPS suite. Lets change it and let ourselves run this job using AdHoc.

2.2.3)   Create a VO in AdHoc

Click the VO tab on the West Panel (element 2.2 from Diagram 2). Then, click “Create” button on the Tool Strip. Enter the name of your VO (the name should be between 3-15 alphanumeric characters). Click “Ok”.

Your VO is created and ready to be used.

In order to see VO settings, double click on its name in the VO view in West Panel (tree-grid in component 2.2). Users (see Diagram 3, mark 1) and resources (see Diagram 3, mark 2) assigned to the VO will appear on the Central Panel.


In the VO view in the West Panel you can now see your VO with two categories of users - Administrators and Users:

1)            Administrator – avatar the Central Panel is surrounded by the red box. This user has privileges to:

1.            Add and remove users from the VO. 

2.            Add (if she is a resource's administrator) and remove resource.

3.            Remove the VO that she has created.

2)            User – normal user without the red box. This kind of user has the privileges to:

1.            Add resource (if it is resource administrator) and remove resource.

2.            Remove herself from the VO.

Each VO has at least one administrator (creator). The right to add or remove Administrator privilege are assigned only by  the administrator (by clicking the right mouse button on the user avatar).

 

Now its time to add more users to VO.

2.2.4)   Add Scientist A and B to the VO


For this purpose switch tab to the User Panel (in the West Panel). Choose the user you want to add to your VO and drag&drop him to the VO opened in the Central Panel (see Diagram 4). Please use Michal Orzechowski – who is the administrator of Grid host number 2 and Jan Kowalski – administrator of Grid host number 1.

Now lets add a host to the VO.

2.2.5)   Add a Grid host 1 and Grid host 2 to the VO

“You ask Scientists A and B to log in to AdHoc GUI and to add their hosts to the VO. Scientists A and B log in and add their resources to the VO.”

To simulate this we you have to login as an Administrator of both resources (in our showcase it is Michal Orzechowski and Jan Kowalski) and add hosts to the VO being each hosts Administrator. To do that for each user:

1)            Clean active logins in a web-browser and refresh AdHoc GUI.

2)            Login as a Scientis (use this user's p12 provided here: http://adhoc2.reef.man.poznan.pl/cert/ )

  •  Login: ige
  • Password: ige123
  • Certificate password: ige123

1)            Open testing VO (VO tab -> double click on the VO).

2)            Add the resource by drag & drop resource icon from resource tab in the West Panel to resource panel in the VO view in Central Panel (see Diagram 5).


Do this for both Scientists. After doing all the steps you should see a view similar to this:


2.2.6)   Execute a test job 2

 

Now You (as a member of the VO with resources), Michal Orzechowski (as an Administrator of the Grid host 2 and a member of the VO) and Jan Kowalski (as an Administrator of the Grid host 1 and a member of the VO) can use grid resources on Grid host 1 and 2.

Generate a new proxy and execute a simple job on one of the grid hosts again (see chapter2.2.2).

voms-proxy-init -voms adhoc

globusrun -o -r adhoc1.reef.man.poznan.pl:2119/jobmanager-fork-poll '&(executable="/bin/hostname")'

 

Now, as result we should receive:

adhoc1.reef.man.poznan.pl

 

2.2.7)   Clean up

In the end we have to clean up, namely we have to remove the VO. Do this by administrator VO. Please see the attached screenshot. After deleting the VO, after your proxy expires or you'll generate a new one, you won't be able to run jobs on the host.


If you no longer want to share resource a resource, you remove it from the VO (this operation is allowed only for VO administrators and Resource administrators ). To do it,  you  need: 

  • In VO properties (Diagram 3 component 2) mark resource (one click).
  • In the Tool Strip Resource component (Diagram 3 component 2) click remove
  • Confirm operation. 

Since you've deleted the resource you have lost the ability to perform tasks on the deleted host.