1 / 12

Streamlined VO Management for EGEE gLite and Open Science Grid Projects

This document outlines an effective strategy for managing Virtual Organizations (VOs) within EGEE gLite and Open Science Grid (OSG) environments. It introduces the Virtual Organization Management Registration Service (VOMRS) and its features, including VO-level control of membership and privileges, two-phase registration, and integration with external systems. A pragmatic solution is provided for handling multiple VOs and Sub-VOs using tools like 'volist' and 'merge-gridmap'. The document emphasizes secure management of grid resources and facilitates delegation of responsibilities among administrators.

oliana
Télécharger la présentation

Streamlined VO Management for EGEE gLite and Open Science Grid Projects

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. VO Management

  2. Outline • VO Management in running projects: • EGEE gLite • Open Science Grid (OSG) – VO Privilege • VOMRS Features • Using VOMRS with GT4 • Pragmatic solution: volist & merge-gridmap • merge-gridmap: Flowchart • Serving multiple VOs & Sub-VOs

  3. VOMS/VOMRS in EGEE gLite VOMRS (Igor Sfiligoi: gLite Authentication)

  4. VOMS/VOMRS in OSG Certificate Certificate Proxy job job Member VOMRS register Grid Facility CE Globus Gatekeeper SRM JobManager SE membership/ privileges get proxy callouts callouts get uid, gid, rootpath gPlazma PRIMA membership/ privileges Is authorized? SAZ VOMS Facility Authorization Management get uid GUMS submit job (Tanya Levshina: VOMRS)

  5. VOMRS Features secure & authenticated management of VO membership, grid resource authorization and privileges: • 2-phase registration workflow to register with a VO • Dynamic set of collected personal information • Management of multiple grid certificates per member • VO-level control of member's privileges • Email notifications of selected changes and events • Permits delegation of responsibilities within the various VO administrators and group managers • Manages hierarchies of groups and group roles • Interfaces to third-party systems like VOMS

  6. VOMRS & GT4 Certificate Certificate Proxy job job Member Pragmatic solution: Use VOMRS as “VO Information Service” Grid resource group name VOMRS DB local grid- mapfile “volist“ servlet merge-gridmap local config List (DN+ID) (crontab) grid- mapfile Auth lists VOMRS Globus Gatekeeper register Submit job JobManager

  7. Merge-gridmap flow RunAs aliases Create sudoers entries volist/ VOMRS wget VO list Lower priority Command entries Map to pool account schema Write grid-mapfile grid- mapfile Prefix+format “agd” %.3d Remove DNs with unknown account names Allowed DNs Remove non-allowed DNs List of unknown accounts Check accounts’ existence Denied DNs Remove denied DNs Merge with local map local grid- mapfile Higher priority Remap DN+ID Remap DNs to non-pool accounts

  8. Serving multiple (Sub-)VOs local grid- mapfile VOMRS DB Grid resource “volist“ servlet A merge-gridmap Config Sub-VO /Omega/Uno VOMRS A Config VO /Alpha merge-gridmap VOMRS DB Auth lists “volist“ servlet  merge-gridmap Config VO /Omega VOMRS  grid- mapfile

  9. Summary • Using volist/merge-gridmap with VOMRS • offers a lean VO management tool • promises the chance to switch to future EGEE or OSG/VO-Privilege developments via the VOMS interface of VOMRS • provides the possibility to delegate access right management to a central VO management but to keep fine-grained local control • allows a resource to serve multiple VOs

  10. Appendix: Glossary • VOMRS • Virtual Organisation Management Registration Service • http://www.uscms.org/SoftwareComputing/Grid/VO/ • VOMS • Virtual Organization Membership services • http://infnforge.cnaf.infn.it/voms/ • LCMAPS • Local Credential MAPping Service

  11. Glossary II • GUMS • Grid User Management System • http://grid.racf.bnl.gov/GUMS/index.html • PRIMA • PRIvilege Management and Authorization • http://computing.fnal.gov/docs/products/voprivilege/prima/prima.html • SAZ • Site AuthoriZation service • http://www.fnal.gov/docs/products/saz/v_vo1/SAZ.htm

  12. Glossary III • gPlazma • Grid-aware PLuggable AuthoriZation Management • http://www.dcache.org/manuals/Book/cf-gplazma.shtml

More Related