[Top] [Contents] [Index] [ ? ]

XWHEP 5.7.5 User Guide


[ < ] [ > ]   [ << ] [ Up ] [ >> ]         [Top] [Contents] [Index] [ ? ]

1. Introduction

XtremWeb for High Energy Physics (XWHEP) is a global computing platform aiming to aggregate volunteer computing resources over the Internet. Contrary of what the name could make readers think, this is a general purpose platform, not specifically dedicated to High Energy Physics (HEP) community. The name should preferably be understood as XtremWeb BY High Energy Physics.

Historycally speaking, XtremWeb is a project initiated by Laboratoire de Recherche en Informatique (LRI).

In a pluri-disciplinal initiative, Laboratoire de l'Accélérateur Linéaire (LAL) and LRI joined their efforts to make what was a research platform aiming to study large scale distributed systems (LSDS) to a full production platform, naturally using HEP applications as first use cases (naturally, since LAL is an HEP laboratory). This common work having been a success, LAL continued not only to work with the platform in production, but also to extend and improve it in several ways under the name of XWHEP.

XWHEP was initially based on XtremWeb 1.8.0.


This document first presents XWHEP and its innovative features; then describes how to compile, install and deploy the platform. The last chapter is about inter-grid connections, the goal of such a feature, its security issues and finally how to make such inter-connections operable.


The targeted audience is not only developpers and administrators willing to deploy an LSDS, but also end users that can gain access to a new computing power. Finally volunteer PC owners who would like to participate to exciting research fields will also find useful informations here, on how to install and manage their PC as part of a global virtual cluster.



[ < ] [ > ]   [ << ] [ Up ] [ >> ]         [Top] [Contents] [Index] [ ? ]

2. Reading conventions


[ < ] [ > ]   [ << ] [ Up ] [ >> ]         [Top] [Contents] [Index] [ ? ]

3. XWHEP


[ < ] [ > ]   [ << ] [ Up ] [ >> ]         [Top] [Contents] [Index] [ ? ]

3.1 Overview

XtremWeb-HEP is a middleware permitting to deploy a Global Computing platform (Large Scale Distributed System). XWHEP belongs to the so called Cycle Stealing environment family. Like the other Distributed System Platforms, an XWHEP platform uses remote resources (PCs, workstations, PDA, servers) connected to Internet or a pool of resources inside a LAN. Participants of an XWHEP platform cooperate by providing their computing ressources, such as processor, memory and/or disk space.

XWHEP is a project belonging to light weight GRID systems. Its a Free Software (GPL), Open Source and non-profit software platform to explore scientific issues and applications of Global Computing and Peer to Peer distributed systems.

The XWHEP software platform allows to setup and run Distributed System projects. Such project must be based on a community of participants. For example, XWHEP platforms allow a High School, a University... or a Company to setup and run a Global Computing or Peer to Peer distributed system for either a specific application or a range of applications.


[ < ] [ > ]   [ << ] [ Up ] [ >> ]         [Top] [Contents] [Index] [ ? ]

3.2 Architecture

The XWHEP project is made of three parts:

This architecture corresponds to most of well known global computing projects where a centralized server ensures the platform coherency, integrity and security, while distributed parts (clients and workers) have, respectively, the user interface and computationnal capacities responsabilities.
The server and its distributed part are known as the middleware and form alltogether a deployment or a network. The centralized server is the only trusted entity. It must be highly secure and maintained by the platform administrator to ensure security and quality of service (QoS) of the full platform.
Distributed parts are entirely untrusted by essence. The middleware ensures a global security and QoS levels by implementing expected services and protocols.

The middleware is written to ensure a good fault tolerancy by detecting faults and, more generally, by considering volatility as a feature (and not a misbehavior). One of the major features that was already implemented in XtremWeb 1.8.0 is the server replication (as described in "RPC-V: Toward Fault-Tolerant RPC for Internet Connected Desktop Grids with Volatile Nodes.").

XWHEP extends the XtremWeb server by introducing the notion of datas and access rights. The server may act as a data server, but datas can be stored anywhere as soon as they are accessible by URI. Current version includes HTTP the Web standardized access protocol, ADICS a peer to peer architecture for data intensive cycle sharing (see www.p2p-adics.org/) and implements its own new schema, xw://.


Architecture

architecture


[ < ] [ > ]   [ << ] [ Up ] [ >> ]         [Top] [Contents] [Index] [ ? ]

3.3 What can I do with XWHEP

As a system software, XWHEP allows you to:

  1. use a Peer-to-Peer computing platform.

  2. participate (provide computing ressources) to a Global Computing or a Peer-to-Peer Project by joining an XWHEP platform (see the projects links on the main page),

  3. be collaborator of XWHEP by helping us developing XWHEP ,

  4. easily build your own General Purpose Global Computing System.

Participants may download the Worker software to participate. XWHEP Worker examines constantly the workload of your PC. When the workload becomes insignificant, your PC starts participating to a world wide experiment (research or large contests). For most of the PCs, the computation is done during the night.

Any one can download the entire software (Worker, Server, Lan administrator) to setup their own XWHEP platform.

Large institutions that are spred among several geographical sites and that are using cycle stealing to increase their computational power may use XWHEP to manage all the resources through a single environment. By downloading the entire XWHEP system you will be able to launch a Global Computing or a Peer-to-Peer Computing system. To do so, you will have to setup a community of workers. Dedicated Global Computing System particularly match the requirements of institutions like Schools, Universities, Laboratories, Libraries, Factories, Industries, ..., Companies that need a system allowing the use of idle resources during the nights or week-end.


[ < ] [ > ]   [ << ] [ Up ] [ >> ]         [Top] [Contents] [Index] [ ? ]

3.4 Features

XWHEP is a generic multi purposes desktop grid platform (DG) enabling eSciences computations over volatile nodes.

Main features are :


[ < ] [ > ]   [ << ] [ Up ] [ >> ]         [Top] [Contents] [Index] [ ? ]

3.4.1 User management

The platform introduces the notion of users, which must be understood just like in a cluster. An user is an entity that has the rights to perform some actions within the platform such as insert an application, submit a job, retreive a job result and more. An user is defined by its login and password(1).; users have the responsability to ensure confidentiality and integrity of these informations. These informations are always needed to connect to the platform. They are sent with all messages; messages without these informations or with invalid ones are rejected by the server. They also define actions the user has the rights to execute (see User rights). We can understand here that roles are not statically defined; they are dynamically defined by actions an user is allowed to request to server. An user identity that can be used to submit applications, datas and jobs may be considered as a client (this identity can be used to do so if the server allows requested actions for that identity). An identity that can be used to compute jobs may be considered as a worker (i.e. a distributed computing element - see Volunteer computing management).

An user may belong to a user group and not more than one. This helps to confine datas, applications, jobs and workers. With this feature, the platform defines three usage levels: public, group and private as shown in figure "Usage levels". The public level is the default one where applications, datas and jobs are public, accessible by all users, accordingly to their access rights (see Access rights).

Usage levels

grouping2

  1. Public usage level. By default users are public: they don't belong to any group. They can use public applications and datas, submit public jobs that can be run by public workers. Public applications, datas and jobs are those accessible by all users accordingly to their access rights (see Access rights).

    A public worker is a worker that has enough user rights to execute public applications. A public applications must be inserted by an user that is defined with administrator user level (see User rights). The application access rights defines the job ones; this is enforced by the server and there is no way modify this: any job referring a public application is public.

  2. Group usage level. Users belonging to an user group can not only access public applications, datas, jobs and workers, but also those of its group. Note that an user can belong to one user group only. Applications, datas, jobs and workers are in an user group if and only if their owner belongs to an user group. The group access rights does not allow users not belonging to the group to access objects of the group.

    A group worker is a public worker defined a group: its identity is defined in the group and has enough user rights to execute group application. A group applications must be inserted by an user that is defined with administrator user level. The application access rights defines the job one; this is enforced by the server and there is no way modify this: any job referring a group application is a group job.

    Users defined in a group can still submit public jobs by referring a public applications. A group worker will execute any public job as soon as it is the same user group of the job owner.

  3. Private usage level. Finally, applications, datas, jobs and workers may be private ones. Only the owner can access private objects. Users that don't have administrator user level can insert private applications and private ones only. This mechanism aims to protect workers against malicious or erroneus code. The application access rights defines the job one; this is enforced by the server and there is no way modify this: any job referring a private application is a private job. Such jobs can only be executed by private workers only. A private worker is worker presenting a non privileged identity (i.e. anything but not a public worker). A private worker will execute jobs of its owner only: private, group or public jobs.


The middleware includes several commands to manage users within the platform; please refer to User management with the XWHEP client.


[ < ] [ > ]   [ << ] [ Up ] [ >> ]         [Top] [Contents] [Index] [ ? ]

3.4.2 User rights

Each user identity is associated a user level which aims to determine actions the user can perform on the platform. Figure User rights shows the user levels stack.

User rights

userrights


The user levels are as follow:


The middleware includes several commands to manage users within the platform; please refer to User management with the XWHEP client.


[ < ] [ > ]   [ << ] [ Up ] [ >> ]         [Top] [Contents] [Index] [ ? ]

3.4.3 Access rights

The platform introduces the notion of access rights which must be understood as file system ones.

Access rights are used to confine access of applications, datas and jobs. They define authorizations for the owner, the group and other users :


Access rights can be combined to define access levels:


Access rights rules :


The middleware includes several commands to manage access rights within the platform; please refer to Client generic actions.


[ < ] [ > ]   [ << ] [ Up ] [ >> ]         [Top] [Contents] [Index] [ ? ]

3.4.4 Security

The platform trust nothing and implements all required mechanisms to ensure its integrity, as well as integrity of its installed applications, datas, jobs and connected workers.

As described in this document, Access rights, User management and User rights ensure all together the expected security level so that :


[ < ] [ > ]   [ << ] [ Up ] [ >> ]         [Top] [Contents] [Index] [ ? ]

3.4.5 Volunteer computing management

A volunteer computing resource is called a worker in XWHEP. A worker is a computationnal entity aiming to execute jobs and return their results. A worker is typically a personnal computer.
The platform aggregates some informations from the worker but no personnal datas. Informations are CPU type and performances, memory and disk availability, and IP adress.
The platform uses worker CPU powers accordingly to worker local activation policies, in a non intrusive mode. The owner keeps total control of its machine and its installed worker. See Control the XWHEP worker.

The platform administrator keeps the ability to revoke any workers at any time. See Worker management with the XWHEP client.


[ < ] [ > ]   [ << ] [ Up ] [ >> ]         [Top] [Contents] [Index] [ ? ]

3.4.6 Data management

The middleware includes several commands to manage datas within the platform; please refer to Data management with the XWHEP client.


[ < ] [ > ]   [ << ] [ Up ] [ >> ]         [Top] [Contents] [Index] [ ? ]

3.4.7 Application management

The middleware includes several commands to manage applications within the platform; please refer to Application management with the XWHEP client.


[ < ] [ > ]   [ << ] [ Up ] [ >> ]         [Top] [Contents] [Index] [ ? ]

3.4.8 Job management


[ < ] [ > ]   [ << ] [ Up ] [ >> ]         [Top] [Contents] [Index] [ ? ]

3.4.9 Job state graph

The middleware includes several commands to manage jobs within the platform; please refer to Jobs management with the XWHEP client..


[ < ] [ > ]   [ << ] [ Up ] [ >> ]         [Top] [Contents] [Index] [ ? ]

3.5 Planned features


[ < ] [ > ]   [ << ] [ Up ] [ >> ]         [Top] [Contents] [Index] [ ? ]

4. Getting XWHEP

The XWHEP package is downloadable from the web site.

You will find there sources and installers.


[ < ] [ > ]   [ << ] [ Up ] [ >> ]         [Top] [Contents] [Index] [ ? ]

4.1 Downloading XWHEP source package

There are two ways to get the XWHEP sources; you can:


[ < ] [ > ]   [ << ] [ Up ] [ >> ]         [Top] [Contents] [Index] [ ? ]

4.2 Downloading XWHEP binary package

There are two ways to get the XWHEP sources; you can:


[ < ] [ > ]   [ << ] [ Up ] [ >> ]         [Top] [Contents] [Index] [ ? ]

5. Setting up XWHEP

The XWHEP deployment is a three steps process


This chapter is divided as follow:



[ < ] [ > ]   [ << ] [ Up ] [ >> ]         [Top] [Contents] [Index] [ ? ]

5.1 Pre-requisit

There are some requirements in order to be able to use XWHEP packages (both source and binary). All requirements are tested at deployement time (see Building the deployment packages.).

Pre-requisit to install XWHEP are:


[ < ] [ > ]   [ << ] [ Up ] [ >> ]         [Top] [Contents] [Index] [ ? ]

5.2 Building from sources

You are not compelled to build XWHEP from sources, you can download the binary package from the XtremWeb-HEP web site. If you have done so, you can directly go to next section.

The XWHEP middleware is written in Java language, hence the Java package is the first requirement to build and run XWHEP .
The build process use the Apache Ant build tool; it first expects the JAVA_HOME environment variable to be set.

Note for Windows users: it is possible to configure, build and install XWHEP in this platform, using Cygwin. This should work, but is not supported.


[ < ] [ > ]   [ << ] [ Up ] [ >> ]         [Top] [Contents] [Index] [ ? ]

5.2.1 Sources package structure

The package contains seven directories:

You don't have to set any environnement variable, but for the following of the installation procedure, we assume that ${sources.dir} is the place where XWHEP sources are stored and ${install.dir} is the installation directory (where make install installs the binary package).


[ < ] [ > ]   [ << ] [ Up ] [ >> ]         [Top] [Contents] [Index] [ ? ]

5.2.2 Preparing the build process

Several parameters should be set in `build/build.conf' configuration file to build and install the binary package.


[ < ] [ > ]   [ << ] [ Up ] [ >> ]         [Top] [Contents] [Index] [ ? ]

5.2.3 Preparing the binary package

The source package can prepare the binary package which aims to generate deployment packages. Binary package usage is described in next section.

At this point, you must have first read Preparing the build process.

As soon as `build/build.conf' has been edited, you can build and install the binary package using :

 
  $> make && make install

Installation process includes several steps (assuming build.conf is correct...) :



[ < ] [ > ]   [ << ] [ Up ] [ >> ]         [Top] [Contents] [Index] [ ? ]

5.2.4 What have been installed



[ < ] [ > ]   [ << ] [ Up ] [ >> ]         [Top] [Contents] [Index] [ ? ]

5.3 Building the deployment packages.

The binary package aims to generate server, worker and client installation packages. These packages help to deploy the platform.
At this point, you either generated the binary package from source package as described in previous section, or downloaded the binary package from the web site.

We can not directly propose packages from our web site since it is impossible to create generic installers because each deployment has its own private datas (mysql configuration, electronic keys etc.).

If you have downloaded the XWHEP source package, please refer to previous section.


[ < ] [ > ]   [ << ] [ Up ] [ >> ]         [Top] [Contents] [Index] [ ? ]

5.3.1 Binary package structure

The package contains seven directories:

You don't have to set any environnement variable, but for the following of the installation procedure, we assume that ${install.dir} is the installation directory.


[ < ] [ > ]   [ << ] [ Up ] [ >> ]         [Top] [Contents] [Index] [ ? ]

5.3.2 Running the binary package configuration script

The procedure is explained in the tutorial.


[ < ] [ > ]   [ << ] [ Up ] [ >> ]         [Top] [Contents] [Index] [ ? ]

5.3.3 What have been installed



[ < ] [ > ]   [ << ] [ Up ] [ >> ]         [Top] [Contents] [Index] [ ? ]

5.4 Deploying the platform

If you have followed the procedure explained in the tutorial, you now have your installation packages ready.


[ < ] [ > ]   [ << ] [ Up ] [ >> ]         [Top] [Contents] [Index] [ ? ]

6. Monitoring the platform

The middleware comes with monitoring tools on three different levels:


[ < ] [ > ]   [ << ] [ Up ] [ >> ]         [Top] [Contents] [Index] [ ? ]

7. Running and using the platform

This section describes how to manage and use the three XWHEP parts:



[ < ] [ > ]   [ << ] [ Up ] [ >> ]         [Top] [Contents] [Index] [ ? ]

7.1 XWHEP server

The server is the centralized part in charge of the platform management. It aims to receive jobs requests from clients, schedule them on workers until succesfull completion, collect results and forward them back to clients.



[ < ] [ > ]   [ << ] [ Up ] [ >> ]         [Top] [Contents] [Index] [ ? ]

7.1.1 Configuring the XWHEP server

You will find a `conf/xtremweb.server.conf' file in the distribution. If you have downloaded the sources distribution, the installation process create it for you in your installation directory by the make install command.

The configuration of the file consists of a pair of keys and their values separated by the `=' character. A line begining by `#' is a comment.



[ < ] [ > ]   [ << ] [ Up ] [ >> ]         [Top] [Contents] [Index] [ ? ]

7.1.2 Launching XWHEP server

Scripts to launch the server are stored in the `bin/' directory.

Be aware that the script uses some definition in `bin/xtremwebconf.sh'.
One should read and edit this file.

The script expect the configuration file to be located in `conf/' directory.

The script `bin/xtremweb.server' helps to manage the server. It request one argument which may take four values : console, start, stop and restart:

Example:

 
 xtremweb.server start

To launch the server, you must have sufficient privileges because the script try to execute the server under the "xtremweb" user defined in your `xtremwebconf.sh' file.



[ < ] [ > ]   [ << ] [ Up ] [ >> ]         [Top] [Contents] [Index] [ ? ]

7.2 XWHEP worker

The worker is the distributed part in charge of the computation. It aims to request jobs from the server and try to execute them. The worker compute in a non intruding way so that the owner of the machine is not disturb, accordingly to an activation policy defined in the configuration file.



[ < ] [ > ]   [ << ] [ Up ] [ >> ]         [Top] [Contents] [Index] [ ? ]

7.2.1 The worker configuration file

You will find a `conf/xtremweb.worker.conf' file in the distribution. If you have downloaded the sources distribution, the installation process create it for you in your installation directory by the make install command.

The default configuration file for the worker is named `xtremweb.worker.conf' and located in the `conf/' directory. If the worker can't access this file, it looks in your home directory in the subdirectory `${HOME}/.xtremweb/xtremweb.worker.conf' (please, note the dot).
You can also provide any other configuration file, see Launch the XWHEP worker.

The configuration of the file consists of several pairs of `keys' and their values separated by the : character. A line begining by # is a comment.



[ < ] [ > ]   [ << ] [ Up ] [ >> ]         [Top] [Contents] [Index] [ ? ]

7.2.2 Launch the XWHEP worker


[ < ] [ > ]   [ << ] [ Up ] [ >> ]         [Top] [Contents] [Index] [ ? ]

7.2.2.1 Linux.

Scripts to launch the worker are stored in the `bin/' directory.

Be aware that the script uses some definition in `bin/xtremwebconf.sh'.
One should read and edit this file.

The script `bin/xtremweb.worker' helps to manage the worker. It request one argument which may take four values : console, start, stop and restart:

Example:

 
 xtremweb.worker start

You can also run the worker without the script and provide your own configuration file:

 
java -jar lib/xtremweb.jar xtremweb.worker.Worker --xwconfig <a configuration file>

To launch the worker as daemon, you must have sufficient privileges because the script try to execute the server under the "xtremweb" user defined in your `xtremwebconf.sh' file.



[ < ] [ > ]   [ << ] [ Up ] [ >> ]         [Top] [Contents] [Index] [ ? ]

7.2.2.2 Mac OS X.

The installer provide a worker that is launched at boot time.

The way to manage the worker is similar to Linux platform, except the script is in `/Library/StartupItems/xtremweb.worker/'. Please refer to See section Linux worker section.


[ < ] [ > ]   [ << ] [ Up ] [ >> ]         [Top] [Contents] [Index] [ ? ]

7.2.2.3 Win32.

Please note that all images included in this section are screen copies, hence they may contain text in french due to my Windows installation.
Hope this is understandable for non french reader :).


The package is provided as an `.exe' file downloadable from the platform web site.

As download finished, you can double click to run it; this creates a directory hierarchy typically in the `Program Files' folder, as shown in figure "Typicall installation".


Typicall installation

xwinstall0


The `bin/' directory contains several scripts as shown in figure 3.

Among them are:

Preparing the worker package as Windows service is the best way to use it. It will then run in background without disturbing the owner of the machine; by default, it will only compute when the owner don't use it machine. See section configuration file for more information on configuring the worker.

Double click on `bin/InstallXWWorker-NT.bat' to install the worker as Windows service as shown in figure "Install NT service".
Installing an NT service requires administrator privileges; please ask your system administrator, if needed.


Install the worker as NT service

xwinstall1


You can check that the worker service has been correctly installed.

This procedure will also help to manage the service :

To do so, first right click on your workstation icon in your start menu or on your desktop, then click on "manage" item, as shown in figure "Manage NT workstation".


Select the "manage" option

xwnt6


This open the workstation management window.
Select the "services and applications" item, then the "services" item and look for the XWHEP service as shown in figure "NT service installed".
It should be the last one in the list, depending of your configuration.

If you don't find the XWHEP worker in the list, it has not been correctly installed. Please, return to Install the worker as NT service and try again.


Worker installed as NT service

xwnt0


You can click on the XWHEP worker service to select it and click on the "Start" item as shown in figure "Start the NT service".
Note that you don't have to manually start the XWHEP worker; it is configured to start at every boot of your machine.


Start the worker NT service

xwnt1


A pop-up window then appears with a progression bar. as shown in figure "Starting the NT service".

If something goes wrong (not enough privileges, Java not correctly installed...) a warning window appears. Please, return to Install the worker as NT service and try again.


Starting the worker NT service

xwnt4


If the service has successfully been started, the "state" column should display "started" (noted as  Démarré  in figure "NT service started") for the XWHEP worker service as shown in figure "NT service started".


Worker NT service started

xwnt2


If you want to stop the XWHEP worker service, click to select it and click on the "Stop" item as shown in figure "Stop the NT service".


Stop the worker NT service

xwnt3


If you want to completly remove the XWHEP worker service, double click on `bin/UninstallXWWorker-NT.bat' as chown in figure "Uninstall NT service".
You must have enough privileges to do so. If needed, please ask your system administrator.

Note that this does not remove the XWHEP package from your computer. To do so, please use the standard Windows procedure through the "configuration pannel".

Uninstall the worker NT service

xwinstall2


Please see XWHEP worker to see how to configure and run the worker.


If you have followed the instructions detailed in Win32., the worker is automatically launched for you.

Otherwise, you have to double click on `xwworker.bat'.



[ < ] [ > ]   [ << ] [ Up ] [ >> ]         [Top] [Contents] [Index] [ ? ]

7.2.3 Control the XWHEP worker

Control the worker

workerctrl2


[ < ] [ > ]   [ << ] [ Up ] [ >> ]         [Top] [Contents] [Index] [ ? ]

7.3 XWHEP client

The client is the distributed part in charge of the platform usage. It aims to insert/delete applications, users and jobs, as to retrieve results. .
Actions are executed accordingly the user privilege level.



[ < ] [ > ]   [ << ] [ Up ] [ >> ]         [Top] [Contents] [Index] [ ? ]

7.3.1 The client configuration file

The client configuration file is the same as for the worker.

Please refer to the worker configuration file.


[ < ] [ > ]   [ << ] [ Up ] [ >> ]         [Top] [Contents] [Index] [ ? ]

7.3.2 Launch an XWHEP client

The client is a console application which aims to manage datas, applications, users and jobs, as to retrieve job results.

Scripts to run the client are stored in the `bin/' directory.

Be aware that the script uses some definition in `bin/xtremwebconf.sh'.

Several scripts are provided.


The client accepts both command and parameters; next sections detail them.


[ < ] [ > ]   [ << ] [ Up ] [ >> ]         [Top] [Contents] [Index] [ ? ]

7.3.2.1 The client common parameters.

The client accepts some parameters which may be combined with all client actions.


Some client parameters apply to specific client actions only; they are listed here and explained later in client actions sections.



[ < ] [ > ]   [ << ] [ Up ] [ >> ]         [Top] [Contents] [Index] [ ? ]

7.3.2.2 Client generic actions

There are two client actions that can be applied to all kind of object.



[ < ] [ > ]   [ << ] [ Up ] [ >> ]         [Top] [Contents] [Index] [ ? ]

7.3.3 Worker management with the XWHEP client


[ < ] [ > ]   [ << ] [ Up ] [ >> ]         [Top] [Contents] [Index] [ ? ]

7.3.4 User management with the XWHEP client

The client accepts some parameters dedicated to user management : insert and delete users to/from the plateform.

The user management accepts some common parameters.

Here follow the client parameters dedicated to user management.


A set of scripts to manage the users is provided with the package : `bin/xwusers', `bin/xwsenduser', `bin/xwusergroups', `bin/xwsendusergroup'...



[ < ] [ > ]   [ << ] [ Up ] [ >> ]         [Top] [Contents] [Index] [ ? ]

7.3.5 Data management with the XWHEP client

The client accepts some parameters dedicated to data management : insert, retreive and delete data to/from the plateform.

The data management accepts some common parameters.

Here follow the client parameters dedicated to data management.


A set of scripts to manage the datas is provided with the package : `bin/xwdatas', `bin/xwsenddata'.



[ < ] [ > ]   [ << ] [ Up ] [ >> ]         [Top] [Contents] [Index] [ ? ]

7.3.6 Application management with the XWHEP client

The client accepts some parameters dedicated to application management : insert and delete applications to/from the plateform.

The application management accepts some common parameters.

Here follow the client parameters dedicated to application management.


A set of scripts to manage the applications is provided with the package : `bin/xwapps', `bin/xwsendapp'.



[ < ] [ > ]   [ << ] [ Up ] [ >> ]         [Top] [Contents] [Index] [ ? ]

7.3.7 Jobs management with the XWHEP client.

The client accepts some parameters dedicated to jobs management : insert and delete jobs to/from the plateform.

The job management accepts some common parameters.

Here follow the client parameters dedicated to job management.


A set of scripts to manage jobs are provided with the package in the `bin/' directory.



[ < ] [ > ]   [ << ] [ Up ] [ >> ]         [Top] [Contents] [Index] [ ? ]

7.3.8 Results management with the XWHEP client.

The client accepts some parameters dedicated to job results management : retreive and delete job results.

The results management accepts some common parameters.

Here follow the client parameters dedicated to results management.



[ < ] [ > ]   [ << ] [ Up ] [ >> ]         [Top] [Contents] [Index] [ ? ]

7.3.9 The client macro file

The client accepts "macro" file, which is just a text file with one command per line.

A macro file is provided to the client with the parameter --xwmacro <a macro file>. This parameter cancels all other client parameters but the --xwconfig parameter.

Examples:

 
 xtremweb.client --xwmacro <a macro file>
 xtremweb.client --xwconfig <a configuration file> --xwmacro <a macro file>


[ < ] [ > ]   [ << ] [ Up ] [ >> ]         [Top] [Contents] [Index] [ ? ]

7.3.10 The client GUI

When launching the client with the -xwgui parameter (or when launching either the Mac OS X or Windows client), the main frame pops up as shown in figure "The client main frame".
As shown on the title, we are not connected to the platform yet.

The client main frame

mainframe

To connect, please select "Login as..." option in the "File" menu (figure The "Login as..." menu option).

The "Login as..." menu option

The &quot;Login as...&quot; menu option

The login dialog pops up as shown on figure "Login dialog". You must fill the three fields.

The login dialog

The login dialog

If the server is not reachable the server error dialog pops up (figure Server error dialog).

The server error dialog

The server error dialog

If the login and/or password is not valid, or if the user is not authorized to connect, the error dialog pops up (figure Connect error dialog).

The connect error dialog

The connect error dialog

Once connected, the title displays the login (figure Connected).

The user is connected

The user is connected

Click on "Refresh" to get your jobs list. The progress bar shows the download progression (figure Retreiving jobs).

Figure 20 : Retreving jobs

Retreiving jobs

As the download completes, your jobs are listed. The status bar shows the total of rows (figure Jobs retreived).

Jobs retreived

Jobs retreived

Click on "Submit" to submit a new job (figure Submit a new job).

Submit a new job

submit0

Select an application from the dropdown menu (figure Select an application).

Submit a new job; select an application

submit1

Give a job label (this is optionnal) (figure Give a label).

Figure 24 : Submit a new job; give a label

submit2

Click on "View" (shown on figure Jobs retreived) to see job details (figure Job details).

Job details

Job details


[ < ] [ > ]   [ << ] [ Up ] [ >> ]         [Top] [Contents] [Index] [ ? ]

8. Connecting XWHEP to other grids

Pilot Jobs is a way to use a Grid infrastructure to deploy end user jobs with an external scheduler (i.e. a scheduler which is not part of the infrastructure itself). XtremWeb and Condor teams have introduced this as Gliding-in in "XTREMWEB & CONDOR : SHARING RESOURCES BETWEEN INTERNET CONNECTED CONDOR POOLS." (O. Lodygensky, G. Fedak, F. Cappello, V. Neri, M. Livny, D. Thain at CCGRID 2003, Tokyo, JAPAN; May 12-15, 2003.)

Security, monitoring and logging are the main issues in Pilot Jobs; see http://edms.cern.ch/document/855383.


XWHEP solves these issues thanks to its innovative features:


Security is ensured at three levels:


Pilot Jobs

pilotjobs2



[ < ] [ > ]   [ << ] [ Up ] [ >> ]         [Top] [Contents] [Index] [ ? ]

8.1 The Gliding-in approach

The Gliding-in approach to cluster resources spread in different Condor pool using the Global Computing system (XtremWeb) was first introduced in xtremweb-condor. The main principle consist in wrapping the XtremWeb worker as regular Condor task and submit this task to the Condor pool. Once the worker is executed on a Condor resource, the worker pulls jobs from the DG~server, executes the XtremWeb task and return the result to the XtremWeb server. As a consequence, the Condor resources communicates directly to the XtremWeb server. Similar mechanisms are now commonly employed in Grid Computing condor_grid2. For example Dirac uses a combination of push/pull mechanism to execute jobs on several Grid clusters. The generic approach on the Grid is called a pilot job. Instead of submitting jobs directly to the Grids gatekeeper, this system submits so-called pilot jobs. When executed, the pilot job fetches jobs from an external job scheduler.

The gliding-in or pilot job approach has several advantages. While simple, this mechanism efficiently balance the load between heterogeneous computing sites. It benefits from the fault tolerance provided by the DG~server; if Grid nodes fail then jobs are rescheduled to the next available resources. Finally, as the performance study of the Falkon falkon system shows, it gives better performances because series of jobs do not have to go through the gatekeeper queues which is generally characterized by long waiting time, and communication are direct between the computing element~(CE) and the DG~server without intermediate agent such as the superworker. From the security point of view, this approach breaks the Grid security rules which because jobs owner may be different than pilot job owners. This is a well known issue of pilot jobs and new solution such as gLExec are proposed to circumvent this security hole.


[ < ] [ > ]   [ << ] [ Up ] [ >> ]         [Top] [Contents] [Index] [ ? ]

8.2 Bridging XtremWeb and EGEE.

Our goal is to safely aggregate EGEE worker nodes in a single XtremWeb network. In this network, we assume that the users connect to the dispatcher administration domain to submit tasks. XtremWeb has the responsibility to ensure user authentication, hosts (workers) integrity, application and results protection and user execution logging.

In the rest of the paper, we based our study of the security model on the gliding-in technology. XtremWeb Workers are submitted to EGEE computing elements using JSDL wrappers.


[ < ] [ > ]   [ << ] [ Up ] [ >> ]         [Top] [Contents] [Index] [ ? ]

8.2.1 User authentication and execution logging.

The coordinator site manages a list of authorized users as ACLs. It is the responsibility of the system administrator to register new users (and revoke non desired ones) on the coordinator. After registration, the coordinator provides a key to be used by the user for each subsequent connection. For each connection, a challenge is ran in order to ensure that the user is registered on the coordinator. All communications between the user XW client and the coordinator are encrypted using SSL. Then the coordinator works as a proxy for the user: all tasks are submitted to the workers through the coordinator credential. All executions on the workers are logged in the security perspective: all tasks contain a descriptor with the actual user credential so that workers and coordinator can take appropriate corrective action (user revocation), in case of security problem.

The design does not currently rely on certificates and presents a certain degree of risk for "Man is the Middle" ( MIM) attacks but risks are very limited since 1) attacks should origin from within EGEE subclusters only (due to TCP protocols), and 2) workers and clients software include coordinator public key, then if one is able to securely ensure worker and client binaries installation to dedicated pools, the full system is not subject to MIM attacks since key exchanges will not be necessary any more.

A certification system based on X.509 certificates is under integration in XtremWeb. Subsequent experiments and futures XtremWeb installations will implement one, based on Open-SSL, allowing extension of clients and workers authentication by the coordinator.


[ < ] [ > ]   [ << ] [ Up ] [ >> ]         [Top] [Contents] [Index] [ ? ]

8.2.2 Applications, parameters and results protection.

EGEE subclusters belonging to different administration domains fetch applications and tasks, and store results on the central coordinator. The only security issue concerning applications, parameters and results transfers is then about the connections between EGEE worker nodes and the coordinator. To ensure connection security between domains, 1) every connection from any client and worker to the coordinator is encrypted through SSL tunnels; 2) workers can only connect to the coordinator for which they have the public key. These two mechanisms prevent malicious participants to be able to intercept and read any connection, to connect to the coordinator and EGEE worker nodes to connect to a wrong XtremWeb coordinator.


[ < ] [ > ]   [ << ] [ Up ] [ >> ]         [Top] [Contents] [Index] [ ? ]

8.2.3 Node integrity.

If, for any reason, a malicious user succeeds on accessing the system and launching an aggressive application, XtremWeb workers still protect their host by implementing sand-boxingSANDBOX2,SANDBOX3,SANDBOX1 for binary applications. This is a secure way to execute applications, providing rights to do some actions and denying some others. One should note that Java applications are always executed inside a virtual machine which includes securityJAVASECURITY; XtremWeb uses this functionality in two levels, one for the worker itself and a more restrictive one for the downloaded Java byte code. On the contrary, binary (or native) applications have access to the full hosting system by nature; workers are configured to run any task of that type inside a sand-box which is fully customizable, from memory usage to file system operations.
Java and sand-boxes, have performance costsSANDBOX-PERF; one can then disable this functionality on highly secured systems, such as clusters under a fully closed firewall.


[ < ] [ > ]   [ << ] [ Up ] [ >> ]         [Top] [Contents] [Index] [ ? ]

8.2.4 Access confinement.

XtremWeb 2.0.0 introduces the notion of user rights and access rights. These new features permit to extend user actions over the platform as well as to define groups.
Access rights must be understood as linux file system ones (e.g. 0x755, uog+r etc.) and are used to define data (which is also a new paradigm in XtremWeb 2.0.0 but not discuss in this paper), application and job accesses. The default access is 0x755 which grants full access (read, write, execute) to owner, and limited access (read, execute) to users belonging to the owner group read and execute, as well as other users. Denying access to non group users, for example, consists to set access rights to 0x750. The middleware includes the xwchmod command to do so.
Any user can insert its own applications in the platform. This feature could lead to security hazards since this could allow users to insert malicious applications. This is solved by access rights. A standard user can only insert private applications; any submitted jobs referring private applications are private too. There is no way to modify these; even xwchmod can't help to modify access rights of private entities (applications or jobs). A private entity has its access rights set to 0x700 which grants owner access only.
Inserting group or public entities needs advanced privileges which grants this action.

User rights, associated with access rights, permit to define public, groups and private levels. They define the action users can perform over the platform. The three main level rights are standard, worker and advanced. The standard level grants data management, job submission and private application insertion as defined earlier. The advanced level grants full access to the platform including private, group and public entities, as well as users, user groups and workers management.
To understand the last right level, worker, one must clearly understand that workers run under an identity registered on the coordinator. When a worker sends a message to request a job to compute, or for any other reason, it presents its identity, registered as an user identity and defining user rights level.
This level right permits to delegate user rights to workers so that they can access entities as if they were the entity owner. A public worker can bypass entities access rights in order to update them even if their access rights do not allow that action. This is used to update jobs status to COMPLETED when it has successfully been computed by a worker, or to store jobs results and set the owner to the job owner.
At installation time, the platform includes a specific user defined with worker level right, aiming to deploy public workers.

grouping

On the other hand, we can also deploy private workers. Workers are private ones if they use a standard identity without the worker user rights level. Private workers will only compute private jobs.

Finally we can deploy group workers. Workers are group ones if they use an identity included in a group and defined with the worker user rights level. Group workers will only compute jobs of the same group.

The figure @ref{fig:groups} shows worker groups and the types of job they can run. We see that private jobs are run on private workers only, and groups jobs are run on group workers only. Public jobs can only be run on public workers.


[ < ] [ > ]   [ << ] [ Up ] [ >> ]         [Top] [Contents] [Index] [ ? ]

8.3 Configuring the XWHEP bridge

You will find a `conf/xtremweb.server.conf' file in the distribution. If you have downloaded the sources distribution, the installation process create it for you in your installation directory by the make install command.

The configuration of the file consists of a pair of keys and their values separated by the `=' character. A line begining by `#' is a comment.



[ < ] [ > ]   [ << ] [ Up ] [ >> ]         [Top] [Contents] [Index] [ ? ]

8.4 Launching the XWHEP bridge

Scripts to launch the server are stored in the `bin/' directory.

Be aware that the script uses some definition in `bin/xtremwebconf.sh'.
One should read and edit this file.

The script expect the configuration file to be located in `conf/' directory.

The script `bin/xtremweb.server' helps to manage the server. It request one argument which may take four values : console, start, stop and restart:

Example:

 
 xtremweb.server start

To launch the server, you must have sufficient privileges because the script try to execute the server under the "xtremweb" user defined in your `xtremwebconf.sh' file.



[ < ] [ > ]   [ << ] [ Up ] [ >> ]         [Top] [Contents] [Index] [ ? ]

9. Troubleshooting and reporting bugs

Please report any bugs, remarks, questions etc. to our Trac web site: http://trac.lal.in2o3.fr/DGHEP



[ < ] [ > ]   [ << ] [ Up ] [ >> ]         [Top] [Contents] [Index] [ ? ]

10. Papers

"EDGeS:A Bridge Between Desktop Grids and Service Grids" G. Fedak, H. He, O. Lodygensky, Z. Balaton, Z. Farkas, G. Gombas, P. Kacsuk, R. Lovas, A. Csaba Marosi, I. Kelley, I. Taylor, G. Terstyanszky, T. Kiss, M. Cardenas-Montes, A. Emmen, F. Araujo.
ChinaGrid 2008, Dunhuang, Gansu, CHINA; Aug 20-22, 2008.

"Des systemes client-serveur aux systemes pair a pair"
F. Cappello, G. Fedak, T. Morlier, O. Lodygensky
Chapter in "Enclyclopedie Vuibert"; 2005.

RPC-V: Toward Fault-Tolerant RPC for Internet Connected Desktop Grids with Volatile Nodes.
S. Djilali, T. Herault, O. Lodygensky, T. Morlier, F. Cappello, G. Fedak.
Pittsburgh PA, USA; November 2004.

Programming Models, Security, Tests and Convergence with Grid.
F. Cappello, S. Djilali, G. Fedak, T. Herault, F. Magniette, O. Lodygensky, V. Neri.
Chapter in "Future Generation Computer Systems, Volume 21, Issue 3, March 2005, Pages 417-437"

XtremWeb & Condor : sharing resources between Internet connected Condor pools.
O. Lodygensky, G. Fedak, F. Cappello, V. Neri, M. Livny, D. Thain.
Tokyo, JAPAN; May 12-15, 2003.

Augernome & XtremWeb: Monte Carlos computation on a global computing platform.
O. Lodygensky, G. Fedak, F. Cappello, V. Neri, A. Cordier
CHEP 03, La Jolla CA, USA; March 24-28, 2003.



[ < ] [ > ]   [ << ] [ Up ] [ >> ]         [Top] [Contents] [Index] [ ? ]

11. Index

Jump to:   A   B   C   D   E   F   G   H   I   J   L   M   N   O   P   R   S   T   U   W   X  
Index Entry Section

A
Activation Policy7.2.1 The worker configuration file
admin.login7.1.1 Configuring the XWHEP server
admin.login8.3 Configuring the XWHEP bridge
ANTLR5.1 Pre-requisit
Applications7.3.5 Data management with the XWHEP client
Architecture3.1 Overview

B
Binary package configuration script5.3.2 Running the binary package configuration script
Bridge configuration8.2.4 Access confinement.
Bridge usage8.4 Launching the XWHEP bridge
build.conf5.2 Building from sources
Building from sources (preparing the)5.2.2 Preparing the build process
Building from sources (server administration)5.2 Building from sources

C
Client common parameters7.3.2 Launch an XWHEP client
Client Connection configuration, Client Security7.2.3 Control the XWHEP worker
Client generic actions7.3.2.1 The client common parameters.
Client GUI, graphic user interface7.3.9 The client macro file
Client macro file, Macro file, Macro7.3.8 Results management with the XWHEP client.
Comm7.1.1 Configuring the XWHEP server
Comm8.3 Configuring the XWHEP bridge
configure5.2 Building from sources
Connection configuration, Worker Connection configuration7.2.1 The worker configuration file
Conventions1. Introduction

D
Database5.1 Pre-requisit
Database configuration7.1.1 Configuring the XWHEP server
Database configuration8.3 Configuring the XWHEP bridge
Datas7.3.4 User management with the XWHEP client
DBI7.1.1 Configuring the XWHEP server
DBI8.3 Configuring the XWHEP bridge
Deployment5.4 Deploying the platform
Download4.1 Downloading XWHEP source package
Download4.2 Downloading XWHEP binary package

E
environment, Runtime environment, Job environment7.3.7 Jobs management with the XWHEP client.

F
Features3.3 What can I do with XWHEP
Features3.4 Features
Features3.4.1 User management
Features3.4.2 User rights
Features3.4.3 Access rights
Features3.4.4 Security
Features3.4.5 Volunteer computing management
Features3.4.6 Data management
Features3.4.7 Application management
Features3.4.8 Job management

G
ganglia.www.dir (building from source)5.2.2 Preparing the build process
Grid interconnection8. Connecting XWHEP to other grids

H
HomeDir7.1.1 Configuring the XWHEP server
HomeDir8.3 Configuring the XWHEP bridge
HsqlDb5.1 Pre-requisit

I
Insert application, Application insertion7.3.6 Application management with the XWHEP client
Insert data, Data insertion7.3.5 Data management with the XWHEP client
Insert job, Job insertion7.3.7 Jobs management with the XWHEP client.
Insert user, User insertion7.3.4 User management with the XWHEP client
install.dir (building from source)5.2.2 Preparing the build process
install.www.dir (building from source)5.2.2 Preparing the build process
Installers5.3 Building the deployment packages.
Intergrid sharings8. Connecting XWHEP to other grids

J
Java5.1 Pre-requisit
Java Classes5.1 Pre-requisit
Java Developement Kit5.1 Pre-requisit
java.nio7.1.1 Configuring the XWHEP server
java.nio8.3 Configuring the XWHEP bridge
jcert5.1 Pre-requisit
JDBC5.1 Pre-requisit
jnet5.1 Pre-requisit
Job result7.3.8 Results management with the XWHEP client.
Job state graph3.4.9 Job state graph
Jobs, Works, Tasks7.3.6 Application management with the XWHEP client
jsse5.1 Pre-requisit
JVM5.1 Pre-requisit

L
Linux5.1 Pre-requisit
Linux worker (usage)7.2.2.1 Linux.
List application, Application list7.3.6 Application management with the XWHEP client
List data, Data list7.3.5 Data management with the XWHEP client
List Job, Job list7.3.7 Jobs management with the XWHEP client.
List Task, Task list7.3.7 Jobs management with the XWHEP client.
List user, User list7.3.4 User management with the XWHEP client
Logging facilities7.1.1 Configuring the XWHEP server
Logging facilities8.3 Configuring the XWHEP bridge

M
Mac Os X5.1 Pre-requisit
Mac OS X worker (usage)7.2.2.2 Mac OS X.
Manifest3.4 Features
Manifest5.2.1 Sources package structure
Manifest5.3.1 Binary package structure
MinML5.1 Pre-requisit
ModulesLogged7.1.1 Configuring the XWHEP server
ModulesLogged8.3 Configuring the XWHEP bridge
Monitor6. Monitoring the platform
MysQL5.1 Pre-requisit
Mysql5.1 Pre-requisit

N
NT service (worker)7.2.2.3 Win32.

O
Open SSL5.1 Pre-requisit
Open XML5.1 Pre-requisit
openxml5.1 Pre-requisit
Overview3.1 Overview

P
port.http7.1.1 Configuring the XWHEP server
port.http8.3 Configuring the XWHEP bridge
port.https7.1.1 Configuring the XWHEP server
port.https8.3 Configuring the XWHEP bridge
port.sunrpc7.1.1 Configuring the XWHEP server
port.sunrpc8.3 Configuring the XWHEP bridge
port.tcp7.1.1 Configuring the XWHEP server
port.tcp8.3 Configuring the XWHEP bridge
port.udp7.1.1 Configuring the XWHEP server
port.udp8.3 Configuring the XWHEP bridge
port.worker.http7.1.1 Configuring the XWHEP server
port.worker.http8.3 Configuring the XWHEP bridge
port.xmlrpc7.1.1 Configuring the XWHEP server
port.xmlrpc8.3 Configuring the XWHEP bridge
Pre-requisit5.1 Pre-requisit
Preparing the binary package5.2.3 Preparing the binary package

R
Reading conventions1. Introduction
Requirements5.1 Pre-requisit

S
Security Configuration7.2.1 The worker configuration file
Security configuration, Server Security7.1.1 Configuring the XWHEP server
Security configuration, Server Security8.3 Configuring the XWHEP bridge
Server configuration7.1 XWHEP server
Server installation5.4 Deploying the platform
Server usage7.1.2 Launching XWHEP server
Server, Scheduler7.1 XWHEP server
Sources (building the)5.2 Building from sources
Sources (installing from)5.2.3 Preparing the binary package
SSH5.1 Pre-requisit
SSL5.1 Pre-requisit

T
Task7.1.1 Configuring the XWHEP server
Task8.3 Configuring the XWHEP bridge
Tasks7.3.6 Application management with the XWHEP client
Third party Java classes5.1 Pre-requisit
Third Party Softwares5.1 Pre-requisit

U
Unix5.1 Pre-requisit
Users7.3.3 Worker management with the XWHEP client

W
Windows service (worker)7.2.2.3 Win32.
Windows worker (installation)7.2.2.3 Win32.
worker7.2 XWHEP worker
Worker (Windows service)7.2.2.3 Win32.
Worker configuration7.2.1 The worker configuration file
Worker installation (Windows)7.2.2.3 Win32.
Worker Security7.2.1 The worker configuration file
Worker usage7.2.2 Launch the XWHEP worker
Worker usage7.2.3 Control the XWHEP worker
Worker usage (linux)7.2.2.1 Linux.
Worker usage (Mac OS X)7.2.2.2 Mac OS X.
Workers7.3.2.2 Client generic actions
Works7.3.6 Application management with the XWHEP client

X
XML5.1 Pre-requisit
xtremweb.role7.1.1 Configuring the XWHEP server
xtremweb.role8.3 Configuring the XWHEP bridge
xtremweb.worker.conf7.2.1 The worker configuration file
xwconfigure5.3.2 Running the binary package configuration script
XWdbHost7.1.1 Configuring the XWHEP server
XWdbHost8.3 Configuring the XWHEP bridge
XWdbName7.1.1 Configuring the XWHEP server
XWdbName8.3 Configuring the XWHEP bridge
XWdbPass7.1.1 Configuring the XWHEP server
XWdbPass8.3 Configuring the XWHEP bridge
XWdbUser7.1.1 Configuring the XWHEP server
XWdbUser8.3 Configuring the XWHEP bridge
xwidl.opts (building from source)5.2.2 Preparing the build process
XWKeyStore7.1.1 Configuring the XWHEP server
XWKeyStore8.3 Configuring the XWHEP bridge
XWpassPhrase7.1.1 Configuring the XWHEP server
XWpassPhrase8.3 Configuring the XWHEP bridge
XWServer7.1.1 Configuring the XWHEP server
XWServer8.3 Configuring the XWHEP bridge

Jump to:   A   B   C   D   E   F   G   H   I   J   L   M   N   O   P   R   S   T   U   W   X  

[Top] [Contents] [Index] [ ? ]

Footnotes

(1)

Since XWHEP 5.0.0, the platform also permits to use X509 certificates, but this is still usable under certains circunstances only.


[Top] [Contents] [Index] [ ? ]

Table of Contents


[Top] [Contents] [Index] [ ? ]

About This Document

This document was generated by Oleg Lodygensky on September, 11 2009 using texi2html 1.70.

The buttons in the navigation panels have the following meaning:

Button Name Go to From 1.2.3 go to
[ < ] Back previous section in reading order 1.2.2
[ > ] Forward next section in reading order 1.2.4
[ << ] FastBack beginning of this chapter or previous chapter 1
[ Up ] Up up section 1.2
[ >> ] FastForward next chapter 2
[Top] Top cover (top) of document  
[Contents] Contents table of contents  
[Index] Index index  
[ ? ] About about (help)  

where the Example assumes that the current position is at Subsubsection One-Two-Three of a document of the following structure:


This document was generated by Oleg Lodygensky on September, 11 2009 using texi2html 1.70.