CROWN Grid Tutorial Qin Li liqin@act. buaa. edu. cn Beihang University
Agenda • CROWN Overview • CROWN User Environments • CROWN System Administration EU project: RIO 31844 -OMII-EUROPE
Agenda • CROWN Overview – Architecture – Modules Introduction • CROWN User Environments • CROWN System Administration EU project: RIO 31844 -OMII-EUROPE
What’s CROWN • CROWN China Research and Development environment Over Wide-area Network – Jointly Funded by • National Natural Science Foundation of China – NSFC e-Science Program • Ministry of Science and Technology of China – 863 Hi-Tech Program, OMII-China Project – 973 National Basic Research Program, VCE Project • CROWN is – A Grid Middleware Suite – A Prototype of China E-Science Portal – A Research Platform of Grid Technology EU project: RIO 31844 -OMII-EUROPE
CROWN Partners EU project: RIO 31844 -OMII-EUROPE
CROWN Release History May 18, 2005 CROWN v 1. 0 May 23, 2005 CROWN v 1. 0 English Version First Preview version v 0. 92 2005 Jan Feb v 1. 0 RC 1 v 1. 0 RC 2 Mar Apr May Jun Dec 23, 2005 CROWN v 2. 0 Release Internal update v 1. 5 v 2. 0 RC 1 Jul Aug Sep Oct v 2. 0 RC 2 Nov Dec Internal update v 2. 5 2006 Jan Feb Mar Apr May Jun CROWN Pre 3. 0 CROWN v 2. 5. 1 Jul Aug Sep Oct Nov Dec EU project: RIO 31844 -OMII-EUROPE 2018/3/16 6
Application Layer App App Rich Client Framework App Rich Internet Application Portals Scheduler Query Info CROWN Designer RLDS Eclipse RLDS Generate Services Middleware Layer Resource Layer RLDS Resource Management RLDS S S Node Server Sec Install / Config PC Resources RLDS Register to … S Monitor JDT PDE S Node Server Sec Install / Config Wf. S Workflow Engine Node Server Sec Install / Config Cluster Front End Device Host Cluster Nodes Devices EU project: RIO 31844 -OMII-EUROPE
CROWN Node Server • Node Server: An Extension to GT 4. 0. 0 WSRF Container – Remote Management (Remote/Hot Deploy) – Dynamics Resource Information Monitoring EU project: RIO 31844 -OMII-EUROPE
CROWN RLDS • RLDS: Resource Locating & Description Service – A distributed Grid information Service Architecture – Soft-state maintenance, topology management of RLDS – Collecting of Information of Resources (Hosts) & Web / Grid Services – Advanced GIQL Query to find available services or servers EU project: RIO 31844 -OMII-EUROPE
Resource Organization & Management Gateway to Other Grid 1 Region Switch Other Regions Gateway to Other Grid 2 Domain RLDS Node Services Domain RLDS Node Device Driver Service EU project: RIO 31844 -OMII-EUROPE
CROWN Designer • Designer: an Eclipse Plug-in for Grid Service Development – Support the WSRF/WS-I Service Development, Deployment and Debugging – Automatic Generation of Code Skeleton & WSDL for Java Web Services EU project: RIO 31844 -OMII-EUROPE
CROWN Portal • Portal: A JSP-based Web Interface – User Registration / Certification Management – Application Integration & User Job Submission – Rich Internet Architecture (RIA) based User Experience EU project: RIO 31844 -OMII-EUROPE
CROWN Scheduler • Scheduler: A Hierarchal Job Submission and Execution Service – Specification adopt: • OGSA-BES, OGSA-JSDL, OGSA-HPCP – Hierarchal Job Scheduling – Job Execution: • POSIX / Web Service / PBS Job supported RLDS Portal GS LS LS … LS GS = Global Scheduler LS = Local Scheduler EU project: RIO 31844 -OMII-EUROPE
CROWN Monitor • Monitor: An event based grid monitoring system – PUSH / PULL info collecting – Event Collectors / Consumers – Eclipse RCP based UI – Quasi real-time monitoring EU project: RIO 31844 -OMII-EUROPE
CROWN Data • Data: A data mgmt. , transmission and access system – Fast & Reliable data transmission – Transparent data access interface – Unified data perspective – Replication management – Data Locating EU project: RIO 31844 -OMII-EUROPE
CROWN Data Architecture EU project: RIO 31844 -OMII-EUROPE
CROWN Home • CROWN Home: provided GUI for Node Server – Eclipse RCP based GUI – Desktop users • Java Code Security in CROWN Node Server • CPU/Memory/Disk quota • Visualized Security Configuration & Certificate Mgmt. EU project: RIO 31844 -OMII-EUROPE
Security Architecture for CROWN Region 1 Region CA Region 2 Region KDC ? Identity Mapping& Credential Converting Service Domain CA Node 1 Node 2 … Node n Domain 1. 1 … Domain Authentication Service Domain Authorization Service Domain KDC Domain Authentication Service Domain Authorization Service Node n Domain 2. 1 EU project: RIO 31844 -OMII-EUROPE
Security Architecture for CROWN Authorization Handler ATN Authz Service Identity Mapping Auth Service SAML Node Security Chain XACML Security Chain Framework WS-Trust WS-Policy WS-Sec. Conv Authentication Handler Sec. Conv & ATN Handler Sec. Conv WS-Security Services EU project: RIO 31844 -OMII-EUROPE
CROWN Testbed -China(2006) Beihang University CNIC, CAS Peking University Tsinghua University LASG, CAS Chicago Beijing Chongqing University Shanghai Leeds Chongqing Changsha National University of Defense Technology HKUST: Hong Kong University of Science & Technology Hong Kong Melbourne EU project: RIO 31844 -OMII-EUROPE
CROWN Applications • AREM: Advanced Regional Eta-coordinate Numerical Prediction Model. (This is a Numeric Simulation of Weather Forecasting for a certain region) • MDP: Massive Multimedia Data Processing Platform • Blast: A well-known Gene Sequence Comparison Program • DSSR: Digital Sky Survey Retrieval, an of Virtual Observatory • UDMGrid: University Digital Museum Powered by CROWN, a application of OGSA-DAI. Heterogamous Databases Integration • …… EU project: RIO 31844 -OMII-EUROPE
CROWN 3. 0 - Virtual Computing Environment-2007 • 5 -Tier Architecture – Service Coordination Layer – Service Management Layer – Open Service Layer* – Virtual Resource Layer* – Physical Resource Layer Service Coordination Layer Service Management Layer Open Service Layer Virtual Resource Layer EU project: RIO 31844 -OMII-EUROPE
Agenda • CROWN Overview • CROWN User Environments – How to setup a basic CROWN grid environment – How to develop and deploy a CROWN service EU project: RIO 31844 -OMII-EUROPE
How to setup a basic CROWN grid environment User Case Scenario Inter-Region. Registry Region. Switch Root RLDS Child RLDS Region. Switch RLDS Child RLDS EU project: RIO 31844 -OMII-EUROPE
How to setup a basic CROWN grid environment • • • Preparation work for the best practice Install a Single CROWN Node Server Install Information Services Install Schedule Service Verify the Installation of CROWN EU project: RIO 31844 -OMII-EUROPE
How to setup a basic CROWN grid environment - Preparation work for the best practice • Set the environment variable for JDK • Install the My. SQL database server • Get the software packages – crown_nodeserver_2. 5. zip – crown_schedule_service_2. 5. zip – crown_rlds_service_2. 5. zip – crown_gims_service_2. 5. zip – crown_regionswitch_service_2. 5. zip – crown_regionregistry_service_2. 5. zip EU project: RIO 31844 -OMII-EUROPE
How to setup a basic CROWN grid environment - Install a Single CROWN Node Server • • Configure & Admin the Node Sever Remote & Hot Deployment/Undeployment Remote Container Configuration Remote Monitoring EU project: RIO 31844 -OMII-EUROPE
How to setup a basic CROWN grid environment - Install a Single CROWN Node Server • Configure & Admin the Node Sever – Download & Extract Node Server – Setup %GLOBUS_LOCATION% environment variable – Edit the configuration files • configcontainer-config. xml • configstaticsysinfo. xml – Start Node. Server • start-crown-server. sh – Stop Node. Server • stop-crown-server. sh EU project: RIO 31844 -OMII-EUROPE
How to setup a basic CROWN grid environment - Remote & Hot Deployment • Get a gar(grid archive) file – crown_hello_service. gar • First method (local) – copy the gar file to %GLOBUS_LOCATION%auto-deploy • Second method (under linux) (remote) – scp the gar file hostname: /pathto_ns/auto-deploy • Third method (remote) – cd %GLOBUS_LOCATION% – bincrown-remote-deploy -o Attachment –a crown_hello_service. gar s http: //remotehost: 8080/wsrf/services/Remote. Deploy. Service EU project: RIO 31844 -OMII-EUROPE
![How to setup a basic CROWN grid environment Screen Output [CROWN Node. Server Deployer]](https://present5.com/presentation/570e02d265a4d48d678a4234dc03d205/image-30.jpg "How to setup a basic CROWN grid environment Screen Output [CROWN Node. Server Deployer]")
How to setup a basic CROWN grid environment Screen Output [CROWN Node. Server Deployer] begin deploy preprocess [CROWN Node. Server Deployer] cn. org. crown. server. deploy. preprocessor. GARIntegrity Check. Pre. Processor: the gar is ok [CROWN Node. Server Deployer] cn. org. crown. server. deploy. preprocessor. WSDDValidate Pre. Processor: the WSDD file is valid! [CROWN Node. Server Deployer] deploy preprocess complete [CROWN Node. Server Deployer] begin to decompress gar package. . . [CROWN Node. Server Deployer] begin to copy jar files. . . [CROWN Node. Server Deployer] begin to copy WSDD file. . . [CROWN Node. Server Deployer] begin to copy WSDL files. . . [CROWN Node. Server Deployer] begin to copy bin files. . . [CROWN Node. Server Deployer] begin to handle client-config. wsdd. . . [CROWN Node. Server Deployer] begin to generate undeploy. xml. . . [CROWN Node. Server Deployer] begin to handle post-deploy. xml. . . [CROWN Node. Server] begin to update Axis Server. . . [CROWN Node. Server] update Axis Server successfully [Auto Deployer] GAR file crown_hello_service. gar redeployed successfuly [Server. Config. Updater] Server Config updated. . . EU project: RIO 31844 -OMII-EUROPE
How to setup a basic CROWN grid environment Remote Undeployment • First method (local) – del %GLOBUS_LOCATION%autodeploycrown_hello_service. gar • Second method (remote) – cd %GLOBUS_LOCATION% – bincrown-remote-undeploy. bat –n crown_hello_service –s http: //remotehost: 8080/wsrf/services/Remote. Deploy. Service EU project: RIO 31844 -OMII-EUROPE
![How to setup a basic CROWN grid environment Screen Output [Auto Deployer] Undeploying crown_hello_service.](https://present5.com/presentation/570e02d265a4d48d678a4234dc03d205/image-32.jpg "How to setup a basic CROWN grid environment Screen Output [Auto Deployer] Undeploying crown_hello_service.")
How to setup a basic CROWN grid environment Screen Output [Auto Deployer] Undeploying crown_hello_service. gar [CROWN Node. Server Deployer] undeploy crown_hello_service. gar. . . [CROWN Node. Server Deployer] begin to delete folder etcHello. World. . . [CROWN Node. Server Deployer] begin to delete file bincnorgcrownHello. World. class. . . [CROWN Node. Server Deployer] begin to delete file shareschemaHello. World. wsdl. . . [CROWN Node. Server Deployer] begin to delete folder libHello. World. . . [CROWN Node. Server Deployer] begin to delete undeploy. xml. . . [CROWN Node. Server] begin to update Axis Server. . . [CROWN Node. Server] update Axis Server successfully [Auto Deployer] GAR file crown_hello_service. gar undeploy successfuly [Server. Config. Updater] Server Config updated. . . EU project: RIO 31844 -OMII-EUROPE
How to setup a basic CROWN grid environment Get Deployed Service List > bincrown-get-deployed-gars. bat Deployed Gars are: crown_container_config_service crown_container_stat_service crown_log_service crown_remote_deploy crown_resource_monitor … crown_hello_service EU project: RIO 31844 -OMII-EUROPE
How to setup a basic CROWN grid environment Node Server Remote Configuration • Enable/Disable Service – bincrown-disable-service. bat • Thread Pool Configuration – bincrown-get-thread-pool-info. bat – bincrown-set-pool-size. bat – bincrown-set-high-water-mark. bat EU project: RIO 31844 -OMII-EUROPE
How to setup a basic CROWN grid environment Remote Monitoring • Node. Server will report CPU/Mem/Disk usage to RLDS • CROWN Monitor will collection those information from RLDS EU project: RIO 31844 -OMII-EUROPE
How to setup a basic CROWN grid environment - Install Information Services • Install Information Services – Install Region. Registry Service – Install Region. Switch Service – Install GIMS Service – Install RLDS Service EU project: RIO 31844 -OMII-EUROPE
How to setup a basic CROWN grid environment - Install Information Services • Install Region. Registry Service – Unzip the file crown_regionregistry_service_2. 5. zip – Copy the gar file to the %GLOBUS_LOCATION%auto -deploy directory • Install Region. Switch Service – Unzip the file crown_regionswitch_service_2. 5. zip – Copy the gar file to the %GLOBUS_LOCATION%auto -deploy directory – Edit the configuration file etccrown_regionswitch_serviceRegion. Switch. Ser vice. conf EU project: RIO 31844 -OMII-EUROPE
How to setup a basic CROWN grid environment - Install Information Services • Install GIMS Service – Unzip the file crown_gims_service_2. 5. zip – Copy the gar file to %GLOBUS_LOCATION%autodeploy directory – The Node Server will auto-deploy the service – Stop the Node Server – Configure the GIMS Service • Import the DB table using etccrown_gims_servicemysqlgims. sql • Edit file etccrown_gims_serviceGIMSService. conf EU project: RIO 31844 -OMII-EUROPE
How to setup a basic CROWN grid environment - Install Information Services • Install RLDS Service – Unzip the file crown_rlds_service_2. 5. zip – Copy the gar to the %GLOBUS_LOCATION%/autodeploy directory – The Node Server will auto-deploy the service – Stop the Node Server – Configure the RLDS Service • Import the DB table using etccrown_rlds_servicemysqlrlds. sql • Edit etccrown_rlds_serviceRLDSService. conf EU project: RIO 31844 -OMII-EUROPE
How to setup a basic CROWN grid environment Install Schedule Service • Install Schedule Service – Unzip the file crown_schedule_service_2. 5. zip – Copy the gar file to %GLOBUS_LOCATION%autodeploy directory – The Node Server will auto-deploy the service – Stop the Node Server – Configure the Schedule Service • Import the DB table using etc/crown_schedule_service/CROWN_Scheduler. sql • Edit the configure file etc/crown_schedule_service/schedule-config. xml EU project: RIO 31844 -OMII-EUROPE
How to setup a basic CROWN grid environment • Verify the Installation of CROWN – Fetch the region list of the test environment • bincrown-regionregistry-get-allregions. bat – Query the topology of the RLDS • bincrown-rlds-get-topology. bat – Get the information model of certain region • bincrown-gims-show-ims. bat – Submit job using schedule client • bincrown-schedule-client. bat EU project: RIO 31844 -OMII-EUROPE
Agenda • CROWN Overview • CROWN User Environments – How to setup a basic CROWN grid environment – How to develop and deploy a CROWN service • CROWN System Administration EU project: RIO 31844 -OMII-EUROPE
How to develop and deploy a CROWN service User Case Scenario Query s Deploy Undeploy EU project: RIO 31844 -OMII-EUROPE
How to develop and deploy a CROWN service • • • Install CROWN Designer Use CROWN Designer to develop a Service Query service information from RLDS Deploy the service to the environment Undeploy the service from the environment EU project: RIO 31844 -OMII-EUROPE
How to develop and deploy a CROWN service Install CROWN Designer • Install CROWN Designer – Install the Eclipse SDK 3. 1 for win 32 – Unzip the crown_designer_2. 5. zip – Copy the directory cn. org. crown. designer 2. 5 to the plugins directory in where Eclipse installed – Launch the Eclipse Software • Select a proper workspace directory – Verify the installation EU project: RIO 31844 -OMII-EUROPE
How to develop and deploy a CROWN service Install CROWN Designer • How to verify the installation – From the menu Help -> About Eclipse SDK -> Plug-in Details EU project: RIO 31844 -OMII-EUROPE
How to develop and deploy a CROWN service Use CROWN Designer to develop a Service • Use CROWN Designer to develop a Service – Create a CROWN Project from menu File -> New -> Project EU project: RIO 31844 -OMII-EUROPE
How to develop and deploy a CROWN service Use CROWN Designer to develop a Service • The Project directory structure EU project: RIO 31844 -OMII-EUROPE
How to develop and deploy a CROWN service Use CROWN Designer to develop a Service • Create the Java implementation class for the service – Right click context menu New -> Class EU project: RIO 31844 -OMII-EUROPE
How to develop and deploy a CROWN service Use CROWN Designer to develop a Service • Create the WSDL/WSDD files for the service – Right click context menu CROWNDesigner -> New Service EU project: RIO 31844 -OMII-EUROPE
How to develop and deploy a CROWN service Use CROWN Designer to develop a Service EU project: RIO 31844 -OMII-EUROPE
How to develop and deploy a CROWN service Use CROWN Designer to develop a Service • Packaging the Service – Right click context menu CROWNDesigner->Make Gar – A Gar file will be generated EU project: RIO 31844 -OMII-EUROPE
How to develop and deploy a CROWN service Query service information from RLDS • Query service information from RLDS – Open a CROWN Explorer View • Configure the Region Registry IP Address and Port – Get the topology of the environment – Query the services information of the Node Server EU project: RIO 31844 -OMII-EUROPE
How to develop and deploy a CROWN service Deploy/Undeploy the service to the environment • Deploy and Undeploy the Service – Deploy – Drag and Drop to the Node Server – Undeploy – Right Click on the Service EU project: RIO 31844 -OMII-EUROPE
Agenda • CROWN Overview • CROWN User Environments – How to setup a basic CROWN grid environment – How to develop and deploy a CROWN service • CROWN System Administration – How to secure a CROWN service EU project: RIO 31844 -OMII-EUROPE
How to secure a CROWN service - Service Security • Service Security Type – X. 509 Signature & Encryption – Authorize by user’s identity – Authorize by user’s IP address –… • GUI Interface for Security Client – CROWN Launcher • Sample Service used in this scenario – Get. Deployed. Gars operation of CROWN remote deploy service EU project: RIO 31844 -OMII-EUROPE
How to secure a CROWN service Directory of configuration • x. 509 – X. 509 Signature & Encryption • authz. id – Authorize by user’s identity • authz. ip – Authorize by user’s IP address • Client – Client side configuration file EU project: RIO 31844 -OMII-EUROPE
How to secure a CROWN service Configuration file • • service-cert. pem – X. 509 certificate of service-key. pem – RSA private key of service security-config. xml – Security configuration of service auth. properties – Authentication parameter trusted. Ca. store – Trusted ca certificate keystore xacml. xml – XACML Access control policy attribute. xml – XAML attribute file EU project: RIO 31844 -OMII-EUROPE
How to secure a CROWN service Import the Client cert and key EU project: RIO 31844 -OMII-EUROPE
How to secure a CROWN service Import the Client cert and key • Add user’s credential – Choice credential type – Specify the location of certificate Path – Specify the path of private key EU project: RIO 31844 -OMII-EUROPE
How to secure a CROWN service X 509 • Service side – Copy files in x. 509 dir to %GLOBUS_LOCATION%/etc/crown_remote_deploy • Client side – Copy files in client to $HOME/. globus/ – or add client user & key to Launcher • Run – Without X. 509 signature, the access will be denied – Using X. 509 Signature, the access will be allowed EU project: RIO 31844 -OMII-EUROPE
How to secure a CROWN service X 509 EU project: RIO 31844 -OMII-EUROPE
How to secure a CROWN service X 509 EU project: RIO 31844 -OMII-EUROPE
How to secure a CROWN service X 509 EU project: RIO 31844 -OMII-EUROPE
How to secure a CROWN service Authorize by user’s Identity • Service side – Copy files in x. 509 dir to %GLOBUS_LOCATION%/etc/crown_remote_deploy • Client side – Copy files in client to $HOME/. globus/ – or add client user & key to Launcher • Run – According to XACML security policy, the access of user deploy_user will be denied – After the modification, the access of deploy_user is allowed EU project: RIO 31844 -OMII-EUROPE
How to secure a CROWN service Authorize by user’s Identity EU project: RIO 31844 -OMII-EUROPE
How to secure a CROWN service Authorize by user’s Identity EU project: RIO 31844 -OMII-EUROPE
How to secure a CROWN service Authorize by user’s IP address • Service side – Copy files in x. 509 dir to %GLOBUS_LOCATION%/etc/crown_remote_deploy • Client side – Copy files in client to $HOME/. globus/ – or add client user & key to Launcher • Run – According to XACML security policy, the access of certain IP address will be denied – After the modification, the access of certain IP address is allowed EU project: RIO 31844 -OMII-EUROPE
How to secure a CROWN service Authorize by user’s IP address EU project: RIO 31844 -OMII-EUROPE
How to secure a CROWN service Authorize by user’s IP address EU project: RIO 31844 -OMII-EUROPE
Conclusion • CROWN is a middleware suite and a testbed for China e-Science users • This tutorial shows – CROWN provides the function of resource organization and management – CROWN provides GUI IDE for developer – CROWN provides easy to use security configuration & security interoperation • CROWN Portal English Version – http: //www. crown. org. cn/en EU project: RIO 31844 -OMII-EUROPE
Any Questions? EU project: RIO 31844 -OMII-EUROPE
Скачать презентацию CROWN Grid Tutorial Qin Li liqin act buaa edu
570e02d265a4d48d678a4234dc03d205.ppt