HUBzero Cyberinfrastructure for Digital Scholarship, h Dissemination, Collaboration, and Outreach Nicholas J. Kisseberth Senior Software Engineer Purdue University
I STILLwant to do it all by myself! Installing the HUBzero Software Stack (setting up the middleware)
Middleware What sets HUBzero apart? TOOLS But let s call them HUB s (lications) 3
Key Technology HUBzero s work through two key technologies 4
VNC Virtual Network Computing (VNC) is a graphical desktop sharing system that uses the RFB protocol. HUBzero uses a modified TightVNC Client Java let in your browser which (indirectly) connects to a modified RealVNC enabled X Server (XVnc) running inside an OpenVZ Linux container. A HUB runs in the same Linux container and routes it s display to the XVnc server. 5
OpenVZ OpenVZ is container-based virtualization for Linux. OpenVZ creates multiple secure, isolated containers on a single physical server enabling better server utilization and ensuring that applications do not conflict. HUBzero uses one OpenVZ container for each HUB session. OpenVZ containers are very light weight and incur very little overhead making them an ideal choice for on-demand application sandboxing.. 6
The Future of OpenVZ OpenVZ requires a customized Linux Kernel. Debian GNU/Linux 5.0 includes a package for this modified kernel. It is unclear whether there will be a similar package for Debian GNU/Linux 6.0. In which h case we will try to package a stock kernel direct from OpenVZ for HUBzero. Newer stock Linux kernels are now shipping with a similar feature simply called Linux Containers (lxc) which may be a future direction for HUBzero. It appears to have most of the features we need to implement our middleware infrastructure. 7
HUBzero Infrastructure Render Server Render Server Grid/Cloud Resources Execution Host Execution Host MySQL LDAP Web Server vncproxy apache Mail socat File Server HUB stunnel4 XVnc Execution Host Execution Host Execution Host Execution Host Execution Host Execution Host 8
HUB in a box Render Server Grid/Cloud Resources Web Server HUB socat stunnel4 XVnc vncproxy Apache MySQL LDAP Mail 9
IPTABLES HUB lication containers communicate over a private internal network and connect to the outside world through a NAT firewall. In order to route network traffic out of HUB lication containers out to the public internet it is necessary to use iptables to configure the Linux kernel firewall (netfilters). Example scripts for this and general firewall operations are given in /etc/mw/firewall_on and /etc/mw/firewall_off. These scripts should be modified to meet the security requirements of your infrastructure. 10
Maxwell Service The HUBzero Maxwell Service gets run on Execution Hosts to manage the lication Containers on behalf of the HUBzero Maxwell Client. Web Server Maxwell Client stunnel4 HUB XVnc Apache Server Maxwell Service Execution Host 11
Maxwell Client The HUBzero Maxwell client takes requests from the HUBzero CMS and routes them to the appropriate Execution Host. The primary functions are to start, stop and view (set up VNC connection to) lication Containers. Web Server Maxwell Client stunnel4 HUB XVnc Apache Server Maxwell Service Execution Host 12
VNC Client A HUBzero modified Tight VNC Java let. Modifications include dynamic resizing, SSL, client actions, ZRLE compression and HUBzero session tokens. Problems:» Lack of cut & paste support» JVM under Firefox on Mac OS/X buggy» Incompatible with OpenJDK» Java let Plug-in has buggy lifecycle requiring browser restarts. 13
VNC Proxy VNCProxy runs on the web server and routes incoming connections coming in on port 8080 to their respective session lication Container endpoint (possibly on different hosts). Web Server HUB vncproxy socat stunnel4 XVnc 14
Problems with vncproxy Inability to have unrestricted outgoing connections to port 8080 is the number one issue we have with clients being unable to use HUB applications. Work is in progress on solutions to route connections through the Apache 2 web server (on port 443), possibly encapsulated inside of HTTPS streams in order to traverse various firewall/proxy systems used around the world. 15
Session Expiration The expire-sessions script runs in the background and monitors HUB lication Sessions. Each application has a timeout value If the session ever goes that long without an open view connection it will get terminated automatically. expiresessions Execution Host Web Server Execution Host 16
Telequotad The telequotad service runs on the fileserver and acts as a service for monitoring user disk quotas. The HUBzero CMS (if configured to do so) uses this service to provide the disk status bar on the myhub page and on the application view page. 17
The lication Container All HUB s run inside an OpenVZ container. All containers on an execution host share a common read-only directory hierarchy mounted on top of a session dependent dynamically created read/write hierarchy. The read/write (/tmp,/etc) portions are discarded after each session exits. /var/lib/vz/template/debian-5.0-amd64-maxwell / / / / / /tmp /etc /tmp /etc /tmp /etc /tmp /etc /tmp /etc 18
Configure CMS Tools/Middleware Component 19
20 CMS Tools Configuration
Installing packages inside Containers The common read-only hierarchy is created using debbootstrap which builds a Debian GNU/Linux system rooted at a given point on the execution host (typically /var/lib/vz/template/debian-5.0- amd64-maxwell). Debian packages can be installed in this image by using chroot on that directory and run package tools normally. A number of hubzero packages get preinstalled (XVnc and related tools). Don t forget to exit the chroot environment when you are done. /var/lib/vz/template/debian-5.0-amd64-maxwell 21
HUB s get installed into the /apps directory. Typically /apps is on a filesystem shared by multiple execution hosts so it is impractical to use Debian packaging to install them. s We have begun to develop a utility hubzero-app for installing prepackaged apps into /apps. It is in a very rudimentary state at the moment, having just been written for this conference! 22
Workspace is the first prepackaged app, and provides a light Linux desktop environment that can be used for development. Workspace 23
24 Contribtool
25 Contribtool
Publish ANY X11/Linux Tool GNU Chess MATLAB Program 26
The Rappture Toolkit Rappture = Simulation uato Code Scientist Rapid lication Infrastructure Released in May 2005 Open Source (rappture.org) Create standard d desktop apps Works with your favorite programming language 27
Demo at http://hubzero.org/tour >> 28 Create tools like this
Used to Create/Deploy Hundreds of Tools 29
Filexfer Getting files in and out of an lication Container can be an awkward task. We have developed a small utility called Filexfer which starts up a simple web server in the application container and then provide the necessary connection glue to proxy requests through the main HUBzero web server into the container for the purposes of transferring files. Rappture uses the same core functions to provide its upload and download file features. At the time of this presentation filexfer has not been completely packaged and configured for distribution. This will occur in the next several days or weeks. 30
31 All done
Submit Stay tuned for the next exciting presentation where Steve Clark will share with you the wonders of the HUBzero Middleware job submission infrastructure (submit) 32