Clusterix Dynamic Clusters Administration Tutorial Marcin Pawlik <marcin.pawlik@pwr.wroc.pl>, Jan Kwiatkowski <jan.kwiatkowski@pwr.wroc.pl> IIS, WIZ, PWr
Tutorial outline Clusterix and dynamic clusters introduction Clusterix security infrastructure Clusterix project internals Dynamic cluster attachment procedure Cumulus dynamic cluster demonstration
Presentation outline Cumulus metacluster description Dynamic clusters attachment procedure Clusterix utilization
Work motivation Creation of a parallel processing environment Joining the Clusterix Access to a nation-wide Grid environment Higher computational power Higher availability
Cumulus computational environment Grid environment with full access to the underlying hardware and software infrastructure Requirements: Cost effective utilizes existing hardware infrastructure Not invasive no large modifications to the existing infrastructure needed Cohabitative no degeneration of the existing functionality Useful meets our scientific and educational requirements
Cumulus metacluster implementation Assumptions network boot remotely mounted file systems optional local swap and scratch space Features easy to control and modify higher server load
Cumulus environment characteristics Fully controllable the nodes are fully dedicated to the cluster Modifications only in the cluster space Operates when the machines are not utilized Not fully available works only part-time
Model extensions Addition of dedicated nodes - full availability for testing purposes Dual mode of operations - as a local computing environment and as a part of a computational Grid 100Mbps
Clusterix structure
Dynamic Computing Resources Architecture Dynamic cluster attachment Requirements needs to be checked against new clusters Installed software SSL certificates Communication through router/firewall Network Monitoring System will automatically discover new resources Regular Cluster Local Switch PIONIER Backbone Switch Dynamic Resources Internet New cluster can serve computing power like the regular ones Router Firewall
Connection of a Dynamic Cluster Nodes Access node Firewall Nodes Local switch Internet DYNAMIC CLUSTER Firewall/ router Switch Not concerned about the internal structure of dynamic cluster Anyway it needs to have a public firewall Dynamic cluster must build a connection through the untrusted Internet Backbone network Connection via the local cluster firewall to the core
Dynamic cluster connection necessary steps Initial procedure Initial contact Dynamic cluster software requirements Security certificates Clusterix firewall selection Necessary Clusterix software installation Attachment/detachment
Globus Toolkit Security Infrastructure + Resource Management Information Services Data Management
Virtual User Account System john js jsmith jsmith Virtual User smith System Account foo acc01 Wrocław, June 2006
Grid Resource Management System In Clusterix, we base on GRMS developed in Gridlab project The main functionality of GRMS include: ability to choose the best resource for the task execution, according to the job description and chosen mapping algorithm ability to submit the GRMS task according to the job description ability to migrate GRMS tasks to better resources, according to the provided job description ability to cancel the task provides information about the task status, and other information about tasks, e.g., name of host where the task is/was running ability to transfer input and output files
Attachment procedure LCF ssh connection DCF 10.1.30.0/24 Internet 150.254.161.18 150.254.161.18 150.254.161.18-156.17.129.150-156.17.129.150 156.17.129.150 Step 1: DCF connects to LCF through SSH and by logging to the special account invokes dclctl script Step 2: The script on LCF determines DCF IP and finds appropriate configuration settings and send the address range to DCF Step 3: LCF updates LCF firewall and routing configuration, creates the tunnel from the local cluster side Step 4: DCF receives its address and prepares its end of the tunnel Step 5: Using ICF protocol and X.509 certificates DCF and LCF create IPSec tunnel
Clusterix utilization Portal interface GRMS client Globus job submision system Direct login (individually negotiated)
Thank you for your attention (for now)