Hi Graeme,
I think that Andrew model is slightly simpler. Basically he is proposing a
box were users can run their own cgi scripts as pool accounts, which is
quite attractive for small things users might want to do, but I'm not sure
how it would work if the experiments want to run databases or daemons
like xrootd and they do want to do that.
What you are porposing is more in the spirit of EGEE grid. However if we
go down this route it makes me wonder.... if it is so easy why do we need
VO boxes at all and why do experiments insist on running their alternative
services when they could run the grid ones.
cheers
alessandra
On Wed, 21 Sep 2005, Graeme Stewart wrote:
> On Tuesday 20 Sep 2005 13:05, Andrew McNab wrote:
>
>> I'd be very interested in direct feedback and ideas from the GridPP
>> sites about this, so we can accomodate them in the way GridSite
>> implements things.
>
> Andrew,
>
> I think this is the most helpful thing I've read in the VO box discussion. I
> think that as we have not yet deployed VO boxes to any great extent (are they
> even at the T1s yet?) now is the time to agree on a _sustainable_ model for,
> let's call them, "grid service extensions".[1]
>
> Much of the site's problems with VO boxes stems from having shell access -
> people are rightly nervous of this in the context of being able to invoke
> almost arbitrary services on a known end point (as opposed to a worker node,
> which has quite different properties, e.g. no inbound IP).
>
> Remove this, and provide service containment, and I think there's a lot less
> to fear from these services.
>
> Would a workable model be something like:
>
> 1. Each site has a VO box, for containerised VO services. Include a local
> mysql install to hold state, revision and configuration information for each
> service (sites could move this to a central database service if they want).
> 2. Each VO produces a set of service RPMs to be installed on this box
> _by_the_site_ (have a meta-package, like lcg-VO-ATLAS, and YAIM can do the
> right thing.)
> 3. Configuration is held in the database. VO nominated manager's certificates
> can modify the services' configuration.
> 4. Through web services or GRACE technology the services are then accessible
> to a larger number of users (i.e., the VO users).
>
> gLite FTS is a good model of how to do this - administration takes place
> through the web service, secured by a grid certificate, as well as normal
> service access.
>
> In this model the VOs do not get login access to the box - they don't need it.
> The deployed services become more difficult for hackers to exploit because of
> the restricted containers they run in. Logging of usage is trivial, through
> the web server.
>
> It even then seems good for the middleware, rather than boding ill for it:
> LCG can then present this as a sustainable model of VO "extensions" on the
> grid.
>
> What we ask the experiments for is to swap some of the laissez-fair of the
> current proposal for a more sustainable model. Keep the sites happy and it
> will mean less work for the VOs in the end.
>
> Cheers
>
> Graeme
>
>
> [1] I don't want to be too general in the discussion here, but... Obviously
> general services should be provided by generic middleware; however, there are
> many problems that probably can't be solved easily just by generic
> middleware. Also, although there are some arguments being put that VO boxes
> are a temporary nasty, I believe that once they are in place it will be
> terribly difficult to remove them.
>
> --
> --------------------------------------------------------------------
> Dr Graeme Stewart http://www.physics.gla.ac.uk/~graeme/
> GridPP DM Wiki http://wiki.gridpp.ac.uk/wiki/Data_Management
>
--
********************************************
* Dr Alessandra Forti *
* Technical Coordinator - NorthGrid Tier2 *
* http://www.hep.man.ac.uk/u/aforti *
********************************************
|