论文信息 - gLExec: gluing grid computing to the Unix world

gLExec: gluing grid computing to the Unix world

The majority of compute resources in todays scientific grids are based on Unix and Unix-like operating systems. In this world, user and user-group management are based around the concepts of a numeric 'user ID' and 'group ID' that are local to the resource. In contrast, grid concepts of user and group management are centered around globally assigned identifiers and VO membership, structures that are independent of any specific resource. At the fabric boundary, these 'grid identities' have to be translated to Unix user IDs. New job submission methodologies, such as job-execution web services, community-deployed local schedulers, and the late binding of user jobs in a grid-wide overlay network of 'pilot jobs', push this fabric boundary ever further down into the resource. gLExec, a light-weight (and thereby auditable) credential mapping and authorization system, addresses these issues. It can be run both on fabric boundary, as part of an execution web service, and on the worker node in a late-binding scenario. In this contribution we describe the rationale for gLExec, how it interacts with the site authorization and credential mapping frameworks such as LCAS, LCMAPS and GUMS, and how it can be used to improve site control and traceability in a pilot-job system.

[1] Ken Thompson,et al. The UNIX time-sharing system , 1974, CACM.

[2] Ian T. Foster,et al. Condor-G: A Computation Management Agent for Multi-Institutional Grids , 2004, Cluster Computing.

[3] Ian T. Foster,et al. The Anatomy of the Grid: Enabling Scalable Virtual Organizations , 2001, Int. J. High Perform. Comput. Appl..

[4] Andrew McNab. Grid-based access control for Unix environments, Filesystems and Web Sites , 2003, ArXiv.

[5] Ian T. Foster,et al. A security architecture for computational grids , 1998, CCS '98.

[6] Ákos Frohner,et al. From gridmap-file to VOMS: managing authorization in a Grid environment , 2005, Future Gener. Comput. Syst..

[7] Jack J. Dongarra,et al. A message passing standard for MPP and workstations , 1996, CACM.

[8] Alastair Scobie,et al. Autonomic Management of Large Clusters and Their Integration into the Grid , 2004, Journal of Grid Computing.

[9] Gavin Lowe,et al. Managing Dynamic User Communities in a Grid of Autonomous Resources , 2003, ArXiv.

[10] Russ Housley,et al. An Internet Attribute Certificate Profile for Authorization , 2010, RFC.

[11] Ian T. Foster,et al. Virtual Workspaces in the Grid , 2005, Euro-Par.

[12] Andrew McNab,et al. The GridSite Web/Grid security system , 2005, Softw. Pract. Exp..

[13] Igor Sfiligoi,et al. Addressing the pilot security problem with gLExec , 2008 .