Friday 28 May 2010

Ssh: command lines at at work

Much grid software is written by and for people who do not fear the command line.

The approach is... you log in, you type something, you wait for it to finish, you type something else.

It is a long way from the icons, shiny buttons and general point-and-click-iness that people expect from modern computing.

It can also be very productive. Which is why people who aren't 40-somethings with memories of the golden age of computing can use it too.

The NGS's Resource Broker is one such example of Old School computing.

For many users, it isn't typing the commands that causes grief, it is logging on to a remote machine.

The de-facto standard for remote logins is SSH or secure shell. There are many SSH clients available - including one from ssh.com which is free for non-commercial use and the popular and free puTTY.

Unfortunately none of these clients speak grid.  For this you need a client that understands where to find - and what to do with - a certificate so it can be made available to the other side of the connection.

Globus and gLite provide  gsissh - a certificate aware SSH client and server. Linux users can pick this up as a package from the Virtual Data Toolkit, or the Globus packages in EPEL or - if you are so inclined - build it from the source used within the Globus project.

Which is all very well, up to a point. The point being that the NGS is here to support all academic researchers - not just the minority running Linux. In a poll running on the NGS web site,  35% of our users said they used Windows - compared with 43% who used Linux, 19% Mac and 2% who used a mysterious `something else'. 

Some Windows users have adopted GSI-SSHTerm - a Java application distributed and maintained by the NGS.

GSI-SSHTerm is very flexible. It can collect certificates from local disk, or from a MyProxy service.  Its popularity is due, in part, to its ability to use the copy of the certificate kept within certain web browsers - such as Firefox 2.x. Unfortunately, this trick required direct access to the browser's internal data and changes to this format means that GSI-SSHTerm cannot extract the certificate from newer versions of Firefox.

But not everyone can persuade GSI-SSHTerm to work. Obviously you need a working copy of Java and even then it can fail if the 'Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy' files are missing. These are available from the Java download page but distributed separately for legal reasons.

Many users are familiar with other SSH clients and would prefer them to GSI-SSHTerm if only they had the added gridiness. These lucky users have a choice...

Oxford e-Research Centre have created a modified version of puTTY with certificate support for the CCP4: Software for Macromolecular X-Ray Crystallography project. It is currently under test.

STFC have an alternative approach. They created the MyProxy Enabled GSI-SSH service, or MEG. This is a PAM plugin that allows an unmodified SSH client to communicate with a standard Linux SSH server - of the kind that accepts usernames and passwords - that is installed along side a grid-enabled one.

The usernames and passwords that MEG accepts are not those of local accounts. They represent  accounts on a MyProxy server. A user can upload a certificate to a MyProxy server using something like the Certificate Wizard. This will be downloaded when he or she logs on via MEG.

MEG has been deployed on the NGS resource broker and the code can be downloaded from the NGS NeSCForge pages.

So give the mouse a rest. Turn on, log in, and program like it's 1989...

Wednesday 26 May 2010

Time has not yet run out

If you were thinking about submitting an abstract to the UK All Hands Meeting but hadn't quite got round to submitting anything then time is still on your side!

The deadline has been extended to the 7th of June so there is still time to work on an abstract. This will be the 9th AHM meeting and every year more and more NGS users come to present their work.

As well as being an opportunity to meet the e-infrastructure providers, AHM also gives users the opportunity to feedback directly to tool developers and see what the latest developments are in e-infrastructure - basically the tools that they will be using in the future.

As if you needed another incentive, authors of selected abstracts will be invited to submit full papers (after the conference) to be considered for inclusion in a special edition of the Philosophical Transactions of the Royal Society A (the conference proceedings will not be published).

So if you'd like to join us in Cardiff this September, make sure you get your abstract in by the 7th of June!

Sunday 23 May 2010

Who, where and how much?

Accounting: if there is a word to gladden the hearts of those of us who run the machines that make up the grid, that word is not accounting.

Unfortunately, we are not here to have our heart's gladdened. We are here to ensure that people can run tasks and that we can keep track on how much computer time these tasks use.

Accounting is not an optional extra and it is more complicated than it appears because of the way tasks bounce around the grid.

A task run on a grid arrives as a little bundle of information. This bundle describes what should be done, in the form of a command and arguments, and who requested it, in the form of a certificate.

When this reaches a computer on the grid, a service called the jobmanager will translate the 'who' into a local user and group and the 'what' into a something that the local batch management service can process.

For a computer cluster, the local batch management service will be open-source software like Torque or SGE or a commercial systems such as PBSPro and LSF . Its role is to put the command into a queue until it can find the computer power to do the work.

From the point on, the jobmanager hangs around, repeatedly asking the batch management system 'Are we there yet?' like the computational counterpart of a bored teenager on a long car journey.

The information about who submitted the task is recorded by the job manager. The information about how much computer time was crunched is kept by the batch system. Before any accounting is done, the information has to be bundled together.

To explain how this is done, we will concentrate on the Resource Usage Service Client, developed at Manchester and described at http://www.ngs.ac.uk/site-level-services/rus-and-ur. This packages all the accounting information into 'RUS' records - blobs of XML described in a 59 page specification document from the Open Grid Forum - and hands them over to our accounting service.

The RUS client main role is to decode local batch system accounting logs.

It also needs to augment this with the Distinguished Name from the certificate associated with the task and the Virtual Organisation of which the owner of that certificate claimed membership. The distinguished name can be extracted from the Globus accounting logs in:
$GLOBUS_LOCATION/var/accounting.log
Virtual Organisation information is recorded by a accounting plugin built as part of gLite LCAS/LCMAPS by the NGS's installer scripts. The plugin stashes its accounting information in
$GLITE_LOCATION/var/voms_accounting.log
If you want to know the gory details of LCAS/LCMAPS, look at the early posting: The M-Word.

Two scripts called createjbmdb and createlcasdb - which are provided with the RUS client - read these logs and build databases mapping distinguished names and virtual organisations to usernames and other information.

These databases are used fill in the gaps in the RUS records produced from the local batch system before these are uploaded to the NGS's RUS service.

We use the information to ensure that NGS users keep within their CPU quotas and to allow owners of Virtual Organisations we support to track usage by the VO members.

As NGS Research and Development, we are investigating additional ways of getting RUS data into the accounting database: from equivalent Grid accounting services such as GridPP's APEL, or from High Performance Computing clusters using GridSAFE

It may not be exciting but - as academic institutions increasingly share resources - accounting will be vital for the future of the grid.

Wednesday 19 May 2010

e-Research, e-science, grid, cloud?

No matter what you call it we want to know about your events! We now have an online event submission form for you to submit your events for inclusion on the NGS website.

We know that there are more events taking place that you can keep track of so we aim to include the most relevant ones on our website to make it easier for you.

We want to help organisations advertise their events to our user community and anyone who just happens to be browsing our website! Our user community consists of researchers from all research areas, from the social sciences to particle physics and we also have a large number of people from the more the technical side of the grid such as university IT sys admins etc.

Obviously as we are based in the UK and funded by UK organisations, we really want to hear about UK events or events where a large number of UK people will be in attendance. However all submissions will be considered! All events will be checked to see that they are appropriate for inclusion on the website.

So if you have an event which is e-research related then simply fill in our event submission form and let us know!

Monday 17 May 2010

Feeling lonely?

To coincide with some new publicity material, I'm taking the opportunity to remind people about the Communities service offered by the NGS.

I know that for a lot of people using the NGS is their first experience of grid computing and it can seem like a big scary place! Some of our users are lucky and are in research groups where they already make extensive use of the NGS so there is plenty of local support available. However some people may be the pioneer in their research group or even institution and be the first person to use it.

Basically the Communities service allows NGS users to search for other users! For example if you are a researcher at the University of York who is performing molecular dynamics using NAMD you can do all of the following things -
  • browse a list of other NGS users at the University of York
  • search user case studies for the keywords "NAMD" and / or "molecular dynamics"
  • browse a list of users performing research in "biology", "biochemistry", "chemistry" etc
  • and many combinations of the above!
An email address is available for all users in Communities so they can be contacted. Users are free to opt out of Communities at any time by simply visiting their user account page. You can also visit your user account page to change any of your details such as the research area you are currently allocated under, to make ammendments to your case study (the more information you provide, the more likely people are to find you!) etc.

We have some anecdotal evidence of people using the Communities service but if you have any comments, feedback or experiences of using the service, we'd love to hear from you!

Thursday 13 May 2010

A rough guide to the User Account Service

The original plan when writing this post was to describe the research and development work being done around the NGS's User Account System - one of the less exciting, but rather important - services that we provide.

As it was being written, it became clear that, before any of the the R+D work was mentioned, we first need to explain what the User Account System is and how it ties in with the other services we provide.

To use the NGS you need both a certificate and an NGS account tied to that certificate.

We are only too aware that this distinction is confusing to new users.

The certificate identifies you to the grid world. Your account ensures that - at the very least - the NGS's part of the grid world will welcome you when you arrive.

The certificate says who you are, the account says what you can do and what you have done in the past. Your account links the distinguished name from your certificate to - among other things - the amount of CPU time you have requested and the amount of CPU time you have used.

The accounts are held in a database - held at STFC and replicated at Manchester for safety - but NGS partner sites should seldom need to access the database directly. Instead, the information from the database is used to maintain a virtual organisation (VO) called 'ngs.ac.uk'.

All active accounts are automatically associated with this virtual organisation using the NGS virtual organisation membership server (https://voms.ngs.ac.uk) at Manchester.

NGS partner sites typically pull the list of distinguished names from this server at regular intervals and use it to populate the local grid-mapfile file - the list of recognised users.

You can also use the voms-proxy-init tool contact the VOMS service and get a 'VOMS assertion' that certifies you are a bona-fide, 100% genuine NGS account holder to anyone who needs to know.

At regular intervals, partner sites send the information about how much CPU time was used by each account holder back to us where it is be used to update the CPU usage recorded in your account.

If you overrun your CPU quota: your account will be locked and your details removed from the ngs.ac.uk VO - but not from the database - until you reapply for more resources.

Among the R+D projects running at the moment are ones to:

  • Manage access rights to applications such as CASTEP and AMBER from within the account service. The idea is to map such access rights onto VO groups within a virtual organisation.
  • Investigate how to incorporate usage data from other accounting systems such as EGEE APEL or sites using GridSAFE.

Both these projects will - hopefully - be described in future postings. In the mean time, you can view the current state of your account by visiting

https://uas.ngs.ac.uk

from a web browser with a copy of your certificate installed.


Wednesday 12 May 2010

Loud and clear (and preferably red)

Yesterday saw a large number of the NGS staff from all over the country and NGS users meet up at STFC RAL for a days workshop on Communicating Science. This was the first non-grid training event organised by the NGS and it was great to see so many people there.

The event was presented by Myc Riggulsford who has had many jobs including a BBC radio presenter and press officer. He was a very entertaining and affable speaker who certainly held our attention for the day with interesting anecdotes and tales from his past employment.

Many topics were covered including presentation techniques, how to write for the press, the use of images and how to present yourself. Highlights were definitely the "press conference" where Myc played the role of a scientist involved in the first pig - human organ transplant. After the press conference, the audience was divided up into groups and each group had to write a story for the newspaper of their choice. Needless to say there were several very interesting "Frankenstein" type tabloid stories!

A special mention must go to David Wallom (NGS technical director) and John Kewley (NGS helpdesk manager) for being brave enough to stand up and give a presentation to be critiqued. John did especially well as the slides were not his and he had only seen them about 30 mins before the presentation!

At the end of the day, the wrap up session involved putting together a list of the top tips from that day according to the participants. This list is available on the event website on the NGS website.

We have already recieved some excellent feedback on the event and would be delighted to receive more from anyone who attended!

Thursday 6 May 2010

Behind the scenes at the NGS web site

When the NGS web site was launched last year, our main aim was to make it easy for users to find their way around.

Key to this was providing a single place where you could find information about all the applications we provide, their versions, their documentation and the sites which make them available. That place is:

  http://www.ngs.ac.uk/applications

From here, you can explore all applications of a particular type - Chemistry, Bioinformatics etc. You can select an application and find out where it is installed, or select a site and see all the applications that site provides.

There is a lot of technology hiding behind that page.

  • The list of applications and versions is taken directly from the BDII service. This is where all the information published by the NGS member sites is kept.
  • The BDII knows about applications because the sites use the conventions of the NGS Uniform Execution Environment (UEE).  A reporter plugin called 'ngs-uee-gip-plugin' that is distributed with the NGS VDT installer and available from the NGS area at NeSCForge ensures that  details of UEE-style applications are published. Thanks to help from Scotgrid at Glasgow and the gLite developers, the plugin also works with newer versions of gLite.
  • The categories are extracted from the NGS website itself - which has been structured around the application names used by the UEE.

Every bit of data used for the page is - in some sense - live. If a site changes the applications it provides, or we add a new application to the web site, the page will automatically change to reflect this.

It is an example of how services deployed or developed by the NGS can be combined to make life easier for users.

It is also an example of collaboration between the NGS member sites: the web site was designed at and is hosted at Edinburgh, the web page scripting was developed at Leeds, the applications pages co-ordinated at STFC and the documentation written by staff at STFC, Leeds, Oxford and Manchester.

For new users curious about the bad-old-days and old users missing the old web site, there is always the Wayback Machine

Tuesday 4 May 2010

Are you a Matlab user?

Then if so this may be of interest to you!

If you currently use MatLab but would like to run it on clusters and grids then the Oerc at the University of Oxford is holding a free 3 day workshop in May that will include “hands on” sessions.

For more information please see the event website.