federating openstack powered supercomputers
play

Federating OpenStack Powered Supercomputers John Garbutt - PowerPoint PPT Presentation

Federating OpenStack Powered Supercomputers John Garbutt @johnthetubaguy Why Federate a Supercomputer? IRIS: e-Infrastructure for STFC Science STFC: UK Science and Technology Facilities Council Understand requirements for a UK-wide


  1. Federating OpenStack Powered Supercomputers John Garbutt @johnthetubaguy

  2. Why Federate a Supercomputer?

  3. IRIS: e-Infrastructure for STFC Science STFC: UK Science and Technology Facilities Council Understand requirements for a UK-wide e-Infrastructure for Science Quicker, easier and more efficient access to infrastructure Encourage projects to share: ● Infrastructure ● Expertise ● Software

  4. Scientific Computing

  5. Compute Requirements What When ● Scale ● Submit a Job ○ Part of a host ● Interactive ○ Many small jobs ○ Scheduled ○ Multiple hosts together ○ On-demand ● Large memory, Shared Scratch, GPU ● Web Service ● Receive live data feed

  6. Resource Sharing Opportunity ● Facility ○ Large demand spikes for interactive processing ● Shared ○ Demand grows beyond availability ○ Inflexible ● Dedicated ○ Hard to predict required size

  7. Today: Siloed Infrastructure Sites

  8. Remove Silos

  9. OpenStack Powered Supercomputer

  10. What does “Federated” mean?

  11. Federated OpenStack Powered Supercomputer

  12. IRIS Compliance Tests ● Built on OpenStack Interoperability Tests ● Add extra optional Manila and Magnum tests ● Make Cinder optional

  13. Best Fit Resources High Memory HPC F a s t C U o P r e G H T C High Speed Access to Shared Storage Data Feed

  14. Location Transparency Workflow Describe required processing steps Platform Choses Region, Optimises Data Flow, Orchestrates workflows OpenStack Infrastructure split between Regions

  15. What is “AAAI”?

  16. Federated OpenStack Powered Supercomputer

  17. Authentication and Authorization Authenticate & Request Access Access Horizon Accept AUP Access Granted

  18. Non-Interactive Authentication Federation Create Access Horizon Authenticate Mapping App Credentials

  19. Building Blocks of Federated Identity ● Authenticate via OIDC ○ Keycloak OIDC to EGI Check-in ○ Indigo IAM ● Authorisation via Federation Mapping ○ Concrete users and roles ○ Avoid Groups ● Application Credentials ○ Non-interactive authentication for Keystone

  20. Keystone Federation

  21. Accounting ● Focus on Traceability ● Usage: cASO sends to Fluentd (and APEL) ● Quota: limit maximum concurrent usage ● Allocation: allowed usage over given duration

  22. How to pass IRIS compliance tests?

  23. Shared Operational Tooling OpenStack deployment 3 passing IRIS tests Site Specific 2 Configuration Scientific OpenStack 1 Digital Asset

  24. OpenStack Deployment

  25. Scientific OpenStack Compute

  26. Scientific OpenStack Storage

  27. Any unsolved problems?

  28. Authorization of Federated Identity Authenticate & Request Assign Role in Access Horizon Accept AUP Access OpenStack

  29. FIM4R “Every researcher is entitled to focus on their work and not be impeded by needless obstacles nor required to understand anything about the FIM infrastructure enabling their access to research services.” FIM4R version 2: https://fim4r.org

  30. Improve Resource Sharing

  31. Lessons Learned?

  32. (1) Building a Community Matters (2) Federated OpenStack works (3) Application Credentials can work

  33. @johnthetubaguy johng@stackhpc.com

Recommend


More recommend