Computing Projects

Several Projects catering the needs of different departments at NCP have been completed and a few are in pipeline and near completion. These projects have enhanced the working efficiency of various departments of NCP by automization and eliminating the traditional manual working. Following is the list of projects.

WLCG Firewall

A firewall protects your computer or a local area network (LAN) from external intrusions. It may be a hardware device or a software program running on a secure host computer. A firewall examines all traffic routed between the two networks to see if it meets certain criteria. If it does, it is routed between the networks, otherwise it is stopped. Firewalls can filter packets based on their source and destination addresses and port numbers. This is known as address filtering.

In order to enhance the protection of the Grid from external attacks, a firewall service for the Grid components is desired. Such a firewall would need to be distributed amongst the different node types, and its rules would need to be built and updated dynamically in order to:

• Include the different (sub)networks that may be used by a site
• Dynamically integrate and exclude Grid sites
• Insure that the rules have not been tempered with

NCP grid node is operational since June 2004 with constant upgrades to middleware software and hardware resources. Today we are running the latest middleware on the NCP-LCG2 grid node. In May 2007, the deployment team started to work on putting the grid node behind a firewall. By end of June 2007, the firewall service has been deployed and tested thoroughly. Final implementation was done in the first week of July, 2007.

At the server side a database keeps the records of genuine grid machines along with their IP addresses and roles in the grid node. A web application checks the clients connecting to the server and authorizes them if their IP addresses exist in the database. Then based on the role of each client the server publishes the firewall rules in Linux iptables format files which client adopts.

At the client side, a small RPM is installed with a single script that runs as a scheduled process (cron job). This script pulls the published firewall rule file from the server and verifies that the new configuration allows it to have network access. It then installs this new rule file on the host. It also provides a rollback mechanism when the new configuration fails.

Using this mechanism firewall rules for the whole grid site can be updated/modified in no time. New nodes and roles (node types) can be added. It also provides ease of management with a central management server.

Network Information System for NCP

It describes the Process of Network and Computing Resource Management in NCP. The system is a web based application offering remote manipulation by the end-users. The main purpose of this application is:

• Manage hardware components and specifications.
• Record complete details of software installed in a particular hardware.
• Record complete details of hardware related to user.
• Record complete details of location with respect to office place and network service where hardware is placed.
• Record operations performed on hardware and maintain history.

• Administrator
• Data Entry Operator
• Normal User

Users can login to the system using their windows account information. Specific rights will be assigned to them according to their roles.

• Manage Role
• Manage Privileges
• Manage Hardware
• Manage Location
• Manage Manufacturer
• Manage H/W Models
• Manage Domain
• Manage Responsible Group
• Manage Vendor
• Manage Service
• Manage Interfaces
• Search Hardware
• Sign Request

• Manage Hardware
• Manage Location
• Manage Manufacturer
• Manage H/W Models
• Manage Domain
• Manage Responsible Group
• Manage Vendor
• Manage Service
• Search Hardware
• Manage Interfaces

• Search for available device
• Request new connection for a device
• Request to modify a registered device
• Request to move and reconnect a device
• Request to remove a device from the network

PBS stands for the Portable Batch System. It is a batch system that is based on a server and client model. You define the master node as the batch master (server) and the rest of the machines works as its clients. There are other commercial batch systems available like LSF and CONDOR. At NCP we use OpenPBS, a free and open source version of the PBS. This free version is scalable and proficient for up to 800 nodes, which is more than our current or future needs. The Computing Element (CE) in NCP-LCG2 grid node is acting as the PBS master/server node, while the Worker Nodes (WN) are acting as slave nodes.

Initially, the grid node consisted of one server and fourteen (14) clients only, but as the number of clients grow (which has now reached 80), managing or troubleshooting errors in all clients one by one is very tiring and time consuming. To provide efficient management and troubleshooting of PBS server(s)/ and clients a PBS Monitor system has been developed. The basic purpose of this system is to provide all the logs from PBS servers or clients at a single place which makes troubleshooting very easy. PBS log files from all the server and client machines are parsed every ten minutes using a scheduled (cron) job and the new entries (entries generated after the last parsing) are uploaded to a central server. This central server is running a web page which displays all PBS nodes. Another parser is scheduled to run every ten minutes on the server, which looks for known error codes and problems in the log files. If it finds any problem or error codes in the log files the color of corresponding PBS node on the web page is changed to orange (in case of warning message) or red (in case of critical errors). So one can find out a possible problem just by looking at the web page rather than digging it by logging onto several nodes one at each time. Email alerts can also be generated in case of critical errors. This would enable to monitor the system efficiently even if the number of nodes grows to a very large scale.