Using ssh as portal The CMS CRAB over glideinwms experience

Similar documents
CMS experience of running glideinwms in High Availability mode

Large scale commissioning and operational experience with tier-2 to tier-2 data transfer links in CMS

CMS users data management service integration and first experiences with its NoSQL data storage

One Pool To Rule Them All The CMS HTCondor/glideinWMS Global Pool. D. Mason for CMS Software & Computing

The ATLAS PanDA Pilot in Operation

High Throughput WAN Data Transfer with Hadoop-based Storage

Optimization of Italian CMS Computing Centers via MIUR funded Research Projects

Testing the limits of an LVS - GridFTP cluster as a replacement for BeSTMan

An update on the scalability limits of the Condor batch system

CernVM-FS beyond LHC computing

The Diverse use of Clouds by CMS

Workload Management. Stefano Lacaprara. CMS Physics Week, FNAL, 12/16 April Department of Physics INFN and University of Padova

glideinwms experience with glexec

Connecting Restricted, High-Availability, or Low-Latency Resources to a Seamless Global Pool for CMS

glideinwms Training Glidein Internals How they work and why by Igor Sfiligoi, Jeff Dost (UCSD) glideinwms Training Glidein internals 1

DIRAC pilot framework and the DIRAC Workload Management System

Virtualizing a Batch. University Grid Center

CMS High Level Trigger Timing Measurements

ATLAS Nightly Build System Upgrade

Tier 3 batch system data locality via managed caches

A data handling system for modern and future Fermilab experiments

Reliability Engineering Analysis of ATLAS Data Reprocessing Campaigns

Monitoring System for the GRID Monte Carlo Mass Production in the H1 Experiment at DESY

Striped Data Server for Scalable Parallel Data Analysis

Scalability and interoperability within glideinwms

The PanDA System in the ATLAS Experiment

Performance of popular open source databases for HEP related computing problems

Worldwide Production Distributed Data Management at the LHC. Brian Bockelman MSST 2010, 4 May 2010

The CMS data quality monitoring software: experience and future prospects

Andrea Sciabà CERN, Switzerland

PoS(ACAT)020. Status and evolution of CRAB. Fabio Farina University and INFN Milano-Bicocca S. Lacaprara INFN Legnaro

PoS(ACAT2010)029. Tools to use heterogeneous Grid schedulers and storage system. Mattia Cinquilli. Giuseppe Codispoti

Interoperating AliEn and ARC for a distributed Tier1 in the Nordic countries.

Scientific data processing at global scale The LHC Computing Grid. fabio hernandez

Tests of PROOF-on-Demand with ATLAS Prodsys2 and first experience with HTTP federation

30 Nov Dec Advanced School in High Performance and GRID Computing Concepts and Applications, ICTP, Trieste, Italy

The ATLAS Tier-3 in Geneva and the Trigger Development Facility

Long Term Data Preservation for CDF at INFN-CNAF

Overview of ATLAS PanDA Workload Management

First LHCb measurement with data from the LHC Run 2

ATLAS Distributed Computing Experience and Performance During the LHC Run-2

Stephen J. Gowdy (CERN) 12 th September 2012 XLDB Conference FINDING THE HIGGS IN THE HAYSTACK(S)

HammerCloud: A Stress Testing System for Distributed Analysis

CMS - HLT Configuration Management System

The CMS Computing Model

CouchDB-based system for data management in a Grid environment Implementation and Experience

Introducing the HTCondor-CE

ISTITUTO NAZIONALE DI FISICA NUCLEARE

Batch Services at CERN: Status and Future Evolution

Data preservation for the HERA experiments at DESY using dcache technology

Evolution of Database Replication Technologies for WLCG

Conference The Data Challenges of the LHC. Reda Tafirout, TRIUMF

ARC integration for CMS

The Legnaro-Padova distributed Tier-2: challenges and results

Eurogrid: a glideinwms based portal for CDF data analysis - 19th January 2012 S. Amerio. (INFN Padova) on behalf of Eurogrid support group

glideinwms: Quick Facts

Singularity in CMS. Over a million containers served

Grid Data Management

The ALICE Glance Shift Accounting Management System (SAMS)

ATLAS software configuration and build tool optimisation

Monte Carlo Production on the Grid by the H1 Collaboration

Introduction to Grid Infrastructures

Evaluation of the Huawei UDS cloud storage system for CERN specific data

CRAB tutorial 08/04/2009

Introduction to SciTokens

e-science for High-Energy Physics in Korea

Testing SLURM open source batch system for a Tierl/Tier2 HEP computing facility

The evolving role of Tier2s in ATLAS with the new Computing and Data Distribution model

Real-time dataflow and workflow with the CMS tracker data

CMS Grid Computing at TAMU Performance, Monitoring and Current Status of the Brazos Cluster

Compact Muon Solenoid: Cyberinfrastructure Solutions. Ken Bloom UNL Cyberinfrastructure Workshop -- August 15, 2005

arxiv: v1 [physics.ins-det] 1 Oct 2009

Travelling securely on the Grid to the origin of the Universe

CMS event display and data quality monitoring at LHC start-up

Overview. About CERN 2 / 11

Security in the CernVM File System and the Frontier Distributed Database Caching System

CERN: LSF and HTCondor Batch Services

CMS data quality monitoring: Systems and experiences

glideinwms architecture by Igor Sfiligoi, Jeff Dost (UCSD)

Improved ATLAS HammerCloud Monitoring for Local Site Administration

The ATLAS EventIndex: an event catalogue for experiments collecting large amounts of data

Monitoring ARC services with GangliARC

Streamlining CASTOR to manage the LHC data torrent

Challenges of the LHC Computing Grid by the CMS experiment

A Virtual Comet. HTCondor Week 2017 May Edgar Fajardo On behalf of OSG Software and Technology

The CESAR Project using J2EE for Accelerator Controls

AliEn Resource Brokers

UW-ATLAS Experiences with Condor

Xrootd Monitoring for the CMS Experiment

Flying HTCondor at 100gbps Over the Golden State

CMS Tier-2 Program for user Analysis Computing on the Open Science Grid Frank Würthwein UCSD Goals & Status

The LHC Computing Grid

IEPSAS-Kosice: experiences in running LCG site

An Analysis of Storage Interface Usages at a Large, MultiExperiment Tier 1

AGIS: The ATLAS Grid Information System

Monitoring of large-scale federated data storage: XRootD and beyond.

The LHC Computing Grid

PoS(ACAT2010)039. First sights on a non-grid end-user analysis model on Grid Infrastructure. Roberto Santinelli. Fabrizio Furano.

Automating usability of ATLAS Distributed Computing resources

Challenges and Evolution of the LHC Production Grid. April 13, 2011 Ian Fisk

Transcription:

Journal of Physics: Conference Series OPEN ACCESS Using ssh as portal The CMS CRAB over glideinwms experience To cite this article: S Belforte et al 2014 J. Phys.: Conf. Ser. 513 032006 View the article online for updates and enhancements. Related content - Using ssh and sshfs to virtualize Grid job submission with RCondor I Sfiligoi and J M Dost - CMS experience of running glideinwms in High Availability mode I Sfiligoi, J Letts, S Belforte et al. - CMS distributed analysis infrastructure and operations: experience with the first LHC data E W Vaandering This content was downloaded from IP address 46.3.199.143 on 04/12/2017 at 10:19

Using ssh as portal - The CMS CRAB over glideinwms experience S Belforte 1, I Sfiligoi 2, J Letts 2, F Fanzago 3, M D Saiz Santos 2 and T Martin 2 1 INFN Sezione di Trieste, Via Valerio 2, 34127 Trieste, Italy 2 University of California San Diego, 9500 Gilman Dr, La Jolla, CA 92093, USA 3 INFN Sezione di Padova, Via Marzolo 8, 35131 Padova, Italy E-mail: stefano.belforte@ts.infn.it Abstract. The User Analysis of the CMS experiment is performed in distributed way using both Grid and dedicated resources. In order to insulate the users from the details of computing fabric, CMS relies on the CRAB (CMS Remote Analysis Builder) package as an abstraction layer. CMS has recently switched from a client-server version of CRAB to a purely clientbased solution, with ssh being used to interface with HTCondor-based glideinwms batch system. This switch has resulted in significant improvement of user satisfaction, as well as in significant simplification of the CRAB code base and of the operation support. This paper presents the architecture of the ssh-based CRAB package, the rationale behind it, as well as the operational experience running both the client-server and the ssh-based versions in parallel for several months. 1. Introduction The Compact Muon Solenoid experiment (CMS) [1] is a general purpose detector built and operated at the CERN s Large Hadron Collider (LHC) by a community of over four thousand physicists to investigate fundamental particle physics in proton-proton collisions at the highest energy available in laboratory. LHC accelerates two counter-circulating proton beams at 7 TeV each and makes them intersect. When protons from the two beam undergo a nuclear interaction, their energy is converted into hundreds of elementary particles of various masses and lifetimes. This process is called an event. Events happen inside CMS at a rate of about 500MHz and are captured by the CMS detector in a digital representation. A small fraction of those events, about 1KHz, is stored for offline reprocessing and analysis. Adding the original (raw) and the reprocessed data and the data from simulated events, overall CMS physicists have almost 50 petabytes of data available for studying the physics of proton-proton interactions. Analysis of these data proceeds via a hierarchical selection. Data are naturally grouped from the start into so-called datasets. A dataset is a container of events collected (or simulated) under similar conditions and expected to have similar physics content. Typical datasets have a size of tens of terabytes. Users run an initial step of event analysis and selection using a distributed computing system, such as the Open Science Grid (OSG)[2] and the European Grid Initiative (EGI)[3], to process one dataset at a time and derive smaller samples in the O(1-1000)GB range, which are eventually retrieved by the users (i.e. extracted from the CMS data Content from this work may be used under the terms of the Creative Commons Attribution 3.0 licence. Any further distribution of this work must maintain attribution to the author(s) and the title of the work, journal citation and DOI. Published under licence by IOP Publishing Ltd 1

management system and not further tracked by common tools) for iterated detailed analysis at local facilities. A typical use case for physics analysis may require the user to go through a few datasets from real data for event selections, a few others for efficiency and background studies, and up to tens of simulated datasets to compare with various theoretical models. Those data processing passes are called workflows and are usually performed at the CMS Tier2 sites on the WLCG. There are currently 56 such sites world-wide. Analysis Operations, a group within the CMS Computing Project s Physics Support Office, has the mandate and ultimate goal of making it easy or even, ideally, transparent for users to run their workflows on the WLCG. Since 2004 CMS users have interfaced with the Grid using a tool called CRAB (CMS Remote Analysis Builder) [4] which decomposes a workflow into a set of individual jobs and allows users to submit them for execution, track their status, and finally retrieve the output locally. Within CRAB the set of jobs used in one workflow is called a task. 2. CRAB CRAB was initially implemented as a pure client interface combining four main functionalities: 1) Look up CMS central databases for dataset details and location in order to do job splitting 2) Sandbox the user s executable and environment in order to replay it on remote CMSSW installations 3) Offer a convenient wrapper and an abstraction layer around the Grid client 4) Keep track of which workflows (CRAB tasks) the user has ran. CRAB was interfaced to Grid submission via glite and to local submission to a few batch systems, notably HTCondor (mostly for use at the FNAL LPC farm) and LSF (mostly for use at the CERN CMS CAF farm). Adoption of the CRAB tool in place of custom scripts for functionalities 1), 2) and 4) above was very good, but submission to the Grid has exposed users to all sorts of site and middleware issues. In order to overcome these Grid problems CMS introduced in 2004 a client-server tool for CRAB, moving 1) and 3) above to the server side. Commands were sent to CRAB server over a GSI-authenticated SOAP connection, while input and output files were moved via gsiftp. The CRAB server gave to users fast submission equivalent to using a local batch system and relieved users from the need to resubmit jobs failed due to random problems. The CRAB server featured a simple table allowing the Analysis Operations team to decide the retry policy, with options to delay the job, move it to a different site, etc. based on the exit code of the application and on the number of times the jobs was attempted. Furthermore the CRAB server was automatically retrying aborted glite jobs, i.e. jobs where the user s application could not terminate. Those automated resubmissions were extremely important in the first years, but as the Grid became mature and stable their usefulness to users decreased and other problems became the focus of users and support attention. The CRAB server had been designed to be very powerful, flexible and general. But over time the CRAB server implementation proved to be too complex and fragile and bookkeeping problems inside the CRAB server itself surpassed those due to Grid failures. Development focused on building a new server based on a different architecture, common with the CMS Production tool, and effort on fixing the CRAB server shortcomings stopped in 2009. Analysis Operations continued supporting CMS user community with the exiting CRAB server adding also in 2010 support for submission to the glideinwms [5] system. 2

3. glideinwms and CRAB glideinwms is a pilot based job submission framework that presents the Grid to users as a single HTCondor batch pool. There are many advantages to this approach, e.g. all the problems due to interaction with the site Computing Element (i.e. its grid portal) are moved out of user s scope and handled transparently by the pilot framework. The user s payload is only fetched and started once a pilot job is running at the site. On the other hand using glideinwms requires a persistent service (HTCondor schedd process) on the submitting machines, so it does not allow users to submit from a remote machine, disconnect, and check on jobs later, as they could do with glite. For this reason we introduced glideinwms using the CRAB server approach. CMS Analysis Operations group deployed two servers at the CMS Tier2 center at University of California, San Diego and operated those for four years. The HTCondor schedd s were running local to the servers and glexec [6] was used to do submissions in multi-user mode inside the CRAB sever code. glexec is then used by the glideinwms pilots to switch temporarily to the user s identity when running the user payload, thus providing the same secure insulation among users and between users and submission infrastructure as glite. The move to running user jobs withing glideinwms solved most of the grid issues that user workflows had suffered from and the need for automatic resubmission decreased. However, as of 2012, both CMS analysis users and the Analysis Operations team were concerned that while most Grid infrastructure problems had been solved, thanks to mature Grid middleware and experienced administrators at remote sites, we had introduced new problems due to CRAB server internals. Users satisfaction was very low with the CRAB server. Entire tasks were routinely lost or corrupted. Support was having so many problems with the CRAB server tool itself that we could not look at glideinwms issues. We were ready for a change. 4. Introducing ssh When we heard of the RCondor [7] project, we realized that there could be a way out. So we decided to adapt the CRAB client to make use of it and try. The concept is strikingly simple: execute condor commands via ssh on a remote machine where the HTCondor schedd runs. The original RCondor used sshfs to make local user files available to the remote schedd and viceversa, but during implementation we found a performance penalty, especially when many files are involved and the RTT between the client and the schedd is large, so we switched to moving tarballs with scp. Given that CRAB already was built as client-server and already was submitting to local condor, adapting to submission to HTCondor via ssh was very simple and went quickly and smoothly. The user interface remained completely unchanged. A schematic view of the sshenabled CRAB client is in figure 1. Since in the end we needed GSI authentication, we used gsissh[8] as the communication protocol between CRAB client and remote submission node. Remote grid identities are mapped to local unix users via LCMAPS call backs to GUMS in the US and ARGUS in Europe. 5. Implementation details In order to implement this for our community we had to address a few technical issues. 5.1. Performance We aimed and largely succeeded to give users the same feel as working with a local batch manager, and largely succeeded. It was an incremental process. We started very simply and added a few things for faster reaction time along the way. Relevant actions for this were: a) Avoid massive use of condor q. We obtained from HTCondor team a new option for condor history where only the local condor log file for each user task was parsed, yielding 3

Figure 1. CRAB submission to glideinwms using ssh. the same information as usually obtained by condor q. This made for very fast crab status queries so users can now run it as often as they like, without overloading the schedd host. b) Avoid long delays due to gsi authentication. For this we reused ssh sockets for commands issued close in time by the same user, i.e. the ssh ControlPath feature. Proper handling of the ControlPath including the ControlPersist option is only available in OpenSsh 5.6 or later, not for the version distributed with gsissh in our grid clients. We emulated ControlPersist behaviour by submitting a remote sleep lasting 1 hour and renewed when close to expiration. This worked very well. The initial connection can take up to ten seconds to establish e.g. between CERN and the west coast of the U.S., but after the first time all other crab commands are executed immediately. At times the ssh connection terminates badly leaving a corrupted socket (only fixed in OpenSsh 5.8 or later). This was cured by detecting the tell-tale error message in stdout, removing the socket and recreating the ControlPath automatically. c) As a final performance boost, instead of using scp to copy back output files and logs from remote submission host to local UI one by one, we used rsynch over the existing ssh socket. 5.2. Security Using ssh as a portal means that every CMS user can login interactively on the machines where HTCondor runs. This is not an ideal situation but we decided to accept the associated risk and monitor how things go. The main concern was not hostile attack. There is nothing on the submission hosts that requires more security than any login node of the many multiuser interactive facilities CMS uses already world wide. Rather we feared well meaning users who could decide to log on the submission hosts to short cut the CRAB interface and directly submit/monitor or even look at output files, thus adding uncontrolled load on the machine. Here the work on the performance of the ssh connection payed off. Users have been happy with the functionality provided. and we never saw any sign of abuse of the system. As a minor note, ControlPath functionality in OpenSsh does not work if the user s.ssh directory is on AFS. Since this is the situation at CERN, i.e. for majority of our users, we had to created an ad-hoc directory in /tmp to host the socket and took special care in making sure the directory and the socket have the correct ownership and only owner can access them. 4

5.3. Scalability Every day about 200 different users submit all together 200,000 jobs, with up to 40,000 jobs running simultaneously at any given time. To sustain this and provide some resiliency, we set up submission nodes (schedd s) at different locations worldwide (CMS Tier2 s at UCSD and Nebraska and CERN). While those schedd s submit to the same condor pool, each job is only tracked by the schedd which submitted it, so the CRAB client needs to remember which schedd to ask for status and output. For this we re-used same mechanism that existed in CRAB already to deal with multiple servers: A list of available submission hosts is maintained centrally by Analysis Operations and looked up via http by the CRAB client at the time of the first submission in each task. A remote server is then chosen at random from that list. Once a submission host has been chosen, its name is stored in the local SqlLite database that CRAB client uses to keep track of the task progress and that name is then reused for any further CRAB command. This is a very primitive form of load sharing. Submission servers are chosen regardless of current load, hardware capability and size of the current task. Anyhow on average load is fairly well distributed given that we have servers of similar hardware strength. The main drawback of this approach is the fact that each user task is married to one particular server for life, so performing any disruptive or lengthy maintenance on a machine can only be done after a couple of weeks of draining. 5.4. Reliability As expected gsissh is a very solid tool and we had almost no problems with it. One thing we never got around to solve is that at times gsissh user@host command returns a non zero exit code even if the command actually succeeded. We worked around this by replacing command with command; echo EXIT ST AT US IS \$? and parsing the stdout returned by gsissh. We also benefited from the simple trick of leaving users output files on the submission server even after a successful copy to the local UI, so that the copy could be safely repeated if the CRAB client fails later even for trivial reasons like a full local disk. We assumed HTCondor to be fully reliable and took no particular care there, and have not found any reason to think otherwise. Currently almost all reports from users about communication problems with the submission servers are due to an actual lack of a network connection. 6. Operational experience Deployment in production of the new gsissh-based submission method went very smoothly. It was presented to users as an additional option scheduler = remoteglidein in the CRAB client submission file, everything else being unchanged. We let users free to choose whether to use the new or the old methods, simply encouraging them to try the new one. Since CRAB with ssh was not providing any new functionality, only fewer problems and easier support, we took the users adoption as metric for success. The response was very good, as shown in figure 2. In a few months we found ourselves able to start decommissioning the old CRAB servers and to stop active support for the glite scheduler. From the operations point of view we had to ramp up our competence and expertise on HTCondor, but in the meanwhile we gained many benefits from the new submission method: Since submission is via gsissh, there is no need for full UI grid on client, no dependencies on swig wrapped C++ libraries, no problem of compatibility of environment with CMSSW and so on. CRAB for gissh works on SLC6 out of the box. 5

Figure 2. Steady shift to the use of the ssh-based CRAB over the period October 2012 to October 2013. It is clearly visible how ssh-based submission host at UCSD became unavailable during Christmas 2012, before we introduced multiple hosts in different regions. No CMS software needed on submission server, only standard gsisshd and HTCondor. Installation is simple and we never had any problems with gsisshd. All problems with HTCondor were routed to experts outside CMS core development team. The only work Analysis Operations team needed to do on the submission server was some simple crontab to cleanup old user files and basic system monitoring. In practice operations load has been continuously decreasing over last year and it is now at its lowest level ever, in spite of the overall amount of analysis work doubling every year, as can be seen in figure 3. Moving users to the ssh portal gave us the possibility to work in the testing and commissioning of the prototypes of the new tool, called CRAB3, and to address long standing problems like user jobs running out of resources (time, memory, disk) on remote worker nodes, glitches in CMS software deployment at sites, problems with glexec failures. The better understanding that we have achieved of those problems and of the possible solutions will be directly incorporated in CRAB3 by the time it will be released for production. We never had any major difficulty with the new system. Occasional gsissh failures have been addressed and largely solved as indicated above. The fact that HTCondor automatically restarts any job that fails in case of a software or hardware glitch on the schedd nodes was also extremely useful. As of July 2013 we turned off the last CRAB server. In a way all its functionalities except automatic resubmission of failed jobs are reproduced by the current system. 7. Conclusions Using (gsi)ssh as a portal has proven to be very effective in giving transparent, efficient access to remote submission servers. We could simplify enormously the software stack that we need to maintain both on the client and the server side and focus on more interesting problems like overall scalability, site s reliability and global policies. In a sentence: it is never too late for 6

Figure 3. Amount of work for Analysis. throwing away software and simplifying the system. Looking forward, we note two areas where improvement is still highly desirable, in spite of the success of the ssh portal approach. We hope that the next version of the CMS analysis submission tool will address those as well: Flexible automatic resubmission policies based on the failure kind (not all job failures benefit from the same resubmission policy). It would be good to move some functionalities of the current CRAB client to the server side were it is possible to deploy changes faster and more frequently and thus better address the changing needs of our environment. Acknowledgments This work was partially sponsored by the US National Science Foundation under Grants No. PHY-1148698 and PHY-1120138. References [1] Chatrchyan S et al. 2008 J. of Instr. 3 S08004 doi:10.1088/1748-0221/3/08/s08004 [2] Pordes R et al. 2007 J. Phys.: Conf. Ser. 78 012057 doi:10.1088/1742-6596/78/1/012057 [3] Kranzlmüller D, Marco de Lucas J and Öster P 2010 Remote Instr. and Virt. Lab. 61-66 doi:10.1007/978-1- 4419-5597-5 6 [4] Spiga D et al. 2007 The CMS Remote Analysis Builder (CRAB) Lect. Notes in Comp. Sci. 4873 580-586 doi:10.1007/978-3-540-77220-0 52 [5] Sfiligoi I, Bradley D C, Holzman B, Mhashilkar P, Padhi S and Würthwein F 2009 The pilot way to grid resources using glideinwms Comp. Sci. and Info. Eng., 2009 WRI World Cong. on 2 428-432 doi:10.1109/csie.2009.950 [6] Groep D, Koeroo O and Venekamp G 2008 glexec: gluing grid computing to the Unix world J. Phys.: Conf. Ser. 119 062032 doi:10.1088/1742-6596/119/6/062032 [7] Sfiligoi I and Dost J M 2013 Using ssh and sshfs to virtualize Grid job submission with rcondor Int. Conf. on Computing in High Energy and Nuclear Physics 2013 (Amsterdam, NL) [8] Butler R et al. 2000 A national-scale authentication infrastructure Computer 33 12 60-66 doi:10.1109/2.889094 7

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback