July 7th Discussion


In the refactored ETICS services architecture there's gong to be an entity, the Submitter, responsible for hiding the underlying job submissions infrastructure to the ETICS services. The Submitter exposes a generic build submission interface.

This discussion aims at highlighting the issues that we are going to face when implementing a submitter that submits builds to the EGEE Infrastructure.

Submitting jobs to the EGEE Infrastructure

Authorization to Submit Jobs and Resources Sharing in EGEE

Requirements for submitting job to the EGEE Infrastructure

  • The entity must have an X.509 certificate, and be able to create a VOSM proxy
  • The entity must be in one of the VO that are authorized and has share quota on the infrastructure


Authorization to Submit Remote Builds and Resource Sharing in ETICS

On the current system

  • Only users with either the Developer or Integrator role in the scope of a component are allowed to submit remote builds for that component.
  • Users can require to use resources that are marked as private.

QUESTION? Do we want to stay with this model or think something more sophisticated? We stay, unless there's a requirement for that.

QUESTION? NEW Can we stay with this model? Consider that

  • Someone on the infrastructure has to share the resources the builds will run on
  • It's unlikely that someone will share resources, if you're going to run builds for any project
  • Can private resources be added to the infrastructure?

Enforcing Authz and Sharing on the EGEE Infrastructure

Independently form the sharing model chosen there are two ways to implement it.

Enforcement Done by ETICS

The Submitter has anyway resources where to submit builds and enforce the sharing.

ALERT! Is that really feasible? How can an entity on the EGEE infrastructure have anyway resources? Has to be checked with EGEE people.

  • entity whitelisted
  • entity in a VO that has anyway resources (DTEAM?)

Enforcement Done Using the Underlying Infrastructure Authz and Sharing

The Submitter gets credentials that are authorized and has sharing quotas on the infrastructure, and submits the builds using those credentials. The infrastructure will deny the resources, or when allowing will use the shares quotas.

Edit | Attach | Watch | Print version | History: r1 | Backlinks | Raw View | WYSIWYG | More topic actions
Topic revision: r1 - 2008-07-14 - ValerioVenturi
    • Cern Search Icon Cern Search
    • TWiki Search Icon TWiki Search
    • Google Search Icon Google Search

    ETICS All webs login

This site is powered by the TWiki collaboration platform Powered by PerlCopyright & 2008-2020 by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
Ideas, requests, problems regarding TWiki? Send feedback