DYNES: Building a Distributed Virtual InstrumentJan 15, 2013 · What is DYNES? A distributed...

DYNES: Building a Distributed Virtual Instrument

Shawn McKee

University of Michigan

TIP2013, January 15 2013

Shawn McKee

DYNES Talk Overview

• Introduction to DYNES and current status

• How we deploy, monitor and maintain DYNES

• Issues and new features

• Conclusion

1/15/2013 Shawn McKee 2

What is DYNES? A distributed virtual cyber-instrument spanning about 40 US universities and 11 Internet2 connectors which interoperates with ESnet, GEANT, APAN, US LHCNet, and many others. Synergetic projects include OliMPS and ANSE.

Dynamic network circuit provisioning and scheduling


Uses For DYNES

• In the LHC

• In other leading programs in data intensive science (such as LIGO, Virtual Observatory, and other large scale sky surveys)

• In the broader scientific community.

For regional networks and campuses to

support large, long-distance scientific data

flows

• The DYNES team is partnering with the LHC and astrophysics communities, OSG, and Worldwide LHC Computing Grid (WLCG) to deliver these capabilities to the LHC experiment as well as others such as LIGO, VO and eVLBI programs

Broadening existing Grid computing systems by

promoting the network to a reliable, high

performance, actively managed component.


DYNES Status

• The DYNES project (an NSF MRI 3 year grant) is in the middle of its last year (ends July 31)

• Last set of sites were included in Dec 2012

• We have deployed most of the DYNES planned footprint (9 more sites out of 47)

• We have developed a significant infrastructure to provision, deploy and monitor the DYNES instrument which I will describe here



DYNES Deployments (Current/Underway)

Initial DYNES Challenges

DYNES sites are expected to be mostly autonomous after initial deployment. Certainly when DYNES ends sites must take-over

DYNES as an MRI has no “formal” funding for centralized services or application development (but…we still have some services).

Nonetheless, we need to have a way to deploy and if necessary modify system configurations to get all sites functional and mostly “hands-off” in the long run.

We also need to have a way to determine if sites are functional and notify them if not, especially in initial stages.


DYNES Software Components

IDC and FDT systems run Scientific Linux 5 or 6 (initially 5, now deploying on 6)

Circuit provisioning is done with OSCARS (On-Demand Secure Circuits and Advance Reservation System) originally v0.5 but now using v0.6

Data transfer with well-known open-source Fast Data Transfer software.

Work underway to integrate OpenFlow capable switches - new firmware will support it on S4810 (see later slides)

Monitor component status with Nagios and custom plugins

All configuration files, diagrams and site info kept in Subversion repository

Track network switch configuration updates with Rancid


Approaches

• Too complex and too centralized.

• Who maintains it? Does everyone understand how to use it?

A centralized configuration manager

(cfengine, ncm, puppet) was rejected

• Anyone can build or install, updates can be deployed from a yum repository

• RPM post/pre scripts allow some scripting

• Can specify other package requirements in RPM spec

Building a base config into RPMS made sense

• Systems run a cron job which regularly fetches ssh public keys from UM webserver

• HTTP/SSL with verified certificate used to assure source identity

How to access systems for administration?


Approaches - Kickstart

• IDC/FDT systems reference certain specific repositories or packages in the kickstart so they come up ready to go, appropriate kernel (FDT uses UltraLight kernel), appropriate base packages.

To quickly get FDT/IDC systems built we

generated site and system specific kickstart files that

could be referenced by sites via http in the event

that they needed to rebuild a system.

• Batch scripts referenced collection of site config files

• Just a fun note: used perl Geo::IP module to set timezones in kickstarts

These files were created in a batch process

(shell/perl) to be downloaded at install time

over http.


Approaches - Switches

• Specify switch MAC and initial configuration file in DHCP server config, then PXE boot switches

• Batch scripts created site specific switch config files from site config files and placed into appropriate location on our tftp host

Dell/Force 10 switches, like many switches, can be pointed to an initial

configuration file available over TFTP

when PXE booted out of the box

• Batch scripts package switch config files into dynes-base-idc RPM

• RPM at install sets up simple DHCP and TFTP servers (not enabled by default) which can be used to repeat the initial configuration process if a switch is ever replaced

Configuration files are packaged and installed

on IDC hosts


DYNES RPMS • configures core services like logging to DYNES loghost, snmp

communities, ntp, perfSonar services (owamp), ssh. Also includes many configuration scripts.

dynes-base

• puts in place site specific config files (same file used to build switch and server configs, now used locally for DYNES software config)

dynes-config-sitename

• specific to IDC. Includes switch configuration and docs dynes-base-idc

• specific to FDT. Requires special kernel repo. Packages script to setup storage post-install. dynes-base-fdt

• requires Nagios RPMS (EPEL repo) and installs public key used by nagios server to run checks. dynes-nagios

• Ultralight kernels for FDT dynes-repo-

kernel


DYNES Yum repository

Configuration updates will be automatically grabbed by yum update, but sites always have the option to disable the DYNES repos and update as they wish.

Example: After the initial installation run we wanted to incorporate Nagios. We packaged our Nagios setup into an RPM and made dynes-base require that RPM. Next yum update, all systems were accessible by Nagios.

Fairly low maintenance to maintain

Disadvantage that we have to be careful not to break yum updates with bad dependency specifications.


Configuration Scripts • Runs other config scripts

• Run manually after kickstarting system/installing RPMS install_dynes.sh

• Installs Dell Yum repository (source for firmware updates, OM software)

• Sets up Dell OpenManage software for CLI interface to hardware (BIOS, Storage Controller,etc)

• Updates firmware, configures settings for AC power recovery, CPU VT install_dell.sh

• Configures OM software to email alerts to DYNES admin list dell_alerts.pl

• Configures Dell Remote Access Controller network and user info (references dynes-config-site file installed in /etc/dynes by RPMS)

idrac6_setup.sh

• Configures RAID-0 volume for data caching (runs on FDT only) setup_storage.sh

• Configures bridged network interface, needed by KVM. DYNES IDC controller distributed as VM.

configure_net.sh


Deploying The Instrument


Monitoring the Instrument

• Nagios is well known

• Can script nagios checks for more detailed functional status

• Integrated with ‘Nagmap’ to map sites

Though the ideal is to have no central point of service it was decided that

we need some way to know how things are going

• Rancid has “saved” us at AGLT2 a couple times

• Can store configs to any SVN repository – use web interface to Internet2 repo to reference configs easily

We needed a way to track switch configurations for sites in case of

breakage or to restore from emergency

• It’s easy to rack a system and never look at it, email alerts assure we can inform sites of problems

• CLI utils included in OM are useful

Our installation includes Dell OpenManage software configured to

send email alerts for system problems


Monitoring the Instrument


Nagios Monitor


We setup host-groups for each site and by equipment type: switch, FDT or IDC host. Can quickly see where we have issues: host not installed or down, network path intermittent. Goal is to improve higher level tests to verify circuit setup and use between DYNES sites

Nagios Monitor of FDT Host-group


Nagmap of DYNES Installations https://dngs.aglt2.org/nagmap/index.php

(Not shown yet: Princeton, MSU, UNH)


https://dngs.aglt2.org/nagmap/index.php

https://dngs.aglt2.org/nagmap/index.php

Current DYNES Challenges • Getting stable, reliable services in place

– It takes a significant effort to get the initial deployments operational – Sites make changes, sometimes without realizing the impact on DYNES – Things break and need to be fixed

• Providing end-users with easy (transparent) access to DYNES capabilities – DYNES as an MRI doesn’t have development effort to integrate with users

applications – We depend upon interested users to drive this: community support is one way

forward. – Other collaborations and research projects will leverage DYNES

• Enabling users to fully utilize bandwidth reservations, at least within DYNES – DYNES FDT storage is equipped with 10G interfaces – Reservations are typically 1-2 Gbps and TCP behaves badly with a 10G NIC

sending into a smaller circuit – DYNES is exploring RoCE and other RDMA techniques to see if they can help

• Finalizing documentation to enable user-communities – We need to provide detailed information on the existing APIs, software and

examples – Draft version of user Guide is available for comments (see links at end of talk)


DYNES and OpenFlow • When DYNES started Software Defined Networking was

“alpha” at best – We would have liked to start out with something like OpenFlow

for use in DYNES

• We now have an opportunity to integrate OpenFlow within DYNES by retrofitting some sites with Dell/Force10 S4810 switches and “beta” OpenFlow firmware. – Testing of OpenFlow and the Open Exchange Software Suite

(OESS) integration was successful at Michigan – Orders for S4810 switches are in progress with plans to retrofit

some sites over the next 2 months

• This should provide a simpler and more inter-operable DYNES instrument for the future.


Additional DYNES Efforts

• We are also doing a number of additional upgrades and extensions to DYNES – Sites are being retrofitted with a perfSONAR node

running perfSONAR-PS for tracking network performance

– We are explore RDMA over Converged Ethernet (RoCE) as an option to improve the effectiveness of data transfers over reserved DYNES circuits

– Monitoring interfaces to track DYNES circuit use are almost ready to go live


Conclusion

• DYNES deployments are nearing completion • Our DYNES deployment infrastructure has worked very

well. Sites are consistent and generally functional out of the box.

• The monitoring and tracking infrastructure is functional

and will help focus our last 6 months of effort • We have some additional efforts on OpenFlow, RoCE,

monitoring and documentation that should provide an excellent baseline to hand off to end-sites in July


Useful DYNES Links

• The DYNES web-page at Internet2:

http://www.internet2.edu/ion/dynes.html

• We have a preliminary user guide at: http://www.internet2.edu/ion/docs/20130108-DYNESGuide.pdf

(Feed back welcome but understand this is a work in progress!)

• Subscribe to the DYNES user mailing list at https://lists.internet2.edu/sympa/subscribe/dynes-users

• Email questions to [email protected].




http://www.internet2.edu/ion/docs/20130108-DYNESGuide.pdf




https://lists.internet2.edu/sympa/subscribe/dynes-users




mailto:[email protected]



Questions or Comments?


Additional Slides


Example Kickstart install url --url http://mirror.anl.gov/pub/centos/6/os/x86_64/ repo --name=Updates --mirrorlist=http://dynes.grid.umich.edu/dynes/ks/centos6-mirrorlist-updates repo --name=Install --mirrorlist=http://dynes.grid.umich.edu/dynes/ks/centos6-mirrorlist # DYNES repos repo --name=DYNES --baseurl=http://dynes.grid.umich.edu/dynes/repo/el6 repo --name=Internet2 --baseurl=http://software.internet2.edu/branches/aaron-testing/rpms/x86_64/main repo --name=EPEL --mirrorlist=http://mirrors.fedoraproject.org/mirrorlist?repo=epel-6&arch=x86_64 # Kernel repo here for FDT only repo --name=DYNES-kernel --baseurl=http://dynes.grid.umich.edu/dynes/kernel-repo/el6 logging --host=141.211.43.110 --level=debug skipx lang en_US.UTF-8 keyboard us network --device eth3 --hostname fdt-umich.dcn.umnet.umich.edu --ip 192.12.80.86 --netmask 255.255.255.252 --gateway 192.12.80.85 --nameserver 141.211.125.17 --onboot yes --bootproto static --noipv6 network --device eth1 --onboot yes --bootproto static --ip 10.10.3.240 --netmask 255.255.252.0 --noipv6 rootpw --iscrypted $1$qeLsd;fsdkljfklsdsdfnotourpasswordreally firewall --enabled --port=22:tcp authconfig --enableshadow --enablemd5 selinux --disabled firstboot --disable timezone America/New_York ignoredisk --drives=sda bootloader --location=mbr --driveorder=sdb --append="rhgb quiet selinux=0 panic=60 printk.time=1" # partitions clearpart --all --drives=sdb part /boot --fstype=ext4 --size=500 --ondisk=sdb part pv.dynes --size=1 --grow --ondisk=sdb volgroup vg_dynes --pesize=4096 pv.dynes logvol / --fstype=ext4 --name=lv_root --vgname=vg_dynes --size=1024 --grow logvol swap --fstype=swap --name=lv_swap --vgname=vg_dynes --size=4096 1/15/2013 Shawn McKee 28

Example DHCP Config # For s4810 BMP (bare metal provisioning) # option configfile code 209 = text; # option tftp-server-address code 150 = ip-address; # option tftp-server-address 10.1.1.10; # option bootfile-name code 67 = text; subnet 10.1.1.0 netmask 255.255.255.0 { range 10.1.1.200 10.1.1.209; option subnet-mask 255.255.255.0; default-lease-time 1200; max-lease-time 1200; # option routers 10.1.1.10; option domain-name "local"; option broadcast-address 10.1.1.255; next-server 10.1.1.10; group "local" { # rice S4810 #host rice.local { # hardware ethernet 00:01:e8:8b:09:a6; # option configfile "/dynes/switch-configs/dynes-switch-config-rice.cfg"; # option bootfile-name "/dynes/images/FTOS-SE-8.3.10.1.bin"; #} host iowa.local { hardware ethernet 5C:26:0A:F4:F7:6F; option bootfile-name "/dynes/switch-configs/dynes-switch-config-iowa.cfg"; } host harvard.local { hardware ethernet 5C:26:0A:F4:F7:5F; option bootfile-name "/dynes/switch-configs/dynes-switch-config-harvard.cfg"; }


DYNES: Building a Distributed Virtual InstrumentJan 15, 2013 · What is DYNES? A distributed...

Documents

Transcript of DYNES: Building a Distributed Virtual InstrumentJan 15, 2013 · What is DYNES? A distributed...