Information Technology Reference
In-Depth Information
itself interacts with the CBP through two different portlets: the Workflow
portlet (for creating, configuring, and running workflows) and the Authenti-
cation portlet (for specifying the CBP credentials to be used by the user).
The CBP credential set by the user in the Authentication portlet is used by
WS-PGRADE/gUSE to communicate with the CBP service on behalf of the
user (please note that the requirement toward users to specify CBP creden-
tials can be eliminated by assigning robot certificates to existing workflows).
Once the workflow has been configured and submitted with the help of the
Workflow portlet, the set of back-end components (gUSE) are responsible for
arranging the workflow's execution. The Workflow Interpreter (WFI) is used
to schedule nodes of the workflow for execution, and the DCI Bridge is used
to actually make the different job instances run in the selected DCI (cloud, in
our case). Both WS-PGRADE and gUSE components are using the CBP Java
API to access the CBP service. Once the individual job instances have been
sent to the CBP by the DCI Bridge, the CBP is responsible for arranging the
jobs' execution on the selected cloud service.
10.4.2 Robot Certificates in WS-PGRADE/gUSE
As presented previously, accessing the services of the CBP to run jobs on
cloud infrastructures assumes that the user possesses proper CBP creden-
tials. In addition to CBP, there are many DCIs that have such requirements
(e.g., gLite, ARC, or UNICORE). If gateway providers would like to expose
workflows for their users with nodes configured to use such infrastructures,
then users will face the difficulty of managing the proper credentials for actu-
ally submitting the workflows. To eliminate this need, WS-PGRADE/gUSE
has been extended with the robot certificate extension that enables workflow
developers to assign predefined credentials for jobs that require some sort of
authentication with the DCI to which they are targeted.
Figure  10.8 shows the interface for setting a CBP robot credential for a
workflow node set to run on a cloud infrastructure.
After the computing resource has been set, the Create association… button
has to be clicked, and the CBP (or some other DCI-specific, depending
on the target DCI) credentials have to be set in the pop-up window that
appears. From this point, it is impossible to modify the target infrastructure
and the executable of the workflow node as long as the given association is
not removed.
Once a workflow with nodes set to use DCIs requiring authentication but
with proper robot certificates assigned to these nodes is exported to the
local repository, users not possessing the required credentials will be able
to import and actually run the workflow with the robot certificates assigned.
The use of robot certificates will be completely hidden from the user; the
only thing the user will see is that the workflow can be submitted and is
running properly.
Search WWH ::




Custom Search