Upload
lydia-waters
View
220
Download
0
Embed Size (px)
Citation preview
caGrid 2.0
December 2013
2
What is caGrid 2.0???
• Provides a patch for caGrid 1.x to support SHA2
• OSGi implementation of WSRF on the new technical stack.– Provides foundation of migrating caGrid 1.x
services to new technical stack.• caGrid 1.x Services migrated to new
technical stack– Not all services were migrated.– Secure services that need to support two endpoints
in the same JVM were migrated.– Services that were not migrated will be migrated
as part of caGrid 2.1 or deprecated.
3
caGrid 2.0 Technical Stack• Java 7• Spring• OSGi
– A module system and service platform for the Java programming language that implements a complete and dynamic component model
• Apache Camel– is a rule-based routing and mediation engine which provides a Java
object-based implementation of the Enterprise Integration Patterns using an API (or declarative Java Domain Specific Language) to configure routing and mediation rules.
• Apache Service Mix– OSGi powered Enterprise Service Bus (ESB)
• Apache CXF – Apache CXF is an open source services framework. CXF helps you
build and develop services using frontend programming APIs, like JAX-WS and JAX-RS. These services can speak a variety of protocols such as SOAP, XML/HTTP, RESTful HTTP, or CORBA and work over a variety of transports such as HTTP, JMS or JBI.
4
caGrid 2.x Service SupportService caGrid 2.0 caGrid 2.1 Retired
Authentication Service X
Credential Delegation Service X X
Dorian X X
Grid Grouper X X
Grid Trust Service (GTS) X X
SyncGTS X
Global Model Exchange (GME) X X
Index Service X
Metadata Model Service X
Federated Query Processor (FQP) X
Taverna Workflow X
Identifiers X
5
What caGrid 2.x is Not
• GAARDS UI– GAARDS UI has not been migrated, existing
GAARDS UI is backwards compatible.• Introduce
– Introduce has not been migrated.– We plan to develop Maven Archetypes that will
create service skeletons for new projects• Client API
– caGrid 1.x java client APIs were not migrated.– caGrid 1.x java clients will continue to work.– New client APIs can be generated using Apache
CXF.
6
Moving to caGrid 2.0
• Existing 1.x grid services with SHA-1 host certificates will continue to work normally. When their host certificates expire, they will need to replace a single JAR file in their service when they install a SHA-2 host certificate.
• Development teams using Introduce may continue to, and will have to swap in a replacement JAR after service generation to support SHA-2.
• Development teams who wish to build WS or Rest web services that interact with caGrid 2.0 may do so in the tool of their choice (e.g. Eclipse, IntelliJ). Given the state of languages and tools to natively support this, no tooling is provided to support this development.
7
caGrid Capabilities used by CBIIT ProjectsAdvertisement
& Discovery Metadata Query Security
caDSR
caTissue
C3D
CTRP
EVS
NBIA
caB2B Consumer Consumer
NCTN Navigator Authentication
caArray
Information may be incomplete or incorrect, to be verified
8
caGrid Deployment
Generates
caGrid 1.x Service
supports
• Advertisement & Discovery• Metadata• Query• Security• SHA-1 Host Certificates
(SHA-2 with a patch)
Deploy to eitherJBoss 4.0.5 Tomcat 5.5
Additional upgrade needed: Due to limitations in Globus 4.0.3, JBoss 4.0.5 or Tomcat 5.5 is the latest supported version.
Both JBoss 4.0.5 and Tomcat 5.5 are falling off Tech Stack. Additional upgrade to move patched services away from Globus is needed.
9
(Absence of) Tooling for caGrid 2.0
Given the evolution of software development tooling since caGrid 1.0 was released, we do not envision providing tooling (e.g. Introduce 2.0):• Java language now supports native annotations to build
(for instance) REST interfaces• caGrid 2.0 SOA web services are backwards compatible
to Globus, but are not Globus services, meaning that it’s possible to build clients and services in other languages that interoperate with the standards and don’t require the client JARs for all interactions
• Many capabilities were not brought forward into 2.0 (e.g. data services, metadata) but are supported through backwards compatibility.
10
Migration Path for Tools/Sub-projects
caGrid Transfer “Service” – Introduce extension developed to support out-of-band data transmission, overcoming a limitation of Axis 1.2 used by Globus• Will continue to work through backwards compatibility• New, modern options are available if using the caGrid
2.0 approach, but one will not be prescribed
11
What does Application Development for Grid 2.0 look like?
Uses Java/ Eclipse to
build
SOA Web Service
implements
• Advertisement & Discovery• Query (e.g. secure REST
Interface, not CQL data service)• caGrid Security / PKI w/ SHA-2D
eploy to
Container of Choice
DevelopmentTeam
12
Documentation
• Guides– Checkout and build caGrid 2.0– Patching a caGrid 1.4 service– Patching a caGrid 1.4 distribution– Obtaining SHA2 Host Credential– Create Trust Fabric Certificate Authority
• Core Service guides– Developer– Administrator
• Service upgrade guides
• https://www.cagrid.org/display/caGrid20/Home
13
Documentation - Cookbooks
• Provides best practices and example implementations• Provides framework to start your implementations• Maven Archetypes
– Builds project skeleton based on provided settings– Fill in your business logic– Deploy your service
• Cookbooks– Develop a caGrid 2.0 Analytical Service (REST, SOAP)– Develop a caGrid 2.0 Secure Analytical Service (SOAP)– Migrate a caGrid 1.4 Analytical Service to caGrid 2.0
(SOAP)
14
Secure Analytical Service
• This tutorial walks you through the steps of creating and using a secure analytical service using caGrid 2.x. This tutorial focuses on fine-grained service-level permissions using Grid Grouper to enable secure photo sharing use case
• https://www.cagrid.org/display/caGrid20/Secure+Analytical+Services+Tutorial
15
Analytical RESTful service
• This tutorial illustrates how to create caGrid 2.x analytical RESTful service following the best practices mentioned. First, you will create a stock quoting service with operations. Then you will deploy generated service to test it with a client program.
• https://www.cagrid.org/display/caGrid20/Develop+caGrid+2.x+Analytical+RESTful+Service
16
Analytical SOAP service
• This tutorial illustrates how to create caGrid 2.x analytical SOAP service following the best practices mentioned. First, you will create a stock quoting service with operations. Then you will deploy generated service to test it with a client program.
• https://www.cagrid.org/display/caGrid20/Develop+caGrid+2.x+Analytical+SOAP+Service
17
Upgrade caGrid 1.4 Analytical SOAP service
• This tutorial illustrates how to upgrade an existing caGrid 1.4 analytical SOAP service to caGrid 2.0 analytical SOAP service. You will deploy generated service to test it with a client program.
18
Backup Slides
19
What caGrid 1.x Users must do to use caGrid 2.0
• Services and Clients do not need to do anything:– caGrid 2.0 services are backwards compatible with caGrid
1.x clients and services– Once the Production Grid is upgraded, services will
advertise as they always have
20
What caGrid 1.4 Services must do to support SHA-2
They need not do anything until their SHA-1 certificate expires. When it does:• Shutdown the container (JBoss or Tomcat)• Patch your caGrid 1.4 service to support SHA-2 • Launch the GAARDS-UI
– Change your target grid to use the SHA-2 endpoint– “Renew” their existing host certificate– SHA-1 certificates are replaced with a SHA-2 certificates– Replace the deployed SHA-1 cert with new SHA-2 cert
• Restart the service