| | 1 | = Quattor Workshop - CERN - 16-18/3/2011 = |
| | 2 | [[TracNav]] |
| | 3 | |
| | 4 | [[TOC(inline)]] |
| | 5 | |
| | 6 | |
| | 7 | [http://indico.cern.ch/conferenceTimeTable.py?confId=118603#all.detailed Agenda]. |
| | 8 | |
| | 9 | == Quattor Status Report - M. Jouvin == |
| | 10 | |
| | 11 | See [http://indico.cern.ch/getFile.py/access?contribId=16&sessionId=13&resId=0&materialId=slides&confId=118603 Slides]. |
| | 12 | |
| | 13 | == Core Tools == |
| | 14 | |
| | 15 | === Quattor Configuration Modules - L. Munoz Meijias === |
| | 16 | |
| | 17 | Recent addition |
| | 18 | * `ncm-ofed` (from Stijn): Infiniband configuration, very preliminary |
| | 19 | |
| | 20 | Obsolete/suspect modules |
| | 21 | * `ncm-http`: used only at CERN |
| | 22 | * `ncm-tomcat`: used only at CERN |
| | 23 | * `ncm-tomcat2`: who uses it? |
| | 24 | * `ncm-rproxy`: replaced by `ncm-squid`? |
| | 25 | * `ncm-smartd` and `ncm-smartd5`: same schema, what is the difference? |
| | 26 | |
| | 27 | Component quality: testing is tedious, old bugs are often back... |
| | 28 | * CAF is a critical tool to help with component reliability |
| | 29 | * Can run commands, update/write files with traceability and a real test suite |
| | 30 | * LC status: still maintained, private copy in Quattor |
| | 31 | * LC::File should not be used directly, CAF::FileWriter and CAF::FileEditor instead |
| | 32 | * LC::Process no longer expands to a subshell: new version will allow to split command on whitespaces |
| | 33 | |
| | 34 | `ncm-accounts`: rewritten twice in last 2 years, hope v6 will fix all problems definitely |
| | 35 | * Very fast with large number of accounts |
| | 36 | * It correctly handles creation of user's home directories |
| | 37 | |
| | 38 | `ncm-networks`: lot of complains, ugly code, need rewriting, must review what the component should really do |
| | 39 | * Define IP config for network cards |
| | 40 | * Define bridge devices: required for virtualization support |
| | 41 | * Tuning of device parameters |
| | 42 | * Configuration of channel bonding: kernel module manipulations should be done with ncm-modprobes |
| | 43 | * Must work on diskless servers: no more restart of the network just for testing |
| | 44 | * TCP-parameters should be controlled by ncm-sysctl |
| | 45 | * IPv6 support: schema extension needed |
| | 46 | * Loic may try to look at it |
| | 47 | |
| | 48 | `ncm-sudo`: CERN needs to be able to manage sudoers.ldap |
| | 49 | |
| | 50 | `ncm-useraccess`: proposal to remove PAM-based ACL support |
| | 51 | * Mistake to have put it here, use `ncm-pam` instead |
| | 52 | |
| | 53 | `ncm-authconfig` rewritten with LDAP support |
| | 54 | |
| | 55 | `ncm-modprobe`: support for SL4 to SL6 |
| | 56 | * SL3 support removed |
| | 57 | |
| | 58 | `ncm-spma` v2: new incompatible schema, 2-phase upgrade needed |
| | 59 | |
| | 60 | `ncm-chkconfig`: problem with removal of ability to specify both `on` and `off` |
| | 61 | * Need ability to say "set service on to runlevel ",4,5 but off at other levels" |
| | 62 | |
| | 63 | CCM: no changes since Feb. 2009, MS patches still not there? |
| | 64 | * Still no support for local profiles required for easier testing |
| | 65 | |
| | 66 | `ncm-ncd`: version 1.3 by MS allows subclassing |
| | 67 | * Some components won't work with 1.2 in the future |
| | 68 | * Should try to enable `-t` in Perl to get warnings about dangerous components |
| | 69 | * `cdp-listend` and `ncm-cdispd` should drop privileges when not needed |
| | 70 | |
| | 71 | RHEL6 support: another platform to maintain... introduces Perl 5.12 |
| | 72 | * Major language changes but backward compatible |
| | 73 | * Use stricter modes in Perl 5.12 to identify improvements needed to existing components |
| | 74 | * Don't jump to quickly into new, incompatible features |
| | 75 | * Core libraries (CAF, LC) are not affected by the changes |
| | 76 | |
| | 77 | Some actions needed |
| | 78 | * Identify obsolete components and move them to another location (delete them?) |
| | 79 | * Identify and fix components using backquotes to spawn commands instead of CAF::Process |
| | 80 | * Do a Quattor component release? or official/recommended list of components? |
| | 81 | * Can the new build tools help with this? |
| | 82 | * What process? |
| | 83 | |
| | 84 | Luis will no longer be able to (significantly) contribute as he's leaving CERN... |
| | 85 | |
| | 86 | |
| | 87 | === Aquilon and other MS Developements Status - N. Williams === |
| | 88 | |
| | 89 | Main developments: integration with ESX through QRD |
| | 90 | |
| | 91 | Profile signatue: decided it was not the way to go, just encrypting profiles over the wire through Krb host keytab |
| | 92 | |
| | 93 | ncm-network: MS would like to be involved in rewrite, ready to contribute |
| | 94 | |
| | 95 | ncm-modprobes: difficulties with last version because of removal of shell expansion |
| | 96 | |
| | 97 | RHEL6: found various issues, some of them not identified at CERN (in particular AII-related ones) |
| | 98 | * Goal: support ready in a few months, fixing problems as they are discovered |
| | 99 | |
| | 100 | Aquilon: will add support for "clusters" in a way similar to SCDB to help with use of QWG templates. |
| | 101 | |
| | 102 | Will start looking at support Solaris 11 in the future. |
| | 103 | * Probably not before autumn |
| | 104 | |
| | 105 | May also look at feeding their internal Windows management system from Quattor. |
| | 106 | |
| | 107 | |
| | 108 | == QWG Templates == |
| | 109 | |
| | 110 | === QWG Templates Update - M. Jouvin === |
| | 111 | |
| | 112 | See slides. |
| | 113 | |
| | 114 | === Nagios Templates - R. Starink === |
| | 115 | |
| | 116 | Almost done |
| | 117 | * monitoring/nagios/config: server configuration |
| | 118 | * RPM includes |
| | 119 | * Apache configuration |
| | 120 | |
| | 121 | Difference between generic and local configuration: most work done locally, still need to be merged |
| | 122 | |
| | 123 | Pnp4Nagios: service tpl needs site modifications |
| | 124 | |
| | 125 | Hierarchy of Nagios servers: optional |
| | 126 | |
| | 127 | Grid monitoring: based on EGEE/EGI work |
| | 128 | * Uses YAIM, not easy to integrate into existing QWG templates. More discussion required. |
| | 129 | * Replace ncm-yaim by ncm-filecopy? |
| | 130 | * Not generic |
| | 131 | |
| | 132 | Summary |
| | 133 | * No visible progress yet but some progress behind the scenes |
| | 134 | * Merge into SVN requires time and dedication: would like to test results |
| | 135 | * Grid monitoring to be done after completion of base work |
| | 136 | |
| | 137 | |
| | 138 | === LEMON - I. Fedorko === |
| | 139 | |
| | 140 | Exception sensor: runs on the monitored node to report abnormal conditions (based on local conditions and metrics collected by other sensors on the node) and optionally run a corrective action. |
| | 141 | |
| | 142 | LEMON usage: CERN (several instances at CC and in online farms), CNAF, MS |
| | 143 | |
| | 144 | Backends |
| | 145 | * Supported: Oracle and flat-files |
| | 146 | * No alarming possible with flat-files: rely on PL/SQL (available for most DBs) |
| | 147 | * Postgres/MySQL support should be possible to add as internally LEMON is DB vendor independent |
| | 148 | |
| | 149 | LEMON usage at CERN: 11K entities (8K machines), 5+ Knodes with 150-200 metrics |
| | 150 | * Performance monitoring |
| | 151 | * Application monitoring |
| | 152 | * Infrastructure metrics: temperature, power... |
| | 153 | * 5 core sensors covering 60% of measurements |
| | 154 | * 1 LEMON server (+1 for historical data) |
| | 155 | |
| | 156 | Quattor management of LEMON |
| | 157 | * LEMON agent configured with ncm-fmonagent |
| | 158 | * LEMON client configuration files signed with SINDES |
| | 159 | |
| | 160 | Current activities |
| | 161 | * Federation of instances (worked with MS) |
| | 162 | * Virtual machines monitoring: Quattor used to generate images (golden nodes) leading to several VM instances sharing the same SINDES certificate |
| | 163 | * Also customized sensors for hypervisors |
| | 164 | * New LEMON web for better scalability and improved flexibility (more dynamic operations) |
| | 165 | |
| | 166 | Future |
| | 167 | * Consolidation of monitoring activities at CERNIT, including experiment support |
| | 168 | * New DB schema for increased scalability |
| | 169 | * DB data export for data mining |
| | 170 | * Exception classification for alarming |
| | 171 | * Remote instances (monitoring of remote T0) |
| | 172 | * Probably integrating with Nagios for collection |
| | 173 | * Interfacing to Nagios: interested by ideas/experiences |
| | 174 | * Interfacing with Windows monitoring |
| | 175 | |
| | 176 | LEMON development team at CERN: 1 to 1.5 FTE |
| | 177 | * Enough for maintenance for CERN usage |
| | 178 | * Not enough to do major reengineering: a problem as the use cases have changed |
| | 179 | * Consolidating monitoring activities (and manpower) is one direction |
| | 180 | * Interacting with other tools is the other direction |
| | 181 | |
| | 182 | |
| | 183 | == CMS Experience with Quattor - J. A. Coarasa Perez == |
| | 184 | |
| | 185 | CMS online computing infrastructure requirements |
| | 186 | * Complete autonomy from CERN IT and network |
| | 187 | * Myrinet core network |
| | 188 | * Redundant services (2 different computing rooms distant of 200m), managed remotely from a central control room |
| | 189 | * Fast configuration turnaround |
| | 190 | * Ability to read from electronics at 100 kHz (100 GB/s) |
| | 191 | * Computing power to do data selection (2 GB/s output): ~2500 cores |
| | 192 | * Enough disk storage for 2 days: ~300 TB |
| | 193 | * Spare computers for quick replacement in case of failure (~200) |
| | 194 | |
| | 195 | Limited manpower: ~5 FTEs |
| | 196 | |
| | 197 | Quattor is the core configuration management tool |
| | 198 | * Computers installed through Quattor but not using AII |
| | 199 | * Based on a (very) old Quattor version: 1.3 |
| | 200 | * panc 6 |
| | 201 | * RPM repositories hosted on NetApp filers with 6 SWrep servers |
| | 202 | * Performance: 10mn for compiling the whole 2500 machines |
| | 203 | * Time to deploy changes: ~10 mn (cdp notification used) |
| | 204 | * Reinstallation of 1K machines in 1h 1/4 |
| | 205 | * Problem when SWrep servers were overloaded: spma timeout, no retry |
| | 206 | |
| | 207 | Well defined template structure/layout (CMS specific) |
| | 208 | |
| | 209 | Some CMS-specific developments |
| | 210 | * Dropbox for RPMs to allow people without Quattor expertize to update their SW in a traceable/reproducible way |
| | 211 | * Buggy components requiring workarounds (in particular for configuration removal) |
| | 212 | * Copy of configuration files to individual computers: copyd |
| | 213 | * Network configuration derived from DNS |
| | 214 | * RPMs used to create users |
| | 215 | * Web frontend to CDB configuration: template summarizer (parsing part of the profiles according to CMS way of configuring systems) |
| | 216 | * Software Update Tools: allow to update existing RPM in a group of computers (dropbox) |
| | 217 | * Upgrade or downgrade |
| | 218 | * Allows to rollback changes |
| | 219 | * Allow to check the status of the update |
| | 220 | * Perform checks on the RPM: already exists, not named properly... |
| | 221 | * Cannot be used to add a new RPM to the configuration: need to request addition of a new RPM |
| | 222 | * Only one person can run it at any time |
| | 223 | * Ability to run commands on a set of computers selected based on the use of a given template (like a type) |
| | 224 | |
| | 225 | Conclusions |
| | 226 | * Quattor has been and is scalable to CMS needs |
| | 227 | * Not always as flexible as we'd like... |
| | 228 | |
| | 229 | |
