Version 1 (modified by 13 years ago) (diff) | ,
---|
Quattor Workshop - CERN - 16-18/3/2011
TracNav
Table of Contents
Quattor Status Report - M. Jouvin
See Slides.
Core Tools
Quattor Configuration Modules - L. Munoz Meijias
Recent addition
ncm-ofed
(from Stijn): Infiniband configuration, very preliminary
Obsolete/suspect modules
ncm-http
: used only at CERNncm-tomcat
: used only at CERNncm-tomcat2
: who uses it?ncm-rproxy
: replaced byncm-squid
?ncm-smartd
andncm-smartd5
: same schema, what is the difference?
Component quality: testing is tedious, old bugs are often back...
- CAF is a critical tool to help with component reliability
- Can run commands, update/write files with traceability and a real test suite
- LC status: still maintained, private copy in Quattor
- LC::File should not be used directly, CAF::FileWriter and CAF::FileEditor instead
- LC::Process no longer expands to a subshell: new version will allow to split command on whitespaces
ncm-accounts
: rewritten twice in last 2 years, hope v6 will fix all problems definitely
- Very fast with large number of accounts
- It correctly handles creation of user's home directories
ncm-networks
: lot of complains, ugly code, need rewriting, must review what the component should really do
- Define IP config for network cards
- Define bridge devices: required for virtualization support
- Tuning of device parameters
- Configuration of channel bonding: kernel module manipulations should be done with ncm-modprobes
- Must work on diskless servers: no more restart of the network just for testing
- TCP-parameters should be controlled by ncm-sysctl
- IPv6 support: schema extension needed
- Loic may try to look at it
ncm-sudo
: CERN needs to be able to manage sudoers.ldap
ncm-useraccess
: proposal to remove PAM-based ACL support
- Mistake to have put it here, use
ncm-pam
instead
ncm-authconfig
rewritten with LDAP support
ncm-modprobe
: support for SL4 to SL6
- SL3 support removed
ncm-spma
v2: new incompatible schema, 2-phase upgrade needed
ncm-chkconfig
: problem with removal of ability to specify both on
and off
- Need ability to say "set service on to runlevel ",4,5 but off at other levels"
CCM: no changes since Feb. 2009, MS patches still not there?
- Still no support for local profiles required for easier testing
ncm-ncd
: version 1.3 by MS allows subclassing
- Some components won't work with 1.2 in the future
- Should try to enable
-t
in Perl to get warnings about dangerous components cdp-listend
andncm-cdispd
should drop privileges when not needed
RHEL6 support: another platform to maintain... introduces Perl 5.12
- Major language changes but backward compatible
- Use stricter modes in Perl 5.12 to identify improvements needed to existing components
- Don't jump to quickly into new, incompatible features
- Core libraries (CAF, LC) are not affected by the changes
Some actions needed
- Identify obsolete components and move them to another location (delete them?)
- Identify and fix components using backquotes to spawn commands instead of CAF::Process
- Do a Quattor component release? or official/recommended list of components?
- Can the new build tools help with this?
- What process?
Luis will no longer be able to (significantly) contribute as he's leaving CERN...
Aquilon and other MS Developements Status - N. Williams
Main developments: integration with ESX through QRD
Profile signatue: decided it was not the way to go, just encrypting profiles over the wire through Krb host keytab
ncm-network: MS would like to be involved in rewrite, ready to contribute
ncm-modprobes: difficulties with last version because of removal of shell expansion
RHEL6: found various issues, some of them not identified at CERN (in particular AII-related ones)
- Goal: support ready in a few months, fixing problems as they are discovered
Aquilon: will add support for "clusters" in a way similar to SCDB to help with use of QWG templates.
Will start looking at support Solaris 11 in the future.
- Probably not before autumn
May also look at feeding their internal Windows management system from Quattor.
QWG Templates
QWG Templates Update - M. Jouvin
See slides.
Nagios Templates - R. Starink
Almost done
- monitoring/nagios/config: server configuration
- RPM includes
- Apache configuration
Difference between generic and local configuration: most work done locally, still need to be merged
Pnp4Nagios: service tpl needs site modifications
Hierarchy of Nagios servers: optional
Grid monitoring: based on EGEE/EGI work
- Uses YAIM, not easy to integrate into existing QWG templates. More discussion required.
- Replace ncm-yaim by ncm-filecopy?
- Not generic
Summary
- No visible progress yet but some progress behind the scenes
- Merge into SVN requires time and dedication: would like to test results
- Grid monitoring to be done after completion of base work
LEMON - I. Fedorko
Exception sensor: runs on the monitored node to report abnormal conditions (based on local conditions and metrics collected by other sensors on the node) and optionally run a corrective action.
LEMON usage: CERN (several instances at CC and in online farms), CNAF, MS
Backends
- Supported: Oracle and flat-files
- No alarming possible with flat-files: rely on PL/SQL (available for most DBs)
- Postgres/MySQL support should be possible to add as internally LEMON is DB vendor independent
LEMON usage at CERN: 11K entities (8K machines), 5+ Knodes with 150-200 metrics
- Performance monitoring
- Application monitoring
- Infrastructure metrics: temperature, power...
- 5 core sensors covering 60% of measurements
- 1 LEMON server (+1 for historical data)
Quattor management of LEMON
- LEMON agent configured with ncm-fmonagent
- LEMON client configuration files signed with SINDES
Current activities
- Federation of instances (worked with MS)
- Virtual machines monitoring: Quattor used to generate images (golden nodes) leading to several VM instances sharing the same SINDES certificate
- Also customized sensors for hypervisors
- New LEMON web for better scalability and improved flexibility (more dynamic operations)
Future
- Consolidation of monitoring activities at CERNIT, including experiment support
- New DB schema for increased scalability
- DB data export for data mining
- Exception classification for alarming
- Remote instances (monitoring of remote T0)
- Probably integrating with Nagios for collection
- Interfacing to Nagios: interested by ideas/experiences
- Interfacing with Windows monitoring
LEMON development team at CERN: 1 to 1.5 FTE
- Enough for maintenance for CERN usage
- Not enough to do major reengineering: a problem as the use cases have changed
- Consolidating monitoring activities (and manpower) is one direction
- Interacting with other tools is the other direction
CMS Experience with Quattor - J. A. Coarasa Perez
CMS online computing infrastructure requirements
- Complete autonomy from CERN IT and network
- Myrinet core network
- Redundant services (2 different computing rooms distant of 200m), managed remotely from a central control room
- Fast configuration turnaround
- Ability to read from electronics at 100 kHz (100 GB/s)
- Computing power to do data selection (2 GB/s output): ~2500 cores
- Enough disk storage for 2 days: ~300 TB
- Spare computers for quick replacement in case of failure (~200)
Limited manpower: ~5 FTEs
Quattor is the core configuration management tool
- Computers installed through Quattor but not using AII
- Based on a (very) old Quattor version: 1.3
- panc 6
- RPM repositories hosted on NetApp filers with 6 SWrep servers
- Performance: 10mn for compiling the whole 2500 machines
- Time to deploy changes: ~10 mn (cdp notification used)
- Reinstallation of 1K machines in 1h 1/4
- Problem when SWrep servers were overloaded: spma timeout, no retry
Well defined template structure/layout (CMS specific) Some CMS-specific developments
- Dropbox for RPMs to allow people without Quattor expertize to update their SW in a traceable/reproducible way
- Buggy components requiring workarounds (in particular for configuration removal)
- Copy of configuration files to individual computers: copyd
- Network configuration derived from DNS
- RPMs used to create users
- Web frontend to CDB configuration: template summarizer (parsing part of the profiles according to CMS way of configuring systems)
- Software Update Tools: allow to update existing RPM in a group of computers (dropbox)
- Upgrade or downgrade
- Allows to rollback changes
- Allow to check the status of the update
- Perform checks on the RPM: already exists, not named properly...
- Cannot be used to add a new RPM to the configuration: need to request addition of a new RPM
- Only one person can run it at any time
- Ability to run commands on a set of computers selected based on the use of a given template (like a type)
Conclusions
- Quattor has been and is scalable to CMS needs
- Not always as flexible as we'd like...