page 30 - Legion - University of Virginia
Contents
1. The compatible hosts are aNewHost and BootstrapHost The host name gt parameter uses the hosts DNS name but the page 56 System Administrator June 20 2001 Legion 1 8 System Administrator Manual compatible host list uses the host objects context path ie hosts aNewHost f you do not specify any compatible host objects the new vaults list of compatible hosts will be empty and the new vault will be unusable The outputis similarto the 1egion starthost output and includes the new vault s attributes and LOID Two compatible host objects were added to the aNewVault s list of compatible hosts and the new vault was added to BootstrapHost and aNewHost s lists of compatible vaults You can use 1egion vault host list to add and remove hosts from a vault s list of compatible hosts see page 55 in the Reference Manual and you can add hosts to this list after creating the vault but if possible it is simpler to specify at least one compatible host when running legion startvault To add more than one host to the vault object s compatibility list just add the names of the host objects 11 4 1 legion_startvault flags Supported lt flags gt for legion_startvault are L lt SLEGION gt Specify LEGION for the vaults host default is the local LEGION value O lt SLEGION_OPR gt Specify LEGION OPR for the vault s host default is the local LEGION_OPR value A lt SLEGION_ARCH gt Specify the arc2. implementation implementation MetaClassObject linux 1 StatTreeObject linux 1 StatelessProxyClassObject linux 1 legion make backend linux 1 ttyObject linux 1 implementation implementation implementation implementation implementation The default context names for all implementation objects consist of a class name architecture and encoded architecture number names ending in 1 are the first implementation object of that architecture for that class You can create Implementation objects for a specific binary executable with legion create implementation The new implementation object is marked as usable whatever architecture you specify The syntax is legion create implementation binary path name architecture c lt class context name gt 1 class LOID gt c lt object context path gt nc v a lt attribute gt debug help Please see page 23 in the Reference Manual for a list of possible lt architecture gt values and explanation of the flags The new implementation object will be associated with the class object named in lt class LOID gt or lt class context path gt You must provide a path for the binary executable that will run on your specified architecture The new object will be assigned the context path impls lt class_name gt lt architecture gt unless you specify otherwise in the lt object context path parameter or use the nc flag The example be
3. legion register programa out home andrew my program t3e legion run home andrew my program Notice that the program was registered and run from the physical host In this case there was no need to specify which host executes my program but you can use 1egion run s h flag to specify a virtual host if necessary System Administrator page 71 June 20 2001 Legion 1 8 System Administrator Manual 15 0 Setting up a native MPI host If you or your users are running native MPI code through Legion via legion_native_mpi_run you will need to install one class and set certain properties on the host To install the class called legion_native_mpi_backend run legion native mpi init This will install itin class legion native mpi init lt architecture gt If you wish you can specify an architecture for which an implementation for this class can be registered You can run the command multiple times to specify multiple architectures To set native MPI properties on a host run the legion native mpi config host command legion native mpi config host lt wrapper gt If you wish you can specify a wrapper script that locates mpirun on the host If you do not the command will use the legion native mpich wrapper script which is for an MPICH implementation The script is in the HPC package in LEGION HPC src Tools MPI NativeMPl page 72 System Administrator June 20 2001 Legion 1 8 System Administrator M
4. 3 4 2 Create a new vault If the new host will not be compatible with your existing vaults create a new vault object with the legion startvault command legion startvault hosts Bootstrap There are several flags that you can use to set LEGION LEGION OPR architectures etc Please see page 43 in the Reference Manual for more information about this command See page 56 for more information on new vaults 3 4 3 Create a new host Use the 1egion starthost command to create a new host object on the desired host For example to start a new host object on MyNewHost you would enter legion starthost myNewHost DNS name vaults BootstrapVault hosts myNewHost The same command with B will start a new PCD host object legion starthost B PCDUnixHost MyNewPCDHost DNS name vaults BootstrapVault hosts myNewPCDHost 6 See rpc lmountdand rpc lnfsdinthe Reference Manual on page 109 for more information about NF S mounted Legion Systems page 22 System Administrator June 20 2001 Legion 1 8 System Administrator Manual See also page 59 for more information on adding PCD hosts The same flag can be used to start a new batch queue host object You ll need to update the host object s attributes to include the queue type legion starthost B BatchQueueHost MyNewBOHost DNS name vaults BootstrapVault hosts myNewBOHost legion update attributes hosts myNewBQHost a host queue t
5. mapping file name gt lt Unix user id 7 1 owner LOID gt c owner context path gt debug help The host object is named in the nost object LOID gt Or host object context path parameter The user s Legion user id can be given in the 1 owner LOID gt c owner context path gt parameter or listed in a file this parameter designates the ownership ofthe Unix user id so that when a Unix user creates Legion processes on the host object the processes will automatically run under the proper Unix user id If the Legion id parameter is left empty the Unix user will be treated as a guest user This command does not create a new Legion user id use the legion create user command to create an id if necessary Alternatively you can create a local mapping file that contains a list of Unix Legion account mappings This file contains a list of Unix user ids one per line and any corresponding Legion user ids There is no limit on the number of mappings that can be listed If no Legion account is named the account will be treated as a guest account Suppose that you want to map three accounts one guest account and one each for your Unix users J ohn and Lucy The mapping file below shows how to do this guest unixLucy c users lucy unixJohn c users john Of you could do this from the command line The examples below map the accounts for a PCD host object called myPCDhost Legion add host
6. 2001 Legion 1 8 System Administrator Manual Getting help E mail Contact Information On Line Help page 80 Please contact us at one of the addresses listed below if you have trouble with the system Please be sure to include any relevant information about the state of your system before and during the problem We would greatly appreciate hearing from you whenever you find errors or bugs in Legion so that we can avoid similar problems in future releases For bug reports help and general Legion information please send an e mail message to legion helpQ virginia edu gt Legion Group Department of Computer Science School of Engineering amp Applied Science University of Virginia 151 Engineer s Way P O Box 400740 Charlottesville VA 22904 4740 http legion virginia edu fax 434 982 2214 A variety of technical notes reports and on line tutorials are available on the Legion web site at lt http legion virginia edu gt System Administrator June 20 2001 Index Symbols legionrc A ACL about changing changing object permissions adding users to a system admin about the admin user creating admin user AuthenticationO bject creating password storage recreating user id B backup vaults batch queue host objects binding C changing user passwords class mandatory member functions collection object adding resources listing current resources parent collection removin
7. host object can execute when it receives a request to activate or create an object An implementation object or the name of an implementation object is transferred from a class object to a host object to enable the hostto create processes with the appropriate characteristics For more information on the Legion core objects please see Core objects page 144 in the Developer Manual System Administrator page 43 June 20 2001 Legion 1 8 System Administrator Manual 10 0 Implementation model When a user asks a class object to create an instance on another host the class must do the following e Determine what kind of architecture the new host has Contact the correct vault object to request persistent storage space Assign the new object a LOID and an Object Persistent representation Address OPA see Object states pg 135 in the Developer Manual for further information and Contactthe correct hostobjectand ask itto startthe new objecton the host using a particular implementation object Figure 7 shows the different steps in the procedure Host Figure 7 Legion object creation a Cost object ce A requested host ke 4 HostObject Legion system N User Vault o ClassObject vault object tones 3 1 User wants to create an instance on a particular host 2 Class contacts a vaultobject 3 Vault passes the new instance s OPR OPA to
8. account hosts myPCDhost guest legion add host account hosts myPCDhost unixLucy c users lucy legion add host account hosts myPCDhost unixJohn c users john In John s case a mapping for unixJohn would be created on myPCDhost and john would be its owner When J ohn logged in to his Legion account asks to runs a process on myPCDhost the PCD demon will automatically execute it on his unixJohn account If on the other hand you did not name J ohn as the account owner legion add host account hosts myPCDhost unixJohn System Administrator page 63 June 20 2001 Legion 1 8 System Administrator Manual A guest mapping for unixJohn will be added If any Legion user who does not already have a mapping runs a process on myPCDhost he or she will run under a guest account that is not currently in use If John runs a process on myPCDhost the process will execute on a guest account not the unixJohn account 12 2 2 Removing an account The legion remove host account command removes one or more account mappings from the host object s list of available accounts legion remove host account 1 host object LOID gt 7c host object context path user id debug help As with 1egion add host account the user id parameter is the user s Unix user id If no host is named in the host object LOID gt lt host object context path parameter your current host objectis the default 12 2 3 View
9. and have mode 0640 grant read permissions to the group Be sure to set the file s group to a group that contains the Legion system administrator E g chgrp legion group etc LegionUsers where legion group is the group that the system administrator s account belongs to System Administrator June 20 2001 Legion 1 8 System Administrator Manual Create the Unix file etc LegionClients List the user ids that will be able to connect to the daemon This should probably contain a single user id the account that the UnixHostObject is running on This file must be owned by root and have mode 0640 grant read permissions to the group Be sure to set the file S group to a group that contains the Legion system administrator E g chgrp legion group etc LegionUsers where legion group is the group that the system administrator s account belongs to Copy the executable program procControl d into letc procControl d in your Unix directory This executable file can be obtained from the local Legion administrator It resides by default in LEGION bin LEGION ARCH procControl d under the home directory of the Legion administrator Make sure that etc procControl d has mode 0500 Restart inetd killall HUP inetd Run pcdCheckConfig to make sure that all is well This binary executable checks that procControl d has a valid configuration If the configuration is incorrect the host object will not functio
10. classes also start instances in the new system but are not bootstrap class objects BindingAgentClass parents binding objects CommandLineClass parents command line objects etc Like legion startup the legion initialize script will provide prompts asking whether or notto perform each task and it is generally best to use the yes to all option v To initialize Legion enter legion initialize The output shows the system creating and tagging the key ingredients ofa new system Itis too long to reproduce in full here but we ll look at some selected actions Creating host object BootstrapHostObject on your current host name Continue y yes Y yes to all n no N no to all v verbose V verbose all Y Configuring wellknown binaries for host 1 01 07 0100 The first line shows the system creating a bootstrap host object on your current host a host object manages a host so the bootstrap host object manages the bootstrap host System Administrator page 17 June 20 2001 Legion 1 8 System Administrator Manual Creating vault object BootstrapVaultObject on your bootstrap host name Setting BootstrapHost and BootstrapVault restrictions Added 1 host s to vault s compatibility set Added 1 vault s to host s compatibility set A bootstrap vault object is automatically created on your current host a vault object manages a vault which stores Legion object s permanent states This guarantees t
11. config scheduler Utility configures a basic Legion scheduler s helper objects Use itto assign a particular collection and enactor to a basic Legion scheduler or vice versa It can also be used to query which helper objects have been set for a basic Legion scheduler The example below shows the LOID of the default scheduler object s enactor legion config scheduler etc DefaultScheduler eget enactor Current enactor is 1 36baeb09 66000000 01000000 00 System Administrator page 77 June 20 2001 Legion 1 8 System Administrator Manual 17 1 2 Setting a class s default scheduler This legion_set_scheduler command sets a specific class s default scheduler The class will then use its assigned scheduler object to determine which hosts and vaults should manage its instances i e determine placements for the class s instances The example below sets SchedulerFoo as the default scheduler object for ClassFoo legion set scheduler class ClassFoo SchedulerFoo All of C1assFoo s instances will be placed with SchedulerFoo 17 1 3 Setting scheduler policy The 1egion set scheduler policy command sets a class object s policy for using its default scheduler There are two policy options which determine whether or not the class uses its default scheduler if the scheduler objectis not active Depending on its type a class may require a policy which does not use an inert scheduler If not classes should have a default p
12. connect with other domains i e you must be logged in as users admin 16 2 Domains and binding services To locate an object in another domain you must contact the domain s binding services which can then track down the object s LOID and location However if you know the domain s LegionClass s binding i e the LOID and Object Address of the domain s metaclass you can find the domain s binding services System Administrator page 73 June 20 2001 Legion 1 8 System Administrator Manual You canuse the legion_print_config tool to display your current domain s LegionClass binding legion print config LegionClass Configuration LOID 1 35e09dfb 01 000001fc0b347 OA 128 143 63 50 6384 903989954 The LegionClass s binding is found in a file called LegionClass config in each domain s LEGION OPR directory The LegionClass config file is a LegionBuffer however and to mask the data format of the file s contents the file is accompanied by a file called LegionClass config LegionStorage MetaData If the metadata file is not present the LegionClass config file may be unreadable 16 3 Joining domains page 74 Legion domains can be combined together to form larger systems with legion combine domains This tool connects your current domain i e the one in which you execute the command to a specified target domain If other domains have already been connected to either your current domain or to the target
13. option only if you are searching for a problem To start the main core system objects enter legion startup Legion will startseveral classes on your host The output shows major class objects starting up legion startup Starting meta class object LegionClass Continue startup y yes Y yes to all n no N no toall v verbose V verbose all Y System Administrator June 20 2001 3 3 4 Initialize Legion 1 8 System Administrator Manual tarting meta class object BootstrapMetaClass tarting class object DefaultBindingAgentClass tarting class object CommandLineClass tarting class object UnixHostClass tarting class object UnixVaultClass tarting class object DefaultImplementationClass tarting class object DefaultImplementationCacheClass tarting class object DefaultContextClass SKCC enabled Done with DefaultContextClass Legion first time system startup complete NNNNNNWNN The first object created LegionClass is the highestlevel metaclass the meta metaclass and the parent of every other object in the system The next object BootstrapMetaClass is the class object for bootstrap class objects i e class objects whose instances must be created in the initialization phase The bootstrap class objects are UnixVaultClass UnixHostClass UnixlmplementationC lass UnixlmplementationC acheClass These are started up a bit further down as the output shows The next new
14. scripts in the LEGION HPC bin QueueManagementScripts directory The above command tells the host to look in LEGION HPC bin QueueManagementScripts LoadLeveler If the queue type attribute were setto Codine instead the host would look forthe queue man agement scripts in LEGION HPC bin QueueManagementsScripts Codine The appropriate corresponding directory must be in the host s LEGION HPC bin QueueManagementScripts directory It should contain the following queue management scripts legion proxy queue load legion queue cancel legion queue load legion queue status legion queue submit e These scripts should have execute permissions set for the user id that will be running the BatchQueueHost If all of this is set up correctly the host should be calling the local scripts If objects are still not being created correctly there may be a problem in the scripts You can geta better idea of whether or not the local scripts are being called and what they re doing by looking in the log file maintained by the scripts look in LEGION OPR Legion BatchLog You ll find this log on the host where the BatchQueueHost object is running If the logs indicate that the scripts are never called there may be a scheduling problem There is also a six minute delay after you add a new host to the system before which it will not be selected for scheduling so you may need to wait a few minutes before you can test a new batch queue host System A
15. see page 21 l Core This is the basic Legion package and the minimum for running a Legion system It lets you start up and shut down Legion work in context space run Legion security etc Software Development Kit SDK This contains development oriented tools and libraries such as the stub generator Legion Grid library LegionArray library etc This package is not necessary if you aren t planning on writing Legion applications High Performance Computing HP C The HPC module lets you run your programs in Legion It contains PVM and MPI tools the two dimensional FileObject interfaces J obProxy and J obQueue objects batch queue class and host object and legion run and legion run multi Extra This adds functionality to the basic Legion package It contains the round robin scheduler simple k copy class SKCC process control daemon host objects etc It is not necessary but it gives you more control over your objects You must have the HPC package in order to use the Apps package Applications Apps The Apps package also extends the basic Legion package The current version gives you more flexibility in moving files between Legion and your desktop via legion export dir and the Legion FTP daemon 2 2 Space requirements Y ou will need about250 300MB offree disk space and atleast 256MB virtual memory we suggest 512MB if possible on your bootstrap node in order to run Legion 2 3 Software requirements You mu
16. the class object 4 Class passes a LOID and OPA to a host object and tells it to start the new instance on the page 44 When a class object asks a hostobject to start an instance Figure 7 step 4 it gives the host object the LOID for an appropriate implementation object An implementation object typically contains executable object code fora single architecture and operating system platform as well as any other information that might necessary for instantiating an object on a particular host object J ava code Perl script etc There are different implementation objects for different architectures and each class maintains implementation objects for all ofthe architectures on which it might run its instances The host must have a copy of a appropriate implementation object in order to start the instance System Administrator June 20 2001 Legion 1 8 System Administrator Manual Figure 8 The implementation cache object Host Alpha ClassFoo Host Beta Implementation ObjectX qt 1 Class Foo tells Beta to create instance Foo using ImplementationO bjectX 2 Beta asks its Implementation Cache Object to find a copy of ImplementationO bjectX 3 Cache finds copy of ImplementationO bjectX in the vault 4 Beta runs its copy of ImplementationObjectX to activate instance Foo Implementation Cache 1 YD i Vault binary copy Figure 8 shows how the h
17. use the core objects Setting ACL for class AuthenticationObjectClass class Setting ACL for class BasicFileClass class Setting ACL for class BasicSchedulerClass class etc All acls set System Administrator June 20 2001 Legion 1 8 System Administrator Manual You have successfully logged out When all necessary ACLs have been set you are logged out At this point security has been enabled and is running You must now log in as users admin legion login users admin Password xxxx Legion s security is now enabled For more information about security see About Legion security on page 30 and Using security features on page 35 3 3 6 Starting up other packages 3 4 3 4 1 Starting a Setup The steps outlined in sections 3 3 2 3 3 5 initialized only the Legion package If you are using any others you must initialize them by hand by running the appropriate legion init module name gt tool If have run legion init security Legion security will automatically be enabled in each package when you initialize it Due to internal dependencies you need to initialize in a specific order HPC Extra and Apps So if you have all of the packages you would run the following tools in this order legion init HPC legion init Extra legion init Apps multihost system This is a two part process First you have to have a running single host system as laid
18. 0 1 Implementation cacheS c eso cres EN Cao real 45 10 2 Implementation tools ci med xr Abe ci ea hoa x eds 46 11 0 Hostand vault objects 49 11 1 About host vault DATES cht stri IA RETI tee cou anni Go 49 11 2 Manipulating host vault pairing 51 11 3 Adding a New NOSE xai cee sd eed EROR ee e ee VES 52 11 3 1 legion starthost Mags ache S d Ade rs Ses 54 11 3 2 The hostobjects 109 a iate eet teta Yee 56 11 4 Adding a new Vault cole Ves ENG Ret eh ot Ely eek ad 56 11 4 1 legion startvault fags c eduardo 57 11 5 Backup Vaults 2255 s ox Ro Mtoe e ER ERO age eG OY ne 54 page 4 System Administrator June 20 2001 Legion 1 8 System Administrator Manual 12 0 Process control daemon host objects 59 12 1 Adding a PCD hostobject o seam E tee e Pata 59 12 1 1 Configure the daemon ioo ext Pee reae etn 59 12 1 2 Start the daemon and the host object sses 61 12 2 PCD OSU COMIMGNOS ors ott rH ie ute e Ratte t EO Rt ed 62 12 2 1 Adding a NEW aCCOuUnt aee rta e evi olive RUE 62 12 2 2 REMOVING an account it oio e n cadi in 64 12 2 3 Viewing available accounts eene 64 12 3 How the PCD hostobJect WOrks ora eec re o ads 64 12 4 Using a PCD host as your bootstrap host 65 13 0 Batch queue host objects 66 13 1 Starting a batch queue hostobject 66 13 2 Setting the local queues i tote ee eco Pn hae ee Sek holy 66 13 3 Before running objects on the n
19. 1 YD d Vault binary copy 10 2 Implementation tools page 46 When new host objects are added the 1e6gion init arch tool will register implementation objects of that architecture for commonly used classes and objects The tool is run on the new host so as to create the objects in the proper place The sample below was run on a Linux host legion init arch Initializing Legion implementations for linux Creating an implementation ContextObject for ContextClass Continue y yes Y yes to all n no N no to all v verbose V verbose all Y Creating an implementation MetaClassObject for LegionClass Creating an implementation ClassObject for VanillaMetaClass Creating an implementation BindingAgent for BindingAgentClass Creating an implementation BasicFileObject for BasicFileClass Creating an implementation ttyObject for ttyObjectClass Creating an implementation StatTreeObject for StatTreeClass System Administrator June 20 2001 Legion 1 8 System Administrator Manual You can see existing implementation objects in the impis context legion ls la impls context ey context AuthenticationObject linux 1 BasicFileObject linux 1 BatchQueueClassObject linux 1 BindingAgent linux 1 implementation ClassObject linux 1 implementation implementation JobProxyObject linux 1 implementation
20. 3 5 Making a set up script for users 24 4 0 System shutdown 26 4 1 Shutting down an insecure system 26 4 2 Shutting down a secure system 26 5 0 System restart 27 System Administrator page 3 June 20 2001 Legion 1 8 System Administrator Manual 6 0 Summary of commands 28 6 1 Starting a new system ane veh baci vao eee oe EUR sa 28 6 2 Start working in a running system 28 6 3 SHOW Se anle et ae ores d D ee ct Perea iMac SA 29 6 4 Restat vivis poro X ud wr ed dad ass iaces ud a 29 Legion security 7 0 AboutLegion security 30 7 1 Message layer dus eec ate duals tat Re INTE erage a ELE means 30 7 2 Mayl layer issi civ eEmRI deran en UE anf bd d ENS 31 7 3 Special implications of security 224 52 2 ravi xr REOR REG 33 7 4 Legion and Kerberos c e es c RE Educa sa 33 7 5 DE SSION MIC a ovas ERR e a are R DEI ptas 34 8 0 Using security features 35 8 1 Authentication objects cue vid ovy es e eke RAS 35 8 2 Security and context space 36 8 3 Creating neW Us BES ust var bites da va romane E PES 37 8 4 Logging N USerS sosanna 38 8 5 Changing user passwordS 5 fuso rbv ac e I ER 38 8 6 Changing implicit parameters and ACL information 38 Legion system management 9 0 Legion core objects 42 9 1 Core Objects Classes eraren pne V NOS ao Roe EO Qe o Sea ee 42 10 0 Implementation model 44 1
21. 6 3C and DARPA GA SC H607305A June 20 2001 Legion 1 8 System Administrator Manual Before you start 1 0 Introduction 7 1 1 Abouttnis manual ex bee Rx Rc e x os 7 1 2 Style conventioliS o ox cre e EE ERO OR bebe ted 7 1 3 ADOUE LEJON 2 aas as sue ages 1i RISE sia hasa liata ata eee dodi 7 Installing and running Legion 2 0 Downloading Legion 1 8 8 2 1 Legion SCIE sca ste act aiie eSNG Fa od ha ba eae ha arati 9 22 Space requirements rosso ved rdv Rp eae IDE ES 9 2 3 Software requirements 00 cee cee eee 9 2 4 RSA and OMENS 5L os cet Ut Ra ete ubt 10 2 5 Downloading binary files 6424 doge ce pote most uni passe 10 3 0 Starting a new system 12 31 Before you stat Las d pere RS IR UP age ds 12 3 2 Setup the environment 224249 ra kh o Ra anne as nt 14 3 3 Starting a single h st Systelti asco EE yes LNSCR ROUGE 15 3 3 1 Choose a bootstrap NOSE oos eit id Dn itt IW ert 15 3 3 2 Setup and configure suc wit eel ain ive 15 3 3 3 SATE UD rende cea ee Maerua ed laa Dates 16 3 3 4 lm ae Cab Ado uo d M haat eS needa es 17 3 3 5 Sel SOCUNL xe ec te acta n ree eo el ERU pct Gre da eee 19 3 3 6 Starting up other packages sos etate re rr 21 3 4 Starting a multihost system iac epus ce REGE Pu NDA 21 3 4 1 UT u1j oU 21 3 4 2 Create a new Vault iuc D RU V IY RE YR 22 3 4 3 Create a new OS E ns ER YER ED eR vus 22 3 4 4 Adding new users to a secure net 23 3 4 5 Working in the NeW net o assem secet dene bv teg Ulead tue td 24
22. E Legion root dir path setenv LEGION OPR Legion OPR root dir path setenv OPENSSL INC OpenSSL installation directory include setenv OPENSSL LIB OpenSSL installation directory lib source SLEGION_HOME legion_profile csh Go to the start up host and run the start up command legion startup Do not rerun legion initialize The objects created when you first ran itare still in the system justin an inertstate until the system is restarted They will be reactivated and their state reloaded as necessary A summary of restarting is on page 29 System Administrator page 27 June 20 2001 Legion 1 8 System Administrator Manual 6 0 Summary of commands 6 1 Starting a new system I Set the following environment variables LEGION_HOME LEGION OPR OPENSSL LIB and OPENSSL_INC Run the legion profile c sh script page 14 Start and initialize the system page 15 LEGION HOST BIN PCDUnixHost Ifusing a PCD hostas bootstrap legion setup state legion startup legion initialize If desired start security page 19 You must login in as admin after running legion init security legion init security legion login users admin Start other packages as necessary page 21 legion init HPC legion init Extra legion init Apps 6 2 Start working in a running system I page 28 If the Legion environment has no
23. E OPR for the OPR root directory path 3 3 Starting a single host system You must have the Legion module on your bootstrap host in order to start a new system Once you ve untarred it see page 10 you ll need to configure start and then initialize the new system Y ou ll use three commands legion setup state legion startup legion initialize 3 3 1 Choose a bootstrap host The bootstrap host is where you start and shut down your system It must be able to hold TheLegionClass object the rootof the Legion binding mechanism and the parent class of many metaclasses and e the LEGION OPR LegionClass config file This file will be created on this host and will contain the LegionClass object address which must be globally known to all Legion objects The file must be available when other objects are started in the system If you choose a PCD hostas your bootstrap the start up procedure is Slightly different than for a basic host object 3 3 2 Setup and configure You must first set up the initial state for core Legion system objects Legion system objects are persistent and can save and restore their own state Some of these objects must have their state initialized before they run for the first time After the initial start up these objects will manage their own state and configuration ifthe system is properly maintained 4 Once fully operational Legion does not automatically sh
24. Legion 1 8 System Administrator M anual The Legion Group Department of Computer Science School of Engineering amp Applied Science University of Virginia 151 Engineer s Way P O Box 400740 Charlottesville VA 22904 4740 legion virginia edu http legion virginia edu Copyright 1993 2001 by the Rector and Visitors of the University of Virginia All rights reserved Permission is granted to copy and distribute this manual so long as this copyright page accompanies any copies The Legion system software herein described is intended for research and is available free of charge for that purpose Permission is not granted for distributing the Legion system software outside of your site In no event shall the University of Virginia be liable to any party for direct indirect special incidental or consequential damages arising out of the use of the Legion system software and its documentation The University of Virginia specifically disclaims any warranties including but not limited to the implied warranties of merchantability and fitness for a particular purpose The software provided hereunder is on an as is basis and the University of Virginia has no obligation to provide maintenance support updates enhancements or modifications This work partially supported by DARPA Navy contract N66001 96 C 8527 DOE grant DE FD02 96ER25290 DOE contract Sandia LD 9391 Northrup Grumman for the DoD HPCMOD PET program DOE D459000 1
25. Manual 3 4 5 Working in the new net Users can work in an insecure net by entering source path to globally visible setup script setup sh csh Users can work in a secure net by entering source path to globally visible setup script setup sh csh legion login users user name Please note that neither of these procedures will open a separate shell 3 5 Making a set up script for users page 24 We strongly suggest that Legion system administrators use a set up script for users to source when starting work in Legion In version 1 8 and forward Legion will automatically generate a setup script called setup clsh in your LEGION OPR directory when you run legion initialize lt contains information about your Legion environment variables and should be run before you start working in a new shell You can edit the script as necessary and distribute it to other users in your system You can also run the 1egion make setup script command to generate a set up script The usage is legion make setup script 7o script basename gt OPR OPR dir name gt L lt SLEGION dir name gt debug help Supported options are o lt script basename gt Specify the basename for the resulting setup scripts LEGION_OPR setup is the default This command will generate two setup scripts one for bin sh derivative users and one for csh derivative users The scripts will be named lt basename gt
26. anual 16 0 Legion domains Legion supports the concept of linking together discrete Legion systems Previously systems were isolated entities objects running in one system can not communicate with objects running in another system Now Legion treats an individual system as a domain a domain contains all features necessary for running any Legion application and can be run autonomously However multiple domains can be combined to form a larger virtual machine Objects created in one of these domains can communicate with and use the services of other objects in connected domains 16 1 Naming Legion domains A domain is automatically assigned system level a domain identifier when itis first created i e when a new Legion system is configured with the legion_setup_state command The domain identifier is a variable length field of bytes It is embedded into the second field of all of its LOIDs For example the domain below has a one byte domain id c8 1 c8 07 0800000 000001 A different domain has a four byte domain id 35d82a07 1 35d82a07 05 03000000 All class objects in a domain will use the same domain identifier when assigning new objects LOIDs You can specify the identifier if legion setup state is run interactively with i Otherwise Legion will selecta four byte domain id Once the domain id has been assigned it cannot be changed You must have root user privileges in your current domain in order to
27. ass s context name default is class UnixHostClass This command creates a new host object on the specified host object It selects the following additional default values for the new object LEGION OPA LEGION OPR Host HOST OPA binary path LEGION bin LEGION ARCH UnixH ostO bject The OPA Object Persistent representation Address is used to track a specific OPR O bjectP ersistent R epresentation the inert state of an object in this case the OPA will representthe persistent state of the new host object The binary path is the remote path of the program that will start the new host object on the new remote host l e itis a path on the remote host These flags and defaults need to be carefully considered when adding new hosts and vaults to your system If the new host has a different architecture or a different directory structure use A 1 or o to specify these parameters The B flag allows you to specifies the basename of the executable host program that will be started on the target host this file should be located in the target host s LEGION bin LEGION ARCH directory Note that a single class can manage instances with different implementations as long as all of the instances support the same interfaces e g there are two implementations for class UnixHostClass UnixHostObject and PCDUnixHost The u flag allows you to specify a Unix user id for the new object so that a system administrator can add host o
28. at communications between Legion objects are secure The Mayl layer is responsible MayI Layer Figure 5 Legion security model for access control and it Messe Tour determines what objects or users are allowed to call a particular object s methods It also relies on the message Object 2 layer for some services such as encrypting rights certificates 7 1 Message layer The message layer intercepts every message that is sent from or received by an object For outgoing messages the layer uses the implicit parameters associated with the message to determine what security measures to apply Implicit parameters here are similar to Unix environment variables although their values are not restricted to strings An outgoing message can be sent in three ways in the clear in protected mode or in private mode When a message is sent in the clear no encryption or other security processing is applied to the body of the message An eavesdropper can extract any information from the message and if certificates are included explained below it can use them in constructing fraudulent methods calls In protected mode the body of the message is not encrypted However any certificates sent with the message are encrypted as are the tags uniquely identifying the method call with which this message is associated The body of the message is cryptographically digested These transformations yield several guarantees First the ce
29. atthe class s instances should notrun on BatchQueueHosts This is based on the conservative assumption that any class can run on interactive hosts but not all classes can run on batch hosts To allow instances of your class to run on BatchQueueHosts you can just remove this attribute legion update attributes class my class d desired host property interactive 13 4 Troubleshooting If you are having trouble creating objects on a BatchQueueHost there are several points of possible trouble First be sure that you ve removed the problem class s interactive desired host property section 13 3 If you still have trouble you may have a misconfigured hostobject Check the following points to be sure that your hostobject is set up correctly e The right queue type attribute should be set on the host You can use the legion list attributes command to check this legion list attributes c hosts my host host queue type If the output shows the wrong queue type or no queue type run legion update attributes to set host queue type correctly For instance if the host uses a LoadLeveler queue you could run the following legion update attributes c hosts my host a host queue type LoadLeveler page 67 System Administrator June 20 2001 page 68 Legion 1 8 System Administrator Manual This queue type attribute points the host object to the location of the local Legion queue management
30. ault object or by getting permission to use a currently existing vault object Figure 13 below shows how this might work Jane creates HostObject4 on Host 4 and VaultObjectB on Vault B HostObject4 wil manage her Legion work on Host 4 and VaultObjectB will manage the persistent storage of HostObject4 s object System Administrator June 20 2001 Legion 1 8 System Administrator Manual Figure 13 Adding new resources to a Legion system 4 Jane s Legion system E Hostl Host4 Ne brc E Bootstrap Hot 7 represents Host Object4 represents C vata Vault B Bootstrap Vault represents Vault ObjectB represents T gt gt Assuming thatthere are no conflicts in architecture environment etc you can add a new hostto your system with the 1egion starthost command and a new host object will be created on the new host using the current environment values of LEGION and LEGION_OPR There are a variety of options in case the new host has a different architecture or different Legion environment variables or if you need to specify a different user id This process will be discussed in section 11 3 11 2 Manipulating host vault pairing The legion_host_vault_list command manipulates a given host object s list of compatible vaults Its usage is legion host vault list 7c host context path 1 host LOID gt a d t lt vault1 gt lt v
31. ault2 gt lt vaultn gt p debug help The example below lists the compatible vaults for Boot st rapHost Note the use of p this signals that the list should be printed to standard output legion host vault list hosts BootstrapHost p COMPATIBLE VAULT LISTING AUN 1 01 03 3c553908 000001 c0bb4fefl2ecf6cc es 1 01 03 3db53908 000001fc0dd5621fadf70b0 am 1 01 03 3eb53908 000001fc0d6e9041e262126 There are three vaults listed here use legion_list_names to see their context names see page 31 in the Reference Manual System Administrator page 51 June 20 2001 Legion 1 8 System Administrator Manual The legion_vault_host_list command manipulates a vault s list of compatible host objects legion vault host list c vault context path 1 vault LOID gt a d t lt hostl gt host2 lt hostn gt 7p debug help The example below shows BootstrapVault s compatible hosts legion vault host list vaults BootstrapVault p COMPATIBLE HOST LISTING AK 1 01 07 3cb53908 000001fc0c29636eee98d am 1 01 07 3eb53908 000001fc0d9b155044fb5 Both of these commands can also add and delete compatible hosts or vaults with a and a For example to remove aNewVault from BootstrapHost s list of acceptable vaults and then see the adjusted list you would enter the following legion host vault list hosts BootstrapHost d vaults aNewVault p De
32. bject batch queue host objects batch queue hosts System Administrator 21 32 38 24 72 72 72 38 74 78 64 79 38 40 78 78 16 22 53 54 16 22 56 57 52 37 73 73 75 74 76 76 75 73 10 10 77 52 66 page 81 June 20 2001 about setting local queue starting troubleshooting host object s log host objects host vault compatibility host vault pairs native MPI host PCD hosts about adding adding new account as bootstrap host commands configure the daemon how it works removing account starting starting the daemon viewing available accounts virtual hosts implementation caches implementation model implementation tools implicit parameters manipulating installation security setting starting single host K Kerberos support keys public and private L Legion about core object model documentation downloading legion_init_security running LegionRC LegionRC file logging in admin users M Mayl message layer changing security mode MESSIAHS page 82 66 66 66 67 56 49 49 49 52 72 59 59 62 65 62 59 64 64 61 61 64 69 33 31 30 31 32 30 31 78 Legion 1 8 System Administrator Manual MPI setting up a native MPI host O object address OA or LOA object creation procedure object mandatory member functions OPA OpenSSL OPR P parent collection password assigning changing storage PCD hosts about adding addi
33. bjects to another user on the same Unix system This can be useful should you wish to create a guest user id that has limited access privileges to the new hostor if you need to work under a different user id on the host The c flag allows you to start an instance of a different class so that users can create new host classes and have more flexibility in managing their resources Legion currently comes with only one host class UnixHostClass but users can add more host classes as necessary either by creating instances of the UnixHostClass or by writing new classes If the new hostobjects architecture is not the same as the current host object s architecture you should run the 1egion init arch tool in order to create implementation objects to match the new architecture see section 10 0 for information about implementations and section 10 2 for information about running this command System Administrator page 55 June 20 2001 Legion 1 8 System Administrator Manual 11 3 2 The host object s log Legion maintains a log containing information aboutall processes that are executed on your host objects in the LEGION OPR directory Each host object has a separate log called LEGION OPR host object name log The log includes information about the process s LOID owner if applicable binary executable OPR status and start stop times 11 4 Adding a new vault Starting a new vault is similar to starting a new host object The legi
34. ble a wide enough range of policies to be implemented this philosophy effectively eliminates the danger of imposing inappropriate policy decisions and opens up a much wider range of possibilities for the applications developer 9 1 Core objects classes page 42 There are six core objects LegionClass LegionBindingAgent LegionHost e LegionVault e ContextObject ImplementationObject From these the core class types hosts vaults and binding agents are derived The core classes set the minimal interface that the core System Administrator June 20 2001 Legion 1 8 System Administrator Manual objects export Every core objectis an instance of a class thatis itself eventually derived from one of the core object classes LegionClass The LegionClass object is the common unit of the Legion system The core LegionClass provides the fundamental characteristics and object mandatory functions of all Legion objects There is only one LegionClass object in a system LegionBindingAgent Binding agents are Legion objects that map an object s LOID to its LOA Legion Object Address A LOID LOA pairis called a binding Binding agents cache bindings and organize themselves in hierarchies and software combining trees in order to implement the binding mechanism in a scalable and efficient manner LegionContextObject Context objects map context names to LOIDs allowing users to assign arbitrary high level string
35. ble to qualified educational research and commercial customers However we ask that any interested users submit the following information 1 Your full name e mail address phone number and mailing address 2 Your organization or university s full name and if applicable line of business 3 A brief description of what you wish to do with Legion applications you wish to use or develop research you wish to pursue etc This will be used to determine appropriate licensing agreements only and will not be distributed or sold to any outside parties Please send it via e mail to lt legion virginia edu gt 1 Wehave previously supported SGI Workstations IRIX 032 build sgi 032 butitis notavailable in this release Please contact us at lt legion help virginia edu gt if you have any questions 2 TheHPUX 11 platform is available upon request We will include an HPUX 10 platform in a future release page 8 System Administrator June 20 2001 Legion 1 8 System Administrator Manual If you are interested in a corporate license Avaki lt www avaki com gt is the corporate distributor of Legion software 2 1 Legion structure As of version 1 8 Legion has been restructured It is now split into packages This change does notaffect any tools or contextspace but you may need to update paths in makefiles or change library paths from previous Legion versions You need to run extra commands to start up some of the packages
36. ccompanying vault you must change the following file permissions on the node that is actually running the PCD host LEGION OPR should be setto 755 LEGION OPR LegionClass config should be set to 644 LEGION OPR BootstrapVaultOPR should be setto 777 If your bootstrap host is a PCD host LEGION OPR vault name OPA should be set to 777 If the bootstrap host is not a PCD host The LEGION home directory is set to mode 755 These changes should be made by the Legion administrator A PCD host object will behave very much like a normal Unix host object so most users do not need to know whether or not their processes are running on one or the other 12 2 PCD hostcommands There are three Legion commands for PCD host objects l legion add host account for adding new accounts to the list of available accounts 2 legion list host accounts for viewing the list of available accounts and 3 legion remove host account for removing an account from the list of available accounts 12 2 1 Adding a new account The 1egion add host account command adds a mapping between a Legion account and a Unix account and adds this mapping to a PCD hostobjects list of available accounts page 62 System Administrator June 20 2001 Legion 1 8 System Administrator Manual The user s Unix userid is named in the lt Unix user id gt parameter legion add host account 7 1 host object LOID gt c host object context path f
37. collection can have more than one subcollection and a subcollection can have more than one parent as well as its own subcollections A parent runs one or more MESSIAHS type queries on a subcollection see page 51 in the Reference Manual for query string examples To create a parentsubcollection arrangement use the legion add sub collection command You must specify a parent and a subcollection both collections must already exist Y ou can also specify a query to be started by the parent on the subcollection If no query is specified the default value of true will be used You can run this command multiple times to start multiple queries on a single subcollection You can use the collection update frequency secs attribute to adjust how often a collection polls its resources The default setting is 300 seconds Use the legion_update_attributes command legion update attributes c etc Collection collection update frequency secs 600 This will set the default collection to update itself every 10 minutes There are two other subcollection commands legion list sub collections which displays your existing parent subcollection relationships and queries legion remove sub collection which can be used to stop specific queries or to end a parent subcollection relationship Please see section 2 6 in the Reference Manual for more information about using these commands System Administrator page 79 June 20
38. d restarted If you are using security you should decide who will be the admin the system administrator The system should be started up by the admin since he or she will have special privileges on the core objects created in the new system These privileges do not extend to other users objects however What kind of host objects will you be using Options include a Basic host object it resides on its host and manages and guards its host s resources This is the template for the other host objects See Host and vault objects on page 30 in the Basic User Manual for information on basic host objects In this manual see section 11 0 starting on page 49 for a discussion of host vault pairings and adding new hosts PCD host object it resides on its host manages and guards its host s resources and uses a process control daemon to regulate ownership of all Legion processes executed on that host If you use a PCD host as your bootstrap host the start up process will be slightly different For more information please see P rocess control daemon host objects on page 59 The daemon requires root privileges to start and to run The PCD host object is useful if outside users will be running processes on your host but can only be used if Legion security is enabled Each user s processes will be tracked and accounted for System Administrator page 13 June 20 2001 Legion 1 8 System Administrator Manual c Batch qu
39. dministrator June 20 2001 Legion 1 8 System Administrator Manual 14 0 Virtual hosts To support the use of resources for which there is no full port of the Legion system Legion supports the notion of virtual hosts host objects that run on a fully supported Legion platform and representa resource on an unsupported platform e g a Cray T3E A virtual host object cannot be used to run normal Legion objects since by definition there is no Legion port for the represented machine Instead it is used to run native jobs such as existing serial and MPI programs with the standard Legion tools 1egion run legion run multi and legion native mpi runl The virtual nature of the host objects therefore remains transparent The benefits of incorporating virtual hosts into the Legion system are many transparent simplified remote execution on the target machine resource selection and scheduling of the machine through Legion mechanisms etc To configure a virtual host object use the following three steps 1 START A HOST OBJECT Start a normal host object any variety with the standard legion starthost command Instead of starting the host on the desired target machine however start it on another machine that can conveniently be used to start jobs on the target machine e g through a queue system ssh etc This machine is called the physical host The target machine is called the virtual host For example start a virtual h
40. domain they will be part of the new multidomain system as well To perform this operation the tool makes the domains LegionClass objects aware of one another In practice this involves determining the bindings of all of the involved LegionClass objects and broadcasting the complete binding set to all of the LegionClass objects Once this operation has been performed the binding trees of the different domains will be connected In effect the set of joined LegionClass objects representa distributed class map Binding traffic that reaches LegionClass in your current domain but is related to another domain will be forwarded to the LegionClass object in the appropriate domain Binding caches and the class of operations involved in the binding process will minimize the need for interdomain binding related traffic between LegionClass objects As in earlier versions of the system the global now distributed class map in Legion is protected from contention by heavy caching To do its job 1egion combine domains needs to have information about each domain that it will be linking If Legion security is turned on in any ofthe involved domains it will also need security credentials for each secure domain in order to authorize itto link external domains This domain information is stored in the form of a domain cookie A domain cookie is simply a file holding the needed binding information and security credentials for a single Legion domain The legion
41. e about host vault pairs see page 49 in System Administrator June 20 2001 Legion 1 8 System Administrator Manual default implementation objects see Implementation model pg 44 These can all be viewed with context related commands or the GUI once the system has been completely started Before finishing legion initialize generates a set up script for the new system This scriptis placed in the LEGION OPR directory Please see section 3 5 for more information on using this script The basic Legion system is now ready to go If you wish to start security follow the steps in section 3 3 5 below If you have other modules follow the steps in section 3 3 6 on page 21 3 3 5 Setsecurity If you wish enable Legion security run the 1egion init security command Y ou ll have to decide now whether or not you want security since the command will not run properly unless you run it immediately after initializing the system If you don t wish to use it just skip over this section However none of your processes will be protected and you won t be able to create individual accounts To use Legion security run legion init security Please note that this command is for the Legion module and will not work with all classes in the other modules For bestresults start each module s security when you initialize it see section 3 3 6 on page 21 S everal events take place when you run this command legion init securit
42. e that the domains identifier can be seen in the second field of the two LegionClass LOIDs the first is 35d82a07 and the second is c8 If you are in a single domain system the output will simply list your current domain s binding legion list domains Current Legion domain root Type 302 binding 1 35d82a07 01 000001fc0 c0e21f57326b63336de9fc4d88d7bf5a314d9f1df 1079abb0938b29b3643e6c9a8413ea6fd584f82be 29b0ba56cdd0d421a609a4ba9ecf 995c8ddb205b16 d6df 128 143 63 51 19870 903621581 No linked external Legion domains System Administrator page 75 June 20 2001 Legion 1 8 System Administrator Manual 16 4 2 Generating cookies As the name suggests the legion_generate_domain_cookie command generates a cookie file for your current Legion domain Usage is legion generate domain cookie help 7o cookie output filename gt The cookie contains binding information for your domain s LegionClass security credentials and information about your domain s context space By default the new cookie file will be named LegionDomainCookie domain id Usethe o flag to specify a different name If security has been turned on you must be logged in as users admin in your current domain in order to ensure that the proper credentials are generated and saved in the cookie file 16 4 3 Displaying cookies The 1egion print domain cookie command will display the contents of a Legion domain cookie file By defaul
43. e xx OPR Creating an instance of class UnixHostClass 1 01 07 44b53908 Adding hosts new host DNS name to the host list for vaults BootstrapVault Added 1 host s to vault s compatibility set Adding vaults BootstrapVault to the vault list for hosts new host DNS name System Administrator page 53 June 20 2001 Legion 1 8 System Administrator Manual Added 1 vault s to host s compatibility set Configuring well known binaries for hosts new host DNS name There is a substantial amount of information returned Legion first prints outthe attributes of the newly created host object which include its name context name local OPR and OPA path names architecture your Unix user id local path name and any compatible vault s It also shows the binary executable files for basic Legion objects e g an implementation object being added and configured to the new host These files allow the new host to start new Legion objects as necessary The output then shows the creation of the object the new object is an instance of the UnixHostClass Optional flags will let you change some of these attributes The output also lists the new host vault pairs that were formed the new host object is now on BootstrapVault s list of compatible hosts and BootstrapVault is on the new host objects list of compatible vaults Note that the new host object is automatically assigned a context path in this case hosts new ho
44. ed to support large degrees of parallelism in application code and to manage the complexities of the physical system for the user in order to take advantage of this enormous physical infrastructure System Administrator page 7 June 20 2001 Legion 1 8 System Administrator Manual Installing and running Legion 2 0 Downloading Legion 1 8 Legion 1 8 is available in binary form only Information about downloading 1 8 is on the Legion web site lt http legion virginia edu download index html gt and below Legion is currently available for the following platforms e Sun Workstation Solaris 5 7 or later solaris e SGI Workstations IRIX 6 5 n32 build or later sgi_n32 SGI Workstations IRIX 6 5 n64 build or later sgi_n64 x86 Red Hat 6 x Linux linux DEC Alpha Red Hat Linux 6 x alpha_linux DEC Alpha OSF1 v4 alpha_DEc IBM RS6000 AIX 4 3 rs6000 e HPUX 11 x hppa_hpux Legion has been ported to several Cray IEEE architectures C90 T90 T3E using the native Cray C compiler However the binaries produced are excessively large due to a compiler bug Therefore we are not releasing a binary version of Legion for the Cray platform Y ou can Start a virtual host on these machines see page 69 We are no longer supporting the x86 F reeBS D 4 2 platform although we will consider adding it back in if someone needs it We are not currently supporting a Windows platform The Legion software is currently availa
45. er id to the newly allocated user id This switch gives the new object access to its persistentstate and protects itagainstother objects who will be running under different user ids The hostobjectcan then startthe creation process which will execute the object on the appropriate account This involves some privileged operations listed on page 59 above The host object does not execute with root permissions access to privileged operations is encapsulated in the PCD that runs on the host object The PCD is configured to allow only the host object to have access to these operations Two of its key functions are permitting the host object to change directory ownership and creating new processes on a designated accountonly The PCD limits the accounts in which these two functions can be done to a set designated by the local system administrator This set includes any generic guest Unix accounts and local Unix users that the administrator wishes to add PCDs can be used in two ways First they can multiplex objects onto multiple user accounts providing a level of protection for user objects and when combined with user logins making it possible to audit a user s actions Second they can match an object s effective user id to the user s Unix user id making it easier to track user actions Legion maintains logs for all host objects in the LEGION OPR directory see section 11 3 2 and the PCD hostobjectlogs include information about when diff
46. erent Unix users ids were used by Legion users 12 4 Using a PCD hostas your bootstrap host You can use a PCD host as your bootstrap host Before you run legion initializesSsetthe LEGION HOST BIN variable export LEGION HOST BIN PCDUnixHost System Administrator page 65 June 20 2001 Legion 1 8 System Administrator Manual 13 0 Batch queue host objects The standard Legion host object creates objects using the process creation interface of the underlying operating system However some systems require using a queue management system to take full advantage of local resources For example some parallel computers contain a small number of interactive nodes which can be accessed through normal means and a large number of compute nodes which can only be reached by submitting jobs to a local queue management system To make use of hosts that are managed by local queuing systems Legion provides a modified host object implementation called the BatchQueueHost BatchQueueHost objects submit jobs to the local queuing system instead of using the standard process creation interface of the underlying operating system 13 1 Starting a batch queue host object To starta BatchQueueHost object use legion_starthost with the B flag to indicate the desired host object implementation It would look something like this legion starthost B BatchQueueHost N hosts SP2 SP2 university edu Please see page 22 fo
47. essary supportto operate in environments that require Kerberos authentication The guiding design principle of this Kerberos support is that no process should be created by Legion without Legion first presenting to the underlying operating system valid Kerberos credentials for the target user There are two fundamental components of Legion s Kerberos support First each Legion user creates a Kerberos proxy object and uploads her valid Kerberos credentials into her proxy object Second the target machine s host object explicitly contacts the target user s Kerberos proxy object whenever a process must be created on that machine for the target user the host object then uses the Kerberos credentials stored in the users Kerberos proxy object when performing a Kerberos ksu command in order to create the process Of course Kerberos credentials are encrypted for transmission from the Kerberos proxy object to the target host object i e they do not travel across the network in the clear Legion s Kerberos support is not currently fully documented a small collection of sites that use Kerberos are working with the Legion developers to define and improve Kerberos support in Legion In the near future we will include detailed information regarding the creation and use of the Kerberos proxy objects from both the user perspective and the system administration perspective If you currently require Kerberos support in Legion e mail us at lt legion help vi
48. eue host object it resides on its host manages and guards its host s resources and submits Legion jobs to the local queueing system This is the best choice for hosts that use a queue management system although the PCD host object is more secure and has better accounting For more information please see Batch queue host objects page 66 d Virtual host object it resides on a different host represents and guards its host s resources but does not run normal Legion objects A virtual host cannot be used as a bootstrap host it is added to an already running system A virtual host object is used for running Legion jobs on unsupported platforms The host object resides on a supported platform and runs native jobs with standard Legion tools on the target host machine It can be used for scheduling resource selection and transparent execution on the target machine For more information please see Virtual hosts page 69 3 2 Setup the environment A properly set up environment is crucial for working in the Legion system The start up process uses certain Legion specific environment variables which must be correctly set before starting applications and running command line utility programs You mustset these variables each time you starting working in Legion Without a properly set environment programs cannot communicate with other objects in the system and the program may terminate with an error never return a value
49. ewhost 67 13 4 Troubleshooting 555 Evite deo ab IURE RACER ON M UAM 67 14 0 Virtual hosts 69 15 0 Setting up a native MPI host 72 16 0 Legion domains 73 16 1 Naming Legion dormalris ooi ced are ce ad e t a C HC ea 73 16 2 Domains and binding services acer EX ERR CERE YE 73 16 3 foining dO lS ga xot et ck tmn ha a Cadets ace coena ehe 74 16 4 Related commandS s rie ALES ATEN ER LS TNA Sa 75 16 4 1 Listing currently connected domains sese 75 16 4 2 Generating cookies uova ovr RH UE ERE EE OVER 76 16 4 3 Displaying cookies ee eatur ete rate e pts 76 16 4 4 Connecting QOMGINS ins bois rre Mondale DONE nita ten 76 17 0 Resource management 77 17 1 Scheduling related commands 77 17 1 1 Configuring the scheduler eene 77 17 1 2 Setting a class s default scheduler see 78 17 1 3 Setting scheduler DOllCy o i vor Tr i rig edes 78 17 1 4 Adding resources to a collection senes 78 17 1 5 S UD CONCCHONS erener dte ee ated cae 79 Getting help 80 Index 81 System Administrator page 5 June 20 2001 Legion 1 8 System Administrator Manual page 6 System Administrator June 20 2001 Legion 1 8 System Administrator Manual Before you start 1 0 Introduction 1 1 Aboutthis manual This manual is for system administrators of a Legion system It explains how to install run and manage a new Legion system how to set security featu
50. fault So deny unknown though valid is unnecessary The main purpose of deny is to deny access to specific individuals or subgroups who would otherwise have access because of their membership in a larger group Names that only include letters and digits plus underscore dot slash and comma do not need to be in quotes Others must be in quotation marks The reserved name unknown can be made unreserved by surrounding it in double quotation marks The default cases can be in any order with the others Anything between braces can be empty AccessControlSet instanceOf class BasicFileClass Method read allow bob fred Only bob and fred can call this method the class and instance can call it and grant certificates for it too of course see note above Method LegionLOID ping allow group deny fred The function identifier for this method includes the spaces within the quotation marks System Administrator page 39 June 20 2001 Legion 1 8 System Administrator Manual page 40 Default allow bob unknown All other methods are covered by this case Suppose that bob is the one setting up this file He probably wants to put himself inthe allow list for every method he lists as well as for the default Of course if he doesn t want access of a particular type e g write access he can leave himself off For any method where he grants access to unknown he doesn t have to
51. formation page 58 System Administrator June 20 2001 Legion 1 8 System Administrator Manual 12 0 Process control daemon host objects In a normal host object all objects run under the same Unix user id making it difficult to isolate and account for different objects in other words if an outside user runs processes on your host his processes will run under the same Unix user id as your processes To solve this problem Legion lets you create a second type of Unix host object a process control daemon PCD host object A PCD host object uses the services of a daemon which executes as root in order to provide the host object with controlled access to a limited set of privileged operations That is the daemon oversees the host object s processes regulating ownership of each process This daemon must be started by someone with root privileges on the host such as a system administrator Typically the PCD is configured to start through inetd Legion users who have Unix accounts on the hostare tracked by their Unix user ids and guest users can be assigned a temporary Unix guest account user id The P CD host object assigns guest user status to outside users and tracks each process s owner This prevents malicious users from interfering with other users processes 12 1 Adding a PCD host object 12 1 1 Configure the daemon Before you start up a PCD host object you must start the process control daemon if itis not already running Yo
52. ft Here all vault objects will represent space in the only available disk storage space Vault A They will therefore all be accessible to any host object created on Hosts 1 2 or 3 If J ane working on Host 1 wishes to create a new host object on Host 2 she can either pair the new host object with the currently existing BootstrapVault Or create a new vault object on Vault A Either way there is no need to worry about incompatible pairing On the other hand if ane wants to add a new host from a foreign system i e her bootstrap host object cannot see the new system s persistent storage space she must create a new vault object in the foreign system and pair it with her new host object Figure 12 below shows an example of this situation with two different file systems and multiple hosts Figure 12 Multi host and multi vault system Host 1 Host 2 Vault A Bootstrap Vault Host 4 Host 3 Host 5 Host 6 Vault B page 50 Hosts 1 3 can see Vault A and Hosts 4 6 can see Vault B If J ane wants to create a host object on Hosts 2 or 3 she can pair it with BootstrapVault Or create another vault object on Vault A Either way she does not need to worry about host vault compatibility However if she wants to create a host object on Host 4 she must pair it with a compatible vault object on Vault B either by creating a new v
53. g resources subcollection commands legion set acl legion add host account legion add sub collection legion change permissions legion combine domains legion config scheduler legion configure profile legion create implementation legion create user legion create user object legion get implicit params legion host vault list legion initialize legion join collection legion list domains legion list host accounts legion list sub collections 35 20 38 37 37 19 19 35 37 33 41 37 40 62 79 37 40 74 76 77 31 47 37 37 40 51 17 24 78 75 64 79 Legion 1 8 System Administrator Manual legion_login legion_make_setup_script legion_native_mpi_config_host legion_native_mpi_init legion_native_mpi_run legion_passwd legion_print_config legion_query_collection legion_remove_host_account legion remove sub collection legion set implicit params legion set scheduler legion set scheduler policy legion setup state legion starthost legion startup legion startvault legion vault host list contexts home admin and user access read and write permissions cookie files for Legion domains core object model core objects context objects host objects implementation objects legion object vault objects creating new users credentials user s D domains about binding services commands connecting cookies listing naming downloading binary files RSA requirements E enactor object H hosts adding a new host o
54. generate domain cookie command creates a cookie file and 1egion print domain cookie displays it System Administrator June 20 2001 Legion 1 8 System Administrator Manual 16 4 Related commands There are four commands related to Legion domains The legion_list_domains command lists the set of domains currently connected to your domain legion_combine_domains connects domains legion_generate_domain_cookie generates a domain cookie for a domain and legion_print_domain_cookie displays the cookie 16 4 1 Listing currently connected domains You can use the legion_list_domains command to view a list of those domains connected to your current domain The output will list your current domain s binding and any domains linked to your current domain legion list domains Current Legion domain root Type 302 binding 1 35d82a07 01 000001fc0 c0e21f57326b63336de9fc4d88d7bf5a314d9f1df 1079abb0938b29b3643e6c9a8413ea6fd584f82be 29b0ba56cdd0d421a609a4ba9ecf 995c8ddb205b16 d6df 128 143 63 51 19870 903621581 Linked external Legion domain roots 1 Type 302 binding 1 c8 01 000001 c0a533 0 8413082b08857f283c8a0aa34193ea7478b2c6081 63414ca5f13939bb0e5d48788b543d5fddd05e497 35487150edf8256d78002bb04454da7eae82697 128 143 63 52 16022 903624927 This output shows that there are two domains and lists each domain s binding its LegionClass object s LOID and OA The current domain is listed first Not
55. hat the bootstrap host object has a compatible vault object All host objects must be paired with at least one compatible vault object i e a vault that it can see Creating an ImplementationCache Creating an implementation ContextObject for ContextClass Creating the root context object Implementation objects represent and manage the implementation cache used to allow Legion processes to take place in different architectures and context space Adding BootstrapHost to the hosts context Adding the alias your bootstrap host name for BootstrapHost to the hosts context Adding BootstrapVault to the vaults context More implementation objects are created as the process creates new object classes Two context names are added to the hosts context BootstrapHost and your bootstrap host name Both names refer to the Bootstrap host object but only one is added to the vaults context Figure 4 Figure 4 root context Context pa class ths for the bootstrap host and vault objects r Bootstrap host Bootstrap host object Bootstrap vault object BootstrapHost your bootstrap host na BootstrapVault This object will manage a portion of the persistent storage mechanism for the Bootstrap host The impls context contains names of the 5 this manual page 18 For more about hosts and vaults see section 6 0 in the Basic User Manual For mor
56. he password matches the AuthenticationObject creates a certificate and sends it back to legion login where it is placed in the implicit parameters All utilities run during the session will inherit these implicit parameters and thus the certificate and they can then be used to do work on the AuthenticationObject s and therefore the user s behalf System Administrator June 20 2001 Legion 1 8 System Administrator Manual 7 3 Special implications of security Because Legion is a distributed system some familiar concepts of traditional monolithic system security are different For example there is no central password file each user s password is stored in the corresponding AuthenticationObject Furthermore any user can create an AuthenticationO bject and create objects that no one else can call There is still some control though For example the system administrator may be the owner of an objectthat provides a resource Such as printing If that objectlooks in a particular group to determine access and the system administrator has not added a user to that group access will be denied We should note thatrelease 1 8 ofthe system has notbeen hardened to withstand attack For example by sending an appropriately mangled message a sender can crash an object because the low level message processing layers will notunderstand the headers These changes are currently in progress 7 4 J Legion and Kerberos Legion 1 8 includes the nec
57. hitecture of the vault s host default is the local LEGION_ARCH value N context name gt Specify the vault objects context name defaultis vaults vault host name U user id Specify a Unix user id default is current Unix user id C vault class Specify the vault objects context path default is class UnixVaultClass This commands creates a new vault object in the storage system of a specified host named in lt host name gt The flags are similar to the legion_starthost flags The L o or A flags can be used to specify a different architecture or a different directory structure The N flag allows you to specify a context name The u flag allows you to specify a Unix user id for the new object The c flag allows you to start an instance of a different class This flag allows users to create new vault classes so as to give users more flexibility in managing their resources 11 5 Backup vaults In the current releases instances of the BasicFileClass ContextClass UserAuthenticationO bject and ImplementationClass classes can have their state replicated on backup vaults If an instance s primary vault is dead or unavailable during the instance s System Administrator page 57 June 20 2001 Legion 1 8 System Administrator Manual reactivation a copy of the instance s state can be retrieved from one of its backup vaults Please see section 6 6 on page 32 in the Basic User Manual for more in
58. ing available accounts The 1egion list host accounts command lists the available accounts on a hostobject If no hostobject argumentis provided your current host object will be used as a default legion list host accounts 71 host object LOID gt 7c host object context path gt debug help 12 3 How the PCD hostobject works page 64 When an object creation request arrives at a PCD host object as a normal method invocation the host object checks the request s credentials against the user s LOID and the list of groups that are allowed to create objects on the host object If the requests credentials pass inspection the hostobjectselects an accountfor the new object Depending on its credentials the request may be given a local user account or a generic i e guest account Accounts are subject to scheduling and resource control CPU time memory usage etc so an object s lease on an account especially a generic account is limited When a class object sends an object creation request to the host object it includes the new object s OPA as a parameter see Figure 7 step 4 on page 44 The OPA contains the new object s vault directory i e where the new object s persistent state will be stored SO before starting the creation process the PCD host object must System Administrator June 20 2001 Legion 1 8 System Administrator Manual switch the ownership of the new object s vault directory from the vault us
59. ion_cat home lt user id gt legionre legion_cd home_dir This means that when the user logs in she will automatically be moved to her home context Users can edit their own AuthenticationObject and LegionRC files at any time however so they can easily remove or change this behavior A LegionRC file MUST use the following syntax Anything following a on a line is a comment Any value included in is assumed to be a local environment variable For example LEGION refers to LEGION in the current shell Any value included in is assumed to be a remote environment variable For example home dir refers to the home dir attribute in the user s AuthenticationO bject All remote variables come from your Authentication object s attributes All variables are replaced with their values BEFORE the scriptis run Aside from the semantic elements described the file MUST contain nothing else except programs to execute on the command line one per line in the script 8 2 Security and context space While all users can read i e look at and move to all of the new context space non admin users can write i e create new context objects only in the home etc tmp mpi and pvm contexts Only admin can write in the all parts of context space Figure 6 Log out is achieved by exiting the shell Figure 6 Context space access in a secure Legion system root context o requires admin privilege
60. l The latter command gives more control in creating AuthenticationO bjects so that you can choose a particular host or vault or if you have another class that can create AuthenticationO bjects specify the new object s class We strongly suggestthat you put all new users in the users context You will be asked to assign a password The user can change it later on with the 1egion passwd command page 38 New users are assigned a home context in home user id They are also given a LegionRC file page 35 legion create user users jill New Legion password XXXXX Retype password xxxxx 1 3a8ba36a 6b000000 02000000 0000 Creating a Home context home jill Changing ACLs on home jill Setting up initial LegionRC file legion update attributes Added 1 attributes s to object legion update attributes Added 1 attributes s to object If you are working on a PCD host follow up with these steps S Or 3L am Legaem_ils exse do legion add host account hosts i unix id users new user name done System Administrator page 37 June 20 2001 8 4 8 5 8 6 page 38 Legion 1 8 System Administrator Manual Logging in users Changing Changing Please allow about five minutes for a new user id to propagate in your system after creating it If a new user tries to log in too early he or she will get security errors when trying to create objects The ne
61. lacement available 17 1 4 Adding resources to a collection There are three commands for controlling the collection object Objects can be added with 1egion join collection The example below adds HostFoo to the default collection although any Legion object can be added to a collection legion join collection etc Collection hosts HostFoo The 1egion leave collection command removes objects from the collection object The 1egion query collection prints a list of which objects are currently part of a given collection The 1egion query collection command uses MESSIAHS Interface Language MIL query strings see page 51 in the Reference Manual for query string examples and page 127 in the Developer Manual for relevant MIL interfaces The example below returns the list of Linux host objects that are part of the default collection legion query collection etc Collection match host os name Linux 2 hits 1 36baeb09 07 01000000 000001fc0b54bbc102 1 36baeb09 03 01000000 000001fc0f4b64b072 page 78 System Administrator June 20 2001 Legion 1 8 System Administrator Manual 17 1 5 Subcollections A subcollection is a normal collection object that is polled by another collection object called the parent collection This arrangement allows for faster and more efficient resource information gathering since you can have several subcollections monitoring small groups of resources A parent
62. leted 1 vault s to host s compatibility set COMPATIBLE VAULT LISTING Xo 1 01 03 3cb53908 000001fcObb4fefl2ecf cc Rod 1 01 03 3db53908 000001fc0dd5621fadf70b0 To add a host and then see the adjust list you would enter the following legion_vault_host_list vaults BootstrapVault a hosts AHost p Added 1host s to vault s compatibility set COMPATIBLE HOST LISTING E 1 01 07 3cb53908 000001fc0c29636eee98d dos 1 01 07 3eb53908 000001fc0d9b155044fb5 2t 1 01 07 3fb53908 000001fc0c96beaba5730 11 3 Adding a new host page 52 The main system must be active in order to add a new host The new host machine must also have the Legion binaries installed or visible via NFS The legion_starthost command is run from your current machine not on the new host This command uses remote shell rsh or ssh classes to start a new host object on a specified host You can start new host objects on your current host as well as on other hosts System Administrator June 20 2001 Legion 1 8 System Administrator Manual since a single machine can contain more than one host object Please note that you mustbe able to run rsh ssh on the target host from your current machine without having to enter a password You can set up an rhosts file for rsh or an authorized keys file for ssh to accomplish this see the rsh and ssh man pages for further information You can run Legion commands on a remote h
63. list himself However it doesn t hurt Default Method LegionLOID ping allow bob Nobody can ping objects except bob Default allow unknown Once the implicit parameters for a user have been set you must log out and log in again for them to take affect Alternatively legion_set_implicit_params can be used to change the implicit parameters of the current session if you do not specify a file name the command sets the implicit parameters of the current environment If you do this make sure that the implicit parameters contains a certificate definition for your AuthenticationO bject or you will have to log out and log in again in order to execute any further commands as an authenticated user This documentation does not yet include an example of defining a certificate To show the current implicit parameters or the parameters for a particular user use legion_get_implicit_params Use legion set acl to change the access policy of an existing object this is not the same as changing implicit parameters which in the case of access control will only affect the creation of new objects The legion set acl tool can have the same input file as legion set implicit params but it only uses the access control information The legion change permissions command manipulates an object s ACL so that other users can call methods on that object If you have created a system with secure file
64. low creates a Linux implementation object for my class The new object will automatically be assigned the context path impls my class linux 1 legion create implementation Legion bin linux my class linux my class If you ran the example a second time the second implementation object would be called impls my class linux 2 System Administrator page 47 June 20 2001 page 48 Legion 1 8 System Administrator Manual Use legion_list_implementations to see a list of which implementation objects have been assigned to a particular class The output will be each objects LOID and architecture The example below lists seven implementation objects for the tty class legion list implementations c class ttyObjectClass alpha linux 1 3933cb3f 08 42000000 000001fc0bc solaris 1 3933cb3f 08 51000000 000001fc0bc sgi 1 3933cb3f 08 92000000 000001fc0bc rs6000 1 3933cb3f 08 07010000 000001fc0bc x86 freebsd 1 3933cb3 08 20010000 000001fcObc linux 1 3933cb3 f 08 49010000 000001fc0bc hppa hpux 1 3933cb3f 08 be010000 000001 fc0bc System Administrator June 20 2001 Legion 1 8 System Administrator Manual 11 0 Hostand vault objects Please see section 6 0 page 30 of the Basic User Manual for information about Legion host and vault objects and an introduction to some basic host and vault related commands 11 1 About host vault pairs Adding new hosts and vaults to your system make
65. n It does not need to be run by root but it does need to be run with read permissions to the etc LegionUsers and etc LegionClients files E g if these files can be read by a group that includes the Legion system administrator pcdCheckConfig can be run by the system administrator Note that you can change etc LegionClients and etc L egionU sers after you have created them You must tell procControl d to read the files once you have edited them You can send a SIGHUP to the daemon to force itto reread these files kill HUP procControl d PID gt 12 1 2 Start the daemon and the host object You need to be logged in as users admin to startup a PCD host object To start up a PCD host object on a PCD host run legion starthost With the B flag see page 54 on the host System Administrator page 61 June 20 2001 Legion 1 8 System Administrator Manual legion starthost B PCDUnixHost PCD host DNS name N vaults vault name This starts the PCD host which in turn starts the daemon The daemon checks its configuration to make sure that itis valid which it should be if you ran pcdCheckConfig and establishes a connection with its host The host object will then report to the host class and run normally Note thatthe example above assumes that you have already started a compatible vault object We recommend that the vault reside on the PCD host Once you have started the PCD host object and if necessary the a
66. nObject SLEGION ARCH class AuthenticationObjectClass If you choose to enable the security features see Set security pg 19 you must run 1egion init security immediately after you have started a new system and you must log in as admin If you do not enable security Legion will run normally but none of your processes will be protected 8 1 Authentication objects When you create a user account in a running Legion net Legion creates an AuthenticationO bject which holds the user s credentials and represents an individual user id in Legion AuthenticationO bjects are displayed in context space as users user id As of version 1 8 AuthenticationObjects also hold the user s home context home user id in the home dir attribute They are also allowed to have any number of attributes with the name egionrc file These attributes are assumed to point to LegionRC files in context space LegionRC files are scripts that contain instructions for when the user logs in The files are downloaded and executed on your local machine A default LegionRC file is created when you create a new user page 37 Its context path is home user id legionrc and its contents are 7 Uselegion list attributes to view an object s attributes and 1egion update attributes to change them see pages 10 and 12 in the Reference Manual System Administrator page 35 June 20 2001 Legion 1 8 System Administrator Manual leg
67. names to Legion objects These objects also enable multiple disjoint name spaces to exist within Legion All objects have a current context and a root context which define parts of the name space in which context names are evaluated LegionHostObject Host objects represent processors One or more hostobjects run on each computing resource which is included in Legion Host objects create and manage processes for active Legion objects on their hosts Classes invoke the memberfunctions on hostobjects in order to activate instances see page 143 in the Developer Manual Representing computing resources with Legion objects abstracts the heterogeneity which results from different operating systems using different mechanisms for creating processes Further it provides resource owners with the ability to manage and control their resources as they see fit LegionVaultObject Just as a host object represents computing resources and maintains active Legion objects a vault object represents persistent storage but only for the purpose of maintaining the state in OPRs ofthe inert Legion objects that the vault object supports LegionimplementationObject Implementation objects allow other Legion objects to run as processes in the system An implementation objecttypically contains machine code thatis executed when a requestto create or activate an object is made More specifically an implementation objectis generally maintained as an executable file thata
68. ned to the caller Legion objects are automatically built with Mayl although you can turn off or alter the default Mayl or write a new one Note that if you do not enable the security features when you first start your system Set security pg 19 the default Mayl will be turned off System Administrator page 31 June 20 2001 page 32 Legion 1 8 System Administrator Manual If an object with Mayl is created but has no special access control information in its implicit parameters it will be fail safe It will only accept calls from itself or its class Of course the object s first action when it begins running might be to modify its access control policy Normally however the creator of the object will pass an access control policy in the initial implicit parameters The UVa Maylis very flexible and supports many access policies The Mayl for an object can maintain separate access control information for each method as well as a catch all that applies to any method not otherwise listed The access control information records who is granted the right to call a method who is explicitly denied this right and who may generate a certificate for the method The deny list exists because groups may be specified in the access control lists Adding the name of a context to the allow list for example permits every object whose LOID is stored in that context to call that method However if the deny list for that method contain
69. ng new account as bootstrap host commands configure the daemon how it works removing account starting the daemon viewing available accounts private mode procControl d protected mode public private keys R rc file resource management about add resources collection object commands configuring scheduler enactor object MIL query strings scheduler object set default scheduler set scheduler policy subcollections root privileges RSA S scheduler object configuring setting default setting policy System Administrator 72 79 37 38 33 36 77 78 77 77 77 77 78 77 78 78 79 19 10 77 77 78 78 June 20 2001 scheduling security AuthenticationO bject changing user passwords creating implementations creating new users enabling features Legion security model Mayl message layer OpenSSL private mode protected mode public key encryption session file set up script start up procedure subcollection system administrator creating a user id U user id creating new V vaults adding backup vaults vault objects virtual hosts 77 30 32 38 35 37 19 35 30 30 31 32 30 10 30 30 37 56 57 49 69 System Administrator Legion 1 8 System Administrator Manual page 83
70. on startvault command usage is see section 11 4 1 below for legion startvault s flags and default settings legion startvault lt flags gt host name gt compatible host list gt The example below creates a vault object on the host we created above aNewHost and uses N to assign the new vault the context path vaults aNewVault legion startvault N vaults aNewVault new host DNS name hosts BootstrapHost hosts aNewHost Creating a Legion vault with the following attributes Host new host DNS name Context name vaults aNewVault SLEGION home xx Legion SLEGION OPR home xx OPR SLEGION_OPA home xx OPR vault aNewVault OPA Architecture linux User id xx Binary path home xx Legion bin linux UnixVaultObject Compatible hosts hosts BootstrapHost hosts aNewHost Transferring configuration files to xx new host DNS name home xx OPR Creating an instance of class UnixVaultClass 1 36188412 03 04 Adding vaults aNewVault to the vault list for hosts BootstrapHost Added 1 vault s to host s compatibility set Adding hosts BootstrapHost to the host list for vaults aNewVault Added 1 host s to vault s compatibility set Adding vaults aNewVault to the vault list for hosts aNewHost Added 1 vault s to host s compatibility set Adding hosts aNewHost to the host list for vaults aNewVault Added 1 host s to vault s compatibility set
71. ontrol policy Set up message level protection Legal values are Protected Private and Off String MessageSecurity Protected Set up an access control set and store it inthe specified implicit parameter Notes An objectinstance gets both the access control lists for its specific class and the default lists if defined The specific class lists override the default ones on a per method basis For example if the method read is in each only the access control information in the specific class definition for read will be kept and used Every object instance and its class are automatically allowed to call all of the object s methods and to grant certificates for them That is not affected by the access control set in the implicit parameters These permissions can be modified by using the explicit SetACL method for the object On log in an authentication object returns the implicit parameters It adds on to the access control set in those parameters the following right for all methods in all classes the authentication object is a valid granter of certificates Subsequent objects are created with this right so a user holding a certificate from the authentication object after 1egion login can manipulate all objects that he creates The access control for the default method is only applied if there is no control information for the specific method being called Access is denied by de
72. or fail in a more spectacular fashion If this occurs try setting your environment properly and starting over You must have bin ksh installed in your system There are a number of Legion scripts that will look for ksh and if itis notinstalled in your system you will get error messages If you have not yet done so set 0PENSSL INC and OPENSSL LIB see page 10 You mustalso set LEGION HOME and LEGION OPR and run the legion profile c sh script The environment must be properly set in each shell in which you plan to run Legion commands Check to be sure that environment variables are properly set ksh or sh users export LEGION HOME Legion root dir path export LEGION OPR Legion OPR root dir path export OPENSSL INC OpenSSL installation directory include export OPENSSL LIB OpenSSL installation directory gt lib SLEGION HOME legion profile sh 3 Bourne Shell is not directly supported by our implementation of Legion due to the use of alias to implementsome Legion commands Bash however is supported page 14 System Administrator June 20 2001 Legion 1 8 System Administrator Manual csh users setenv LEGION_HOME lt Legion root dir path gt setenv LEGION_OPR lt Legion OPR root dir path gt setenv OPENSSL_INC lt OpenSSL installation directory gt include setenv OPENSSL_LIB lt OpenSSL installation directory gt lib source SLEGION_HOME legion_profile csh We suggest LEGION HOM
73. ost object accomplishes this When class Foo Sitting on hostAlpha sends a call step 1 to create instance Foo on Beta it gives Beta the LOID for ImplementationO bjectX Beta uses the LOID to find ImplementationO bjectX on Alpha step 2 and makes a binary copy for its own vault step 3 Beta can then create instance Foo step 4 10 1 Implementation caches While this procedure is a reasonable investment if a host object requires a particular implementation object once it becomes expensive when repeated An implementation cache circumvents the problem by acting as an intermediary between the hostobjectand the class object The implementation cache object is responsible for finding and keeping implementation objects on behalf of its host object We can update the scenario in Figure 8 since Beta can now ask its implementation cache object to locate a copy of ImplementationO bjectX as show in Figure 9 below System Administrator page 45 June 20 2001 Legion 1 8 System Administrator Manual Figure 9 The implementation cache object Host Alpha Host Beta Implementation ObjectX 1 Class Foo tells Beta to create instance Foo using ImplementationO bjectX 2 Beta asks its Implementation Cache Object to find a copy of ImplementationO bjectX 3 Cache finds copy of ImplementationO bjectX in the vault 4 Beta runs its copy of ImplementationObjectX to activate instance Foo Implementation Cache
74. ost object to represent the host tBe npaci edu on the physical host gigan sdsc edu you would run legion starthost N hosts NPACI T3E gigan sdsc edu vaults BootstrapVault This gives you a normal host object except that itis not on its host Figure 14 It uses the physical host s bootstrap vault Figure 14 Newly created virtual host object virtual host object represents NPACI T3E t3e npaci edu host object SDSC Gigan gigan sdsc edu physical host virtual host 10 See page 100 page 104 and page 92 respectively in the Reference Manual System Administrator page 69 June 20 2001 page 70 Legion 1 8 System Administrator Manual SET VIRTUAL ARCHITECTURE FOR THE HOST OBJ ECT When the host object is first created it is assumed to represent the architecture of the physical machine on which it resides You must tell Legion that the host object will actually represent a machine of a different architecture The legion_set_varch command sets a virtual architecture for a host object Continuing the previous example then you must set the virtual architecture for host object NPACI T3E to t3e legion_set_varch hosts NPACI T3E t3e CONFIGURE VIRTUAL RUN SCRIPTS FOR THE HOST Figure 15 Virtual host object When legion_run and other commands make use of a virtual scripts host object to start native jobs they require a mechanism for s
75. ost using rsh or ssh once you set the proper environment variables For sh ksh or bash use EGION RSH rsh ssh EGION_RCP lt rcp scp gt export LEGION_RSH LEGION_RCP Forcsh use setenv LEGION RSH lt rsh ssh gt setenv LEGION RCP rcp scp Normal usage is below please see page 42 in the Reference Manual for flags and default settings legion starthost lt flags gt new host name gt lt compatible vault list gt You should specify a compatible vault whenever you create a new host object you can run legion_starthost without a vault name and then use legion_host_vault_list to add a vault to the new host object s list of compatible vaults but itis simpler to specify one or more compatible vault when you first create the new host object In the example below the default BootstrapVault is the new host object s compatible vault legion starthost new host DNS name vaults BootstrapVault Creating a Legion host object with the following attributes Host new host DNS name Context name hosts new host DNS name SLEGION home xx Legion SLEGION_OPR home xx OPR SLEGION_OPA home xx OPR new host DNS name OPA Architecture linux User id xx Binary path home xx Legion bin linux UnixHostObject Compatible vaults vaults BootstrapVault Transferring configuration files to xx new host DNS name hom
76. ou want your Legion root directory to reside and move the distribution file to that directory Next uncompress and untar the file platform name is one of solaris sgi n32 sgi n64 linux alpha linux alpha DEC rs6000 hppa_hpux The binaries files are all compressed tar files created with GNU tar and gzip If you have GNU tar you can unzip and untar the binary by running tar zxvf Legion binary platform name V1 8 tar If you do not have GNU tar you must use gunzip part of GNU gzip package Run the following gunzip c Legion binary platform name V1 8 tar gz tar xvf This will create a root directory called Legion in the current directory and will include all necessary sub directories and files Note that the compressed binary files are large ranging from 12 to 100 4 MB so it may take a few minutes for them to arrive and that the uncompressed tar file will be about two to three times larger The System Administrator June 20 2001 Legion 1 8 System Administrator Manual system will actually need even more space once it is running since it will be making copies of some of the files In addition the binary tar files do notinclude intermediary object files which will be created when the system is started System Administrator page 11 June 20 2001 Legion 1 8 System Administrator Manual 3 0 Starting a new system A summary of the start up procedure is on page 28 3 1 Befo
77. out in section 3 3 Second you add new host objects on the desired machines Since you will be starting processes on the target hosts from the bootstrap host be sure that you can run rsh ssh on the bootstrap host as well as on the target hosts from the bootstrap host without having to enter a password You can setup a rhosts file for rsh or an authorized keys files for ssh to accomplish this see the rsh and ssh man pages for more information You ll need to set the proper environment variable on the bootstrap hostand the remote host s so that you can run Legion commands on a remote host using rsh Or ssh System Administrator page 21 June 20 2001 Legion 1 8 System Administrator Manual Forsh ksh or bash EGION RSH rsh ssh EGION_RCP lt rcp scp gt export LEGION_RSH LEGION_RCP Forcsh setenv LEGION RSH lt rsh ssh gt setenv LEGION RCP rcp scp Set these variables on the bootstrap host before you start the new system i e before you run legion_startup Please note that you only need to follow these steps on the bootstrap host you will need to install the Legion binaries on any other machines that you add to your system but you do not need to start more Legion systems To add additional hosts and users copy the LEGION OPhR setup sh csh scripts to a globally accessible location Hosts can share an NFS mounted Legion tree but for best results you should place the OPRs on a local disk
78. procControl d which then creates the requested process under the user s Unix account It takes the following arguments m user file Names a local file containing a list of Unix user accounts that procControl d can Spawn processes under c client file Names a local file containing a list of Unix users who have permission to access procControl d We recommend that this file contain only the Unix account under which the PCD hostis running s lt spawn dir gt Names a local directory under which the PCD can spawn processes We recommend thatthis directory be the same as the host vault pairs LEGION OPR directory 1 lt core dir Name the local directory under which the PCD will spawn core Legion objects We recommend that this be the same as the LEGION bin directory We recommend that you set all four of these arguments Add a line to your Unix etc inetd conf file replacing the home legion admin OPR argument with the location of your OPR directory and home legion admin Legion bin argument with the location of your Legion bin directory legion host stream tcp nowait root etc procControl d procControl d m etc LegionUsers c etc LegionClients s home legion admin OPR 1 home legion admin Legion bin Create the Unix file etc LegionUsers List the user ids of managed accounts in this files the user ids that the daemon will be able to spawn processes as one user id per line This file must be owned by root
79. r more on starting new hosts 13 2 Setting the local queue A BatchQueueHost can be used with a variety of queue systems LoadLeveler Codine PBS and NQS are the currently supported queue types You can specify what type of local queue a given BatchQueueHost object by editing the host objects host queue type attribute For example if you want your new BatchQueueHost object to use the local LoadLeveler queue you would run legion update attributes and add the LoadLeveler attribute legion update attributes hosts SP2 a host queue type LoadLeveler Currently each BatchQueueHostcan use only one queue type ata time i e if multiple local queuing systems are available they can not all be used by the same BatchQueueHost an individual BatchQueueHost would need to be started to represent each queue Typically though individual machines are managed by a single queue page 66 System Administrator June 20 2001 Legion 1 8 System Administrator Manual 13 3 Before running objects on the new host By default every Legion class contains a desired host property attribute specifying that it be run on an interactive host You can use the legion list attributes command to check this particular attribute legion list attributes c class my class N desired host property class my class desired host property Total attributes retrieved 1 desired host property interactive This signals the schedulerth
80. re objects These objects create locate manage and remove objects in the Legion system Legion provides implementations of core objects but you are not obligated to use them Although the object model includes and relies on a few single logical Legion objects access to these objects is limited because of heavy caching and hierarchical organization of lower level objects Objects can be replicated to reduce any contention Increasing the number of Legion computing resources will not increase competition for the few centralized Legion objects In this object model each Legion object belongs to a class and each class is itself a Legion object All Legion objects export a common set of object mandatory member functions such as save state and restore state Class objects export an additional set of class mandatory member functions such as create derive and inherit from The object model s power comes from the Legion classes Much of what is usually considered system level responsibility is delegated to user level class objects Legion classes are responsible for creating and locating their instances and subclasses and for selecting appropriate security and object placement policies Core Legion objects provide mechanisms for user level classes to implement policies and algorithms that they choose Assuming that we define the operations on core objects appropriately i e thatthey are the right set of primitive operations to ena
81. re you start Before you start a new Legion system consider what type of set up will best suit your needs Primary considerations include e What kind of system do you need How many machines do you anticipate using Do you only use local hosts or do you also use remote machines Possible configurations might include a A single host system one Legion machine with one or more host objects Figure 1 This is the simplest System b A multihost system multiple Legion hosts linked together and sharing local resources Figure 2 Figure 1 Single host system Legion host Figure2 Multihost system Legion host Legion host 2 lt lt Ss Legion host 4 Legion host 3 host object resources page 12 System Administrator June 20 2001 Legion 1 8 System Administrator Manual This can include homogeneous or heterogeneous platforms as well as non Legion machines The machines do not need to be in physical proximity A multidomain system multiple Legion domains connected together and sharing each others resources Figure 3 Figure 3 Multidomain system Domain A Domain B Will you be using Legion security This is an important consideration since a secure Legion system cannot be cleanly shut down an
82. res and how to use the Legion core objects It also presents several sample system policies There are four Legion manuals each aimed ata specific type of user that can be consulted for more information The others are Basic User Manual introductory information about the system Developer Manual information and documentation for programmers working in Legion and includes information on languages libraries core objects and implementing new Legion objects Reference Manual detailed information about specific elements of the Legion system There are also man pages for all Legion commands included with the system files and on line tutorials on the Legion web site lt http legion virginia edu gt 1 2 Style conventions The manuals at times refer to path names in Unix directory space and in Legion context space To avoid confusion the following style conventions are used throughout Legion documentation Unix DOS and local path names appear in a serif typeface Functions method names parameters flags command line utilities such as rm cp and legion_1s and context path names appear in fixedtypeface 1 3 AboutLegion Legion is a grid operating system at the University of Virginia It is intended to support the construction of wide area virtual computers or metasystems which will allow users to work on a variety of geographically distributed high performance machines and workstations Legion is design
83. rginia edu gt System Administrator page 33 June 20 2001 Legion 1 8 System Administrator Manual 7 5 Session file As of version 1 8 your credentials current and root context LOIDs and other relevant session information are stored in a Session file On Unix this file is located in tmp and is named legioncc p lt user number shell pid The file will be deleted when the user logs out with legion logout If the user exits without logging out the session file will remain page 34 System Administrator June 20 2001 Legion 1 8 System Administrator Manual 8 0 Using security features You are not required to use any of Legion s security options We realize that not all systems will benefit from our security and Legion canrun with or without security However you must decide whether or not to enable Legion security before you use your new system the command line tool that starts the security mode legion_init_security will not run correctly if you have started to work in your system i e if you have created new objects changed context space run classes etc If you are running a multi architecture system you will need to register other implementations for each additional architecture an implementation for your current architecture is automatically created when the system is first initialized Use the legion_create_implementation command legion create implementation SLEGION bin LEGION ARCH Authenticatio
84. rs However in order to allow sites to protect their resources against unauthorized or malicious use Legion provides tools to allow system administrators can maintain their local policies Final authority over the use of a resource remains with each resource s administrators There are three objects for managing your Legion resources the collection the scheduler and the enactor There are a corresponding set of command line tools to control the objects A more detailed discussion of these objects is in section 8 0 of the Developer Manual but in brief they carry out the following functions The collection collects and maintains information about its assigned resources It constantly monitors its host and vault objects and knows which resources are in use and which are available for what kind of tasks The scheduler takes this information and produces lists of possible resources for specific tasks The enactor negotiates with those resources to reserve blocks of time and space Resource managers can use scheduling related commands below to set up system class and instance level scheduling policies 17 1 Scheduling related commands There are a several commands that can be used to set up an individual Legion s scheduling process and a class s or instance s hostand vault placement policy P lease see page 45 in the Reference Manual for details of these commands syntax and usage 17 1 1 Configuring the scheduler The 1egion
85. rtificates cannot be extracted and used by an attacker in another message Second the attacker cannot modify the message in any way although he can copy itand replay it Finally the attacker cannot forge a reply message e g the return value for a Legion method call because he cannot access the tags page 30 System Administrator June 20 2001 Legion 1 8 System Administrator Manual Private mode encrypts the entire message Full encryption provides the same features as protected mode as well as privacy in protected mode an attacker can still read the messages going by even if he can t modify or forge them For small messages full encryption is not appreciably slower than protected mode and may even be faster The choice of message security mode is stored in the current implicit parameters These parameters are inherited through call chains so if One object calls another object in private mode the called object will use private mode for any messages it sends on behalf of the original caller There is also a Special implicit parameter for message security thatis notinherited itcan be used to send an encrypted message and receive an unencrypted reply You can use the legion_configure_profile command to change the security mode The basis for all of these security mechanisms is public key encryption The default size for public private keys is now 1024 In addition the keypair len attribute can be set for any class object like
86. s the caller s name or a context containing his name the call will be denied Because resolving groups is somewhattime consuming Mayl caches the results of its lookups This means a user added to a group will not be able to access an object until the objects cache entry for that group expires The default expiration time is five minutes Certificates are another means of granting and obtaining access to an object A certificate consists of a list of methods an optional timeout and an optional class LOID that restricts the certificate to instances of a particular class It is cryptographically signed by a particular object Any object may be given a certificate If an object presents a certificate to another objects Mayl i e includes the certificate in the implicit parameters of the method call Mayl will check that the certificate is properly signed that the method being called is named in the certificate and that the maker of the certificate has the right to grant access to that method This last information is checked in the per method lists maintained by Mayl Mayl also checks the timeout and class information in the certificate Certificates form the base forthe conceptof users in Legion A Legion user is represented by an AuthenticationO bject which supports a log in method The 1egion login utility can be used to obtain a password from an unknown person and then send it to a specified AuthenticationO bject for verification If t
87. s try creating a file as a logged in user the executable testBasicFiles will create a sample one for you You can experiment with permissions and access control System Administrator June 20 2001 Legion 1 8 System Administrator Manual Run legion_get_interface to get the names of methods available on an object The method names follow the output line titled Object Interface Some of the methods are Legion object mandatory functions while others usually listed at the end are particular to objects of thatclass You can cutand paste lines from the output into an implicit parameters file put the names in double quotation marks in the Method definitions Be sure to make your cut be from the real start and end of the line output by legion_get_interface since some method names have leading or trailing tabs and spaces Directing the output of legion_get_interface into a file then editing the file may be helpful If a user s AuthenticationObject is deleted there is no way to regenerate an equivalent AuthenticationObject the user must be re created from scratch The reason is that the private key of the original AuthenticationObject cannot be recovered so the same LOID cannot be used for the object System Administrator page 41 June 20 2001 Legion 1 8 System Administrator Manual Legion system management 9 0 Legion core objects The Legion core object model specifies the composition and functionality of Legion s co
88. s multiple pro cessors and storage Host A Host C space available to your system but Host Host before you start e k O E expanding be aware that Legion hosts and vaults must work in compatible pairs Fig ure 10 right shows two pairs of compati ble host vaults Host Vault Vault A and Vault B can ObjectB ObjectD see each other and Host C and Vault D can see each other All Legion host objects must be paired with at least one compatible vault object in order to carry out Legion processes all Legion objects maintain an OPR ona vault and objects must have access to their inert state in order to function properly Therefore before you add a new host object or vault to your system you must consider any possible compatibility problems An incompatible host object and vault object will not work together HostObjectaA in Figure 10 is compatible with vaultObjectB but not with vaultObjectD while VaultObjectB is not compatible with HostObjectc Figure 10 Compatible host vault pair System Administrator page 49 June 20 2001 Figure 11 Host 2 Common persistent storage system Host 1 Host 3 Vault A Bootstrap Vault Legion 1 8 System Administrator Manual This is not a concern in systems that use a single shared vault e g a networked file system database system tape drive CD ROM etc as in Figure 11 le
89. s to write GGG Cass ete D C home users hosts imps C mpi Y pvm C tmp h 8 Inthis case she could use 1egion update attributes to change users jill s home dir attribute to a different context path For example legion update attributes c users jill r home dir home spw4s home dir home legion update attributes Replaced 1 attributes s in object The next time J ill logs in she will automatically be moved to the home context She can edither home jill legionrc file to remove to 1egion cd command altogether if she prefers in which case she will start at page 36 System Administrator June 20 2001 Legion 1 8 System Administrator Manual The legion_change_permissions command can be used to alter read write and execute object permissions so that other users can use those objects See page 11 in the Basic User Manual 8 3 Creating new users Y ou add users to your system by creating new user ids A user id is an entry in context space that represents an AuthenticationObject see section 8 1 page 35 The user id signifies ownership of all objects that a logged in user creates If you have enabled security you mustbe logged in as admin in order to create new users The 1egion create user command creates new user ids This command is actually a simple wrapper around the legion create user object command see page 66 in the Reference Manua
90. sh and lt basename gt csh respectively OPR OPR dir name gt Specify the OPR directory name that will be set up when the resulting scripts are run This directory will contain the user s local copy of LegionClass config default is lt user gt OPR The user s local version of the directory will be placed in the user s HOME System Administrator June 20 2001 Legion 1 8 System Administrator Manual L lt SLEGION dir name Specify the value of LEGION which is the directory where the resulting scripts are run The defaultis the current value of LEGION debug Catch and print Legion exceptions help Print command syntax and exit System Administrator page 25 June 20 2001 Legion 1 8 System Administrator Manual 4 0 System shutdown Once the system is running Legion can be safely shut down and restarted without a loss of state Creators of user object classes can choose whether or not to maintain the state of their objects A summary of the steps for shutting down is on page 29 4 1 Shutting down an insecure system If you did not enable Legion security issue the shutdown command from the bootstrap host legion shutdown It may take several minutes to shut down the system Be patient and do not try to quit the process with C When completed the entire system with the notable exception of any extra hosts and vaults that were started separately will be deactivated 4 2 Shutting down a secure sys
91. st DNS name Use the N flag to place the new host object in a different context or would assign it a specific context name legion starthost N hosts aNewHost new host DNS name vaults BootstrapVault This assigns the new host object the context name aNewHost the example specifies that the context name be put in the host s context path otherwise it will be put in the current context If the n flag is used the new host object will not be assigned the default DNS name 11 3 1 legion_starthost flags Supported lt flags gt for legion_starthost are L lt SLEGION gt Specify LEGION for the new host default is local LEGION value O lt SLEGION_OPR gt Specify LEGION_OPR for host default is local LEGION OPR value A lt SLEGION_ARCH gt Specify the host s architecture type default is local LEGION ARCH value B path Specify the host binary s basename default is UnixHostO bject N context name gt Specify the hostobject s context name defaultis hosts new host name 9 An alternative procedure using command line utilities is explained in the Reference Manual on page 119 If possible we recommend using the rsh procedure explained here since itis faster and easier page 54 System Administrator June 20 2001 Legion 1 8 System Administrator Manual U lt user id gt Specify a Unix user id for the host default is current Unix user id C host class gt Specify the host cl
92. sthave bin ksh installed in your system There are a number of Legion scripts that will look for ksh and if it is not installed in your system you will get error messages System Administrator page 9 June 20 2001 Legion 1 8 System Administrator Manual Depending on your platform and package you will need a set of GNU tools all available from lt http www gnu org gt The NT 2000 platform doesn tneed any GNU tools Section 2 5 lists tools for untarring binary files 2 4 RSA and OpenSSL Current Legion release use public key cryptography based on the RSA 2 0 algorithm as implemented by OpenSSL You will need to download OpenSSL 0 9 5 or higher from lt http www openssl org gt You ll need to untar configure and compile it Be sure that you set your 0PENSSL INC and OPENSSL LIB variables to the correct directory Suggested values are ksh or sh users export OPENSSL INC OpenSSL installation directory include export OPENSSL LIB OpenSSL installation directory gt lib csh users setenv OPENSSL INC OpenSSL installation directory include setenv OPENSSL LIB OpenSSL installation directory lib 2 5 Downloading binary files page 10 All Legion distribution binaries are compressed tar files created with GNU tar and gzip Using a non gnu tar program may resultin some files names being truncated You can download these tools for free from GNU at lt http www gnu org gt Decide where y
93. t the command will display the contents of LegionDomainCookie domain id Use the i flag to specify a different cookie filename 16 4 4 Connecting domains The 1egion combine domains tool connects Legion domains together into a single larger Legion system Once joined objects in connected domains can communicate with each other as easily as objects in a single domain communicate with each other Usage of this command is legion combine domains help v list of domain cookie files Before you run 1egion combine domain you mustobtain a copy ofthe domain cookie files from all of the domains involved i e if you wish to join a multidomain system you must have copies of all of the domains cookie files In this example two domains are connected together legion combine domains LegionDomainCookie 35d82a07 LegionDomainCookie c8 Created 2 new domain interconnections Note thatthe number of interconnections includes connecting the new domain to each previously linked domain if you added another domain to this group you d make four new interconnections page 76 System Administrator June 20 2001 Legion 1 8 System Administrator Manual 17 0 Resource management A primary motivation in Legion s design is flexibility and transparency programs can be distributed and run on widely distributed resources without the user having to engage in complex time consuming negotiations with individual site administrato
94. t yet been set run the setup c sh script LEGION OPR setup c sh OR Set the following four environment variables and run the legion profile c sh script SLEGION HOME SLEGION OPR SOPENSSL LIB SOPENSSL INC LEGION bin legion profile c sh Login if necessary legion login users user id System Administrator June 20 2001 Legion 1 8 System Administrator Manual 63 Shutdown 1 Run the shutdown command page 26 legion shutdown 2 If security was enabled you ll have to clean up some objects by hand 6 4 Restart If your system shut down successfully 1 Runthe startup command page 27 legion startup 2 Runthe setup c sh script which may be as simple as setup c sh OR Set the following four environment variables and run the legion profile c sh script SLEGION HOME SLEGION OPR SOPENSSL LIB SOPENSSL INC LEGION bin legion profile c sh 3 Login if necessary legion login users user id If your system did not shut down successfully 1 Kil any lingering Legion processes and remove the LEGION OPR directory 2 You must start again from scratch Repeat the steps outlined in section 6 1 above System Administrator page 29 June 20 2001 Legion 1 8 System Administrator Manual Legion security 7 0 About Legion security Legion s security model has two layers shown in Figure 5 The message layer is respon sible for ensuring th
95. tarting and managing jobs on NPACI T3E the virtual host To fill this need there are three scripts that the legion_vrun_run virtual host object can call on the legion_vrun_status physical host to make use of the legion_vrun_kill virtual host legion vrun run host object legion vrun status SDSC Gigan legion vrun kill These scripts and the virtual Bou c od host object are located on the physical host Figure 15 Exam physical host ples of these scripts are in the following location LEGION_HPC src Tools VirtualArchitecture These versions use simple Unix fork exec to demonstrate the required interface To configure the host with its required scripts use the legion_set_vrun command indicating the path at which the physical host can find the scripts Continuing the above example legion set vrun hosts NPACI T3E SLEGION src T3E SDSC System Administrator June 20 2001 Legion 1 8 System Administrator Manual The virtual host can be used normally for native jobs by registering programs for the virtual host s appropriate architecture and running them on the virtual hostobject Only native jobs can be run on a virtual host You can not run remote programs because virtual hosts have no Legion binaries From the user s perspective virtual and physical host objects are indistinguishable For example here we register a program for the T3E and run iton t3e npaci edu
96. tem If you are using a PCD hostas your bootstrap the shutdown process is a bit complicated There is no root user and each user owns his or her own objects Please contact us at lt legion help virginia edu gt if you have any questions aboutthis To shut down a secure system run 1egion shutdown while logged in as admin You may need to clean up after the system by hand i e kill the processes one by one from the command line you can use ps to check that all Legion processes have been killed page 26 System Administrator June 20 2001 Legion 1 8 System Administrator Manual 5 0 System restart Once a system has been safely shut down it can be restarted without repeating the configuration and first time initialization process If the system was not safely shut down you cannot restart it but must start again with the configuration and start up procedure i e run legion_setup_state etc In that case be sure to remove the LEGION_OPR directory and to kill any extraneous Legion processes use ps to check this For a normal system restart check to be sure that environment variables are properly set If necessary run the following ksh or sh users export LEGION HOME Legion root dir path export LEGION OPR Legion OPR root dir path export OPENSSL INC OpenSSL installation directory include export OPENSSL LIB OpenSSL installation directory gt lib SLEGION HOME legion profile sh csh users setenv LEGION HOM
97. the AuthenticationClassO bject and future instantiations of that class object will be created with the keypair_len keysize When an object s LOID is created typically by a class object itis given a newly generated public key pair The public part of the key becomes part of the object s LOID and it can be used by others to encrypt their communications to that object or to verify that received messages were actually generated by the object The private key of the object is never revealed The object s class host and vault all could potentially access it although in the University of Virginia UVa Legion implementation they do not In Legion an object implicitly trusts its class host and vault Because public key encryption is expensive caching is used so that objects engaged in repeated communications can reuse a DES session key These cached keys eventually time out after thirty minutes in the current release and are refreshed 7 2 Mayl layer Though the message layer can protect individual messages it cannot stop an attacker from simply calling the methods of an object The Mayl layer fills this role When an object that has a Mayl layer is called Mayl examines the method call before the method is actually invoked The name of Mayl comes from the idea that the caller is asking May I call this method If the call passes the access control policy being enforced by Mayl it is allowed Otherwise a security exception is retur
98. u can install a daemon with inetd explained below These steps only need to be run once The daemon is able to carry outthe following operations Spawn a given process with a given environment with a given user id This user id must be listed in a file of authorized user ids called PCD readUserFile Killa process The process must be owned by a user listed in the authorized user id file PCD_readUserFile The implementation of this operation currently depends on the proc file system Killall of a given user s processes The user must be listed in the authorized user id file PCD readUserFile Recursively change directory ownership to a given user The user id must be listed in the authorized user id file PCD readUserrF ile If you wish to use a PCD hostobject as your net s BootstrapHost the Legion administrator mustset LEGION HOST BIN PCDUnixHost in his her environment before running 1egion initialize To install the Legion process control daemon on a host perform the following steps while logged in as root System Administrator page 59 June 20 2001 page 60 Legion 1 8 System Administrator Manual Add the following line to your Unix etc services file legion_host 4000 tcp Legion procControlD You need to set values for procControl d This daemon lives on the host when a Legion user wants to start a process on the host the PCD host maps the user s Legion user to a Unix user and passes the information to
99. ures security for the new system s resources It creates access control lists ACLs for all existing core classes and their instances Configuring security for the default collection Creating initial ACLs files for all core objects in home spw4s OPR init acls Creating ACL for class AuthenticationObjectClass class Creating ACL for class BasicFileClass class Creating ACL for class BasicSchedulerClass class Creating ACL for class BatchQueueMetaClass class etc Creating ACLs for instances of class BasicSchedulerClass Creating ACL for 1 399b330d 68000000 01000000 000001fc0b3da560eff6580b 840 3e7a76b4c82beb9b421ce47 465557c914bc4bb3ba85140b 3444091bdf45dca6e50deac309b02d420b631b886619ea276de13 72260b Creating ACLs for instances of class BatchQueueMetaClass Creating ACL for 1 399b330d 73000000 000001fc0cd9a1202afc0753365c8441 c 69ffchcd ccd235c5c72603707b855aaf543dc66327314932286 18948049c13dba35de9727993c1e4abe7467c232cb16c05c831 already done Creating ACLs for instances of class BootstrapMetaClass Creating ACL for 1 3995330d 04 000001 c0e608816a569dbc1d0503434eedcd9 d7cbb97112871 09e32482308466 094531d7b33200753 6be821 a598bb4aa4cbdbd9731592bdc06167c028403f5ab8945 already done feet The access control lists ACLs protect objects against unauthorized use Only an object s creator can use the object unless the creator specifies otherwise The initial ACL files allow only the admin to
100. ut down and restart the system is intended to stay up System Administrator page 15 June 20 2001 3 3 3 Startup page 16 Legion 1 8 System Administrator Manual If you are booting on a PCD host first run LEGION_HOST_BIN PCDUnixHost Then run legion setup state to configure the system This program will return your start up host name a port number for the LegionClass object and a time If you do not want to use the default settings use the i flag to run the command in an interactive mode Y our output will look something like this legion setup state Creating OPR directory home xxx OPR Saving LegionClass configuration file home xxx OPR LegionClass config LegionClass host name your startup host name LegionClass port number 7899 LegionClass timestamp 898198093 The script creates the LEGION OPR directory and several sub directories populating them with initial states for several core system objects The timestamp sets the starting time for the system Legion objects use a timestamp to guarantee each object s unique identity The current time is measured in seconds since J anuary 1 1970 The 1egion startup Script provides prompts asking whether or not to start each component It s best to answer yes to all v The verbose option allows you to see more detailed information as the script works about debugging This can be large amounts of information so use this
101. w user can then log in with 1egion login using the new user id s context path note that you need to include users legion login users jill Password xxxxx On a successful login a credentials file a user read only file is created in the local tmp directory see page 68 in the Reference manual The user will automatically be moved to his or her home context unless the default LegionRC file has been edited user passwords Use 1egion passwd to change passwords You must be logged in as either admin orthe userto change a user password Note that you need to use users user id as the argument legion passwd users jill New Legion password xxxx Retype new password Xxxx Password changed If you are logged in as admin you can change all passwords Otherwise you can only change your own password implicit parameters and ACL information There is a suite of four commands for manipulating implicit parameters and access control information legion_set_implicit_params legion_get_implicit_params legion_set_acl legion_get_acl To set the implicit parameters for a user id run legion_set_implicit_params and specify the user and the file containing the parameters legion set implicit params home lt user_name gt file name System Administrator June 20 2001 Legion 1 8 System Administrator Manual Below is an example implicit parameters file that sets message security and an access c
102. y Creating the context users to contain user objects Creating the initial system admin user object users admin Please select a Legion password for users admin New Legion password xxxx Retype password xxxx 1 399b330d 6 000000 01000000 000001fc0cd Please enter the Legion password for users admin to continue Enter Password xxxx You have successfully logged in First Legion creates a users context This context contains all Legion user ids Since you need a user id to work in a secure system you are automatically assigned a system administrator user id called admin Anyone logged in as admin has root privileges in the system and can create new users modify security settings etc The admin user also has ownership of all existing objects in the new system but not any future objects that other users create You must create a password for admin You ll be asked to enter it three times during the 1egion init security process System Administrator page 19 June 20 2001 page 20 Legion 1 8 System Administrator Manual Once you re logged in Legion gives you ownership of all existing objects in the system Changing ownership of all objects to users admin 1 3622260c 01 000001 c0cbe1846763 895a 1 3622260c 02 000001 c0b3b16eb8b2dde29 etc Changed ownership of 63 objects After this point any new objects created will belong to whoever created them Legion then config
103. ype Queue type See page 66 for more information on adding batch queue hosts There are several other flags and options with this command described on page 42 in the Reference Manual See page 52 in this manual for more information on new hosts If the new host has a new architecture you now need to add implementations of the core objects for the new architecture Log in to the new machine and run the following source path to globally visable setup script setup sh csh legion login users admin run legion login only if you have enabled Legion security legion init arch Repeat these steps for each additional host We suggest that you customize these steps and write a script to simplify the process especially if you need to bring up a big net 3 4 4 Adding new users to a secure net If you have not initialized security there are no user accounts Only admin can add users to a secure net Run the legion create user command with the new user s name We suggestthat you put all users in the users context l e legion create user users new user name New user accounts are available immediately after creation If you are working on a PCD host follow up with these steps G roni anm legion la hosted do legion add host account hosts i unix id users new user name done System Administrator page 23 June 20 2001 Legion 1 8 System Administrator
Download Pdf Manuals
Related Search