ACasajus Universitat de Barcelona MSapunov CPPM Marseille On behalf of the LHCb DIRAC Team Outline Goals and features Framework description Architecture Security Querying the DIRAC services ID: 497675
Download Presentation The PPT/PDF document "DIRAC Web User Interface" is the property of its rightful owner. Permission is granted to download and print the materials on this web site for personal, non-commercial use only, and to display it on your personal computer provided you do not modify the materials and that you retain all copyright notices contained in the materials. By downloading content from our website, you accept the terms of this agreement.
Slide1
DIRAC Web User Interface
A.Casajus
(
Universitat
de Barcelona)
M.Sapunov
(CPPM Marseille)
On behalf of the
LHCb
DIRAC TeamSlide2
Outline
Goals and featuresFramework descriptionArchitecture
Security
Querying the DIRAC services
Web pages examplesMonitoring pagesSite mapCurrent limitations Conclusions
CHEP 2009, Prague
2Slide3
Why a web interface?
DIRAC is a distributed data production and analysis system for the LHCb
experiment
Users need to interact with DIRAC
Usual solution is command-line or Desktop GUIsThe web provides an interface with lots of benefitsOperative system independent
Minimal requirements (browser, internet)Familiar to users
CHEP 2009, Prague
3Slide4
CHEP 2009, Prague
4
Required features
Provide a user friendly interface with DIRAC
DIRAC users are organized in groups based on privileges
The web interface has to react to the user’s group
Really different profiles like production manager, administrator, analysis user…
Apply authentication and authorization rules to user requests
Secure interface based on grid certificates
Not only an information display but a full interactive web application
Take advantage of modern web technologies
Mimic a desktop applicationSlide5
DIRAC Web Portal
CHEP 2009, Prague
5Slide6
Internals
Each user action triggers a AJAX call to the web serverEach web page is mapped to a Python function
Web pages interact with DIRAC using DISET (
DIRAC’s
secure communication framework)JavaScript is used to create a environment that behaves as a normal application.
CHEP 2009, Prague
6Slide7
Architecture
Apache and mod_ssl provide the web server, secure connections and authentication mechanism
DIRAC’s
web user interface uses Pylons as the web framework
mod_python is the bridge to execute Pylons under ApacheTo give a consistent “look and feel” to the web pages, we use ExtJS
as the javascript widget library
CHEP 2009, Prague
7Slide8
Authorization and authentication
DIRAC’s web interface allows secure and insecure connections
Insecure connections are only allowed to access general information pages
Users have to load their certificates in the web browser to access the sensitive parts of the web
Once the user has been authenticated, the same authorization mechanism DIRAC uses is applied.Users can belong to more than one group. The web interface allows to select which group is the active for the session.
CHEP 2009, Prague
8Slide9
Authorization and authentication
Different groups have different privileges, and that is reflected on the web pagesEach group can perform different actions
CHEP 2009,
Prague
9
User
AdministratorSlide10
Service queries
Typically when a user requests a web page, triggers a query to a DIRAC service.
CHEP 2009, Prague
10Slide11
Service queries
Service queries can be originated by:The web interface itself in case the connecting user is anonymous (insecure connection)
The connecting user if it’s a secure connection
Services need to know who is requesting a query so they can apply their authorization rules and modify their behavior accordingly
In case the query was originated by the user, the web server has to forward the user credentials to the services
How to do that? (next slide)
CHEP 2009, Prague
11Slide12
Forwarding credentials
Use DIRAC’s
ProxyManager
to retrieve a user’s proxy and use it to contact the final service
Pros:Cannot “invent” credentialsCons:Users that don’t have a valid proxy in DIRAC can’t use the web
Need to keep proxies as long as the real certificate for all user/group combinationConnect to the service using the web service credentials and “tell” the service who the user is
Pros:
Users don’t need to do anything
Works automatically for all registered users
Cons:
Can “invent” any credential. If the web certificate gets stolen…
Both solutions are implemented but the second one is currently being used
CHEP 2009,
Prague
12Slide13
Interface example
CHEP 2009,
Prague
13Slide14
Interface example
selections
main menu
buttons to open/collapse panels
buttons to submit or reset the form
menu to change
DIRAC setup
actions to perform for job(s)
current location
refresh table
certificate DN
DIRAC Group
pagination controls
items per page
Total amount of items
CHEP 2009,
Prague
14Slide15
Monitoring pages
Monitoring pages allows users to:Display all available information from objects. They can be user jobs, productions, data transfer requests…
Easy access to information associated with an object (e.g. user jobs):
JDL
AttributesHistoryPeek output of jobs while runningAccess logs:
Log files (if any)Standard output and standard error of the pilot that executed the job (if it is accessible)Perform actions on an item or on a group:
Reschedule
Kill
Delete
CHEP 2009, Prague
15Slide16
Site Map
CHEP 2009, Prague
16Slide17
Known limitations
There are several known limitations:Require a modern browser with JavaScript enabled
DIRAC web portal doesn’t work properly in all browsers.
Almost every browser has a different
Javascript engine and different debugging tools (if any)Due to the pages being completely dynamic, display of big tables (100+ rows) can take time
Specially in old hardwareDIRAC portal is not yet optimized and initial loading can take time
CHEP 2009, Prague
17Slide18
Conclusions
The web interface allows users to easily interact with DIRAC in a secure way
Desktop application behavior without extra software installation
Web pages are aware of groups and react to them
Actions are only allowed following the authorization rulesSame mechanism as the DIRAC Services
Smooth learning curve for new users
CHEP 2009, Prague
18