DOSAR A/A Testing With OSG Resources

The tables below summarize testing performed by Joe Steele and Patrick McGuigan to determine which OSG resources appear to be using the DOSAR VOMS server and mapping DOSAR members to a local account.  The executive summary is that only three non-DOSAR affiliated resources (all three were at FNAL) appear to support our VO by mapping members in our VOMS server to a DOSAR local account.

Testing stratagem:
A list of OSG resources was gathered from the GridCat monitoring system (project website) used by the OSG to monitor overall system health.  The list of resources was gathered through an automated query using the GridCat Client tools.

Two sets of identical tests were performed against each resource.  The first set was executed by Patrick to test each resource's ability to interact with the ATLAS VO.  The results for these tests are shown under the "ATLAS Tests" heading in the tables below.   The ATLAS VO was chosen because the necessary setup for supporting ATLAS is part of the OSG installation instructions.  The second set of tests was performed by Joe and are shown under the "DOSAR Tests" heading in the tables below.  Joe's grid certificate is "special" in that it is listed only in the DOSAR VOMS server.  His certificate allows for excellent testing of non-DOSAR affiliated resources. 


There are three tests performed within each set.  The first test, labeled Port in the tables, attempts to create a TCP connection to the default gatekeeper port (2119).  If this test succeeds, it assumed that the resource is running the Globus gatekeeper service and second test is performed.  The second test, labeled Ping, attempts to perform a Globus authorization ping against the default jobmanager at the gatekeeper service.  The test is exactly:

    $ globusrun -a -r <resource>

If the Ping test succeeds, the tester is authorized to use the remote resource and a final test, labeled User, is performed to determine which account the tester's certificate is mapped to at the remote resource.  This test is:

    $ globusrun -o -r <resource>:2119/jobmanager "&(executable=/usr/bin/whoami)"

If this test succeeds the returned output is the name of the account and appears in the table.


The results of the testing are presented in the following four tables.  The first table shows resources where Joe's certificate is mapped to a local account.  The second tables shows resources that appear to support ATLAS but do not yet support DOSAR.  The third table shows resources that appear to support a gatekeeper but do not support ATLAS or DOSAR.  The final table lists resources that do not appear to support a gatekeeper service.




Table 1. Resources supporting DOSAR

DOSAR Tests
          
ATLAS Tests
Remote Host Port
 Ping User
Port
 Ping User
fngp-osg.fnal.gov OK OK dosar
OK OK usatlas1
fermigrid1.fnal.gov OK OK dosar
OK OK usatlas1
cmsosgce.fnal.gov OK OK dosar
OK OK FAIL
ouhep1.nhn.ou.edu OK OK samgrid
OK OK usatlas1
atlas.dpcc.uta.edu OK OK dosar
OK OK usatlas1
boomer2.oscer.ou.edu OK OK samgrid
OK OK usatlas1
prod-frontend.hepgrid.uerj.br OK OK dzero
OK FAIL N/A
Notes:
1) Three FNAL resources appear to support DOSAR users with our own account.
2) OU and SPRACE resources map Joe's certificate, but it is unkown if they are using the VOMS server for doing this.
3) OU and SPRACE appear to map Joe's certificate to a D0 account for SAMGrid use.


Table 2. Resource supporting ATLAS but not DOSAR

DOSAR Tests
          
ATLAS Tests
Remote Host Port
 Ping User
Port
 Ping User
grid.physics.purdue.edu OK FAIL N/A
OK OK FAIL
osg.rcac.purdue.edu OK FAIL N/A
OK OK FAIL
tier2b.cacr.caltech.edu OK FAIL N/A
OK OK usatlas1
acdc.ccr.buffalo.edu OK FAIL N/A
OK OK usatlas1
t2cms02.sdsc.edu OK FAIL N/A
OK OK usatlas1
u2-grid.ccr.buffalo.edu OK FAIL N/A
OK OK FAIL
atlas.iu.edu OK FAIL N/A
OK OK usatlas1
grid3.aset.psu.edu OK FAIL N/A
OK OK usatlas1
nest.phys.uwm.edu OK FAIL N/A
OK OK FAIL
osgserv01.slac.stanford.edu OK FAIL N/A
OK OK FAIL
tam01.fnal.gov OK FAIL N/A
OK OK usatlas1
agt.bu.edu OK FAIL N/A
OK OK usatlas1
antaeus.hpcc.ttu.edu OK FAIL N/A
OK OK usatlas1
mama.ccr.buffalo.edu OK FAIL N/A
OK OK usatlas1
tp-osg.uchicago.edu OK FAIL N/A
OK OK usatlas1
ufloridapg.phys.ufl.edu OK FAIL N/A
OK OK FAIL
cmsgrid02.hep.wisc.edu OK FAIL N/A
OK OK osg_usatlas1
hercules.hamptonu.edu OK FAIL N/A
OK OK usatlas1
tier2-osg.uchicago.edu OK FAIL N/A
OK OK FAIL
red.unl.edu OK FAIL N/A
OK OK usatlas1
quux.fnal.gov OK FAIL N/A
OK OK usatlas1
cluster28.knu.ac.kr OK FAIL N/A
OK OK usatlas1
Notes:
1) These resources authenticate Patrick's certificate but not Joe's
2) There were some failures retrieving the account mapping; this appears to be problem with the tests rather than a problem with the AA infrastructure.
3) These resources should be considered the high priority targets of our efforts


Table 3.  Resources not supporting ATLAS nor DOSAR

DOSAR Tests
          
ATLAS Tests
Remote Host Port
 Ping User
Port
 Ping User
osgc01.grid.sinica.edu.tw OK FAIL N/A
OK FAIL N/A
pdsfgrid2.nersc.gov OK FAIL N/A
OK FAIL N/A
rtgrid1.its.uiowa.edu OK FAIL N/A
OK FAIL N/A
gridgk02.racf.bnl.gov OK FAIL N/A
OK FAIL N/A
gridgk01.racf.bnl.gov OK FAIL N/A
OK FAIL N/A
stars.if.usp.br FAIL N/A N/A
OK FAIL N/A
grid.rit.albany.edu OK FAIL N/A
OK FAIL N/A
milta.alliance.unm.edu OK FAIL N/A
OK FAIL N/A
rommel.cs.binghamton.edu OK FAIL N/A
OK FAIL N/A
bandera.tacc.utexas.edu OK FAIL N/A
OK FAIL N/A
thpc-1.unl.edu OK FAIL N/A
OK FAIL N/A
spgrid.if.usp.br FAIL N/A N/A
OK FAIL N/A
rhic23.physics.wayne.edu OK FAIL N/A
OK FAIL N/A
pbs-01.grid.dartmouth.edu OK FAIL N/A
OK FAIL N/A
Notes:
1) These may be sites that are using the OSG infrastructure but only supporting a narrow set of VO's



Table 4.  Resources with out a gatekeeper service

DOSAR Tests
          
ATLAS Tests
Remote Host Port
 Ping User
Port
 Ping User
cmssrm.fnal.gov FAIL N/A N/A
FAIL N/A N/A
vampire.accre.vanderbilt.edu FAIL N/A N/A
FAIL N/A N/A
grid1.phys.ntu.edu.tw FAIL N/A N/A
FAIL N/A N/A
dcache.rcac.purdue.edu FAIL N/A N/A
FAIL N/A N/A
cmssrm.hep.wisc.edu FAIL N/A N/A
FAIL N/A N/A
t2data2.sdsc.edu FAIL N/A N/A
FAIL N/A N/A
fiupg.ampath.net OK FAIL N/A
FAIL N/A N/A
dcsrm.usatlas.bnl.gov FAIL N/A N/A
FAIL N/A N/A
Notes:
1) These resources are either dead or supporting services other than a gatekeeper.