CSC Yearly Team Meeting

yalechurlishΤεχνίτη Νοημοσύνη και Ρομποτική

7 Νοε 2013 (πριν από 3 χρόνια και 11 μήνες)

84 εμφανίσεις

CSC Yearly Team Meeting
2012 Edition
Sébastien Varrette, PhD
Luxembourg, November 23th, 2012
vendredi 23 novembre 12
Mini-CV
32 years old, married (2004), 2 children (2007,2010)
2003: Master’s degree
(Telecom department ENSIMAG)
2003: Master’s degree
(Cryptology, Security and Information Coding)
2007: PhD in computer science
(UL/INPG)
Now Research associate (permanent position)
2
Security in Large Scale Distributed Systems:
Authentication and Result Checking.
vendredi 23 novembre 12

http://gforge.uni.lu
Gforge@uni.lu
System administration
3
201
hosted projects
260
registered users
Collaboration tool (svn,
git
, www ...)
Incoming: Redmine, Gitlab etc...
http://im.csc.uni.lu
/Jabber
Etherpad
Backup
(incoming)
/OwnCloud

VMs deployment / management
(www, etc.)
vendredi 23 novembre 12
UL HPC Platform
http://hpc.uni.lu
2 geographical sites
3 clusters:
184 nodes,
2320
cores (
20.4 TFlops
)
691TB
storage
3 system administrators
4M€ Hardware investment so far
Open-Source software stack
SSH, OpenLDAP, Puppet, FAI
4
vendredi 23 novembre 12
5
UL HPC Platform
http://hpc.uni.lu
vendredi 23 novembre 12
6
UL HPC Platform
http://hpc.uni.lu
Adminfront
Fast l ocal i nterconnect
(Infini band, 10GbE)
Site access server
Si te <si tename>
1 GbE
Other Clusters
network
Local Institution
Network
10 GbE
10 GbE
1 GbE
Cluster A
NFS and/or Lustre
Disk Enclosure
Site Shared Storage Area
Puppet
OAR
Kadeploy
supervision
etc...
Site Computing Nodes
Cluster B
Si te router
vendredi 23 novembre 12
UL HPC 2012 Achievments
UL HPC new aquisitions
+931,693€, +51 nodes (792 cores), +3 disk encl. (180TB)
Puppet Infrastructure Consolidation
“Configuration management made easy”
Automate service deployment / sysadmin duties
declarative language (manifests), client/server model
Git based workflow + Rakefile + Capistrano
Hierachical PKI now in place, 52 modules
7
vendredi 23 novembre 12
8
XMLRPC / REST
over SSL
UL HPC Platform
LCSB site (Belval)
(transmart) puppet agent
Files
testing
devel
production
Puppet Master LCSB
(kali) puppet agent
(lcsb-portal) puppet agent
CA
12 hosts
Puppet master
Puppet Infrastructure
Managed hosts:
70
(+26
Grid'5000 Luxembourg
)
gaia cluster (Belval)
(nfs) puppet agent
Files
testing
devel
production
Puppet Master chaos cluster
(adminfront) puppet agent
(mds1) puppet agent
CA
18 hosts
Puppet master
Computing nodes (73)
FAI Infrastructure
Managed computing nodes:
146 (1952 cores)
(+48

(368 cores)
Grid'5000 Luxembourg
)
CSC site (Kirchberg)
Files
testing
Puppet master
devel
production
Puppet Master CSC
(shiva) puppet agent
(gforge) puppet agent
29 hosts
(urt) puppet agent
CA
chaos cluster (Kirchberg)
Files
testing
devel
production
Puppet Master chaos cluster
(adminfront) puppet agent
(dhcp) puppet agent
11 hosts
(urt) puppet agent
CA
puppet.uni.lux
Files
testing
devel
production
Modules/Manifests
Root CA
Puppet (Root) CA
Environments
Puppet master
Puppet master
Computing nodes (73)
TOTAL resources managed
96
servers
184
computing nodes (
2320 cores
)
691 TB
shared stoage (NFS / Lustre)
vendredi 23 novembre 12
Puppet Deployment (Demo)
List managed nodes by dom0
$ cap conf:list:by:dom0
Create a fresh new Xen DomU (
demo-csc.uni.lux
)

# xm list on puppetmaster
$ aquamacs manifests/sites/CSC/puppetmaster.uni.lux.pp
$ cap puppet:deploy:testing HOST=puppetmaster
[149s]
Create the new host configuration and bootstrap Puppet

$ cap site:host:add
$ ssh demo-csc
$ cap site:host:collect:hardware HOST=demo-csc
$ cap site:host:generate:puppet_manifest
$ aquamacs manifests/sites/CSC/demo-csc.uni.lux.pp
$ cap puppet:bootstrap HOST=demo-csc
9
vendredi 23 novembre 12
Sign the certificate request on Puppet (Root) CA

$ sudo puppet cert --list
$ sudo puppet cert --sign “demo-csc.uni.lux”
Deploy the new VM

$ cap puppet:deploy:testing HOST=demo-csc
[135s]

$ ssh demo-csc
Test a new feature on a snapshot (Ex: Apache/MySQL)

$ cap xen:domU:snapshot:create HOST=demo-csc
$ ssh demo-csc
$ aquamacs manifests/sites/CSC/demo-csc.uni.lux.pp
$ cap puppet:deploy:testing HOST=demo-csc
[103s]

$ cap xen:domU:snapshot:destroy HOST=demo-csc
10
Puppet Deployment (Demo)
vendredi 23 novembre 12
Sign the certificate request on Puppet (Root) CA

$ sudo puppet cert --list
$ sudo puppet cert --sign “demo-csc.uni.lux”
Deploy the new VM

$ cap puppet:deploy:testing HOST=demo-csc
[135s]

$ ssh demo-csc
Test a new feature on a snapshot (Ex: Apache/MySQL)

$ cap xen:domU:snapshot:create HOST=demo-csc
$ ssh demo-csc
$ aquamacs manifests/sites/CSC/demo-csc.uni.lux.pp
$ cap puppet:deploy:testing HOST=demo-csc
[103s]

$ cap xen:domU:snapshot:destroy HOST=demo-csc
10
Total bootstrap time: ≈ ±6 min
Puppet Deployment (Demo)
vendredi 23 novembre 12
Cloud/Software security
TPM-based protocol to assert Cloud resources integrity
protocol validation via reference validator AVISPA / Scyther
Application to IaaS (... and signature scheme above)
cf Ben’s talk
Nature-inspired Code obfuscation
shadobf: MOEA PIPS-based (src-to-src compiler) C obfuscator
jshadobf: MOEA javascript obfuscator
cf Ben’s talk
11
[ComPas’13]
S. Martinez and B. Bertholon and S. Varrette and P. Bouvry. Optimisation d'obfuscation de code source au moyen
d’algorithmes évolutionnaires multi-objectifs (Poster). Grenoble, France, Jan. 2013
[SCAM’13]
B. Bertholon and S. Varrette and P. Bouvry. JSHADOBF: A Javascript Obfuscator based on
Multi-objective Optimization. IEEE Intl Conf on Source Code Analysis and Manipulation Algorithms (SCAM).
To submit.
[TSI’12]
B. Bertholon, S. Varrette, and P. Bouvry. CertiCloud: une plate-forme Cloud IaaS sécurisée. Journal Technique et Science
informatiques (TSI), vol 2592:30
vendredi 23 novembre 12
Fault Tolerance:
EAs vs cheaters
Nature inspired ABFT for Volunteer computations
[distributed] Evolutionary Algorithms
proved
convergence of dEAs despite cheaters
under some special hypothesis
proved
non-convergence of dEAs despite cheaters
under some special hypothesis

Cf Jakub’s talk
12
[CAMWA’12]
J. Muszyński, S. Varrette, P. Bouvry, F. Seredyński, and S. U. Khan. Convergence Analysis of
Evolutionary Algorithms in the Presence of Crash-Faults and Cheaters. Intl. Journal. of Computers and
Mathematics with Applications (CAMWA), may 2012.
[META’12]
J. Muszyński, S. Varrette, J. L. Jimenez Laredo, B. Dorronsoro, and P. Bouvry. Convergence of
Distributed Cellular Evolutionary Algorithms in Presence of Crash Faults and Cheaters. In META’12, Sousse,
Tunisia, Oct. 27–31 2012.
vendredi 23 novembre 12
Crypto / Security
MOEA GEP-based for hash function generation
Critical infrastructure security analysis
CI security modeling & dependencies / risk analysis
Concrete case study: Grid‘5000 vs Network backbone provider
cf Thomas talk
13
[CSS’12]
S. Varrette, J. Muszyński, and P. Bouvry. Hash function generation by means of Gene Expression Programming. In Proc. of
Intl. Conf. on Cryptography and Security System (CSS’12), Kazimierz Dolny, Poland, Sept 2012. Annales UMCS ser. Informatica
[IJSSE’12]
F. Caldeira, T. Schaberreiter, S. Varrette, E. Monteiro, P. Simoes, D Khadraoui, and P. Bouvry. Trust Based Interdependency
Weighting for On-line Risk Monitoring in Interdependent Critical Infrastructures. Intl. Journal of Secure Software Engineering (IJSSE),
2012. To appear.
vendredi 23 novembre 12
Cloud / HPC performance
evaluation
Hypervisor / Cloud middleware benchmarking
from an HPC point of view
green and FT aspects (with Mateusz, Fred, Xav etc.)
in progress
Green evaluation of novel architectures
2 ARM box incoming (48 nodes, 192 cores, 2U, 300W)
Energy-aware benchmarking / evaluation (with Fred)
in progress
14
vendredi 23 novembre 12
To Co nclude
Welcome on board for newcomers
Call for contribution
: PhD survival guide
15
teambouvry/talks/phd_survival_guide
SVN (gforge):
vendredi 23 novembre 12