Running ALICE Grid Jobs in Containers: A new approach to job execution for the next generation ALICE Grid framework
Storetvedt, Maksim Melnik; Betev, Latchezar; Helstrup, Håvard; Hetland, Kristin Fanebust; Kileng, Bjarte
Peer reviewed, Journal article
Published version
Permanent lenke
https://hdl.handle.net/11250/2738113Utgivelsesdato
2020Metadata
Vis full innførselSamlinger
Originalversjon
Storetvedt, M., Betev, L., Helstrup, H., Fanebust Hetland, K., & Kileng, B. (2020). Running ALICE Grid Jobs in Containers: A new approach to job execution for the next generation ALICE Grid framework. EPJ Web of Conferences, 245. 10.1051/epjconf/202024507052Sammendrag
The new JAliEn (Java ALICE Environment) middleware is a Grid framework designed to satisfy the needs of the ALICE experiment for the LHC Run 3, such as providing a high-performance and high-scalability service to cope with the increased volumes of collected data. This new framework also introduces a split, two-layered job pilot, creating a new approach to how jobs are handled and executed within the Grid. Each layer runs on a separate JVM, with a separate authentication token, allowing for a finer control of permissions and improved isolation of the payload. Having these separate layers also allows for the execution of job payloads within containers. This allows for the further strengthening of isolation and creates a cohesive environment across computing sites, while avoiding the resource overhead associated with traditional virtualisation.
This contribution presents the architecture of the new split job pilot found in JAliEn, and the methods used to achieve the execution of Grid jobs while maintaining reliable communication between layers. Specifically, how this is achieved despite the possibility of a layer being run in a separate container, while retaining isolation and mitigating possible security risks. Furthermore, we discuss how the implementation remains agnostic to the choice of container platform, allowing it to run within popular platforms such as Singularity and Docker.