ProActive Resource Manager is a client/server application where each part can be described as follows:

The resource manager has a set of properties that can be changed regarding to your computing infrastructure and your needs. These properties are set in settings.ini in the config/rm directory:

You can define these variables either in settings.ini in the config/rm directory or in the the java command line using the -D option (ex: java -Dpa.rm.node.source.ping.frequency=45000 ...). Such a property can be added in the provided scripts (rm-start[.bat] for example).

As presented before, clients of the resource manager are authenticated at connection time by providing their credentials incapsulating encripted login and a password.

4.1.2.1. KeyPair authentication

Regardless of which method is actually used to perform the authentication, credentials need to be passed from the client to the Resource Manager, through the network. The data will be encrypted with an AES symmetric secret key to allow unlimited credentials size, and the AES key itself will be encrypted with an RSA keypair.

Figure 4.1. Credentials encryption

The Keypair can be generated with the key-gen[.bat] script:

bin/unix $ ./key-gen -p $HOME/.proactive/priv.key -P $HOME/.proactive/pub.key

Accordingly, the Resource Manager configuration must be set so that, when started:

• pa.rm.auth.privkey.path=$HOME/.proactive/priv.key

• pa.rm.auth.pubkey.path=$HOME/.proactive/pub.key

Although no encryption should be performed on server side, the public key should be known from the Resource Manager: indeed, a client can request the public key to the Resource Manager so that it may encrypt its credentials to perform authentication. This method does not require the Resource Manager's administrator to manually propagate public keys to all its users. Users can encrypt their credentials with the create-cred[.bat] script. See Section 4.4.1, “Start and stop the resource manager” for client-side configuration.

#Property that defines the method that has to be used for logging users to the Resource Manager
#It can be one of the following values:
#    - "RMFileLoginMethod" to use file login and group management
#    - "RMLDAPLoginMethod" to use LDAP login management
pa.rm.authentication.loginMethod=RMFileLoginMethod
                

# EXAMPLE of user entry
#
# dn: cn=jdoe,dc=example,dc=com
# cn: jdoe
# firstName: John
# lastName: Doe
# objectClass: inetOrgPerson

# EXAMPLE of group entry
#
# dn: cn=mygroup,dc=example,dc=com
# cn: mygroup
# firstName: John
# lastName: Doe
# uniqueMember: cn=djoe,dc=example,dc=com
# objectClass: groupOfUniqueNames

keytool -import -alias myAlias -file myCertificate -keystore myKeyStore

keytool -import -alias myAlias -file myPublicKey -keystore myTrustStore

All users authenticated in the resource manager have they own role according to granted permissions. In the resource manager, we use standard Java Authentication and Authorization Service (JAAS) to address these needs. Security support on the method call level is provided by ProActive programming. This mechanism will not be discussed here and is described in details in the ProActive Programming documentation.

On the resource manager, level permissions allow to:

Users are organized in groups and after authentication each of them has a single UserPrincipal and some GroupPrincipals (may not have them). Using this principals, the permissions are granted in the security policy file, like the following:

grant principal org.ow2.proactive.authentication.principals.UserNamePrincipal "john" {
    permission org.ow2.proactive.permissions.MethodCallPermission "org.ow2.proactive.resourcemanager.core.RMCore.getAtMostNodes";
    permission org.ow2.proactive.permissions.MethodCallPermission "org.ow2.proactive.resourcemanager.core.RMCore.releaseNodes";
};
    

This means that user "john" can request nodes for computations and release them. It cannot perform any administrative actions (they have to be listed explicitly).

Permissions could be granted to groups and in this case will be applicable to all group members. For example, we may define a group of users who provides computing resourses. We allow them to call add/remove nodes methods, so that they will be able to add their nodes to the resource manager.

grant principal org.ow2.proactive.authentication.principals.GroupNamePrincipal "providers" {
    permission org.ow2.proactive.permissions.MethodCallPermission "org.ow2.proactive.resourcemanager.core.RMCore.getAtMostNodes";
    permission org.ow2.proactive.permissions.MethodCallPermission "org.ow2.proactive.resourcemanager.core.RMCore.getExactlyNodes";
    permission org.ow2.proactive.permissions.MethodCallPermission "org.ow2.proactive.resourcemanager.core.RMCore.releaseNode";
    permission org.ow2.proactive.permissions.MethodCallPermission "org.ow2.proactive.resourcemanager.core.RMCore.releaseNodes";

    permission org.ow2.proactive.permissions.MethodCallPermission "org.ow2.proactive.resourcemanager.core.RMCore.addNode";
    permission org.ow2.proactive.permissions.MethodCallPermission "org.ow2.proactive.resourcemanager.core.RMCore.removeNode";

    permission org.ow2.proactive.permissions.MethodCallPermission "org.ow2.proactive.resourcemanager.core.RMCore.getNodesList";
    permission org.ow2.proactive.permissions.MethodCallPermission "org.ow2.proactive.resourcemanager.core.RMCore.getNodeSourcesList";
    permission org.ow2.proactive.permissions.MethodCallPermission "org.ow2.proactive.resourcemanager.core.RMCore.getFreeNodesNumber";
    permission org.ow2.proactive.permissions.MethodCallPermission "org.ow2.proactive.resourcemanager.core.RMCore.getTotalNodesNumber";
    permission org.ow2.proactive.permissions.MethodCallPermission "org.ow2.proactive.resourcemanager.core.RMCore.getTotalAliveNodesNumber";
    permission org.ow2.proactive.permissions.MethodCallPermission "org.ow2.proactive.resourcemanager.core.RMCore.getRMState";
    permission org.ow2.proactive.permissions.MethodCallPermission "org.ow2.proactive.resourcemanager.core.RMCore.getState";
    permission org.ow2.proactive.permissions.MethodCallPermission "org.ow2.proactive.resourcemanager.core.RMCore.isActive";
    permission org.ow2.proactive.permissions.MethodCallPermission "org.ow2.proactive.resourcemanager.core.RMCore.isAlive";
    permission org.ow2.proactive.permissions.MethodCallPermission "org.ow2.proactive.resourcemanager.core.RMCore.getMonitoring";

    permission org.ow2.proactive.permissions.MethodCallPermission "org.ow2.proactive.resourcemanager.core.RMCore.disconnect";
};
    

But having the permission of add/remove method call is not enough to actually add nodes. As all the nodes in the resource manager are organized in node sources user has to have the node source administration permission. This permission cannot be granted in java security policy file and defines at node source creation time by specifying which group or user will use nodes from this source and administrate them.

There is a permission which authorized to perform any actions. For this needs, we have implemented custom org.ow2.proactive.permissions.AllPermission to seperate an absulute freedom inside the resource manager from JVM. The following is the usage of this permission in group of administrators:

grant principal org.ow2.proactive.authentication.principals.GroupNamePrincipal "admin" {
    permission org.ow2.proactive.permissions.AllPermission;
};
    

The longest security check is at the moment of removing node. Here we verify that the user

In order to use JMX monotoring interface, the standart javax.management.MBeanPermission has to be granted. Through JMX, we expose an account data as well and for non-admin users we show them only their accounts

grant principal org.ow2.proactive.authentication.principals.GroupNamePrincipal "user" {
    ...
    // AuthPermission is requires for those who would like to access any mbean
    permission javax.security.auth.AuthPermission "getSubject";
    permission javax.management.MBeanPermission "-#-[-]", "queryNames";
    permission javax.management.MBeanPermission "javax.management.MBeanServerDelegate#-[JMImplementation:type=MBeanServerDelegate]", "addNotificationListener";
    permission javax.management.MBeanPermission "org.ow2.proactive.scheduler.core.jmx.mbean.MyAccountMBeanImpl#*[*:*]", "*";
    permission javax.management.MBeanPermission "org.ow2.proactive.resourcemanager.core.jmx.mbean.MyAccountMBeanImpl#*[*:*]", "*";
    permission javax.management.MBeanPermission "org.ow2.proactive.resourcemanager.core.jmx.mbean.RuntimeDataMBeanImpl#*[*:*]", "*";
    ...
};
    

The default java security file used with the resource manager is located in config directory $RM_HOME/config/security.java.policy-server.

To start the resource manager, run the rm-start[.bat] or rm-start-clean[.bat] script in bin/[os]/ directory. The second script drops all the data from data base used to store the history of RM. When launching the resource manager, it is possible to specify few arguments:

rm-client[.bat], in bin/[os] directory, provides a way to connect to the resource manager and manipulate it in command line mode. This scrips supports a bunch of options:

$RM_HOME/bin/unix$ rm-client -h

usage: rm-client [-a <node URLs> | -cn <names> | -d <node URLs> | -ln | -lns | -ma | -ni <nodeURL> | -r <names> | -rp | -s | -stats | -t | -ua <username>] [-c
       <arg>]   [-env <filePath>] [-f] [-g] [-h] [-i <params>] [-l <login>]     [-ns <nodes URLs>] [-p <params>]    [-sf <filePath arg1=val1 arg2=val2 ...>]   [-u
       <rmURL>]
 -a,--addnodes <node URLs>                         <ctl> Add nodes by their URLs
 -c,--credentials <arg>                            Path to the credentials (/home/jlscheef/.proactive/security/creds.enc).
 -cn,--createns <names>                            <ctl> Create new node sources
 -d,--removenodes <node URLs>                      <ctl> Remove nodes by their URLs
 -env,--environment <filePath>                     Execute the given script and go into interactive mode
 -f,--force                                        <ctl> Do not wait for busy nodes to be freed before nodes removal, node source removal and shutdown actions
                                                   (-d, -r and -s)
 -g,--gui                                          Start the console in a graphical view
 -h,--help                                         Display this help
 -i,--infrastructure <params>                      Specify an infrastructure when node source is created
 -l,--login <login>                                The username to join the Resource Manager
 -ln,--listnodes                                   <ctl> List nodes handled by Resource Manager. Display is : NODESOURCE HOSTNAME STATE NODE_URL
 -lns,--listns                                     <ctl> List node sources on Resource Manager. Display is : NODESOURCE TYPE
 -ma,--myaccount                                   <ctl> Display current user account informations
 -ni,--nodeinfo <nodeURL>                          <ctl> Display node information
 -ns,--nodesource <nodes URLs>                     <ctl> Specify an existing node source name for adding nodes
 -p,--policy <params>                              Specify a policy when node source is created
 -r,--removens <names>                             <ctl> Remove given node sources
 -rp,--reloadpermissions                           <ctl> Reload the permission file
 -s,--shutdown                                     <ctl> Shutdown Resource Manager
 -sf,--script <filePath arg1=val1 arg2=val2 ...>   <ctl> Execute the given javascript file with optional arguments.
 -stats,--statistics                               <ctl> Display some statistics about the Resource Manager
 -t,--topology                                     <ctl> Displays nodes topology.
 -u,--rmURL <rmURL>                                The Resource manager URL (default rmi://localhost:1099/)
 -ua,--useraccount <username>                      <ctl> Display account information by username

NOTE : if no <ctl>  command is specified, the controller will start in interactive mode.

When new node source is created custom infrastructure or policy can be specified:

$RM_HOME/bin/unix$ rm-client -l admin -cn myns -infrastructure

Available node source infrastructures:
Name: Local Infrastructure
Description: Deploys nodes on Resource Manager's machine
Class name: org.ow2.proactive.resourcemanager.nodesource.infrastructure.LocalInfrastructure
Parameters: <class name> rmUrl[rmi://slave1:2007/] credentials maxNodes[4] nodeTimeout[5000] paProperties

Name: CLI Infrastructure
Description: Creates remote runtimes using custom scripts
Class name: org.ow2.proactive.resourcemanager.nodesource.infrastructure.CLIInfrastructure
Parameters: <class name> rmUrl[rmi://slave1:2007/] interpreter[bash] deploymentScript removalScript hostsList nodeTimeOut[60000] maxDeploymentFailure[5]

Name: Default Infrastructure Manager
Description: Default infrastructure
Class name: org.ow2.proactive.resourcemanager.nodesource.infrastructure.DefaultInfrastructureManager
Parameters: <class name> rmUrl[rmi://slave1:2007/]

Name: SSH Infrastructure
Description: Creates remote runtimes using SSH
Class name: org.ow2.proactive.resourcemanager.nodesource.infrastructure.SSHInfrastructure
Parameters: <class name> rmUrl[rmi://slave1:2007/] sshOptions javaPath[jdk/bin/java] schedulingPath[SCHEDULER_HOME] nodeTimeOut[60000] maxDeploymentFailure[5] targetOs[Linux] javaOptions rmCredentialsPath hostsList

Name: Generic Batch Job Infrastructure
Description: Acquires nodes from a GENERIC resource manager.
Class name: org.ow2.proactive.resourcemanager.nodesource.infrastructure.GenericBatchJobInfrastructure
Parameters: <class name> rmUrl[rmi://slave1:2007/] javaPath[jdk/bin/java] sshOptions schedulingPath[SCHEDULER_HOME] javaOptions maxNodes[1] nodeTimeOut[300000] serverName rmCredentialsPath submitJobOpt implementationClassname implementationFile

Name: GCM Infrastructure
Description: [DEPRECATED] Infrastructure described in GCM deployment descriptor
Class name: org.ow2.proactive.resourcemanager.nodesource.infrastructure.GCMInfrastructure
Parameters: <class name> rmUrl[rmi://slave1:2007/] descriptor

Name: GCM Customised Infrastructure
Description: [DEPRECATED] Handles hosts from the list using specified gcm deployment descriptor
template with HOST java variable contract (see proactive documentation)
Class name: org.ow2.proactive.resourcemanager.nodesource.infrastructure.GCMCustomisedInfrastructure
Parameters: <class name> rmUrl[rmi://slave1:2007/] descriptor hostsList timeout[60000]

Name: LSF Infrastructure
Description: Acquires nodes from a LSF resource manager.
Class name: org.ow2.proactive.resourcemanager.nodesource.infrastructure.LSFInfrastructure
Parameters: <class name> rmUrl[rmi://slave1:2007/] javaPath[/jdk/bin/java] sshOptions schedulingPath[SCHEDULER_HOME] javaOptions maxNodes[1] nodeTimeOut[300000] serverName rmCredentialsPath submitJobOpt

Name: Virtual Infrastructure
Description: Virtualized Infrastructure node acquisition
Class name: org.ow2.proactive.resourcemanager.nodesource.infrastructure.VirtualInfrastructure
Parameters: <class name> rmUrl[rmi://slave1:2007/] infrastructure VMMUrl VMMUser VMMPwd VMTemplate VMMax[0] hostCapacity[0] PAConfig RMCredentials

Name: PBS Infrastructure
Description: Acquires nodes from a PBS resource manager.
Class name: org.ow2.proactive.resourcemanager.nodesource.infrastructure.PBSInfrastructure
Parameters: <class name> rmUrl[rmi://slave1:2007/] javaPath[jdk/bin/java] sshOptions schedulingPath[SCHEDULER_HOME] javaOptions maxNodes[1] nodeTimeOut[300000] serverName rmCredentialsPath submitJobOpt[-l "nodes=1:ppn=1"]

Name: EC2 Infrastructure
Description: Handles nodes from the Amazon Elastic Compute Cloud Service.
Class name: org.ow2.proactive.resourcemanager.nodesource.infrastructure.EC2Infrastructure
Parameters: <class name> rmUrl[rmi://slave1:2007/] configurationFile RMCredentialsPath nodeHttpPort[80]

Name: WinHPC Infrastructure
Description: Windows HPC infrasturcure
Class name: org.ow2.proactive.resourcemanager.nodesource.infrastructure.WinHPCInfrastructure
Parameters: <class name> rmUrl[rmi://slave1:2007/] maxNodes[1] serviceUrl[https://<computerName>/HPCBasicProfile] userName password trustStore trustStorePassword javaPath[jre/bin/java] rmPath[SCHEDULER_HOME] RMCredentialsPath javaOptions extraClassPath timeout[60000]

Choose the one you need and add the corresponding parameters to the command line.

$RM_HOME/bin/unix$ rm-client -l admin -cn myns -infrastructure org.ow2.proactive.resourcemanager.nodesource.infrastructure.DefaultInfrastructureManager -policy

Available node source policies:
Name: Release Resources When Scheduler Idle
Description: Releases all resources when scheduler is idle for specified
time. Acquires them back on job submission.
Class name: org.ow2.proactive.scheduler.resourcemanager.nodesource.policy.ReleaseResourcesWhenSchedulerIdle
Parameters: <class name> nodeUsers[ALL] nodeProviders[ME] schedulerUrl schedulerCredentialsPath idleTime[60000]

Name: Cron Load Based Policy
Description: Triggers new nodes acquisition when scheduler is overloaded within a time slot defined in crontab syntax.
Class name: org.ow2.proactive.scheduler.resourcemanager.nodesource.policy.CronLoadBasedPolicy
Parameters: <class name> nodeUsers[ALL] nodeProviders[ME] schedulerUrl schedulerCredentialsPath refreshTime[1000] minNodes[0] maxNodes[10] loadFactor[10] nodeDeploymentTimeout[10000] acquisionAllowed[* * * * *] acquisionForbidden[* * * * *] preemptive[false] allowed[false]

Name: EC2 Policy
Description: Allocates as many resources as scheduler required according
to loading factor. Releases resources smoothly.
Class name: org.ow2.proactive.scheduler.resourcemanager.nodesource.policy.EC2Policy
Parameters: <class name> nodeUsers[ALL] nodeProviders[ME] schedulerUrl schedulerCredentialsPath refreshTime[1000] minNodes[0] maxNodes[10] loadFactor[10] nodeDeploymentTimeout[2400000]

Name: Time Slot Policy
Description: Acquires and releases nodes at specified time.
Class name: org.ow2.proactive.resourcemanager.nodesource.policy.TimeSlotPolicy
Parameters: <class name> nodeUsers[ALL] nodeProviders[ME] acquireTime[7/18/11 10:31:13 AM CEST] releaseTime[7/18/11 11:31:13 AM CEST] period[86400000] preemptive[true]

Name: Cron Slot Load Based Policy
Description: Keeps all nodes up and running within specified time slot and acquires node on demand when scheduler is overloaded at another time.
Class name: org.ow2.proactive.scheduler.resourcemanager.nodesource.policy.CronSlotLoadBasedPolicy
Parameters: <class name> nodeUsers[ALL] nodeProviders[ME] schedulerUrl schedulerCredentialsPath refreshTime[1000] minNodes[0] maxNodes[10] loadFactor[10] nodeDeploymentTimeout[10000] deployAllAt[* * * * *] undeployAllAt[* * * * *] preemptive[false] acquireNow[false]

Name: Scheduler Loading Policy
Description: Allocates as many resources as scheduler required according
to loading factor. Releases resources smoothly.
Class name: org.ow2.proactive.scheduler.resourcemanager.nodesource.policy.SchedulerLoadingPolicy
Parameters: <class name> nodeUsers[ALL] nodeProviders[ME] schedulerUrl schedulerCredentialsPath refreshTime[1000] minNodes[0] maxNodes[10] loadFactor[10] nodeDeploymentTimeout[10000]

Name: Static Policy
Description: Static nodes acquisition.
Class name: org.ow2.proactive.resourcemanager.nodesource.policy.StaticPolicy
Parameters: <class name> nodeUsers[ALL] nodeProviders[ME]

Name: Cron Policy
Description: Acquires and releases nodes at specified time.
Class name: org.ow2.proactive.resourcemanager.nodesource.policy.CronPolicy
Parameters: <class name> nodeUsers[ALL] nodeProviders[ME] nodeAcquision[* * * * *] nodeRemoval[* * * * *] preemptive[false] forceDeployment[false]

Then select the appropriate one and specify it in the command line. Example:

>rm-client -l admin -cn myns -infrastructure org.ow2.proactive.resourcemanager.nodesource.infrastructure.DefaultInfrastructureManager rmURL -policy org.ow2.proactive.resourcemanager.nodesource.policy.StaticPolicy ALL ME

 exMode(display,onDemand)        Change the way exceptions are displayed (if display is true, stacks are displayed - if onDemand is true, prompt before displaying stacks)
 addnode(nodeURL, nsName)        Add node to the given node source (parameters is a string representing the node URL to add and an optional string representing the node source in which to add the node)
 removenode(nodeURL,preempt)     Remove the given node (parameter is a string representing the node URL, node is removed immediately if second parameter is true)
 createns(nsName,infr,pol)       Create a new node source with specified name, infrastructure and policy (e.g. createns('myname', ['infrastrucure', 'param1', ...], ['policy', 'param1', ...]))
 removens(nsName,preempt)        Remove the given node source (parameter is a string representing the node source name to remove, node source is removed immediately if second parameter is true)
 listnodes()                     List every handled nodes
 listns()                        List every handled node sources
 listInfrastructures()           List supported infrastructures
 listPolicies()                  List available node sources policies
 shutdown(preempt)               Shutdown the Resource Manager (RM shutdown immediately if parameter is true)
 jmxinfo()                       Display some statistics provided by MBean
 exec(scriptFilePath)            Execute the content of the given script file (parameter is a string representing a script-file path)
 setLogsDir(logsDir)             Set the directory where the log are located, (default is RM_HOME/.logs
 viewlogs(nbLines)               View the last nbLines lines of the logs file, (default nbLines is 20)
 refreshPermissions()            Reload permissions policy file
 exit()                          Exits RM controller

/* set exec mode in order to not display stack trace, and not ask for either.*/
exMode(false,false);

/* remove a node source, preemptively */
removens("my_node_source",true);

/* create a new node source with GCMD and static nodes acquisition*/
createns("my_node_source", ['org.ow2.proactive.resourcemanager.nodesource.infrastructure.GCMInfrastructure', 'rmURL', 'path_to_descriptor'], ['org.ow2.proactive.resourcemanager.nodesource.policy.StaticPolicy', 'ALL', 'ME']);

/* wait for a while */
java.lang.Thread.sleep(10000);

/* check that deployment has succeed */
listnodes();
        

> exec("myScript.js");

Default infrastructure manager is designed to be used with ProActive agent. It cannot perform an automatic deployment but any users (including an agent) can add already existing nodes into it. In order to create a node source with this infrastructure, run the following command:

$RM_HOME>./bin/unix/rm-client --createns defaultns -infrastructure org.ow2.proactive.resourcemanager.nodesource.infrastructure.DefaultInfrastructureManager rmURL

The only parameter to provide is the following one:

Local Infrastructure Manager can be used to start nodes locally, i.e, on the host running the Resource Manager. In order to create a node source with this infrastructure, run the following command:

$RM_HOME>./bin/unix/rm-client --createns localns -infrastructure org.ow2.proactive.resourcemanager.nodesource.infrastructure.LocalInfrastructure RMUrl credentialsPath numberOfNodes timeout javaProperties 

GCM customized infrastructure can deploy/remove a single node to/from the infrastructure described in GCM descriptor. It makes possible to use this insfrastructure manager together with more precise policies such as "scheduler aware policy" (see below). In order to create such node source user has to specify GCMD and hosts list. GCMD has to define a deployment of a single node and does not have to have an explicit host names. Instead of this, ${HOST} variable must be used and at the moment of deployment the resource manager associates host to the gcmd (see $RM_HOME/config/rm/deployment/deployment_ssh_hosts_list_template.xml).

$RM_HOME>./bin/unix/rm-client --createns gcmns -infrastructure org.ow2.proactive.resourcemanager.nodesource.infrastructure.GCMCustomisedInfrastructure rmURL config/rm/deployment/deployment_ssh_hosts_list_template.xml config/rm/deployment/hostslist nodeTimeout

This infrastructure needs 4 arguments, described hereafter:

Even if GCM and GCMCustomized infrastructures used the same GCM Application descriptor file, only GCM Customized makes an optimal usage of it. The main difference comes from the fact that the GCM Customized infrastructure manager predicts the deployment of the nodes by giving them a name. This name can directly be set by the infrastructure manager filling in a variable contract (name jvmargDefinedByIM) of the xml descriptor file.

This infrastructure allows to deploy nodes over ssh. Having a list of hosts the resource manager construct the ssh command to launch remote JVMs. Java path and rm distribution path on remote hosts have to be specified together with other parameters. Example:

This infrastructure needs 10 arguments, described hereafter:

This generic infrastructure allows to deploy nodes using deployment script written in arbitrary language. The infrastructure just launches this script and waits until the ProActive node is registered in the resource manager. Command line infrastructure could be used when you prefer to describe the deployment process using shell scripts instead of Java. Script examples could be found in RM_HOME/samples/scripts/deployment. The deployment script has 4 parameters: HOST_NAME, NODE_NAME, NODE_SOURCE_NAME, RM_URL. The removal script has 2 parameters: HOST_NAME and NODE_NAME.

This infrastructure needs 7 arguments, described hereafter:

The deployment through Windows HPC scheduler. In order to make it functional, the Windows HPC has to be configured according to this guide. After exposing windows native scheduler as a web service it is possible to contact it from Java and submit any command. In our case, it is a command launching JVM on one of the cluster nodes.

$RM_HOME>./bin/unix/rm-client --createns winhpc -infrastructure org.ow2.proactive.resourcemanager.nodesource.infrastructure.WinHPCInfrastructure rmURL 8 https://cluster_name/HPCBasicProfile username password trustStore trustStorePassword javaPath rmPath RMUrl RMCredentialsPath javaOptions extraClassPath nodeTimeout

This infrastructure needs 12 arguments, described hereafter:

This infrastructure knows how to acquire nodes from LSF by submitting a corresponding job. It will be submitted through SSH from the RM to the LSF server. As an alternative, you may consider using the GCM Customized infrastructure instead, which provides more control over the deployment, but requires more configuration.

$RM_HOME>./bin/unix/rm-client --createns lsf -infrastructure org.ow2.proactive.resourcemanager.nodesource.infrastructure.LSFInfrastructure rmURL javaPath sshOptions schedulingPath javaOptions maxNodes nodeTimeout LSFServer RMCredentialsPath bsubOptions

where:

This infrastructure knows how to acquire nodes from PBS (i.e. Torque) by submitting a corresponding job. It will be submitted through SSH from the RM to the PBS server. As an alternative, you may consider using the GCM Customized infrastructure instead, which provides more control over the deployment, but requires more configuration.

$RM_HOME>./bin/unix/rm-client --createns pbs -infrastructure org.ow2.proactive.resourcemanager.nodesource.infrastructure.PBSInfrastructure rmURL javaPath sshOptions schedulingPath javaOptions maxNodes nodeTimeout PBSServer RMCredentialsPath qsubOptions

where:

Generic Batch Job infrastructure provides users with the capability to add the support of new batch job scheduler by providing a class extending org.ow2.proactive.resourcemanager.nodesource.infrastructure.BatchJobInfrastructure. Once you have written that implementation, you can create a node source which makes usage of this infrastructure by running the following command:

$RM_HOME>./bin/unix/rm-client --createns pbs -infrastructure org.ow2.proactive.resourcemanager.nodesource.infrastructure.GenericBatchJobInfrastructure rmURL javaPath sshOptions schedulingPath javaOptions maxNodes nodeTimeout BatchJobServer RMCredentialsPath subOptions implementationName implementationPath

where:

Static node source policy starts node acquisition when nodes are added to the node source and never removes them. Nevertheless, nodes can be removed by user request.

For using this policy, you have to precise the following parameters:

Time slot policy is aimed to acquire nodes for particular time with an ability to do it periodically.

For using this policy, you have to precise the following parameters:

Cron policy is aimed to acquire and remove nodes at specific time defined in the cron syntax.

For using this policy, you have to precise the following parameters:

"Remove nodes when scheduler is idle" policy removes all nodes from the infrastructure when the scheduler is idle and acquires them when a new job is submitted. This policy may be useful if there is no need to keep nodes alive permanently. Nodes will be released after a specified "idle time". This policy will use a listener of the scheduler, that is why its URL, its user name and its password have to be specified.

For using this policy, you have to precise the following parameters:

	Note
	This policy is available only when using the ProActive Scheduler.

"Scheduler loading" policy acquires/releases nodes according to the scheduler loading factor. This policy allows to configure the number of resources which will be always enough for the scheduler. Nodes are acquired and released according to scheduler loading factor which is a number of tasks per node. In the same manner as the previous policy, this one also requires scheduler URL, user name and password. It is important to correctly configure maximum and minimum nodes that this policy will try to hold. Maximum number should not be greater than potential nodes number which is possible to deploy to underlying infrastructure. If there are more currently acquired nodes than necessary, policy will release them one by one after having waited for a "release period" delay. This smooth release procedure is implemented because deployment time is greater than the release one. Thus, this waiting time deters policy from spending all its time trying to deploy nodes.

For using this policy, you have to precise the following parameters:

	Note
	This policy is available only when using the ProActive Scheduler.

The "Cron load based" policy triggers new nodes acquisition when scheduler is overloaded (exactly like with "Scheduler loading" policy) only within a time slot defined using crontab syntax. All other time the nodes are removed from the resource manager.

For using this policy, you have to precise the following parameters:

	Note
	This policy is available only when using the ProActive Scheduler.

The "Cron slot load based" policy triggers new nodes acquisition when scheduler is overloaded (exactly like with "Scheduler loading" policy) only within a time slot defined using crontab syntax. The other time it holds all the available nodes.

For using this policy, you have to precise the following parameters:

	Note
	This policy is available only when using the ProActive Scheduler.

Allocates resources according to the Scheduler loading factor, releases resources considering that EC2 instances are paid by the hour.

For using this policy, you have to precise the following parameters:

	Note
	This policy is available only when using the ProActive Scheduler.

The resource manager provides the way to create your own custom policy or infrastructure. In order to do it:

When you start the resource manager your infrastructure/policy will be in the list of supported ones.

Resource Manager can be started locally using a static method of RMFactory class:

// Creates initializer for the resource manager.
// The 6 following lines are mandatory for starting RM in a clean JVM
// But each variable can be set as JVM argument (i.e. -Dvar=value) instead of as API.
RMInitializer init = new RMInitializer();

// PAResourceManagerProperties.RM_HOME is empty. You have to start your
// application with -Dpa.rm.home=<YOUR_RM_HOME_DIR>
System.out.println("RM home directory = " + PAResourceManagerProperties.RM_HOME);
init.setRMHomePath(PAResourceManagerProperties.RM_HOME.toString());
init.setLog4jConfiguration(PAResourceManagerProperties.RM_HOME + "config/log4j/rm-log4j-server");
init
        .setJavaSecurityPolicy(PAResourceManagerProperties.RM_HOME +
            "config/security.java.policy-server");
init.setProActiveConfiguration(PAResourceManagerProperties.RM_HOME +
    "config/proactive/ProActiveConfiguration.xml");
init.setResourceManagerPropertiesConfiguration(PAResourceManagerProperties.RM_HOME +
    "config/authentication/login.cfg");

// Starts an empty RM...
System.out.println("Starting RM, please wait...");

RMAuthentication auth = null;
try {
    auth = RMFactory.startLocal(init);
} catch (Exception e) {
    // TODO Auto-generated catch block
    e.printStackTrace();
}

// Retrieves connection URL for RM: auth.getHostURL()
String rmUrl = auth.getHostURL();
System.out.println("RM successfully started at : " + rmUrl);

In order to perform any operations with the Resource Manager, you have to authorize and acquire ResourceManager interface. This action is the same as the one we saw in Section 3.1, “Connecting to the resource manager”. Refer to that section to know how to get a reference towards the resource manager in order to be able to perform actions authorized by your permissions. For example, as an administrator, you are able to shutdown the resource manager:

resourceManager.shutdown(true);

This method terminates all RM's active objects and stops JVM where RMCore is running on. The boolean parameter that it takes in argument defines whether the Resource Manager stops immediately, even if there are some busy nodes (i.e. some nodes have been provided to an application) or waits until applications give them back.

ResourceManager provides a way to add ProActive nodes that are already deployed. Nodes are added using their URLs.

String nodeUrl = "rmi://kisscool.inria.fr:1099/MyNode";
BooleanWrapper isAdded = resourceManager.addNode(nodeUrl);

Note

The snippet here above has the same behavior as: BooleanWrapper isAdded = resourceManager.addNode(nodeUrl, "Default"); The second parameter stands for the name of the nodesource to which one the node is added. To start a node, you can use the rm-start-node script: $RM_HOME/bin/[os]> rm-start-node -n MyNode The script prints the url of the node that you must provide to the addNode method. You can also directly make the node register itself to the resource manager. In this case you need to provide the appropriate url of the resource manager and the credentials you want to use either specifying a file, an environment variable or the value: $RM_HOME/bin/[os]> rm-start-node -n MyNode -r rmi://kisscool.inria.fr:1099/ -f $RM_HOME/config/authentication/rm.cred In the example above, -r rmi://kisscool.inria.fr:1099/ stands for the url of the resource manager and -f $RM_HOME/config/authentication/rm.cred is the credentials file (use -s to provide the name of a nodesource).

You can remove a node from Resource Manager with the code:

BooleanWrapper isRemoved = resourceManager.removeNode(nodeUrl, true);

The first parameter is the URL of the node to remove and the second one is a boolean. If this boolean is set to true, the resource manager removes immediately the node even if it is busy. If this boolean is set to false and the node is busy, the resource manager waits until the user using the node releases it. Once the node is released the RM removes it.

You can create different node sources using the ResourceManager interface. Let us take a look at the following example to know how to create one of them:

// creating infrastructure manager parameters
String javaPath = System.getProperty("java.home") + "/bin/java";
String javaOptions = "";
Object[] infrastructureParameters = new Object[] { javaPath,
        PAResourceManagerProperties.RM_HOME.toString(), "rmi", "1099", javaOptions,
        "kisscool.inria.fr".getBytes() };

Object[] policyParameters = new Object[] { "ALL", "ME" };

resourceManager.createNodeSource("MySshNodeSource", SSHInfrastructure.class.getName(),
        infrastructureParameters, StaticPolicy.class.getName(), policyParameters);

while (resourceManager.getState().getTotalNodesNumber() != 1) {
    System.out.println("waiting....");
    Thread.sleep(1000);
}
System.out.println("ok");

The node source is created with the ssh infrastructure manager and a static policy. The ssh infrastructure takes 6 parameters: the path to the java executable, the Resource Manager home directory, the protocol and the port that will be used to access created nodes, the list of Java options and finally, the list of hosts. For the static policy, 2 parameters has to be provided: the permission for node utilization and the permission for providing nodes. The provider permission specifies users who can add nodes to this node source and is one of the followings: "ME", "users=user1,user2;groups=group1,group2", "ALL". The utilization permission defines who can obtain nodes for computations from this node source and must be one of the followings: "ME" (node source creator), "users=user1,user2;groups=group1,group2", "ALL". In the previous example, only the user who has created the node source, that is "admin", can add nodes to it but all users can use them.

	Note
	In order to know the needed parameters for every infrastructure type and policy, you can use the command line interface. Please read Section 4.2.2, “Interacting with the resource manager”

Depending on the way you get the RM plugin, just follow one of these steps:

Then, go to Window->Open Perspective->Other...->Resource Manager (it could be already opened as it is the default perspective).

Once started, the first screen displayed is the following one:

Figure 4.6. Resource Manager startup screen

A Resource Manager has to be already started before connecting the Resource Manager GUI. If no RM has been started, please refer to Section 4.2.1, “Launching the resource manager”.

Normally, when starting the GUI, a connection dialog box should appear on top of the main screen. If not, right click on Resource Explorer area and select "Connect" on the pop-up menu. Clicking on this action, the following dialog box will show up:

Figure 4.7. Connection screen

Enter the URL of an existing Resource Manager and login information. You can use for example "demo" as a login and "demo" again as a password. This user is an administrator so you will be able to perform any action such as management of nodes and node sources, shutdown of resource manager and so on... without any permission problems. Regular users can only get information about resources and their states. The URL is composed of the protocol, the host name on which the RM is started and the port on which it is listening.

You are now connected and ready to perform administrative actions on the remote Resource Manager.