Version 10 (modified by 11 years ago) (diff) | ,
---|
GEMINI AA Demo
Configuration
- This is the gec15 demo topology. Four MP nodes in a full mesh and one GN.
- Slice name: gemslice4
- Slice URN: urn:publicid:IDN+emulab.net+slice+gemslice4
- Slice UUID: 58665b24-6b2a-11e2-a39d-001143e453fe
- UNIS topology description http://groups.geni.net/geni/attachment/wiki/GEMINI_AA_DEMO/gemslice4.unis link
Demo Steps
- Slice is already fully instrumentized using gdesktop-init.py and gdesktop-instrumentize.py
- AA-specific steps take place in gdesktop-instrumentize.py
- An edited version of -instrumentize will be run to demonstrate the AA steps (see workflow below)
- The UNIS log will be made visible to show the interaction with instrumentize.
- Once the AA steps have completed, the MS on the GN will be started.
- One or more BLiPP instances will be started on the MP nodes.
- A browser (or unis_client) will be used to access metadata on UNIS and relevant data on the MS.
- Only authorized users will have access via either the user or proxy certificates.
Interfaces and Workflow
Available Features (2/5)
- UNIS, MS, and BLiPP are secured via PKI
- UNIS, MS, BLiPP use GEMINI authorization (ABAC slice_admin role) to restrict access to network resource objects
- Note: MS does not authorize read/write to /data
- Instrumentize has been updated to generate proxy certificates and ABAC credentials
- Certificates are automatically copied to nodes in slice
- Credentials get pushed to UNIS to allow access for services on the nodes
- RSpec manifest is converted to UNIS format and pushed securely to UNIS service
- BLiPP service configuration is generated and pushed securely to UNIS
Available Features by GEC16 (3/19)
- MS authorizes read/write access to /data
- GENI/GEMINI Desktop support
- Note: issue is with NSS versus OpenSSL for curl on Fedora images
- Might be resolved with custom images, or re-compiled packages
To be resolved by GEC16 (3/19)
- Improved error handling during instrumentize
- Try to remove extra passphrase entry during instrumentize
- Code changes fully merged (UNIS, MS, and BLiPP)
Attachments (3)
- gemslice4-topo.png (26.1 KB) - added by 11 years ago.
- gemslice4.unis (29.7 KB) - added by 11 years ago.
- GEMINI_v0.2_AA-workflow.png (138.1 KB) - added by 11 years ago.
Download all attachments as: .zip