Opened 9 years ago

Closed 9 years ago

Last modified 9 years ago

#86 closed (fixed)

ExoGENI does not support slice delegation

Reported by: lnevers@bbn.com Owned by: jaipuria@cs.duke.edu
Priority: major Milestone: EG-EXP-4
Component: Experiment Version: SPIRAL4
Keywords: delegation Cc:
Dependencies:

Description

In scenarios where a slice is delegated, ExoGENI AM does not handle the delegation. Following are two scenario that were tested, along with the "Result Summary" from the command.

Scenario 1:

User "lnevers" creates a slice named "lnev-deleg" and delegates the slice to user "lnevers1":

$ omni.py createslice lnev-deleg
$ omni.py getslicecred lnev-deleg -o
$ ./src/delegateSliceCred.py --cert ~/.ssl/pgeni/encrypted-cleartext.pem \
  --key ~/.ssl/pgeni/encrypted-cleartext.pem --slicecred ./lnev-deleg-cred.xml \
  --delegeegid ~/gcf-test/lnevers1-encrypted-cleartext.pem

User "lnevers1" with delegation file executes commands listresources and createsliver:

$ omni.py -a exobbn listresources lnev-deleg --slicecred pgeni--gpolab--bbn--com-lnevers1-delegated-lnev-deleg-cred.xml
Result Summary: Got no resources on slice lnev-deleg. No resources from AM https://bbn-hn.exogeni.net:11443/orca/xmlrpc:
Credendial Exception: javax.security.auth.login.CredentialException: No credential was found with appropriate privileges.

$ omni.py -a exobbn createsliver lnev-deleg --slicecred pgeni--gpolab--bbn--com-lnevers1-delegated-lnev-deleg-cred.xml ./exo.rspec
Result Summary: Slice urn:publicid:IDN+pgeni.gpolab.bbn.com+slice+lnev-deleg expires on 2012-07-31 17:29:29 UTC
Asked https://bbn-hn.exogeni.net:11443/orca/xmlrpc to reserve resources. No manifest Rspec returned. Credendial
Exception: javax.security.auth.login.CredentialException: No credential was found with appropriate privileges.

Scenario 2:

User "lnevers" creates a slice named "lnev-deleg-2", creates sliver, and then delegates the slice to "lnevers1":

$ omni.py createslice lnev-deleg-2
$ omni.py -a exobbn createsliver lnev-deleg-2 exo.rspec
$ omni.py getslicecred lnev-deleg-2 -o
$ ./src/delegateSliceCred.py --cert ~/.ssl/pgeni/encrypted-cleartext.pem \
--key ~/.ssl/pgeni/encrypted-cleartext.pem --slicecred ./lnev-deleg-2-cred.xml \\--delegeegid ~/gcf-test/lnevers1-encrypted-cleartext.pem

User "lnevers1" with delegation file from "lnevers" executes listresources and deletesliver:

$ omni.py -a exobbn listresources lnev-deleg-2 --slicecred pgeni--gpolab--bbn--com-lnevers1-delegated-lnev-deleg-2-cred.xml
Result Summary: Got no resources on slice lnev-deleg-2. No resources from AM https://bbn-hn.exogeni.net:11443/orca/xmlrpc:
Credendial Exception: javax.security.auth.login.CredentialException: No credential was found with appropriate privileges.

$ omni.py -a exobbn deletesliver lnev-deleg-2 --slicecred pgeni--gpolab--bbn--com-lnevers1-delegated-lnev-deleg-2-cred.xml
Result Summary: Failed to delete sliver urn:publicid:IDN+pgeni.gpolab.bbn.com+slice+lnev-deleg-2 on unspecified_AM_URN at
https://bbn-hn.exogeni.net:11443/orca/xmlrpc Credendial Exception: javax.security.auth.login.CredentialException: No credential was found with appropriate privileges.

Attachments (2)

pgeni--gpolab--bbn--com-lnevers1-delegated-lnev-deleg-2-cred.xml (12.5 KB) - added by lnevers@bbn.com 9 years ago.
pgeni--gpolab--bbn--com-lnevers1-delegated-lnev-deleg-cred.xml (12.5 KB) - added by lnevers@bbn.com 9 years ago.

Download all attachments as: .zip

Change History (8)

comment:1 Changed 9 years ago by lnevers@bbn.com

Attached the 2 delegation files used in the scenarios outlined. Please let me know if more information is needed.

comment:2 Changed 9 years ago by jaipuria@cs.duke.edu

Owner: changed from somebody to jaipuria@cs.duke.edu
Status: newassigned

Looking into the issue.

comment:3 Changed 9 years ago by jaipuria@cs.duke.edu

Defect. Two issues.

  1. can_delegate was expecting only [true, false] not [1, 0]
  1. Code to find delegate-able privileges wasn't looking for individual privileges and not [*]

comment:4 Changed 9 years ago by jaipuria@cs.duke.edu

Resolution: fixed
Status: assignedclosed

Fixed.

comment:5 Changed 9 years ago by lnevers@bbn.com

Will this fix be available when the next schedules update takes place? Or is this the type of fix that can be applied on the fly?

comment:6 Changed 9 years ago by lnevers@bbn.com

Slice delegation was successfully tested. Problem is addressed.

Note: See TracTickets for help on using tickets.