#86 closed (fixed)
ExoGENI does not support slice delegation
Reported by: | lnevers@bbn.com | Owned by: | jaipuria@cs.duke.edu |
---|---|---|---|
Priority: | major | Milestone: | EG-EXP-4 |
Component: | Experiment | Version: | SPIRAL4 |
Keywords: | delegation | Cc: | |
Dependencies: |
Description
In scenarios where a slice is delegated, ExoGENI AM does not handle the delegation. Following are two scenario that were tested, along with the "Result Summary" from the command.
Scenario 1:
User "lnevers" creates a slice named "lnev-deleg" and delegates the slice to user "lnevers1":
$ omni.py createslice lnev-deleg $ omni.py getslicecred lnev-deleg -o $ ./src/delegateSliceCred.py --cert ~/.ssl/pgeni/encrypted-cleartext.pem \ --key ~/.ssl/pgeni/encrypted-cleartext.pem --slicecred ./lnev-deleg-cred.xml \ --delegeegid ~/gcf-test/lnevers1-encrypted-cleartext.pem
User "lnevers1" with delegation file executes commands listresources and createsliver:
$ omni.py -a exobbn listresources lnev-deleg --slicecred pgeni--gpolab--bbn--com-lnevers1-delegated-lnev-deleg-cred.xml Result Summary: Got no resources on slice lnev-deleg. No resources from AM https://bbn-hn.exogeni.net:11443/orca/xmlrpc: Credendial Exception: javax.security.auth.login.CredentialException: No credential was found with appropriate privileges. $ omni.py -a exobbn createsliver lnev-deleg --slicecred pgeni--gpolab--bbn--com-lnevers1-delegated-lnev-deleg-cred.xml ./exo.rspec Result Summary: Slice urn:publicid:IDN+pgeni.gpolab.bbn.com+slice+lnev-deleg expires on 2012-07-31 17:29:29 UTC Asked https://bbn-hn.exogeni.net:11443/orca/xmlrpc to reserve resources. No manifest Rspec returned. Credendial Exception: javax.security.auth.login.CredentialException: No credential was found with appropriate privileges.
Scenario 2:
User "lnevers" creates a slice named "lnev-deleg-2", creates sliver, and then delegates the slice to "lnevers1":
$ omni.py createslice lnev-deleg-2 $ omni.py -a exobbn createsliver lnev-deleg-2 exo.rspec $ omni.py getslicecred lnev-deleg-2 -o $ ./src/delegateSliceCred.py --cert ~/.ssl/pgeni/encrypted-cleartext.pem \ --key ~/.ssl/pgeni/encrypted-cleartext.pem --slicecred ./lnev-deleg-2-cred.xml \\--delegeegid ~/gcf-test/lnevers1-encrypted-cleartext.pem
User "lnevers1" with delegation file from "lnevers" executes listresources and deletesliver:
$ omni.py -a exobbn listresources lnev-deleg-2 --slicecred pgeni--gpolab--bbn--com-lnevers1-delegated-lnev-deleg-2-cred.xml Result Summary: Got no resources on slice lnev-deleg-2. No resources from AM https://bbn-hn.exogeni.net:11443/orca/xmlrpc: Credendial Exception: javax.security.auth.login.CredentialException: No credential was found with appropriate privileges. $ omni.py -a exobbn deletesliver lnev-deleg-2 --slicecred pgeni--gpolab--bbn--com-lnevers1-delegated-lnev-deleg-2-cred.xml Result Summary: Failed to delete sliver urn:publicid:IDN+pgeni.gpolab.bbn.com+slice+lnev-deleg-2 on unspecified_AM_URN at https://bbn-hn.exogeni.net:11443/orca/xmlrpc Credendial Exception: javax.security.auth.login.CredentialException: No credential was found with appropriate privileges.
Attachments (2)
Change History (8)
Changed 13 years ago by
Attachment: | pgeni--gpolab--bbn--com-lnevers1-delegated-lnev-deleg-2-cred.xml added |
---|
Changed 13 years ago by
Attachment: | pgeni--gpolab--bbn--com-lnevers1-delegated-lnev-deleg-cred.xml added |
---|
comment:1 Changed 13 years ago by
comment:2 Changed 13 years ago by
Owner: | changed from somebody to jaipuria@cs.duke.edu |
---|---|
Status: | new → assigned |
Looking into the issue.
comment:3 Changed 13 years ago by
Defect. Two issues.
- can_delegate was expecting only [true, false] not [1, 0]
- Code to find delegate-able privileges wasn't looking for individual privileges and not [*]
comment:5 Changed 13 years ago by
Will this fix be available when the next schedules update takes place? Or is this the type of fix that can be applied on the fly?
Attached the 2 delegation files used in the scenarios outlined. Please let me know if more information is needed.