| 39 | ==== GEMINI AA Demo ==== |
| 40 | |
| 41 | ==== Configuration ==== |
| 42 | * This is the gec15 demo topology. Four MP nodes in a full mesh and one GN. |
| 43 | * Slice name: gemslice4 |
| 44 | * Slice URN: urn:publicid:IDN+emulab.net+slice+gemslice4 |
| 45 | * Slice UUID: 58665b24-6b2a-11e2-a39d-001143e453fe |
| 46 | |
| 47 | * UNIS topology description [[http://groups.geni.net/geni/attachment/wiki/GEMINI_AA_DEMO/gemslice4.unis link]] |
| 48 | |
| 49 | [[Image(gemslice4-topo.png, 60%)]] |
| 50 | |
| 51 | ==== Demo Steps ==== |
| 52 | |
| 53 | * Slice is already fully instrumentized using gdesktop-init.py and gdesktop-instrumentize.py |
| 54 | * AA-specific steps take place in gdesktop-instrumentize.py |
| 55 | * An edited version of -instrumentize will be run to demonstrate the AA steps (see workflow below) |
| 56 | * The UNIS log will be made visible to show the interaction with instrumentize. |
| 57 | * Once the AA steps have completed, the MS on the GN will be started. |
| 58 | * One or more BLiPP instances will be started on the MP nodes. |
| 59 | * A browser (or unis_client) will be used to access metadata on UNIS and relevant data on the MS. |
| 60 | * Only authorized users will have access via either the user or proxy certificates. |
| 61 | |
| 62 | ==== Interfaces and Workflow ==== |
| 63 | |
| 64 | [[Image(GEMINI_v0.2_AA-workflow.png, 60%)]] |
| 65 | |
| 66 | ==== Available Features (2/5) ==== |
| 67 | |
| 68 | * UNIS, MS, and BLiPP are secured via PKI |
| 69 | * UNIS, MS, BLiPP use GEMINI authorization (ABAC slice_admin role) to restrict access to network resource objects |
| 70 | * Note: MS does not authorize read/write to /data |
| 71 | * Instrumentize has been updated to generate proxy certificates and ABAC credentials |
| 72 | * Certificates are automatically copied to nodes in slice |
| 73 | * Credentials get pushed to UNIS to allow access for services on the nodes |
| 74 | * RSpec manifest is converted to UNIS format and pushed securely to UNIS service |
| 75 | * BLiPP service configuration is generated and pushed securely to UNIS |
| 76 | |
| 77 | ==== Available Features by GEC16 (3/19) ==== |
| 78 | |
| 79 | * MS authorizes read/write access to /data |
| 80 | * GENI/GEMINI Desktop support |
| 81 | * Note: issue is with NSS versus OpenSSL for curl on Fedora images |
| 82 | * Might be resolved with custom images, or re-compiled packages |
| 83 | * RSpec Parser to return slice UUID and other information as JSON object |
| 84 | |
| 85 | ==== To be resolved by GEC16 (3/19) ==== |
| 86 | |
| 87 | * Improved error handling during instrumentize |
| 88 | * Improved creddy integration, reduce number of dependencies |
| 89 | * Try to remove extra passphrase entry during instrumentize |
| 90 | * Code changes fully merged (UNIS, MS, and BLiPP) |
| 91 | |
| 92 | |
| 93 | |
| 94 | |