Changes between Version 79 and Version 80 of 020513_GEMINI_Demo


Ignore:
Timestamp:
02/12/13 18:29:02 (7 years ago)
Author:
hmussman@bbn.com
Comment:

--

Legend:

Unmodified
Added
Removed
Modified
  • 020513_GEMINI_Demo

    v79 v80  
    3737[wiki:GEMINI_AA_DEMO GEMINI AA Demo]
    3838
     39==== GEMINI AA Demo ====
     40
     41==== Configuration ====
     42 * This is the gec15 demo topology.  Four MP nodes in a full mesh and one GN.
     43 * Slice name: gemslice4
     44 * Slice URN: urn:publicid:IDN+emulab.net+slice+gemslice4
     45 * Slice UUID: 58665b24-6b2a-11e2-a39d-001143e453fe
     46
     47 * UNIS topology description [[http://groups.geni.net/geni/attachment/wiki/GEMINI_AA_DEMO/gemslice4.unis link]]
     48
     49[[Image(gemslice4-topo.png, 60%)]]
     50
     51==== Demo Steps ====
     52
     53 * Slice is already fully instrumentized using gdesktop-init.py and gdesktop-instrumentize.py
     54 * AA-specific steps take place in gdesktop-instrumentize.py
     55 * An edited version of -instrumentize will be run to demonstrate the AA steps (see workflow below)
     56 * The UNIS log will be made visible to show the interaction with instrumentize.
     57 * Once the AA steps have completed, the MS on the GN will be started.
     58 * One or more BLiPP instances will be started on the MP nodes.
     59 * A browser (or unis_client) will be used to access metadata on UNIS and relevant data on the MS.
     60 * Only authorized users will have access via either the user or proxy certificates.
     61
     62==== Interfaces and Workflow ====
     63
     64[[Image(GEMINI_v0.2_AA-workflow.png, 60%)]]
     65
     66==== Available Features (2/5) ====
     67
     68 * UNIS, MS, and BLiPP are secured via PKI
     69 * UNIS, MS, BLiPP use GEMINI authorization (ABAC slice_admin role) to restrict access to network resource objects
     70  * Note: MS does not authorize read/write to /data
     71 * Instrumentize has been updated to generate proxy certificates and ABAC credentials
     72  * Certificates are automatically copied to nodes in slice
     73  * Credentials get pushed to UNIS to allow access for services on the nodes
     74 * RSpec manifest is converted to UNIS format and pushed securely to UNIS service
     75 * BLiPP service configuration is generated and pushed securely to UNIS
     76
     77==== Available Features by GEC16 (3/19) ====
     78
     79 * MS authorizes read/write access to /data
     80 * GENI/GEMINI Desktop support
     81  * Note: issue is with NSS versus OpenSSL for curl on Fedora images
     82  * Might be resolved with custom images, or re-compiled packages
     83 * RSpec Parser to return slice UUID and other information as JSON object
     84
     85==== To be resolved by GEC16 (3/19) ====
     86
     87 * Improved error handling during instrumentize
     88 * Improved creddy integration, reduce number of dependencies
     89 * Try to remove extra passphrase entry during instrumentize
     90 * Code changes fully merged (UNIS, MS, and BLiPP)
     91
     92
     93
     94
    3995=== 2)  Instrumentize script  ===
    40961:25pm [[BR]]