=== GEMINI AA Demo === ==== Configuration ==== * This is the gec15 demo topology. Four MP nodes in a full mesh and one GN. * Slice name: gemslice4 * Slice URN: urn:publicid:IDN+emulab.net+slice+gemslice4 * Slice UUID: 58665b24-6b2a-11e2-a39d-001143e453fe * UNIS topology description [[http://groups.geni.net/geni/attachment/wiki/GEMINI_AA_DEMO/gemslice4.unis link]] [[Image(gemslice4-topo.png, 30%)]] ==== Demo Steps ==== * Slice is already fully instrumentized using gdesktop-init.py and gdesktop-instrumentize.py * AA-specific steps take place in gdesktop-instrumentize.py * An edited version of -instrumentize will be run to demonstrate the AA steps (see workflow below) * The UNIS log will be made visible to show the interaction with instrumentize. * Once the AA steps have completed, the MS on the GN will be started. * One or more BLiPP instances will be started on the MP nodes. * A browser (or unis_client) will be used to access metadata on UNIS and relevant data on the MS. * Only authorized users will have access via either the user or proxy certificates. ==== Interfaces and Workflow ==== [[Image(GEMINI_v0.2_AA-workflow.png, 40%)]] ==== Available Features (2/5) ==== * UNIS, MS, and BLiPP are secured via PKI * UNIS, MS, BLiPP use GEMINI authorization (ABAC slice_admin role) to restrict access to network resource objects * Note: MS does not authorize read/write to /data * Instrumentize has been updated to generate proxy certificates and ABAC credentials * Certificates are automatically copied to nodes in slice * Credentials get pushed to UNIS to allow access for services on the nodes * RSpec manifest is converted to UNIS format and pushed securely to UNIS service * BLiPP service configuration is generated and pushed securely to UNIS ==== Available Features by GEC16 (3/19) ==== * MS authorizes read/write access to /data * GENI/GEMINI Desktop support * Note: issue is with NSS versus OpenSSL for curl on Fedora images * Might be resolved with custom images, or re-compiled packages * RSpec Parser to return slice UUID and other information as JSON object ==== To be resolved by GEC16 (3/19) ==== * Improved error handling during instrumentize * Try to remove extra passphrase entry during instrumentize * Code changes fully merged (UNIS, MS, and BLiPP)