wiki:GEMINI_AA_DEMO

Version 12 (modified by kissel@cis.udel.edu, 11 years ago) (diff)

--

GEMINI AA Demo

Configuration

  • This is the gec15 demo topology. Four MP nodes in a full mesh and one GN.
  • Slice name: gemslice4
  • Slice URN: urn:publicid:IDN+emulab.net+slice+gemslice4
  • Slice UUID: 58665b24-6b2a-11e2-a39d-001143e453fe

Demo Steps

  • Slice is already fully instrumentized using gdesktop-init.py and gdesktop-instrumentize.py
  • AA-specific steps take place in gdesktop-instrumentize.py
  • An edited version of -instrumentize will be run to demonstrate the AA steps (see workflow below)
  • The UNIS log will be made visible to show the interaction with instrumentize.
  • Once the AA steps have completed, the MS on the GN will be started.
  • One or more BLiPP instances will be started on the MP nodes.
  • A browser (or unis_client) will be used to access metadata on UNIS and relevant data on the MS.
  • Only authorized users will have access via either the user or proxy certificates.

Interfaces and Workflow

Available Features (2/5)

  • UNIS, MS, and BLiPP are secured via PKI
  • UNIS, MS, BLiPP use GEMINI authorization (ABAC slice_admin role) to restrict access to network resource objects
    • Note: MS does not authorize read/write to /data
  • Instrumentize has been updated to generate proxy certificates and ABAC credentials
    • Certificates are automatically copied to nodes in slice
    • Credentials get pushed to UNIS to allow access for services on the nodes
  • RSpec manifest is converted to UNIS format and pushed securely to UNIS service
  • BLiPP service configuration is generated and pushed securely to UNIS

Available Features by GEC16 (3/19)

  • MS authorizes read/write access to /data
  • GENI/GEMINI Desktop support
    • Note: issue is with NSS versus OpenSSL for curl on Fedora images
    • Might be resolved with custom images, or re-compiled packages
  • RSpec Parser to return slice UUID and other information as JSON object

To be resolved by GEC16 (3/19)

  • Improved error handling during instrumentize
  • Improved creddy integration, reduce number of dependencies
  • Try to remove extra passphrase entry during instrumentize
  • Code changes fully merged (UNIS, MS, and BLiPP)

Attachments (3)

Download all attachments as: .zip