| | 1 | [[PageOutline]] |
| | 2 | |
| | 3 | = GENI Desktop Project Status Report = |
| | 4 | |
| | 5 | Period: Solicitation 4 Year 2 |
| | 6 | |
| | 7 | == I. Major accomplishments == |
| | 8 | |
| | 9 | The following highlights our accomplishments during the last year. |
| | 10 | |
| | 11 | === A. Milestones achieved === |
| | 12 | |
| | 13 | * Modified the GENI Desktop to support "Speaks-for" authentication being developed/supported by the control frameworks and other GENI tools/services. |
| | 14 | |
| | 15 | * Incorporated user-driven feedback into the GENI Desktop to support new user-requested services and features. |
| | 16 | |
| | 17 | * Developed new training materials that incorporate the changes made to the GENI Desktop. |
| | 18 | |
| | 19 | * Integrated and leveraged existing tools and services (e.g., Jacks) into the GENI Desktop for managing topologies, experiments, and results. |
| | 20 | |
| | 21 | * Collected user feedback regarding usability of the GENI Desktop and made major changes to improve its ease-of-use and aesthetics. |
| | 22 | |
| | 23 | * Adapted the GENI Desktop archiving service for storing and retrieving experiment results and artifacts from iRoDs to support a new archival service with enhanced features. |
| | 24 | |
| | 25 | * Enhanced the set of scriptable resource management, instrumentation, and monitoring available to experimenters and other tools. |
| | 26 | |
| | 27 | * Enabled integration of the GENI Desktop with other experimenter tools. |
| | 28 | |
| | 29 | * Created documentation and tutorial materials to reflect this latest version of the GENI Desktop. |
| | 30 | |
| | 31 | === B. Deliverables made === |
| | 32 | |
| | 33 | * We enhanced the GENI Desktop to use "Speaks-for" credentials for accessing resources from other GENI components on behalf of users. |
| | 34 | |
| | 35 | * We implemented an initial version of the slice verification and configuration testing service. |
| | 36 | |
| | 37 | * We developed code for super slice support in the GENI Desktop. |
| | 38 | |
| | 39 | * We developed a completely new user interface for the GENI Desktop which we call "GENI Desktop Lite" that greatly improves the look-and-feel and ease-of-use of the GENI Desktop. |
| | 40 | |
| | 41 | * We integrated the Jacks tool into the GENI Desktop, enabling users to create topologies and instantiate experiments (i.e., slices) using the Jacks tool. We also integrated the Adopt-A-GENI (AAG) tool into the GENI desktop. |
| | 42 | |
| | 43 | * We developed and integrated a new archival service into the GENI Desktop that leverages VMs to hold, and later display, the archived experiment state in the same context as it was initially collected and viewed. |
| | 44 | |
| | 45 | * We designed and implemented a GENI Desktop Command Line Interface (gdcli) that enables users to write scripts that control, manage, and measure the performance of their slices through the GENI Desktop. |
| | 46 | |
| | 47 | * We demonstrated how the new gdcli can be used by other experimenter tools to integrate with the GENI Desktop. |
| | 48 | |
| | 49 | * We developed online documentation for the new gdcli interface and gave a tutorial entitled "Monitoring and Controlling Experiments with GENI Desktop Scripts and Modules" at the GEC 23 conference. |
| | 50 | |
| | 51 | == II. Description of work performed during the last year == |
| | 52 | |
| | 53 | The following provides a description of the progress made during the last year. |
| | 54 | |
| | 55 | === A. Activities and findings === |
| | 56 | |
| | 57 | Our activities this past year have resulted in enhanced functionality, |
| | 58 | improved ease-of-use, better authentication/security, a redesigned user |
| | 59 | interface, and the ability to control the GENI Desktop programmatically |
| | 60 | throught scripts. In particular, we: |
| | 61 | |
| | 62 | * Incorporated support for "Speaks-for" into the GENI Desktop |
| | 63 | |
| | 64 | * Designed and implemented a slice verification service |
| | 65 | |
| | 66 | * Designed and implemented a super slice abstraction |
| | 67 | |
| | 68 | * Developed a new archival services based on Xen VMs to restore entire contexts |
| | 69 | |
| | 70 | * Redesigned the look-and-feel of the GENI Desktop user interface to make it much easier to use |
| | 71 | |
| | 72 | * Integrated Jacks and Adopt-A-GENI (AAG) tools into the GENI Desktop |
| | 73 | |
| | 74 | * Designed and implemented a GENI Desktop Command Line Interface (gdcli) to enable script-based access to GENI Desktop functionality. |
| | 75 | |
| | 76 | The following briefly describes our activities this past year. We begin with our efforts to |
| | 77 | improve the authentication/authorization used to access the GENI Desktop, and |
| | 78 | then move on to describe new functionality added to the GENI Desktop, |
| | 79 | followed by a description of our efforts to enhance the look-and-feel of the |
| | 80 | GENI Desktop, and |
| | 81 | lastly our efforts to allow scripting of the GENI Desktop. |
| | 82 | |
| | 83 | |
| | 84 | ==== Authorization: Supporting "Speaks-for" ==== |
| | 85 | |
| | 86 | The "Speaks-for" credential allows trusted tools to act for, instead of |
| | 87 | acting as, an experimenter to perform certain actions, such as requesting |
| | 88 | resources from aggregates, accessing allocated resources, and installing |
| | 89 | software on experimental nodes. We enhanced the GENI Desktop to use "Speaks-for" |
| | 90 | credentials for accessing resources on behalf of users. Users no longer |
| | 91 | need to provide the private key to the GENI Desktop. We implemented an interface |
| | 92 | for the user to authorize the GENI Desktop to speak for her/him. A GENI |
| | 93 | Desktop-specific certificate is signed using the private key of the user. |
| | 94 | Because the whole process happens within the browser on the client side, |
| | 95 | the private key never leaves the user's machine. The "Speaks-for" credential |
| | 96 | allows the GENI Desktop to talk to aggregates and perform all necessary |
| | 97 | actions on behalf of the user. |
| | 98 | |
| | 99 | ==== New Functionality (1): Jacks, Archival, Verification and Super Slice Services ==== |
| | 100 | |
| | 101 | Another goal this past year has been to begin integrating support for other tools |
| | 102 | into the GENI Desktop. To demonstrate the ability to support other tools, we |
| | 103 | began by integrating the Jacks tool into the GENI Desktop. Users can now add |
| | 104 | resources to their slices by selecting Jacks in the GENI Desktop which will |
| | 105 | direct them to a GENI Desktop page that embeds the Jacks tool and allows them |
| | 106 | to allocate the resources (i.e., which uses the OMNI tool). RSPECs |
| | 107 | created by Jacks can be saved by the GENI Desktop for future use. |
| | 108 | |
| | 109 | In addition, we integrated the Adopt-A-GENI (AAG) flow specification module into |
| | 110 | the GENI Desktop, allowing users to visually define OpenFlow paths across the |
| | 111 | topology that are then sent to the AAG module to be instantiated in the |
| | 112 | OpenFlow controller. Although the AAG functionality is logically a distinct |
| | 113 | service/tool, the messaging system between windows in the GENI Desktop made |
| | 114 | it possible to incorporate this new tool with relatively little effort. In |
| | 115 | addition, we were able to add a new AAG Controller node type to the Jacks |
| | 116 | wrapper, thereby integrating the AAG controller into the Jacks tool as well. |
| | 117 | |
| | 118 | The existing archival service in the GENI Desktop leveraged the iRoDs storage |
| | 119 | service to store and later retrieve measurement data collected by the GENI |
| | 120 | Desktop. A key limitation of this service was the inability to easily (and |
| | 121 | quickly) access, view, and make sense of archived measurement data. To |
| | 122 | address this need, we developed a new archival service that not only archives |
| | 123 | the measurement data, but also archives the software and context used to |
| | 124 | display the data. Because the data and the environment needed to view the |
| | 125 | data are archived, users can quickly access an archive and view the saved |
| | 126 | data using the same tools available at the time the data was collected. |
| | 127 | |
| | 128 | To support this new archival service, we implemented an archival server that |
| | 129 | not only captures the measurement data stored on the global node (where |
| | 130 | measurement data is collected), but it also captures the state of the drupal |
| | 131 | system used to display the data, including all web server (apache) and |
| | 132 | database (mysql) files. GENI Desktop users can request that an archive be |
| | 133 | made, which is then sent to the archive server. When a user visits the |
| | 134 | archive web page on the archive server, they can select from any of the |
| | 135 | archived snapshots. The archive server will dynamically launch a Xen VM, |
| | 136 | setup the apache, mysql, and Drupal state needed to view the measurement |
| | 137 | data, install the archived measurement data, create login credentials for the |
| | 138 | user, and share the credentials with the GD so the user is automatically logged |
| | 139 | into the archive VM. The result is that the user is presented with the same |
| | 140 | look-and-feel as if they had gone to the global node at the time the snapshot was taken. |
| | 141 | |
| | 142 | We implemented the slice verification and configuration testing service |
| | 143 | as a module in GENI Desktop by taking advantage of the module builder function |
| | 144 | of the GENI Desktop. Based on the manifest of an experiment, the verification |
| | 145 | service analyzes the topology and performs tests about the interfaces of all |
| | 146 | nodes in the experiment. The initial version we implemented checks whether |
| | 147 | each interface is up and whether it is reachable from a ping test. |
| | 148 | The results are presented in a table showing the status of all the interfaces of |
| | 149 | all the nodes in the experiment. |
| | 150 | Later versions of the verification service included |
| | 151 | additional checks (particularly automated bandwidth checks) and also made it |
| | 152 | possible for users to write their own verification scripts to test for things |
| | 153 | of importance to their experiment. |
| | 154 | |
| | 155 | Building a large experiment is a difficult task in GENI, partly because |
| | 156 | it is more likely to fail if we create an experiment with a lot of nodes. |
| | 157 | At the same time, we may have multiple related experiments and want to |
| | 158 | combine these relatively small experiments together to form a large experiment. |
| | 159 | We developed a new "super slice" service in the GENI Desktop to support this functionality. |
| | 160 | Users can use the GENI Desktop to create a super slice by combining multiple |
| | 161 | existing slices together. The GENI Desktop provides a GUI for users to display |
| | 162 | multiple slices at the same time and pick any pair of nodes from different |
| | 163 | slices to establish a link between them. The Super Slice service in the GENI |
| | 164 | Desktop currently can then automatically set up GRE tunnels between these selected pairs of nodes |
| | 165 | from different slices. |
| | 166 | |
| | 167 | ==== A New User Interface: GENI Desktop Lite ==== |
| | 168 | |
| | 169 | Over the years the number of features and capabilities offered by the GENI |
| | 170 | Desktop has continued to expand. Indeed, a key goal of the GENI Desktop was |
| | 171 | to provide users with a context for managing all aspects of their experiment |
| | 172 | from setup and deployment to monitoring and archiving of measurements and |
| | 173 | results. The downside to this expanded functionality is increased complexity |
| | 174 | using the tool. |
| | 175 | At the same time, the number of experimenters who are using the GENI Desktop to |
| | 176 | create, manage, monitor, and control their slices has been grown rapidly, |
| | 177 | due, in part, to users being exposed to the GENI Desktop as part |
| | 178 | of GENI tutorials, summer camps, demontrations and online documents and |
| | 179 | videos. Feedback from this user group indicated that the extensive |
| | 180 | functionality available in GENI Desktop made it difficult for new users to |
| | 181 | navigate and use. |
| | 182 | |
| | 183 | To address this need for a tool that could be easily learned and used by new |
| | 184 | users, we completely redesigned the look-and-feel of the GENI Desktop to |
| | 185 | reduce complexity and make it simple to create, run, and monitor |
| | 186 | experiments. Our new "GENI Desktop (GD) Lite" interface is now the default |
| | 187 | intereface that users see when they log into the GENI Desktop. |
| | 188 | Users can still access the (original) advanced user interface if needed, but in most |
| | 189 | cases find that the GD Lite interface is sufficient. |
| | 190 | The Lite intereface is designed to take users through the lifecycle of an |
| | 191 | experiment. The Lite intereface starts by helping users create a slice, |
| | 192 | assigning resources to the slice, and then giving them access to a simplified |
| | 193 | version of the GENI Desktop topology view where they can log in to nodes, run |
| | 194 | their experiment, monitor basic traffic types, and archive results. Initial |
| | 195 | feedback on the new intereface has been extremely positive. |
| | 196 | |
| | 197 | In addition to a major rewrite of the web code for the user interface, one of the key |
| | 198 | challenges that we had to address was automating the global node setup, initialization, |
| | 199 | and instrumentation. While these "backend" operations were clearly visible |
| | 200 | in the old user interface, they had to be hidden in the new interface. This |
| | 201 | meant that the GENI Desktop had to be able to add global nodes into the slice |
| | 202 | (one for each aggregate) on the user's behalf. This required working with |
| | 203 | the aggregates to support the GENI AM API calls needed to add resources to an |
| | 204 | existing slice. In addition, the GENI Desktop needed to be able to initialize and then |
| | 205 | instrumentize the slice in the background (i.e., while allowing the user to |
| | 206 | view and use the slice in the GENI Desktop). This required changes to the |
| | 207 | GENI Desktop to monitor the background initialization/instrumentation |
| | 208 | process and incrementally enable functionality as it became available. For |
| | 209 | example, while resources are being allocated the GENI Desktop can only display |
| | 210 | the topology and the status of the node initialization. As soon as the |
| | 211 | initilization completes, the file upload, ssh, and run command functionality become available in the user |
| | 212 | interface. Later when the instrumentation completes, functionality such as |
| | 213 | displaying basic traffic graphs or archiving measurement data become |
| | 214 | available in the user interface. In short, users are now taken directly to the |
| | 215 | GENI Desktop topology view, bypassing several setup steps required by the old |
| | 216 | user interface. Commonly needed functionality is then automatically added as |
| | 217 | it becomes available. As part of the new Lite interface, we also simplified |
| | 218 | the design of the web page(s) used to select a predefined RSPEC. |
| | 219 | |
| | 220 | ==== Programming the Desktop: The GENI Desktop CLI (gdcli) ==== |
| | 221 | |
| | 222 | The GENI Desktop greatly simplifies the task of instrumenting and monitoring |
| | 223 | a users' experiment (slice). However, users could only access the GENI |
| | 224 | Desktop via a web interface. In other words, there was not programmatic way |
| | 225 | for experimenters or tool developers to leverage the GENI Desktop |
| | 226 | functionality. |
| | 227 | |
| | 228 | To address this need we designed a new interface to the GENI Desktop that |
| | 229 | could be used to programatically upload files, run commands, download |
| | 230 | measurement graphs, etc --- functions previously only possible via the GENI |
| | 231 | Desktop web interface. In particular, we developed an application that runs |
| | 232 | on Linux (or other Unix-based systems), Mac, and Window called the gdcli |
| | 233 | program that can be used to interact with the GENI Desktop. The gdcli |
| | 234 | program can be used to: |
| | 235 | |
| | 236 | * Upload files to a select set of nodes |
| | 237 | * Run a command on a select set of nodes |
| | 238 | * Download a traffic measurement graph (as PNG or CSV) from a select set of nodes |
| | 239 | * Download a normal file from a select set of nodes |
| | 240 | * Get a list of slices |
| | 241 | * Check the status of a slice |
| | 242 | * Get the topology of a slice |
| | 243 | * Validate the setup of a slice |
| | 244 | * List the nodes in a slice |
| | 245 | * List the links in a slice |
| | 246 | |
| | 247 | The gdcli program can be called from any scripting language (e.g., |
| | 248 | python, perl, sh (bash), .BAT files, etc). As a result, users are able to |
| | 249 | write programs in their favorite scripting language that make calls to the |
| | 250 | GENI Desktop to upload/download files, download measurement graphs, run |
| | 251 | commands, etc. |
| | 252 | |
| | 253 | There were several challenges that we had to address |
| | 254 | while implementing the gdcli scripting interface. |
| | 255 | First, we needed a way to make calls to the GENI Desktop server (e.g., to |
| | 256 | download a traffic graph, or run a command). To solve this problem we |
| | 257 | enhanced the GENI Desktop server to support HTTP posts that included |
| | 258 | parameters to the request specifying, for example, the list of traffic graphs to be |
| | 259 | downloaded (i.e., the nodes/links names and the types of graphs desired). |
| | 260 | We implemented a python backend server specifically designed to process the |
| | 261 | request, perform the action, and return the results. |
| | 262 | The python backend shares access |
| | 263 | with the previous GENI Desktop PHP code to the databases and files used by the |
| | 264 | GENI Desktop, thereby ensuring that the results returned by the gdcli are the |
| | 265 | same information as would be seen in the GENI Desktop web interface. |
| | 266 | |
| | 267 | A second challenge was securing the access to, and communication with, the |
| | 268 | new python backend server. To ensure communication is secure, all communication |
| | 269 | occurs over a secure connection using https. The problem of authorization |
| | 270 | requires not only that the user authenticate themselves to the server, but |
| | 271 | that the server obtain a "speaks-for" certificate to act on behalf of the |
| | 272 | user. Because the existing speaks-for generation tools are designed for |
| | 273 | interactive web use, not scripting, we decided to require that users first |
| | 274 | authorize a speaks-for using the existing GENI Desktop web interface which |
| | 275 | can then be stored and used by the GENI Desktop (and our new backend server) |
| | 276 | until the speaks-for expires. However, this does not solve the authorization |
| | 277 | problem. To ensure the users has the right to issue commands to our python |
| | 278 | backend server, the web interface of the GENI Desktop also creates a secret |
| | 279 | key (say at the same time the user authorizes the speaks for) that the user |
| | 280 | must store on their local machine. The secret key is used when communicating |
| | 281 | with the python backend server to prove that the user has the right to invoke |
| | 282 | the requested operations on the GENI Desktop. In that sense, users can think |
| | 283 | of the gdcli secret key like an ssh key that must be present on their local |
| | 284 | machine in order to access the service. |
| | 285 | |
| | 286 | A third issue involved handling the results/output of a gdcli request. The |
| | 287 | gdcli tool provide two mechanisms for handling the output from a request. |
| | 288 | The first, and most simple mechanism, concatenates all the output files/graphs and prints |
| | 289 | them to standard output, allowing users to redirect output to other programs |
| | 290 | or tools. The second way gdcli handles output is to deposit each graph, |
| | 291 | downloaded file, or output from a run command into a different file on the |
| | 292 | local machine. Files are automatically assigned names that describe their |
| | 293 | content (based on the slice, the aggregate, the node or link, and the type |
| | 294 | of graph). Because the naming convention is known to experimenters, they can |
| | 295 | easily write scripts that know what filenames to look for, and then feed |
| | 296 | those files to the appropriate program for processing (e.g., copying traffic |
| | 297 | graphs into a web directory to create a user-defined traffic mashup view). |
| | 298 | |
| | 299 | === B. Project participants === |
| | 300 | |
| | 301 | The following individuals are involved with the project in one way or another: |
| | 302 | * Jim Griffioen - Project PI |
| | 303 | * Zongming Fei - Project Co-PI |
| | 304 | * Hussamuddin Nasir - Technician/Programmer |
| | 305 | * Charles Carpenter - Technician/Programmer |
| | 306 | * Xiongqi Wu - Ph.D. Student |
| | 307 | * Jeremy Reed - Ph.D. Student |
| | 308 | |
| | 309 | === C. Publications (individual and organizational) === |
| | 310 | |
| | 311 | === D. Outreach activities === |
| | 312 | |
| | 313 | * We gave a presentation about the GENI Desktop and its features during the Introduction to GENI Instrumentation & Measurement Tools portion of the Getting Started with GENI tutorial at GEC 22 and GEC 23. |
| | 314 | |
| | 315 | * We gave a demo of the latest GENI Desktop features during the demo session at GEC 21, GEC 22, and GEC 23. |
| | 316 | |
| | 317 | * We gave a tutorial entitled "Monitoring and Controlling Experiments with GENI Desktop Scripts and Modules" at the GEC 23 conference. |
| | 318 | |
| | 319 | * We developed and posted online-documentation and online-tutorials that describe the new features of the GENI Desktop for users. |
| | 320 | |
| | 321 | === E. Collaborations === |
| | 322 | |
| | 323 | * Most of our collaborations have been between the GPO Portal team and the aggregate teams at Utah and RENCI. |
| | 324 | |
| | 325 | === F. Other Contributions === |
| | 326 | |
