airavata-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Marcus Christie (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (AIRAVATA-2500) Automated cluster account provisioning for gateway users
Date Thu, 04 Jan 2018 20:43:00 GMT

    [ https://issues.apache.org/jira/browse/AIRAVATA-2500?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16311996#comment-16311996
] 

Marcus Christie commented on AIRAVATA-2500:
-------------------------------------------

Setting up Carbonate on dev.seagrid.org:
{code:sql}
update
    COMPUTE_RESOURCE_PREFERENCE
set
    SSH_ACCOUNT_PROVISIONER = 'org.apache.airavata.accountprovisioning.provisioner.IULdapSSHAccountProvisionerProvider',
    SSH_ACCOUNT_PROVISIONER_ADDITIONAL_INFO = 'Before your account on Carbonate can be configured
it needs to be created. Please use the <a href="https://access.iu.edu/Accounts/Create"
target="_blank">Access Management System</a> to request an account.'
where
    GATEWAY_ID = 'seagrid'
    and RESOURCE_ID like 'carbonate.uits.iu.edu_%';

insert into SSH_ACCOUNT_PROVISIONER_CONFIG (GATEWAY_ID, RESOURCE_ID, CONFIG_NAME, CONFIG_VALUE)
  values ('seagrid', 'carbonate.uits.iu.edu_f460c07c-001a-48b9-ac5e-ca799ddd2a5a', 'ldap-host',
'bazooka.hps.iu.edu');
insert into SSH_ACCOUNT_PROVISIONER_CONFIG (GATEWAY_ID, RESOURCE_ID, CONFIG_NAME, CONFIG_VALUE)
  values ('seagrid', 'carbonate.uits.iu.edu_f460c07c-001a-48b9-ac5e-ca799ddd2a5a', 'ldap-port',
'636');
insert into SSH_ACCOUNT_PROVISIONER_CONFIG (GATEWAY_ID, RESOURCE_ID, CONFIG_NAME, CONFIG_VALUE)
  values ('seagrid', 'carbonate.uits.iu.edu_f460c07c-001a-48b9-ac5e-ca799ddd2a5a', 'ldap-username',
'cn=sgrcusr,dc=rt,dc=iu,dc=edu');
insert into SSH_ACCOUNT_PROVISIONER_CONFIG (GATEWAY_ID, RESOURCE_ID, CONFIG_NAME, CONFIG_VALUE)
  values ('seagrid', 'carbonate.uits.iu.edu_f460c07c-001a-48b9-ac5e-ca799ddd2a5a', 'ldap-password',
'c0bcaa79-7cb7-488e-a769-d1f71844bc02');
insert into SSH_ACCOUNT_PROVISIONER_CONFIG (GATEWAY_ID, RESOURCE_ID, CONFIG_NAME, CONFIG_VALUE)
  values ('seagrid', 'carbonate.uits.iu.edu_f460c07c-001a-48b9-ac5e-ca799ddd2a5a', 'ldap-base-dn',
'ou=Carbonate,dc=rt,dc=iu,dc=edu');
insert into SSH_ACCOUNT_PROVISIONER_CONFIG (GATEWAY_ID, RESOURCE_ID, CONFIG_NAME, CONFIG_VALUE)
  values ('seagrid', 'carbonate.uits.iu.edu_f460c07c-001a-48b9-ac5e-ca799ddd2a5a', 'canonical-scratch-location',
'/N/dc2/scratch/${username}/dev-seagrid');

{code}

> Automated cluster account provisioning for gateway users
> --------------------------------------------------------
>
>                 Key: AIRAVATA-2500
>                 URL: https://issues.apache.org/jira/browse/AIRAVATA-2500
>             Project: Airavata
>          Issue Type: Bug
>          Components: Airavata System
>            Reporter: Marcus Christie
>            Assignee: Marcus Christie
>
> The initial use case for this system is the IU Cybergateway.  We need the following capabilities:
> * query for whether a user has an account
> ** for IU Cybergateway the user cluster access is determined by querying LDAP
> * add an SSH public key for the user to authenticate (actually Airavata to authenticate
on behalf of the user) to the cluster
> ** for IU Cybergateway the key is added to LDAP
> Once the user has a cluster account and their SSH key has been added the following additional
things need to be done
> * test that Airavata can authenticate to the cluster on the users behalf
> * add a scratch location that Airavata will use for the user on the cluster
> Eric Coulter has developed a prototype LDAP client that can query for a user's account
and deposit an SSH key in LDAP: https://github.iu.edu/jecoulte/airavata-ldap-prototype (note:
this link is only accessible via IU credentials).



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

Mime
View raw message