C Python Java Shell PHP C++ CSS
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Failed to load latest commit information.
azprocci
broker
cnprocci
cocarrier
cocci
coco
cocspi
coeasy
coees
coidms
coips
command
comodel adaptation of SQL generation to allow for cordscript sql needs Mar 7, 2014
comons
conagios
conets-paas
conets
configuration
coobas better link selection when database back end Dec 4, 2013
cool
copaas addition of postgresql libraries and operation Dec 2, 2013
copabr propogation of location/scope values Mar 11, 2014
cops
cords
cordscripts
corest
cosacs
cosched
cosql
coss
coxml addition of username and password attributes to the document conversi… Mar 2, 2014
dashboard
dcprocci
debian Add cosql packages Aug 27, 2014
dodo
dummyprocci
easigsm
example addition of postgresql libraries and operation Dec 2, 2013
eziprocci Fixed *printf mismatched formaters/parameters Feb 11, 2014
ezvm
fileserver
jaccords/jsrc jaccordsSDK update Nov 5, 2013
jaccordsSDK jaccordsSDK update Nov 7, 2013
m4
manifests
manpages
model
oaprocci
occi
onprocci
orgabas
osocciprocci
osprocci
paasprocci better list handling for linked list walkers Dec 4, 2013
paprocci
parser
procci
publisher addition of postgresql libraries and operation Dec 2, 2013
pubocci
pyaccords
pyaccordsSDK fix for python component manager compile Feb 17, 2014
python
scripts
slam correction in control stop/verify action confrontation Feb 20, 2014
testaz resolution of the ubuntu build failure due to missing xthread builder Feb 14, 2014
testcb
testcn
testcp
testdc
testhdfs
testocci
teston
testorga
testos
testosocci
testresolver
testrest
testsuite Removing testoscci and example from RPM Nov 23, 2012
tools
.gitignore
AUTHORS
AppManifest0.xsd corrections in schema for min occurs Jan 11, 2013
COPYING Update main licence Sep 24, 2012
Certificates.crt
ChangeLog
INSTALL
LICENSE-2.0.txt
Makefile.am
NEWS
README Update documentation on TLS modes Feb 12, 2014
README.OpenBSD-5.2
accounts.xml
analyse.css
autogen.sh
clean
coips.xml
compatibleone-paprocci-java.spec.in
compatibleone.spec.in
configure.ac
corcs.xsd
cords.xsd
cordstypes.xsd
easiclouds.xsd
easitypes.xsd
federation.xsd addition of federation and saas schemas and addition of federation ty… Jun 1, 2013
find-missing-files-after-dist.sh
index.html
manifest.xsd
metrics.xml
nagios.xsd
paasmanifest.xsd
paastypes.xsd
prices.xml
provision.xsd
pyaccords_config.sh
quotatypes.xsd
saas.xsd
slam.xsd
slamtest.xml
slamtypes.xsd
users.xml

README

------------------------------------------------------------------------------------------
File		:	README 
Project	:	COMPATIBLE ONE ACCORDS
Author	:	Iain James Marshall
Created	:	19th November 2011
Updated	:	29th November 2011
------------------------------------------------------------------------------------------

INTRODUCTION 
------------
This file provides useful information about the production, installation, behaviour and use 
of the CompatibleOne Accords Brokering and Provisioning Platform. It is divided into three
primary sections covering production, installation and operation. Additional sections then
following providing background information pertaining to Security, Authentication, Monitoring,
Data and Temporary Files. 

PRODUCTION
----------
If you are reading this file then you will have cloned the accords-platform from the 
CompatibleOne OW2 Gitorious and will perhaps want to build the binary package.

Currently two build systems are provided. The first one for debian based systems is
based on the standard Debian packaging system. Make sure you have 'dpkg-dev' installed and
type 'dpkg-buildpackage -rsudo -b' in this directory.
The other one, the build.linux script, is to be used for non Debian based Linux platforms.

In both cases, to build the Accords Platform Binary package, simply execute the required
build script and wait till the compilation and link has all completed.

The Accords platforms depend on the following other tools and libraries which need to be 
installed on your platform before launching your build script.

	AUTOCONF
	
        AUTOMAKE
	
        AUTOTOOLS
	
        PYTHON-DEV
	
        PYTHON-BOTO

        MAKE

	GCC

	OPENSSL

	UUID

If you get this package from git repository, you must run:
# ./autogen.sh

To build this package, you can run:
# ./configure [options] (see ./configure --help for options)
# make

PLATFORM SPECIFICS
------------------

On some compilers (gcc 4.4), some additional flags are needed for the compiler.
Try a compbination of:
CFLAGS="-Wl,--no-as-needed"
LDFLAGS="-ldl"

You can pass these flags to configure script, or to make invocation.

INSTALLATION
------------

To install all files, run (as root):
# make install


PYACCORDSSDK CONFIGURATION
--------------------------

To configure the PyAccordsSDK path, run the following (as root):
# ./pyaccords_config.sh


OPERATION
---------

If you have not installed files, you must run the following commands from 'scripts' dir.

ACCORDS package provides a configuration script called 'accords-config'.

The configuration script may take several parameters which will influence the way in which the
installation will be performed.

1) 	configuration file name
2) 	host name of the platform
3)	base port number of the installation
4)	publisher url of the form http://host:port

5)	this parameter when present will activate security
6)	this parameter when present will specify the monitoring options

When no parameters are passed the installation will be performed as if it had been launched as:

	accords-config accords.xml http://127.0.0.1 8086 http://127.0.0.1:8086

The configuration procedure will create the master configuration file for all of the components 
of the Accords platform and when security is active will generate the security configurations,
certificates and private keys for all the OCCI server modules comprising the system. In addition,
a collection of command scripts will be generated that are configured facilitating the use of 
the different components of the platform.

The following collection of command scripts are to be used for the operation of the platform. 

1)	co-start
	This script must be launched to start the Accords Platform and bring the servers online and 
	takes no command line parameters. The script launchs the collection of run scripts, one for
	each of the accords platform component servers. Each server will be launched in background
	operation mode as a daemon process.

		co-start

2)	co-status
	This script may be launched to inspect the status of the Accords Platform. The status inspection 
	operation may be performed by hand using either the ps command and grepping for the processes 
	which use the the accords.xml configuration file. It may also be performed using netstat to detect
	the individual server's listening socket.

		co-status

3)	co-parser
	This script allows a manifest to be submitted for parsing and results in the creation
	of a fully qualified plan. The script takes a single parameter, the stub name of the xml
	manifest file without the xml file extension. The script launchs the executable bin/testcp
	and defines the required publisher and security information as described during installation.

		co-parser platform

4)	co-broker
	This script allows the resources described by a plan to be provisioned as a service and started.
	The script takes a single parameter, the stub name of the xml plan file without the xml file 
	extension. The script launchs the executable bin/testcb and defines the required publisher 
	and security information as described during installation.

		co-broker platform

5)	co-resolver
	This script allows the publisher to be queried for category service provider information.
	The script takes any quantity of command line parameters, expected to be category names
	that will be requested of the publisher for resolution of their service provider identity.
	The recent version of the executable bin/testresolver allows a command line option --price
	allowing activation of resolution of price information for each category processed.

		co-resolver compute storage network system package

		co-resolver --price manifest service contract openstack opennebula

6)	co-command
	This script allows a provisioned service to be started, stopped or saved. The script expects
	any number of command line parameters, the first of which must be one of the two keywords 
	"start" or "stop". The subsequent parameters are to be valid service instance description
	filenames in the service directory. The corresponding command will be performed on each of the 
	service instance descriptions bringing all contracts of the service up or down as required.

		co-command start service/uuid-of-service-instance

		co-command stop service/uuid-of-service-instance

7)	co-stop
	This script must be launched to stop the Accords Platform and bring the servers offline.
	This script takes no command line parameter and will perform a killall -15 operation for
	each of the service components of the accords platform. Service components intercept this
	signal and perform a garceful exit after releasing all ressources and saving any data.

		co-stop

Several additional binary executable test programs are offered by the package allowing access to the 
different cloud provider platforms currently supported for use by the Accords Platform. These tools 
allow inspection of the different resources of the platforms and have a platform specific command 
line syntax.

1)	testos
	This program provides a test client interface for the OpenStack platform and although it was
	initially aligned for operation with the version 1.0 since the arrival of Diablo and version 1.1
	interoperability has not been maintained by the platform itself. The OpenStack platform offers
	several resource types: flavors, images, servers and metadata. The specific command line syntax 
	for the management of resources using this tool may be consulted in the integrated help screen
	that may be obtained by simply launching the tool with no command line parameters.
	
2)	teston

3)	testaz

SECURITY
--------
During the installation operation if security has been requested then a security directoy will be 
created into which the security configuration files of each of the platform components will be 
generated. In addition the private key and certificates will also be generated into this directory.

The files generated into the security directory are not to be world readable for obvious reasons.

Each individual security configuration file defines the private key, certificate, user name, password 
and the security options of each of the server components. 

The Private Keys and Certificates are currently only self signed and will therefore cause Incorrect 
Certificate alerts and errors to be thrown when used with the Certificate Exchange and Validation 
Mechanisms activated. This highlights the need for a mechanism within the CompatibleOne platform for 
the production and delivery of Valid Certification Authority Signed certificates for use not only by 
the Accords platform components but also by the provisioned resources and products delivered by the 
platform. 

The security option (resp. mode) values are defined as follows:

1,2,4		These three option values are undefined in this SSL / TLS implementation for ACCORDS.

8		REQUEST PEER CERTIFICATE (mode: request-peer)
		When this option value is set then the server will issue a Send Certificate request to
		the client during the Server Hello phase of handshake and cypher negociation. 
		This option instructs the Client to validate the Certificate chain received from the 
		Server prior to sending the Client side certificate if one is available. Self Signed
		Certificates with throw "Incorrect Certificate" alerts when this option is active.
		If a Certificate is not exchanged then no failure will occur since it not mandatory.

16		REQUIRE PEER CERTIFICATE (mode: require-peer)
		This options requires an exchange of valid Certificates by both Client and Servers.
		An error will occur if no Certificate is made available or if the Certificate is not
		Correct.

32		DER KEY FILE FORMAT (mode: der-key)
		When this option is set it indicates that the Private Key file is not a base64 PEM
		Ascii encoded file but rather a binary DSR,ASN or otherwise encoded file.

64		DER CERTIFICATE FILE FORMAT (mode: der-cert)
		When this option is set it indicates that the Certificate File is not a base64 PEM
		Ascii encoded file but rather a binary DSR,ASN or otherwise encoded file.

128		SSL COMPATIBLE (mode: ssl-compat)
		when this option is set then the SSL compatible mode will be activated and as such the
		client connection handshake will commence with an SSL V2 or V3 Hello Message. This may
		be accepted by SSL V1, V2, V3 and TLS v1 servers. However an RFC dating from April 2011
		is now recommending that this is bad practice since it allows MTM attacks to influence
		both the client and server to be misled into believing that the other party requires an
		inferior protocole. The RFC is strongly advocating that this v23 Client Hello should be
		phased out as quickly as possible. In compliance with this recommendation the TLS / SSL 
		functions of the Accords Platform will issue a TLS V1 Client Hello Message and as a
		server will only communicate with Clients behaving accordingly. This requirement may be
		relaxed by use of this option value.

256		INTERNAL SSL CERTIFICATE VERIFICATION (mode: internal)
		This option may be set when Exchange of Self-Signed Certificates by Clients and Servers
		is required. This is necessary for instance when working with Windows Azure platforms
		which expressly request provision of a self signed certificate by the client endpoint.


Additionnaly, the following values can be used in place of, or in complement of,
the previous ones:

1024	SSL ACCEPT INVALID CERTIFICATE (mode: accept-invalid)
		When this option is set, any certificate will be accepted without
		verification of its validity.

2048	SSL ACCEPT SELF SIGNED CERTIFICATE (mode: self-signed)
		When this option is set, self signed certificates will be accepted, but
		they must be valid otherwise.

4096	SSL ACCEPT VALID CERTIFICATE ONLY (mode: valid-cert)
		With this option, only valid certificates will be accepted.

8192	SSL ACCEPT CERTIFICATE FROM SAME CA ONLY (mode: same-ca)
		This option allows for certificate authentication, based on the same CA
		for both peer certificate signatures.


These options are necessary during the development and test phases of the Accords platform and should 
be used carefully and only by persons with a solid understanding of the RFC for TLS and their implications 
towards the resulting platform security. 

HINT
----
The value of the security options is provided by two different
variables "options" and "optionst" inside the "install.linux" and "install.debian" scripts to allow the 
value to be set for servers and for tools independantly. It is however recommened that they be set to the
same value to ensure homogenous operation.
In place of the "options" attribute, one can use the human readable "mode" attribute. It can contain one or
more space-separated values from the above list.

AUTHENTICATION
--------------
When security has been requested and activated during the installation phase, an individual user name 
and associated password will have been generated to the security configuration file of each component.
The user category management service database will be generated to include the collection of valid user 
name and password authentication credentials. The corresponding authorisation option of the security 
configuration file, when set, will cause the service component to present the credentials to COSS for
authentication prior to requesting the creation of an authorization token allowing collaboration by the 
service in the Accords Platform. This authorization credential will be presented in the OCCI/REST/HTTP 
header of ALL Request and Response messages sent by the Client of Server endpoints of the Service component.
For obvious reasons neither the PUBLISHER nor the COSS modules are required to perform authentication and
authorization though this will be introduced as a retro fit requirement at a later date.
 
MONITORING
----------
During the platform operation, log and trace information will be generated as described by the
monitoring parameter of the installation script.

0)	No monitoring
1) 	All monitoring is sent to the file co-log
2)	All monitoring is sent to the Module COMONS, except for the PUBLISHER, COMONS and COSS
3)	Monitoring information is sent to both the file co-log and to COMONS
6)	Optimised Monitoring is sent to the Module COMONS, except for the PUBLISHER, COMONS and COSS
	and to the file co-log.

When COMONS monitoring is active then only the service modules started after COMONS are able to make 
use of the centralised monitoring service. Therefore the activation of CO-LOG monitoring is necessary
for the fundamental modules of the platform : PUBLISHER, COSS and COMONS. 

DATA
----
The collection of XML files cords_*.xml and links_*.xml represent the internal state of the different
server components of the platform. They are updated as their internal state changes and will be reloaded
when the corrresponding component restarts.

TEMPORARY FILES
---------------
The directory "rest/" contains the contents of the messages exchanged by the server components during 
operation and may be consulted. These may have several different extensions depending on the source
of the information and may be XML, JSON, OCCI, HTML or TMP files. 

HINT
----
This directory will need to be cleaned
at regular intervals in cases of prolonged operation otherwise performance degradation will occur due to
the number of files that accumulate here. 

-----------
End of File
-----------