Skip to content

Add copying credentials to worker node, and pulling VMs with them #12

wants to merge 7 commits into from

2 participants

Nimbus member

So, this isn't polished yet, but I thought I'd push this up and have you guys take a look at it, and see what you think before I do any more work on it. All I wanted at this point was something that worked, and now want to get some other eyes on it to make sure this approach doesn't do anything crazy that you guys don't like.

The idea is that users might (well in my case users do) want to pull images from an https repository using an x509 proxy cert. To do this, we need some kind of delegation method, to get a credential on the service, and some method of copying the credential to the VMM. Originally, I planned on using the standard Globus delegation factory, but realized that this isn't included with Nimbus anymore, and probably wouldn't be portable when Nimbus moves away from WSRF. So I did the simplest thing I could think of, and just added a field to the optional XML file that uses. The idea is that users can just stuff their credential in there, and Nimbus can use it. The nimbus service then pushes this credential to the workspace control tmp directory.

There's also a new propagation adapter for https, which takes the --prop-extra-args parameter to get the filename of the credential it should use when pulling a file.

Any feedback?

oldpatricka added some commits Nov 4, 2010
@oldpatricka oldpatricka Implement simple proxy copying in service and client 89f15e8
@oldpatricka oldpatricka Cleanup service changes for copying a proxy 1de3fd4
@oldpatricka oldpatricka Add https pulling with x509 credential to workspace control 6550fcb
@oldpatricka oldpatricka Add persistance and clean up credential copying.
Also do some cleanup.
@oldpatricka oldpatricka Change arguments to prop-extra-args to play nicely with other uses
Just in case someone else ever uses prop-extra-args for anything. Other
wc arguments seem to use the 'argument;argument;argument' format, so
repeat that here.
@oldpatricka oldpatricka Refactor CustomizationNeed to FileCopyNeed.
This way it can also be used for files that need to be copied to the VMM
node at Propagate time (credentials).

This also means that files that are contexed in are copied at
propagation time, rather than start time, as in the past.
@oldpatricka oldpatricka Fix restarting gzipped images.
Since the files will have been unzipped in a previous start attempt,
they will fail on a second attempt unless we check that they've already
been unzipped.
Nimbus member

Huh. This diff looks strange, but it's a pretty simple patch.

Nimbus member

So this is a much cleaned up from when this pull was first asked for. It renames the CustomizationNeed to FileCopyNeed, as this is used for copying credentials now. This also happens at propagate time, rather than start time.

As before, comments are welcome.

Nimbus member
labisso commented Dec 28, 2010

Merged in cee6e2f

This issue was closed.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Something went wrong with that request. Please try again.