Join GitHub today
Add copying credentials to worker node, and pulling VMs with them #12
So, this isn't polished yet, but I thought I'd push this up and have you guys take a look at it, and see what you think before I do any more work on it. All I wanted at this point was something that worked, and now want to get some other eyes on it to make sure this approach doesn't do anything crazy that you guys don't like.
The idea is that users might (well in my case users do) want to pull images from an https repository using an x509 proxy cert. To do this, we need some kind of delegation method, to get a credential on the service, and some method of copying the credential to the VMM. Originally, I planned on using the standard Globus delegation factory, but realized that this isn't included with Nimbus anymore, and probably wouldn't be portable when Nimbus moves away from WSRF. So I did the simplest thing I could think of, and just added a field to the optional XML file that workspace.sh uses. The idea is that users can just stuff their credential in there, and Nimbus can use it. The nimbus service then pushes this credential to the workspace control tmp directory.
There's also a new propagation adapter for https, which takes the --prop-extra-args parameter to get the filename of the credential it should use when pulling a file.