Add copying credentials to worker node, and pulling VMs with them #12

Closed
wants to merge 7 commits into
from

Conversation

Projects
None yet
2 participants
@oldpatricka
Member

oldpatricka commented Nov 26, 2010

So, this isn't polished yet, but I thought I'd push this up and have you guys take a look at it, and see what you think before I do any more work on it. All I wanted at this point was something that worked, and now want to get some other eyes on it to make sure this approach doesn't do anything crazy that you guys don't like.

The idea is that users might (well in my case users do) want to pull images from an https repository using an x509 proxy cert. To do this, we need some kind of delegation method, to get a credential on the service, and some method of copying the credential to the VMM. Originally, I planned on using the standard Globus delegation factory, but realized that this isn't included with Nimbus anymore, and probably wouldn't be portable when Nimbus moves away from WSRF. So I did the simplest thing I could think of, and just added a field to the optional XML file that workspace.sh uses. The idea is that users can just stuff their credential in there, and Nimbus can use it. The nimbus service then pushes this credential to the workspace control tmp directory.

There's also a new propagation adapter for https, which takes the --prop-extra-args parameter to get the filename of the credential it should use when pulling a file.

Any feedback?

oldpatricka added some commits Nov 4, 2010

Change arguments to prop-extra-args to play nicely with other uses
Just in case someone else ever uses prop-extra-args for anything. Other
wc arguments seem to use the 'argument;argument;argument' format, so
repeat that here.
Refactor CustomizationNeed to FileCopyNeed.
This way it can also be used for files that need to be copied to the VMM
node at Propagate time (credentials).

This also means that files that are contexed in are copied at
propagation time, rather than start time, as in the past.
Fix restarting gzipped images.
Since the files will have been unzipped in a previous start attempt,
they will fail on a second attempt unless we check that they've already
been unzipped.
@oldpatricka

This comment has been minimized.

Show comment
Hide comment
@oldpatricka

oldpatricka Dec 8, 2010

Member

Huh. This diff looks strange, but it's a pretty simple patch.

Member

oldpatricka commented on b94dbc0 Dec 8, 2010

Huh. This diff looks strange, but it's a pretty simple patch.

@oldpatricka

This comment has been minimized.

Show comment
Hide comment
@oldpatricka

oldpatricka Dec 8, 2010

Member

So this is a much cleaned up from when this pull was first asked for. It renames the CustomizationNeed to FileCopyNeed, as this is used for copying credentials now. This also happens at propagate time, rather than start time.

As before, comments are welcome.

Member

oldpatricka commented Dec 8, 2010

So this is a much cleaned up from when this pull was first asked for. It renames the CustomizationNeed to FileCopyNeed, as this is used for copying credentials now. This also happens at propagate time, rather than start time.

As before, comments are welcome.

@labisso

This comment has been minimized.

Show comment
Hide comment
@labisso

labisso Dec 28, 2010

Member

Merged in cee6e2f

Member

labisso commented Dec 28, 2010

Merged in cee6e2f

This issue was closed.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment