Permalink
Fetching contributors…
Cannot retrieve contributors at this time
123 lines (97 sloc) 4.14 KB

UNIS

UNIS and the MS (also included in this codebase) are a part of the Periscope measurement framework which also includes BLiPP. You can find more information about all these components here.

https://travis-ci.org/periscope-ps/unis.svg?branch=master

Installation

For Debian, but should adapt to any linux flavor

First, you’ll need a few basic things

$ sudo apt-get install python-setuptools python-dev redis-server python-dateutil

You might also need swig

$ sudo apt-get install swig

UNIS requires several third-party python packages, install these with pip. If you do not have pip installed, follow the instructions here: https://pip.pypa.io/en/latest/installing.html

$ pip install tornado dateutil

UNIS and the MS use ABAC for authentication purposes. Install ABAC by following the instructions found here: http://abac.deterlab.net/

Now run the setup script in top level of the repository. You can use --prefix or --install-dir to install it somewhere other than the default location. The default usually requires using sudo.

$ python setup.py install

You can attempt to run it

$ periscoped

or to run it straight from the repository

$ python periscope/app.py

Either of which will start it running on port 8888.

You may encounter problems related to AUTH or GEMINI specific files, I’ll try to cover these.

For Redhat, create RPM…

python setup.py bdist_rpm

The dependencies are configured in setup.cfg.

m2crypto issue

If you see something like

ImportError: /usr/local/lib/python2.7/dist-packages/M2Crypto-0.21.1-py2.7-linux-x86_64.egg/M2Crypto/__m2crypto.so: undefined symbol: SSLv2_method

You’re probably running Ubuntu - try installing python-m2crypto from apt-get.

$ sudo apt-get install python-m2crypto

Now remove the version of M2Crypto that Periscope was complaining about. In the example above, that would mean doing.

$ rm -r /usr/local/lib/python2.7/dist-packages/M2Crypto-0.21.1-py2.7-linux-x86_64.egg/

Now if you try python periscope/app.py again, you should be in business. Or at least you should get some errors that have to do with your config. Running with SSL or ABAC turned on may require some additional packages. See the configuration section.

MongoDB issue

If you face the following error probably you haven’t installed mongodb

event=netlogger.periscope.Failed to connect to the MongoDB service - [Errno 111] Connection refused level=Error

please install mongodb mentioned in the following tutorial MongoDB-installation-ubuntu

Special note on ABAC

For enabling Auth, we need to install libabac from http://abac.deterlab.net/src/abac-0.1.9.tar.gz and do ./configure , make and make install on it. This will also install creddy which can be used to generate the certificates and attribute rules.

Using Creddy to create ABAC rules

Generating a key pair

creddy --generate --cn <cnname>

Assigning an attribute to a principal by another principal

Normally a main principal assigns attribute to each user Something A <- B.b1

creddy --attribute --issuer <A_ID.pem> --key <A_private.pem> --role srand --subject-cert <B_ID.pem> --out <out.der>

Delegating principal to another role

Creating a rule like A.a1 <- B.a2

creddy --attribute --issuer <A_ID.pem> --key <A_private.pem> --role srand --subject-cert <B_ID.pem> --subject-role <somerole> --out <out.der>

Verifying

Verfication can be done by using crudge Webstart app on the folder of certificates

Configuration

Mostly done by editing periscope/settings.py

Inside you can enable or disable the MS, enable or disable SSL, and ABAC.

For quick testing, find the corresponding variables in settings.py and make them look like so:

ENABLE_SSL = False
MS_ENABLE = True
ENABLE_AUTH = False