You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@airavata.apache.org by "Marcus Christie (JIRA)" <ji...@apache.org> on 2018/01/04 20:36:00 UTC

[jira] [Commented] (AIRAVATA-2500) Automated cluster account provisioning for gateway users

    [ https://issues.apache.org/jira/browse/AIRAVATA-2500?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16311988#comment-16311988 ] 

Marcus Christie commented on AIRAVATA-2500:
-------------------------------------------

Removed TDS cluster configuration from dev seagrid, so this undoes the [sql in this comment|https://issues.apache.org/jira/browse/AIRAVATA-2500?focusedCommentId=16182848&page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#comment-16182848]

{code:sql}
update
    COMPUTE_RESOURCE_PREFERENCE
set
    SSH_ACCOUNT_PROVISIONER = null,
    SSH_ACCOUNT_PROVISIONER_ADDITIONAL_INFO = null
where
    GATEWAY_ID = 'seagrid'
    and RESOURCE_ID like 'tds.uits.iu.edu_%';
    
delete FROM SSH_ACCOUNT_PROVISIONER_CONFIG
where GATEWAY_ID = 'seagrid'
and RESOURCE_ID = 'tds.uits.iu.edu_fe6f6bdb-8328-4566-86f4-20847b7f4f5c';
{code}

> Automated cluster account provisioning for gateway users
> --------------------------------------------------------
>
>                 Key: AIRAVATA-2500
>                 URL: https://issues.apache.org/jira/browse/AIRAVATA-2500
>             Project: Airavata
>          Issue Type: Bug
>          Components: Airavata System
>            Reporter: Marcus Christie
>            Assignee: Marcus Christie
>
> The initial use case for this system is the IU Cybergateway.  We need the following capabilities:
> * query for whether a user has an account
> ** for IU Cybergateway the user cluster access is determined by querying LDAP
> * add an SSH public key for the user to authenticate (actually Airavata to authenticate on behalf of the user) to the cluster
> ** for IU Cybergateway the key is added to LDAP
> Once the user has a cluster account and their SSH key has been added the following additional things need to be done
> * test that Airavata can authenticate to the cluster on the users behalf
> * add a scratch location that Airavata will use for the user on the cluster
> Eric Coulter has developed a prototype LDAP client that can query for a user's account and deposit an SSH key in LDAP: https://github.iu.edu/jecoulte/airavata-ldap-prototype (note: this link is only accessible via IU credentials).



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)