You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@airavata.apache.org by "Marcus Christie (JIRA)" <ji...@apache.org> on 2018/01/04 20:36:00 UTC
[jira] [Commented] (AIRAVATA-2500) Automated cluster account
provisioning for gateway users
[ https://issues.apache.org/jira/browse/AIRAVATA-2500?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16311988#comment-16311988 ]
Marcus Christie commented on AIRAVATA-2500:
-------------------------------------------
Removed TDS cluster configuration from dev seagrid, so this undoes the [sql in this comment|https://issues.apache.org/jira/browse/AIRAVATA-2500?focusedCommentId=16182848&page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#comment-16182848]
{code:sql}
update
COMPUTE_RESOURCE_PREFERENCE
set
SSH_ACCOUNT_PROVISIONER = null,
SSH_ACCOUNT_PROVISIONER_ADDITIONAL_INFO = null
where
GATEWAY_ID = 'seagrid'
and RESOURCE_ID like 'tds.uits.iu.edu_%';
delete FROM SSH_ACCOUNT_PROVISIONER_CONFIG
where GATEWAY_ID = 'seagrid'
and RESOURCE_ID = 'tds.uits.iu.edu_fe6f6bdb-8328-4566-86f4-20847b7f4f5c';
{code}
> Automated cluster account provisioning for gateway users
> --------------------------------------------------------
>
> Key: AIRAVATA-2500
> URL: https://issues.apache.org/jira/browse/AIRAVATA-2500
> Project: Airavata
> Issue Type: Bug
> Components: Airavata System
> Reporter: Marcus Christie
> Assignee: Marcus Christie
>
> The initial use case for this system is the IU Cybergateway. We need the following capabilities:
> * query for whether a user has an account
> ** for IU Cybergateway the user cluster access is determined by querying LDAP
> * add an SSH public key for the user to authenticate (actually Airavata to authenticate on behalf of the user) to the cluster
> ** for IU Cybergateway the key is added to LDAP
> Once the user has a cluster account and their SSH key has been added the following additional things need to be done
> * test that Airavata can authenticate to the cluster on the users behalf
> * add a scratch location that Airavata will use for the user on the cluster
> Eric Coulter has developed a prototype LDAP client that can query for a user's account and deposit an SSH key in LDAP: https://github.iu.edu/jecoulte/airavata-ldap-prototype (note: this link is only accessible via IU credentials).
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)