Skip to content

Latest commit

 

History

History
74 lines (56 loc) · 3.94 KB

README.md

File metadata and controls

74 lines (56 loc) · 3.94 KB

Fed4FIRE Aggregate Manager for EdgeNet

CI/Build CI/Docker Coverage

This package implements the GENI Aggregate Manager API Version 3 to federate EdgeNet under the Fed4FIRE+ project.

Accessing EdgeNet through Fed4FIRE

  • To run experiments on a Fed4FIRE testbed, follow the instructions at https://doc.fed4fire.eu.
  • EdgeNet defines one non-exclusive sliver type named container and one disk image named ubuntu2004.
  • View the testbed status on FedMon.

Example RSpecs

Minimal

<rspec type="request" xsi:schemaLocation="http://www.geni.net/resources/rspec/3 http://www.geni.net/resources/rspec/3/request.xsd " xmlns:client="http://www.protogeni.net/resources/rspec/ext/client/1" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://www.geni.net/resources/rspec/3">
  <node client_id="PC" component_manager_id="urn:publicid:IDN+edge-net.org+authority+am"  exclusive="false">
  </node>
</rspec>

Specific node and disk image

<rspec type="request" xsi:schemaLocation="http://www.geni.net/resources/rspec/3 http://www.geni.net/resources/rspec/3/request.xsd " xmlns:client="http://www.protogeni.net/resources/rspec/ext/client/1" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://www.geni.net/resources/rspec/3">
  <node client_id="PC" component_id="urn:publicid:IDN+edge-net.org+node+geni-us-tn-cb07.edge-net.io" component_manager_id="urn:publicid:IDN+edge-net.org+authority+am"  exclusive="false">
      <sliver_type name="container">
          <disk_image name="urn:publicid:IDN+edge-net.org+image+ubuntu2004"/>
      </sliver_type>
  </node>
</rspec>

Architecture

  • The AM server is stateless, all the information about slices and slivers is stored in Kubernetes objects annotations.
  • Object names are derived from the first 8 bytes of the SHA512 hash of the RSpec name. This allows to create objects with names that are valid in the GENI spec, but not in Kubernetes which mostly allows only alphanumeric chars.

Workarounds

  • Fed4FIRE uses client certificates with non-standard OIDs that are not supported by the Go X.509 parser. As such we rely on nginx to verify the client certificate and pass the decoded certificate to the AM server. The openssl CLI tool is then used to process the certificate, instead of the Go standard library.

Deployment

The AM image is hosted on Docker Hub (edgenetio/fed4fire):

docker run edgenetio/fed4fire:main --help

The AM must be deployed behind a reverse proxy that pass the X-Fed4Fire-Certificate header. For an example, see dev/nginx.conf.

Development

git clone [email protected]:EdgeNet-project/fed4fire.git && cd fed4fire/dev/
# Create a self-signed server certificate and download the trusted client root certificates
make
# Start the AM behind nginx
docker-compose up
# Optionnally, connect to the Go debug server
dlv connect localhost:40000
# Issue XML-RPC calls (set `--cert` to the appropriate client certificate path)
curl --cacert self_signed/ca-server.pem \
     --cert ~/.jFed/login-certs/*.pem \
     --data '<methodCall><methodName>GetVersion</methodName><params/></methodCall>' \
     --header 'Content-Type: text/xml' \
     --request POST \
     https://localhost:9443