[
https://issues.apache.org/jira/browse/AIRAVATA-2500?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16311996#comment-16311996
]
Marcus Christie commented on AIRAVATA-2500:
-------------------------------------------
Setting up Carbonate on dev.seagrid.org:
{code:sql}
update
COMPUTE_RESOURCE_PREFERENCE
set
SSH_ACCOUNT_PROVISIONER =
'org.apache.airavata.accountprovisioning.provisioner.IULdapSSHAccountProvisionerProvider',
SSH_ACCOUNT_PROVISIONER_ADDITIONAL_INFO = 'Before your account on Carbonate
can be configured it needs to be created. Please use the <a
href="https://access.iu.edu/Accounts/Create"; target="_blank">Access Management
System</a> to request an account.'
where
GATEWAY_ID = 'seagrid'
and RESOURCE_ID like 'carbonate.uits.iu.edu_%';
insert into SSH_ACCOUNT_PROVISIONER_CONFIG (GATEWAY_ID, RESOURCE_ID,
CONFIG_NAME, CONFIG_VALUE)
values ('seagrid',
'carbonate.uits.iu.edu_f460c07c-001a-48b9-ac5e-ca799ddd2a5a', 'ldap-host',
'bazooka.hps.iu.edu');
insert into SSH_ACCOUNT_PROVISIONER_CONFIG (GATEWAY_ID, RESOURCE_ID,
CONFIG_NAME, CONFIG_VALUE)
values ('seagrid',
'carbonate.uits.iu.edu_f460c07c-001a-48b9-ac5e-ca799ddd2a5a', 'ldap-port',
'636');
insert into SSH_ACCOUNT_PROVISIONER_CONFIG (GATEWAY_ID, RESOURCE_ID,
CONFIG_NAME, CONFIG_VALUE)
values ('seagrid',
'carbonate.uits.iu.edu_f460c07c-001a-48b9-ac5e-ca799ddd2a5a', 'ldap-username',
'cn=sgrcusr,dc=rt,dc=iu,dc=edu');
insert into SSH_ACCOUNT_PROVISIONER_CONFIG (GATEWAY_ID, RESOURCE_ID,
CONFIG_NAME, CONFIG_VALUE)
values ('seagrid',
'carbonate.uits.iu.edu_f460c07c-001a-48b9-ac5e-ca799ddd2a5a', 'ldap-password',
'c0bcaa79-7cb7-488e-a769-d1f71844bc02');
insert into SSH_ACCOUNT_PROVISIONER_CONFIG (GATEWAY_ID, RESOURCE_ID,
CONFIG_NAME, CONFIG_VALUE)
values ('seagrid',
'carbonate.uits.iu.edu_f460c07c-001a-48b9-ac5e-ca799ddd2a5a', 'ldap-base-dn',
'ou=Carbonate,dc=rt,dc=iu,dc=edu');
insert into SSH_ACCOUNT_PROVISIONER_CONFIG (GATEWAY_ID, RESOURCE_ID,
CONFIG_NAME, CONFIG_VALUE)
values ('seagrid',
'carbonate.uits.iu.edu_f460c07c-001a-48b9-ac5e-ca799ddd2a5a',
'canonical-scratch-location', '/N/dc2/scratch/${username}/dev-seagrid');
{code}
> Automated cluster account provisioning for gateway users
> --------------------------------------------------------
>
> Key: AIRAVATA-2500
> URL: https://issues.apache.org/jira/browse/AIRAVATA-2500
> Project: Airavata
> Issue Type: Bug
> Components: Airavata System
> Reporter: Marcus Christie
> Assignee: Marcus Christie
>
> The initial use case for this system is the IU Cybergateway. We need the
> following capabilities:
> * query for whether a user has an account
> ** for IU Cybergateway the user cluster access is determined by querying LDAP
> * add an SSH public key for the user to authenticate (actually Airavata to
> authenticate on behalf of the user) to the cluster
> ** for IU Cybergateway the key is added to LDAP
> Once the user has a cluster account and their SSH key has been added the
> following additional things need to be done
> * test that Airavata can authenticate to the cluster on the users behalf
> * add a scratch location that Airavata will use for the user on the cluster
> Eric Coulter has developed a prototype LDAP client that can query for a
> user's account and deposit an SSH key in LDAP:
> https://github.iu.edu/jecoulte/airavata-ldap-prototype (note: this link is
> only accessible via IU credentials).
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)
