GENI
A GENI test bed needs three entities:
- Aggregate Manager (AM): A server which takes handles resource allocation and management.
- Clearinghouse (CH): A server to provide the experimenter with the needed credentials to send to the AM (certificates and credentials).
- Client: The client sends the experimenters request to the AM. First, the it retrieves the user's certificate and credentials from the CH (if not availabe already). Second, it sends the actual request to the AM.
GENI provides a reference framework for test beds compatible with GENI. AMsoil includes parts of these reference implementations. The GCF includes a clearinghouse which can be run to get certificates and credentials and a client called omni. Please see the Development page or the GENI wiki for more info on using them.
Note: The clearinghouse within the GCF is only a dumb implementation. It issues certificates for experimenters and credentials for slices without checking if those users are actually approved to do so. So the implementation is fine for developing, but not for production mode.
GENI uses URNs for identifying objects. Hence experimenters, slices and slivers have URNs (more info via the GENI wiki). Here the most common objects:
- Experimenter: A human user who uses a client to manage resources via an AM.
- Sliver: A physical or virtual resource. It is the smallest entity which can be addressed by an AM. Example: an IP address, a Virtual Machine, a FlowSpace.
- Slice: A collection of slivers.
The current version of the GENI AM API is 3. The version 3 and the previous version 2 is supported by the GCF and omni.
A major change between version 2 and 3 is that version 3 includes a two-stage commit. First, allocate is called to reserve the slice/sliver for a short period of time (e.g. 10 minutes). During allocation no resources are instanciated, they are just blocked from being reserved for others. In the second stage, provision is called which actually instanciates resources. Now the sliver/slice actually takes up resources (e.g. CPU power or disk space). Typically the expiry time of a provisioned slice/sliver is a matter of hours or days (e.g. 3 days).
AMsoil has a plugin which implements version 3 (see below).
Noteworthy information on the API can be found on the wiki:
Authentication in the GENI AM API is done via certificates. The client (e.g. omni) sends the experimenter's certificate with each request. This way the server can check if the client is really who it claims to be. Certificates are signed by the clearinghouse and the AM needs to check each request against a number of trusted CH root-certificates. The AM does not need all experimenter certificates, it rather checks if the sent experimenter certificate is signed by a trusted entity. Please find more info on the GENI wiki.
Authorization is performed via credentials. Credentials are used to authorize actions (in contrast to certificates which identify and authenticate). They specify the permissions of the experimenter relative to a slice or resource. Please find more info on the GENI wiki.
Pitfall Client certificates are not parsed in the development server. Please see the Development - Differences between production and development page.
relationships between Handler, DelegateBase, Delegate and Resource Manager.
{
"authority" : ["register", "remove", "update", "resolve", "list", "getcredential", "*"],
"refresh" : ["remove", "update"],
"resolve" : ["resolve", "list", "getcredential"],
"sa" : ["getticket", "redeemslice", "redeemticket", "createslice", "createsliver", "deleteslice", "deletesliver", "updateslice",
"getsliceresources", "getticket", "loanresources", "stopslice", "startslice", "renewsliver",
"deleteslice", "deletesliver", "resetslice", "listslices", "listnodes", "getpolicy", "sliverstatus"],
"embed" : ["getticket", "redeemslice", "redeemticket", "createslice", "createsliver", "renewsliver", "deleteslice",
"deletesliver", "updateslice", "sliverstatus", "getsliceresources", "shutdown"],
"bind" : ["getticket", "loanresources", "redeemticket"],
"control" : ["updateslice", "createslice", "createsliver", "renewsliver", "sliverstatus", "stopslice", "startslice",
"deleteslice", "deletesliver", "resetslice", "getsliceresources", "getgids"],
"info" : ["listslices", "listnodes", "getpolicy"],
"ma" : ["setbootstate", "getbootstate", "reboot", "getgids", "gettrustedcerts"],
"operator" : ["gettrustedcerts", "getgids"],
"*" : ["createsliver", "deletesliver", "sliverstatus", "renewsliver", "shutdown"]
}Summary:
