modulepackage
0.0.0-20220701091251-5c1051150871
Repository: https://github.com/edgenet-project/fed4fire.git
Documentation: pkg.go.dev
# README
Fed4FIRE Aggregate Manager for EdgeNet
This package implements the GENI Aggregate Manager API Version 3 to federate EdgeNet under the Fed4FIRE+ project.
Accessing EdgeNet through Fed4FIRE
- To run experiments on a Fed4FIRE testbed, follow the instructions at https://doc.fed4fire.eu.
- EdgeNet defines one non-exclusive sliver type named
containerand one disk image namedubuntu2004. - View the testbed status on FedMon.
Example RSpecs
Minimal
<rspec type="request" xsi:schemaLocation="http://www.geni.net/resources/rspec/3 http://www.geni.net/resources/rspec/3/request.xsd " xmlns:client="http://www.protogeni.net/resources/rspec/ext/client/1" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://www.geni.net/resources/rspec/3">
<node client_id="PC" component_manager_id="urn:publicid:IDN+edge-net.org+authority+am" exclusive="false">
</node>
</rspec>
Specific node and disk image
<rspec type="request" xsi:schemaLocation="http://www.geni.net/resources/rspec/3 http://www.geni.net/resources/rspec/3/request.xsd " xmlns:client="http://www.protogeni.net/resources/rspec/ext/client/1" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://www.geni.net/resources/rspec/3">
<node client_id="PC" component_id="urn:publicid:IDN+edge-net.org+node+geni-us-tn-cb07.edge-net.io" component_manager_id="urn:publicid:IDN+edge-net.org+authority+am" exclusive="false">
<sliver_type name="container">
<disk_image name="urn:publicid:IDN+edge-net.org+image+ubuntu2004"/>
</sliver_type>
</node>
</rspec>
Architecture
- The AM server is stateless, all the information about slices and slivers is stored in Kubernetes objects annotations.
- Object names are derived from the first 8 bytes of the SHA512 hash of the RSpec name. This allows to create objects with names that are valid in the GENI spec, but not in Kubernetes which mostly allows only alphanumeric chars.
Workarounds
- Fed4FIRE uses client certificates with non-standard OIDs that are not supported by the Go X.509 parser. As such we rely on nginx to verify the client certificate and pass the decoded certificate to the AM server. The openssl CLI tool is then used to process the certificate, instead of the Go standard library.
Deployment
The AM image is hosted on Docker Hub (edgenetio/fed4fire):
docker run edgenetio/fed4fire:main --help
The AM must be deployed behind a reverse proxy that pass the X-Fed4Fire-Certificate header.
For an example, see dev/nginx.conf.
Development
git clone [email protected]:EdgeNet-project/fed4fire.git && cd fed4fire/dev/
# Create a self-signed server certificate and download the trusted client root certificates
make
# Start the AM behind nginx
docker-compose up
# Optionnally, connect to the Go debug server
dlv connect localhost:40000
# Issue XML-RPC calls (set `--cert` to the appropriate client certificate path)
curl --cacert self_signed/ca-server.pem \
--cert ~/.jFed/login-certs/*.pem \
--data '<methodCall><methodName>GetVersion</methodName><params/></methodCall>' \
--header 'Content-Type: text/xml' \
--request POST \
https://localhost:9443
# Packages
No description provided by the author