Fourth Update of INDIGO-2
Last updated
Last updated
The Fourth Update of INDIGO-2 release contains:
Minor Changes:
Split the APEL REST Interface and APEL Server into two containers and use docker-compose to deploy:
Refactor test POST code into a single method that is called several times:
Fix a bug in the sender.py script:
Bug Fixes:
Remove coveralls from the Docker Image:
Added support to customize SLA ranking rules.
updated kubernetes template
This release provides improvements, bug fixes and new features:
IAM now supports hierarchical groups. The SCIM group management API has been extended to support nested group creation and listing, and the IAM dashboard can now leverage these new API functions
IAM now supports native X.509 authentication and the ability to link/unlink X.509 certificates to a user membership
IAM now supports configurable on-demand account provisioning for trusted SAML IDPs; this means that the IAM can be configured to automatically on-board users from a trusted IdP/federation after a succesfull external authentication (i.e. no former registration or administration approval is required to on-board users)
IAM now provides an enhanced token management and revocation API that can be used by IAM administrators to see and revoke active tokens in the system
Account linking can be now be disabled via a configuration option
IAM dashboard now correctly displays valid active access tokens for a user
A problem that caused IAM registration access tokens to expire after the first use has been fixed
IAM now provides an endpoint than can be used to monitor the service connectivity to external service (ie. Google)
Improved SAML metadata handling and reloading
The IAM audit log now provides fine-grained information for many events
The IAM token introspection endpoint now correctly supports HTTP form authentication
Notes in registration requests are now required to make life easier for VO administrators that wants to understand the reason for a registration request
Password reset emails now contain the username of the user that has requested the password reset
A stronger SAML account linking logic is now in place
Starting from this release, we provide RPM and Deb packages and a puppet module to configure the IAM service
The spring-boot dependency has been updated to version 1.3.8.RELEASE
An issue that prevented access to the token revocation endpoint has been fixed
More details:
Supported Platforms:
The IAM service is distributed as package for CentOS7 and Ubuntu 16.04 and as a docker image from Dockerhub. In order to run the service using the container, you will need Docker v. 1.11.1 or greater. If you want to use docker-compose to deploy the service, you will also need docker-compose v.1.7.0 or greater.
Milestone v1.0.0 on github:
IAM Login Service can be deployed in two different ways:
as Docker container
as systemd daemon from precompiled packages
The IAM service is provided on the following DockerHub repositories:
indigoiam/iam-login-service
indigodatacloud/iam-login-service
How to run the docker container
The IAM service is executed by starting the docker container with the following command:</br>
$ docker run --name iam-login-service \</br> --net=iam -p 8080:8080 \</br> --env-file=/path/to/iam-login-service/env \</br> -v /path/to/keystore.jks:/keystore.jks:ro \</br> indigodatacloud/iam-login-service</br>
Since IAM 1.0.0, precompiled packages are available to install IAM Login service
Supported platforms:
CentOS 7
Ubuntu 16.04
Installation
Install the required Indigo IAM repository, install the IAM login service package.
On CentOS:</br>
$ sudo yum install -y iam-login-service</br>
On Ubuntu:</br>
$ sudo apt-get install -y iam-login-service</br>
Run the service</br>
The service is managed by Systemd, so to run it use:</br>
$ sudo systemctl start iam-login-service</br>
CentOS7
Ubuntu16.04
Docker Container:
Added mechanism to refresh an IAM token. It is used internally by every Kepler actor which communicates with FutureGateway, so that the workflow continues execution even after the original token expires.
The changes are internal to every Kepler actor. User switching to v1.2 does not need to do any changes in Kepler workflows created with prior version of the module.
Sources
Ansible role for VM/Docker with VNC (also released in Ansible Galaxy and Docker Hub with v1.2 tag)
Ansible role for VM/Docker in a batch, non-GUI version (also released in Ansible Galaxy and Docker Hub with v1.2 tag)
CentOS7 source tarballs
Ubuntu16.04 source tarballs
Container
The new version include a deeply revised customisable portlet which better integrate with OneData allowing users to
access their information without cut&paste from OneData web interface.
This is the same as previous release and included in the gitBook documentation. Previous components has to deactivated and new version deployed and activated through the Liferay app console in the control panel.
CentOS 7
Ubuntu14.04
Highlights of this update are:
added support for time and user based filtering #24
added support for alias in a local configuration file #25
add 'test' command to check if the url specified is backed by the orchestrator (to ensure the url has no typos etc) #20
CentOS7
Ubuntu14.04
Container
The updated version provides:
New features: Implemented VM resize support.
Bug Fixes: Fix floating IP association issue with OpenStack Neutron and several OCCI rendering issues.
In order to update the packages please use:
For CentOS 7:
yum clean all && yum update python-ooi
For Ubuntu 14:04:
apt-get update && apt-get install python-ooi
No extra actions are needed.
CentOS7
Ubuntu14.04
This update brings many new features and bug fixes like
New Synergy service features:
added security support
New Synergy Scheduler Manager features:
added security support
implemented the new features required by the Partition Director (e.g. support for policy settings via API to define the list of projects allowed to use the share quota and the relevant shares; the number of user requests per Project, waiting in the priority queue)
added support to OpenStack Ocata
Supported Operating Systems platforms:
CentOS 7
Ubuntu 16.04
Supported CMF (Cloud Management Framework) versions:
OpenStack v. Ocata
OpenStack v. Newton
OpenStack v. Mitaka (only CentOS 7)
OpenStack v. Liberty (only CentOS 7)
Packages:
CentOS7
Ubuntu 14.04
Mainly the release contains the newest Erlang VM under the hood witha faster startup time by running more concurrent and an enforced check of the user agent and peer ip of the clients.
Just apt install also documented here (maybe add two settings into the config, if updating from 1.0.0):
Upgrading the TTS from version 0.2.2 to 0.4.0 is straight forward. As the configuration files are compatible the only actions to do are:
stop the TTS: tts stop
install the new package
start the newly installed TTS: tts start
CentOS 7
Ubuntu 14.04
Ubuntu 16.04
Please read -
For more details please see
- CentOS7 based image
- updated Dockerfile
- Make SLA targets ranking expression customizable
- Docker container is based on a deprecated image
- Add a CLI option parser
- Update documentation
Please read the updated documentation
Also a Puppet module is provided to simplify the installation and setup, available at . This module is leveraging on the precompiled packages.
See our gitbook for all configuration variables description.
Packages and repo files are hosted on public repository.
- Support OpenID
- OneData integration
- Handle time synchronization problem robustly
- PTV Validation for external user
- Customisable portlet problem with string in json configuration
- Customisable Application Portlet makes REST calls for unlogged user
- Improve error handling in Customisable Application Portlet
- Misleading errors in log file about problems parsing a valid token
More information can be found in the "Upgrade to a new release" section of the
Documentation is avalable at -
The complete list is at:
Floating IP association issue with OpenStack Neutron:
mixins missing location attribute:
os_tpl and resource_tpl mixins are missing applies:
resource_tpl mixins missing default values:
floatingippool mixins need a "parent" mixin:
Complete list of issues is available at:
Service Reference Card:
Update/Upgrade Synergy packages:
, - idh-single-user had issues with different providers, caused by local user cache