Archived

This forum has been archived. Please start a new discussion on GitHub.

IcePAM and Hesperia::Bootstrap services

Hi,

There are a couple of utilities we developed which may be useful to other Ice users:
  • IcePAM is an IceBox service implementing a PermissionsVerifier and an SSLPermissionsVerifier which uses PAM to perform actual authentication. IcePAM is useful to centralize user management in an LDAP directory, AD, or whatever.
  • Hesperia::Bootstrap is an IceBox service which implements automatic IceGrid configuration (even with replicated registries) for a LAN. It relies on a tiny patch against Ice for C++ I already sent to this forum (to perform basic multicast group membership management when using D class addresses in an UDP endpoint). The patch is already included in the Debian/Ubuntu distribution.
Hesperia::Bootstrap was designed for a very specific setup. We want to remotely boot a bunch of labs with a minimal GNU/Linux distribution, use all the available computers to perform some tasks at night, and then switch everything off. But it may also be useful in other scenarios.

Bootstrap use multicast messages to publish or locate registries. You may force any computer to become a registry using a config option or (by default) you may leave registries unspecified and then they will be eventually be chosen among the computers running bootstrap.

A pair of python scripts may be used to find the proxy for the locator (even if registry is replicated) or to reset the whole LAN to start a new election.

Bootstrap automatically starts IceGridNode properly configured with IcePAM. In the default configuration people from the icegrid group will be able to create Admin sessions. In combination with IceStorm (also using multicast endpoints) you may use Bootstrap in a multi-LAN setup without any need for multicast routing. Beware that if security is a concern you should force all registries to be in known hosts. Also to prevent DoS attacks we plan to use an encrypted udp transport for the Bootstrap protocol.

Regards,
F. Moya

Comments