| | 242 | |
| | 243 | == Binding Emulab Constructs to DETER Constructs == |
| | 244 | |
| | 245 | Descartes will use Emulab as a [NewImpl resource allocation system]. This means formerly first class entities, such as Emulab users and projects will be the building blocks on which DETER entities will be built. The Emulab constructs will become more ephemeral. For example, a DETER experiment's allocation of computers and VLANs will be embodied as an Emulab experiment, but the DETER experiment will also contain the container configurations, procedures, data monitoring and constraint implementations. |
| | 246 | |
| | 247 | === Users, Projects, and Circles === |
| | 248 | |
| | 249 | Initially I was concerned that while DETER users and DETER projects would map fairly cleanly to Emulab users and projects, that circles would be a problem. The primary concern was that Emulab Projects map to UNIX groups on the testbed and that those UNIX permissions implement isolation on shared filesystems inside an experiment. Older UNIXes limited the number of groups to 16, and we had experienced problems crossing that limit. |
| | 250 | |
| | 251 | Investigations and experiments show that FreeBSD 9 (on which the testbed runs) allows a user to be a member of an unlimited number of groups, and that group ids are a full 32-bits. This means that both projects and circles can be directly mapped to Emulab projects, and that we can take advantage of existing isolation mechanisms. |
| | 252 | |
| | 253 | === Extensions to Emulab === |
| | 254 | |
| | 255 | Three main extensions must be made to Emulab to support this mapping: |
| | 256 | |
| | 257 | * An interface to create an Emulab user without a confirmation going to the user (Descartes will do the confirmation). |
| | 258 | * A variation on this exists for creating student users that we will flesh out into a full "create user" interface |
| | 259 | * An interface for creating EMulab Projects without a confirmation loop. Again Descartes will handle the validation of the DETER project. |
| | 260 | * There is old code for this in fedd, which once was to user dynamic projects. That code's time has apparently come. |
| | 261 | * A system for mapping circle names into project/UNIX group names. The Emulab project that underlies a DETER circle will be largely invisible to a user, except in that a UNIX group tied to it will be used to manipulate the file system. We will need to provide a simple mapping from the {user|project}:circle name to a project/group name. |
| | 262 | |
| | 263 | |
| | 264 | These should be easy to implement. |
