Fourth Update of INDIGO-2
The Fourth Update of INDIGO-2 release contains:
Accounting (APEL) v. 1.4.0-1
What's new
Minor Changes:
Split the APEL REST Interface and APEL Server into two containers and use docker-compose to deploy: https://github.com/apel/rest/pull/31
Refactor test POST code into a single method that is called several times: https://github.com/apel/rest/pull/33
Fix a bug in the sender.py script: https://github.com/apel/rest/pull/34
Bug Fixes:
Remove coveralls from the Docker Image: https://github.com/apel/rest/pull/38
Installation & Configuration
For more details please see Instalation & Configuration Guide
Artefacts
indigodatacloud/accounting:indigo_2 - CentOS7 based image
CloudProviderRanker v. 0.6.0
What's new
Added support to customize SLA ranking rules.
List of RfCs
Issue #23 - updated Dockerfile
Issue #24 - Make SLA targets ranking expression customizable
Issue #25 - Docker container is based on a deprecated image
Issue #26 - Add a CLI option parser
Issue #39 - Update documentation
updated kubernetes template
Installation & Configuration
Please read the updated documentation CloudProviderRanker Guide
Artefacts
INDIGO IAM v. 1.0.0
What's new
This release provides improvements, bug fixes and new features:
IAM now supports hierarchical groups. The SCIM group management API has been extended to support nested group creation and listing, and the IAM dashboard can now leverage these new API functions
IAM now supports native X.509 authentication and the ability to link/unlink X.509 certificates to a user membership
IAM now supports configurable on-demand account provisioning for trusted SAML IDPs; this means that the IAM can be configured to automatically on-board users from a trusted IdP/federation after a succesfull external authentication (i.e. no former registration or administration approval is required to on-board users)
IAM now provides an enhanced token management and revocation API that can be used by IAM administrators to see and revoke active tokens in the system
Account linking can be now be disabled via a configuration option
IAM dashboard now correctly displays valid active access tokens for a user
A problem that caused IAM registration access tokens to expire after the first use has been fixed
IAM now provides an endpoint than can be used to monitor the service connectivity to external service (ie. Google)
Improved SAML metadata handling and reloading
The IAM audit log now provides fine-grained information for many events
The IAM token introspection endpoint now correctly supports HTTP form authentication
Notes in registration requests are now required to make life easier for VO administrators that wants to understand the reason for a registration request
Password reset emails now contain the username of the user that has requested the password reset
A stronger SAML account linking logic is now in place
Starting from this release, we provide RPM and Deb packages and a puppet module to configure the IAM service
The spring-boot dependency has been updated to version 1.3.8.RELEASE
An issue that prevented access to the token revocation endpoint has been fixed
More details:
Supported Platforms:
The IAM service is distributed as package for CentOS7 and Ubuntu 16.04 and as a docker image from Dockerhub. In order to run the service using the container, you will need Docker v. 1.11.1 or greater. If you want to use docker-compose to deploy the service, you will also need docker-compose v.1.7.0 or greater.
List of RfCs
Milestone v1.0.0 on github:
Installation & Configuration
IAM Login Service can be deployed in two different ways:
as Docker container
as systemd daemon from precompiled packages
Also a Puppet module is provided to simplify the installation and setup, available at https://github.com/indigo-iam/puppet-indigo-iam. This module is leveraging on the precompiled packages.
IAM docker image
The IAM service is provided on the following DockerHub repositories:
indigoiam/iam-login-service
indigodatacloud/iam-login-service
How to run the docker container
The IAM service is executed by starting the docker container with the following command:</br>
$ docker run --name iam-login-service \</br> --net=iam -p 8080:8080 \</br> --env-file=/path/to/iam-login-service/env \</br> -v /path/to/keystore.jks:/keystore.jks:ro \</br> indigodatacloud/iam-login-service</br>
See our gitbook Admin Guide for all configuration variables description.
Deployment with precompiled packages
Since IAM 1.0.0, precompiled packages are available to install IAM Login service
Supported platforms:
CentOS 7
Ubuntu 16.04
Packages and repo files are hosted on https://repo.cloud.cnaf.infn.it/repository/indigo-iam public repository.
Installation
Install the required Indigo IAM repository, install the IAM login service package.
On CentOS:</br>
$ sudo yum install -y iam-login-service</br>On Ubuntu:</br>
$ sudo apt-get install -y iam-login-service</br>
Run the service</br>
The service is managed by Systemd, so to run it use:</br>
$ sudo systemctl start iam-login-service</br>
Artefacts
Ubuntu16.04
Docker Container:
Indigo-Kepler v 1.2
What's new
Added mechanism to refresh an IAM token. It is used internally by every Kepler actor which communicates with FutureGateway, so that the workflow continues execution even after the original token expires.
List of RfCs
Issue #7 - Support OpenID
Installation & Configuration
The changes are internal to every Kepler actor. User switching to v1.2 does not need to do any changes in Kepler workflows created with prior version of the module.
Artefacts
Ansible role for VM/Docker with VNC (also released in Ansible Galaxy and Docker Hub with v1.2 tag)
Ansible role for VM/Docker in a batch, non-GUI version (also released in Ansible Galaxy and Docker Hub with v1.2 tag)
CentOS7 source tarballs
Ubuntu16.04 source tarballs
LiferayPlugIns v. 2.1.0
What's new
The new version include a deeply revised customisable portlet which better integrate with OneData allowing users to
access their information without cut&paste from OneData web interface.
List of RfCs
Issue-15 - OneData integration
Issue-20 - Handle time synchronization problem robustly
Issue-22 - PTV Validation for external user
Issue-23 - Customisable portlet problem with string in json configuration
Issue-25 - Customisable Application Portlet makes REST calls for unlogged user
Issue-26 - Improve error handling in Customisable Application Portlet
Issue-27 - Misleading errors in log file about problems parsing a valid token
Installation \& Configuration
This is the same as previous release and included in the gitBook documentation. Previous components has to deactivated and new version deployed and activated through the Liferay app console in the control panel.
More information can be found in the "Upgrade to a new release" section of the Administration Guide
Artefacts
CentOS 7
Ubuntu14.04
Orchent v. 1.1.0
What's new
Highlights of this update are:
added support for time and user based filtering #24
added support for alias in a local configuration file #25
add 'test' command to check if the url specified is backed by the orchestrator (to ensure the url has no typos etc) #20
List of RfCs
Installation & Configuration
Documentation is avalable at - Orchent GitBook
Artefacts
Ubuntu14.04
Container
OOI v. 1.2.0
What's new
The updated version provides:
New features: Implemented VM resize support.
Bug Fixes: Fix floating IP association issue with OpenStack Neutron and several OCCI rendering issues.
List of RfCs
The complete list is at: https://launchpad.net/ooi/+milestone/1.2.0
Floating IP association issue with OpenStack Neutron: https://bugs.launchpad.net/ooi/+bug/1709249
mixins missing location attribute: https://bugs.launchpad.net/ooi/+bug/1687933
os_tpl and resource_tpl mixins are missing
applies: https://bugs.launchpad.net/ooi/+bug/1687938resource_tpl mixins missing default values: https://bugs.launchpad.net/ooi/+bug/1687943
floatingippool mixins need a "parent" mixin: https://bugs.launchpad.net/ooi/+bug/1687935
Installation & Configuration
In order to update the packages please use:
For CentOS 7:
yum clean all && yum update python-ooiFor Ubuntu 14:04:
apt-get update && apt-get install python-ooiNo extra actions are needed.
Artefacts
Synergy Service, v. 1.5.2 and Scheduler Manager, v. 2.5.0
What's new
This update brings many new features and bug fixes like
New Synergy service features:
added security support
New Synergy Scheduler Manager features:
added security support
implemented the new features required by the Partition Director (e.g. support for policy settings via API to define the list of projects allowed to use the share quota and the relevant shares; the number of user requests per Project, waiting in the priority queue)
added support to OpenStack Ocata
List of RfCs
Complete list of issues is available at: https://review.openstack.org/#/q/projects:openstack/synergy
Installation & Configuration
Service Reference Card: https://indigo-dc.gitbooks.io/synergy-doc/content/doc/service_reference_card.html
Update/Upgrade Synergy packages: https://indigo-dc.gitbooks.io/synergy-doc/content/doc/admin.html
Artefacts
Supported Operating Systems platforms:
CentOS 7
Ubuntu 16.04
Supported CMF (Cloud Management Framework) versions:
OpenStack v. Ocata
OpenStack v. Newton
OpenStack v. Mitaka (only CentOS 7)
OpenStack v. Liberty (only CentOS 7)
Packages:
WaTTS v. 1.2.0
What's new
Mainly the release contains the newest Erlang VM under the hood witha faster startup time by running more concurrent and an enforced check of the user agent and peer ip of the clients.
List of RfCs
https://github.com/indigo-dc/tts/issues/135, Issue-140 - idh-single-user had issues with different providers, caused by local user cache
Installation & Configuration
Just apt install also documented here (maybe add two settings into the config, if updating from 1.0.0):
https://github.com/indigo-dc/tts/blob/master/gitbook/admin.md
Upgrading the TTS from version 0.2.2 to 0.4.0 is straight forward. As the configuration files are compatible the only actions to do are:
stop the TTS:
tts stopinstall the new package
start the newly installed TTS:
tts start
Artefacts
Ubuntu 14.04
Ubuntu 16.04
Last updated