With recent cybersecurity requirements, Verdi compute nodes are locked down in private VPC/Security Groups. WebDAV from the verdi compute nodes are no longer accessible from operations teams. This establishes proxy to enable operators to access each compute node’s WebDAV service regardless if verdi is on private or internal VPC/SG.

Assumptions

• Webdav into compute nodes is done for ops only and we do not need large-scalability with this feature

• Would be ok to proxy via factotum

Use cases

• Baseline: WebDAV link to compute node on JPLnet

• WebDAV proxying to private VPC (10.0.x.x)

• WebDAV proxying into Pleiades

  • Defer for later

  • May require double proxying

Requirements

• Proxy HTTP to browse html view (index-style CSS) served out of each verdi compute node

Desirements

• Proxy WebDAV protocol  (extension beyond HTTP) → mount WebDAV over proxy onto compute node

Approaches (sorted in complexity involved)

• Proxy router script

  • mamba-factotum.aria.hysds.io:11111/100.67.33.239:8085/jobs/2020/07/06/13/08/standard_product-s1gunw-acq_enumerator__develop-S1A_OPER_AUX_POEORB_OPOD_20200706T120826_V20200615T225942_20200617T005942-v1.1-20200706T130033.550856Z

  • With HTTP BASIC AUTH with LDAP

• Other open source tools that may be doing this?

• vhosting from factotum

  • worker-100.67.33.239.mamba-factotum.aria.hysds.io/jobs/2020/07/06/13/08/standard_product-s1gunw-acq_enumerator__develop-S1A_OPER_AUX_POEORB_OPOD_20200706T120826_V20200615T225942_20200617T005942-v1.1-20200706T130033.550856Z

  • With HTTP BASIC AUTH with LDAP

• ssh remote tunnel from factotum

  • May look like the reverse of what we did for proxying verdi to PCM on Pleiades

    • NASA HECC Pleiades

User’s Guide

Developers Guide

Implementation Notes

References