Page Navigation: |
---|
Confidence Level Moderate This article includes input from several JPLers. Multiple subject matter experts can indicate that a page is more frequently reviewed and updated. |
---|
Intro
With recent cybersecurity requirements, Verdi compute nodes are locked down in private VPC/Security Groups. WebDAV from the verdi compute nodes are no longer accessible from operations teams. This establishes proxy to enable operators to access each compute node’s WebDAV service regardless if verdi is on private or internal VPC/SG.
Assumptions
Webdav into compute nodes is done for ops only and we do not need large-scalability with this feature
Would be ok to proxy via factotum
Use Cases
Baseline: WebDAV link to compute node on JPLnet
WebDAV proxying to private VPC (10.0.x.x)
WebDAV proxying into Pleiades
Defer for later
May require double proxying
Requirements
Proxy HTTP to browse html view (index-style CSS) served out of each verdi compute node
Desirements
Proxy WebDAV protocol (extension beyond HTTP) → mount WebDAV over proxy onto compute node
Approaches (sorted in complexity involved)
Proxy router script
mamba-factotum.aria.hysds.io:11111/100.67.33.239:8085/jobs/2020/07/06/13/08/standard_product-s1gunw-acq_enumerator__develop-S1A_OPER_AUX_POEORB_OPOD_20200706T120826_V20200615T225942_20200617T005942-v1.1-20200706T130033.550856Z
With HTTP BASIC AUTH with LDAP
Other open source tools that may be doing this?
vhosting from factotum
worker-100.67.33.239.mamba-factotum.aria.hysds.io/jobs/2020/07/06/13/08/standard_product-s1gunw-acq_enumerator__develop-S1A_OPER_AUX_POEORB_OPOD_20200706T120826_V20200615T225942_20200617T005942-v1.1-20200706T130033.550856Z
With HTTP BASIC AUTH with LDAP
ssh remote tunnel from factotum
May look like the reverse of what we did for proxying verdi to PCM on Pleiades