Commit 54120cce authored by Ryan Goodfellow's avatar Ryan Goodfellow
Browse files

add new content



- start portal ops
- start facility ops
- update hello world guide
- start getting started

Signed-off-by: Ryan Goodfellow's avatarRyan Goodfellow <rgoodfel@isi.edu>
parent cb66524d
......@@ -6,7 +6,3 @@ description: >
Learn how to create experiments on Merge.
---
{{% pageinfo %}}
This is a placeholder page for experimentatoin docs
{{% /pageinfo %}}
---
title: "Getting Started"
linkTitle: "Getting Started"
weight: 1
description: >
Getting setup to use Merge.
---
This guide covers the basic things you need to do to get started with Merge.
## Web Interface
{{% pageinfo %}}
This is a placeholder page for web interface docs
{{% /pageinfo %}}
## Account Setup
{{% pageinfo %}}
This is a placeholder page for web-interface account setup
{{% /pageinfo %}}
## Command Line Interface
In addition to the Web interface, Merge has a fully functional command line
interface that has feature parity with the web interface.
### Account Setup
To begin using Merge you'll need an account. This in this example the username
being registered is `murph` with an associated email `murphy@mergetb.org` and a
password `muffins1701`.
```shell
mrg register murph murphy@mergetb.org muffins1701
```
Once you have done this a notification will be sent to the Merge portal
administrators to approve your account. Once your account has been approved, you
will be able to start using Merge.
---
title: "Hello World"
linkTitle: "Hello World"
weight: 1
weight: 2
description: >
A hello world experiment in Merge.
---
......@@ -62,10 +62,9 @@ mrg show experiment hello.murphy
Repo: https://git.mergetb.net/murphy/hello
Mode: Public
Description: My first experiment
Members:
Member State Role
------ ----- ----
murphy Active Creator
Realizations:
Revision Realizations
-------- ------------
```
In addition to the information we've already seen, this display shows us two new
......@@ -73,8 +72,7 @@ things.
1. An address for a Merge-hosted Git repository for our experiment
`https://git.mergetb.net/murphy/hello`
2. The experiment members associated with this experiment and what their role
is.
2. The [realizations](#realizing-an-experiment) associated with this experiment.
## Pushing Experiment Source
......@@ -148,7 +146,7 @@ This will ask you for a username and password. **For the username enter the
token, leave the password blank**. If the push was successful, your experiment
now has source.
## Realizing and Experiment
## Realizing an Experiment
The next step toward creating a working experiment is realization. Realization
is the act of finding a suitable set of resources for your experiment, and
......
---
title: "Installation"
linkTitle: "Installation"
weight: 1
description: >
Docs for installing a Merge testbed facility
---
{{% pageinfo %}}
This is a placeholder page for facility installation
{{% /pageinfo %}}
---
title: "Operation"
linkTitle: "Operation"
weight: 2
description: >
Docs for operating a Merge testbed facility
---
## Modeling
{{% pageinfo %}}
This is a placeholder page for facility modeling
{{% /pageinfo %}}
## Commissioning
Comissioning is the process by which a facility is made available to users
through a Merge portal. To comission a testbed facility using, you will need
your saved facility model on hand.
```shell
mrg new facility <facility-name> <facility-fqdn> <facility.xir>
```
Here `facility-fqdn` is the fully qualified domain name of the facility and
`facility.xir` is the output of the `save` command from the
[modeling](#modeling) section.
......@@ -6,15 +6,10 @@ description: >
---
## Identity & User Management
## Identity
A Merge portal has distinct concepts of identities and users. An identity
associates an email address to a set of access credentials. A user account
references an identity and includes the following
- A home directory on the Merge portal file system (MergeFS).
- A set of projects the user is a member of and is authorized to access.
- A set of certificate-based SSH keys for accessing XDCs and experiment nodes.
associates an email address to a set of access credentials.
### Getting Identity Info
......@@ -43,12 +38,14 @@ This command is typically called directly by a user to register with a Merge
portal. It may also be used by administrators or project leaders with temporary
passwords for automatic onboarding of team members.
This will create an identity in the system. To create a new user from this
identity, an administrator can do the following.
```
mrg init <username>
```
## Users
A user account references an identity and includes the following
- A home directory on the Merge portal file system (MergeFS).
- A set of projects the user is a member of and is authorized to access.
- A set of certificate-based SSH keys for accessing XDCs and experiment nodes.
### Getting User Info
......@@ -65,6 +62,14 @@ USERNAME NAME STATE MODE UID GID
ry NotSet Public 1000 1000
```
### Creating users
To create a new user from an identity, an administrator can do the following.
```
mrg init <username>
```
### Activating Users
When a user account is first created. It is not active, and must be activated by
......@@ -80,3 +85,62 @@ When a user is activate, you will see the following from `mrg list users`
USERNAME NAME STATE MODE UID GID
ry Active Public 1000 1000
```
## Policy
What a user can and cannot do is defined by portal policy. Portal policy is a
declarative set of rules that map entities such as experiments, projects and
user accounts onto a set of properties that a caller must satisfy in order to
manipulate those entities.
For example, consider the following policy fragment.
```yaml
experiment:
public:
create: [Project.Member]
read: [Any.Any]
update: [Experiment.Maintainer, Project.Maintainer]
delete: [Experiment.Creator, Project.Maintainer]
protected:
create: [Project.Member]
read: [Project.Member]
update: [Experiment.Maintainer, Project.Maintainer]
delete: [Experiment.Creator, Project.Maintainer]
private:
create: [Project.Member]
read: [Experiment.Maintainer, Project.Creator]
update: [Experiment.Maintainer, Project.Creator]
delete: [Experiment.Creator, Project.Creator]
```
This policy states that public experiments can be read by anyone, protected
experiments can be read by project members and private experiments can only be
read by maintainers or the project creator of the project the experiment belongs
to.
### Default
The full default policy is available
[here](https://gitlab.com/mergetb/portal/services/-/blob/v1-staging/pkg/policy/policy.yml).
### Updating
The active policy in the Merge portal exists as a Kubernetes
[ConfigMap](https://kubernetes.io/docs/concepts/configuration/configmap/). To
change the current policy configuration, you can use the following
[OpenShift CLI](https://docs.okd.io/latest/cli_reference/openshift_cli/getting-started-cli.html)
client `oc`.
```shell
oc create configmap policy --from-file=<path-to-policy.yml> --dry-run=client -o yaml -n merge | oc apply -f -
```
In order for the updated policy to take effect, you will need to restart your
API servers. You can do this without disruption as follows.
```
oc rollout restart deployment/apiserver -n merge
```
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment