Version 1 (modified by zhaomuzh, 7 years ago)

--

A Lightweight Cloud Object Repository

Overview

The Persistent Object Depository (pod) is a lightweight web-based front-end for a cloud object store. It can run as a service within a Web server using the server's file system as repository. The pod provides a simple interface for users to create and update storage objects and share those objects with other users and services in a controlled way.

The pod is well-suited to store images and certificates for use within a GENI/ORCA federation. It has features to protect and index credentials, enabling it to serve as the backbone of a distributed authorization system based on ABAC. Users may link credentials with their identities (public keys) and/or with objects they control, such as slices or images.

Requirement for holding this service

YII framework http://yii.googlecode.com/files/yii-1.1.8.r3324.tar.gz Apache2 Web Server http://archive.apache.org/dist/httpd/ PHP Engine http://php.net/releases/ (version 5.3.0+ is required, version 5.3.0 is preferred) MySql? Database Server http://downloads.mysql.com/archives.php

Installation

1. add PHP and MySql? to Apache2 Web Server, modify their configurations described below:

  • Apache2 (1)Enable ssl and client certificate authentication through ssl. Open the %APACHE_HOME%/conf/extra/httpd-ssl.conf, modify the statements as presented below
    #   Certificate Authority (CA):
    #   Set the CA certificate verification path where to find CA
    #   certificates for client authentication or alternatively one
    #   huge file containing all of them (file must be PEM encoded)
    #   Note: Inside SSLCACertificatePath you need hash symlinks
    #         to point to the certificate files. Use the provided
    #         Makefile to update the hash symlinks after changes.
    SSLCACertificateFile "<the path to your CA certificate>"
    ...
    #   Client Authentication (Type):
    #   Client certificate verification type and depth.  Types are
    #   none, optional, require and optional_no_ca.  Depth is a
    #   number which specifies how deeply to verify the certificate
    #   issuer chain before deciding the certificate is not valid.
    SSLVerifyClient optional
    SSLVerifyDepth  1
    ...
    #   o ExportCertData:
    #     This exports two additional environment variables: SSL_CLIENT_CERT and
    #     SSL_SERVER_CERT. These contain the PEM-encoded certificates of the
    #     server (always existing) and the client (only existing when client
    #     authentication is used). This can be used to import the certificates
    #     into CGI scripts.
    SSLOptions +ExportCertData