Authenticated Service to Service Communication with client credentials

OpenCHAMI uses signed JWTs for authentication and authorization. Users must include a valid token with every request which will then be passed on to every subsequent microservice involved in processing that request. However, there are some internal requests that aren't triggered directly by a user. For these, we still need a valid token, but without a specific user to tie it to, we need to use a different kind of JWT.

March 1, 2024 in Development, LANL by David J. Allen (LANL)8 minutes

Code Deep Dive: Dynamic Data Persistence for our Control Plane

This blog post dives into the 'In-Memory Working Set with Periodic Snapshots' pattern implemented in the node-orchestrator project. Learn how this approach leverages DuckDB and Parquet to efficiently manage control plane data, offering speed and reliability. Discover the advantages for HPC sysadmins, including reduced management overhead and simplified recovery, as well as comparisons to other data storage methods.

July 1, 2024 in Development, LANL by Alex Lovell-Troy6 minutes

Bridging the Gap between External Identity Provider and Self-Hosted Authorization Server (Part 1)

June 3, 2024 in LANL, Development by David J. Allen (LANL)7 minutes

Experimental Refactoring with SMD

January 24, 2024 in LANL, Development, sc23 by David J. Allen (LANL)3 minutes

Implementing Authn/Authz in OpenCHAMI Microservices

January 24, 2024 in LANL, Development by David J. Allen (LANL)7 minutes

Turnkey OpenCHAMI for the Supercomputer Institute

January 24, 2024 by Alex Lovell-Troy4 minutes

Exploring Multi-tenacy capabilities in SMD with Groups and Partitions

SMD comes with a built-in partitioning feature that should allow us to partition off certain components through it's API. In this blog post, we explore how groups and partitions work in practice.

January 18, 2024 in Development, LANL by David J. Allen (LANL)6 minutes

Boot Script Service: Switching from Etcd to PostgreSQL for a Smaller Storage Backend

As part of LANL's exploration of the CSM codebase, they replaced Etcd with PostgreSQL for BSS persistence and learned a lot about software boundaries along the way.

October 30, 2023 in Development, LANL, SC23 by Devon T. Bautista (LANL)7 minutes

Exploring CSM Microservices for OpenCHAMI

At LANL, we used two microservices from HPE's CSM to do discovery and boot of a ten node cluster and we learned so much along the way about redfish, postgres, httpboot, aws, and of course, ourselves.

October 28, 2023 in Development, LANL, SC23 by Alex Lovell-Troy6 minutes

Magellan: Alternative Redfish Discovery for OpenCHAMI/CSM

As part of LANL's exploration of the CSM codebase, they found it necessary to augment the built-in discovery features of CSM with a new standalone command based on gofish and bmclib.

October 28, 2023 in Development, LANL, SC23 by David J. Allen (LANL)9 minutes