Independent thesis Advanced level (professional degree), 10 credits / 15 HE credits
School of Information and Communication Technology (ICT) at Royal Institute of Technology (KTH) have 16 computers that they are not using, which they bought from PDC at KTH a couple of years ago. Teachers of KTH are interested in using these computers to let their students work on a cloud computer environment. There is an open source system called OpenNebula, which is used on many universities and by many other persons setting up a cloud computer environment. OpenNebula is an distributed virtual machine manager that allows virtualization of ITinfrastructure, provides good environment for user management and setting up storage sub systems and has other desirable characterics suitable for laborations in classes.
One of the goals of this project was to install OpenNebula on 16 computers, with one of the computers being the front end. I call this cluster of nodes Cloudelia. These are the requirements of the system: In order for a user to use the system, authentication needs to be done to ensure that it has a KTHaccount. When an administrator sees a get permission-request from an user and is deciding on whether to approve the user or not, it must be able to rely on that an authentication-mechanism ensures that the user really is the user with the specific KTH-user name shown in the interface.
This ensures that any user outside of KTH with an intent to use Cloudelia in a malicious way doesn’t get access to the system.
The teachers should be provided an interface in which they can handle the granting/denying of permission of the users whom have requested permission to use Cloudelia.
They should be able to do this for all of the users in an efficient way and upon granting access to the users, new user accounts should be created in OpenNebula. This reduces the work load for the teachers.
There were certain design choices that were made, including the choice of whether to run OpenNebula with a shared or non-shared file system, whether to use Kerberos or Central Authentication Service (CAS) for authentication and the choice of which virtual machine to use.
The web interfaces were implemented using PHP, AJAX and MySQL. The web interface for teachers used an AJAX-framework called DataTables , which facilitates and minimizes the code amount required for presenting data from e.g. MySQL in tables on a web page. It was chosen to be used for the presentation of the users of the system in the administration interface for this reason. AJAX was used because it provides good capabilities of creating a website with interaction with the user.
The back end on the server side was implemeted in PHP. It receives arguments by POST and GET. There are different php-files receiving data from the web interfaces with different responsibilities.
2011. , 27 p.