Logistics, and school identification.

Daniel Drake dsd at laptop.org
Mon May 4 12:27:34 EDT 2009 

2009/5/4 Martin Langhoff <martin.langhoff at gmail.com>:
> On Mon, May 4, 2009 at 5:41 PM, Daniel Drake <dsd at laptop.org> wrote:
>> Perhaps we could encode it into something shorter.
>> "CAA40" for caacupe school nr 40  (each school does have a number)
>> "CAA40M3B" for morning shift, 3rd grade section B at that school.
>> Although I'm still not sure why you are asking these questions :)
>
> I'm mostly interested in the school identifier -- if there is one, we
> can create per-school files with the delegated keys to distribute.

OK, in that case it is easy. Every school has a government-assigned
number which can be used.

>> Yes. We come quite close to this already... the system generates a CSV
>> file for each school with SN and UUIDs for each laptop, which is then
>> processed by another system which generates leases and distributes
>> them (through puppet) to the XSs.
>
> Hmmm! Is that code available somewhere?

It's only a few simple components working together.

To generate a list of the SNs/UUIDs is just a mysql query (hidden by
ruby stuff) in the webapp.
The file is pulled using activeresource.
A simple script parses the file and calls make-lease.sh which is in
the bios-crypto git tree, and stores the result in /var/lib/leases for
distribution with oatslite (git tree on dev.laptop.org) and also in a
per-school json file for distribution through a simple puppet recipe
to XSes.
client-side puppet on the XS imports the new json lease file through
xs-activation-import

>  - Are you generating straight leases, or delegated signature leases?

Straight.

> Well, the workflow I am thinking of is
>
>  - create priv/pub keys for all your XSs
>  - for each XS...
>   - generate delegation tokens, valid for 1 year, from the master key
> to the XS key for each XO in the corresponding school
>   - place the appropriate delegation tokens on each XS (in your case,
> via puppet)
>  - then each XS generates daily leases for each XO, the lease lifetime
> is configurable on the XS
>  - XOs request a lease renewal via OATC once a day, or every second day
>
> does that make sense?

Yes, so it's all about lease delegation. Sounds good.

Daniel

More information about the Devel mailing list