Skip to content

Image Architecture

Jump to bottom Edit New page
Stephen Zweibel edited this page Mar 19, 2014 · 9 revisions

This template generates DH Box in the AWS cloud from a clean Debian image, and has both tools we've heretofore agreed on including: https://github.com/DH-Box/dhbox/blob/master/out.json

We can even generate a new template through scripting, which makes it easy to seed a new DH Box image with whatever tools we want, on the fly: https://github.com/DH-Box/dhbox/blob/master/generator.py

Here are scripts that automate creating an instance and a stack: https://github.com/DH-Box/dhbox/tree/master/python_scripts

AWS's Cloudformation service reads these templates and builds an instance according to the provided rules. Through the use of scripting, it's now theoretically possible to obviate nearly any configuration for a DH Box user. We could have them fill out a small form on our website, and our script will build the DH Box to their specifications, including the number and names of their students, etc..

We've also installed something called 'Shell in a box'. This means that students won't have to SSH, and can access DH Box through their browser. It's really slick.

Here is a sketch of the architecture for the site and backend API:

  • The front-end website collects data about the user: teacher/admin username, students' usernames, maybe they check the boxes of the apps they want installed.

  • The front-end sends these key/value pairs to the backend API via POST.

  • The backend, which is a python API using Flask (http://flask.pocoo.org/), takes those key/value pairs and plugs them into the relevant places, generating a template for AWS Cloudformation. This creates a new DH Box instance.

  • The backend tells the front-end what the newly created instance's IP address is, and the front-end tells the user.

But, here's the problem. I can't automate all this to build an instance in the END USER's AWS account, because I don't have their secret access keys. There are two ways to get around this that I see:

  1. have the instances all be on DH Box's AWS account and get grants or charge for the service OR
  2. ask the end user for their AWS username and password, and write a web scraper that logs into the end user's account and creates temporary access keys for DH Box to then generate an instance with. http://docs.aws.amazon.com/IAM/latest/UserGuide/delegation-cross-acct-access.html
Add a custom footer
Add a custom sidebar

Clone this wiki locally