| 1 | [DEFAULT] |
|---|
| 2 | # The home directory of the access controller |
|---|
| 3 | base: /usr/local/etc/fedd/access |
|---|
| 4 | |
|---|
| 5 | [globals] |
|---|
| 6 | # Access controller identity |
|---|
| 7 | cert_file: %(base)s/fedd.pem |
|---|
| 8 | |
|---|
| 9 | # Services as for the experiment controller |
|---|
| 10 | services: 23231 |
|---|
| 11 | |
|---|
| 12 | [access] |
|---|
| 13 | |
|---|
| 14 | # syslog level |
|---|
| 15 | log_level: debug |
|---|
| 16 | |
|---|
| 17 | # File that holds internal state between access controller boots |
|---|
| 18 | access_state: %(base)s/deter_access.state |
|---|
| 19 | |
|---|
| 20 | # The file that maps from ABAC credentials to local user and project name. |
|---|
| 21 | # Generated by tools, but human readable. |
|---|
| 22 | accessdb: %(base)s/deter_abac_map |
|---|
| 23 | |
|---|
| 24 | # Directory where certificates identifying particular allocations are created |
|---|
| 25 | certdir: %(base)s/certs |
|---|
| 26 | |
|---|
| 27 | # The ssh identity used to move software into experiments. Federated users |
|---|
| 28 | # must allow this key access to their DETER accounts. |
|---|
| 29 | ssh_privkey_file: %(base)s/fedd_rsa |
|---|
| 30 | ssh_pubkey_file: %(base)s/fedd_rsa.pub |
|---|
| 31 | |
|---|
| 32 | # Same as the experiment controller values |
|---|
| 33 | # create_debug: true |
|---|
| 34 | #leave_tmpfiles: true |
|---|
| 35 | |
|---|
| 36 | # This is the correct value for an Emulab or DETER testbed |
|---|
| 37 | type: local_emulab |
|---|
| 38 | |
|---|
| 39 | # ABAC configuration and directories |
|---|
| 40 | auth_type: abac |
|---|
| 41 | auth_dir: %(base)s/abac |
|---|
| 42 | |
|---|
| 43 | # URI at which to access the Emulab XMLRPC interface. Generally only the boss |
|---|
| 44 | # node's DNS name needs to be |
|---|
| 45 | boss: https://boss.isi.deterlab.net:3069/usr/testbed |
|---|
| 46 | ops: users.isi.deterlab.net |
|---|
| 47 | |
|---|
| 48 | # Image to be loaded on portal nodes. Some version of FreeBSD is best. Modern |
|---|
| 49 | # Lunixes also work. |
|---|
| 50 | portal_image: FBSD7-STD |
|---|
| 51 | |
|---|
| 52 | # If the portals connect through a NAT, Uncomment this line and set the |
|---|
| 53 | # parameter to either the DNS name of the externally routable address or the IP |
|---|
| 54 | # address of that NAT. This is used to establish routing between portal nodes. |
|---|
| 55 | # Portals behind a NAT will initiate all commmunications - so two NATted |
|---|
| 56 | # portals cannot talk. |
|---|
| 57 | # nat_portal: nat.isi.deterlab.net |
|---|
| 58 | |
|---|
| 59 | # Configurable federation setup commands. For the standard fedkit on a DETER, |
|---|
| 60 | # these are correct. |
|---|
| 61 | portal_startcommand: sudo -H /usr/bin/perl -I/usr/local/federation/lib /usr/local/federation/bin/combo.pl --use_file >& /tmp/bridge.log |
|---|
| 62 | node_startcommand: sudo -H /usr/bin/perl -I/usr/local/federation/lib /usr/local/federation/bin/federate.pl >& /tmp/federate |
|---|
| 63 | |
|---|
| 64 | |
|---|
| 65 | # DNS domain of the testbed |
|---|
| 66 | domain: .isi.deterlab.net |
|---|
| 67 | |
|---|
| 68 | # Analogous to the experiment controller |
|---|
| 69 | federation_software: /usr %(base)s/fedkit.tgz |
|---|
| 70 | |
|---|
