| | 1 | = Fedd Commands = |
| | 2 | |
| | 3 | These are the various user level programs that the fedd package installs, including fedd itself. |
| | 4 | |
| | 5 | == Fedd.py == |
| | 6 | |
| | 7 | The main federation daemon; when this documentation refers to `fedd` is is the `fedd.py` executable that is running. It can run on any host as any user, provided permissions and keys are correct. Most of `fedd`'s behavior is controlled by its [FeddConfig configuration files] and [FeddDatabases databases], there are a few command line arguments. |
| | 8 | |
| | 9 | '''--config='''''filename'':: |
| | 10 | Use ''filename'' as the configuration file rather than the default `/usr/local/etc/fedd.conf` |
| | 11 | '''--debug''':: |
| | 12 | Produce additional error output |
| | 13 | '''--logfile='''''filename'':: |
| | 14 | Redirect log output to ''filename'' rather than the default standard output |
| | 15 | |
| | 16 | == Confirm_sshkey.py == |
| | 17 | |
| | 18 | The `confirm_sshkey.py` command is used by `fedd` to confirm that a local account can be accessed using an SSH public key. It does this by accessing the Emulab database, and must run on `boss`. It is included in the distribution ofr administrators who want to be able to confirm keys without patching `addpubkey`. |
| | 19 | |
| | 20 | The command takes the same arguments as the extended version of `addpubkey`, which is to say the same arguments as the unextended `addpubkey` plus '''-C'''. Other than installing it and adjusting the '''confirmkey''' parameter in the [allocation] section of the [FeddConfig#AllocationOptions configuration file] users should rarely need this command. By default the fedd package `confirm_sshkey.py` in `/usr/local/bin`. |
| | 21 | |
| | 22 | == Exp_access_db.py == |
| | 23 | |
| | 24 | The `exp_access_db.py` command is a helper to generate [FeddDatabases#ExperimentControlComponentAccessDB experiment control component access databases]. It can be run on `boss` to print data in that database's format that can be redirected into a file for use as a database. With no options it converts the entire users table of the database into an experiment control access database with an entry for each local project of which the user is a member. The [FeddAbout#GlobalIdentifiers:Fedids fedid's] are generated from the user's SSL certificates as they appear in the Emulab database. |
| | 25 | |
| | 26 | That behavior can be constrained using the following options. |
| | 27 | |
| | 28 | '''--user='''''username''':: |
| | 29 | Extract the information for ''username''. Once '''--user''' is given once, only the users selected will be output. The option may be specified more than once. |
| | 30 | '''--project='''''projectname'':: |
| | 31 | Extract information only for the given project. The option may be specified multiple times. |
| | 32 | '''--no-project-access''':: |
| | 33 | Do not generate a line for any of the projects a user is in. Only generate lines of the form |
| | 34 | {{{ |
| | 35 | fedid:xxx -> user |
| | 36 | }}} |
| | 37 | '''--no-user-access''':: |
| | 38 | Do not generate a line without an enclosing project. Only generate lines of the form |
| | 39 | {{{ |
| | 40 | fedid:xxx -> (project,user) |
| | 41 | }}} |
| | 42 | |
| | 43 | Multiple user constraints are or-ed with each other as are multiple project constraints. Then the resulting or clauses are and-ed together. For example, the invocation |
| | 44 | {{{ |
| | 45 | $ exp_access_db.py --user=faber --user=lahey --project=Deter --project=emulab-ops |
| | 46 | }}} |
| | 47 | |
| | 48 | produces output like |
| | 49 | |
| | 50 | {{{ |
| | 51 | # faber |
| | 52 | fedid:12ecc7415746281efa0ed58e180c51a5cba13a57->faber |
| | 53 | fedid:12ecc7415746281efa0ed58e180c51a5cba13a57->(Deter,faber) |
| | 54 | fedid:12ecc7415746281efa0ed58e180c51a5cba13a57->(emulab-ops,faber) |
| | 55 | # lahey |
| | 56 | fedid:d7da471ff2ba5b205d31ae379b1cf634c8dce1c6->lahey |
| | 57 | fedid:d7da471ff2ba5b205d31ae379b1cf634c8dce1c6->(emulab-ops,lahey) |
| | 58 | }}} |
| | 59 | |
| | 60 | If the users are in other projects, those lines are suppressed; if the projects contain other users, those lines are suppressed. The comment lines before each cluster of output help administrators understand which data corresponds to a given user. |
| | 61 | |
| | 62 | As with other commands in the fedd package, it is installed in `/usr/local/bin` by default. |
| | 63 | |
| | 64 | == Fedd_client.py == |
| | 65 | |
| | 66 | The `fedd_client.py` command is a simple command line interface to most of `fedd`'s interfaces. It allows users to create terminate and interrogate experiments as well as to make access requests and request experiment splits. The access and splitting commands are primarily for debugging. Users who wish to make use of that function can consult the command's internal help message, by issuing one of |
| | 67 | |
| | 68 | {{{ |
| | 69 | $ fedd_client.py split --help |
| | 70 | $ fedd_client.py access --help |
| | 71 | }}} |
| | 72 | |
| | 73 | The general syntax for invoking the command is: |
| | 74 | |
| | 75 | {{{ |
| | 76 | $ fedd_client.py operation parameters |
| | 77 | }}} |
| | 78 | |
| | 79 | where operation is one of create, terminate, info, vtopo, vis, info, split, or access and the parameters are described below. |
| | 80 | |
| | 81 | All commands take the following parameters: |
| | 82 | '''--cert='''''filename'':: |
| | 83 | Certificate from which to derive the user's [FeddAbout#GlobalIdentifiers:Fedids fedid]. By default the contents of `.ssl/emulab.pem` in the user's home directory is used. |
| | 84 | '''--debug''':: |
| | 85 | Produce additional debugging output. |
| | 86 | '''--serializeOnly''':: |
| | 87 | Do not contact the `fedd`, but just print the SOAP or XMLRPC message to the standard output. |
| | 88 | '''--trusted='''''filename'':: |
| | 89 | Use the certificates in ''filename'' as certificate authorities to confirm the server's identity. Optional. |
| | 90 | '''--url='''''fedd_url''':: |
| | 91 | Fedd to contact. |
| | 92 | '''--transport=[xmlrpc|soap]''':: |
| | 93 | Use the given encoding of the service request. |
| | 94 | '''--trace''':: |
| | 95 | Print the SOAP exchanges to stderr. Currently only the SOAP transport is supported. |
| | 96 | |
| | 97 | The '''create''' command takes the following additional parameters: |
| | 98 | '''--experiment_name='''''exp_name'':: |
| | 99 | Suggest ''exp_name'' to the `fedd` as a local identifier for the federated experiment. The actual local name chosen will be returned from the command. |
| | 100 | '''-file='''''filename'':: |
| | 101 | File containing the [FeddExperiment experiment description]. |
| | 102 | '''--project='''''export_project'':: |
| | 103 | The local project to export from the master testbed. |
| | 104 | '''--sshKey='''''file'':: |
| | 105 | Use the contents of ''file'' as the SSH key for service access in the experiment. By default the contents of `.ssh/id_rsa.pub` is used. |
| | 106 | '''--master='''''master_testbed'':: |
| | 107 | The master testbed. This should correspond to one of the annotations used for testbed names in the experiment. The `fedd` will use its [FeddDatabases#ExperimentNameMappingDB experiment name mapping DB] to resolve that name to a testbed. |
| | 108 | |
| | 109 | An example of experiment creation is: |
| | 110 | |
| | 111 | {{{ |
| | 112 | $ fedd_client.py create --file=test_fedd.tcl --master=deter --project=emulab-ops --url=https://users.isi.deterlab.net:23234 --transport=xmlrpc |
| | 113 | }}} |
