Changes between Initial Version and Version 1 of FeddCommands


Ignore:
Timestamp:
Dec 11, 2008 7:11:19 PM (16 years ago)
Author:
faber
Comment:

--

Legend:

Unmodified
Added
Removed
Modified
  • FeddCommands

    v1 v1  
     1= Fedd Commands =
     2
     3These are the various user level programs that the fedd package installs, including fedd itself.
     4
     5== Fedd.py ==
     6
     7The main federation daemon; when this documentation refers to `fedd` is is the `fedd.py` executable that is running.  It can run on any host as any user, provided permissions and keys are correct.  Most of `fedd`'s behavior is controlled by its [FeddConfig configuration files] and [FeddDatabases databases], there are a few command line arguments.
     8
     9 '''--config='''''filename''::
     10  Use ''filename'' as the configuration file rather than the default `/usr/local/etc/fedd.conf`
     11 '''--debug'''::
     12  Produce additional error output
     13 '''--logfile='''''filename''::
     14  Redirect log output to ''filename'' rather than the default standard output
     15
     16== Confirm_sshkey.py ==
     17
     18The `confirm_sshkey.py` command is used by `fedd` to confirm that a local account can be accessed using an SSH public key.  It does this by accessing the Emulab database, and must run on `boss`.  It is included in the distribution ofr administrators who want to be able to confirm keys without patching `addpubkey`.
     19
     20The command takes the same arguments as the extended version of `addpubkey`, which is to say the same arguments as the unextended `addpubkey` plus '''-C'''.  Other than installing it and adjusting the '''confirmkey''' parameter in the  [allocation] section of the [FeddConfig#AllocationOptions configuration file] users should rarely need this command.  By default the fedd package `confirm_sshkey.py` in `/usr/local/bin`.
     21
     22== Exp_access_db.py ==
     23
     24The `exp_access_db.py` command is a helper to generate [FeddDatabases#ExperimentControlComponentAccessDB experiment control component access databases].  It can be run on `boss` to print data in that database's format that can be redirected into a file for use as a database.  With no options it converts the entire users table of the database into an experiment control access database with an entry for each local project of which the user is a member.  The [FeddAbout#GlobalIdentifiers:Fedids fedid's] are generated from the user's SSL certificates as they appear in the Emulab database.
     25
     26That behavior can be constrained using the following options.
     27
     28 '''--user='''''username'''::
     29  Extract the information for ''username''.  Once '''--user''' is given once, only the users selected will be output.  The option may be specified more than once.
     30 '''--project='''''projectname''::
     31  Extract information only for the given project.  The option may be specified multiple times.
     32 '''--no-project-access'''::
     33  Do not generate a line for any of the projects a user is in.  Only generate lines of the form
     34{{{
     35fedid:xxx -> user
     36}}}
     37 '''--no-user-access'''::
     38  Do not generate a line without an enclosing project.  Only generate lines of the form
     39{{{
     40fedid:xxx -> (project,user)
     41}}}
     42
     43Multiple user constraints are or-ed with each other as are multiple project constraints.  Then the resulting or clauses are and-ed together.  For example, the invocation
     44{{{
     45$ exp_access_db.py --user=faber --user=lahey --project=Deter --project=emulab-ops
     46}}}
     47
     48produces output like
     49
     50{{{
     51# faber
     52fedid:12ecc7415746281efa0ed58e180c51a5cba13a57->faber
     53fedid:12ecc7415746281efa0ed58e180c51a5cba13a57->(Deter,faber)
     54fedid:12ecc7415746281efa0ed58e180c51a5cba13a57->(emulab-ops,faber)
     55# lahey
     56fedid:d7da471ff2ba5b205d31ae379b1cf634c8dce1c6->lahey
     57fedid:d7da471ff2ba5b205d31ae379b1cf634c8dce1c6->(emulab-ops,lahey)
     58}}}
     59
     60If the users are in other projects, those lines are suppressed; if the projects contain other users, those lines are suppressed.  The comment lines before each cluster of output help administrators understand which data corresponds to a given user.
     61
     62As with other commands in the fedd package, it is installed in `/usr/local/bin` by default.
     63
     64== Fedd_client.py ==
     65
     66The `fedd_client.py` command is a simple command line interface to most of `fedd`'s interfaces.  It allows users to create terminate and interrogate experiments as well as to make access requests and request experiment splits.  The access and splitting commands are primarily for debugging.  Users who wish to make use of that function can consult the command's internal help message, by issuing one of
     67
     68{{{
     69$ fedd_client.py split --help
     70$ fedd_client.py access --help
     71}}}
     72
     73The general syntax for invoking the command is:
     74
     75{{{
     76$ fedd_client.py operation parameters
     77}}}
     78
     79where operation is one of create, terminate, info, vtopo, vis, info, split, or access and the parameters are described below.
     80
     81All commands take the following parameters:
     82 '''--cert='''''filename''::
     83  Certificate from which to derive the user's [FeddAbout#GlobalIdentifiers:Fedids fedid].  By default the contents of `.ssl/emulab.pem` in the user's home directory is used.
     84 '''--debug'''::
     85  Produce additional debugging output.
     86 '''--serializeOnly'''::
     87  Do not contact the `fedd`, but just print the SOAP or XMLRPC message to the standard output.
     88 '''--trusted='''''filename''::
     89  Use the certificates in ''filename'' as certificate authorities to confirm the server's identity.  Optional.
     90 '''--url='''''fedd_url'''::
     91  Fedd to contact.
     92 '''--transport=[xmlrpc|soap]'''::
     93  Use the given encoding of the service request.
     94 '''--trace'''::
     95  Print the SOAP exchanges to stderr.  Currently only the SOAP transport is supported.
     96
     97The '''create''' command takes the following additional parameters:
     98 '''--experiment_name='''''exp_name''::
     99  Suggest ''exp_name'' to the `fedd` as a local identifier for the federated experiment.  The actual local name chosen will be returned from the command.
     100 '''-file='''''filename''::
     101  File containing the [FeddExperiment experiment description].
     102 '''--project='''''export_project''::
     103  The local project to export from the master testbed.
     104 '''--sshKey='''''file''::
     105  Use the contents of ''file'' as the SSH key for service access in the experiment.  By default the contents of `.ssh/id_rsa.pub` is used.
     106 '''--master='''''master_testbed''::
     107  The master testbed.  This should correspond to one of the annotations used for testbed names in the experiment.  The `fedd` will use its [FeddDatabases#ExperimentNameMappingDB experiment name mapping DB] to resolve that name to a testbed.
     108
     109An example of experiment creation is:
     110
     111{{{
     112$ fedd_client.py create --file=test_fedd.tcl --master=deter --project=emulab-ops --url=https://users.isi.deterlab.net:23234 --transport=xmlrpc
     113}}}