| | 23 | == Configuration Utilities == |
| | 24 | |
| | 25 | There are several utilities used in the process of setting up a new controller on a DETER-style testbed. These generate [FeddDatabases federation databases] from the main testbed database. |
| | 26 | |
| | 27 | === access_exp_access_db.py === |
| | 28 | |
| | 29 | The `access_exp_access_db.py` command is a helper to generate [FeddDatabases#AccessComponentAccessDB access controler component access databases]. It can be used to export access to a subset of testbed users. |
| | 30 | |
| | 31 | It can be run on a DETER testbed's `boss` to print datathat can be redirected into a file for use as a database. With no options it converts the entire users table of the testbed database into an access controller access database with an entry for each local project of which the user is a member. The [FeddAuthorizationArchitecture#GlobalIdentifiers:Fedids fedid] of the experiment controller that will assert the attributes is required. |
| | 32 | |
| | 33 | That behavior can be constrained using the following options. |
| | 34 | |
| | 35 | '''--user='''''username''':: |
| | 36 | Extract the information for ''username''. Once '''--user''' is given once, only the users selected will be output. The option may be specified more than once. |
| | 37 | '''--project='''''projectname'':: |
| | 38 | Extract information only for the given project. The option may be specified multiple times. |
| | 39 | '''--cert_dir='''''dir'':: |
| | 40 | Use ''dir'' as the directory containing user certificates. The `fedd` expects this to be a full pathname. It is just an output parameter; the directory does not need to exist. |
| | 41 | '''--experiment_controller='''''cert'':: |
| | 42 | The certificate of the experiment controller that will be asserting these credentials. Required. |
| | 43 | |
| | 44 | Multiple user constraints are or-ed with each other as are multiple project constraints. Then the resulting or clauses are and-ed together. For example, the invocation |
| | 45 | {{{ |
| | 46 | $ access_exp_accessdb.py --user faber --project Deter --project Virtual --experiment_controller ./fedd.pem --cert_dir /usr/local/etc/fedd/access/certs |
| | 47 | }}} |
| | 48 | |
| | 49 | produces output like |
| | 50 | |
| | 51 | {{{ |
| | 52 | # users faber |
| | 53 | # projects Deter,Virtual |
| | 54 | (fedid:e630047380b1060ce03d19e373b8047bb785031a,Deter,faber)-> access, (Deter,faber,/usr/local/etc/fedd/access/certs/faber.pem) |
| | 55 | (fedid:e630047380b1060ce03d19e373b8047bb785031a,Virtual,faber)-> access, (Virtual,faber,/usr/local/etc/fedd/access/certs/faber.pem) |
| | 56 | }}} |
| | 57 | |
| | 58 | If the users are in other projects, those lines are suppressed; if the projects contain other users, those lines are suppressed. The comment lines before each cluster of output help administrators understand which data corresponds to a given user. |
| | 59 | |
| | 60 | As with other commands in the fedd package, it is installed in `/usr/local/bin` by default. |
| | 61 | |
| | 62 | === db_to_certs.py === |
| | 63 | |
