Changes between Version 32 and Version 33 of FeddCommands


Ignore:
Timestamp:
Jun 12, 2014 1:18:06 PM (10 years ago)
Author:
faber
Comment:

--

Legend:

Unmodified
Added
Removed
Modified
  • FeddCommands

    v32 v33  
    22
    33These are the various user level programs that the fedd package installs, including fedd itself.
     4
     5[[TOC()]]]
    46
    57== Fedd ==
     
    1921  Redirect log output to ''filename'' rather than the default standard output
    2022
     23== Configuration Utilities ==
     24
     25There are several utilities used in the process of setting up a new controller on a DETER-style testbed.  These generate [FeddDatabases federation databases] from the main testbed database.
     26
     27=== access_exp_access_db.py ===
     28
     29The `access_exp_access_db.py` command is a helper to generate [FeddDatabases#AccessComponentAccessDB access controler component access databases].  It can be used to export access to a subset of testbed users.
     30
     31It can be run on a DETER testbed's `boss` to print datathat can be redirected into a file for use as a database.  With no options it converts the entire users table of the testbed database into an access controller access database with an entry for each local project of which the user is a member.  The [FeddAuthorizationArchitecture#GlobalIdentifiers:Fedids fedid] of the experiment controller that will assert the attributes is required.
     32
     33That behavior can be constrained using the following options.
     34
     35 '''--user='''''username'''::
     36  Extract the information for ''username''.  Once '''--user''' is given once, only the users selected will be output.  The option may be specified more than once.
     37 '''--project='''''projectname''::
     38  Extract information only for the given project.  The option may be specified multiple times.
     39 '''--cert_dir='''''dir''::
     40   Use ''dir'' as the directory containing user certificates.  The `fedd` expects this to be a full pathname.  It is just an output parameter; the directory does not need to exist.
     41 '''--experiment_controller='''''cert''::
     42   The certificate of the experiment controller that will be asserting these credentials.  Required.
     43
     44Multiple user constraints are or-ed with each other as are multiple project constraints.  Then the resulting or clauses are and-ed together.  For example, the invocation
     45{{{
     46$ access_exp_accessdb.py --user faber --project Deter --project Virtual --experiment_controller ./fedd.pem --cert_dir /usr/local/etc/fedd/access/certs
     47}}}
     48
     49produces output like
     50
     51{{{
     52# users faber
     53# projects Deter,Virtual
     54(fedid:e630047380b1060ce03d19e373b8047bb785031a,Deter,faber)-> access, (Deter,faber,/usr/local/etc/fedd/access/certs/faber.pem)
     55(fedid:e630047380b1060ce03d19e373b8047bb785031a,Virtual,faber)-> access, (Virtual,faber,/usr/local/etc/fedd/access/certs/faber.pem)
     56}}}
     57
     58If the users are in other projects, those lines are suppressed; if the projects contain other users, those lines are suppressed.  The comment lines before each cluster of output help administrators understand which data corresponds to a given user.
     59
     60As with other commands in the fedd package, it is installed in `/usr/local/bin` by default.
     61
     62=== db_to_certs.py ===
     63
    2164
    2265=== exp_access_db.py ===
    2366
    24 The `exp_access_db.py` command is a helper to generate [FeddDatabases#ExperimentControlComponentAccessDB experiment control component access databases].  It can be run on `boss` to print data in that database's format that can be redirected into a file for use as a database.  With no options it converts the entire users table of the database into an experiment control access database with an entry for each local project of which the user is a member.  The [FeddAbout#GlobalIdentifiers:Fedids fedid's] are generated from the user's SSL certificates as they appear in the Emulab database.
     67The `exp_access_db.py` command is a helper to generate [FeddDatabases#ExperimentControlComponentAccessDB experiment control component access databases].  That is, it makes the file of attributes that an experiment controller exports.
     68
     69It can be run on a DETER testbed's `boss` to print data in that database's format that can be redirected into a file for use as a database.  With no options it converts the entire users table of the database into an experiment control access database with an entry for each local project of which the user is a member.  The [FeddAbout#GlobalIdentifiers:Fedids fedid's] are generated from the user's SSL certificates as they appear in the Emulab database.
    2570
    2671That behavior can be constrained using the following options.