| | 1 | |
| | 2 | = Configuring fedd = |
| | 3 | |
| | 4 | As noted in installation, many of these parameters define the layout of |
| | 5 | the fedd instantiation on your machine, so read the reference below and |
| | 6 | look at the examples to make sure you understand how fedd is working on |
| | 7 | your testbed. |
| | 8 | |
| | 9 | Fedd is broken into 4 components: experiment control, access control, |
| | 10 | project allocation, and experiment description parsing (most |
| | 11 | installations will not need this component). There is a global |
| | 12 | configuration file with subsections devoted to each of these components. |
| | 13 | Each component also has an access database that defines the services |
| | 14 | they grant to a given fedid. We described the global configuration file |
| | 15 | first, and then the access databases. |
| | 16 | |
| | 17 | The main configuration file is in `/usr/local/etc/fedd.conf` by default, |
| | 18 | though the `--config` option can redirect it. It of the basic format |
| | 19 | parsed by a python [http://www.python.org/doc/current/library/configparser.html SafeConfigParser]. Basically this format is sections headed by |
| | 20 | []'s with attribute/value pairs in for each section following. One can |
| | 21 | use any of the substitution tricks in the python documentation as well. |
| | 22 | There are 5 sections, one for each component and one for global options. |
| | 23 | |
| | 24 | Global options are in the section following the [globals] header. The |
| | 25 | following attributes are used: |
| | 26 | |
| | 27 | '''accessdb''':: |
| | 28 | global fedid -> access attribute mapping database. See the discussions |
| | 29 | of the project allocation and splitting databases below for the format |
| | 30 | of this file and how to generate one. |
| | 31 | '''cert_file''':: |
| | 32 | the file containing the X509 certificate and private key for this |
| | 33 | server, in pem format. |
| | 34 | '''cert_pwd''':: |
| | 35 | if the private key in '''cert_file''' has a password, it is given here. |
| | 36 | '''trusted_certs''':: |
| | 37 | a file containing the trusted CAs used for SSL validation. If this is |
| | 38 | not present, no certificate path checking is done. |
| | 39 | |
| | 40 | Each of these can be affected by other sections. For example, if the |
| | 41 | [access] section specifies a '''cert_file''' and '''cert_pwd''', those will be used |
| | 42 | rather than those in [globals]. Similarly, [allocation] and [splitter] |
| | 43 | sections can include their own attribute databases. Note that the |
| | 44 | presence of another database does not invalidate the global access |
| | 45 | database, but adds to it. |
| | 46 | |
| | 47 | Access control sections follow the [access] header. The following are |
| | 48 | valid attributes: |
| | 49 | |
| | 50 | '''accessdb''':: |
| | 51 | The mapping of three level names to local project and users (for creation and |
| | 52 | services). See below for the format of this DB. |
| | 53 | '''access_state''':: |
| | 54 | Name of the file where current access state is saved. This state includes |
| | 55 | the access granted to each federated experiment request and is used to decide |
| | 56 | what to release and when. Must be specified for access decisions to survive |
| | 57 | fedd failures or node reboots. A file in `/var/db/fedd` is often used. |
| | 58 | '''allow_proxy''':: |
| | 59 | Allow this fedd to act as a proxy for others in making access requests. This |
| | 60 | functionality is in development and ''not'' intended for use yet. |
| | 61 | '''cert_file''':: |
| | 62 | Certificate used to assert identity of the access component. It uses this |
| | 63 | certificate when proxying requests. |
| | 64 | '''cert_pwd''':: |
| | 65 | Password for the private key in '''cert_file'''. |
| | 66 | '''project_priority''':: |
| | 67 | When considering two possible resolutions of wildcarded access control db |
| | 68 | entries, give priority to a project match over a user match. Default is to |
| | 69 | give priority to the user match. |
| | 70 | '''testbed''':: |
| | 71 | A comma separated list of URLs that this fedd answers requests on. Requests |
| | 72 | for testbeds other that these will be denied, or proxied if '''allow_proxy''' is |
| | 73 | true (which it ''shouldn't'' be). |
| | 74 | '''trusted_certs''':: |
| | 75 | a file containing the trusted CAs used for SSL validation. If this is not |
| | 76 | present, no certificate path checking is done. |
| | 77 | |
