Context Navigation

Changes between Version 18 and Version 19 of FeddConfig

Timestamp:: Nov 5, 2009 7:16:24 PM (15 years ago)
Author:: faber
Comment:: 2.0 updates

Legend:

: Unmodified
: Added
: Removed
: Modified

FeddConfig

-                      v18
+                      v19
 === Access Options ===
+Access control sections follow the [access] header.  These attributes concern the how `fedd` grants access to remote experimenters through their `fedd`.  Some of the parameters are directly related to whether access is granted and some are parameters returned to the requester so it can manipulate the resources once granted.
+Access control sections follow the [access] header. These sections configure access controllers.  Some options are universal and some are specific to the type of controller in use.
+These attributes concern the how `fedd` grants access to remote experimenters through their `fedd`.  Some of the parameters are directly related to whether access is granted and some are parameters returned to the requester so it can manipulate the resources once granted.
 The following are valid attributes:
+==== All Controllers ====
+All controllers understand and respect the following:
  '''accessdb'''::
 …
   what to release and when.  Must be specified for access decisions to survive
   fedd failures or node reboots.  A file in `/var/db/fedd` is often used.
+ '''access_type'''::
+  The underlying plug-in module to use for access.  Currently '''emulab''' and '''dragon''' are understood.  We will be adding more choices as well as dynamic choices in the near future.   The default is '''emulab''', for backward compatibility.
  '''allow_proxy'''::
   Allow this fedd to act as a proxy for others in making access requests.  This
   functionality is in development and ''not'' intended for use yet.
+ '''boss'''::
+  Hostname to report as boss to remote testbeds granted access.  A requesting `fedd` uses this to configure internals of the
+  federated experiment.  This is just the first component of the name, the '''domain''' option provides the rest.
+ '''cert_file'''::
+  Certificate used to assert identity of the access component.  It uses this
+ '''cert_file'''::
+  Certificate used to assert identity of the access controller.  It uses this
   certificate when proxying requests. Note that the certificates used in the [allocate] section are used to contact a remote allocation `fedd`.  If this field is not present and a '''cert_file''' is present in the [globals] section, the [globals] certificate will be used.
+ '''certdir'''::
+  Local certificates for granting access to sub-experiments.  This directory should be writable by fedd and unreadable to all others.
  '''cert_pwd'''::
   Password for the private key in '''cert_file'''.  If the [globals] certificate is used, so is the [globals] '''cert_pwd''', if any.
  '''domain'''::
   The trailing (common) parts of the domain name for various hosts.  Returned to the requester to allow manipulation of resources.
- '''eventserver'''::
-  Hostname of the machine that forwards events in this testbed. Returned to the requester to allow manipulation of resources.
- '''fileserver'''::
-  Hostname of the machine that serves user files in this testbed. Returned to the requester to allow manipulation of resources.
  '''log_level'''::
   The level of logging to produce from this component.  One of `debug`, `info`, `warning`, `critical`, and `error`.  See the [http://www.python.org/doc/current/library/logging.html standard python logging system] for details.
 …
   present, no certificate path checking is done.  If this field is not present and a '''trusted_certs''' field is present in the [globals] section, the [globals] certificates will be used.
+=== Allocation Options ===
+The [allocation] section controls how Emulab project allocation is carried out on the host where `fedd` is running.  If the '''uri''' option is set in the [access] section, the [allocation] section defined the parameters used to communicate with the remote `fedd`.  If not, project allocation will occur on this machine and the parameters apply to the manipulation of the local Emulab state to grant access.
+In addition they understand the following debugging settings:
+ '''create_debug'''::
+  A boolean.  If '''true''' this access controller will not actually allocate resources, but always report success.  The default is '''false''' - carry out real allocations.
+ '''leave_tmpfiles'''::
+  A boolean. If '''true''' the controller will not remove temporary files allocated when carrying out operations, notably sub-experiment creation.  The default is '''false'''- clean up.
+==== Emulab Controllers ====
+Emulab controllers understand and respect the following options, as well as the [allocation] section described below.
+ '''boss'''::
+  Hostname to report as boss to remote testbeds granted access.  A requesting `fedd` uses this to configure internals of the
+  federated experiment.  This is just the first component of the name, the '''domain''' option provides the rest.
+ '''eventserver'''::
+  Hostname of the machine that forwards events in this testbed. Returned to the requester to allow manipulation of resources.
+ '''fileserver'''::
+  Hostname of the machine that serves user files in this testbed. Returned to the requester to allow manipulation of resources.
+ '''ops'''::
+  Hostname of the machine that serves user services in this testbed. Returned to the requester to allow manipulation of resources.
+ '''ssh_privkey_file'''::
+   The public key that this `fedd` will use to access remote Emulab services, if it is a remote access controller.  Protect it appropriately.  Earlier versions always defined this option in as an experiment control option.  That is no longer supported.
+ '''type'''::
+   Emulab access controllers can either run on the local testbed inforastructure (users and boss as described in [FeddDownload#Whatmachinesshouldrunfedd the downloading and installation documentation]) or on another node as a proxy.  Choices are '''remote_emulab''' and '''local_emulab'''.  Remote access controllers access the testbed using ssh for file transfer and other reasons using the key given in '''ssh_privkey_file'''.
+=====Allocation Options =====
+The [allocation] section controls how Emulab access controllers allocate projects locally. If the '''uri''' option is set in the [access] section, the [allocation] section defined the parameters used to communicate with the remote `fedd`.  If not, project allocation will occur on this machine and the parameters apply to the manipulation of the local Emulab state to grant access.
+We do not discuss the somewhat unusual case of a '''remote_emulab''' access controller that creates and destroys projects on the
+remote emulab by talking to a '''local_emulab''' access controller running on the remote Emulab.  Such a thing works, though.
 The following options are valid:
 …
   Script to attach a new local (Emulab) user to a local (Emulab) project.  The `user_to_project.py` script shipped with `fedd` is used for this purpose by default.  Specifically, the default value of this option is `/usr/local/bin/user_to_project.py`.
+==== Dragon Access Controllers ====
+DRAGON access controllers allocate resources using the [https://wiki.internet2.edu/confluence/display/DCNSS/Java+Client+API OSCARS client software] so much of its configuration is concerned with connecting the plug-in to that software.
+DRAGON controllers understand and respect the following settings.
+ '''axis2_home'''::
+  OSCARS depends on the [http://ws.apache.org/axis2 axis web services client classes].  Setting this variable to the location of these classes is required.
+ '''cli_dir'''::
+  The location of the OSCARS command line installation.
+ '''idc'''::
+  The uri of the inderdomain controller to reserve circuits through.
 === Experiment Control Options ===
 …
  '''cert_pwd'''::
   Password for the private key in '''cert_file'''.  If the [globals] certificate is used, so is the [globals] '''cert_pwd''', if any.
- '''create_debug'''::
-  If this boolean is true, this component will not create the experiment, though it will make access control requests to remote testbeds.
- '''fedkit'''::
-  Location of the tar file containing the [FeddAbout#TheFederationKit federation kit] to establish the expriment.  There is a version available from the downloading [FeddDownload section].
  '''experiment_state'''::
  Name of the file where current experiment state state is saved.  This state includes
   the allocations made to support each federated experiment request as well as the information necessary to release those resources.  Must be specified for experiment to survive
   fedd failures or node reboots.  A file in `/var/db/fedd` is often used.
+ '''fedkit'''::
+  Location of the tar file containing the [FeddAbout#TheFederationKit federation kit] to establish the expriment.  There is a version available from the downloading [FeddDownload section].
+ '''gatewaykit'''::
+  Location of the tar file containing additional software required on the in experiments to support extra services.  For [http://seer.isi.deterlab.net SEER]-controlled experiments, a seer tarfile is used.
  '''log_level'''::
   The level of logging to produce from this component.  One of `debug`, `info`, `warning`, `critical`, and `error`.  See the [http://www.python.org/doc/current/library/logging.html standard python logging system] for details.
  '''mapdb'''::
   Database that controlls the default mapping from testbed name to contact URI.
- '''ssh_pubkey_file'''::
-   The public key that this `fedd` will use to access remote Emulab services.  Required.
- '''ssh_privkey_file'''::
-   The private key corresponding to the key in '''ssh_pubkey_file'''.  This should be accessibel without a password, and properly protected, for example in a local filesystem with appropriate permissions, or with `fedd` running under an ssh agent.
- '''ssh_keytype'''::
-  Type of key generated for internal accesses in the experiment.  It can be either dsa or rsa, but probably does not need to be changed.
  '''splitter_uri'''::
   Contact point for using a remote experiment splitter.  Generally this should be set to !http://users.isi.dertelab.net:23235 .