Changes between Version 18 and Version 19 of FeddConfig


Ignore:
Timestamp:
Nov 5, 2009 7:16:24 PM (14 years ago)
Author:
faber
Comment:

2.0 updates

Legend:

Unmodified
Added
Removed
Modified
  • FeddConfig

    v18 v19  
    5454=== Access Options ===
    5555
    56 Access control sections follow the [access] header.  These attributes concern the how `fedd` grants access to remote experimenters through their `fedd`.  Some of the parameters are directly related to whether access is granted and some are parameters returned to the requester so it can manipulate the resources once granted.
     56
     57
     58Access control sections follow the [access] header. These sections configure access controllers.  Some options are universal and some are specific to the type of controller in use.
     59
     60These attributes concern the how `fedd` grants access to remote experimenters through their `fedd`.  Some of the parameters are directly related to whether access is granted and some are parameters returned to the requester so it can manipulate the resources once granted.
     61
    5762The following are valid attributes:
     63
     64==== All Controllers ====
     65
     66All controllers understand and respect the following:
    5867
    5968 '''accessdb'''::
     
    6574  what to release and when.  Must be specified for access decisions to survive
    6675  fedd failures or node reboots.  A file in `/var/db/fedd` is often used.
     76 '''access_type'''::
     77  The underlying plug-in module to use for access.  Currently '''emulab''' and '''dragon''' are understood.  We will be adding more choices as well as dynamic choices in the near future.   The default is '''emulab''', for backward compatibility.
    6778 '''allow_proxy'''::
    6879  Allow this fedd to act as a proxy for others in making access requests.  This
    6980  functionality is in development and ''not'' intended for use yet.
    70  '''boss'''::
    71   Hostname to report as boss to remote testbeds granted access.  A requesting `fedd` uses this to configure internals of the
    72   federated experiment.  This is just the first component of the name, the '''domain''' option provides the rest.
    73  '''cert_file'''::
    74   Certificate used to assert identity of the access component.  It uses this
     81 '''cert_file'''::
     82  Certificate used to assert identity of the access controller.  It uses this
    7583  certificate when proxying requests. Note that the certificates used in the [allocate] section are used to contact a remote allocation `fedd`.  If this field is not present and a '''cert_file''' is present in the [globals] section, the [globals] certificate will be used.
     84 '''certdir'''::
     85  Local certificates for granting access to sub-experiments.  This directory should be writable by fedd and unreadable to all others.
    7686 '''cert_pwd'''::
    7787  Password for the private key in '''cert_file'''.  If the [globals] certificate is used, so is the [globals] '''cert_pwd''', if any.
    7888 '''domain'''::
    7989  The trailing (common) parts of the domain name for various hosts.  Returned to the requester to allow manipulation of resources.
    80  '''eventserver'''::
    81   Hostname of the machine that forwards events in this testbed. Returned to the requester to allow manipulation of resources.
    82  '''fileserver'''::
    83   Hostname of the machine that serves user files in this testbed. Returned to the requester to allow manipulation of resources.
    8490 '''log_level'''::
    8591  The level of logging to produce from this component.  One of `debug`, `info`, `warning`, `critical`, and `error`.  See the [http://www.python.org/doc/current/library/logging.html standard python logging system] for details.
     
    96102  present, no certificate path checking is done.  If this field is not present and a '''trusted_certs''' field is present in the [globals] section, the [globals] certificates will be used.
    97103
    98 === Allocation Options ===
    99 
    100 The [allocation] section controls how Emulab project allocation is carried out on the host where `fedd` is running.  If the '''uri''' option is set in the [access] section, the [allocation] section defined the parameters used to communicate with the remote `fedd`.  If not, project allocation will occur on this machine and the parameters apply to the manipulation of the local Emulab state to grant access.
     104In addition they understand the following debugging settings:
     105
     106 '''create_debug'''::
     107  A boolean.  If '''true''' this access controller will not actually allocate resources, but always report success.  The default is '''false''' - carry out real allocations.
     108
     109 '''leave_tmpfiles'''::
     110  A boolean. If '''true''' the controller will not remove temporary files allocated when carrying out operations, notably sub-experiment creation.  The default is '''false'''- clean up.
     111
     112==== Emulab Controllers ====
     113
     114Emulab controllers understand and respect the following options, as well as the [allocation] section described below.
     115
     116 '''boss'''::
     117  Hostname to report as boss to remote testbeds granted access.  A requesting `fedd` uses this to configure internals of the
     118  federated experiment.  This is just the first component of the name, the '''domain''' option provides the rest.
     119 '''eventserver'''::
     120  Hostname of the machine that forwards events in this testbed. Returned to the requester to allow manipulation of resources.
     121 '''fileserver'''::
     122  Hostname of the machine that serves user files in this testbed. Returned to the requester to allow manipulation of resources.
     123 '''ops'''::
     124  Hostname of the machine that serves user services in this testbed. Returned to the requester to allow manipulation of resources.
     125 '''ssh_privkey_file'''::
     126   The public key that this `fedd` will use to access remote Emulab services, if it is a remote access controller.  Protect it appropriately.  Earlier versions always defined this option in as an experiment control option.  That is no longer supported.
     127 '''type'''::
     128   Emulab access controllers can either run on the local testbed inforastructure (users and boss as described in [FeddDownload#Whatmachinesshouldrunfedd the downloading and installation documentation]) or on another node as a proxy.  Choices are '''remote_emulab''' and '''local_emulab'''.  Remote access controllers access the testbed using ssh for file transfer and other reasons using the key given in '''ssh_privkey_file'''.
     129
     130=====Allocation Options =====
     131
     132The [allocation] section controls how Emulab access controllers allocate projects locally. If the '''uri''' option is set in the [access] section, the [allocation] section defined the parameters used to communicate with the remote `fedd`.  If not, project allocation will occur on this machine and the parameters apply to the manipulation of the local Emulab state to grant access.
     133
     134We do not discuss the somewhat unusual case of a '''remote_emulab''' access controller that creates and destroys projects on the
     135remote emulab by talking to a '''local_emulab''' access controller running on the remote Emulab.  Such a thing works, though.
    101136
    102137The following options are valid:
     
    147182  Script to attach a new local (Emulab) user to a local (Emulab) project.  The `user_to_project.py` script shipped with `fedd` is used for this purpose by default.  Specifically, the default value of this option is `/usr/local/bin/user_to_project.py`.
    148183
     184==== Dragon Access Controllers ====
     185
     186DRAGON access controllers allocate resources using the [https://wiki.internet2.edu/confluence/display/DCNSS/Java+Client+API OSCARS client software] so much of its configuration is concerned with connecting the plug-in to that software.
     187
     188DRAGON controllers understand and respect the following settings.
     189
     190 '''axis2_home'''::
     191  OSCARS depends on the [http://ws.apache.org/axis2 axis web services client classes].  Setting this variable to the location of these classes is required.
     192
     193 '''cli_dir'''::
     194  The location of the OSCARS command line installation.
     195
     196 '''idc'''::
     197  The uri of the inderdomain controller to reserve circuits through.
     198
    149199=== Experiment Control Options ===
    150200
     
    157207 '''cert_pwd'''::
    158208  Password for the private key in '''cert_file'''.  If the [globals] certificate is used, so is the [globals] '''cert_pwd''', if any.
    159  '''create_debug'''::
    160   If this boolean is true, this component will not create the experiment, though it will make access control requests to remote testbeds.
    161  '''fedkit'''::
    162   Location of the tar file containing the [FeddAbout#TheFederationKit federation kit] to establish the expriment.  There is a version available from the downloading [FeddDownload section].
    163209 '''experiment_state'''::
    164210 Name of the file where current experiment state state is saved.  This state includes
    165211  the allocations made to support each federated experiment request as well as the information necessary to release those resources.  Must be specified for experiment to survive
    166212  fedd failures or node reboots.  A file in `/var/db/fedd` is often used.
     213 '''fedkit'''::
     214  Location of the tar file containing the [FeddAbout#TheFederationKit federation kit] to establish the expriment.  There is a version available from the downloading [FeddDownload section].
     215 '''gatewaykit'''::
     216  Location of the tar file containing additional software required on the in experiments to support extra services.  For [http://seer.isi.deterlab.net SEER]-controlled experiments, a seer tarfile is used.
    167217 '''log_level'''::
    168218  The level of logging to produce from this component.  One of `debug`, `info`, `warning`, `critical`, and `error`.  See the [http://www.python.org/doc/current/library/logging.html standard python logging system] for details.
    169219 '''mapdb'''::
    170220  Database that controlls the default mapping from testbed name to contact URI.
    171  '''ssh_pubkey_file'''::
    172    The public key that this `fedd` will use to access remote Emulab services.  Required.
    173  '''ssh_privkey_file'''::
    174    The private key corresponding to the key in '''ssh_pubkey_file'''.  This should be accessibel without a password, and properly protected, for example in a local filesystem with appropriate permissions, or with `fedd` running under an ssh agent.
    175  '''ssh_keytype'''::
    176   Type of key generated for internal accesses in the experiment.  It can be either dsa or rsa, but probably does not need to be changed.
    177221 '''splitter_uri'''::
    178222  Contact point for using a remote experiment splitter.  Generally this should be set to !http://users.isi.dertelab.net:23235 .