Changes between Version 20 and Version 21 of FeddConfig

Timestamp:

Jun 5, 2010 2:39:48 PM (14 years ago)

Author:

faber

Comment:

--

FeddConfig

@@ -7 +7 @@
 your testbed.
 
-Fedd is broken into 4 components: experiment control, access control,
-project allocation, and experiment description parsing (most
-installations will not need this component).  There is a global
-configuration file with subsections devoted to each of these components.
-Each component also has an access database that defines the services
-they grant to a given fedid.  We described the global configuration file
+Fedd configuration files are broken down into sections that configure the various subcomponents.  For experiment controllers, only the experiment_control section is required.  Access controllers require more or fewer sections based on the features provided by the [FeddPluginArchitecture plug-in] that is being used.  Though the richness of configuration may seem daunting at first, the examples section should lead you to simple setups.
+
+Access controllers and experiment controllers each have an access database that defines the services
+they grant to a given fedid.  We describe the global configuration file
 first, and then the access databases.
 
@@ -26 +24 @@
 === Global Options ===
 
-Global options are in the section following the [globals] header.  The
+Global options are in the section following the [globals] header. Experiment controllers and access controllers both use it. The
 following attributes are used:
 
- '''accessdb'''::      
-        global fedid -> access attribute mapping database.  See the [FeddDatabases databases section] for information on the format and generation methods.
  '''cert_file'''::
         the file containing the [FeddConfig#MakingaFedidCertificate certificate and private key] for this 
@@ -75 +71 @@
   fedd failures or node reboots.  A file in `/var/db/fedd` is often used.
  '''access_type'''::
-  The underlying plug-in module to use for access.  Currently '''emulab''' and '''dragon''' are understood.  We will be adding more choices as well as dynamic choices in the near future.   The default is '''emulab''', for backward compatibility.
- '''allow_proxy'''::
-  Allow this fedd to act as a proxy for others in making access requests.  This
-  functionality is in development and ''not'' intended for use yet.
+  The underlying plug-in module to use for access.  Currently '''emulab''', '''dragon''', '''deter_internal''', and '''protogeni''' are understood.  We will be adding more choices as well as dynamic choices in the near future.   The default is '''emulab''', for backward compatibility.
  '''cert_file'''::
   Certificate used to assert identity of the access controller.  It uses this
@@ -94 +87 @@
   entries, give priority to a project match over a user match.  Default is to
   give priority to the user match.
- '''testbed'''::
-  A comma separated list of URLs that this fedd answers requests on.  Requests
-  for testbeds other that these will be denied, or proxied if '''allow_proxy''' is
-  true (which it ''shouldn't'' be).
  '''trusted_certs'''::
   a file containing the trusted CAs used for SSL validation.  If this is not
@@ -114 +103 @@
 Emulab controllers understand and respect the following options, as well as the [allocation] section described below.
 
- '''boss'''::
-  Hostname to report as boss to remote testbeds granted access.  A requesting `fedd` uses this to configure internals of the 
-  federated experiment.  This is just the first component of the name, the '''domain''' option provides the rest.
- '''eventserver'''::
-  Hostname of the machine that forwards events in this testbed. Returned to the requester to allow manipulation of resources.
- '''fileserver'''::
-  Hostname of the machine that serves user files in this testbed. Returned to the requester to allow manipulation of resources.
- '''ops'''::
-  Hostname of the machine that serves user services in this testbed. Returned to the requester to allow manipulation of resources.
+ '''deter_internal'''::
+  True if the Emulab supports interval VLANs controlled by a `deter_internal` controller.
+ '''dragon'''::
+ True if the testbed is connected to the DRAGON transit
+ '''dragon_vlags'''::
+ If the testbed is connected to a set of static DRAGON VLAN termination numbers, this is the list of VLAN IDs.  The lists of the form 1-10,11,14 are permitted.
+ '''federation_software'''::
+  Location of the tar file containing the [FeddAbout#TheFederationKit federation kit] to establish the on all nodes.  This is a list of installation directory, software pairs.  `/usr/local /usr/local/etc/fedd/fedkit.tgz` will install the tarball in `fedkit.tgz` in `/usr/local`. The destination directory can be `rpm` if the software is in an rpm file. There is a version available from the downloading [FeddDownload section] that can be installed in `/usr`.
+ '''local_seer_software'''::
+ '''local_seer_image'''::
+ '''local_seer_startup'''::
+ The software, disk image, and startup commands necessary to start a local [http://seer.isi.deterlab.net SEER] controller.
+ '''node_startcommand'''::
+ Startcommand to run for a generic node.  The version given in the [FeddConfigExamples examples] is right for our fedkit.
+ '''portal_command'''::
+ Ns2 command to embed in an experiment description for a portal node, if any
+ '''portal_image'''::
+ Required image for a portal node, if any
+ '''portal_software'''::
+  Location of the tar file containing additional software required on the in experiments to support extra services.  It has the same format as '''federation_software'''.
+ '''portal_startcommand'''::
+ Startcommand to run for a portal node.  The version given in the [FeddConfigExamples examples] is right for our fedkit.
+ '''portal_type''':: 
+ Required portal hardware type, if any
+ '''ssh_port'''::
+ Port used by portal nodes for remote access.  This rarely needs to be overridden.
  '''ssh_privkey_file'''::
    The public key that this `fedd` will use to access remote Emulab services, if it is a remote access controller.  Protect it appropriately.  Earlier versions always defined this option in as an experiment control option.  That is no longer supported.
+ '''tunnel_config'''::
+ True if the testbed supports DETER extensions to tmcd for external access
  '''type'''::
-   Emulab access controllers can either run on the local testbed inforastructure (users and boss as described in [FeddDownload#Whatmachinesshouldrunfedd the downloading and installation documentation]) or on another node as a proxy.  Choices are '''remote_emulab''' and '''local_emulab'''.  Remote access controllers access the testbed using ssh for file transfer and other reasons using the key given in '''ssh_privkey_file'''.
+   Emulab access controllers can either run on the local testbed infrastructure (users and boss as described in [FeddDownload#Whatmachinesshouldrunfedd the downloading and installation documentation]) or on another node as a proxy.  Choices are '''remote_emulab''' and '''local_emulab'''.  Remote access controllers access the testbed using ssh for file transfer and other reasons using the key given in '''ssh_privkey_file'''.
+ '''userconfdir'''::
+  Directory used to stage information about user accounts that are exported to other testbeds.  It needs to be writeable by fedd.
+ '''userconfcmd'''::
+  External command used to export user information.  It should return the user accounts to create in a format similar to the Emulab tmcd USERS command.  Specifically group entries should be formatted as
+
+  {{{
+  ADDGROUP NAME=name GID=digits
+  }}}
+
+  and user information as
+
+  {{{
+  ADDUSER LOGIN=name PSWD=hash WPSWD=passwd UID=digits GID=digits ROOT=1/0 NAME="user name" HOMEDIR=path GLIST="gname gname" EMAIL="a@b" SHELL=shell
+  }}}
+
+  This is required if the controller is to export user accounts.
+  '''userconfurl'''::
+  URL from which to acquire the exported user information.  It should almost always be the access controller's URL.
+
 
 ===== Allocation Options =====
@@ -197 +224 @@
   The uri of the inderdomain controller to reserve circuits through.
 
+==== ProtoGENI ====
+
+ProtoGENI controllers understand the following settings:
+
+ '''ch_url'''::
+ The URL of the ProtoGENI clearinghouse
+ '''cm_url'''::
+ The URL of the ProtoGENI component manager
+ '''deter_internal'''::
+  True if the Emulab supports interval VLANs controlled by a `deter_internal` controller.
+ '''dragon'''::
+ True if the testbed is connected to the DRAGON transit
+ '''dragon_vlags'''::
+ If the testbed is connected to a set of static DRAGON VLAN termination numbers, this is the list of VLAN IDs.  The lists of the form 1-10,11,14 are permitted.
+ '''federation_software'''::
+  Location of the tar file containing the [FeddAbout#TheFederationKit federation kit] to establish the on all nodes.  This is a list of installation directory, software pairs.  `/usr/local /usr/local/etc/fedd/fedkit.tgz` will install the tarball in `fedkit.tgz` in `/usr/local`. The destination directory can be `rpm` if the software is in an rpm file. There is a version available from the downloading [FeddDownload section] that can be installed in `/usr`.
+ '''local_seer_software'''::
+ '''local_seer_image'''::
+ '''local_seer_startup'''::
+ The software, disk image, and startup commands necessary to start a local [http://seer.isi.deterlab.net SEER] controller.
+ '''node_startcommand'''::
+ Startcommand to run for a generic node.  The version given in the [FeddConfigExamples examples] is right for our fedkit.
+ '''portal_command'''::
+ Ns2 command to embed in an experiment description for a portal node, if any
+ '''portal_image'''::
+ Required image for a portal node, if any
+ '''portal_software'''::
+  Location of the tar file containing additional software required on the in experiments to support extra services.  It has the same format as '''federation_software'''.
+ '''portal_startcommand'''::
+ Startcommand to run for a portal node.  The version given in the [FeddConfigExamples examples] is right for our fedkit.
+ '''portal_type''':: 
+ Required portal hardware type, if any
+ '''renewal'''::
+ Renewal interval for ProtoGENI slices, in minutes.
+ '''sa_url'''::
+ The URL of the ProtoGENI slice authority.
+ '''sshd''::
+ Pathname of an alternative ssh daemon to run on ProtoGENI nodes.
+'''sshd_config''::
+ Pathname of an alternative ssh daemon configuration file to use on ProtoGENI nodes.
+ '''ssh_port'''::
+ Port used by portal nodes for remote access.  This rarely needs to be overridden.
+ '''ssh_privkey_file'''::
+   The public key that this `fedd` will use to access remote Emulab services, if it is a remote access controller.  Protect it appropriately.  Earlier versions always defined this option in as an experiment control option.  That is no longer supported.
+ '''staging_dir'''::
+ Directory on the '''staging_host''' where software is staged for loaging onto protoGENI nodes.  The fedd must be able to write to it.
+ '''staging_host'''::
+ The host on which to stage software bound for ProtoGENI nodes.  If it is not the same machine on which the daemon runs, it must be accessible through the ssh parameters configured for this fedd. 
+ '''tunnel_config'''::
+ True if the testbed supports DETER extensions to tmcd for external access
+ '''type'''::
+   Emulab access controllers can either run on the local testbed infrastructure (users and boss as described in [FeddDownload#Whatmachinesshouldrunfedd the downloading and installation documentation]) or on another node as a proxy.  Choices are '''remote_emulab''' and '''local_emulab'''.  Remote access controllers access the testbed using ssh for file transfer and other reasons using the key given in '''ssh_privkey_file'''.
+ '''userconfdir'''::
+  Directory used to stage information about user accounts that are exported to other testbeds.  It needs to be writeable by fedd.
+ '''userconfcmd'''::
+  External command used to export user information.  It should return the user accounts to create in a format similar to the Emulab tmcd USERS command.  Specifically group entries should be formatted as
+
+  {{{
+  ADDGROUP NAME=name GID=digits
+  }}}
+
+  and user information as
+
+  {{{
+  ADDUSER LOGIN=name PSWD=hash WPSWD=passwd UID=digits GID=digits ROOT=1/0 NAME="user name" HOMEDIR=path GLIST="gname gname" EMAIL="a@b" SHELL=shell
+  }}}
+
+  This is required if the controller is to export user accounts.
+  '''userconfurl'''::
+  URL from which to acquire the exported user information.  It should almost always be the access controller's URL.
+
+
 === Experiment Control Options ===
 
@@ -211 +310 @@
   the allocations made to support each federated experiment request as well as the information necessary to release those resources.  Must be specified for experiment to survive
   fedd failures or node reboots.  A file in `/var/db/fedd` is often used.
- '''fedkit'''::
-  Location of the tar file containing the [FeddAbout#TheFederationKit federation kit] to establish the expriment.  There is a version available from the downloading [FeddDownload section].
- '''gatewaykit'''::
-  Location of the tar file containing additional software required on the in experiments to support extra services.  For [http://seer.isi.deterlab.net SEER]-controlled experiments, a seer tarfile is used.
  '''log_level'''::
   The level of logging to produce from this component.  One of `debug`, `info`, `warning`, `critical`, and `error`.  See the [http://www.python.org/doc/current/library/logging.html standard python logging system] for details.
  '''mapdb'''::
   Database that controlls the default mapping from testbed name to contact URI.
- '''splitter_uri'''::
-  Contact point for using a remote experiment splitter.  Generally this should be set to !http://users.isi.dertelab.net:23235 .
+ '''ns2topdl_uri'''::
+  Contact point for using a remote experiment translator.  Generally this should be set to !http://users.isi.dertelab.net:23235 .
+ '''repodir'''::
+  Directory where fedd can stage software for experiments.  Should be on an adequately sized file system with permissions that the fedd can access.  IN deciding size, consider the size of required software like fedkits and the software users might include in experiments.
+ '''repo_url'''::
+  The URL on which access controllers can collect staged software.  Should almost always be the URL of the experiment controller.
+ '''store_url'''::
+  The URL on which access controllers can collect synchronization information.  Should almost always be the URL of the experiment controller.
+ '''synch_store'''::
+  file in which synchronization information is stored between runs.  This should be a filename in an accessible directory.  Fedd will create it if it does not exist.
  '''tcl_splitter'''::
-  Path to the tcl-based splitter program to be used if splitting is done locally.  If '''splitter_url''' is set, this has no effect.
+  Path to the tcl-based topdl translator program to be used if translation is done locally.  If '''ns2topdl_url''' is set, this has no effect.
  '''trusted_certs'''::
   a file containing the trusted CAs used for SSL validation.  If this is not