Changes between Version 20 and Version 21 of FeddConfig


Ignore:
Timestamp:
Jun 5, 2010 2:39:48 PM (14 years ago)
Author:
faber
Comment:

--

Legend:

Unmodified
Added
Removed
Modified
  • FeddConfig

    v20 v21  
    77your testbed.
    88
    9 Fedd is broken into 4 components: experiment control, access control,
    10 project allocation, and experiment description parsing (most
    11 installations will not need this component).  There is a global
    12 configuration file with subsections devoted to each of these components.
    13 Each component also has an access database that defines the services
    14 they grant to a given fedid.  We described the global configuration file
     9Fedd configuration files are broken down into sections that configure the various subcomponents.  For experiment controllers, only the experiment_control section is required.  Access controllers require more or fewer sections based on the features provided by the [FeddPluginArchitecture plug-in] that is being used.  Though the richness of configuration may seem daunting at first, the examples section should lead you to simple setups.
     10
     11Access controllers and experiment controllers each have an access database that defines the services
     12they grant to a given fedid.  We describe the global configuration file
    1513first, and then the access databases.
    1614
     
    2624=== Global Options ===
    2725
    28 Global options are in the section following the [globals] header. The
     26Global options are in the section following the [globals] header. Experiment controllers and access controllers both use it. The
    2927following attributes are used:
    3028
    31  '''accessdb'''::     
    32         global fedid -> access attribute mapping database.  See the [FeddDatabases databases section] for information on the format and generation methods.
    3329 '''cert_file'''::
    3430        the file containing the [FeddConfig#MakingaFedidCertificate certificate and private key] for this
     
    7571  fedd failures or node reboots.  A file in `/var/db/fedd` is often used.
    7672 '''access_type'''::
    77   The underlying plug-in module to use for access.  Currently '''emulab''' and '''dragon''' are understood.  We will be adding more choices as well as dynamic choices in the near future.   The default is '''emulab''', for backward compatibility.
    78  '''allow_proxy'''::
    79   Allow this fedd to act as a proxy for others in making access requests.  This
    80   functionality is in development and ''not'' intended for use yet.
     73  The underlying plug-in module to use for access.  Currently '''emulab''', '''dragon''', '''deter_internal''', and '''protogeni''' are understood.  We will be adding more choices as well as dynamic choices in the near future.   The default is '''emulab''', for backward compatibility.
    8174 '''cert_file'''::
    8275  Certificate used to assert identity of the access controller.  It uses this
     
    9487  entries, give priority to a project match over a user match.  Default is to
    9588  give priority to the user match.
    96  '''testbed'''::
    97   A comma separated list of URLs that this fedd answers requests on.  Requests
    98   for testbeds other that these will be denied, or proxied if '''allow_proxy''' is
    99   true (which it ''shouldn't'' be).
    10089 '''trusted_certs'''::
    10190  a file containing the trusted CAs used for SSL validation.  If this is not
     
    114103Emulab controllers understand and respect the following options, as well as the [allocation] section described below.
    115104
    116  '''boss'''::
    117   Hostname to report as boss to remote testbeds granted access.  A requesting `fedd` uses this to configure internals of the
    118   federated experiment.  This is just the first component of the name, the '''domain''' option provides the rest.
    119  '''eventserver'''::
    120   Hostname of the machine that forwards events in this testbed. Returned to the requester to allow manipulation of resources.
    121  '''fileserver'''::
    122   Hostname of the machine that serves user files in this testbed. Returned to the requester to allow manipulation of resources.
    123  '''ops'''::
    124   Hostname of the machine that serves user services in this testbed. Returned to the requester to allow manipulation of resources.
     105 '''deter_internal'''::
     106  True if the Emulab supports interval VLANs controlled by a `deter_internal` controller.
     107 '''dragon'''::
     108 True if the testbed is connected to the DRAGON transit
     109 '''dragon_vlags'''::
     110 If the testbed is connected to a set of static DRAGON VLAN termination numbers, this is the list of VLAN IDs.  The lists of the form 1-10,11,14 are permitted.
     111 '''federation_software'''::
     112  Location of the tar file containing the [FeddAbout#TheFederationKit federation kit] to establish the on all nodes.  This is a list of installation directory, software pairs.  `/usr/local /usr/local/etc/fedd/fedkit.tgz` will install the tarball in `fedkit.tgz` in `/usr/local`. The destination directory can be `rpm` if the software is in an rpm file. There is a version available from the downloading [FeddDownload section] that can be installed in `/usr`.
     113 '''local_seer_software'''::
     114 '''local_seer_image'''::
     115 '''local_seer_startup'''::
     116 The software, disk image, and startup commands necessary to start a local [http://seer.isi.deterlab.net SEER] controller.
     117 '''node_startcommand'''::
     118 Startcommand to run for a generic node.  The version given in the [FeddConfigExamples examples] is right for our fedkit.
     119 '''portal_command'''::
     120 Ns2 command to embed in an experiment description for a portal node, if any
     121 '''portal_image'''::
     122 Required image for a portal node, if any
     123 '''portal_software'''::
     124  Location of the tar file containing additional software required on the in experiments to support extra services.  It has the same format as '''federation_software'''.
     125 '''portal_startcommand'''::
     126 Startcommand to run for a portal node.  The version given in the [FeddConfigExamples examples] is right for our fedkit.
     127 '''portal_type'''::
     128 Required portal hardware type, if any
     129 '''ssh_port'''::
     130 Port used by portal nodes for remote access.  This rarely needs to be overridden.
    125131 '''ssh_privkey_file'''::
    126132   The public key that this `fedd` will use to access remote Emulab services, if it is a remote access controller.  Protect it appropriately.  Earlier versions always defined this option in as an experiment control option.  That is no longer supported.
     133 '''tunnel_config'''::
     134 True if the testbed supports DETER extensions to tmcd for external access
    127135 '''type'''::
    128    Emulab access controllers can either run on the local testbed inforastructure (users and boss as described in [FeddDownload#Whatmachinesshouldrunfedd the downloading and installation documentation]) or on another node as a proxy.  Choices are '''remote_emulab''' and '''local_emulab'''.  Remote access controllers access the testbed using ssh for file transfer and other reasons using the key given in '''ssh_privkey_file'''.
     136   Emulab access controllers can either run on the local testbed infrastructure (users and boss as described in [FeddDownload#Whatmachinesshouldrunfedd the downloading and installation documentation]) or on another node as a proxy.  Choices are '''remote_emulab''' and '''local_emulab'''.  Remote access controllers access the testbed using ssh for file transfer and other reasons using the key given in '''ssh_privkey_file'''.
     137 '''userconfdir'''::
     138  Directory used to stage information about user accounts that are exported to other testbeds.  It needs to be writeable by fedd.
     139 '''userconfcmd'''::
     140  External command used to export user information.  It should return the user accounts to create in a format similar to the Emulab tmcd USERS command.  Specifically group entries should be formatted as
     141
     142  {{{
     143  ADDGROUP NAME=name GID=digits
     144  }}}
     145
     146  and user information as
     147
     148  {{{
     149  ADDUSER LOGIN=name PSWD=hash WPSWD=passwd UID=digits GID=digits ROOT=1/0 NAME="user name" HOMEDIR=path GLIST="gname gname" EMAIL="a@b" SHELL=shell
     150  }}}
     151
     152  This is required if the controller is to export user accounts.
     153  '''userconfurl'''::
     154  URL from which to acquire the exported user information.  It should almost always be the access controller's URL.
     155
    129156
    130157===== Allocation Options =====
     
    197224  The uri of the inderdomain controller to reserve circuits through.
    198225
     226==== ProtoGENI ====
     227
     228ProtoGENI controllers understand the following settings:
     229
     230 '''ch_url'''::
     231 The URL of the ProtoGENI clearinghouse
     232 '''cm_url'''::
     233 The URL of the ProtoGENI component manager
     234 '''deter_internal'''::
     235  True if the Emulab supports interval VLANs controlled by a `deter_internal` controller.
     236 '''dragon'''::
     237 True if the testbed is connected to the DRAGON transit
     238 '''dragon_vlags'''::
     239 If the testbed is connected to a set of static DRAGON VLAN termination numbers, this is the list of VLAN IDs.  The lists of the form 1-10,11,14 are permitted.
     240 '''federation_software'''::
     241  Location of the tar file containing the [FeddAbout#TheFederationKit federation kit] to establish the on all nodes.  This is a list of installation directory, software pairs.  `/usr/local /usr/local/etc/fedd/fedkit.tgz` will install the tarball in `fedkit.tgz` in `/usr/local`. The destination directory can be `rpm` if the software is in an rpm file. There is a version available from the downloading [FeddDownload section] that can be installed in `/usr`.
     242 '''local_seer_software'''::
     243 '''local_seer_image'''::
     244 '''local_seer_startup'''::
     245 The software, disk image, and startup commands necessary to start a local [http://seer.isi.deterlab.net SEER] controller.
     246 '''node_startcommand'''::
     247 Startcommand to run for a generic node.  The version given in the [FeddConfigExamples examples] is right for our fedkit.
     248 '''portal_command'''::
     249 Ns2 command to embed in an experiment description for a portal node, if any
     250 '''portal_image'''::
     251 Required image for a portal node, if any
     252 '''portal_software'''::
     253  Location of the tar file containing additional software required on the in experiments to support extra services.  It has the same format as '''federation_software'''.
     254 '''portal_startcommand'''::
     255 Startcommand to run for a portal node.  The version given in the [FeddConfigExamples examples] is right for our fedkit.
     256 '''portal_type'''::
     257 Required portal hardware type, if any
     258 '''renewal'''::
     259 Renewal interval for ProtoGENI slices, in minutes.
     260 '''sa_url'''::
     261 The URL of the ProtoGENI slice authority.
     262 '''sshd''::
     263 Pathname of an alternative ssh daemon to run on ProtoGENI nodes.
     264'''sshd_config''::
     265 Pathname of an alternative ssh daemon configuration file to use on ProtoGENI nodes.
     266 '''ssh_port'''::
     267 Port used by portal nodes for remote access.  This rarely needs to be overridden.
     268 '''ssh_privkey_file'''::
     269   The public key that this `fedd` will use to access remote Emulab services, if it is a remote access controller.  Protect it appropriately.  Earlier versions always defined this option in as an experiment control option.  That is no longer supported.
     270 '''staging_dir'''::
     271 Directory on the '''staging_host''' where software is staged for loaging onto protoGENI nodes.  The fedd must be able to write to it.
     272 '''staging_host'''::
     273 The host on which to stage software bound for ProtoGENI nodes.  If it is not the same machine on which the daemon runs, it must be accessible through the ssh parameters configured for this fedd.
     274 '''tunnel_config'''::
     275 True if the testbed supports DETER extensions to tmcd for external access
     276 '''type'''::
     277   Emulab access controllers can either run on the local testbed infrastructure (users and boss as described in [FeddDownload#Whatmachinesshouldrunfedd the downloading and installation documentation]) or on another node as a proxy.  Choices are '''remote_emulab''' and '''local_emulab'''.  Remote access controllers access the testbed using ssh for file transfer and other reasons using the key given in '''ssh_privkey_file'''.
     278 '''userconfdir'''::
     279  Directory used to stage information about user accounts that are exported to other testbeds.  It needs to be writeable by fedd.
     280 '''userconfcmd'''::
     281  External command used to export user information.  It should return the user accounts to create in a format similar to the Emulab tmcd USERS command.  Specifically group entries should be formatted as
     282
     283  {{{
     284  ADDGROUP NAME=name GID=digits
     285  }}}
     286
     287  and user information as
     288
     289  {{{
     290  ADDUSER LOGIN=name PSWD=hash WPSWD=passwd UID=digits GID=digits ROOT=1/0 NAME="user name" HOMEDIR=path GLIST="gname gname" EMAIL="a@b" SHELL=shell
     291  }}}
     292
     293  This is required if the controller is to export user accounts.
     294  '''userconfurl'''::
     295  URL from which to acquire the exported user information.  It should almost always be the access controller's URL.
     296
     297
    199298=== Experiment Control Options ===
    200299
     
    211310  the allocations made to support each federated experiment request as well as the information necessary to release those resources.  Must be specified for experiment to survive
    212311  fedd failures or node reboots.  A file in `/var/db/fedd` is often used.
    213  '''fedkit'''::
    214   Location of the tar file containing the [FeddAbout#TheFederationKit federation kit] to establish the expriment.  There is a version available from the downloading [FeddDownload section].
    215  '''gatewaykit'''::
    216   Location of the tar file containing additional software required on the in experiments to support extra services.  For [http://seer.isi.deterlab.net SEER]-controlled experiments, a seer tarfile is used.
    217312 '''log_level'''::
    218313  The level of logging to produce from this component.  One of `debug`, `info`, `warning`, `critical`, and `error`.  See the [http://www.python.org/doc/current/library/logging.html standard python logging system] for details.
    219314 '''mapdb'''::
    220315  Database that controlls the default mapping from testbed name to contact URI.
    221  '''splitter_uri'''::
    222   Contact point for using a remote experiment splitter.  Generally this should be set to !http://users.isi.dertelab.net:23235 .
     316 '''ns2topdl_uri'''::
     317  Contact point for using a remote experiment translator.  Generally this should be set to !http://users.isi.dertelab.net:23235 .
     318 '''repodir'''::
     319  Directory where fedd can stage software for experiments.  Should be on an adequately sized file system with permissions that the fedd can access.  IN deciding size, consider the size of required software like fedkits and the software users might include in experiments.
     320 '''repo_url'''::
     321  The URL on which access controllers can collect staged software.  Should almost always be the URL of the experiment controller.
     322 '''store_url'''::
     323  The URL on which access controllers can collect synchronization information.  Should almost always be the URL of the experiment controller.
     324 '''synch_store'''::
     325  file in which synchronization information is stored between runs.  This should be a filename in an accessible directory.  Fedd will create it if it does not exist.
    223326 '''tcl_splitter'''::
    224   Path to the tcl-based splitter program to be used if splitting is done locally.  If '''splitter_url''' is set, this has no effect.
     327  Path to the tcl-based topdl translator program to be used if translation is done locally.  If '''ns2topdl_url''' is set, this has no effect.
    225328 '''trusted_certs'''::
    226329  a file containing the trusted CAs used for SSL validation.  If this is not