Changes between Version 3 and Version 4 of FeddConfigExamples


Ignore:
Timestamp:
Dec 11, 2008 2:08:30 PM (15 years ago)
Author:
faber
Comment:

--

Legend:

Unmodified
Added
Removed
Modified

  • FeddConfigExamples

    v3 v4  
    120120In this case two `fedd`s are running.  The one on users accepts and evaluates access requests but calls out to the `fedd` on boss to do the manipulation of local testbed state.  Boss may choose to firewall all other hosts (except users) away from the fedd port, though the    `fedd` access controls will also protect access.  The situation looks like this:
    121121
     122[[Image(2fedds.png)]]
     123
     124The configuration file on users looks like:
     125
     126{{{
     127[globals]
     128# Identify this fedd by the fedid encoded as a certificate file (user file protections to protect it)
     129cert_file: /usr/local/etc/fedd/fedd.pem
     130# Provide service on port 23235
     131services: 23235
     132
     133[access]
     134# Keep access state (which experiments are live) in this file
     135# Be sure it is writeable by the fedd user
     136access_state: /var/db/fedd/deter_access.state
     137
     138# Parameters for remote fedds to instantiate experiments
     139boss: boss
     140ops: users
     141domain: .isi.deterlab.net
     142fileserver: fs
     143eventserver: event-server
     144
     145# This machine's URI to discriminate proxy requests (NB: this runs on users)
     146testbed: https://users.isi.deterlab.net:23235
     147
     148# The database that maps requester to local access projects (shown below)
     149accessdb: /usr/local/etc/fedd/deter_access
     150
     151[allocate]
     152# Contact boss for allocations
     153uri: https://boss.ucb.deterlab.net:23235
     154
     155}}}
     156
     157In addition the [FeddDatabases#AccessComponentAccessDB access component accessdb] in `/usr/local/etc/fedd/deter_access` might be similar to the following.  Note that the users `fedd` contains all the information to make the decisions about access.
     158
     159{{{
     160# Overrides for the connector image and type
     161attribute: connectorImage value: FBSD7-TVF
     162attribute: connectorType value: pc3000_tunnel
     163
     164# Nodes of this type are not generally accessible
     165restricted: rpc_3000
     166
     167# Additional keys may be added to these groups.  Note that when a user with emulab-ops as the project in their
     168# three-level name accesses the testbed, the fedd project will be given access to the restricted node type
     169# rpc_3000.  Requesters with Deter as the project will be unable to successfully request access to such nodes.
     170(fedid:ce90957dd5b7d20f9c3890c4599313b7f1cf31ea, Deter, <any>) -> (Federation, fedd, <same>)
     171(fedid:ce90957dd5b7d20f9c3890c4599313b7f1cf31ea, emulab-ops, <any>) -> (Federation, fedd:rpc_3000, <same>)
     172
     173}}}
     174