Changes between Version 4 and Version 5 of FeddDatabases

Timestamp:

Nov 5, 2009 7:28:06 PM (15 years ago)

Author:

faber

Comment:

--

FeddDatabases

@@ -50 +50 @@
 
 This is the most complex of the accessDBs.  Its purpose is to configure how an access control component maps a [FeddAbout#GlobalIdentifiers:Three-levelNames three level name] to a local testbed user and project, as well as the rights the project must possess (the node types it can access).  It also includes information about which kinds of nodes are restricted and allows a testbed owner to supply additional attributes used in accessing the testbed.
+
+==== Emulab Mappings ====
 
 The file is a text file.  Each line containing a -> represents a rule for mapping from one or more three-level names to local testbed entities.  The format for a three-level name to project info mapping has the format:
@@ -107 +109 @@
 indicates that the use of `node_type` is not open to all users.  If a requester asks for access to a restricted node type and is mapped to a project that does not include access to that type, the `fedd` will deny the request.  To specify multiple such types, include multiple such lines.
 
-For exmaple if `node_type` is restricted and `(fedid:ce90957dd5b7d20f9c3890c4599313b7f1cf31ea,emulab-ops, faber)` makes an access request, that user will succeed if he or she matches:
+For example if `node_type` is restricted and `(fedid:ce90957dd5b7d20f9c3890c4599313b7f1cf31ea,emulab-ops, faber)` makes an access request, that user will succeed if he or she matches:
 
 {{{
@@ -119 +121 @@
 }}}
 
+==== DRAGON Mappings ====
+
+A dragon controller maps the [FeddAbout#GlobalIdentifiers:Three-levelNames three level name] to a directory holding the X.509 certificates to use for the allocation.  In OSCARS command-line terms, it maps the requester to the '''repo''' parameter.  This line;
+
+{{{
+(fedid:ce90957dd5b7d20f9c3890c4599313b7f1cf31ea,emulab-ops, faber) -> (/usr/local/OSCARS/local_repo)
+}}}
+
+Maps the given three-level name to the keys stored in /usr/local/OSCARS/local_repo.  That directory should be protected appropriately.
+
+=== Attributes ====
+
 A line of the form:
 
@@ -127 +141 @@
 specifies an attribute to be passed back to the requester.  In this case the attribute specifies that nodes used to connect this testbed to another federant should use local Emulab image FBSD7-TVF.  Attribute values start with the first non-whitespace character after '''value:''' and continue until the end of the line.
 
-Currently `fedd`'s experiment control system understands the following attributes:
+Currently `fedd`'s experiment system understands the following attributes:
 
  '''!ConnectorImage'''::
@@ -143 +157 @@
  '''SMBShare'''::
   The name of the machine that the SMB file system is exported from.  Defaults to USERS which is usually correct.  If not, swap in a windows experiment and see where your testbed exports from.
+ '''dragon'''::
+  The endpoint designator of this testbed to DRAGON.  This indicates that the testbed is DRAGON-connected.
+ '''vlans'''::
+  The acceptable vlan numbers to allocate from DRAGON, if any.  Ranges and comma separated lists (and lists of ranges) are acceptable.
 
 Generally the '''!StartCmd''' attributes do not need to be modified.