Changes between Version 2 and Version 3 of FeddDesktop


Ignore:
Timestamp:
Jan 21, 2013 10:54:58 PM (11 years ago)
Author:
faber
Comment:

--

Legend:

Unmodified
Added
Removed
Modified

  • FeddDesktop

    v2 v3  
    3737Be sure to run these commands as root before attempting to create experiments using the desktop plugin.
    3838
     39Also follow the [FeddConfig#MakingaFedidCertificate instructions for creating a fedid] for this controller.  Save that identity in the configuration directory we create below.  Conventionally, that ID is stored in {{{fedd.pem}}}.
     40
    3941=== Configuring the Desktop Controller ===
    4042
    41 Create a directory for the data and configuration of the desktop controller.  It does not need to be on a very large file system - a few megs at *most* - but should not be in a temporary directory.  DETER uses {{{/usr/local/etc/fedd}}} for this.  In the configuration directory, create a file similar to [attachment:desktop.conf this one]:
     43Create a directory for the data and configuration of the desktop controller.  It does not need to be on a very large file system - a few megs at *most* - but should not be in a temporary directory.  DETER uses {{{/usr/local/etc/fedd}}} for this.  In the configuration directory, create a file similar to [attachment:desktop.conf this one] called {{{desktop.conf}}}:
    4244
     45{{{
     46[DEFAULT]
     47
     48# The directory containing this file
     49base: /vim/fedd_desktop
     50
     51[access]
     52
     53log_level: debug
     54# Saved controller state
     55access_state: %(base)s/desktop_access.state
     56# saved access info (generated by access_to_abac.py)
     57accessdb: %(base)s/desktop_access_map
     58# The ABAC database (generated by access_to_abac.py)
     59certdir: %(base)s/certs
     60# Location of generated scripts and temp data
     61localdir: %(base)s/local
     62
     63auth_type: abac
     64auth_dir: %(base)s/abac
     65
     66# The hostname of the machine we run on
     67hostname: vim.isi.edu
     68
     69# If set the first hop router to DETER (DNS name or IP address)
     70# gateway: first_hop.your.domain
     71
     72# If set the IP address of the interface to use in accessing DETER (Linux only)
     73# interface_address 192.168.1.1
     74
     75[globals]
     76# The controllers self-signed identity (X.509 cert)
     77cert_file: %(base)s/fedd.pem
     78# Port on which to listen
     79services: 23235
     80# This is a desktop access controller
     81access_type: desktop
     82}}}
     83
     84You will want to change {{{base}}} to point to the configuration file, and {{{hostname}}} to be the DNS name of the machine the controller runs on.  If you want to route the experimental traffic through a particular interface, you can use the {{{gateway}}} or {{{interface_address}}} parameters to select the interface to use.  If {{{gateway}}} is set, the interface that routes to that gateway will be used.  If {{{interface_address}}} is set, the interface that has that address assigned will be used.  Currently {{{interface_address}}} only works on Linux machines.
     85
     86The rest of the defaults are probably acceptable, but they are described in the comments and [FeddConfig#MainConfigurationFilefedd.conf this documentation].
     87
     88In addition, in the configuration directory create 3 subdirectories:
     89
     90 * certs - used to hold allocation fedids (if you prefer another name, change the {{{certdir}}} parameter in {{{desktop.conf}}} to point at it)
     91 * local - used to hold controller data and the startup and shutdown scripts (if you prefer another name, change the {{{localdir}}} parameter in {{{desktop.conf}}} to point at it)
     92 * abac - used to hold ABAC data (if you prefer another name, change the {{{auth_ir}}} parameter in {{{desktop.conf}}} to point at it)
     93
     94=== Configuring ABAC ===
     95
     96The simplest configuration of the desktop controller allows a specific DETER user to access it.  To set that up, create a file called {{{desktop_access}}} with a line similar to the following:
     97
     98{{{
     99(fedid:e630047380b1060ce03d19e373b8047bb785031a,<any>,faber)-> access, (access)
     100}}}
     101
     102Change {{{faber}}} to the username of the DETER user you wish to grant access.  If you want multiple users to be able to federate this machine, add additional lines with the same format.  The fedid at the beginning of the line is the fedid of the DETER experiment controller.  This line allows the named DETER users (as validated by the experiment controller) to federate this machine.
     103
     104To make that operative, use the [FeddABAC#access_to_abac.py access_to_abac.py] command to create the ABAC database:
     105
     106{{{
     107$ access_to_abac.py --cert=fedd.pem --dir=/usr/local/etc/fedd/abac --type=skel --mapfile=desktop_access_map ./desktop_access
     108}}}
     109
     110That command must be run from the configuration directory.  The argument to {{{--dir}}} must be an absolute pathname.
     111
     112At this point you should be able to start the controller:
     113
     114{{{
     115$ fedd.py --config /usr/local/etc/fedd/desktop.conf
     116}}}
     117
     118== A test experiment ==
     119
     120This file contains a two node experiment, one node on DETER and the other on your desktop:
     121
     122{{{
     123# simple DETER topology federated to a desktop
     124#
     125# SERVICE: project_export:deter::project=SAFER
     126#
     127
     128set ns [new Simulator]
     129source tb_compat.tcl
     130
     131set a [$ns node]
     132set b [$ns node]
     133tb-set-node-testbed $a "deter"
     134
     135tb-set-node-testbed $b "desktop"
     136
     137set link0 [ $ns duplex-link $a $b 100Mb 0ms DropTail]
     138
     139$ns rtproto Static
     140$ns run
     141
     142}}}