Version 2 (modified by faber, 11 years ago) (diff)


Downloading and Installing fedd

This section describes how to get a copy of fedd for your testbed and install it. After this you will need to configure it.

What machines should run fedd

Depending on what sorts of resources you intend to make available to others and what modifications you are willing to make to your testbed, you may choose to run fedd in different configurations, with functionality partitioned between users and boss.

If you intend to allow fedd to either create projects from whole cloth, or to modify the access rights of projects or keys of users, at least some of fedd will have to run on boss. You can choose to run a fedd install on boss only, or run the main instantiation of fedd on users and the project manipulation functionality on boss. This depends on your particular comfort level with outside access to boss. Fedd's local accesses are all encrypted and controlled via fedids, and potentially by SSL as well.

If you intend to only allow federation through static projects, fedd can run entirely on users, and need only be installed there.

Fedd also needs to run a modified ns2 parser to split experiments. DETER exports an interface to that parser at , and the simplest configuration choice is to simply make use of that service. Should you choose to get the patches from us and run your own modified ns2 parser, you would probably want to run that service on your ops node.

Downloading and Installing the tar file

The easiest way to get a copy of fedd installed on your machine is to download the python distutils tar file and install it. The current version is fedd-1.0.tar.gz.

You will need to have the following python packages installed as well.

  • ZSI
  • M2Crypto
  • MySQLdb

Versions of M2Crypto before 0.18 will require

  • pyasn1

Emulabs generally have MySQLdb installed already. All of the components above also have FreeBSD packages and ports, which can simplify installation.

Once those packages are installed, the following commands will install fedd:

$ tar xzf -C /tmp fedd-1.0.tar.gz
$ cd /tmp/fedd-1.0
$ sudo python ./ install
$ cd 
$ sudo rm -rf /tmp/python-1.0

Your install will include the python package federation, the following scripts:

  • /usr/local/bin/
    • used in certain static project installs, see configuring
  • /usr/local/bin/
    • application to simplify creating experiment creation databases
  • /usr/local/bin/
    • fedd itself
  • /usr/local/bin/
    • command line tool for accessing fedd services
  • /usr/local/bin/
    • command line tool for getting fedids from X509 certificates
  • /usr/local/bin/

Finally a set of sample configuration files will be installed in /usr/local/share/fedd/

Additional scripts

If you intend to use dynamic project manipulation, you will need to install patched versions of the addpubkey and grantnodetype scripts on boss. These patches extend those commands to revoke access/keys or confirm the presence of access or keys.

The patches are here:

addpubkey grantnodetype

To avoid inadvertently interfering with testbed operation, we suggest making modified shadow commands on boss called taddpubkey and tgrantnodetype. Note the leading 't' on the shadow commands. You can do this by doing the following on boss (where the patch files come from wherever you saved them):

$ cd /tmp
$ cp /usr/testbed/sbin/addpubkey .
$ patch < addpubkey.patch
$ sudo mv addpubkey /usr/testbed/sbin/taddpubkey
$ sudo chown root:wheel /usr/testbed/sbin/taddpubkey
$ sudo chmod 4755 /usr/testbed/sbin/taddpubkey
$ cd /tmp
$ cp /usr/testbed/sbin/grantnodetype .
$ patch < grantnodetype.patch
$ sudo mv grantnodetype /usr/testbed/sbin/tgrantnodetype
$ sudo chown root:wheel /usr/testbed/sbin/tgrantnodetype

Note that taddpubkey will be setuid root (just like addpubkey is) and that grantnodetype will not. The permissions need to match those of the original command. They will fail with different ones.

Once the scripts exist, make sure you configure the [allocate] section of the configuration file to use them, e.g.:

addpubkey: /usr/testbed/sbin/taddpubkey
grantnodetype: /usr/testbed/sbin/tgrantnodetype

See the configuration section for more detail.

Subversion access

If you prefer to live more dangerously, you can download a recent tree from the subversion repository on this site and install it. The same packages must be installed as for the tar file version. The commands to access the subversion repository and install are:

$ svn checkout some_dir
$ cd some_dir
$ make dist
$ cd dist

And from there, install from the tar file in dist, as above.

Attachments (12)

Download all attachments as: .zip