Context Navigation

Changes between Version 6 and Version 7 of FeddGettingStarted

Timestamp:: Mar 29, 2012 8:05:42 PM (13 years ago)
Author:: faber
Comment:: --

Legend:

: Unmodified
: Added
: Removed
: Modified

FeddGettingStarted

-                      v6
+                      v7
 # Software to install on each experiment node to form federated experiments.
 # The first parameter is the directory in which to install it and the second
 # the tra file to unpack.  These are the correct values for the fedkit
+# the tar file to unpack.  These are the correct values for the fedkit
 # distributed with fedd.
 fedkit: /usr %(base)s/fedkit.tgz
 }}}
+This file is [attachment:experiment.conf attached] to this page for download and editing.
+The {{{fedd.conf}}} above is [attachment:experiment.conf attached] to this page for download and editing.
+We have [FeddConfig#MakingaFedidCertificate instructions] for creating a certificate suitable for use as a {{{cert_file}}}.
+A {{{fedkit.tgz}}} can be created from the {{{fedkit}}} directory of the git repository.  Change to that directory and make.
+The exp_map_db file is also [attachment:exp_map_db attached] and its contents are:
+{{{
+deter:https://users.isi.deterlab.net:23231
+deter-test:https://users.isi.deterlab.net:23001
+deter_internal:https://users.isi.deterlab.net:23233
+}}}
+These are the addresses of known access controllers.  The tools can also request different mappings.
+The most complex part of the configuration is setting up the ABAC policy.
+=== Setting up the Experiment Controller's ABAC ===
+For new federators we provide simple tools to create a policy based on the DETER projects and user accounts present in the loacl testbed.  The [http://fedd.deterlab.net/wiki/FeddCommands#exp_access_db.py exp_access_db.py] command will read the database on the boss node and output a human-readable configuration file that tells what attributes the experiment controller will assert on behalf of the user.
+In particular, the example at the link above produces a file that looks like this:
+{{{
+# faber
+fedid:12ecc7415746281efa0ed58e180c51a5cba13a57->faber
+fedid:12ecc7415746281efa0ed58e180c51a5cba13a57->(Deter,faber)
+fedid:12ecc7415746281efa0ed58e180c51a5cba13a57->(emulab-ops,faber)
+# lahey
+fedid:d7da471ff2ba5b205d31ae379b1cf634c8dce1c6->lahey
+fedid:d7da471ff2ba5b205d31ae379b1cf634c8dce1c6->(emulab-ops,lahey)
+}}}
+That output asserts that the holder of the X.509 identity with the hash 12ecc7415746281efa0ed58e180c51a5cba13a5 will be identified as the user {{{faber}}} and as a member of projects {{{emulab-ops}}} and {{{Deter}}}.  DETER issues all users an X.509 certificate and that certificate is extracted by the script.
+To create a file that asserts all users and projects in your testbed, run {{{exp_access_db.py}}} on your boss node and save the output in a file called {{{exp_access_db}}}.
+To convert those assertions to ABAC in a format that access controllers will understand:
+ * copy {{{exp_access_db}}} to your experiment controller's home ({{{/usr/local/etc/fedd/experiment}}})
+ * run [wiki:FeddABAC#fedd_to_abac.py fedd_to_abac.py] to create the ABAC
+   * {{{fedd_to_abac.py --cert fedd.pem --dir /usr/local/etc/fedd/experiment/abac --make_dir exp_access_db}}} should do it
+At this point you should be able to run your experiment controller:
+{{{fedd.py --config=/usr/local/etc/fedd/experiment/fedd.conf --debug}}}
+You can specify a log file with the --log option.