Changes between Version 6 and Version 7 of FeddGettingStarted


Ignore:
Timestamp:
Mar 29, 2012 8:05:42 PM (12 years ago)
Author:
faber
Comment:

--

Legend:

Unmodified
Added
Removed
Modified
  • FeddGettingStarted

    v6 v7  
    133133# Software to install on each experiment node to form federated experiments.
    134134# The first parameter is the directory in which to install it and the second
    135 # the tra file to unpack.  These are the correct values for the fedkit
     135# the tar file to unpack.  These are the correct values for the fedkit
    136136# distributed with fedd.
    137137fedkit: /usr %(base)s/fedkit.tgz
    138138}}}
    139139
    140 This file is [attachment:experiment.conf attached] to this page for download and editing.
     140The {{{fedd.conf}}} above is [attachment:experiment.conf attached] to this page for download and editing. 
     141
     142We have [FeddConfig#MakingaFedidCertificate instructions] for creating a certificate suitable for use as a {{{cert_file}}}.
     143
     144A {{{fedkit.tgz}}} can be created from the {{{fedkit}}} directory of the git repository.  Change to that directory and make.
     145
     146The exp_map_db file is also [attachment:exp_map_db attached] and its contents are:
     147
     148{{{
     149deter:https://users.isi.deterlab.net:23231
     150deter-test:https://users.isi.deterlab.net:23001
     151deter_internal:https://users.isi.deterlab.net:23233
     152}}}
     153
     154These are the addresses of known access controllers.  The tools can also request different mappings.
     155
     156The most complex part of the configuration is setting up the ABAC policy.
     157
     158=== Setting up the Experiment Controller's ABAC ===
     159
     160For new federators we provide simple tools to create a policy based on the DETER projects and user accounts present in the loacl testbed.  The [http://fedd.deterlab.net/wiki/FeddCommands#exp_access_db.py exp_access_db.py] command will read the database on the boss node and output a human-readable configuration file that tells what attributes the experiment controller will assert on behalf of the user.
     161
     162In particular, the example at the link above produces a file that looks like this:
     163
     164{{{
     165# faber
     166fedid:12ecc7415746281efa0ed58e180c51a5cba13a57->faber
     167fedid:12ecc7415746281efa0ed58e180c51a5cba13a57->(Deter,faber)
     168fedid:12ecc7415746281efa0ed58e180c51a5cba13a57->(emulab-ops,faber)
     169# lahey
     170fedid:d7da471ff2ba5b205d31ae379b1cf634c8dce1c6->lahey
     171fedid:d7da471ff2ba5b205d31ae379b1cf634c8dce1c6->(emulab-ops,lahey)
     172}}}
     173
     174That output asserts that the holder of the X.509 identity with the hash 12ecc7415746281efa0ed58e180c51a5cba13a5 will be identified as the user {{{faber}}} and as a member of projects {{{emulab-ops}}} and {{{Deter}}}.  DETER issues all users an X.509 certificate and that certificate is extracted by the script.
     175
     176To create a file that asserts all users and projects in your testbed, run {{{exp_access_db.py}}} on your boss node and save the output in a file called {{{exp_access_db}}}.
     177
     178To convert those assertions to ABAC in a format that access controllers will understand:
     179
     180 * copy {{{exp_access_db}}} to your experiment controller's home ({{{/usr/local/etc/fedd/experiment}}})
     181 * run [wiki:FeddABAC#fedd_to_abac.py fedd_to_abac.py] to create the ABAC
     182   * {{{fedd_to_abac.py --cert fedd.pem --dir /usr/local/etc/fedd/experiment/abac --make_dir exp_access_db}}} should do it
     183
     184At this point you should be able to run your experiment controller:
     185
     186{{{fedd.py --config=/usr/local/etc/fedd/experiment/fedd.conf --debug}}}
     187
     188You can specify a log file with the --log option.