| | 189 | |
| | 190 | == Configuring the Access Controller == |
| | 191 | |
| | 192 | The access controller needs a similar set of files configured, but there are a couple key differences. The configuration file looks like: |
| | 193 | |
| | 194 | {{{ |
| | 195 | [DEFAULT] |
| | 196 | # The home directory of the access controller |
| | 197 | base: /usr/local/etc/fedd/access |
| | 198 | |
| | 199 | [globals] |
| | 200 | # Access controller identity |
| | 201 | cert_file: %(base)s/fedd.pem |
| | 202 | |
| | 203 | # Services as for the experiment controller |
| | 204 | services: 23231 |
| | 205 | |
| | 206 | [access] |
| | 207 | |
| | 208 | # syslog level |
| | 209 | log_level: debug |
| | 210 | |
| | 211 | # File that holds internal state between access controller boots |
| | 212 | access_state: %(base)s/deter_access.state |
| | 213 | |
| | 214 | # The file that maps from ABAC credentials to local user and project name. |
| | 215 | # Generated by tools, but human readable. |
| | 216 | accessdb: %(base)s/deter_abac_map |
| | 217 | |
| | 218 | # Directory where certificates identifying particular allocations are created |
| | 219 | certdir: %(base)s/certs |
| | 220 | |
| | 221 | # The ssh identity used to move software into experiments. Federated users |
| | 222 | # must allow this key access to their DETER accounts. |
| | 223 | ssh_privkey_file: %(base)s/fedd_rsa |
| | 224 | ssh_pubkey_file: %(base)s/fedd_rsa.pub |
| | 225 | |
| | 226 | # Same as the experiment controller values |
| | 227 | # create_debug: true |
| | 228 | #leave_tmpfiles: true |
| | 229 | |
| | 230 | # This is the correct value for an Emulab or DETER testbed |
| | 231 | type: local_emulab |
| | 232 | |
| | 233 | # ABAC configuration and directories |
| | 234 | auth_type: abac |
| | 235 | auth_dir: %(base)s/abac |
| | 236 | |
| | 237 | # URI at which to access the Emulab XMLRPC interface. Generally only the boss |
| | 238 | # node's DNS name needs to be |
| | 239 | boss: https://boss.isi.deterlab.net:3069/usr/testbed |
| | 240 | ops: users.isi.deterlab.net |
| | 241 | |
| | 242 | # Image to be loaded on portal nodes. Some version of FreeBSD is best. |
| | 243 | portal_image: FBSD7-STD |
| | 244 | |
| | 245 | # Configurable federation setup commands. For the standard fedkit on a DETER, |
| | 246 | # these are correct. |
| | 247 | portal_startcommand: sudo -H /usr/bin/perl -I/usr/local/federation/lib /usr/local/federation/bin/combo.pl --use_file >& /tmp/bridge.log |
| | 248 | node_startcommand: sudo -H /usr/bin/perl -I/usr/local/federation/lib /usr/local/federation/bin/federate.pl >& /tmp/federate |
| | 249 | |
| | 250 | |
| | 251 | # DNS domain of the testbed |
| | 252 | domain: .isi.deterlab.net |
| | 253 | |
| | 254 | # Analogous to the experiment controller |
| | 255 | federation_software: /usr %(base)s/fedkit.tgz |
| | 256 | |
| | 257 | |
| | 258 | }}} |
