| | 450 | Those are the linux package names; equivalent FreeBSD packages will also work. For software to be available is for it to be either installed or accessible using {{{yum}}} or {{{apt-get}}}. DETER nodes have a local repository for that purpose. |
| | 451 | |
| | 452 | The fedkit is installed in {{{/usr/local/federation}}} and when run places a log in {{{/tmp/federate}}}. |
| | 453 | |
| | 454 | Services are initialized based on the contents of {{{/usr/local/federation/etc/client.conf}}}. Possible values include: |
| | 455 | |
| | 456 | '''!ControlGateway''':: |
| | 457 | The DNS name (or IP address) of the node that will forward services |
| | 458 | '''Hide''': |
| | 459 | Do nat add this node to the node's view of the experiment. Used for [FeddMulti multi-party experiments]. |
| | 460 | '''!PortalAlias''':: |
| | 461 | A name that will be mapped to the same IP address as the control gateway. SEER in particular expects nodes with certain functions to have certain names. |
| | 462 | '''!ProjectUser''':: |
| | 463 | The local user under which to mount shared project directories |
| | 464 | '''!ProjectName''':: |
| | 465 | Project name to derive shared project directories from |
| | 466 | '''Service''':: |
| | 467 | a string naming the [FeddAbout#ExperimentServices services] to initialize. |
| | 468 | '''SMBShare''':: |
| | 469 | The name of the share to mount |
| | 470 | |
| | 471 | |
| | 472 | |
| | 473 | == Fedkit on Portal Nodes == |
| | 474 | |
| | 475 | On portal nodes the fedkit uses ssh to interconnect the segments and bridges traffic at layer 2. If the portal node is a Linux image it needs to have the {{{bridge-tools}}} package available. Like the fedkit on experiment nodes, it will attempt to load that software from repositories if it is not present. |
| | 476 | |
| | 477 | The fedkit configures the portal based on the contents of a configuration file containing the following parameters: |
| | 478 | |
| | 479 | '''active''':: |
| | 480 | a boolean. If true this portal will initiate ssh connections to its peer. |
| | 481 | '''nat_partner''':: |
| | 482 | a boolean. If true the fedkit's peer is behind a network address translator. Not used yet. |
| | 483 | '''tunnelip''':: |
| | 484 | a boolean. If true use the DETER system for binding external addresses. |
| | 485 | '''peer''':: |
| | 486 | a string. A list of DNS names or IP addresses. Usually this is one value, the DNS name of the peer, but passive ends of NATted portals may use a list of addresses to establish routing. |
| | 487 | '''ssh_pubkey''':: |
| | 488 | a string. A file in which the access controller has placed the ssh key shared by this portal and its peer. These are nonce keys discarded after the experiment ends. |
| | 489 | '''ssh_privkey''':: |
| | 490 | a string. A file in which the access controller has placed the ssh key shared by this portal and its peer. These are nonce keys discarded after the experiment ends. |
| | 491 | |
| | 492 | The passive portal node establishes routing connectivity to the active end, reconfigures the local sshd to allow link layer forwarding and to allow the active end to remotely configure it, and waits. The active end connects through ssh, establishes a link layer forwarding tunnel and bridges that to the experimental interface. It also forwards ports to connect experiment services. |
