60 | | |
61 | | = 2. Clear the passphrase from your cert = |
62 | | When Omni talks to different authorities in GENI, it will need to identify you |
63 | | as a valid GENI user, so it will ask you for your passphrase multiple times. |
64 | | To save time during the tutorial, we are going to remove the passphrase from your cert and your ssh key. There is a script to clear the passphrases. |
65 | | i. In the terminal run |
66 | | {{{ |
67 | | clear-passphrases.py |
68 | | }}} |
69 | | Use the passphrase given to you in the paper slip, you might be prompted for a passphrase multiple times make sure you always use the same passphrase. |
70 | | The output should look like |
71 | | {{{ |
72 | | geni@geni-vm:~$ clear-passphrases.py |
73 | | Do you want to remove the passphrase from your cert (/home/geni/.ssl/geni_cert.pem) [Y,n]?y |
74 | | INFO:clearcert: |
75 | | THIS SCRIPT WILL REPLACE /home/geni/.ssl/geni_cert.pem WITH AN UNENCREPTED CERT. A BACKUP OF THE ORIGINAL CERT WILL BE CREATED |
76 | | |
77 | | INFO:clearcert:The encoded certificate file is backed up at /home/geni/.ssl/geni_cert_enc.pem |
78 | | INFO:clearcert:Removing passphrase from cert... |
79 | | Enter pass phrase for /home/geni/.ssl/geni_cert.pem: |
80 | | writing RSA key |
81 | | INFO:clearcert:Change permissions of /home/geni/.ssl/geni_cert.pem to 0600 |
82 | | Do you want to remove the passphrase from you ssh-key (/home/geni/.ssh/geni_key, key used to login to compute resources) [Y,n]?y |
83 | | INFO:clearcert: |
84 | | THIS SCRIPT WILL REMOVE THE PASSPHRASE FROM YOUR SSH KEY. NO COPY OF THE ORIGINAL PRIVATE KEY WILL BE KEPT |
85 | | Enter PEM pass phrase: |
86 | | Enter passphrase: |
87 | | geni@geni-vm:~$ |
88 | | }}} |
89 | | i. Add the key to the ssh agent |
90 | | {{{ |
91 | | ssh-add ~/.ssh/geni_key |
92 | | }}} |
93 | | i. Verify that you have the necessary credential and key files |
94 | | {{{ |
95 | | ls ~/.ssh ~/.ssl |
96 | | }}} |
97 | | The output looks like : |
98 | | {{{ |
99 | | geni@geni-vm:~$ ls ~/.ssh ~/.ssl |
100 | | /home/geni/.ssh: |
101 | | config geni_key geni_key.pub |
102 | | |
103 | | /home/geni/.ssl: |
104 | | geni_cert_enc.pem geni_cert.pem |
105 | | }}} |
106 | | |
107 | | || geni_cert.pem || Cleartext certificate, i.e. does not require any passphrase || |
108 | | || geni_cert_enc.pem || Encrypted certificate || |
109 | | || geni_key || The private key that you will use to login to the nodes || |
110 | | || geni_key.pub || The corresponding public key that will be uploaded to the nodes || |
111 | | |
112 | | '''Note''': You might see more files than the ones listed above, which are |
113 | | probably backup files from configuring omni, or files from other tutorials. |
114 | | |
115 | | == 3. Test Omni setup == |
116 | | In order to test that our configuration is correct, you can issue a `getversion` |
117 | | command. For this step we have used !PlanetLab's AM, but you can use any |
118 | | Aggregate Manager(AM). |
119 | | i. In the terminal type: |
120 | | {{{ |
121 | | omni.py getversion -a plc |
122 | | }}} |
123 | | In GENI each AM can be contacted using a specific URL. In order to make it |
124 | | easier to talk to AMs, Omni uses nicknames; i.e. it maps each URL into an easy |
125 | | to remember nickname. For example the PlanetLab AM listens for requests at |
126 | | `http://www.planet-lab.org:12346`, however you can use the nickname `plc` to |
127 | | refer to that URL. Nicknames are defined in each user's omni_config file. |
128 | | |
129 | | For the rest of the tutorial we are going to use aggregate nicknames. |