| 61 | First, log into !MySQL and create the dicloud database by running the following commands. |
| 62 | |
| 63 | {{{ |
| 64 | $ mysql -u root -p |
| 65 | $ mysql> create database dicloud; |
| 66 | $ mysql> quit; |
| 67 | }}} |
| 68 | |
| 69 | Next load the !DiCloud schema, create an admin user, and give the user database rights |
| 70 | |
| 71 | {{{ |
| 72 | $ cd ~/Tutorials/DiCloud |
| 73 | $ mysql -u root -p < dicloud.schema |
| 74 | $ mysql -u root -p |
| 75 | $ mysql> INSERT INTO users(id, username, password) VALUES (1, 'admin', SHA1('geni')); |
| 76 | $ mysql> INSERT INTO admin_rights VALUES (1, true, true, true, true); |
| 77 | $ mysql> create user vise; |
| 78 | $ mysql> SET PASSWORD FOR 'vise' = PASSWORD(''); |
| 79 | $ mysql> GRANT ALL ON dicloud.* TO 'vise'@'localhost'; |
| 80 | }}} |
| 81 | |
| 82 | == Create Amazon user credentials == |
| 83 | |
| 84 | Note that tutorial participants should not perform this step. |
| 85 | |
| 86 | Amazon EC2 requires that each user create and upload an X.509 certificate to Amazon, and use the corresponding private key to access the web services functions. We create the certificate and private key below. We copy versions of these certificates and change the ownership to www-data to allow the !DiCloud web portal to read them. |
| 87 | |
| 88 | {{{ |
| 89 | $ cd ~/Tutorials/DiCloud/ec2/keys |
| 90 | $ openssl genrsa 1024 > ./geni_pk.pem |
| 91 | $ openssl req -new -x509 -nodes -sha1 -key ./geni_pk.pem > ./geni_cert.pem |
| 92 | $ ssh-keygen geni-keypair.pem |
| 93 | }}} |
| 94 | |
| 95 | == Register new user on Amazon EC2 == |
| 96 | |
| 97 | Note that tutorial participants will be able to use a DiCloud account, and do not need to create there own account. Tutorial participants will also use a pre-existing !DiCloud user, and do not need to perform the steps listed in the rest of this section. |
| 98 | |
| 99 | Create an account with Amazon web services by going [http://aws.amazon.com/ec2/ here] and clicking on "Create an AWS Account" in the upper-right portion of the page. Amazon requires that account link to a valid credit card for payment. Once you've created an account go back to [http://aws.amazon.com/ec2/ here] and click on "Sign in to the AWS Management Console" in the upper-right portion of the page. Once logged in, click on the AWS IAM tab (second from the right). Click on "Users" on the left panel, and then click "Create New Users". Create a user named "geni" (or any other name you prefer). Next click on the geni user, and go to the "Security Credentials" tab at the bottom of the page. Here you need to generate Access Keys and download the credentials.csv file that has the Access Key and the Secret Access Key. Also, upload the signing certificate we created at ~/Tutorials/DiCloud/ec2/keys/geni_cert.pem. Finally, click on the "Amazon EC2" tab (third from the left). Then click on the "Key Pairs" link at the bottom of the left panel. Now click "Import Key Pair". Give the new keypair the name "geni-keypair" (or any other name you prefer) and copy the contents of ~/Tutorials/DiCloud/ec2/keys/geni-keypair.pem in the correct place. Copy the credentials file credentials.csv to ~/Tutorials/DiCloud/ec2/keys/ and create the file ~/Tutorials/DiCloud/ec2/keys/geni_aws_credentials.txt, which should look as follows: |
| 100 | |
| 101 | geni@geni-tutorial:~/Tutorials/DiCloud/ec2/keys$ cat geni_aws_credentials.txt |
| 102 | AWSAccessKeyId=<Your Access Key ID here> |
| 103 | AWSSecretKey=<Your Secret Key Here> |
| 104 | |
| 105 | == Configuring Amazon for Tutorial Participants == |
| 106 | |
| 107 | Tutorial participants should download their certificate, private key, key pair, credential.csv, and geni_aws_credentials.txt files by performing the following commands. |
| 108 | |
| 109 | {{{ |
| 110 | $ cd ~/Tutorials/DiCloud/ec2/keys |
| 111 | $ wget http://geni.cs.umass.edu/geni_cert.pem |
| 112 | $ wget http://geni.cs.umass.edu/geni_pk.pem |
| 113 | $ wget http://geni.cs.umass.edu/geni-keypair.pem |
| 114 | $ wget http://geni.cs.umass.edu/geni-keypair.pub |
| 115 | $ wget http://geni.cs.umass.edu/geni_aws_credentials.txt |
| 116 | $ wget http://geni.cs.umass.edu/credentials.csv |
| 117 | }}} |
| 118 | |
| 119 | == Enabling Access to Keys via DiCloud's Web Portal == |
| 120 | |
| 121 | We also create copies of the certificate and private key and change their ownership to www-data so the web portal can access them. |
| 122 | |
| 123 | {{{ |
| 124 | $ cp ./geni_pk.pem ./geni_pk_web.pem |
| 125 | $ sudo chown www-data geni_pk_web.pem |
| 126 | $ sudo chgrp www-data geni_pk_web.pem |
| 127 | $ cp ./geni_cert.pem ./geni_cert_web.pem |
| 128 | $ sudo chown www-data geni_cert_web.pem |
| 129 | $ sudo chgrp www-data geni_cert_web.pem |
| 130 | }}} |