Changes between Version 3 and Version 4 of DICLOUD/GEC12tutorial

10/17/11 15:25:59 (11 years ago)
David Irwin



  • DICLOUD/GEC12tutorial

    v3 v4  
    33This page summarizes the !DiCloud tutorial that was presented at GEC 12. Slides can be found here.
    5 Tutorial section quick links:
     5Tutorial sections:
    77 * Pre-requisites
    5757MySQL server will ask you to set a root password. Remember the password.
     59== Setup !DiCloud's !MySQL Server ==
     61First, log into !MySQL and create the dicloud database by running the following commands.
     64$ mysql -u root -p
     65$ mysql> create database dicloud;
     66$ mysql> quit;
     69Next load the !DiCloud schema, create an admin user, and give the user database rights
     72$ cd ~/Tutorials/DiCloud
     73$ mysql -u root -p < dicloud.schema
     74$ mysql -u root -p
     75$ mysql> INSERT INTO users(id, username, password) VALUES (1, 'admin', SHA1('geni'));
     76$ mysql> INSERT INTO admin_rights VALUES (1, true, true, true, true);
     77$ mysql> create user vise;
     78$ mysql> SET PASSWORD FOR 'vise' = PASSWORD('');
     79$ mysql> GRANT ALL ON dicloud.* TO 'vise'@'localhost';
     82== Create Amazon user credentials ==
     84Note that tutorial participants should not perform this step.
     86Amazon EC2 requires that each user create and upload an X.509 certificate to Amazon, and use the corresponding private key to access the web services functions.  We create the certificate and private key below.  We copy versions of these certificates and change the ownership to www-data to allow the !DiCloud web portal to read them.
     89$ cd ~/Tutorials/DiCloud/ec2/keys
     90$ openssl genrsa 1024 > ./geni_pk.pem
     91$ openssl req -new -x509 -nodes -sha1 -key ./geni_pk.pem > ./geni_cert.pem
     92$ ssh-keygen geni-keypair.pem
     95== Register new user on Amazon EC2 ==
     97Note that tutorial participants will be able to use a DiCloud account, and do not need to create there own account.  Tutorial participants will also use a pre-existing !DiCloud user, and do not need to perform the steps listed in the rest of this section.
     99Create an account with Amazon web services by going [ here] and clicking on "Create an AWS Account" in the upper-right portion of the page.  Amazon requires that account link to a valid credit card for payment.  Once you've created an account go back to [ here] and click on "Sign in to the AWS Management Console" in the upper-right portion of the page.  Once logged in, click on the AWS IAM tab (second from the right). Click on "Users" on the left panel, and then click "Create New Users".  Create a user named "geni" (or any other name you prefer).  Next click on the geni user, and go to the "Security Credentials" tab at the bottom of the page.  Here you need to generate Access Keys and download the credentials.csv file that has the Access Key and the Secret Access Key.  Also, upload the signing certificate we created at ~/Tutorials/DiCloud/ec2/keys/geni_cert.pem.  Finally, click on the "Amazon EC2" tab (third from the left). Then click on the "Key Pairs" link at the bottom of the left panel.  Now click "Import Key Pair".  Give the new keypair the name "geni-keypair" (or any other name you prefer) and copy the contents of ~/Tutorials/DiCloud/ec2/keys/geni-keypair.pem in the correct place.  Copy the credentials file credentials.csv to ~/Tutorials/DiCloud/ec2/keys/ and create the file ~/Tutorials/DiCloud/ec2/keys/geni_aws_credentials.txt, which should look as follows:
     101geni@geni-tutorial:~/Tutorials/DiCloud/ec2/keys$ cat geni_aws_credentials.txt
     102AWSAccessKeyId=<Your Access Key ID here>
     103AWSSecretKey=<Your Secret Key Here>
     105== Configuring Amazon for Tutorial Participants ==
     107Tutorial participants should download their certificate, private key, key pair, credential.csv, and geni_aws_credentials.txt files by performing the following commands.
     110$ cd ~/Tutorials/DiCloud/ec2/keys
     111$ wget
     112$ wget
     113$ wget
     114$ wget
     115$ wget
     116$ wget
     119== Enabling Access to Keys via DiCloud's Web Portal ==
     121We also create copies of the certificate and private key and change their ownership to www-data so the web portal can access them.
     124$ cp ./geni_pk.pem ./geni_pk_web.pem
     125$ sudo chown www-data geni_pk_web.pem
     126$ sudo chgrp www-data geni_pk_web.pem
     127$ cp ./geni_cert.pem ./geni_cert_web.pem
     128$ sudo chown www-data geni_cert_web.pem
     129$ sudo chgrp www-data geni_cert_web.pem