Changes between Initial Version and Version 1 of GENIExperimenter/ExperimentCredentials


Ignore:
Timestamp:
03/08/11 10:14:31 (11 years ago)
Author:
lnevers@bbn.com
Comment:

--

Legend:

Unmodified
Added
Removed
Modified
  • GENIExperimenter/ExperimentCredentials

    v1 v1  
     1= Omni Credentials =
     2
     3Before using the Omni tools, the experimenter must: [[BR]]
     4   1) Get GENI credentials from Clearinghouse. [[BR]]
     5   2) Upload user SSH keys Clearinghouse. [[BR]]
     6   3) Download the SSL Certificate to access the resource aggregate to the host running the experiment. [[BR]]
     7
     8Each of these steps are detailed in this page.
     9
     10= Get GENI credentials =
     11
     12GENI Credentials are associated with a project that a full time Professor has created at the Project Request page. Captures in this page use the pgeni.gpolab.bbn.com clearing house.  User credentials are associated with a project, a new project approval depends on an initial discussion with [mailto:mberman@bbn.com Mark Berman] of the GENI Project Office.  Once the project is approved, you can use the project name at the GPO ProtoGENI Clearing House to submit an [https://www.pgeni.gpolab.bbn.com/joinproject.php3 account request]: [[BR]]
     13
     14[[Image(requestProject.jpg)]]
     15
     16If the project already exists, then simply submit an account request at the [https://www.pgeni.gpolab.bbn.com/joinproject.php3 account request] page: [[BR]]
     17
     18[[Image(requestAccount.jpg)]]
     19
     20
     21= Upload SSH public key =
     22
     23The Clearing house must have a copy of your ''existing'' or ''newly'' generated SSH public key to place on the allocated resource to allow access.  If you do not have SSH keys simply generate them with the ''ssh-keygen'' command, which will place your user public key in your home directory "~/.ssh/id_rsa.pub".
     24
     25The Omni tools ''automatically'' upload your SSH public key when you create a slice, so if you plan to use Omni tools you can skip the SSH key upload step.
     26
     27If you are not using Omni tools, then you must manually upload your SSH public keys.  You may choose to re-use keys that you already have or simply generate new ones:
     28 For [https://planet-lab.org PlanatLab], the ssh key is uploaded in the ''My Account'' page in the ''keys'' section. For ProtoGENI [https://www.emulab.net Emulab], the key is uploaded in the ''Profile'' tab's ''Options'' section:
     29
     30[[Image(pgOptions.jpg)]]
     31
     32by selecting ''Edit SSH Keys'' and defining the location of your keys to be uploaded:
     33
     34[[Image(uploadSSHKeys.jpg)]]
     35
     36= SSL Certificate =
     37
     38A SSL certificate is required to access GENI resources. For !PlanetLab resources, the user generates his/her own SSL certificate, while for the ProtoGENI clearing houses the experimenter uses the ProtoGENI server to generate the SSL certificate.  On the [https://www.pgeni.gpolab.bbn.com GPO ProtoGENI], and [https://www.emulab.net Emulab] servers, the SSL certificate is generated in the ''Profile'' tab's ''Options'' section:
     39
     40[[Image(pgOptions.jpg)]]
     41
     42Choose the ''Generate SSL certificate'' to create an encrypted SSL certificate:
     43
     44[[Image(generateSSL.jpg)]]
     45
     46and download an the encrypted SSL certificate to the ''~/.ssl'' directory on your system:
     47
     48
     49[[Image(downloadSSL.jpg)]]
     50
     51
     52== Optional Removing of SSL Password Prompt ==
     53
     54This is an optional step and is not required.  The encrypted certificate must be passphrase protected and should be downloaded into the ''~/.ssl '' directory. To avoid the SSL certificate passphrase prompt, follow these ''optional'' instructions:
     55{{{
     56    $ openssl rsa -in ~/.ssl/encrypted.pem -out ~/.ssl/encrypted-cleartext.pem
     57    $ openssl x509 -in ~/.ssl/encrypted.pem >> ~/.ssl/encrypted-cleartext.pem
     58    $ chmod 400 ~/.ssl/encrypted-cleartext.pem
     59}}}
     60
     61== Determine your URN ==
     62
     63Your username URN is needed for omni configuration to define the credentials to be used with the clearing house.  The URN can be found with the following command:
     64{{{
     65     $ openssl x509 -noout -text -in ~/.ssl/encrypted.pem | grep 'urn:publicid'
     66       URI:urn:publicid:IDN+pgeni.gpolab.bbn.com+user+lnevers, email:lnevers@pgeni.gpolab.bbn.com
     67
     68}}}
     69
     70Make sure to remove the leading "URI:", with the above example, the urn is ''urn:publicid:IDN+emulab.net+user+lnevers''.
     71
     72----
     73{{{
     74#!html
     75<a href="mailto:lnevers@bbn.com">Email us</a> with any questions and feedback on this page!
     76}}}
     77
     78