wiki:GENIExperimenter/ExperimentCredentials

Version 2 (modified by lnevers@bbn.com, 13 years ago) (diff)

--

Omni Credentials

Before using the Omni tools, the experimenter must:

1) Get GENI credentials from Clearinghouse.
2) Upload user SSH keys Clearinghouse.
3) Download the SSL Certificate to access the resource aggregate to the host running the experiment.

Each of these steps are detailed in this page.

Get GENI credentials

GENI Credentials are associated with a project that a full time Professor has created at the Project Request page. Captures in this page use the pgeni.gpolab.bbn.com clearing house. User credentials are associated with a project, a new project approval depends on an initial discussion with Mark Berman of the GENI Project Office. Once the project is approved, you can use the project name at the GPO ProtoGENI Clearing House to submit an account request:

If the project already exists, then simply submit an account request at the account request page:

Upload SSH public key

The Clearing house must have a copy of your existing or newly generated SSH public key to place on the allocated resource to allow access. If you do not have SSH keys simply generate them with the ssh-keygen command, which will place your user public key in your home directory "~/.ssh/id_rsa.pub".

The Omni tools automatically upload your SSH public key when you create a slice, so if you plan to use Omni tools you can skip the SSH key upload step.

If you are not using Omni tools, then you must manually upload your SSH public keys. You may choose to re-use keys that you already have or simply generate new ones:

For PlanatLab, the ssh key is uploaded in the My Account page in the keys section. For ProtoGENI Emulab, the key is uploaded in the Profile tab's Options section:

by selecting Edit SSH Keys and defining the location of your keys to be uploaded:

SSL Certificate

A SSL certificate is required to access GENI resources. For PlanetLab resources, the user generates his/her own SSL certificate, while for the ProtoGENI clearing houses the experimenter uses the ProtoGENI server to generate the SSL certificate. On the GPO ProtoGENI, and Emulab servers, the SSL certificate is generated in the Profile tab's Options section:

Choose the Generate SSL certificate to create an encrypted SSL certificate:

and download an the encrypted SSL certificate to the ~/.ssl directory on your system:

Optional Removing of SSL Password Prompt

This is an optional step and is not required. The encrypted certificate must be passphrase protected and should be downloaded into the ~/.ssl directory. To avoid the SSL certificate passphrase prompt, follow these optional instructions:

    $ openssl rsa -in ~/.ssl/encrypted.pem -out ~/.ssl/encrypted-cleartext.pem 
    $ openssl x509 -in ~/.ssl/encrypted.pem >> ~/.ssl/encrypted-cleartext.pem 
    $ chmod 400 ~/.ssl/encrypted-cleartext.pem 

Determine your URN

Your username URN is needed for omni configuration to define the credentials to be used with the clearing house. The URN can be found with the following command:

     $ openssl x509 -noout -text -in ~/.ssl/encrypted.pem | grep 'urn:publicid' 
       URI:urn:publicid:IDN+pgeni.gpolab.bbn.com+user+lnevers, email:lnevers@pgeni.gpolab.bbn.com

Make sure to remove the leading "URI:", with the above example, the urn is urn:publicid:IDN+emulab.net+user+lnevers.


Email us with any questions and feedback on this page!

Attachments (6)

Download all attachments as: .zip