50 | | = 2. Clear the passphrase from your cert = |
51 | | When Omni talks to different authorities in GENI, it will need to identify you |
52 | | as a valid GENI user, so it will ask you for your passphrase multiple times. |
53 | | To save time during the tutorial, we are going to remove the passphrase from your cert and your ssh key. There is a script to clear the passphrases. |
54 | | i. In the terminal run |
55 | | {{{ |
56 | | clear-passphrases.py |
57 | | }}} |
58 | | Use the passphrase given to you in the paper slip, you might be prompted for a passphrase multiple times make sure you always use the same passphrase. |
59 | | The output should look like |
60 | | {{{ |
61 | | geni@geni-vm:~$ clear-passphrases.py |
62 | | Do you want to remove the passphrase from your cert (/home/geni/.ssl/geni_cert.pem) [Y,n]?y |
63 | | INFO:clearcert: |
64 | | THIS SCRIPT WILL REPLACE /home/geni/.ssl/geni_cert.pem WITH AN UNENCREPTED CERT. A BACKUP OF THE ORIGINAL CERT WILL BE CREATED |
65 | | |
66 | | INFO:clearcert:The encoded certificate file is backed up at /home/geni/.ssl/geni_cert_enc.pem |
67 | | INFO:clearcert:Removing passphrase from cert... |
68 | | Enter pass phrase for /home/geni/.ssl/geni_cert.pem: |
69 | | writing RSA key |
70 | | INFO:clearcert:Change permissions of /home/geni/.ssl/geni_cert.pem to 0600 |
71 | | Do you want to remove the passphrase from you ssh-key (/home/geni/.ssh/geni_key, key used to login to compute resources) [Y,n]?y |
72 | | INFO:clearcert: |
73 | | THIS SCRIPT WILL REMOVE THE PASSPHRASE FROM YOUR SSH KEY. NO COPY OF THE ORIGINAL PRIVATE KEY WILL BE KEPT |
74 | | Enter PEM pass phrase: |
75 | | Enter passphrase: |
76 | | geni@geni-vm:~$ |
77 | | }}} |
78 | | i. Add the key to the ssh agent |
79 | | {{{ |
80 | | ssh-add ~/.ssh/geni_key |
81 | | }}} |
82 | | i. Verify that you have the necessary credential and key files |
83 | | {{{ |
84 | | ls ~/.ssh ~/.ssl |
85 | | }}} |
86 | | The output looks like : |
87 | | {{{ |
88 | | geni@geni-vm:~$ ls ~/.ssh ~/.ssl |
89 | | /home/geni/.ssh: |
90 | | config geni_key geni_key.pub |
91 | | |
92 | | /home/geni/.ssl: |
93 | | geni_cert_enc.pem geni_cert.pem |
94 | | }}} |
95 | | |
96 | | || geni_cert.pem || Cleartext certificate, i.e. does not require any passphrase || |
97 | | || geni_cert_enc.pem || Encrypted certificate || |
98 | | || geni_key || The private key that you will use to login to the nodes || |
99 | | || geni_key.pub || The corresponding public key that will be uploaded to the nodes || |
100 | | |
101 | | '''Note''': You might see more files than the ones listed above, which are |
102 | | probably backup files from configuring omni, or files from other tutorials. |
103 | | |
104 | | == 3. Test Omni setup == |
| 50 | == Test Omni setup == |