wiki:GENIExperimenter/Tutorials/NSDI13/IntroToOmni/DesignSetup

Version 9 (modified by nriga@bbn.com, 7 years ago) (diff)

--

1. Configure Omni

Omni Client
   
Omni is a tool that will help you reserve resources in GENI, using your GENI credentials. The first step is to load into Omni your information. Omni uses a configuration file, and there is a script that will automatically generate the file with some default options and place it in the default place of `~/.gcf/`. Follow these steps:
  1. In the GENI Portal, go to the `Profile` Tab.
  2. Scroll all the way to the end of the page, to the section titled ''Configure omni''
  3. Click on the ''customized configuration data'' link
  4. In the next page, make sure you choose as your project ''NSDI13'' and click the ''Download omni bundle'' button, and select to save it.
  5. Open a terminal window
  • Run:
    • omni-configure.py -f portal
  •    

    The output should look like:

    geni@GEC16-Tutorials:~$ omni-configure.py -f portal
    {'portal_bundle': '~/Downloads/omni-bundle.zip', 'verbose': False, 'cert': '~/.ssl/geni_cert', 'framework': 'portal', 'configfile': '~/.gcf/omni_config', 'plkey': '~/.ssh/geni_pl_key', 'prkey': '~/.ssh/geni_key', 'pick_project': False}
    INFO:omniconfig:Using configfile: /home/geni/.gcf/omni_config
    INFO:omniconfig:Using portal bundle /home/geni/Downloads/omni-bundle.zip
    INFO:omniconfig:Private key stored at: /home/geni/.ssh/geni_key
    INFO:omniconfig:Wrote omni configuration file at: /home/geni/.gcf/omni_configgeni@GEC16-Tutorials:~$ omni-configure.py -f portal
    {'portal_bundle': '~/Downloads/omni-bundle.zip', 'verbose': False, 'cert': '~/.ssl/geni_cert', 'framework': 'portal', 'configfile': '~/.gcf/omni_config', 'plkey': '~/.ssh/geni_pl_key', 'prkey': '~/.ssh/geni_key', 'pick_project': False}
    INFO:omniconfig:Using configfile: /home/geni/.gcf/omni_config
    INFO:omniconfig:Using portal bundle /home/geni/Downloads/omni-bundle.zip
    INFO:omniconfig:Private key stored at: /home/geni/.ssh/geni_key
    INFO:omniconfig:Wrote omni configuration file at: /home/geni/.gcf/omni_config
    

    1a. Look around the omni_config file -- Optional

    Open the file ~/.gcf/omni_config using either vim or emacs. Close to the top of the file you will see two parameters called default_cf and users. Your username should be at least listed in the user section. Look for the sections in the file that are named [pg] and [<username>].

    In the [<username>] section, the information need for logging-in to reserved compute resources are provided. It includes your unique user URN and a public key that would be uploaded to the hosts that you reserve.

    In the [pg] section you configure Omni to use your personal information. The cert and the key attribute point to files that we have manually downloaded from pgeni.gpolab.bbn.com. This is equivalent to the Download action of Flack.

    Another interesting section to look at is the [aggregate-nicknames] sections. Flack already knows the URL for all the AMs and present you a list of AMs to choose from using a short, descriptive name. In Omni a user is required to pass the URL for each call to the GENI AM API. In this section the user gets a chance to provide short descriptive names to the URLs that are easier to memorize and use.

    2. Clear the passphrase from your cert

    When Omni talks to different authorities in GENI, it will need to identify you as a valid GENI user, so it will ask you for your passphrase multiple times. To save time during the tutorial, we are going to remove the passphrase from your cert and your ssh key. There is a script to clear the passphrases.

    1. In the terminal run
      clear-passphrases.py 
      
      Use the passphrase given to you in the paper slip, you might be prompted for a passphrase multiple times make sure you always use the same passphrase. The output should look like
      geni@geni-vm:~$ clear-passphrases.py 
      Do you want to remove the passphrase from your cert (/home/geni/.ssl/geni_cert.pem) [Y,n]?y
      INFO:clearcert:
      	THIS SCRIPT WILL REPLACE /home/geni/.ssl/geni_cert.pem WITH AN UNENCREPTED CERT. A BACKUP OF THE ORIGINAL CERT WILL BE CREATED
      
      INFO:clearcert:The encoded certificate file is backed up at /home/geni/.ssl/geni_cert_enc.pem
      INFO:clearcert:Removing passphrase from cert...
      Enter pass phrase for /home/geni/.ssl/geni_cert.pem:
      writing RSA key
      INFO:clearcert:Change permissions of /home/geni/.ssl/geni_cert.pem to 0600
      Do you want to remove the passphrase from you ssh-key (/home/geni/.ssh/geni_key, key used to login to compute resources) [Y,n]?y
      INFO:clearcert:
      	THIS SCRIPT WILL REMOVE THE PASSPHRASE FROM YOUR SSH KEY. NO COPY OF THE ORIGINAL PRIVATE KEY WILL BE KEPT
      Enter PEM pass phrase:
      Enter passphrase:
      geni@geni-vm:~$ 
      
    2. Add the key to the ssh agent
      ssh-add ~/.ssh/geni_key
      
    3. Verify that you have the necessary credential and key files
      ls ~/.ssh ~/.ssl
      
      The output looks like :
      geni@geni-vm:~$ ls ~/.ssh ~/.ssl
      /home/geni/.ssh:
      config  geni_key  geni_key.pub
      
      /home/geni/.ssl:
      geni_cert_enc.pem  geni_cert.pem
      
    geni_cert.pem Cleartext certificate, i.e. does not require any passphrase
    geni_cert_enc.pem Encrypted certificate
    geni_key The private key that you will use to login to the nodes
    geni_key.pub The corresponding public key that will be uploaded to the nodes

    Note: You might see more files than the ones listed above, which are probably backup files from configuring omni, or files from other tutorials.

    3. Test Omni setup

    In order to test that our configuration is correct, you can issue a getversion command. For this step we have used PlanetLab's AM, but you can use any Aggregate Manager(AM).

    1. In the terminal type:
      omni.py getversion -a plc
      
      In GENI each AM can be contacted using a specific URL. In order to make it easier to talk to AMs, Omni uses nicknames; i.e. it maps each URL into an easy to remember nickname. For example the PlanetLab AM listens for requests at http://www.planet-lab.org:12346, however you can use the nickname plc to refer to that URL. Nicknames are defined in each user's omni_config file.

    For the rest of the tutorial we are going to use aggregate nicknames.