Changes between Version 2 and Version 3 of GENIExperimenter/Tutorials/NSDI13/IntroToOmni/Execute


Ignore:
Timestamp:
03/12/13 03:13:20 (6 years ago)
Author:
nriga@bbn.com
Comment:

--

Legend:

Unmodified
Added
Removed
Modified
  • GENIExperimenter/Tutorials/NSDI13/IntroToOmni/Execute

    v2 v3  
    1 [[PageOutline]]
    2 
    3 = Prework =
    4 In this tutorial we are going to run a simple experiment in GENI, using the
    5 [http://trac.gpolab.bbn.com/gcf/wiki/Omni Omni command line tool]. We are going to take advantage of the Layer 2
    6 links between nodes and run a non-IP experiment.
    7 
    8 This is the topology of our experiment:
    9 
    10 Before we start with the Omni tutorial, please follow these steps:
    11   i. Login to the VM
    12   i. Run Firefox
    13   i. Open all bookmarks under the Intro to Omni bookmark folder
    14   i. Open a terminal window
    15 
    16 = 1. Configure Omni =
    17 Omni is a tool that will help you reserve resources in GENI, using your GENI
    18 account. The first step is to load into Omni your account information.
    19 Omni uses a configuration file, and there is a script that will automatically generate the file with
    20 some default options and place it in the default place of `~/.gcf/`. Follow
    21 these steps:
    22  i. In the web browser login to `www.pgeni.gpolab.bbn.com` using the information
    23  in the paper slip
    24  i. On the menu on the left, press `Download your cert`
    25   [[Image(Tutorials/Graphics:download_cert.png)]]
    26  i. Select the option about downloading as a pem file.
    27  i. Press '''`Ctrl-s`''' to save this page. Type `~/.ssl/geni_cert.pem`, if file already exists replace it.
    28   [[Image(Tutorials/Graphics:save_cert.png, 40%)]]
    29  i. In the terminal type:
    30   {{{
    31 omni-configure.py
    32 }}}
    33   This should configure your Omni, with your downloaded certificate and create an ssh key pair for logging in to nodes.
    34  
    35   '''Tip:''' When prompted for a passphrase, type the passphrase in your slip. You might be asked for a passphrase multiple times. '''Note:''' If you have taken other tutorials, you might have configured omni with other accounts, select to overwrite existing setting if asked.
    36  
    37   The output should look like:
    38   {{{
    39 geni@geni-vm:~$ omni-configure.py
    40 {'framework': 'pg', 'configfile': '~/.gcf/omni_config', 'plkey': '~/.ssh/geni_pl_key', 'cert': '~/.ssl/geni_cert', 'verbose': False}
    41 INFO:omniconfig:Using configfile: /home/geni/.gcf/omni_config
    42 INFO:omniconfig:Using certfile /home/geni/.ssl/geni_cert.pem
    43 INFO:omniconfig:
    44 
    45         CREATING SSH KEYPAIR
    46 INFO:omniconfig:Private key stored at: /home/geni/.ssh/geni_key
    47 Enter passphrase:
    48 INFO:omniconfig:Public key stored at: /home/geni/.ssh/geni_key.pub
    49 INFO:omniconfig:Added to /home/geni/.ssh/config this line:
    50         'IdentityFile /home/geni/.ssh/geni_key
    51 '
    52 INFO:omniconfig:Wrote omni configuration file at: /home/geni/.gcf/omni_config
    53 }}}
    54 
    55 == 1a. Look around the omni_config file -- Optional ==
    56 Open the file `~/.gcf/omni_config` using either vim or emacs. Close to the top of the file you will see two parameters called `default_cf` and `users`. Your username should be at least listed in the user section. Look for the sections in the file that are named `[pg]` and  `[<username>]`.
    57 
    58 In the `[<username>]` section, the information need for logging-in to reserved compute resources are provided. It includes your unique user URN and a public key that would be uploaded to the hosts that you reserve.
    59 
    60 In the `[pg]` section you configure Omni to use your personal information. The cert and the key attribute point to files that we have manually downloaded from pgeni.gpolab.bbn.com. This is equivalent to the Download action of Flack.
    61 
    62 Another interesting section to look at is the `[aggregate-nicknames]` sections. Flack already knows the URL for all the AMs and present you a list of AMs to choose from using a short, descriptive name. In Omni a user is required to pass the URL for each call to the GENI AM API. In this section the user gets a chance to provide short descriptive names to the URLs that are easier to memorize and use.
    63 
    64 = 2. Clear the passphrase from your cert =
    65 When Omni talks to different authorities in GENI, it will need to identify you
    66 as a valid GENI user, so it will ask you for your passphrase multiple times.
    67 To save time during the tutorial, we are going to remove the passphrase from your cert and your ssh key. There is a script to clear the passphrases.
    68   i. In the terminal run
    69   {{{
    70 clear-passphrases.py
    71 }}}
    72   Use the passphrase given to you in the paper slip, you might be prompted for a passphrase multiple times make sure you always use the same passphrase.
    73   The output should look like
    74   {{{
    75 geni@geni-vm:~$ clear-passphrases.py
    76 Do you want to remove the passphrase from your cert (/home/geni/.ssl/geni_cert.pem) [Y,n]?y
    77 INFO:clearcert:
    78         THIS SCRIPT WILL REPLACE /home/geni/.ssl/geni_cert.pem WITH AN UNENCREPTED CERT. A BACKUP OF THE ORIGINAL CERT WILL BE CREATED
    79 
    80 INFO:clearcert:The encoded certificate file is backed up at /home/geni/.ssl/geni_cert_enc.pem
    81 INFO:clearcert:Removing passphrase from cert...
    82 Enter pass phrase for /home/geni/.ssl/geni_cert.pem:
    83 writing RSA key
    84 INFO:clearcert:Change permissions of /home/geni/.ssl/geni_cert.pem to 0600
    85 Do you want to remove the passphrase from you ssh-key (/home/geni/.ssh/geni_key, key used to login to compute resources) [Y,n]?y
    86 INFO:clearcert:
    87         THIS SCRIPT WILL REMOVE THE PASSPHRASE FROM YOUR SSH KEY. NO COPY OF THE ORIGINAL PRIVATE KEY WILL BE KEPT
    88 Enter PEM pass phrase:
    89 Enter passphrase:
    90 geni@geni-vm:~$
    91 }}}
    92   i. Add the key to the ssh agent
    93   {{{
    94   ssh-add ~/.ssh/geni_key
    95   }}}
    96   i. Verify that you have the necessary credential and key files
    97      {{{
    98      ls ~/.ssh ~/.ssl
    99      }}}
    100      The output looks like :
    101      {{{
    102 geni@geni-vm:~$ ls ~/.ssh ~/.ssl
    103 /home/geni/.ssh:
    104 config  geni_key  geni_key.pub
    105 
    106 /home/geni/.ssl:
    107 geni_cert_enc.pem  geni_cert.pem
    108      }}}
    109 
    110    || geni_cert.pem || Cleartext certificate, i.e. does not require any passphrase ||
    111    || geni_cert_enc.pem || Encrypted certificate  ||
    112    || geni_key || The private key that you will use to login to the nodes ||
    113    || geni_key.pub || The corresponding public key that will be uploaded to the nodes ||
    114 
    115   '''Note''': You might see more files than the ones listed above, which are
    116   probably backup files from configuring omni, or files from other tutorials.
    117 
    118 == 3. Test Omni setup ==
    119 In order to test that our configuration is correct, you can issue a `getversion`
    120 command. For this step we have used !PlanetLab's AM, but you can use any
    121 Aggregate Manager(AM).
    122   i. In the terminal type:
    123   {{{
    124 omni.py getversion -a plc
    125 }}}
    126   In GENI each AM can be contacted using a specific URL. In order to make it
    127   easier to talk to AMs, Omni uses nicknames; i.e. it maps each URL into an easy
    128   to remember nickname. For example the PlanetLab AM listens for requests at
    129   `http://www.planet-lab.org:12346`, however you can use the nickname `plc` to
    130   refer to that URL. Nicknames are defined in each user's omni_config file.
    131 
    132   For the rest of the tutorial we are going to use aggregate nicknames.
    133 
    134 = 4. Create an experiment using Omni =
    135 
    1361
    1372= 5. Run your experiment =