Changes between Version 11 and Version 12 of GENIUserWorkspace/ConfigCredentials


Ignore:
Timestamp:
03/29/13 18:37:44 (9 years ago)
Author:
Jeanne Ohren
Comment:

--

Legend:

Unmodified
Added
Removed
Modified
  • GENIUserWorkspace/ConfigCredentials

    v11 v12  
    33== Configuring Credentials ==
    44
    5 The credconfig.sh script can be used to set up all of the credential configuration needed to run your I&M tools.[[BR]]
    6 The options used are different depending upon the tool you are using:  [http://groups.geni.net/geni/wiki/GENIUserWorkspace/ConfigCredentials#GIMIconfiguration GIMI] or [http://groups.geni.net/geni/wiki/GENIUserWorkspace/ConfigCredentials#GEMINIconfiguration GEMINI].
     5The credconfig.sh script can be used to set up all of the credential configuration needed to run your GIMI I&M tools.[[BR]]
    76
    87=== GIMI configuration ===
     
    3029}}}
    3130
    32    Make sure you remember the password for your iRODS account.  You will
    33    need this when you run credconfig.sh below.
    34 
    3531
    36323. (Optional)  A Java Keystore file created from your GENI certificate.
     
    4238   creating the keystore file.  You will need this when you run Flukes.
    4339
    44 4. (Optional)  A certificate and key pair for accessing iRODS.  These
    45    can be created from your GENI certificate by splitting the contents
    46    into two separate files.  You will need to remove the passphrase
    47    from the private key and make sure the files is only accessible by the user
    48    (mode 600).
     404. (Optional)  A certificate and key pair for accessing iRODS.
     41   '''These are only needed if you want to use iRODS.'''
     42   These can be created from your GENI certificate by splitting the contents
     43   into two separate files. 
     44{{{
     45csplit -f irods mygenicert.pem "/BEGIN RSA/" "/BEGIN CERTIFICATE/"
     46mv irods01 oldkey.pem
     47mv irods02 mycert.pem
     48}}}
     49
     50You will also need to remove the passphrase
     51from the private key and make sure the file is only accessible by the user
     52(mode 600).
     53{{{
     54openssl rsa -in oldkey.pem -out newkey.pem
     55chmod 600 newkey.pem
     56}}}
    4957
    5058Download/edit these files directly from your user workspace or transfer these files to a location in your home directory.  You can do this with ftp, scp, or [wiki:GEC14TutorialVMInstructions#UsingSharedFolders shared folders].
     
    6270
    6371{{{
    64    $ credconfig.sh -g /home/geniuser/gpo_ctcert.pem -f /home/geniuser/pgeni.jks -i /home/geniuser/irods.config -c /home/geniuser/genicert.pem -k /home/geniuser/genikey.pem
     72   $ credconfig.sh -g /home/geni/mygenicert.pem -f /home/geni/pgeni.jks -i /home/geni/irods.config -c /home/geni/mycert.pem -k /home/geni/newkey.pem
    6573}}}
    6674
    6775The results of running this script:
    68   * A pair of SSH keys (geni_key and geni_key.pub) will be generated for you using the private key from your GENI certificate.  These keys will be placed in /home/geniuser/.ssh.
    69   * Your certificate will be placed in /home/geniuser/.ssl.
    70   * An omni_config file will be generated for you and placed in /home/geniuser/.gcf.
     76  * A pair of SSH keys (geni_key and geni_key.pub) will be generated for you using the private key from your GENI certificate.  These keys will be placed in /home/geni/.ssh.
     77  * Your certificate will be placed in /home/geni/.ssl.
     78  * An omni_config file will be generated for you and placed in /home/geni/.gcf.
    7179  * The SSH key is added to ssh-agent for password-less login to the nodes in your slices.
    7280  * If the -f option is used...
    73       * Your keystore file (JKS) will be placed in /home/geniuser/.ssl.
    74       * /home/geniuser/.flukes.properties will be configured to point to your keystore and ssh keys.
     81      * Your keystore file (JKS) will be placed in /home/geni/.ssl.
     82      * /home/geni/.flukes.properties will be configured to point to your keystore and ssh keys.
    7583  * If the -i option is used...
    7684      * /home/.irods/.irodsEnv will be configured according to your supplied irods config file.
    77       * iinit will be executed, will prompt you for your iRODS password, and will store your hashed password.
     85  * If the -c and -k options are used...
     86      * Your certificate and key will be installed in the appropriate place for iRODS to access your account
    7887
    79 === GEMINI configuration ===
    80 
    81 You will need two sets of credentials (one optional) when using the GEMINI tools:
    82 
    83 1. A GENI certificate.
    84    You can obtain a GENI certificate by submitting a request at [http://www.emulab.net]
    85    or [http://pgeni.gpolab.bbn.com]
    86    Once your request is approved, you can download your SSL certificate from this slice authority.
    87    You will need to download two formats:  PEM format and PKCS12 format.
    88 
    89 2. (Optional) An iRODS account.
    90    This is only needed if you want to access an iRODS server from the
    91    user workspace.
    92    You must have the following information in an irods configuration file.
    93 
    94 {{{
    95     irodsHost
    96     irodsPort
    97     irodsDefResource
    98     irodsHome
    99     irodsCwd
    100     irodsUserName
    101     irodsZone
    102 }}}
    103 
    104    Make sure you remember the password for your iRODS account.  You will
    105    need this when you run credconfig.sh below.
    106 
    107 Download/edit these files directly from your user workspace or transfer these files to a location in your home directory.  You can do this with ftp, scp, or [wiki:GEC14TutorialVMInstructions#UsingSharedFolders shared folders].
    108 
    109 With these 1-3 files, you can configure your credentials with the credconfig.sh tool.
    110 
    111 {{{
    112    $ credconfig.sh -g <path-to-pem-format-geni-certificate> -b <path-to-pkcs12-format-geni-certificate> -i <path-to-irods-config>
    113 }}}
    114 
    115 
    116 The -g parameter is required and the -b and -i parameters are optional.  If you do not use the -b option, you can [wiki:GEMINIFirefoxCertInstall manually add your certificate to the Firefox browser] later.
    117 
    118 Example:
    119 
    120 {{{
    121    $ credconfig.sh -g /home/geniuser/gpo_cert.pem -b /home/geniuser/gpo_cert.p12 -i /home/geniuser/irods.config
    122 }}}
    123 
    124 The results of running this script:
    125   * A pair of SSH keys (geni_key and geni_key.pub) will be generated for you using the private key from your GENI certificate.  These keys will be placed in /home/geniuser/.ssh.
    126   * Your certificate will be placed in /home/geniuser/.ssl.
    127   * An omni_config file will be generated for you and placed in /home/geniuser/.gcf.
    128   * The SSH key is added to ssh-agent for password-less login to the nodes in your slices.
    129   * Your certificate will be added to certificate database for the the Firefox and Chrome browsers.
    130   * If the -i option is used...
    131       * /home/.irods/.irodsEnv will be configured according to your supplied irods config file.
    132       * iinit will be executed, will prompt you for your iRODS password, and will store your hashed password.