| 44 | | 4. (Optional) A certificate and key pair for accessing iRODS. These |
| 45 | | can be created from your GENI certificate by splitting the contents |
| 46 | | into two separate files. You will need to remove the passphrase |
| 47 | | from the private key and make sure the files is only accessible by the user |
| 48 | | (mode 600). |
| | 40 | 4. (Optional) A certificate and key pair for accessing iRODS. |
| | 41 | '''These are only needed if you want to use iRODS.''' |
| | 42 | These can be created from your GENI certificate by splitting the contents |
| | 43 | into two separate files. |
| | 44 | {{{ |
| | 45 | csplit -f irods mygenicert.pem "/BEGIN RSA/" "/BEGIN CERTIFICATE/" |
| | 46 | mv irods01 oldkey.pem |
| | 47 | mv irods02 mycert.pem |
| | 48 | }}} |
| | 49 | |
| | 50 | You will also need to remove the passphrase |
| | 51 | from the private key and make sure the file is only accessible by the user |
| | 52 | (mode 600). |
| | 53 | {{{ |
| | 54 | openssl rsa -in oldkey.pem -out newkey.pem |
| | 55 | chmod 600 newkey.pem |
| | 56 | }}} |
| 79 | | === GEMINI configuration === |
| 80 | | |
| 81 | | You will need two sets of credentials (one optional) when using the GEMINI tools: |
| 82 | | |
| 83 | | 1. A GENI certificate. |
| 84 | | You can obtain a GENI certificate by submitting a request at [http://www.emulab.net] |
| 85 | | or [http://pgeni.gpolab.bbn.com] |
| 86 | | Once your request is approved, you can download your SSL certificate from this slice authority. |
| 87 | | You will need to download two formats: PEM format and PKCS12 format. |
| 88 | | |
| 89 | | 2. (Optional) An iRODS account. |
| 90 | | This is only needed if you want to access an iRODS server from the |
| 91 | | user workspace. |
| 92 | | You must have the following information in an irods configuration file. |
| 93 | | |
| 94 | | {{{ |
| 95 | | irodsHost |
| 96 | | irodsPort |
| 97 | | irodsDefResource |
| 98 | | irodsHome |
| 99 | | irodsCwd |
| 100 | | irodsUserName |
| 101 | | irodsZone |
| 102 | | }}} |
| 103 | | |
| 104 | | Make sure you remember the password for your iRODS account. You will |
| 105 | | need this when you run credconfig.sh below. |
| 106 | | |
| 107 | | Download/edit these files directly from your user workspace or transfer these files to a location in your home directory. You can do this with ftp, scp, or [wiki:GEC14TutorialVMInstructions#UsingSharedFolders shared folders]. |
| 108 | | |
| 109 | | With these 1-3 files, you can configure your credentials with the credconfig.sh tool. |
| 110 | | |
| 111 | | {{{ |
| 112 | | $ credconfig.sh -g <path-to-pem-format-geni-certificate> -b <path-to-pkcs12-format-geni-certificate> -i <path-to-irods-config> |
| 113 | | }}} |
| 114 | | |
| 115 | | |
| 116 | | The -g parameter is required and the -b and -i parameters are optional. If you do not use the -b option, you can [wiki:GEMINIFirefoxCertInstall manually add your certificate to the Firefox browser] later. |
| 117 | | |
| 118 | | Example: |
| 119 | | |
| 120 | | {{{ |
| 121 | | $ credconfig.sh -g /home/geniuser/gpo_cert.pem -b /home/geniuser/gpo_cert.p12 -i /home/geniuser/irods.config |
| 122 | | }}} |
| 123 | | |
| 124 | | The results of running this script: |
| 125 | | * A pair of SSH keys (geni_key and geni_key.pub) will be generated for you using the private key from your GENI certificate. These keys will be placed in /home/geniuser/.ssh. |
| 126 | | * Your certificate will be placed in /home/geniuser/.ssl. |
| 127 | | * An omni_config file will be generated for you and placed in /home/geniuser/.gcf. |
| 128 | | * The SSH key is added to ssh-agent for password-less login to the nodes in your slices. |
| 129 | | * Your certificate will be added to certificate database for the the Firefox and Chrome browsers. |
| 130 | | * If the -i option is used... |
| 131 | | * /home/.irods/.irodsEnv will be configured according to your supplied irods config file. |
| 132 | | * iinit will be executed, will prompt you for your iRODS password, and will store your hashed password. |
