44 | | 4. (Optional) A certificate and key pair for accessing iRODS. These |
45 | | can be created from your GENI certificate by splitting the contents |
46 | | into two separate files. You will need to remove the passphrase |
47 | | from the private key and make sure the files is only accessible by the user |
48 | | (mode 600). |
| 40 | 4. (Optional) A certificate and key pair for accessing iRODS. |
| 41 | '''These are only needed if you want to use iRODS.''' |
| 42 | These can be created from your GENI certificate by splitting the contents |
| 43 | into two separate files. |
| 44 | {{{ |
| 45 | csplit -f irods mygenicert.pem "/BEGIN RSA/" "/BEGIN CERTIFICATE/" |
| 46 | mv irods01 oldkey.pem |
| 47 | mv irods02 mycert.pem |
| 48 | }}} |
| 49 | |
| 50 | You will also need to remove the passphrase |
| 51 | from the private key and make sure the file is only accessible by the user |
| 52 | (mode 600). |
| 53 | {{{ |
| 54 | openssl rsa -in oldkey.pem -out newkey.pem |
| 55 | chmod 600 newkey.pem |
| 56 | }}} |
79 | | === GEMINI configuration === |
80 | | |
81 | | You will need two sets of credentials (one optional) when using the GEMINI tools: |
82 | | |
83 | | 1. A GENI certificate. |
84 | | You can obtain a GENI certificate by submitting a request at [http://www.emulab.net] |
85 | | or [http://pgeni.gpolab.bbn.com] |
86 | | Once your request is approved, you can download your SSL certificate from this slice authority. |
87 | | You will need to download two formats: PEM format and PKCS12 format. |
88 | | |
89 | | 2. (Optional) An iRODS account. |
90 | | This is only needed if you want to access an iRODS server from the |
91 | | user workspace. |
92 | | You must have the following information in an irods configuration file. |
93 | | |
94 | | {{{ |
95 | | irodsHost |
96 | | irodsPort |
97 | | irodsDefResource |
98 | | irodsHome |
99 | | irodsCwd |
100 | | irodsUserName |
101 | | irodsZone |
102 | | }}} |
103 | | |
104 | | Make sure you remember the password for your iRODS account. You will |
105 | | need this when you run credconfig.sh below. |
106 | | |
107 | | Download/edit these files directly from your user workspace or transfer these files to a location in your home directory. You can do this with ftp, scp, or [wiki:GEC14TutorialVMInstructions#UsingSharedFolders shared folders]. |
108 | | |
109 | | With these 1-3 files, you can configure your credentials with the credconfig.sh tool. |
110 | | |
111 | | {{{ |
112 | | $ credconfig.sh -g <path-to-pem-format-geni-certificate> -b <path-to-pkcs12-format-geni-certificate> -i <path-to-irods-config> |
113 | | }}} |
114 | | |
115 | | |
116 | | The -g parameter is required and the -b and -i parameters are optional. If you do not use the -b option, you can [wiki:GEMINIFirefoxCertInstall manually add your certificate to the Firefox browser] later. |
117 | | |
118 | | Example: |
119 | | |
120 | | {{{ |
121 | | $ credconfig.sh -g /home/geniuser/gpo_cert.pem -b /home/geniuser/gpo_cert.p12 -i /home/geniuser/irods.config |
122 | | }}} |
123 | | |
124 | | The results of running this script: |
125 | | * A pair of SSH keys (geni_key and geni_key.pub) will be generated for you using the private key from your GENI certificate. These keys will be placed in /home/geniuser/.ssh. |
126 | | * Your certificate will be placed in /home/geniuser/.ssl. |
127 | | * An omni_config file will be generated for you and placed in /home/geniuser/.gcf. |
128 | | * The SSH key is added to ssh-agent for password-less login to the nodes in your slices. |
129 | | * Your certificate will be added to certificate database for the the Firefox and Chrome browsers. |
130 | | * If the -i option is used... |
131 | | * /home/.irods/.irodsEnv will be configured according to your supplied irods config file. |
132 | | * iinit will be executed, will prompt you for your iRODS password, and will store your hashed password. |