| 76 | |
| 77 | You will need two sets of credentials (one optional) when using the GEMINI tools: |
| 78 | |
| 79 | 1. A GENI certificate. |
| 80 | You can obtain a GENI certificate by submitting a request at [http://www.emulab.net] |
| 81 | or [http://pgeni.gpolab.bbn.com] |
| 82 | Once your request is approved, you can download your SSL certificate from this slice authority. |
| 83 | You will need to download two formats: PEM format and PKCS12 format. |
| 84 | |
| 85 | 2. (Optional) An iRODS account. |
| 86 | This is only needed if you want to access an iRODS server from the |
| 87 | user workspace. |
| 88 | You must have the following information in an irods configuration file. |
| 89 | |
| 90 | {{{ |
| 91 | irodsHost |
| 92 | irodsPort |
| 93 | irodsDefResource |
| 94 | irodsHome |
| 95 | irodsCwd |
| 96 | irodsUserName |
| 97 | irodsZone |
| 98 | }}} |
| 99 | |
| 100 | Make sure you remember the password for your iRODS account. You will |
| 101 | need this when you run credconfig.sh below. |
| 102 | |
| 103 | Download/edit these files directly from your user workspace or transfer these files to a location in your home directory. You can do this with ftp, scp, or [wiki:GEC14TutorialVMInstructions#UsingSharedFolders shared folders]. |
| 104 | |
| 105 | With these 1-3 files, you can configure your credentials with the credconfig.sh tool. |
| 106 | |
| 107 | {{{ |
| 108 | $ credconfig.sh -g <path-to-pem-format-geni-certificate> -b <path-to-pkcs12-format-geni-certificate> -i <path-to-irods-config> |
| 109 | }}} |
| 110 | |
| 111 | |
| 112 | The -g parameter is required and the -b and -i parameters are optional. |
| 113 | |
| 114 | Example: |
| 115 | |
| 116 | {{{ |
| 117 | $ credconfig.sh -g /home/geniuser/gpo_cert.pem -b /home/geniuser/gpo_cert.p12 -i /home/geniuser/irods.config |
| 118 | }}} |
| 119 | |
| 120 | The results of running this script: |
| 121 | * A pair of SSH keys (geni_key and geni_key.pub) will be generated for you using the private key from your GENI certificate. These keys will be placed in /home/geniuser/.ssh. |
| 122 | * Your certificate will be placed in /home/geniuser/.ssl. |
| 123 | * An omni_config file will be generated for you and placed in /home/geniuser/.gcf. |
| 124 | * The SSH key is added to ssh-agent for password-less login to the nodes in your slices. |
| 125 | * Your certificate will be added to certificate database for the the Firefox and Chrome browsers. |
| 126 | * If the -i option is used... |
| 127 | * /home/.irods/.irodsEnv will be configured according to your supplied irods config file. |
| 128 | * iinit will be executed, will prompt you for your iRODS password, and will store your hashed password. |
| 129 | |