Changes between Version 6 and Version 7 of GENIUserWorkspace/ConfigCredentials


Ignore:
Timestamp:
10/20/12 16:36:53 (7 years ago)
Author:
Jeanne Ohren
Comment:

--

Legend:

Unmodified
Added
Removed
Modified
  • GENIUserWorkspace/ConfigCredentials

    v6 v7  
     1[[PageOutline]]
    12
    23== Configuring Credentials ==
    34
    4 You will need three sets of credentials (two optional) when using the user workspace:
     5The credconfig.sh script can be used to set up all of the credential configuration needed to run your I&M tools.
     6The options used are different depending upon the tool you are using:  GIMI or GEMINI.
     7
     8=== GIMI configuration ===
     9
     10You will need three sets of credentials (two optional) when using the GIMI tools:
    511
    6121. A GENI certificate.
     
    4147
    4248{{{
    43    $ credconfig.sh -g <path-to-geni-credential> -i <path-to-irods-config> -f <path-to-jks-file>
     49   $ credconfig.sh -g <path-to-geni-certificate> -i <path-to-irods-config> -f <path-to-jks-file>
    4450}}}
    4551
     
    5763  * Your certificate will be placed in /home/geniuser/.ssl.
    5864  * An omni_config file will be generated for you and placed in /home/geniuser/.gcf.
     65  * The SSH key is added to ssh-agent for password-less login to the nodes in your slices.
    5966  * If the -f option is used...
    6067      * Your keystore file (JKS) will be placed in /home/geniuser/.ssl.
     
    6471      * iinit will be executed, will prompt you for your iRODS password, and will store your hashed password.
    6572
     73=== GEMINI configuration ===
    6674
    6775If you are using GEMINI, you will need to download the PKC12 format GENI credential from your slice authority ([http://www.emulab.net] or [http://pgeni.gpolab.bbn.com]) and [wiki:GEMINIFirefoxCertInstall install it in your Firefox browser].
     76
     77You will need two sets of credentials (one optional) when using the GEMINI tools:
     78
     791. A GENI certificate.
     80   You can obtain a GENI certificate by submitting a request at [http://www.emulab.net]
     81   or [http://pgeni.gpolab.bbn.com]
     82   Once your request is approved, you can download your SSL certificate from this slice authority.
     83   You will need to download two formats:  PEM format and PKCS12 format.
     84
     852. (Optional) An iRODS account.
     86   This is only needed if you want to access an iRODS server from the
     87   user workspace.
     88   You must have the following information in an irods configuration file.
     89
     90{{{
     91    irodsHost
     92    irodsPort
     93    irodsDefResource
     94    irodsHome
     95    irodsCwd
     96    irodsUserName
     97    irodsZone
     98}}}
     99
     100   Make sure you remember the password for your iRODS account.  You will
     101   need this when you run credconfig.sh below.
     102
     103Download/edit these files directly from your user workspace or transfer these files to a location in your home directory.  You can do this with ftp, scp, or [wiki:GEC14TutorialVMInstructions#UsingSharedFolders shared folders].
     104
     105With these 1-3 files, you can configure your credentials with the credconfig.sh tool.
     106
     107{{{
     108   $ credconfig.sh -g <path-to-pem-format-geni-certificate> -b <path-to-pkcs12-format-geni-certificate> -i <path-to-irods-config>
     109}}}
     110
     111
     112The -g parameter is required and the -b and -i parameters are optional.
     113
     114Example:
     115
     116{{{
     117   $ credconfig.sh -g /home/geniuser/gpo_cert.pem -b /home/geniuser/gpo_cert.p12 -i /home/geniuser/irods.config
     118}}}
     119
     120The results of running this script:
     121  * A pair of SSH keys (geni_key and geni_key.pub) will be generated for you using the private key from your GENI certificate.  These keys will be placed in /home/geniuser/.ssh.
     122  * Your certificate will be placed in /home/geniuser/.ssl.
     123  * An omni_config file will be generated for you and placed in /home/geniuser/.gcf.
     124  * The SSH key is added to ssh-agent for password-less login to the nodes in your slices.
     125  * Your certificate will be added to certificate database for the the Firefox and Chrome browsers.
     126  * If the -i option is used...
     127      * /home/.irods/.irodsEnv will be configured according to your supplied irods config file.
     128      * iinit will be executed, will prompt you for your iRODS password, and will store your hashed password.
     129