Changes between Version 6 and Version 7 of GENIUserWorkspace/ConfigCredentials

Timestamp:

10/20/12 16:36:53 (12 years ago)

Author:

Jeanne Ohren

Comment:

--

GENIUserWorkspace/ConfigCredentials

@@ +1 @@
+[[PageOutline]]
 
 == Configuring Credentials ==
 
-You will need three sets of credentials (two optional) when using the user workspace:
+The credconfig.sh script can be used to set up all of the credential configuration needed to run your I&M tools.
+The options used are different depending upon the tool you are using:  GIMI or GEMINI.
+
+=== GIMI configuration ===
+
+You will need three sets of credentials (two optional) when using the GIMI tools:
 
 1. A GENI certificate.
@@ -41 +47 @@
 
 {{{
-   $ credconfig.sh -g <path-to-geni-credential> -i <path-to-irods-config> -f <path-to-jks-file>
+   $ credconfig.sh -g <path-to-geni-certificate> -i <path-to-irods-config> -f <path-to-jks-file>
 }}}
 
@@ -57 +63 @@
   * Your certificate will be placed in /home/geniuser/.ssl.
   * An omni_config file will be generated for you and placed in /home/geniuser/.gcf.
+  * The SSH key is added to ssh-agent for password-less login to the nodes in your slices.
   * If the -f option is used...
       * Your keystore file (JKS) will be placed in /home/geniuser/.ssl.
@@ -64 +71 @@
       * iinit will be executed, will prompt you for your iRODS password, and will store your hashed password.
 
+=== GEMINI configuration ===
 
 If you are using GEMINI, you will need to download the PKC12 format GENI credential from your slice authority ([http://www.emulab.net] or [http://pgeni.gpolab.bbn.com]) and [wiki:GEMINIFirefoxCertInstall install it in your Firefox browser].
+
+You will need two sets of credentials (one optional) when using the GEMINI tools:
+
+1. A GENI certificate.
+   You can obtain a GENI certificate by submitting a request at [http://www.emulab.net]
+   or [http://pgeni.gpolab.bbn.com]
+   Once your request is approved, you can download your SSL certificate from this slice authority.
+   You will need to download two formats:  PEM format and PKCS12 format.
+
+2. (Optional) An iRODS account.
+   This is only needed if you want to access an iRODS server from the
+   user workspace.
+   You must have the following information in an irods configuration file.
+
+{{{
+    irodsHost
+    irodsPort
+    irodsDefResource
+    irodsHome
+    irodsCwd
+    irodsUserName
+    irodsZone
+}}}
+
+   Make sure you remember the password for your iRODS account.  You will
+   need this when you run credconfig.sh below.
+
+Download/edit these files directly from your user workspace or transfer these files to a location in your home directory.  You can do this with ftp, scp, or [wiki:GEC14TutorialVMInstructions#UsingSharedFolders shared folders].
+
+With these 1-3 files, you can configure your credentials with the credconfig.sh tool.
+
+{{{
+   $ credconfig.sh -g <path-to-pem-format-geni-certificate> -b <path-to-pkcs12-format-geni-certificate> -i <path-to-irods-config>
+}}}
+
+
+The -g parameter is required and the -b and -i parameters are optional.
+
+Example:
+
+{{{
+   $ credconfig.sh -g /home/geniuser/gpo_cert.pem -b /home/geniuser/gpo_cert.p12 -i /home/geniuser/irods.config
+}}}
+
+The results of running this script:
+  * A pair of SSH keys (geni_key and geni_key.pub) will be generated for you using the private key from your GENI certificate.  These keys will be placed in /home/geniuser/.ssh.
+  * Your certificate will be placed in /home/geniuser/.ssl.
+  * An omni_config file will be generated for you and placed in /home/geniuser/.gcf.
+  * The SSH key is added to ssh-agent for password-less login to the nodes in your slices.
+  * Your certificate will be added to certificate database for the the Firefox and Chrome browsers.
+  * If the -i option is used...
+      * /home/.irods/.irodsEnv will be configured according to your supplied irods config file.
+      * iinit will be executed, will prompt you for your iRODS password, and will store your hashed password.
+