wiki:GENIUserWorkspace/ConfigCredentials

Version 6 (modified by Jeanne Ohren, 12 years ago) (diff)

--

Configuring Credentials

You will need three sets of credentials (two optional) when using the user workspace:

  1. A GENI certificate. You can obtain a GENI certificate by submitting a request at http://www.emulab.net or http://pgeni.gpolab.bbn.com Once your request is approved, you can download an SSL certificate (with .pem extension) from this slice authority.
  1. (Optional) An iRODS account. This is only needed if you want to access an iRODS server from the user workspace. You must have the following information in an irods configuration file.
    irodsHost
    irodsPort
    irodsDefResource
    irodsHome
    irodsCwd
    irodsUserName
    irodsZone

Make sure you remember the password for your iRODS account. You will need this when you run credconfig.sh below.

  1. (Optional) A Java Keystore file created from your GENI certificate. This is only needed if you want to use Flukes. See https://geni-orca.renci.org/trac/wiki/flukes/#Userauthorization for instructions on how to generate the keystore file.

Make sure you remember the alias and password that you used when creating the keystore file. You will need this when you run Flukes.

Download/edit these files directly from your user workspace or transfer these files to a location in your home directory. You can do this with ftp, scp, or shared folders.

With these 1-3 files, you can configure your credentials with the credconfig.sh tool.

   $ credconfig.sh -g <path-to-geni-credential> -i <path-to-irods-config> -f <path-to-jks-file>

The -g parameter is required and the -i and -f parameters are optional.

Example:

   $ credconfig.sh -g /home/geniuser/gpo_ctcert.pem -f /home/geniuser/pgeni.jks -i /home/geniuser/irods.config

The results of running this script:

  • A pair of SSH keys (geni_key and geni_key.pub) will be generated for you using the private key from your GENI certificate. These keys will be placed in /home/geniuser/.ssh.
  • Your certificate will be placed in /home/geniuser/.ssl.
  • An omni_config file will be generated for you and placed in /home/geniuser/.gcf.
  • If the -f option is used...
    • Your keystore file (JKS) will be placed in /home/geniuser/.ssl.
    • /home/geniuser/.flukes.properties will be configured to point to your keystore and ssh keys.
  • If the -i option is used...
    • /home/.irods/.irodsEnv will be configured according to your supplied irods config file.
    • iinit will be executed, will prompt you for your iRODS password, and will store your hashed password.

If you are using GEMINI, you will need to download the PKC12 format GENI credential from your slice authority (http://www.emulab.net or http://pgeni.gpolab.bbn.com) and install it in your Firefox browser.