[[PageOutline]] This page provides instructions for grabbing/configuring SFA from git, assuming a site which is already running a stable myplc and just needs to add SFA We recommend sites use the tag `sfa-geni-gec9` from the PlanetLab GIT repository. = Variables = You will need to configure SFA using some of the same variables which were configured for PLC. Get these values by running `plc-config-tty` in read-only mode on your myplc host: {{{ $ plc-config-tty Enter command (u for usual changes, w to save, ? for help) s PLC_SLICE_PREFIX PLC_SLICE_PREFIX = Enter command (u for usual changes, w to save, ? for help) s PLC_API_HOST PLC_API_HOST = Enter command (u for usual changes, w to save, ? for help) s PLC_DB_HOST PLC_DB_HOST = Enter command (u for usual changes, w to save, ? for help) s PLC_ROOT_USER PLC_ROOT_USER = Enter command (u for usual changes, w to save, ? for help) s PLC_ROOT_PASSWORD PLC_ROOT_PASSWORD = Enter command (u for usual changes, w to save, ? for help) s PLC_DB_PASSWORD PLC_DB_PASSWORD = Enter command (u for usual changes, w to save, ? for help) q }}} = Step 1: get a tarball of the `sfa-geni-gec9` tag of SFA = On any machine with git installed: {{{ git clone git://git.planet-lab.org/sfa.git gittag=sfa-geni-gec9 git archive --format=tar --prefix=${gittag}/ ${gittag} | gzip > ${gittag}.tar.gz }}} This will produce a tarball named `sfa-geni-gec9.tar.gz`. Copy the tar file to your myplc node. = Step 2: install SFA prerequisites = If this is the first time you are installing SFA on this myplc, you will need to install prerequisite packages, and you will need to make certain that particular packages are up-to-date: {{{ sudo yum update fedora-release sudo yum install m2crypto python-dateutil python-psycopg2 myplc-config pyOpenSSL python-ZSI libxslt-python xmlsec1-openssl-devel python-lxml sudo yum upgrade pyOpenSSL python-lxml }}} = Step 3: Compile and install the SFA code = Compile the source code in a working directory of your choice: {{{ mkdir ~/src cd ~/src tar xvzf ~/sfa-geni-gec9.tar.gz cd sfa-geni-gec9 make }}} Expect about 6 lines of output and no obvious errors. Assuming that looks okay, install SFA: {{{ sudo make install }}} = Step 4: Configure SFA = Note that many of these configuration options require variables taken from your myplc configuration itself. See [#Variables] for details. {{{ $ sudo sfa-config-tty Enter command (u for usual changes, w to save, ? for help) u SFA_INTERFACE_HRN: plc. SFA_REGISTRY_ROOT_AUTH: plc SFA_REGISTRY_HOST : SFA_AGGREGATE_HOST : SFA_SM_HOST : SFA_PLC_DB_HOST : SFA_PLC_DB_USER : postgres SFA_PLC_USER: SFA_PLC_PASSWORD: SFA_PLC_DB_PASSWORD: SFA_PLC_URL : [https://localhost:443/PLCAPI/] Enter command (u for usual changes, w to save, ? for help) w Enter command (u for usual changes, w to save, ? for help) q }}} = Step 5: Start SFA = Start up SFA once, to create the initial /etc/sfa/sfa_config.py, and stop it again {{{ sudo service sfa reload }}} Import the PLC database into SFA: {{{ sudo sfa-import-plc.py }}} Start up SFA again: {{{ sudo service sfa restart }}} = Step 6: Create local sfi credentials if desired = In order to use omni to reserve resources using the `pgeni.gpolab.bbn.com` slice authority, you do not need to test sfi or create local users with sfi certificates. You should be able to install SFA and configure it to allow omni sliver creation for GEC9 demos without ever installing a local sfi user on your myplc. So it is fine to skip this step. However, you may want to create local users for other purposes, or to test functionality. If you want to do that, [wiki:GeniApiInstallationMyPlc#InstallSFA] has instructions for creating an sfi client configuration and using it to test `getversion` in steps 6 and 7. = Step 7: Install the `pgeni.gpolab.bbn.com` certificate = Configure your SFA instance to allow slivers to slices created at the GEC9 demo slice authority, `pgeni.gpolab.bbn.com`. Get a copy of the certificate: {{{ wget http://www.pgeni.gpolab.bbn.com/ca-cert/pgeni.gpolab.bbn.com.pem }}} Copy that certificate into a `.crt` file under `/etc/sfa/trusted_roots`: {{{ sudo cp pgeni.gpolab.bbn.com.pem /etc/sfa/trusted_roots/pgeni.gpolab.bbn.com.crt }}} Restart sfa: {{{ sudo service sfa restart }}} = Outcome = Assuming SFA comes up cleanly, it should now be possible for people to create slivers via omni at your myplc, using the instructions at OmniSetupGEC9Demos. Of particular note, you will want to run: {{{ ./src/omni.py listresources -n -a http://:12346 }}} to obtain an rspec describing the planetlab nodes available at your myplc. This will tell you what your planetlab hosts are called by omni, and thus how to reserve them.