Fed4Fire with Omni

From Grid5000
Revision as of 14:33, 13 November 2019 by Lbertot (talk | contribs) (Lbertot moved page User:Lbertot/Fed4Fire with Omni to Fed4Fire with Omni: This pages will be publicly available)
Jump to navigation Jump to search
The printable version is no longer supported and may have rendering errors. Please update your browser bookmarks and please use the default browser print function instead.

Although omni is explicitly stated as a compatible tool for working with Fed4Fire, finding documentation on how to do so can be complicated.

This page presents a working configuration file for using Fed4fire with omni completed with any useful considerations.

Omni configuration

[omni]
default_cf = fedblock
users = userblock
aggregates=g5k

[fedblock]
type=chapi
cert=<path_to_federation_certificate_and_key>
key=<path_to_federation_certificate_and_key>
ch=https://
ma=https://www.wall2.ilabt.iminds.be:12369/protogeni/xmlrpc/geni-ma/2
sa=https://www.wall2.ilabt.iminds.be:12369/protogeni/xmlrpc/geni-sa/2

[userblock]
urn = urn:publicid:IDN+wall.ilabt.iminds.be+user+<username>
keys = ~/.ssh/id_rsa.pub

[aggregate_nicknames]
g5k=urn:publicid:IDN+am.grid5000.fr+authority+am,https://am.grid5000.fr/

Fields details

  • [omni]
    • Fields within this block represents your default settings, they mostly point to other blocks in the configuration file.
  • [fedblock]
    • type
    Must be chapi (not sfa) to communicate with the member and slice authority set up by Fed4Fire.
    (thanks to Brecht Vermeulen for this indication)
    • cert
    Path to the certificate provided by the Fed4Fire user authority, usually the same as the key.
    • key
    Path to the key provided by the Fed4Fire user authority, usually the same as the cert cert.
    • ch (Clearing House)
    Made useless by providing ma and sa but still mandatory, must at least contain a valid protocol.
    • ma (Member authority)
    Address of Fed4Fire Member Authority API.
    (as seen in jFed-probe)
    • sa (Slice authority)
    Address of Fed4Fire Slice Authority API.
    (as seen in jFed-probe)
  • [userblock]
    • urn
    URN attributed by federation authority, can be found in the certificate under Subject Alternative Name.
    Usually "urn:publicid:IDN+wall.ilabt.iminds.be+user+<username>".
    • keys
    Path to ssh keys
  • [aggregate_nicknames]
    • List of aliases for Aggregate Managers (AM) written as :
<alias>=<URN>,<address>
the URN is optional, do not forget the coma