Fed4Fire with Omni

From Grid5000
Jump to: navigation, search

Although omni is explicitly stated as a compatible tool for working with Fed4Fire, finding documentation on how to do so can be complicated.

This page presents a working configuration file for using Fed4fire with omni completed with any useful considerations.

Omni configuration

[omni]
default_cf = fedblock
users = userblock
aggregates=g5k

[fedblock]
type=chapi
cert=<path_to_federation_certificate_and_key>
key=<path_to_federation_certificate_and_key>
ch=https://
ma=https://www.wall2.ilabt.iminds.be:12369/protogeni/xmlrpc/geni-ma/2
sa=https://www.wall2.ilabt.iminds.be:12369/protogeni/xmlrpc/geni-sa/2

[userblock]
urn = urn:publicid:IDN+wall.ilabt.iminds.be+user+<username>
keys = ~/.ssh/id_rsa.pub

[aggregate_nicknames]
g5k=urn:publicid:IDN+am.grid5000.fr+authority+am,https://am.grid5000.fr/

Fields details

  • [omni]
    • Fields within this block represents your default settings, they mostly point to other blocks in the configuration file.
  • [fedblock]
    • type
    Must be chapi (not sfa) to communicate with the member and slice authority set up by Fed4Fire.
    (thanks to Brecht Vermeulen for this indication)
    • cert
    Path to the certificate provided by the Fed4Fire user authority, usually the same as the key.
    • key
    Path to the key provided by the Fed4Fire user authority, usually the same as the cert cert.
    • ch (Clearing House)
    Made useless by providing ma and sa but still mandatory, must at least contain a valid protocol.
    • ma (Member authority)
    Address of Fed4Fire Member Authority API.
    (as seen in jFed-probe)
    • sa (Slice authority)
    Address of Fed4Fire Slice Authority API.
    (as seen in jFed-probe)
  • [userblock]
    • urn
    URN attributed by federation authority, can be found in the certificate under Subject Alternative Name.
    Usually "urn:publicid:IDN+wall.ilabt.iminds.be+user+<username>".
    • keys
    Path to ssh keys
  • [aggregate_nicknames]
    • List of aliases for Aggregate Managers (AM) written as :
<alias>=<URN>,<address>
the URN is optional, do not forget the coma