added a function to return the public key string from a keypair object

[sfa.git] / INSTALL.txt

This installation note assumes that you have installed and configured MyPLC in the usual manner, and you have set up your yum repo like for a MyPLC install.
-----
1) Install the SFA packages:

# yum install sfa-plc sfa-client

Note that the above command installs both sfa server (sfa-plc) and sfa client packages along with necessary dependency packages. Depending on the requirements, you may choose to install the appropriate one (server, client or both) for you. For e.g. to set up your own SFA server on top of your MyPLC, you need sfa-plc. On the other hand, if you plan to use an existing SFA server, you would typically need the sfa-client only.
-------
2) Note down the PLC_ROOT_USER, PLC_ROOT_PASSWORD, PLC_DB_USER and PLC_DB_PASSWORD of your MyPLC installation:

# plc-config-tty 
Enter command (u for usual changes, w to save, ? for help) s PLC_ROOT_USER
PLC_ROOT_USER = root@test.onelab.eu
Enter command (u for usual changes, w to save, ? for help) s PLC_ROOT_PASSWORD
PLC_ROOT_PASSWORD = test++
Enter command (u for usual changes, w to save, ? for help) s PLC_DB_USER
PLC_DB_USER = pgsqluser
Enter command (u for usual changes, w to save, ? for help) s PLC_DB_PASSWORD
PLC_DB_PASSWORD = 4a333aba-a322-41b1-9c05-90b4f34d1332

These four configuration parameters are required for SFA server configuration
-------
3) Configure and start SFA servers: 

(a) # sfa-config-tty

 set SFA_PLC_USER               to     PLC_ROOT_USER 
 set SFA_PLC_PASSWORD           to     PLC_ROOT_PASSWORD
 set SFA_PLC_DB_USER            to     PLC_DB_USER
 set SFA_PLC_DB_PASSWORD        to     PLC_DB_PASSWORD
write and quit

*NOTE* at this point you get a warning b/c the authorities hierarchy has not been created yet; ignore

(b) # sfa-import-plc.py 

(o/p will look like this)
Import: creating top level authorities
Hierarchy: creating authority: plc
plc : 
Import: creating table for authority plc
NOTICE:  table "sfa$plc" does not exist, skipping
  inserting authority record for plc
Import: adding plc to trusted list
Import_Site: importing site plc.internet2
Hierarchy: creating authority: plc.internet2
  inserting authority record for plc.internet2
Import_Site: importing site plc.pl
Hierarchy: creating authority: plc.pl
  inserting authority record for plc.pl
Import: importing person plc.pl.root
Import: creating table for authority plc.pl
NOTICE:  table "sfa$plc$pl" does not exist, skipping

(c)  run sfa-config-tty again and select q to come out of the config command
This will initialize /etc/sfa/authorities/server.key from /etc/sfa/authorities/plc/plc.pkey 

(d) # service sfa start
This will start Registry, Slice Manager and Aggregate Manager. Your ps command output would look like:

# ps -ef | grep python
root     24944     1  0 May11 ?        00:00:00 /usr/bin/python /usr/bin/sfa-server.py -r -d
root     24957     1  0 May11 ?        00:00:00 /usr/bin/python /usr/bin/sfa-server.py -a -d
root     24970     1  0 May11 ?        00:00:00 /usr/bin/python /usr/bin/sfa-server.py -s -d
-------
4) Configure SFA client:

 (a) # mkdir ~/.sfi 
 (b)copy your private RSA key to ~/.sfi/username.pkey Replace username with your actual account name.  NOTE: DSA KEYS WILL NOT WORK
 (c) # cp  /etc/sfa/sfi_config ~/.sfi/
 (d) edit ~/.sfi/sfi_config. A sample configuration looks like:

        export SFI_AUTH=plc.pl
        export SFI_USER=plc.pl.root
        export SFI_REGISTRY=http://vplc25.inria.fr:12345/
        export SFI_SM=http://vplc25.inria.fr:12347/ 

 (e) # source ~/.sfi/sfi_config 
------
5) Testing:

At this stage you should be able to run sfi command. Some sample outputs are:

 (a) # sfi.py list plc.pl
     plc.pl.netflow (slice)
     plc.pl.sirius (slice)
     plc.pl.root (user)
     plc.pl.pif (node)

 (b) # sfi.py show plc.pl.pif
     gid:
          hrn: plc.pl.pif
         uuid: 99878316891261700702442883738232624912
     hrn: plc.pl.pif
     type: node
     node_type: regular
     hostname: pif.inria.fr
 
 (c) # sfi.py show plc.pl.root
       gid:
          hrn: plc.pl.root
         uuid: 67306954103472941609600457537601239401
     hrn: plc.pl.root
     type: user
     last_name: Administrator
     phone: None
     key: plc.pl.root#user
     first_name: Default
     email: root@vplc25.inria.fr

 (d) # sfi.py slices
     plc.pl.netflow
     plc.pl.sirius

 (e) # sfi.py resources
<?xml version="1.0" ?>
<Rspec duration="3600" start_time="1246736949"><networks><NetSpec duration="3600" name="plc" start_time="1246736950"><nodes><NodeSpec cpu_min="" cpu_pct="" cpu_share="" disk_max="" duration="" init_params="" name="pif.inria.fr" start_time="" type=""><net_if><IfSpec addr="138.96.250.224" init_params="" ip_spoof="" max_kbyte="" max_rate="" min_rate="" name="True" type="ipv4"/></net_if></NodeSpec></nodes></NetSpec></networks></Rspec>
------

6) Federation configuration:

(a) Follow the same procedure to install and configure second MyPLC with SFA server.
(b) On each PLC, edit the /etc/sfa/registries.xml file

    set addr to ip or hostname of federated (remote) peer
    set port to sfa service port on federated (remote) peer
    set hrn to human readable name of federated (remote) peer interface
Sample configuration:

<registries>
        <registry addr="vplc26.inria.fr" hrn="ple" port="12345"/>
</registries>

(c) Likewise, edit the /etc/sfa/aggregates.xml
Sampel configuration

<aggregates>
        <aggregate addr="vplc26.inria.fr" hrn="ple" port="12346"/>
</aggregates>

(d) trade trusted root gid's (seen on /etc/sfa/trusted_roots)
we have to copy the gid of first SFA server to the /etc/sfa/trusted_roots directory of second one and vice-versa.