Skip to content

GCF_clearinghouse

Jump to bottom
Carolina Fernández edited this page Apr 28, 2015 · 2 revisions

Home > Experimenting > CH > GCF clearinghouse

Generating the GCF CH certificates

During the set up, certificates are generated by GCF. However, there are some issues with this kind of certificates. To circumvent this problem, and in case you still have not generated before your own certificate and keys directly using the OpenSSL tool, you may:

  1. Download the files as a compressed file or individually.
  2. Uncompress in your remote server.
  3. Modify the content of every line commented with "changeMe" to match the name of your organisation and to provide a contact e-mail for the certificates. Respect the format of the URN there.
  4. Run the gcf_gen_certs.sh script.

Running

The GENI Clearinghouse will have a pair of keys (typically located under ~/.gcf) that must be accepted by the target server (if you are experiencing credentials problems, see the corresponding sections in the wiki page of each RM to know how to place the Clearinghouse keys into their respective trusted_roots folders).

To run the GCF CH, all you need to do is move to the folder where you placed the source and run the proper server:

carolina@deployment:~$ cd /opt/geni/gcf-2.8
carolina@deployment:/opt/geni/gcf-2.8$ python src/gcf-ch.py

The following output will appear:

INFO:cred-verifier:Will accept credentials signed by any of 1 root certs found in /home/carolina/.gcf/trusted_roots: ['/home/carolina/.gcf/trusted_roots/ch-cert.pem']
INFO:gcf-ch:Registering AM urn:publicid:IDN+geni:gpo:gcf:am1+authority+am at http://localhost:8001
INFO:cred-verifier:Adding trusted cert file ch-cert.pem
INFO:cred-verifier:Combined dir of 1 trusted certs /home/carolina/.gcf/trusted_roots into file /home/carolina/.gcf/trusted_roots/CATedCACerts.pem for Python SSL support
INFO:gcf-ch:GENI CH Listening on port 8000...

Upon receiving a request (whose target is any RM), the CH should generate or return a valid credential; for which there will be a new line in the console.

OMNI commands

After your environment is properly set up and configured, you will be able to send requests against the GENI APIs of the FELIX RMs using OMNI as described in this section.

Also, take care to change $am_address/$endpoint by:

  1. $am_address: the URI of each FELIX RM. This information is known to each Island Administrator
  2. $endpoint: path where the RM's GENIv3 server runs:
  • RO, CRM, SDNRM, SERM: /xmlrpc/geni/3/
  • TNRM: / (eiSoil-based RMs)

The following are typical calls using the GENIv3 API to contact RO, CRM, SDNRM or SERM:

# Retrieve version and meta information of the RM
python src/omni.py -o -a $am_address/xmlrpc/geni/3/ -V 3 --debug \
                   getversion

# Retrieve list of resources provided by the RM
# (e.g. servers for CRM/VTAM, switches for SDNRM/OFAM)
python src/omni.py -o -a $am_address/xmlrpc/geni/3/ -V 3 --debug \
                   --no-compress listresources

# Retrieve contents (slivers) belonging to a given slice
python src/omni.py -o -a $am_address/xmlrpc/geni/3/ -V 3 --debug \
                   describe slicename

# Reserve/Allocate resources within a slice.
# (Parameter "--end-time" optional)
python src/omni.py -o -a $am_address/xmlrpc/geni/3/ -V 3 --debug \
                   allocate slicename rspec-req.xml \
                   --end-time=2014-04-12T23:20:50.52Z

# Renew time where reserved/allocated resources are kept from 
# other users
python src/omni.py -o -a $am_address/xmlrpc/geni/3/ -V 3 --debug \
                   renew slicename 2013-02-07T15:00:50.52Z

# Provision the resources previously allocated
# (Parameter "--end-time" optional)
python src/omni.py -o -a $am_address/xmlrpc/geni/3/ -V 3 --debug \
                   provision slicename \
                   --end-time=2014-04-12T23:20:50.52Z

# Retrieve status of a given slice
python src/omni.py -o -a $am_address/xmlrpc/geni/3/ -V 3 --debug \
                   status slicename

# Perform action over a resource or sliver
# Actions are usually: [geni_start | geni_stop | geni_restart]
python src/omni.py -o -a $am_address/xmlrpc/geni/3/ -V 3 --debug \
                   performoperationalaction slicename geni_start

# Delete a given slice and all its contents
python src/omni.py -o -a $am_address/xmlrpc/geni/3/ -V 3 --debug \
                   delete slicename

# Shut down a given slice and all its contents
# Intended for admin/operator use only
python src/omni.py -o -a $am_address/xmlrpc/geni/3/ -V 3 --debug \
                   shutdown slicename

If everything is working properly you should see something like this (e.g. output for Allocate):

Result Summary: Slice urn:publicid:IDN+geni:gpo:gcf+slice+slicename expires in <= 3 hours on ... UTC
Saved allocation of slivers in slice urn:publicid:IDN+geni:gpo:gcf+slice+slicename at AM $am_address/xmlrpc/geni/3/ to file slicename-allocate-$am_address/xmlrpc/geni/3/.json. 
All slivers expire on: ...
Clone this wiki locally