Difference between revisions of "FHNManager Installation"
(→Authentication) |
(→Authentication) |
||
| Line 22: | Line 22: | ||
In order to use the Federated Cloud, it is necessary to register a certificate to join a Virtual Organisation (VO) of the cloud. | In order to use the Federated Cloud, it is necessary to register a certificate to join a Virtual Organisation (VO) of the cloud. | ||
In case of integration with EGI it is necessary to generate a VOMS proxy in order to obtain authorization attributes to be embedded in X.509 proxy certificates, needed to access FedCloud sites. | In case of integration with EGI it is necessary to generate a VOMS proxy in order to obtain authorization attributes to be embedded in X.509 proxy certificates, needed to access FedCloud sites. | ||
| + | |||
Ideally, the VRE Manager should have to import the credentials related to own VRE directly from the gCube IS; actually the service foresees an interface for the future integration with the IS, but currently we're using VRE Manager certificates (actually a second-level proxy of the manager's cert. The first one is stored, encrypted, in the gCube information system; the second one is generated by the service just before accessing FedCloud and it's really short-lived; usually it is available at ''/tmp'' folder). | Ideally, the VRE Manager should have to import the credentials related to own VRE directly from the gCube IS; actually the service foresees an interface for the future integration with the IS, but currently we're using VRE Manager certificates (actually a second-level proxy of the manager's cert. The first one is stored, encrypted, in the gCube information system; the second one is generated by the service just before accessing FedCloud and it's really short-lived; usually it is available at ''/tmp'' folder). | ||
| + | |||
Most, if not all, gCube users do not own a x509 certificate; they access the gCube portal with username/password and the usage of external infrastructures is completely transparent to them. | Most, if not all, gCube users do not own a x509 certificate; they access the gCube portal with username/password and the usage of external infrastructures is completely transparent to them. | ||
Basically the gCube Information System will contain the .pem certificated associated to each VRE or Infrastructure Manager. Such certificates will be used by the service to create a runtime VOMS proxy in order to interact with FedCloud. If any certificates is provided, no interaction with FedCloud will be allowed. | Basically the gCube Information System will contain the .pem certificated associated to each VRE or Infrastructure Manager. Such certificates will be used by the service to create a runtime VOMS proxy in order to interact with FedCloud. If any certificates is provided, no interaction with FedCloud will be allowed. | ||
In order to run a second level proxy please type the following command and then insert GRID pass phrase: | In order to run a second level proxy please type the following command and then insert GRID pass phrase: | ||
| + | |||
voms-proxy-init -voms fedcloud.egi.eu --rfc -dont-verify-ac | voms-proxy-init -voms fedcloud.egi.eu --rfc -dont-verify-ac | ||
Revision as of 12:24, 3 May 2016
to be inserted some sign to portlet and the service details (installation, where the packages are located, how to add a cloud and so on)
The Federated Hosting Node Manager (FHNM) is the core part of the gCube-external infrastructures integration.
Contents
Usage
Maven coordinates
The maven artifact coordinates are:
<dependency> <groupId>org.gcube.resources.federation</groupId> <artifactId>fhn-manager-service</artifactId> <version>1.0.0-SNAPSHOT</version> <packaging>war</packaging> </dependency>
Deploy
- Deploy war file to selected SmartGears Container (tomcat Webapp folder)
Authentication
In order to use the Federated Cloud, it is necessary to register a certificate to join a Virtual Organisation (VO) of the cloud. In case of integration with EGI it is necessary to generate a VOMS proxy in order to obtain authorization attributes to be embedded in X.509 proxy certificates, needed to access FedCloud sites.
Ideally, the VRE Manager should have to import the credentials related to own VRE directly from the gCube IS; actually the service foresees an interface for the future integration with the IS, but currently we're using VRE Manager certificates (actually a second-level proxy of the manager's cert. The first one is stored, encrypted, in the gCube information system; the second one is generated by the service just before accessing FedCloud and it's really short-lived; usually it is available at /tmp folder).
Most, if not all, gCube users do not own a x509 certificate; they access the gCube portal with username/password and the usage of external infrastructures is completely transparent to them. Basically the gCube Information System will contain the .pem certificated associated to each VRE or Infrastructure Manager. Such certificates will be used by the service to create a runtime VOMS proxy in order to interact with FedCloud. If any certificates is provided, no interaction with FedCloud will be allowed. In order to run a second level proxy please type the following command and then insert GRID pass phrase:
voms-proxy-init -voms fedcloud.egi.eu --rfc -dont-verify-ac
Set the host environment
- Edit the YAML service.properties file available in WEB.INF/classes folder and replace the STORAGE_DIR: /home/"user_name"/fhnmanager path with user home path (e.g., STORAGE_DIR: /home/ngalante/fhnmanager); such file will contain the persistency of nodes created by using the service.
- An example of running REST service is accessible here: http://fedcloud.res.eng.it/fhn-manager-service/rest/*
