Skip to topic | Skip to bottom
Home
GENI
National
Science
Foundation
Register or Logon
Private Intranet

Start of topic | Skip to actions

Deploying PlanetLab SFA at MAX and Federating with Other Aggregates

This wiki provides our experience with deploying SFA and federating with peering PLC or ProtoGENI. It also provides guide on how to use services across the federated aggregates.

Deploy Customized SFA at MAX

The SFA deployed has been modified to work with the MAX Aggregate Manager. Detailed guide on the deployment can be found here

Federate with PLC

At MAX, we have our private PlanetLab authority configured as "plc.maxpl". The login base is "maxpl". Therefore resources will have hrn's like the following. 

plc.maxpl.maxpl.username
plc.maxpl.maxpl.nodename
plc.maxpl.maxpl.slicename

MAX peer with the public PlanetLab Central (PLC), which has authority "plc" and hrns "plc.site.user/node/slice," where 'site' can be "pl", "princeton", "isi" etc.

Following the SAF install guide, we configure these files on MAX SFA.

/etc/sfa/registries.xml: 

<registries>
  <registry addr="www.planet-lab.org" hrn="plc" port="12345"/>
</registries>

/etc/sfa/aggregates.xml :
<aggregates>
  <aggregate addr="www.planet-lab.org" hrn="plc" port="12346"/>
</aggregates>

We provide PLC at Princeton with the following information: 

<registries>
  <registry addr="max-myplc.dragon.maxgigapop.net" hrn="plc.maxpl" port="12345"/>
</registries>

<aggregates>
  <aggregate addr="max-myplc.dragon.maxgigapop.net" hrn="plc.maxpl" port="12346"/>
</aggregates>

The following steps are then taken to make sure SFA is cleaned up for federation. 

# remove registry records
1. sfa-nuke-plc.py

# remove cached registry keys 
2. rm /var/lib/sfa/*

# remove trusted certs
3. /etc/sfa/trusted_roots/*

# import registry records
4. sfa-import-plc.py 

# remove fake plc cert generated by sfa-import-plc.py
5. rm /etc/sfa/trusted_roots/plc.gid

# fetches and installs real plc cert
6. /etc/init.d/sfa restart

After these, peering SFA servers will be able to fetch the updated trusted roots (gid) from each other. Under /etc/sfa/trusted_roots/ on MAX SFA server, we have plc.gid and plc.maxpl.gid.

We can verify that federation has been made by seeing the following from MAX SFA server. 

[myplc]# sfi.py list plc
plc.princeton (authority)
plc.cesnet (authority)
plc.aston (authority)
plc.mtu (authority)
plc.ufl (authority)
...

Use SFA Services with Federated Aggregates

We can now use some unique features offered by federated aggregates. First of all, we need to have user accounts on both MAX and PLC sites. Suppose a user 'plc.maxpl.maxpl.xyang' is registered with MAX and 'plc.isi.xyang' is with PLC. We also have two sets of .sfi/sfi_config for both users. One for MAX reads 

SFI_AUTH='plc.maxpl.maxpl'
SFI_USER='plc.maxpl.maxpl.xyang'
SFI_REGISTRY='http://max-myplc.dragon.maxgigapop.net:12345/'
SFI_SM='http://max-myplc.dragon.maxgigapop.net:12347/'

The other for PLC reads 

SFI_AUTH='plc'
SFI_USER='plc.isi.xyang'
SFI_REGISTRY='http://www.planet-lab.org:12345/'
SFI_SM='http://www.planet-lab.org:12347/'

In addition, the user at MAX has asked PI to created a slice named "plc.maxpl.maxpl.maxstitchingslice1".

We can then do the following.

List and Show Resources

A MAX user can list and show resources under both plc.maxpl (local) and under peering plc (external). A PLC user can do exactly same and get the same list results. For example, user "plc.isi.xyang" can get 
[myplc] ~ # sfi.py list plc.maxpl.maxpl
plc.maxpl.maxpl.planetlab4\.dragon\.maxgigapop\.net (node)
plc.maxpl.maxpl.planetlab5\.dragon\.maxgigapop\.net (node)
plc.maxpl.maxpl.planetlab2\.dragon\.maxgigapop\.net (node)
plc.maxpl.maxpl.planetlab3\.dragon\.maxgigapop\.net (node)
plc.maxpl.maxpl.netflow (slice)
plc.maxpl.maxpl.sirius (slice)
plc.maxpl.maxpl.sfacm (slice)
plc.maxpl.maxpl.drl (slice)
plc.maxpl.maxpl.maxstitchingslice1 (slice)
plc.maxpl.maxpl.xyang (user)


[myplc] ~ # sfi.py show plc.maxpl.maxpl
     peer_authority: None
     hrn: plc.maxpl.maxpl
     last_updated: 1304435908
     authority: plc.maxpl
     gid:
GID
        hrn:plc.maxpl.maxpl
        urn:urn:publicid:IDN+plc:maxpl:maxpl+authority+sa
        uuid:11580124303978681678603182119128274123

     date_created: 1283951494
     type: authority
     operator: []
     nodes: ['plc.maxpl.maxpl.planetlab5\\.dragon\\.maxgigapop\\.net', 'plc.maxpl.maxpl.planetlab2\\.dragon\\.maxgigapop\\.net', 'plc.maxpl.maxpl.planetlab4\\.dragon\\.maxgigapop\\.net', 'plc.maxpl.maxpl.planetlab3\\.dragon\\.maxgigapop\\.net']
     PI: ['plc.maxpl.maxpl.xyang', 'plc.maxpl.maxpl.tlehman', 'plc.maxpl.maxpl.bpillai']
     name: MAX PlanetLab Central Central
     url: http://max-myplc.dragon.maxgigapop.net/
     enabled: True
     login_base: maxpl

Note that each user is associated with its own SFA authority or aggregate. The federation offers access to external resources from the local PlanetLab SFA the user is registered with.

Create, Query and Delete Slice Sliver on External Aggregate

When user wants to create, query or delete slice sliver on an external aggregate, for example, user 'plc.isi.xyang' wants to do such on MAX aggregate, it needs to work with a local user, say 'plc.maxpl.maxpl.xyang' to first get the slice credential.

By switching to SFI profile configured for 'plc.maxpl.maxpl.xyang', the following command will retrieve .sfi/slice_maxstitchingslice1.cred. 

sfi.py resources plc.maxpl.maxpl.maxstitchingslice1

Then switch to SFI profile configured for 'plc.isi.xyang' with slice_maxstitchingslice1.cred under .sfi/. Now the user 'plc.isi.xyang' can ask PLC with the following requests. 

sfi.py create plc.maxpl.maxpl.maxstitchingslice1 /root/demo-gec10/max_protogeni_stitching_slice2.rspec
sfi.py resources plc.maxpl.maxpl.maxstitchingslice1
sfi.py delete plc.maxpl.maxpl.maxstitchingslice1

This allows us to create / query / delete MAX slice sliver via the PLC, which will contact MAX SFA AM service to make this happen on the MAX aggregate that is external for the user 'plc.isi.xyang'.

Federate with ProtoGENI

Firstly, send plc.maxpl.gid together with the following AM url to ProtoGENI: 

  http://max-myplc.dragon.maxgigapop.net:12346

Then add an entry to /etc/sfa/aggregates.xml, which now looks: 

<aggregates>
  <aggregate addr="www.planet-lab.org" hrn="plc" port="12346"/>
  <aggregate addr="www.emulab.net/protogeni/xmlrpc/am" hrn="emulab" port="443"/>
</aggregates>

Copy a ProtoGENI site cert, say the cert for emulab.net, to /etc/sfa/trusted_roots/emulab.gid.

Restart SFA server.

Use omniClient to Operate Slice across Multiple Aggregates

Download onmi client (gcf-1.2).

Add the following profiles to omni_config file. 

[maxpl]
type=sfa
authority=plc.maxpl.maxpl
user=plc.maxpl.maxpl.xyang
cert=~/.gcf/plc.maxpl.maxpl.xyang.gid
key=~/.gcf/xyang.pkey
registry=http://max-myplc.dragon.maxgigapop.net:12345
slicemgr=http://max-myplc.dragon.maxgigapop.net:12347

[plc]
type=sfa
authority=plc.isi
user=plc.isi.xyang
cert=~/.gcf/plc.isi.xyang.gid
key=~/.gcf/plc.isi.xyang.pkey
registry=http://www.planet-lab.org:12345
slicemgr=http://www.planet-lab.org:12347


[pg]
type=pg
verbose=false
ch=https://www.emulab.net:443/protogeni/xmlrpc/ch
sa=https://www.emulab.net:443/protogeni/xmlrpc/sa
cert=~/.gcf/encrypted.pem
key=~/.gcf/encrypted.pem

You can use the following commands to verify that you can access an aggregate (native or foreign) under the current profile. 

  src/omni.py getversion -a http://max-myplc.dragon.maxgigapop.net:12346

  src/omni.py listresources -a http://max-myplc.dragon.maxgigapop.net:12346

You may use any of the the above profiles to create a native slice with the maxpl, plc or pg aggregate. For example, 

  src/omni.py createslice -n maxstitchingslice1 -a  http://max-myplc.dragon.maxgigapop.net:12346

Then you can create slivers on all the three aggregates as 

  src/omni.py createsliver -a http://max-myplc.dragon.maxgigapop.net:12346 -n maxstitchingslice1 test1.rspec 

  src/omni.py createsliver -a http://www.emulab.net/protogeni/xmlrpc/am -n maxstitchingslice1 test2.rspec 

  src/omni.py createsliver -a http://www.planet-lab.org:12346 -n maxstitchingslice1 test3.rspec

You can then query sliver status and show slice/sliver resources. For example, 

  src/omni.py sliverstatus -a http://www.emulab.net/protogeni/xmlrpc/am -n maxstitchingslice1
 
  src/omni.py listresources -n maxstitchingslice1

  src/omni.py listresources -a http://www.emulab.net/protogeni/xmlrpc/am -n maxstitchingslice1


End of topic
Skip to action links | Back to top
You are here: GENI > Software > Deploying-SFA

to top

Copyright © 1999-2012.
The information contained in these pages is the property of the Mid-Atlantic Crossroads (MAX).
If you have questions or comments, please contact MAX Administration