Difference between revisions of "The Hello GPE World Tutorial"

From ARL Wiki
Jump to navigationJump to search
Line 83: Line 83:
 
</pre>
 
</pre>
  
where my slice is ''pl_washu_sppDemo''.
+
where my slice name is ''pl_washu_sppDemo''.
 
Thus, the general format is:
 
Thus, the general format is:
  
Line 99: Line 99:
 
You can skip this section if you are already using such an agent.
 
You can skip this section if you are already using such an agent.
 
If you have never used such an agent, note that there are several alternatives to the procedure described below and our description is meant to be a simple cookbook procedure.
 
If you have never used such an agent, note that there are several alternatives to the procedure described below and our description is meant to be a simple cookbook procedure.
>>> Reference <<< provides a more detailed explanation of how to use an agent.
+
See the ''ssh-agent'' and ''ssh-add'' man pages or the web for more details.
  
 
The basic idea is to run ''ssh-agent'' which is a daemon process that caches private keys and listens for requests from SSH clients needing a private key related computation.
 
The basic idea is to run ''ssh-agent'' which is a daemon process that caches private keys and listens for requests from SSH clients needing a private key related computation.
Line 110: Line 110:
 
<pre>
 
<pre>
 
     eval `ssh-agent`
 
     eval `ssh-agent`
 +
    ssh-add
 +
    ... Enter your passphrase when it prompts for it ...
 
</pre>
 
</pre>
  
Notice that we are using backquotes, NOT the normal forward quote characters.
+
Notice that we are using backquotes (which denotes command substitution) in the first line, NOT the normal forward quote characters.
The agent is now running.
+
 
It outputs two commands on stdout which is then evaluated by the ''eval'' command.
+
In the first line, ''ssh-agent'' outputs two commands to stdout which is then evaluated by the ''eval'' command.
 
These two commands set the two environment variables ''SSH_AUTH_SOCK'' and ''SSH_AGENT_PID''.
 
These two commands set the two environment variables ''SSH_AUTH_SOCK'' and ''SSH_AGENT_PID''.
 
Enter the command "''printenv | grep SSH_A''", and you
 
Enter the command "''printenv | grep SSH_A''", and you
Line 124: Line 126:
 
</pre>
 
</pre>
  
which says that process 2143 is the ssh-agent and it is listening for requests on the Unix Domain socket ''/tmp/ssh-sTNf2142/agent.2142''.
+
which says that process 2143 is your ssh-agent and it is listening for requests on the Unix Domain socket ''/tmp/ssh-sTNf2142/agent.2142''.
 
+
The ''ssh-add'' command adds your private key to the list of private keys held by ''ssh-agent''.
Now, add your private key to your agent's cache:
 
 
 
<pre>
 
    ssh-add        # respond with your paraphrase
 
</pre>
 
  
This adds your private key to the list of private keys held by ''ssh-agent''.
+
You can now verify that you can ssh to an SPP without entering a password
You can now verify that you can ssh to an SPP without a password
 
 
or passphrase.
 
or passphrase.
 
In fact, any subshell of the current shell will not need to enter
 
In fact, any subshell of the current shell will not need to enter
a password when logging into an SPP as long as the agent is running because the SSH environment variables are passed to all children of the current shell.
+
a password when logging into an SPP as long as the agent is running because the SSH environment variables are passed to all children of the current shell allowing them to communicate with the same agent.
  
 
== The SPP Configuration Command ''scfg'' ==
 
== The SPP Configuration Command ''scfg'' ==

Revision as of 20:44, 2 March 2010

Template:Under Construction

Introduction

XXXXX

The SPP Components

XXXXX

Pinging SPP External Interfaces

Unlike most PlanetLab nodes, an SPP has multiple external interfaces. In the GENI deployment, some of those interfaces have Internet2 IP addresses and some are interfaces attached to point-to-point links going directly to an external interfaces of other SPPs. This section introduces you to sone of the Internet2 interfaces.

Let's try to ping some of those Internet2 interfaces. Enter one of the following ping commands (omit the comments):

    ping -c 3 64.57.23.210         # Salt Lake City interface 0
    ping -c 3 64.57.23.214         # Salt Lake City interface 1
    ping -c 3 64.57.23.218         # Salt Lake City interface 2
    ping -c 3 64.57.23.194         # Washington DC interface 0
    ping -c 3 64.57.23.198         # Washington DC interface 1
    ping -c 3 64.57.23.202         # Washington DC interface 2
    ping -c 3 64.57.23.178         # Kansas City interface 0
    ping -c 3 64.57.23.182         # Kansas City interface 1
    ping -c 3 64.57.23.186         # Kansas City interface 2

For example, my output from the first ping command looks like this:

myhost> ping -c 3 64.57.23.210
PING 64.57.23.210 (64.57.23.210) 56(84) bytes of data.
64 bytes from 64.57.23.210: icmp_seq=1 ttl=56 time=67.5 ms
64 bytes from 64.57.23.210: icmp_seq=2 ttl=56 time=55.9 ms
64 bytes from 64.57.23.210: icmp_seq=3 ttl=56 time=59.0 ms

--- 64.57.23.210 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2002ms
rtt min/avg/max/mdev = 55.949/60.823/67.511/4.895 ms

Note that you may not be able to ping an SPP external interface. Some reasons why it might fail are:

  1. Your host doesn't have ping installed. This is not typical.
  2. The SPP interface is down.
  3. Your network blocks ping traffic.
  4. Your network provider doesn't route Internet2 addresses.

In the first case, you will get a command not found error message. The ping command is usually located at /bin/ping. See your system administrator if you can't find ping. In the other cases, your ping command will eventually return with a 100% packet loss message. In the last case, running the command traceroute 64.57.23.210 will give a Network unreachable indication (the last router is marked !N).

If you are unsuccessful with one interface, try to ping the interface of a different SPP.

However, you can always get around these problems (except for an SPP being down) by issuing the ping command from a PlanetLab node. We discuss how to log into a PlanetLab node in The IPv4 Metanet Tutorial.

Logging Into an SPP's GPE

Now, let's try to log into the SPP interface that you were able to ping. The example below assumes that interface was 64.57.23.210; that is, interface 0 of the Salt Lake City SPP. Note the following:

  • You must use ssh to log into an SPP.
  • When you ssh to an SPP's external interface, you will actually get logged into a GPE of the SPP.
  • Furthermore, you will be logging into your slice in a GPE.
  • Even if your network blocks your ping packets, you should be able to log into a GPE as long as there is a route to the SPP's external interface address.
  • You can 'ssh' to any of the SPP's external interfaces.

To log into a GPE at the Salt Lake City SPP, I would enter:

    ssh pl_washu_sppDemo@64.57.23.210

where my slice name is pl_washu_sppDemo. Thus, the general format is:

    ssh YOUR_SLICE@IP_ADDRESS

where YOUR_SLICE is the slice you were assigned during account registration, and IP_ADDRESS is the IP address of an SPP external interface.

During the login process, you will be asked to enter your RSA passphrase unless ssh-agent or an equivalent utility (e.g., keychain, gnome-keyring-daemon) is holding your private RSA key.

Using ssh-agent

This section is a very brief explanation of how to use ssh-agent. You can skip this section if you are already using such an agent. If you have never used such an agent, note that there are several alternatives to the procedure described below and our description is meant to be a simple cookbook procedure. See the ssh-agent and ssh-add man pages or the web for more details.

The basic idea is to run ssh-agent which is a daemon process that caches private keys and listens for requests from SSH clients needing a private key related computation. Then, run the ssh-add command to add your private key to your agent's cache. This is only done once after you start the SSH agent. The process will ask you for your passphrase which is used to decrypt the private key which is then held in main memory by the agent.

For example,

    eval `ssh-agent`
    ssh-add
    ... Enter your passphrase when it prompts for it ...

Notice that we are using backquotes (which denotes command substitution) in the first line, NOT the normal forward quote characters.

In the first line, ssh-agent outputs two commands to stdout which is then evaluated by the eval command. These two commands set the two environment variables SSH_AUTH_SOCK and SSH_AGENT_PID. Enter the command "printenv | grep SSH_A", and you will get output that looks like:

    SSH_AUTH_SOCK=/tmp/ssh-sTNf2142/agent.2142
    SSH_AGENT_PID=2143

which says that process 2143 is your ssh-agent and it is listening for requests on the Unix Domain socket /tmp/ssh-sTNf2142/agent.2142. The ssh-add command adds your private key to the list of private keys held by ssh-agent.

You can now verify that you can ssh to an SPP without entering a password or passphrase. In fact, any subshell of the current shell will not need to enter a password when logging into an SPP as long as the agent is running because the SSH environment variables are passed to all children of the current shell allowing them to communicate with the same agent.

The SPP Configuration Command scfg

After you have logged into a GPE, you can use the scfg command to get information about the SPP and to configure the SPP. You can get help information from scfg by entering one of these XXX forms of the command:

    scfg --help all         # show help for all commands
    scfg --help info        # show help for information commands
    scfg --help queues      # show help for queue commands
    scfg --help reserv      # show help for reservation commands
    scfg --help alloc       # show help for resource alloc/free commands

Try getting help on the information commands (scfg --help info). The output looks like:

    USAGE:
    INFORMATION CMDS:
      scfg --cmd get_ifaces
            Display all interfaces
      scfg --cmd get_ifpeer --ifn N
            Display the peer of interface num N
      ... other output not shown ...

If you get a command not found message, try entering:

    /usr/local/bin/scfg --help info

If the command now runs, you need to add /usr/local/bin to your PATH environment variable. The rest of this tutorial assumes that your PATH environment variable has been set to include the directory containing the scfg command.

Getting Information About External Interfaces

SPPs have multiple external interfaces. Enter:

    scfg --cmd get_ifaces

to show the attributes of all external interfaces. For example, running this command on the Salt Lake City SPP produces:

    Interface list:
      [ifn 0, type  "inet", linkBW 1000000Kbps, availBW 899232Kbps, ipAddr 64.57.23.210]
      [ifn 1, type  "inet", linkBW 1000000Kbps, availBW 899232Kbps, ipAddr 64.57.23.214]
      [ifn 2, type  "inet", linkBW 1000000Kbps, availBW 899232Kbps, ipAddr 64.57.23.218]
      [ifn 3, type  "p2p", linkBW 1000000Kbps, availBW 899232Kbps, ipAddr 10.1.1.2]
      [ifn 4, type  "p2p", linkBW 1000000Kbps, availBW 899232Kbps, ipAddr 10.1.2.2]
      [ifn 5, type  "p2p", linkBW 1000000Kbps, availBW 899232Kbps, ipAddr 10.1.7.2]
      [ifn 6, type  "p2p", linkBW 1000000Kbps, availBW 899232Kbps, ipAddr 10.1.8.2]

This output shows:

  • There are seven external interfaces numbered from 0 to 7.
  • There are two types of interfaces: inet and p2p.
    • inet XXXXX
    • p2p XXXXX
  • The capacity of each interface is 1 Gbps (= 1000000 Kbps).
  • The available bandwidth (has not been allocated) of each interface is 899232 Kbps (=899.232 Mbps).
  • The IP addresses of each interface are shown.


>>>>> HERE <<<<<

  • The scfg utility
  • scfg --cmd get_ifaces
  • scfg --cmd get_peer

Getting Information About Peers

Constructing a Tunnel Map

  • Use the output of get_ifaces and get_peer

Making a Resource Reservation

  • scfg --cmd make_reservation and the reservation file
  • Other reservation commands

Creating a Slowpath (GPE) Endpoint

  • scfg --cmd alloc_plspec
  • scfg --cmd alloc_endpoint

Hello SPP

Putting Things Together