Version 2 (modified by ibaldin, 8 years ago)

--

Configuring your container to use ORCA Actor Registry

As of Camano 3.0 ORCA can automatically build security associations between actors in same or different containers. Prior to Camano 3.0 these security associations were built using <topology> section in actors config.xml file. Starting with Camano 3.0 this section is optional. SM and Broker actors usually do not require any explicit edges declared. You can still declare edges for authority actors in your containers for the purpose of declaring delegations to specific brokers (so it does not have to be done through the GUI). For example, in Camano 3.0 the topology section of a site might look have a following edge:

                        <edge>
                                <from name="ndl-broker" guid="25bc9111-9b41-46ab-a96b-3c87f574cfde" type="broker">
                                        <location protocol="soapaxis2" url="http://geni-ben.renci.org:11080/orca/services/ndl-broker" />
<certificate>
MIICbTCCAdagAwIBAgIETDtgYzANBgkqhkiG9w0BAQUFADB7MQswCQYDVQQGEwJVUzELMAkGA1UE
CBMCTkMxDzANBgNVBAcTBkR1cmhhbTENMAsGA1UEChMEb3JjYTEQMA4GA1UECxMHc2hpcmFrbzEt
MCsGA1UEAxMkMjViYzkxMTEtOWI0MS00NmFiLWE5NmItM2M4N2Y1NzRjZmRlMB4XDTEwMDcxMjE4
MzUxNVoXDTIwMDcwOTE4MzUxNVowezELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAk5DMQ8wDQYDVQQH
EwZEdXJoYW0xDTALBgNVBAoTBG9yY2ExEDAOBgNVBAsTB3NoaXJha28xLTArBgNVBAMTJDI1YmM5
MTExLTliNDEtNDZhYi1hOTZiLTNjODdmNTc0Y2ZkZTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkC
gYEAqcyS60d5t9c3eEud529hYmD/0BrIHGkEevwAtqBb7FFD1X98SB1G8y7gzxplt0xr2Hm72Et+
01qB7YgT6XQHWfJQQW7RUZEnrDbGsS0v6bffY291eeDVd0ZCH1ogzPDlyMqdhSGKsstqZd0CYc2E
zRFNngOIytBu1m59Jr6/FqsCAwEAATANBgkqhkiG9w0BAQUFAAOBgQCpFKta+1JitcfPbti3x3Tj
WqqINj2f/MzwTVZbxV1eW6gLrwc3FRTX8RgAfqn2sl9Igxfzb+GbQbhY2j5iyBsEV90eKjQQitgv
KUA1IpJqVMYiGSohX2jL+uXEK7bujv9eRyNG82Rp+ouWCrDKo7kOVLh/iSD1s8Mrk03/wd3qfw==
</certificate>

                                </from>
                                <to name="renci-vm-site" guid="5f19992a-674f-4c6a-82f4-9564bb4e7879" type="site" />
                                <rset>
                                        <type>renci.vm</type>
                                        <units>12</units>
                                </rset>
                                <rset>
                                        <type>renci.GEPort</type>
                                        <units>40</units>
                                </rset>
                                <rset>
                                        <type>renciEuca.vlan</type>
                                        <units>1000</units>
                                </rset>
                        </edge>

In Camano 3.0 and later this declaration can be shortened to:

<edge>

<from name="ndl-broker" guid="25bc9111-9b41-46ab-a96b-3c87f574cfde" type="broker"/> <to name="renci-vm-site" guid="5f19992a-674f-4c6a-82f4-9564bb4e7879" type="site" /> <rset>

<type>renci.vm</type> <units>12</units>

</rset> <rset>

<type>renci.GEPort</type> <units>40</units>

</rset> <rset>

<type>renciEuca.vlan</type> <units>1000</units>

</rset>

</edge>

To use this feature, the container.properties file should contain the following property declarations:

###############################################
# ORCA global actor registry (uncomment for production deployments)
###############################################
registry.certfingerprint=49:67:81:66:C0:BA:CC:82:7A:94:2B:B9:EC:00:4D:98
registry.url=https://geni.renci.org:11443/registry/
registry.method=registryService.insert

Note that the fingerprint above should match the fingerprint found on this page.

When deploying production actors, you should NOT specify any edges for SM (Slice/Service Manager) and broker actors. If your container contains only those actors, the topology section can be omitted.