Version 4 (modified by ibaldin, 8 years ago)

--

Configuring your container to use ORCA Actor Registry

As of Camano 3.0 ORCA can automatically build security associations between actors in same or different containers. Prior to Camano 3.0 these security associations were built using <topology> section in actors config.xml file. Starting with Camano 3.0 this section is optional.

  • SM and Broker actors usually do not require any explicit edges declared.
  • You can still declare edges for authority actors in your containers for the purpose of declaring delegations to specific brokers (so it does not have to be done through the GUI). For example, in Camano 3.0 the topology section of a site might look have a following edge:
                            <edge>
                                    <from name="ndl-broker" guid="25bc9111-9b41-46ab-a96b-3c87f574cfde" type="broker">
                                            <location protocol="soapaxis2" url="http://geni-ben.renci.org:11080/orca/services/ndl-broker" />
    <certificate>
    MIICbTCCAdagAwIBAgIETDtgYzANBgkqhkiG9w0BAQUFADB7MQswCQYDVQQGEwJVUzELMAkGA1UE
    CBMCTkMxDzANBgNVBAcTBkR1cmhhbTENMAsGA1UEChMEb3JjYTEQMA4GA1UECxMHc2hpcmFrbzEt
    MCsGA1UEAxMkMjViYzkxMTEtOWI0MS00NmFiLWE5NmItM2M4N2Y1NzRjZmRlMB4XDTEwMDcxMjE4
    MzUxNVoXDTIwMDcwOTE4MzUxNVowezELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAk5DMQ8wDQYDVQQH
    EwZEdXJoYW0xDTALBgNVBAoTBG9yY2ExEDAOBgNVBAsTB3NoaXJha28xLTArBgNVBAMTJDI1YmM5
    MTExLTliNDEtNDZhYi1hOTZiLTNjODdmNTc0Y2ZkZTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkC
    gYEAqcyS60d5t9c3eEud529hYmD/0BrIHGkEevwAtqBb7FFD1X98SB1G8y7gzxplt0xr2Hm72Et+
    01qB7YgT6XQHWfJQQW7RUZEnrDbGsS0v6bffY291eeDVd0ZCH1ogzPDlyMqdhSGKsstqZd0CYc2E
    zRFNngOIytBu1m59Jr6/FqsCAwEAATANBgkqhkiG9w0BAQUFAAOBgQCpFKta+1JitcfPbti3x3Tj
    WqqINj2f/MzwTVZbxV1eW6gLrwc3FRTX8RgAfqn2sl9Igxfzb+GbQbhY2j5iyBsEV90eKjQQitgv
    KUA1IpJqVMYiGSohX2jL+uXEK7bujv9eRyNG82Rp+ouWCrDKo7kOVLh/iSD1s8Mrk03/wd3qfw==
    </certificate>
    
                                    </from>
                                    <to name="renci-vm-site" guid="5f19992a-674f-4c6a-82f4-9564bb4e7879" type="site" />
                                    <rset>
                                            <type>renci.vm</type>
                                            <units>12</units>
                                    </rset>
                                    <rset>
                                            <type>renci.GEPort</type>
                                            <units>40</units>
                                    </rset>
                                    <rset>
                                            <type>renciEuca.vlan</type>
                                            <units>1000</units>
                                    </rset>
                            </edge>
    
    

In Camano 3.0 and later this declaration can be shortened to:

                        <edge>
                                <from name="ndl-broker" guid="25bc9111-9b41-46ab-a96b-3c87f574cfde" type="broker"/>
                                <to name="renci-vm-site" guid="5f19992a-674f-4c6a-82f4-9564bb4e7879" type="site" />
                                <rset>
                                        <type>renci.vm</type>
                                        <units>12</units>
                                </rset>
                                <rset>
                                        <type>renci.GEPort</type>
                                        <units>40</units>
                                </rset>
                                <rset>
                                        <type>renciEuca.vlan</type>
                                        <units>1000</units>
                                </rset>
                        </edge>

Note the absence of <location> and <certificate> stanzas. These are gleaned from the XMLRPC registry autoamatically.

To use this feature, the container.properties file for your container should contain the following property declarations:

###############################################
# ORCA global actor registry (uncomment for production deployments)
###############################################
registry.certfingerprint=49:67:81:66:C0:BA:CC:82:7A:94:2B:B9:EC:00:4D:98
registry.url=https://geni.renci.org:11443/registry/
registry.method=registryService.insert

Note that the fingerprint above should match the fingerprint found on this page.

Verifying your actors