Version 5 (modified by ibaldin, 6 years ago)

--

Setting up $ORCA_CONTROLLER_HOME

Setting up $ORCA_CONTROLLER_HOME generally follows the same philosophy as $ORCA_HOME. The difference is that the controller is not an ORCA actor, but rather a remote policy that connects to the SM actor (only to the SM actor!). Therefore, the controller must be configured to connect to an SM actor.

Note that the xmlrpc.controller.properties file has been replaced with controller.properties. The structure of the file is largely the same as before with a few additional properties related to running the controller as a standalone application.

Define $ORCA_CONTROLLER_HOME

$ export ORCA_CONTROLLER_HOME=/opt/orca-controller

Create a default configuration

It is easiest to check out the sample configuration from SVN and then customize it:

$ svn co https://geni-orca.renci.org/svn/orca/trunk/controllers/xmlrpc/xmlrpc $ORCA_CONTROLLER_HOME

$ORCA_CONTROLLER_HOME/config/controller.properties

  • orca.manage.url points to the URL of the Jetty container running the SM with which this controller associates
  • orca.manage.[user, password] are the login and password of the admin user on the SM configured in orca.properties
  • controller.sm.guid is the GUID of the SM actor to which this controller connects (defined in $ORCA_HOME/config/config.xml)
  • logging properties should be left unmodified
  • the controller now requires two .jks files:
    • geni-trusted.jks truststore which contains the trust roots for this controller to authenticate users - this affects which users are allowed to connect
    • xmlrpc.jks keystore which contains the private key and certificate of the controller when it acts as SSL server - this should be generated for each new installation

Generating xmlrpc.jks

The password for the key as well as the keystore should be the same and should be specified as xmlrpc.controller.keystore.pass property in controller.properties file

$ keytool -keystore keystore -alias jetty -genkey -keyalg RSA

Getting the geni-trusted.jks

In general you can create your own truststore with whatever trust roots you wish. To be part of GENI federation you should use the attached geni-trusted.jks. The name of this jks file and the password to it should be saved in controller.properties as

credential.truststore.location (as related to ORCA_CONTROLLER_HOME) and credential.truststore.password.

Publishing slice manifests to XMPP

ORCA XMLRPC controller has a feature that allows it to publish manifests of all slices (and their evolution) to a pre-configured XMPP server. This is a scalable notification mechanism that can be used in a number of ways. Currently it is used to both send information about slices to GMOC, as well as save information about slices into a database for meta-analysis.

ORCA.publish.manifest=false
ORCA.pubsub.server=geni-imf-xmpp.renci.org:5222
ORCA.pubsub.usecertificate=true
# This is the xmpp user id (JID), which has to be same as the CN in the certificate, which is a guid
ORCA.pubsub.login=b8e6e0b2-7f6c-4583-aa0c-6681dc9356bd
ORCA.pubsub.password=somepassword
ORCA.pubsub.keystorepath=config/pubsub-gcf-encrypted.jks
ORCA.pubsub.keystoretype=jks
ORCA.pubsub.truststorepath=config/pubsub-gcf-encrypted.jks
ORCA.pubsub.root=orca/sm

Attachments