[Planetlab-devel] Re: problem #1 (with myplc 0.5-5)

Lee Breslau breslau at research.att.com
Mon Jan 28 13:27:16 EST 2008 

Stephen,

Thanks.  This helps, and it looks like I can now create the PI account 
to bootstrap the rest.

I had another problem, which threw me off for a while.  The notification 
mail wasn't getting sent when new accounts were requested.  The solution 
that I found was to stop the mail service on the machine, and only 
enable it within the plc context.  I think otherwise the plc sendmail 
was failing because the port it was trying to bind to was already in 
use.   Is this what you would expect to happen?  As I say, things are 
working now, but just want to make sure I haven't diverged in some way 
that will cause problems in the future.

Lee


Stephen Soltesz wrote:
> Hello, Lee,
>
> First, I'm sorry that I didn't reply to this message sooner.  I didn't 
> realize you were sending questions to the devel list, and the usual 
> notification I get for new messages wasn't working correctly.
>
> Your question is good.  An administrator account needs to authenticate 
> the initial account creation request for a PI.  Because the PI is such 
> a privileged role, only a more privileged account can vouch for him.
>
> The admin can find the user who registered, then enable the user and 
> add the PI role.
>
> Does this help?
>
> Thank you,
> Stephen.
>
> Lee Breslau wrote:
>> Stephen,
>>
>> This worked great.  Thanks!  Now I'm wondering, once a site is added, 
>> who authenticates an initial account creation request?  That is, 
>> there isn't yet a site PI.
>> Does the site PI also need to be added through the API?
>>
>> If so, is that documented here:
>>
>> http://www.planet-lab.org/doc/plc_api
>>
>> Lee
>>
>>
>> Stephen Soltesz wrote:
>>> Hello, Lee,
>>>
>>> I've forwarded this to the devel list for posterity.  I'm sure 
>>> others may have a similar question at some point in the future.
>>>
>>> I see two questions:
>>>
>>> 1) how to add a site (to add a user).
>>> 2) how to log into the machine (either as site_admin or a new user)
>>>
>>> Please let me know if I've missed something.
>>>
>>> 1)
>>> Unfortunately, it's not a current feature to add sites through the 
>>> web interface.  Instead, this is done manually through the API.  If 
>>> you've never done this before it may be a little weird, but it 
>>> should be straight forward.
>>>
>>> Start python:
>>>
>>>    $ python
>>>    >>> from xmlrpclib import Server
>>>    >>> XMLRPC_SERVER="https://boot.planet-lab.org/PLCAPI/"
>>>    >>> plc = Server(XMLRPC_SERVER, verbose=False, allow_none=True)
>>>    >>> auth = {'Username': '', 'AuthMethod': 'password', 
>>> 'AuthString': ''}
>>>
>>> Where you add the string for Username with the email address of the 
>>> administrative account for the system, and 'AuthString' with the 
>>> clear text password.  The default is root at localhost.localdomain, 
>>> with password of 'root'.
>>>
>>> Therefore, the default auth structure would be:
>>>
>>>    >>> auth = {'Username': 'root at localhost.localdomain', 
>>> 'AuthMethod': 'password', 'AuthString': 'root'}
>>>
>>> Then you will invoke a call on the api, using this authorization.
>>>
>>>    >>> plc.AddSite(auth, {'name': '',
>>>                           'url': '',
>>>                           'enabled': True ,
>>>                           'max_slices': 10,
>>>                           'login_base': '',
>>>                           'is_public': True,
>>>                           'abbreviated_name': ''})
>>>
>>> The number that's returned from the call is the site id for your new 
>>> site.
>>>
>>> The 'is_public' attribute determines whether or not the site is 
>>> visible on the 'Add Users' form.  The default site has this set to 
>>> false, and it gets reset at restart.
>>>
>>> 2)
>>> Each user account has an associated ssh public key.  For a given 
>>> site, only those users that are also Technical contacts have their 
>>> ssh keys copied to the site_admin account.  It sounds like you know 
>>> the steps for loading an ssh key with an account, I would just try 
>>> adding the Technical Contact role to the account you're trying to 
>>> use with the site_admin login.
>>>
>>> Please let me know if these directions are helpful, and please let 
>>> me know if you have any other questions.
>>>
>>> Thank you,
>>> Stephen.
>>>
>>>
>>> Lee Breslau wrote:
>>>> Stephen,
>>>>
>>>> So much for batching my questions as I'm stuck again.
>>>>
>>>> I'm trying to add a user account, and one of the fields I am 
>>>> prompted for is a Site Name.  There are no site names to choose 
>>>> from, but this is a required field.
>>>>
>>>> Also, how do I log into the box, either from the console or 
>>>> remotely?  the console says site admin only, but i don't know the 
>>>> account name or password.  Remotely, the documentation tells me to 
>>>> ssh as root using a public key in /etc/planetlab.  This is asking 
>>>> me for a password, which I don't know (and kind of makes me think 
>>>> the public key isn't being used.)
>>>>
>>>> Lee
>>>>
>>>>
>>
>> _______________________________________________
>> Devel mailing list
>> Devel at lists.planet-lab.org
>> https://lists.planet-lab.org/mailman/listinfo/devel

More information about the Devel mailing list