[Planetlab-devel] Re: problem #1 (with myplc 0.5-5)
Stephen Soltesz
soltesz at CS.Princeton.EDU
Mon Jan 28 13:34:43 EST 2008
Hey, Lee,
From your description, it sounds like sendmail is working for you now?
Unfortunately, I have not yet successfully configured the email for myplc. I
can appreciate that this is a concern for an actual deployment such as within
ATT. For sure, any service that binds to a port should be disabled outside of
the plc context if plc is using the same service/port. I'm actually not
entirely clear how sendmail works, so others may be able to provide a more
informed reply for this particular option if it's still not working for you.
Thank you,
Stephen.
Lee Breslau wrote:
> Stephen,
>
> Thanks. This helps, and it looks like I can now create the PI account
> to bootstrap the rest.
>
> I had another problem, which threw me off for a while. The notification
> mail wasn't getting sent when new accounts were requested. The solution
> that I found was to stop the mail service on the machine, and only
> enable it within the plc context. I think otherwise the plc sendmail
> was failing because the port it was trying to bind to was already in
> use. Is this what you would expect to happen? As I say, things are
> working now, but just want to make sure I haven't diverged in some way
> that will cause problems in the future.
>
> Lee
>
>
> Stephen Soltesz wrote:
>> Hello, Lee,
>>
>> First, I'm sorry that I didn't reply to this message sooner. I didn't
>> realize you were sending questions to the devel list, and the usual
>> notification I get for new messages wasn't working correctly.
>>
>> Your question is good. An administrator account needs to authenticate
>> the initial account creation request for a PI. Because the PI is such
>> a privileged role, only a more privileged account can vouch for him.
>>
>> The admin can find the user who registered, then enable the user and
>> add the PI role.
>>
>> Does this help?
>>
>> Thank you,
>> Stephen.
>>
>> Lee Breslau wrote:
>>> Stephen,
>>>
>>> This worked great. Thanks! Now I'm wondering, once a site is added,
>>> who authenticates an initial account creation request? That is,
>>> there isn't yet a site PI.
>>> Does the site PI also need to be added through the API?
>>>
>>> If so, is that documented here:
>>>
>>> http://www.planet-lab.org/doc/plc_api
>>>
>>> Lee
>>>
>>>
>>> Stephen Soltesz wrote:
>>>> Hello, Lee,
>>>>
>>>> I've forwarded this to the devel list for posterity. I'm sure
>>>> others may have a similar question at some point in the future.
>>>>
>>>> I see two questions:
>>>>
>>>> 1) how to add a site (to add a user).
>>>> 2) how to log into the machine (either as site_admin or a new user)
>>>>
>>>> Please let me know if I've missed something.
>>>>
>>>> 1)
>>>> Unfortunately, it's not a current feature to add sites through the
>>>> web interface. Instead, this is done manually through the API. If
>>>> you've never done this before it may be a little weird, but it
>>>> should be straight forward.
>>>>
>>>> Start python:
>>>>
>>>> $ python
>>>> >>> from xmlrpclib import Server
>>>> >>> XMLRPC_SERVER="https://boot.planet-lab.org/PLCAPI/"
>>>> >>> plc = Server(XMLRPC_SERVER, verbose=False, allow_none=True)
>>>> >>> auth = {'Username': '', 'AuthMethod': 'password',
>>>> 'AuthString': ''}
>>>>
>>>> Where you add the string for Username with the email address of the
>>>> administrative account for the system, and 'AuthString' with the
>>>> clear text password. The default is root at localhost.localdomain,
>>>> with password of 'root'.
>>>>
>>>> Therefore, the default auth structure would be:
>>>>
>>>> >>> auth = {'Username': 'root at localhost.localdomain',
>>>> 'AuthMethod': 'password', 'AuthString': 'root'}
>>>>
>>>> Then you will invoke a call on the api, using this authorization.
>>>>
>>>> >>> plc.AddSite(auth, {'name': '',
>>>> 'url': '',
>>>> 'enabled': True ,
>>>> 'max_slices': 10,
>>>> 'login_base': '',
>>>> 'is_public': True,
>>>> 'abbreviated_name': ''})
>>>>
>>>> The number that's returned from the call is the site id for your new
>>>> site.
>>>>
>>>> The 'is_public' attribute determines whether or not the site is
>>>> visible on the 'Add Users' form. The default site has this set to
>>>> false, and it gets reset at restart.
>>>>
>>>> 2)
>>>> Each user account has an associated ssh public key. For a given
>>>> site, only those users that are also Technical contacts have their
>>>> ssh keys copied to the site_admin account. It sounds like you know
>>>> the steps for loading an ssh key with an account, I would just try
>>>> adding the Technical Contact role to the account you're trying to
>>>> use with the site_admin login.
>>>>
>>>> Please let me know if these directions are helpful, and please let
>>>> me know if you have any other questions.
>>>>
>>>> Thank you,
>>>> Stephen.
>>>>
>>>>
>>>> Lee Breslau wrote:
>>>>> Stephen,
>>>>>
>>>>> So much for batching my questions as I'm stuck again.
>>>>>
>>>>> I'm trying to add a user account, and one of the fields I am
>>>>> prompted for is a Site Name. There are no site names to choose
>>>>> from, but this is a required field.
>>>>>
>>>>> Also, how do I log into the box, either from the console or
>>>>> remotely? the console says site admin only, but i don't know the
>>>>> account name or password. Remotely, the documentation tells me to
>>>>> ssh as root using a public key in /etc/planetlab. This is asking
>>>>> me for a password, which I don't know (and kind of makes me think
>>>>> the public key isn't being used.)
>>>>>
>>>>> Lee
>>>>>
>>>>>
>>>
>>> _______________________________________________
>>> Devel mailing list
>>> Devel at lists.planet-lab.org
>>> https://lists.planet-lab.org/mailman/listinfo/devel
>
> _______________________________________________
> Devel mailing list
> Devel at lists.planet-lab.org
> https://lists.planet-lab.org/mailman/listinfo/devel
More information about the Devel
mailing list