Getting Started » History » Version 1
Herve Caumont, 2013-05-10 12:09
1 | 1 | Herve Caumont | h1. Getting Started |
---|---|---|---|
2 | |||
3 | {{>toc}} |
||
4 | |||
5 | This guide will drive you step by step through the setup of your first sandbox from the instantiation to its remote access. |
||
6 | In order to perform the described procedures, you must have an access to the Sandbox Service enabled on the Dashboard. |
||
7 | |||
8 | *+Prerequisites+* |
||
9 | 1) You have a valid certificate registered |
||
10 | 2) You have installed and configured a VPN client with your certificate. A procedure is proposed at [[VPNsetup|Setup your VPN client]] |
||
11 | 3) You have imported your certificate in your web browser following this procedure [[Import Certificate in web browser]] |
||
12 | |||
13 | |||
14 | |||
15 | h2. 1 Access to Sandbox |
||
16 | |||
17 | h3. User setup (user access to VM) |
||
18 | |||
19 | The user (PI) who wants to access the VM, can do so by using his existing X.509 certificate. It is foreseen to generate these keys automatically when a sandbox instance is requested and make them downloadable from the portal interface. But for completeness, the manual steps involved for Unix and Windows are described below: |
||
20 | |||
21 | h4. *Unix / Linux* |
||
22 | |||
23 | * The user downloads his X.509 certificate from the user management portal (e.g. in PEM format), either with encrypted private key (recommended) or unencrypted private key (not recommended) |
||
24 | * On the command line, the user can now directly access the VM using: |
||
25 | |||
26 | <pre>ssh -i <username>.pem <username>@<sandboxhost></pre> |
||
27 | |||
28 | Depending on the downloaded format, the user has to provide his passphrase (if encrypted key was downloaded) or not (if the key was downloaded unencrypted). |
||
29 | |||
30 | h4. *Windows (using putty)* |
||
31 | |||
32 | If the user wants to login from Windows using putty (a well-known freely available ssh client), the key must be converted into a putty-compatible format first: |
||
33 | |||
34 | * The user must download his X.509 certificate from in PEM format [*with unencrypted key*]. |
||
35 | * From the file, the private key must be extracted manually (using a text editor): Copy the part |
||
36 | |||
37 | <pre>-----BEGIN RSA PRIVATE KEY----- |
||
38 | MII.... |
||
39 | -----END RSA PRIVATE KEY-----</pre> |
||
40 | |||
41 | and paste it into a new file named e.g. <user>.private. Make sure this file is in a secure and safe place. |
||
42 | |||
43 | * This private key must now be imported with "puttygen":http://the.earth.li/~sgtatham/putty/latest/x86/puttygen.exe either on the command line: |
||
44 | |||
45 | <pre>puttygen <user>.private</pre> |
||
46 | |||
47 | > or using the import or load function in puttygen. The import should succeed with the following message: |
||
48 | !/attachments/download/5/Screen%20Shot%202013-03-19%20at%2009.22.54.png! |
||
49 | |||
50 | * The file must now be saved as private key either with (recommended) or without (not recommended) passphrase. Preferably name the resulting key <user>.ppk by clicking the "Save private key" button in the screen below: |
||
51 | !/attachments/download/6/Screen%20Shot%202013-03-19%20at%2009.24.54.png! |
||
52 | |||
53 | * Now the user can access the VM with "putty":http://the.earth.li/~sgtatham/putty/latest/x86/putty.exe in the command line: |
||
54 | <pre> |
||
55 | putty –I <user>.ppk <user>@<sandboxhost> |
||
56 | </pre> |
||
57 | or save the corresponding info in a "Pageant":http://the.earth.li/~sgtatham/putty/latest/x86/pageant.exe session with the following four steps: In the session dialog, the "Host Name (or IP address)" field needs to be set to <sandboxhost> (Protocol SSH, Port 22): |
||
58 | > !http://controller.ciop.terradue.com/attachments/download/3/Untitled3.png! |
||
59 | |||
60 | * The, <user> must be added to the "Auto-login username" field in the Connection dialog: |
||
61 | > !http://controller.ciop.terradue.com/attachments/download/4/Untitled4.png! |
||
62 | and the created private key file needs to be referenced in the "Private key file for authentication" field of the Auth dialog: |
||
63 | > !http://controller.ciop.terradue.com/attachments/download/5/Untitled5.png! |
||
64 | Finally, the session can be saved (Session dialog) or just opened (Open button below). |
||
65 | |||
66 | * Make sure that the unencrypted X.509 PEM certificate is deleted (or at least stored in a secure and safe location) after this setup. The X.590 PEM certificate is not used to access the system with putty. Only the generated *<user>.ppk* file is needed. |
||
67 | |||
68 | h2. 2 Start integrating an application |
||
69 | |||
70 | Now you have your sandbox main controls in hand, you may continue with the [[Sandbox Application Integration Tutorial]]. |
||
71 | |||
72 | This will guide through the practical usage of the sandbox to integrate your application. |