Getting Started » History » Version 2
Herve Caumont, 2013-06-18 14:56
| 1 | 1 | Herve Caumont | h1. Getting Started |
|---|---|---|---|
| 2 | |||
| 3 | {{>toc}} |
||
| 4 | |||
| 5 | This guide will drive you step by step through the setup of your first sandbox from the instantiation to its remote access. |
||
| 6 | In order to perform the described procedures, you must have an access to the Sandbox Service enabled on the Dashboard. |
||
| 7 | |||
| 8 | *+Prerequisites+* |
||
| 9 | 1) You have a valid certificate registered |
||
| 10 | 2) You have installed and configured a VPN client with your certificate. A procedure is proposed at [[VPNsetup|Setup your VPN client]] |
||
| 11 | 3) You have imported your certificate in your web browser following this procedure [[Import Certificate in web browser]] |
||
| 12 | |||
| 13 | |||
| 14 | |||
| 15 | h2. 1 Access to Sandbox |
||
| 16 | |||
| 17 | h3. User setup (user access to VM) |
||
| 18 | |||
| 19 | The user (PI) who wants to access the VM, can do so by using his existing X.509 certificate. It is foreseen to generate these keys automatically when a sandbox instance is requested and make them downloadable from the portal interface. But for completeness, the manual steps involved for Unix and Windows are described below: |
||
| 20 | |||
| 21 | h4. *Unix / Linux* |
||
| 22 | |||
| 23 | * The user downloads his X.509 certificate from the user management portal (e.g. in PEM format), either with encrypted private key (recommended) or unencrypted private key (not recommended) |
||
| 24 | * On the command line, the user can now directly access the VM using: |
||
| 25 | |||
| 26 | <pre>ssh -i <username>.pem <username>@<sandboxhost></pre> |
||
| 27 | |||
| 28 | Depending on the downloaded format, the user has to provide his passphrase (if encrypted key was downloaded) or not (if the key was downloaded unencrypted). |
||
| 29 | |||
| 30 | h4. *Windows (using putty)* |
||
| 31 | |||
| 32 | If the user wants to login from Windows using putty (a well-known freely available ssh client), the key must be converted into a putty-compatible format first: |
||
| 33 | |||
| 34 | * The user must download his X.509 certificate from in PEM format [*with unencrypted key*]. |
||
| 35 | * From the file, the private key must be extracted manually (using a text editor): Copy the part |
||
| 36 | |||
| 37 | <pre>-----BEGIN RSA PRIVATE KEY----- |
||
| 38 | MII.... |
||
| 39 | -----END RSA PRIVATE KEY-----</pre> |
||
| 40 | |||
| 41 | and paste it into a new file named e.g. <user>.private. Make sure this file is in a secure and safe place. |
||
| 42 | |||
| 43 | * This private key must now be imported with "puttygen":http://the.earth.li/~sgtatham/putty/latest/x86/puttygen.exe either on the command line: |
||
| 44 | |||
| 45 | <pre>puttygen <user>.private</pre> |
||
| 46 | |||
| 47 | > or using the import or load function in puttygen. The import should succeed with the following message: |
||
| 48 | !/attachments/download/5/Screen%20Shot%202013-03-19%20at%2009.22.54.png! |
||
| 49 | |||
| 50 | * The file must now be saved as private key either with (recommended) or without (not recommended) passphrase. Preferably name the resulting key <user>.ppk by clicking the "Save private key" button in the screen below: |
||
| 51 | !/attachments/download/6/Screen%20Shot%202013-03-19%20at%2009.24.54.png! |
||
| 52 | |||
| 53 | * Now the user can access the VM with "putty":http://the.earth.li/~sgtatham/putty/latest/x86/putty.exe in the command line: |
||
| 54 | <pre> |
||
| 55 | putty –I <user>.ppk <user>@<sandboxhost> |
||
| 56 | </pre> |
||
| 57 | or save the corresponding info in a "Pageant":http://the.earth.li/~sgtatham/putty/latest/x86/pageant.exe session with the following four steps: In the session dialog, the "Host Name (or IP address)" field needs to be set to <sandboxhost> (Protocol SSH, Port 22): |
||
| 58 | > !http://controller.ciop.terradue.com/attachments/download/3/Untitled3.png! |
||
| 59 | |||
| 60 | * The, <user> must be added to the "Auto-login username" field in the Connection dialog: |
||
| 61 | > !http://controller.ciop.terradue.com/attachments/download/4/Untitled4.png! |
||
| 62 | and the created private key file needs to be referenced in the "Private key file for authentication" field of the Auth dialog: |
||
| 63 | > !http://controller.ciop.terradue.com/attachments/download/5/Untitled5.png! |
||
| 64 | Finally, the session can be saved (Session dialog) or just opened (Open button below). |
||
| 65 | |||
| 66 | * Make sure that the unencrypted X.509 PEM certificate is deleted (or at least stored in a secure and safe location) after this setup. The X.590 PEM certificate is not used to access the system with putty. Only the generated *<user>.ppk* file is needed. |
||
| 67 | |||
| 68 | h2. 2 Start integrating an application |
||
| 69 | |||
| 70 | 2 | Herve Caumont | Now you have your sandbox main controls in hand, you may continue with the [[lib-beam|BEAM Sandbox Application Integration Tutorial]]. |
| 71 | 1 | Herve Caumont | |
| 72 | This will guide through the practical usage of the sandbox to integrate your application. |