# Configure your Chameleon Jupyter Environment to use FABRIC

The following notebook can be used to configure your Jupyter environment.  The product of running this notebook are the following:

- `requirements.txt`: Used to upgrade/downgrade your environment with the FABLIB version used by these example notebooks.
- `fabric_rc`:  File used to configure a FABlib application.  
- `ssh_config`: File used to ssh from from a terminal to FABRIC VM by jumping through the FABRIC bastion host. 

## Copy your Bastion Key to your JupyterLab Environment

In order to minimize security incidents on FABRIC, access to VMs and other resources administered by users is controlled using a bastion host. You will need to set up an ssh keypair that will be used to jump through the bastion host to your VMs and other resources. This keypair is unique to you and is only used to set up ssh proxy connections through the bastion host to your FABRIC resources. 

The following notebook walks through creating and submitting a bastion keypair necessary to use FABRIC. More information about how to access your experiment through the bastion host can be found [here](https://learn.fabric-testbed.net/knowledge-base/logging-into-fabric-vms/).

If you have not created a bastion host keypair, create a new one in the [Experiments](https://portal.fabric-testbed.net/experiments#sshKeys) section of the FABRIC Portal.

Copy your bastion private key to your Jupyter container. Drag/drop your key from your local machine to the file browser in your Juypyter browser window. Note the name of your key and location where you put it.

## Set Bastion Username and Project ID

Edit the following cell by entering your FABRIC bastion username and the correct path to the copy of your bastion private key in your Jupyter container.  

- Your bastion user name can be found on your [user profile page](https://portal.fabric-testbed.net/user) in the FABRIC portal (click "My SSH Keys").
- The path to your bastion key was determined when you copied it to the Jupyter container.  

The Project ID can be from any of your projects. The ID can be found on the [projects](https://portal.fabric-testbed.net/projects) tab in the FABRIC portal.

In [None]:
export FABRIC_CONFIG=${HOME}/work/fabric_config
mkdir -p ${FABRIC_CONFIG}

export FABRIC_BASTION_USERNAME=<BASTION_USERNAME>
export FABRIC_PROJECT_ID=<PROJECT_ID>

export FABRIC_BASTION_PRIVATE_KEY_LOCATION=${FABRIC_CONFIG}/fabric_bastion_key

export FABRIC_BASTION_SSH_CONFIG_FILE=${FABRIC_CONFIG}/ssh_config
export FABRIC_RC_FILE=${FABRIC_CONFIG}/fabric_rc

<div class="alert alert-block alert-info">
<b>Important:</b> You must copy your FABRIC bastion key to the FABRIC_CONFIG directory now in order for some of the reamaining cells to work correctly.

</div>

## Set other Tokens and Keys

The the path to where you put your FABRIC token. Go to https://cm.fabric-testbed.net/, log into FABRIC, and download a fresh token to your desktop/laptop. Then drag/drop the new token to the path specified in the following cell.

In [None]:
export FABRIC_TOKEN_FILE=${FABRIC_CONFIG}/id_token.json
export FABRIC_SLICE_PRIVATE_KEY_FILE=${FABRIC_CONFIG}/slice_key
export FABRIC_SLICE_PUBLIC_KEY_FILE=${FABRIC_SLICE_PRIVATE_KEY_FILE}.pub

Optionally, create a new slice keypair. 

In [None]:
ssh-keygen -t rsa -b 3072 -f $FABRIC_SLICE_PRIVATE_KEY_FILE -q -N ""



Set the Permissions on your bastion key and private slice key. Your private bastion key must not have it permissions too open.

In [None]:
chmod 600 ${FABRIC_BASTION_PRIVATE_KEY_LOCATION}
chmod 600 ${FABRIC_SLICE_PRIVATE_KEY_FILE}

## FABLIB Version

This package of example notebooks was created using the version of fabrictestbed-extensions (i.e. the FABLIB package) specified in the local `requirements.txt` file.  

In [None]:
cat requirements.txt

These examples may work with your currently installed default FABLIB version.  However, you may want to upgrade/downgrade the FABLIB version to the one used to develop these examples.  The following cell will synchronize your current FABLIB version with these examples.

In [None]:
pip install -r requirements.txt --user --quiet

## Create the FABRIC Config File 


The following cell creates the `fabric_rc` file using the values configured above. 


In [None]:
cat <<EOF > ${FABRIC_RC_FILE}
export FABRIC_CREDMGR_HOST=cm.fabric-testbed.net
export FABRIC_ORCHESTRATOR_HOST=orchestrator.fabric-testbed.net

export FABRIC_PROJECT_ID=${FABRIC_PROJECT_ID}
export FABRIC_TOKEN_LOCATION=${FABRIC_TOKEN_FILE}

export FABRIC_BASTION_HOST=bastion.fabric-testbed.net
export FABRIC_BASTION_USERNAME=${FABRIC_BASTION_USERNAME}

export FABRIC_BASTION_KEY_LOCATION=${FABRIC_BASTION_PRIVATE_KEY_LOCATION}
#export FABRIC_BASTION_KEY_PASSPHRASE=

export FABRIC_SLICE_PRIVATE_KEY_FILE=${FABRIC_SLICE_PRIVATE_KEY_FILE}
export FABRIC_SLICE_PUBLIC_KEY_FILE=${FABRIC_SLICE_PUBLIC_KEY_FILE} 
#export FABRIC_SLICE_PRIVATE_KEY_PASSPHRASE=

export FABRIC_LOG_FILE=${HOME}/fablib.log
export FABRIC_LOG_LEVEL=INFO 

export FABRIC_AVOID=''

export FABRIC_SSH_COMMAND_LINE="ssh -i {{ _self_.private_ssh_key_file }} -F /home/fabric/work/fabric_config/ssh_config {{ _self_.username }}@{{ _self_.management_ip }}"
EOF

## Create the SSH Config File

The following cell creates an SSH config file using the values configure above.  The config file allows you to use ssh to jump through the bastion host from a terminal command line.  After creating this file, you can ssh and pass the file with the `-F` option.

Alternatively, you can directly edit your [ssh config](~/fabric_config/ssh_config) file.


In [None]:
cat <<EOF > ${FABRIC_BASTION_SSH_CONFIG_FILE}
UserKnownHostsFile /dev/null
StrictHostKeyChecking no
ServerAliveInterval 120 

Host bastion-?.fabric-testbed.net
     User ${FABRIC_BASTION_USERNAME}
     ForwardAgent yes
     Hostname %h
     IdentityFile ${FABRIC_BASTION_PRIVATE_KEY_LOCATION}
     IdentitiesOnly yes

Host * !bastion-?.fabric-testbed.net
     ProxyJump ${FABRIC_BASTION_USERNAME}@bastion.fabric-testbed.net:22
EOF

## Create a Downloadable Package that Deploys SSH Tunnels

In [None]:
export FABRIC_SSH_TUNNEL_PACKAGE_DIR=${FABRIC_CONFIG}'/fabric_ssh_tunnel_tools'

cp ${FABRIC_SLICE_PRIVATE_KEY_FILE} ./fabric_ssh_tunnel_tools/slice_key
cp ${FABRIC_BASTION_PRIVATE_KEY_LOCATION} ./fabric_ssh_tunnel_tools/bastion_key

cat <<EOF > ./fabric_ssh_tunnel_tools/ssh_config
UserKnownHostsFile /dev/null
StrictHostKeyChecking no
ServerAliveInterval 120 

Host bastion.fabric-testbed.net
     User ${FABRIC_BASTION_USERNAME}
     ForwardAgent yes
     Hostname %h
     IdentityFile bastion_key
     IdentitiesOnly yes

Host * !bastion.fabric-testbed.net
     ProxyJump ${FABRIC_BASTION_USERNAME}@bastion.fabric-testbed.net:22
EOF

chmod +x ./fabric_ssh_tunnel_tools/start_ssh_tunnel.sh
chmod +x ./fabric_ssh_tunnel_tools/stop_ssh_tunnel.sh
chmod 600 ./fabric_ssh_tunnel_tools/slice_key
chmod 600 ./fabric_ssh_tunnel_tools/bastion_key


tar -zcvf fabric_ssh_tunnel_tools.tgz fabric_ssh_tunnel_tools
cp fabric_ssh_tunnel_tools.tgz ${FABRIC_CONFIG}/.
