Merge pull request #174 from tdviet/mytoken-docs

Additional comments for mytoken docs
tdviet · Oct 19, 2022 · bc54cd5 · bc54cd5
2 parents fc38bac + e989de9
commit bc54cd5
Show file tree

Hide file tree

Showing 2 changed files with 25 additions and 2 deletions.
diff --git a/docs/cheat.rst b/docs/cheat.rst
@@ -225,6 +225,27 @@ Useful commands
     $ source fedcloud_bash_completion.sh
 
 
+* Pass a *mytoken* to Virtual Machines in the EGI Federated Cloud
+
+::
+
+    # Create the file "user.txt" with
+    $ cat user.txt
+    FEDCLOUD_MYTOKEN=<mytoken> # created on https://mytoken.data.kit.edu/
+
+    # Pass it to OpenStack
+    EGI_SITE=IISAS-FedCloud
+    EGI_VO=vo.access.egi.eu
+    fedcloud openstack server create --flavor <flavor> --image <image> --user-data user.txt --key-name <keypair> testvm
+
+    # Once you log into the VM you can retrieve the "mytoken" with
+    curl http://169.254.169.254/openstack/latest/user_data/
+
+    # and use it with
+    FEDCLOUD_MYTOKEN=<mytoken> # copied from the previous curl command
+    fedcloud token check
+
+
 More information
 ****************
 

diff --git a/docs/usage.rst b/docs/usage.rst
@@ -28,8 +28,10 @@ Users of EGI Check-in can get all information needed for obtaining access tokens
 Portal <https://aai.egi.eu/token>`_. For providing access token via *oidc-agent*, follow the instructions from
 `oidc-agent <https://indigo-dc.gitbook.io/oidc-agent/user/oidc-gen/provider/egi/>`_ for registering a client, then
 give the client name (account name in *oidc-agent*) to *FedCloud client* via option *"--oidc-agent-account"*.
-On the other hand visit the `mytoken <https://mytoken.data.kit.edu/>`_ website to configure a *mytoken*, and
-use the option *"--mytoken"* to pass it to *FedCloud client".
+On the other hand visit the `mytoken <https://mytoken.data.kit.edu/>`_ website to configure a *mytoken*,
+remember to check *"Allows obtaining OpenID Connect Access Tokens"*, and use the option *"--mytoken"*
+to pass it to *FedCloud client"*. Environment variables can be use instead of the command-line options,
+as explained in the table below.
 
 The default protocol is *"openid"*. Users can change default protocol via option *"--openstack-auth-protocol"*. However,
 sites may have protocol fixedly defined in site configuration, e.g. *"oidc"* for INFN-CLOUD-BARI.