3 # Bootstraps the PLC database with a default administrator account and
6 # Mark Huang <mlhuang@cs.princeton.edu>
7 # Copyright (C) 2006 The Trustees of Princeton University
9 # $Id: api-config,v 1.9 2006/05/23 18:09:21 mlhuang Exp $
13 (plcapi, moreopts, argv) = plcapilib.plcapi(globals())
14 from plc_config import PLCConfiguration
19 cfg = PLCConfiguration()
21 variables = cfg.variables()
23 # Load variables into dictionaries
24 (category, variablelist) = variables['plc']
25 plc = dict(zip(variablelist.keys(),
26 [variable['value'] for variable in variablelist.values()]))
28 (category, variablelist) = variables['plc_www']
29 plc_www = dict(zip(variablelist.keys(),
30 [variable['value'] for variable in variablelist.values()]))
32 (category, variablelist) = variables['plc_api']
33 plc_api = dict(zip(variablelist.keys(),
34 [variable['value'] for variable in variablelist.values()]))
36 # Create/update the default administrator account (should be
38 admin = { 'person_id': 2,
39 'first_name': "Default",
40 'last_name': "Administrator",
41 'email': plc['root_user'],
42 'password': plc['root_password'] }
43 persons = AdmGetPersons([admin['person_id']])
45 person_id = AdmAddPerson(admin['first_name'], admin['last_name'], admin)
46 if person_id != admin['person_id']:
47 # Huh? Someone deleted the account manually from the database.
48 AdmDeletePerson(person_id)
49 raise Exception, "Someone deleted the \"%s %s\" account from the database!" % \
50 (admin['first_name'], admin['last_name'])
51 AdmSetPersonEnabled(person_id, True)
53 person_id = persons[0]['person_id']
54 AdmUpdatePerson(person_id, admin)
56 # Create/update the default site (should be site_id 1)
57 if plc_www['port'] == '80':
58 url = "http://" + plc_www['host'] + "/"
59 elif plc_www['port'] == '443':
60 url = "https://" + plc_www['host'] + "/"
62 url = "http://" + plc_www['host'] + ":" + plc_www['port'] + "/"
63 site = { 'site_id': 1,
64 'name': plc['name'] + " Central",
65 'abbreviated_name': plc['name'],
66 # XXX Default site slice_prefix/login_base must be "pl_"
67 # 'login_base': plc['slice_prefix'],
73 sites = AdmGetSites([site['site_id']])
75 site_id = AdmAddSite(site['name'], site['abbreviated_name'], site['login_base'], site)
76 if site_id != site['site_id']:
77 AdmDeleteSite(site_id)
78 raise Exception, "Someone deleted the \"%s\" site from the database!" % \
82 # Must call AdmUpdateSite() even after AdmAddSite() to update max_slices
83 site_id = sites[0]['site_id']
84 # XXX login_base cannot be updated
85 del site['login_base']
86 AdmUpdateSite(site_id, site)
88 # The default administrator account must be associated with a site
90 AdmAddPersonToSite(admin['person_id'], site['site_id'])
91 AdmSetPersonPrimarySite(admin['person_id'], site['site_id'])
93 # Grant admin and PI roles to the default administrator account
94 AdmGrantRoleToPerson(admin['person_id'], 10)
95 AdmGrantRoleToPerson(admin['person_id'], 20)
97 # Get the primary IP address for each node
99 nodes = AdmGetNodes([], ['node_id', 'hostname'])
102 AdmGetAllNodeNetworks(node['node_id'])
103 nodenetworks_list = plcapi.commit()
104 if nodenetworks_list is not None:
105 for i, nodenetworks in enumerate(nodenetworks_list):
106 for nodenetwork in nodenetworks:
107 if nodenetwork['hostname']:
108 hostname = nodenetwork['hostname']
110 hostname = nodes[i]['hostname']
112 if hosts.has_key(nodenetwork['ip']):
113 if hostname not in hosts[nodenetwork['ip']]:
114 hosts[nodenetwork['ip']].append(hostname)
116 hosts[nodenetwork['ip']] = [hostname]
118 # Write /etc/plc_hosts
119 plc_hosts = open("/etc/plc_hosts", "w")
120 for ip, hostnames in hosts.iteritems():
121 plc_hosts.write(ip + "\t" + " ".join(hostnames) + "\n")
124 # Setup default PlanetLabConf entries
125 default_conf_files = [
128 'source': 'PlanetLabConf/ntpconf.php',
129 'dest': '/etc/ntp.conf',
130 'file_permissions': '644',
131 'file_owner': 'root',
132 'file_group': 'root',
133 'preinstall_cmd': '',
134 'postinstall_cmd': '/etc/rc.d/init.d/ntpd restart',
136 'ignore_cmd_errors': 0,
139 'source': 'PlanetLabConf/ntptickers.php',
140 'dest': '/etc/ntp/step-tickers',
141 'file_permissions': '644',
142 'file_owner': 'root',
143 'file_group': 'root',
144 'preinstall_cmd': '',
145 'postinstall_cmd': '/etc/rc.d/init.d/ntpd restart',
147 'ignore_cmd_errors': 0,
150 # SSH server configuration
152 'source': 'PlanetLabConf/sshd_config',
153 'dest': '/etc/ssh/sshd_config',
154 'file_permissions': '600',
155 'file_owner': 'root',
156 'file_group': 'root',
157 'preinstall_cmd': '',
158 'postinstall_cmd': '/etc/init.d/sshd restart',
160 'ignore_cmd_errors': 0,
163 # Administrative SSH keys
165 'source': 'PlanetLabConf/keys.php?root',
166 'dest': '/root/.ssh/authorized_keys',
167 'file_permissions': '644',
168 'file_owner': 'root',
169 'file_group': 'root',
170 'preinstall_cmd': '',
171 'postinstall_cmd': '',
173 'ignore_cmd_errors': 0,
176 'source': 'PlanetLabConf/keys.php?site_admin',
177 'dest': '/home/site_admin/.ssh/authorized_keys',
178 'file_permissions': '644',
179 'file_owner': 'site_admin',
180 'file_group': 'site_admin',
181 'preinstall_cmd': 'grep -q site_admin /etc/passwd',
182 'postinstall_cmd': '',
184 'ignore_cmd_errors': 0,
187 'source': 'PlanetLabConf/keys.php?role=admin',
188 'dest': '/home/pl_admin/.ssh/authorized_keys',
189 'file_permissions': '644',
190 'file_owner': 'pl_admin',
191 'file_group': 'pl_admin',
192 'preinstall_cmd': 'grep -q pl_admin /etc/passwd',
193 'postinstall_cmd': '',
195 'ignore_cmd_errors': 0,
198 # Log rotation configuration
200 'source': 'PlanetLabConf/logrotate.conf',
201 'dest': '/etc/logrotate.conf',
202 'file_permissions': '644',
203 'file_owner': 'root',
204 'file_group': 'root',
205 'preinstall_cmd': '',
206 'postinstall_cmd': '',
208 'ignore_cmd_errors': 0,
211 # updatedb/locate nightly cron job
213 'source': 'PlanetLabConf/slocate.cron',
214 'dest': '/etc/cron.daily/slocate.cron',
215 'file_permissions': '755',
216 'file_owner': 'root',
217 'file_group': 'root',
218 'preinstall_cmd': '',
219 'postinstall_cmd': '',
221 'ignore_cmd_errors': 0,
226 'source': 'PlanetLabConf/yum.conf.php?gpgcheck=1',
227 'dest': '/etc/yum.conf',
228 'file_permissions': '644',
229 'file_owner': 'root',
230 'file_group': 'root',
231 'preinstall_cmd': '',
232 'postinstall_cmd': '',
234 'ignore_cmd_errors': 0,
237 'source': 'PlanetLabConf/delete-rpm-list-production',
238 'dest': '/etc/planetlab/delete-rpm-list',
239 'file_permissions': '644',
240 'file_owner': 'root',
241 'file_group': 'root',
242 'preinstall_cmd': '',
243 'postinstall_cmd': '',
245 'ignore_cmd_errors': 0,
250 'source': 'PlanetLabConf/get_plc_config.php',
251 'dest': '/etc/planetlab/plc_config',
252 'file_permissions': '644',
253 'file_owner': 'root',
254 'file_group': 'root',
255 'preinstall_cmd': '',
256 'postinstall_cmd': '',
258 'ignore_cmd_errors': 0,
261 'source': 'PlanetLabConf/get_plc_config.php?python',
262 'dest': '/etc/planetlab/plc_config.py',
263 'file_permissions': '644',
264 'file_owner': 'root',
265 'file_group': 'root',
266 'preinstall_cmd': '',
267 'postinstall_cmd': '',
269 'ignore_cmd_errors': 0,
272 'source': 'PlanetLabConf/get_plc_config.php?perl',
273 'dest': '/etc/planetlab/plc_config.pl',
274 'file_permissions': '644',
275 'file_owner': 'root',
276 'file_group': 'root',
277 'preinstall_cmd': '',
278 'postinstall_cmd': '',
280 'ignore_cmd_errors': 0,
283 'source': 'PlanetLabConf/get_plc_config.php?php',
284 'dest': '/etc/planetlab/php/plc_config.php',
285 'file_permissions': '644',
286 'file_owner': 'root',
287 'file_group': 'root',
288 'preinstall_cmd': '',
289 'postinstall_cmd': '',
291 'ignore_cmd_errors': 0,
294 # Node Manager configuration
296 'source': 'PlanetLabConf/pl_nm-v3.conf',
297 'dest': '/etc/planetlab/pl_nm.conf',
298 'file_permissions': '644',
299 'file_owner': 'root',
300 'file_group': 'root',
301 'preinstall_cmd': '',
302 'postinstall_cmd': '/etc/init.d/pl_nm restart',
304 'ignore_cmd_errors': 0,
307 'source': 'PlanetLabConf/RootResources/plc_slice_pool.php',
308 'dest': '/home/pl_nm/RootResources/plc_slice_pool',
309 'file_permissions': '644',
310 'file_owner': 'pl_nm',
311 'file_group': 'pl_nm',
312 'preinstall_cmd': '',
313 'postinstall_cmd': '',
315 'ignore_cmd_errors': 0,
318 'source': 'PlanetLabConf/RootResources/pl_conf.py',
319 'dest': '/home/pl_nm/RootResources/pl_conf',
320 'file_permissions': '644',
321 'file_owner': 'pl_nm',
322 'file_group': 'pl_nm',
323 'preinstall_cmd': '',
324 'postinstall_cmd': '/etc/init.d/pl_nm restart',
326 'ignore_cmd_errors': 0,
329 'source': 'PlanetLabConf/RootResources/pl_netflow.py',
330 'dest': '/home/pl_nm/RootResources/pl_netflow',
331 'file_permissions': '644',
332 'file_owner': 'pl_nm',
333 'file_group': 'pl_nm',
334 'preinstall_cmd': '',
335 'postinstall_cmd': '',
337 'ignore_cmd_errors': 0,
340 # Proper configuration
342 'source': 'PlanetLabConf/propd-NM-1.0.conf',
343 'dest': '/etc/proper/propd.conf',
344 'file_permissions': '644',
345 'file_owner': 'root',
346 'file_group': 'root',
347 'preinstall_cmd': '',
348 'postinstall_cmd': '/etc/init.d/proper restart',
350 'ignore_cmd_errors': 1,
355 'source': 'PlanetLabConf/bwlimit.php',
356 'dest': '/etc/planetlab/bwcap',
357 'file_permissions': '644',
358 'file_owner': 'root',
359 'file_group': 'root',
360 'preinstall_cmd': '',
361 'postinstall_cmd': '/etc/init.d/pl_nm restart',
363 'ignore_cmd_errors': 1,
368 'source': 'PlanetLabConf/proxies.php',
369 'dest': '/etc/planetlab/proxies',
370 'file_permissions': '644',
371 'file_owner': 'root',
372 'file_group': 'root',
373 'preinstall_cmd': '',
374 'postinstall_cmd': '',
376 'ignore_cmd_errors': 0,
379 # Firewall configuration
381 'source': 'PlanetLabConf/iptables',
382 'dest': '/etc/sysconfig/iptables',
383 'file_permissions': '600',
384 'file_owner': 'root',
385 'file_group': 'root',
386 'preinstall_cmd': '',
387 'postinstall_cmd': '',
389 'ignore_cmd_errors': 0,
392 'source': 'PlanetLabConf/blacklist.php',
393 'dest': '/etc/planetlab/blacklist',
394 'file_permissions': '600',
395 'file_owner': 'root',
396 'file_group': 'root',
397 'preinstall_cmd': '',
398 'postinstall_cmd': '/sbin/iptables-restore --noflush < /etc/planetlab/blacklist',
400 'ignore_cmd_errors': 1,
405 'source': 'PlanetLabConf/issue.php',
406 'dest': '/etc/issue',
407 'file_permissions': '644',
408 'file_owner': 'root',
409 'file_group': 'root',
410 'preinstall_cmd': '',
411 'postinstall_cmd': '',
413 'ignore_cmd_errors': 0,
418 'source': 'PlanetLabConf/sysctl.php',
419 'dest': '/etc/sysctl.conf',
420 'file_permissions': '644',
421 'file_owner': 'root',
422 'file_group': 'root',
423 'preinstall_cmd': '',
424 'postinstall_cmd': '/sbin/sysctl -e -p /etc/sysctl.conf',
426 'ignore_cmd_errors': 0,
429 # Sendmail configuration
431 'source': 'PlanetLabConf/alpha-sendmail.mc',
432 'dest': '/etc/mail/sendmail.mc',
433 'file_permissions': '644',
434 'file_owner': 'root',
435 'file_group': 'root',
436 'preinstall_cmd': '',
437 'postinstall_cmd': '',
439 'ignore_cmd_errors': 0,
442 'source': 'PlanetLabConf/alpha-sendmail.cf',
443 'dest': '/etc/mail/sendmail.cf',
444 'file_permissions': '644',
445 'file_owner': 'root',
446 'file_group': 'root',
447 'preinstall_cmd': '',
448 'postinstall_cmd': 'service sendmail restart',
450 'ignore_cmd_errors': 0,
455 'source': 'PlanetLabConf/RPM-GPG-KEY-fedora',
456 'dest': '/etc/pki/rpm-gpg/RPM-GPG-KEY-fedora',
457 'file_permissions': '644',
458 'file_owner': 'root',
459 'file_group': 'root',
460 'preinstall_cmd': '',
461 'postinstall_cmd': 'rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY-fedora',
463 'ignore_cmd_errors': 0,
466 'source': 'PlanetLabConf/get_gpg_key.php',
467 'dest': '/etc/pki/rpm-gpg/RPM-GPG-KEY-planetlab',
468 'file_permissions': '644',
469 'file_owner': 'root',
470 'file_group': 'root',
471 'preinstall_cmd': '',
472 'postinstall_cmd': 'rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY-planetlab',
474 'ignore_cmd_errors': 0,
477 # Ping of death configuration
479 'source': 'PlanetLabConf/ipod.conf.php',
480 'dest': '/etc/ipod.conf',
481 'file_permissions': '644',
482 'file_owner': 'root',
483 'file_group': 'root',
484 'preinstall_cmd': '',
485 'postinstall_cmd': '',
487 'ignore_cmd_errors': 0,
492 'source': 'PlanetLabConf/v3-sudoers.php',
493 'dest': '/etc/sudoers',
494 'file_permissions': '440',
495 'file_owner': 'root',
496 'file_group': 'root',
497 'preinstall_cmd': '',
498 'postinstall_cmd': '/usr/sbin/visudo -c',
500 'ignore_cmd_errors': 0,
503 # Get list of existing (enabled, global) files
504 conf_files = AdmGetConfFile()
505 conf_files = filter(lambda conf_file: conf_file['enabled'] and \
506 not conf_file['node_id'] and \
507 not conf_file['nodegroup_id'],
509 dests = [conf_file['dest'] for conf_file in conf_files]
510 conf_files = dict(zip(dests, conf_files))
512 # Create/update default PlanetLabConf entries
513 for default_conf_file in default_conf_files:
514 if default_conf_file['dest'] not in dests:
515 AdmCreateConfFile(default_conf_file['enabled'],
516 default_conf_file['source'],
517 default_conf_file['dest'],
518 default_conf_file['file_permissions'],
519 default_conf_file['file_owner'],
520 default_conf_file['file_group'],
521 default_conf_file['preinstall_cmd'],
522 default_conf_file['postinstall_cmd'],
523 default_conf_file['error_cmd'],
524 default_conf_file['ignore_cmd_errors'],
525 default_conf_file['always_update'])
527 conf_file = conf_files[default_conf_file['dest']]
528 AdmUpdateConfFile(conf_file['conf_file_id'], default_conf_file)
530 # Setup default slice attribute types
531 default_attribute_types = [
532 # Slice type (only vserver is supported)
533 {'name': "plc_slice_type",
534 'description': "Type of slice rspec to be created",
535 'is_exclusive': True, 'min_role_id': 20, 'max_per_slice': 1,
536 'value_fields': [{'description': "rspec class",
540 # Slice initialization script
541 {'name': "initscript",
542 'description': "slice initialization script",
543 'is_exclusive': False, 'min_role_id': 10, 'max_per_slice': 1,
544 'value_fields': [{'description': "",
545 'name': "initscript_id",
546 'type': "integer"}]},
548 # CPU share (general_prop_share is deprecated)
549 {'name': "general_prop_share",
550 'description': "general share",
551 'is_exclusive': False, 'min_role_id': 10, 'max_per_slice': 1,
552 'value_fields': [{'description': "",
553 'name': "general_prop_share",
554 'type': "integer"}]},
555 {'name': "nm_cpu_share",
556 'description': "Number of CPU shares to be allocated to slice",
557 'is_exclusive': True, 'min_role_id': 10, 'max_per_slice': 1,
558 'value_fields': [{'description': "number of shares",
560 'type': "integer"}]},
563 {'name': "nm_net_min_rate",
564 'description': "Minimum network Tx bandwidth",
565 'is_exclusive': True, 'min_role_id': 10, 'max_per_slice': 1,
566 'value_fields': [{'description': "rate (kbps)",
568 'type': "integer"}]},
569 {'name': "nm_net_max_rate",
570 'description': "Maximum network Tx bandwidth",
571 'is_exclusive': True, 'min_role_id': 10, 'max_per_slice': 1,
572 'value_fields': [{'description': "rate (kbps)",
574 'type': "integer"}]},
575 {'name': "nm_net_avg_rate",
576 'description': "Average daily network Tx bandwidth",
577 'is_exclusive': True, 'min_role_id': 10, 'max_per_slice': 1,
578 'value_fields': [{'description': "rate (kbps)",
580 'type': "integer"}]},
581 {'name': "nm_net_exempt_min_rate",
582 'description': "Minimum network Tx bandwidth to Internet2 destinations",
583 'is_exclusive': True, 'min_role_id': 10, 'max_per_slice': 1,
584 'value_fields': [{'description': "rate (kbps)",
586 'type': "integer"}]},
587 {'name': "nm_net_exempt_max_rate",
588 'description': "Maximum network Tx bandwidth to Internet2 destinations",
589 'is_exclusive': True, 'min_role_id': 10, 'max_per_slice': 1,
590 'value_fields': [{'description': "rate (kbps)",
592 'type': "integer"}]},
593 {'name': "nm_net_exempt avg_rate",
594 'description': "Average daily network Tx bandwidth to Internet2 destinations",
595 'is_exclusive': True, 'min_role_id': 10, 'max_per_slice': 1,
596 'value_fields': [{'description': "rate (kbps)",
598 'type': "integer"}]},
601 {'name': "nm_disk_quota",
602 'description': "Disk quota",
603 'is_exclusive': True, 'min_role_id': 10, 'max_per_slice': 1,
604 'value_fields': [{'description': "Number of 1k disk blocks",
606 'type': "integer"}]},
608 # Special attributes applicable to Slice Creation Service (pl_conf) slice
609 {'name': "plc_agent_version",
610 'description': "Version of PLC agent (slice creation service) software to be deployed",
611 'is_exclusive': True, 'min_role_id': 10, 'max_per_slice': 1,
612 'value_fields': [{'description': "current version of PLC agent (SCS)",
615 {'name': "plc_ticket_pubkey",
616 'description': "Public key used to verify PLC-signed tickets",
617 'is_exclusive': True, 'min_role_id': 10, 'max_per_slice': 1,
618 'value_fields': [{'description': "PEM-encoded public key",
622 # Get list of existing attribute types
623 attribute_types = SliceAttributeTypeList()
625 # Create/update default slice attribute types
626 for default_attribute_type in default_attribute_types:
627 if default_attribute_type['name'] not in attribute_types:
628 SliceAttributeTypeCreate(default_attribute_type['name'],
629 default_attribute_type['description'],
630 default_attribute_type['min_role_id'],
631 default_attribute_type['max_per_slice'],
632 default_attribute_type['is_exclusive'],
633 default_attribute_type['value_fields'])
635 # XXX No way to update slice attribute types
638 # Get contents of SSL public certificate used for signing tickets
640 plc_ticket_pubkey = ""
641 for line in file(plc_api['ssl_key_pub']):
643 if line[0:5] != "-----":
644 # XXX The embedded newlines matter, do not strip()!
645 plc_ticket_pubkey += line
647 plc_ticket_pubkey = '%KEY%'
649 # Create/update system slices
650 slices = [{'name': "pl_conf",
651 'description': "PlanetLab Slice Creation Service (SCS)",
653 'attributes': {'plc_slice_type': {'type': "VServerSlice"},
654 'plc_agent_version': {'version': "1.0"},
655 'plc_ticket_pubkey': {'key': plc_ticket_pubkey}}},
656 {'name': "pl_conf_vserverslice",
657 'description': "Default attributes for vserver slices",
659 'attributes': {'nm_cpu_share': {'cpu_share': 32},
660 'plc_slice_type': {'type': "VServerSlice"},
661 'nm_disk_quota': {'quota': 5000000}}}]
664 SliceInfo([slice['name']])
666 SliceCreate(slice['name'])
667 SliceSetInstantiationMethod(slice['name'], 'plc-instantiated')
668 SliceUpdate(slice['name'], slice['url'], slice['description'])
670 SliceRenew(slice['name'], sys.maxint)
671 # Create/update all attributes
672 for attribute, values in slice['attributes'].iteritems():
673 SliceAttributeSet(slice['name'], attribute, values)
676 if __name__ == '__main__':