3 # Bootstraps the PLC database with a default administrator account and
6 # Mark Huang <mlhuang@cs.princeton.edu>
7 # Copyright (C) 2006 The Trustees of Princeton University
9 # $Id: api-config,v 1.10 2006/05/24 03:08:55 mlhuang Exp $
13 (plcapi, moreopts, argv) = plcapilib.plcapi(globals())
14 from plc_config import PLCConfiguration
19 cfg = PLCConfiguration()
21 variables = cfg.variables()
23 # Load variables into dictionaries
24 (category, variablelist) = variables['plc']
25 plc = dict(zip(variablelist.keys(),
26 [variable['value'] for variable in variablelist.values()]))
28 (category, variablelist) = variables['plc_www']
29 plc_www = dict(zip(variablelist.keys(),
30 [variable['value'] for variable in variablelist.values()]))
32 (category, variablelist) = variables['plc_api']
33 plc_api = dict(zip(variablelist.keys(),
34 [variable['value'] for variable in variablelist.values()]))
36 # Create/update the default administrator account (should be
38 admin = { 'person_id': 2,
39 'first_name': "Default",
40 'last_name': "Administrator",
41 'email': plc['root_user'],
42 'password': plc['root_password'] }
43 persons = AdmGetPersons([admin['person_id']])
45 person_id = AdmAddPerson(admin['first_name'], admin['last_name'], admin)
46 if person_id != admin['person_id']:
47 # Huh? Someone deleted the account manually from the database.
48 AdmDeletePerson(person_id)
49 raise Exception, "Someone deleted the \"%s %s\" account from the database!" % \
50 (admin['first_name'], admin['last_name'])
51 AdmSetPersonEnabled(person_id, True)
53 person_id = persons[0]['person_id']
54 AdmUpdatePerson(person_id, admin)
56 # Create/update the default site (should be site_id 1)
57 if plc_www['port'] == '80':
58 url = "http://" + plc_www['host'] + "/"
59 elif plc_www['port'] == '443':
60 url = "https://" + plc_www['host'] + "/"
62 url = "http://" + plc_www['host'] + ":" + plc_www['port'] + "/"
63 site = { 'site_id': 1,
64 'name': plc['name'] + " Central",
65 'abbreviated_name': plc['name'],
66 # XXX Default site slice_prefix/login_base must be "pl_"
67 # 'login_base': plc['slice_prefix'],
73 sites = AdmGetSites([site['site_id']])
75 site_id = AdmAddSite(site['name'], site['abbreviated_name'], site['login_base'], site)
76 if site_id != site['site_id']:
77 AdmDeleteSite(site_id)
78 raise Exception, "Someone deleted the \"%s\" site from the database!" % \
82 # Must call AdmUpdateSite() even after AdmAddSite() to update max_slices
83 site_id = sites[0]['site_id']
84 # XXX login_base cannot be updated
85 del site['login_base']
86 AdmUpdateSite(site_id, site)
88 # The default administrator account must be associated with a site
90 AdmAddPersonToSite(admin['person_id'], site['site_id'])
91 AdmSetPersonPrimarySite(admin['person_id'], site['site_id'])
93 # Grant admin and PI roles to the default administrator account
94 AdmGrantRoleToPerson(admin['person_id'], 10)
95 AdmGrantRoleToPerson(admin['person_id'], 20)
97 # Setup default PlanetLabConf entries
98 default_conf_files = [
101 'source': 'PlanetLabConf/ntpconf.php',
102 'dest': '/etc/ntp.conf',
103 'file_permissions': '644',
104 'file_owner': 'root',
105 'file_group': 'root',
106 'preinstall_cmd': '',
107 'postinstall_cmd': '/etc/rc.d/init.d/ntpd restart',
109 'ignore_cmd_errors': 0,
112 'source': 'PlanetLabConf/ntptickers.php',
113 'dest': '/etc/ntp/step-tickers',
114 'file_permissions': '644',
115 'file_owner': 'root',
116 'file_group': 'root',
117 'preinstall_cmd': '',
118 'postinstall_cmd': '/etc/rc.d/init.d/ntpd restart',
120 'ignore_cmd_errors': 0,
123 # SSH server configuration
125 'source': 'PlanetLabConf/sshd_config',
126 'dest': '/etc/ssh/sshd_config',
127 'file_permissions': '600',
128 'file_owner': 'root',
129 'file_group': 'root',
130 'preinstall_cmd': '',
131 'postinstall_cmd': '/etc/init.d/sshd restart',
133 'ignore_cmd_errors': 0,
136 # Administrative SSH keys
138 'source': 'PlanetLabConf/keys.php?root',
139 'dest': '/root/.ssh/authorized_keys',
140 'file_permissions': '644',
141 'file_owner': 'root',
142 'file_group': 'root',
143 'preinstall_cmd': '',
144 'postinstall_cmd': '',
146 'ignore_cmd_errors': 0,
149 'source': 'PlanetLabConf/keys.php?site_admin',
150 'dest': '/home/site_admin/.ssh/authorized_keys',
151 'file_permissions': '644',
152 'file_owner': 'site_admin',
153 'file_group': 'site_admin',
154 'preinstall_cmd': 'grep -q site_admin /etc/passwd',
155 'postinstall_cmd': '',
157 'ignore_cmd_errors': 0,
160 'source': 'PlanetLabConf/keys.php?role=admin',
161 'dest': '/home/pl_admin/.ssh/authorized_keys',
162 'file_permissions': '644',
163 'file_owner': 'pl_admin',
164 'file_group': 'pl_admin',
165 'preinstall_cmd': 'grep -q pl_admin /etc/passwd',
166 'postinstall_cmd': '',
168 'ignore_cmd_errors': 0,
171 # Log rotation configuration
173 'source': 'PlanetLabConf/logrotate.conf',
174 'dest': '/etc/logrotate.conf',
175 'file_permissions': '644',
176 'file_owner': 'root',
177 'file_group': 'root',
178 'preinstall_cmd': '',
179 'postinstall_cmd': '',
181 'ignore_cmd_errors': 0,
184 # updatedb/locate nightly cron job
186 'source': 'PlanetLabConf/slocate.cron',
187 'dest': '/etc/cron.daily/slocate.cron',
188 'file_permissions': '755',
189 'file_owner': 'root',
190 'file_group': 'root',
191 'preinstall_cmd': '',
192 'postinstall_cmd': '',
194 'ignore_cmd_errors': 0,
199 'source': 'PlanetLabConf/yum.conf.php?gpgcheck=1',
200 'dest': '/etc/yum.conf',
201 'file_permissions': '644',
202 'file_owner': 'root',
203 'file_group': 'root',
204 'preinstall_cmd': '',
205 'postinstall_cmd': '',
207 'ignore_cmd_errors': 0,
210 'source': 'PlanetLabConf/delete-rpm-list-production',
211 'dest': '/etc/planetlab/delete-rpm-list',
212 'file_permissions': '644',
213 'file_owner': 'root',
214 'file_group': 'root',
215 'preinstall_cmd': '',
216 'postinstall_cmd': '',
218 'ignore_cmd_errors': 0,
223 'source': 'PlanetLabConf/get_plc_config.php',
224 'dest': '/etc/planetlab/plc_config',
225 'file_permissions': '644',
226 'file_owner': 'root',
227 'file_group': 'root',
228 'preinstall_cmd': '',
229 'postinstall_cmd': '',
231 'ignore_cmd_errors': 0,
234 'source': 'PlanetLabConf/get_plc_config.php?python',
235 'dest': '/etc/planetlab/plc_config.py',
236 'file_permissions': '644',
237 'file_owner': 'root',
238 'file_group': 'root',
239 'preinstall_cmd': '',
240 'postinstall_cmd': '',
242 'ignore_cmd_errors': 0,
245 'source': 'PlanetLabConf/get_plc_config.php?perl',
246 'dest': '/etc/planetlab/plc_config.pl',
247 'file_permissions': '644',
248 'file_owner': 'root',
249 'file_group': 'root',
250 'preinstall_cmd': '',
251 'postinstall_cmd': '',
253 'ignore_cmd_errors': 0,
256 'source': 'PlanetLabConf/get_plc_config.php?php',
257 'dest': '/etc/planetlab/php/plc_config.php',
258 'file_permissions': '644',
259 'file_owner': 'root',
260 'file_group': 'root',
261 'preinstall_cmd': '',
262 'postinstall_cmd': '',
264 'ignore_cmd_errors': 0,
267 # Node Manager configuration
269 'source': 'PlanetLabConf/pl_nm-v3.conf',
270 'dest': '/etc/planetlab/pl_nm.conf',
271 'file_permissions': '644',
272 'file_owner': 'root',
273 'file_group': 'root',
274 'preinstall_cmd': '',
275 'postinstall_cmd': '/etc/init.d/pl_nm restart',
277 'ignore_cmd_errors': 0,
280 'source': 'PlanetLabConf/RootResources/plc_slice_pool.php',
281 'dest': '/home/pl_nm/RootResources/plc_slice_pool',
282 'file_permissions': '644',
283 'file_owner': 'pl_nm',
284 'file_group': 'pl_nm',
285 'preinstall_cmd': '',
286 'postinstall_cmd': '',
288 'ignore_cmd_errors': 0,
291 'source': 'PlanetLabConf/RootResources/pl_conf.py',
292 'dest': '/home/pl_nm/RootResources/pl_conf',
293 'file_permissions': '644',
294 'file_owner': 'pl_nm',
295 'file_group': 'pl_nm',
296 'preinstall_cmd': '',
297 'postinstall_cmd': '/etc/init.d/pl_nm restart',
299 'ignore_cmd_errors': 0,
302 'source': 'PlanetLabConf/RootResources/pl_netflow.py',
303 'dest': '/home/pl_nm/RootResources/pl_netflow',
304 'file_permissions': '644',
305 'file_owner': 'pl_nm',
306 'file_group': 'pl_nm',
307 'preinstall_cmd': '',
308 'postinstall_cmd': '',
310 'ignore_cmd_errors': 0,
313 # Proper configuration
315 'source': 'PlanetLabConf/propd-NM-1.0.conf',
316 'dest': '/etc/proper/propd.conf',
317 'file_permissions': '644',
318 'file_owner': 'root',
319 'file_group': 'root',
320 'preinstall_cmd': '',
321 'postinstall_cmd': '/etc/init.d/proper restart',
323 'ignore_cmd_errors': 1,
328 'source': 'PlanetLabConf/bwlimit.php',
329 'dest': '/etc/planetlab/bwcap',
330 'file_permissions': '644',
331 'file_owner': 'root',
332 'file_group': 'root',
333 'preinstall_cmd': '',
334 'postinstall_cmd': '/etc/init.d/pl_nm restart',
336 'ignore_cmd_errors': 1,
341 'source': 'PlanetLabConf/proxies.php',
342 'dest': '/etc/planetlab/proxies',
343 'file_permissions': '644',
344 'file_owner': 'root',
345 'file_group': 'root',
346 'preinstall_cmd': '',
347 'postinstall_cmd': '',
349 'ignore_cmd_errors': 0,
352 # Firewall configuration
354 'source': 'PlanetLabConf/iptables',
355 'dest': '/etc/sysconfig/iptables',
356 'file_permissions': '600',
357 'file_owner': 'root',
358 'file_group': 'root',
359 'preinstall_cmd': '',
360 'postinstall_cmd': '',
362 'ignore_cmd_errors': 0,
365 'source': 'PlanetLabConf/blacklist.php',
366 'dest': '/etc/planetlab/blacklist',
367 'file_permissions': '600',
368 'file_owner': 'root',
369 'file_group': 'root',
370 'preinstall_cmd': '',
371 'postinstall_cmd': '/sbin/iptables-restore --noflush < /etc/planetlab/blacklist',
373 'ignore_cmd_errors': 1,
378 'source': 'PlanetLabConf/issue.php',
379 'dest': '/etc/issue',
380 'file_permissions': '644',
381 'file_owner': 'root',
382 'file_group': 'root',
383 'preinstall_cmd': '',
384 'postinstall_cmd': '',
386 'ignore_cmd_errors': 0,
391 'source': 'PlanetLabConf/sysctl.php',
392 'dest': '/etc/sysctl.conf',
393 'file_permissions': '644',
394 'file_owner': 'root',
395 'file_group': 'root',
396 'preinstall_cmd': '',
397 'postinstall_cmd': '/sbin/sysctl -e -p /etc/sysctl.conf',
399 'ignore_cmd_errors': 0,
402 # Sendmail configuration
404 'source': 'PlanetLabConf/alpha-sendmail.mc',
405 'dest': '/etc/mail/sendmail.mc',
406 'file_permissions': '644',
407 'file_owner': 'root',
408 'file_group': 'root',
409 'preinstall_cmd': '',
410 'postinstall_cmd': '',
412 'ignore_cmd_errors': 0,
415 'source': 'PlanetLabConf/alpha-sendmail.cf',
416 'dest': '/etc/mail/sendmail.cf',
417 'file_permissions': '644',
418 'file_owner': 'root',
419 'file_group': 'root',
420 'preinstall_cmd': '',
421 'postinstall_cmd': 'service sendmail restart',
423 'ignore_cmd_errors': 0,
428 'source': 'PlanetLabConf/RPM-GPG-KEY-fedora',
429 'dest': '/etc/pki/rpm-gpg/RPM-GPG-KEY-fedora',
430 'file_permissions': '644',
431 'file_owner': 'root',
432 'file_group': 'root',
433 'preinstall_cmd': '',
434 'postinstall_cmd': 'rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY-fedora',
436 'ignore_cmd_errors': 0,
439 'source': 'PlanetLabConf/get_gpg_key.php',
440 'dest': '/etc/pki/rpm-gpg/RPM-GPG-KEY-planetlab',
441 'file_permissions': '644',
442 'file_owner': 'root',
443 'file_group': 'root',
444 'preinstall_cmd': '',
445 'postinstall_cmd': 'rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY-planetlab',
447 'ignore_cmd_errors': 0,
450 # Ping of death configuration
452 'source': 'PlanetLabConf/ipod.conf.php',
453 'dest': '/etc/ipod.conf',
454 'file_permissions': '644',
455 'file_owner': 'root',
456 'file_group': 'root',
457 'preinstall_cmd': '',
458 'postinstall_cmd': '',
460 'ignore_cmd_errors': 0,
465 'source': 'PlanetLabConf/v3-sudoers.php',
466 'dest': '/etc/sudoers',
467 'file_permissions': '440',
468 'file_owner': 'root',
469 'file_group': 'root',
470 'preinstall_cmd': '',
471 'postinstall_cmd': '/usr/sbin/visudo -c',
473 'ignore_cmd_errors': 0,
476 # Get list of existing (enabled, global) files
477 conf_files = AdmGetConfFile()
478 conf_files = filter(lambda conf_file: conf_file['enabled'] and \
479 not conf_file['node_id'] and \
480 not conf_file['nodegroup_id'],
482 dests = [conf_file['dest'] for conf_file in conf_files]
483 conf_files = dict(zip(dests, conf_files))
485 # Create/update default PlanetLabConf entries
486 for default_conf_file in default_conf_files:
487 if default_conf_file['dest'] not in dests:
488 AdmCreateConfFile(default_conf_file['enabled'],
489 default_conf_file['source'],
490 default_conf_file['dest'],
491 default_conf_file['file_permissions'],
492 default_conf_file['file_owner'],
493 default_conf_file['file_group'],
494 default_conf_file['preinstall_cmd'],
495 default_conf_file['postinstall_cmd'],
496 default_conf_file['error_cmd'],
497 default_conf_file['ignore_cmd_errors'],
498 default_conf_file['always_update'])
500 conf_file = conf_files[default_conf_file['dest']]
501 AdmUpdateConfFile(conf_file['conf_file_id'], default_conf_file)
503 # Setup default slice attribute types
504 default_attribute_types = [
505 # Slice type (only vserver is supported)
506 {'name': "plc_slice_type",
507 'description': "Type of slice rspec to be created",
508 'is_exclusive': True, 'min_role_id': 20, 'max_per_slice': 1,
509 'value_fields': [{'description': "rspec class",
513 # Slice initialization script
514 {'name': "initscript",
515 'description': "slice initialization script",
516 'is_exclusive': False, 'min_role_id': 10, 'max_per_slice': 1,
517 'value_fields': [{'description': "",
518 'name': "initscript_id",
519 'type': "integer"}]},
521 # CPU share (general_prop_share is deprecated)
522 {'name': "general_prop_share",
523 'description': "general share",
524 'is_exclusive': False, 'min_role_id': 10, 'max_per_slice': 1,
525 'value_fields': [{'description': "",
526 'name': "general_prop_share",
527 'type': "integer"}]},
528 {'name': "nm_cpu_share",
529 'description': "Number of CPU shares to be allocated to slice",
530 'is_exclusive': True, 'min_role_id': 10, 'max_per_slice': 1,
531 'value_fields': [{'description': "number of shares",
533 'type': "integer"}]},
536 {'name': "nm_net_min_rate",
537 'description': "Minimum network Tx bandwidth",
538 'is_exclusive': True, 'min_role_id': 10, 'max_per_slice': 1,
539 'value_fields': [{'description': "rate (kbps)",
541 'type': "integer"}]},
542 {'name': "nm_net_max_rate",
543 'description': "Maximum network Tx bandwidth",
544 'is_exclusive': True, 'min_role_id': 10, 'max_per_slice': 1,
545 'value_fields': [{'description': "rate (kbps)",
547 'type': "integer"}]},
548 {'name': "nm_net_avg_rate",
549 'description': "Average daily network Tx bandwidth",
550 'is_exclusive': True, 'min_role_id': 10, 'max_per_slice': 1,
551 'value_fields': [{'description': "rate (kbps)",
553 'type': "integer"}]},
554 {'name': "nm_net_exempt_min_rate",
555 'description': "Minimum network Tx bandwidth to Internet2 destinations",
556 'is_exclusive': True, 'min_role_id': 10, 'max_per_slice': 1,
557 'value_fields': [{'description': "rate (kbps)",
559 'type': "integer"}]},
560 {'name': "nm_net_exempt_max_rate",
561 'description': "Maximum network Tx bandwidth to Internet2 destinations",
562 'is_exclusive': True, 'min_role_id': 10, 'max_per_slice': 1,
563 'value_fields': [{'description': "rate (kbps)",
565 'type': "integer"}]},
566 {'name': "nm_net_exempt avg_rate",
567 'description': "Average daily network Tx bandwidth to Internet2 destinations",
568 'is_exclusive': True, 'min_role_id': 10, 'max_per_slice': 1,
569 'value_fields': [{'description': "rate (kbps)",
571 'type': "integer"}]},
574 {'name': "nm_disk_quota",
575 'description': "Disk quota",
576 'is_exclusive': True, 'min_role_id': 10, 'max_per_slice': 1,
577 'value_fields': [{'description': "Number of 1k disk blocks",
579 'type': "integer"}]},
581 # Special attributes applicable to Slice Creation Service (pl_conf) slice
582 {'name': "plc_agent_version",
583 'description': "Version of PLC agent (slice creation service) software to be deployed",
584 'is_exclusive': True, 'min_role_id': 10, 'max_per_slice': 1,
585 'value_fields': [{'description': "current version of PLC agent (SCS)",
588 {'name': "plc_ticket_pubkey",
589 'description': "Public key used to verify PLC-signed tickets",
590 'is_exclusive': True, 'min_role_id': 10, 'max_per_slice': 1,
591 'value_fields': [{'description': "PEM-encoded public key",
595 # Get list of existing attribute types
596 attribute_types = SliceAttributeTypeList()
598 # Create/update default slice attribute types
599 for default_attribute_type in default_attribute_types:
600 if default_attribute_type['name'] not in attribute_types:
601 SliceAttributeTypeCreate(default_attribute_type['name'],
602 default_attribute_type['description'],
603 default_attribute_type['min_role_id'],
604 default_attribute_type['max_per_slice'],
605 default_attribute_type['is_exclusive'],
606 default_attribute_type['value_fields'])
608 # XXX No way to update slice attribute types
611 # Get contents of SSL public certificate used for signing tickets
613 plc_ticket_pubkey = ""
614 for line in file(plc_api['ssl_key_pub']):
616 if line[0:5] != "-----":
617 # XXX The embedded newlines matter, do not strip()!
618 plc_ticket_pubkey += line
620 plc_ticket_pubkey = '%KEY%'
622 # Create/update system slices
623 slices = [{'name': "pl_conf",
624 'description': "PlanetLab Slice Creation Service (SCS)",
626 'attributes': {'plc_slice_type': {'type': "VServerSlice"},
627 'plc_agent_version': {'version': "1.0"},
628 'plc_ticket_pubkey': {'key': plc_ticket_pubkey}}},
629 {'name': "pl_conf_vserverslice",
630 'description': "Default attributes for vserver slices",
632 'attributes': {'nm_cpu_share': {'cpu_share': 32},
633 'plc_slice_type': {'type': "VServerSlice"},
634 'nm_disk_quota': {'quota': 5000000}}}]
637 SliceInfo([slice['name']])
639 SliceCreate(slice['name'])
640 SliceSetInstantiationMethod(slice['name'], 'plc-instantiated')
641 SliceUpdate(slice['name'], slice['url'], slice['description'])
643 SliceRenew(slice['name'], sys.maxint)
644 # Create/update all attributes
645 for attribute, values in slice['attributes'].iteritems():
646 SliceAttributeSet(slice['name'], attribute, values)
649 if __name__ == '__main__':