3 # Bootstraps the PLC database with a default administrator account and
6 # Mark Huang <mlhuang@cs.princeton.edu>
7 # Copyright (C) 2006 The Trustees of Princeton University
9 # $Id: api-config,v 1.8 2006/05/19 22:22:15 mlhuang Exp $
13 (plcapi, moreopts, argv) = plcapilib.plcapi(globals())
14 from plc_config import PLCConfiguration
19 cfg = PLCConfiguration()
21 variables = cfg.variables()
23 # Load variables into dictionaries
24 (category, variablelist) = variables['plc']
25 plc = dict(zip(variablelist.keys(),
26 [variable['value'] for variable in variablelist.values()]))
28 (category, variablelist) = variables['plc_www']
29 plc_www = dict(zip(variablelist.keys(),
30 [variable['value'] for variable in variablelist.values()]))
32 (category, variablelist) = variables['plc_api']
33 plc_api = dict(zip(variablelist.keys(),
34 [variable['value'] for variable in variablelist.values()]))
36 # Create/update the default administrator account (should be
38 admin = { 'person_id': 2,
39 'first_name': "Default",
40 'last_name': "Administrator",
41 'email': plc['root_user'],
42 'password': plc['root_password'] }
43 persons = AdmGetPersons([admin['person_id']])
45 person_id = AdmAddPerson(admin['first_name'], admin['last_name'], admin)
46 if person_id != admin['person_id']:
47 # Huh? Someone deleted the account manually from the database.
48 AdmDeletePerson(person_id)
49 raise Exception, "Someone deleted the \"%s %s\" account from the database!" % \
50 (admin['first_name'], admin['last_name'])
51 AdmSetPersonEnabled(person_id, True)
53 person_id = persons[0]['person_id']
54 AdmUpdatePerson(person_id, admin)
56 # Create/update the default site (should be site_id 1)
57 if plc_www['port'] == '80':
58 url = "http://" + plc_www['host'] + "/"
59 elif plc_www['port'] == '443':
60 url = "https://" + plc_www['host'] + "/"
62 url = "http://" + plc_www['host'] + ":" + plc_www['port'] + "/"
63 site = { 'site_id': 1,
64 'name': plc['name'] + " Central",
65 'abbreviated_name': plc['name'],
66 # XXX Default site slice_prefix/login_base must be "pl_"
67 # 'login_base': plc['slice_prefix'],
73 sites = AdmGetSites([site['site_id']])
75 site_id = AdmAddSite(site['name'], site['abbreviated_name'], site['login_base'], site)
76 if site_id != site['site_id']:
77 AdmDeleteSite(site_id)
78 raise Exception, "Someone deleted the \"%s\" site from the database!" % \
82 # Must call AdmUpdateSite() even after AdmAddSite() to update max_slices
83 site_id = sites[0]['site_id']
84 # XXX login_base cannot be updated
85 del site['login_base']
86 AdmUpdateSite(site_id, site)
88 # The default administrator account must be associated with a site
90 AdmAddPersonToSite(admin['person_id'], site['site_id'])
91 AdmSetPersonPrimarySite(admin['person_id'], site['site_id'])
93 # Grant admin and PI roles to the default administrator account
94 AdmGrantRoleToPerson(admin['person_id'], 10)
95 AdmGrantRoleToPerson(admin['person_id'], 20)
97 # Get the primary IP address for each node
99 nodes = AdmGetNodes([], ['node_id', 'hostname'])
102 AdmGetAllNodeNetworks(node['node_id'])
103 nodenetworks_list = plcapi.commit()
104 for i, nodenetworks in enumerate(nodenetworks_list):
105 for nodenetwork in nodenetworks:
106 if nodenetwork['hostname']:
107 hostname = nodenetwork['hostname']
109 hostname = nodes[i]['hostname']
111 if hosts.has_key(nodenetwork['ip']):
112 if hostname not in hosts[nodenetwork['ip']]:
113 hosts[nodenetwork['ip']].append(hostname)
115 hosts[nodenetwork['ip']] = [hostname]
117 # Write /etc/plc_hosts
118 plc_hosts = open("/etc/plc_hosts", "w")
119 for ip, hostnames in hosts.iteritems():
120 plc_hosts.write(ip + "\t" + " ".join(hostnames) + "\n")
123 # Setup default PlanetLabConf entries
124 default_conf_files = [
127 'source': 'PlanetLabConf/ntpconf.php',
128 'dest': '/etc/ntp.conf',
129 'file_permissions': '644',
130 'file_owner': 'root',
131 'file_group': 'root',
132 'preinstall_cmd': '',
133 'postinstall_cmd': '/etc/rc.d/init.d/ntpd restart',
135 'ignore_cmd_errors': 0,
138 'source': 'PlanetLabConf/ntptickers.php',
139 'dest': '/etc/ntp/step-tickers',
140 'file_permissions': '644',
141 'file_owner': 'root',
142 'file_group': 'root',
143 'preinstall_cmd': '',
144 'postinstall_cmd': '/etc/rc.d/init.d/ntpd restart',
146 'ignore_cmd_errors': 0,
149 # SSH server configuration
151 'source': 'PlanetLabConf/sshd_config',
152 'dest': '/etc/ssh/sshd_config',
153 'file_permissions': '600',
154 'file_owner': 'root',
155 'file_group': 'root',
156 'preinstall_cmd': '',
157 'postinstall_cmd': '/etc/init.d/sshd restart',
159 'ignore_cmd_errors': 0,
162 # Administrative SSH keys
164 'source': 'PlanetLabConf/keys.php?root',
165 'dest': '/root/.ssh/authorized_keys',
166 'file_permissions': '644',
167 'file_owner': 'root',
168 'file_group': 'root',
169 'preinstall_cmd': '',
170 'postinstall_cmd': '',
172 'ignore_cmd_errors': 0,
175 'source': 'PlanetLabConf/keys.php?site_admin',
176 'dest': '/home/site_admin/.ssh/authorized_keys',
177 'file_permissions': '644',
178 'file_owner': 'site_admin',
179 'file_group': 'site_admin',
180 'preinstall_cmd': 'grep -q site_admin /etc/passwd',
181 'postinstall_cmd': '',
183 'ignore_cmd_errors': 0,
186 'source': 'PlanetLabConf/keys.php?role=admin',
187 'dest': '/home/pl_admin/.ssh/authorized_keys',
188 'file_permissions': '644',
189 'file_owner': 'pl_admin',
190 'file_group': 'pl_admin',
191 'preinstall_cmd': 'grep -q pl_admin /etc/passwd',
192 'postinstall_cmd': '',
194 'ignore_cmd_errors': 0,
197 # Log rotation configuration
199 'source': 'PlanetLabConf/logrotate.conf',
200 'dest': '/etc/logrotate.conf',
201 'file_permissions': '644',
202 'file_owner': 'root',
203 'file_group': 'root',
204 'preinstall_cmd': '',
205 'postinstall_cmd': '',
207 'ignore_cmd_errors': 0,
210 # updatedb/locate nightly cron job
212 'source': 'PlanetLabConf/slocate.cron',
213 'dest': '/etc/cron.daily/slocate.cron',
214 'file_permissions': '755',
215 'file_owner': 'root',
216 'file_group': 'root',
217 'preinstall_cmd': '',
218 'postinstall_cmd': '',
220 'ignore_cmd_errors': 0,
225 'source': 'PlanetLabConf/yum.conf.php?gpgcheck=1',
226 'dest': '/etc/yum.conf',
227 'file_permissions': '644',
228 'file_owner': 'root',
229 'file_group': 'root',
230 'preinstall_cmd': '',
231 'postinstall_cmd': '',
233 'ignore_cmd_errors': 0,
236 'source': 'PlanetLabConf/delete-rpm-list-production',
237 'dest': '/etc/planetlab/delete-rpm-list',
238 'file_permissions': '644',
239 'file_owner': 'root',
240 'file_group': 'root',
241 'preinstall_cmd': '',
242 'postinstall_cmd': '',
244 'ignore_cmd_errors': 0,
249 'source': 'PlanetLabConf/get_plc_config.php',
250 'dest': '/etc/planetlab/plc_config',
251 'file_permissions': '644',
252 'file_owner': 'root',
253 'file_group': 'root',
254 'preinstall_cmd': '',
255 'postinstall_cmd': '',
257 'ignore_cmd_errors': 0,
260 'source': 'PlanetLabConf/get_plc_config.php?python',
261 'dest': '/etc/planetlab/plc_config.py',
262 'file_permissions': '644',
263 'file_owner': 'root',
264 'file_group': 'root',
265 'preinstall_cmd': '',
266 'postinstall_cmd': '',
268 'ignore_cmd_errors': 0,
271 'source': 'PlanetLabConf/get_plc_config.php?perl',
272 'dest': '/etc/planetlab/plc_config.pl',
273 'file_permissions': '644',
274 'file_owner': 'root',
275 'file_group': 'root',
276 'preinstall_cmd': '',
277 'postinstall_cmd': '',
279 'ignore_cmd_errors': 0,
282 'source': 'PlanetLabConf/get_plc_config.php?php',
283 'dest': '/etc/planetlab/php/plc_config.php',
284 'file_permissions': '644',
285 'file_owner': 'root',
286 'file_group': 'root',
287 'preinstall_cmd': '',
288 'postinstall_cmd': '',
290 'ignore_cmd_errors': 0,
293 # Node Manager configuration
295 'source': 'PlanetLabConf/pl_nm-v3.conf',
296 'dest': '/etc/planetlab/pl_nm.conf',
297 'file_permissions': '644',
298 'file_owner': 'root',
299 'file_group': 'root',
300 'preinstall_cmd': '',
301 'postinstall_cmd': '/etc/init.d/pl_nm restart',
303 'ignore_cmd_errors': 0,
306 'source': 'PlanetLabConf/RootResources/plc_slice_pool.php',
307 'dest': '/home/pl_nm/RootResources/plc_slice_pool',
308 'file_permissions': '644',
309 'file_owner': 'pl_nm',
310 'file_group': 'pl_nm',
311 'preinstall_cmd': '',
312 'postinstall_cmd': '',
314 'ignore_cmd_errors': 0,
317 'source': 'PlanetLabConf/RootResources/pl_conf.py',
318 'dest': '/home/pl_nm/RootResources/pl_conf',
319 'file_permissions': '644',
320 'file_owner': 'pl_nm',
321 'file_group': 'pl_nm',
322 'preinstall_cmd': '',
323 'postinstall_cmd': '/etc/init.d/pl_nm restart',
325 'ignore_cmd_errors': 0,
328 'source': 'PlanetLabConf/RootResources/pl_netflow.py',
329 'dest': '/home/pl_nm/RootResources/pl_netflow',
330 'file_permissions': '644',
331 'file_owner': 'pl_nm',
332 'file_group': 'pl_nm',
333 'preinstall_cmd': '',
334 'postinstall_cmd': '',
336 'ignore_cmd_errors': 0,
339 # Proper configuration
341 'source': 'PlanetLabConf/propd-NM-1.0.conf',
342 'dest': '/etc/proper/propd.conf',
343 'file_permissions': '644',
344 'file_owner': 'root',
345 'file_group': 'root',
346 'preinstall_cmd': '',
347 'postinstall_cmd': '/etc/init.d/proper restart',
349 'ignore_cmd_errors': 1,
354 'source': 'PlanetLabConf/bwlimit.php',
355 'dest': '/etc/planetlab/bwcap',
356 'file_permissions': '644',
357 'file_owner': 'root',
358 'file_group': 'root',
359 'preinstall_cmd': '',
360 'postinstall_cmd': '/etc/init.d/pl_nm restart',
362 'ignore_cmd_errors': 1,
367 'source': 'PlanetLabConf/proxies.php',
368 'dest': '/etc/planetlab/proxies',
369 'file_permissions': '644',
370 'file_owner': 'root',
371 'file_group': 'root',
372 'preinstall_cmd': '',
373 'postinstall_cmd': '',
375 'ignore_cmd_errors': 0,
378 # Firewall configuration
380 'source': 'PlanetLabConf/iptables',
381 'dest': '/etc/sysconfig/iptables',
382 'file_permissions': '600',
383 'file_owner': 'root',
384 'file_group': 'root',
385 'preinstall_cmd': '',
386 'postinstall_cmd': '',
388 'ignore_cmd_errors': 0,
391 'source': 'PlanetLabConf/blacklist.php',
392 'dest': '/etc/planetlab/blacklist',
393 'file_permissions': '600',
394 'file_owner': 'root',
395 'file_group': 'root',
396 'preinstall_cmd': '',
397 'postinstall_cmd': '/sbin/iptables-restore --noflush < /etc/planetlab/blacklist',
399 'ignore_cmd_errors': 1,
404 'source': 'PlanetLabConf/issue.php',
405 'dest': '/etc/issue',
406 'file_permissions': '644',
407 'file_owner': 'root',
408 'file_group': 'root',
409 'preinstall_cmd': '',
410 'postinstall_cmd': '',
412 'ignore_cmd_errors': 0,
417 'source': 'PlanetLabConf/sysctl.php',
418 'dest': '/etc/sysctl.conf',
419 'file_permissions': '644',
420 'file_owner': 'root',
421 'file_group': 'root',
422 'preinstall_cmd': '',
423 'postinstall_cmd': '/sbin/sysctl -e -p /etc/sysctl.conf',
425 'ignore_cmd_errors': 0,
428 # Sendmail configuration
430 'source': 'PlanetLabConf/alpha-sendmail.mc',
431 'dest': '/etc/mail/sendmail.mc',
432 'file_permissions': '644',
433 'file_owner': 'root',
434 'file_group': 'root',
435 'preinstall_cmd': '',
436 'postinstall_cmd': '',
438 'ignore_cmd_errors': 0,
441 'source': 'PlanetLabConf/alpha-sendmail.cf',
442 'dest': '/etc/mail/sendmail.cf',
443 'file_permissions': '644',
444 'file_owner': 'root',
445 'file_group': 'root',
446 'preinstall_cmd': '',
447 'postinstall_cmd': 'service sendmail restart',
449 'ignore_cmd_errors': 0,
454 'source': 'PlanetLabConf/RPM-GPG-KEY-fedora',
455 'dest': '/etc/pki/rpm-gpg/RPM-GPG-KEY-fedora',
456 'file_permissions': '644',
457 'file_owner': 'root',
458 'file_group': 'root',
459 'preinstall_cmd': '',
460 'postinstall_cmd': 'rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY-fedora',
462 'ignore_cmd_errors': 0,
465 'source': 'PlanetLabConf/get_gpg_key.php',
466 'dest': '/etc/pki/rpm-gpg/RPM-GPG-KEY-planetlab',
467 'file_permissions': '644',
468 'file_owner': 'root',
469 'file_group': 'root',
470 'preinstall_cmd': '',
471 'postinstall_cmd': 'rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY-planetlab',
473 'ignore_cmd_errors': 0,
476 # Ping of death configuration
478 'source': 'PlanetLabConf/ipod.conf.php',
479 'dest': '/etc/ipod.conf',
480 'file_permissions': '644',
481 'file_owner': 'root',
482 'file_group': 'root',
483 'preinstall_cmd': '',
484 'postinstall_cmd': '',
486 'ignore_cmd_errors': 0,
491 'source': 'PlanetLabConf/v3-sudoers.php',
492 'dest': '/etc/sudoers',
493 'file_permissions': '440',
494 'file_owner': 'root',
495 'file_group': 'root',
496 'preinstall_cmd': '',
497 'postinstall_cmd': '/usr/sbin/visudo -c',
499 'ignore_cmd_errors': 0,
502 # Get list of existing (enabled, global) files
503 conf_files = AdmGetConfFile()
504 conf_files = filter(lambda conf_file: conf_file['enabled'] and \
505 not conf_file['node_id'] and \
506 not conf_file['nodegroup_id'],
508 dests = [conf_file['dest'] for conf_file in conf_files]
509 conf_files = dict(zip(dests, conf_files))
511 # Create/update default PlanetLabConf entries
512 for default_conf_file in default_conf_files:
513 if default_conf_file['dest'] not in dests:
514 AdmCreateConfFile(default_conf_file['enabled'],
515 default_conf_file['source'],
516 default_conf_file['dest'],
517 default_conf_file['file_permissions'],
518 default_conf_file['file_owner'],
519 default_conf_file['file_group'],
520 default_conf_file['preinstall_cmd'],
521 default_conf_file['postinstall_cmd'],
522 default_conf_file['error_cmd'],
523 default_conf_file['ignore_cmd_errors'],
524 default_conf_file['always_update'])
526 conf_file = conf_files[default_conf_file['dest']]
527 AdmUpdateConfFile(conf_file['conf_file_id'], default_conf_file)
529 # Setup default slice attribute types
530 default_attribute_types = [
531 # Slice type (only vserver is supported)
532 {'name': "plc_slice_type",
533 'description': "Type of slice rspec to be created",
534 'is_exclusive': True, 'min_role_id': 20, 'max_per_slice': 1,
535 'value_fields': [{'description': "rspec class",
539 # Slice initialization script
540 {'name': "initscript",
541 'description': "slice initialization script",
542 'is_exclusive': False, 'min_role_id': 10, 'max_per_slice': 1,
543 'value_fields': [{'description': "",
544 'name': "initscript_id",
545 'type': "integer"}]},
547 # CPU share (general_prop_share is deprecated)
548 {'name': "general_prop_share",
549 'description': "general share",
550 'is_exclusive': False, 'min_role_id': 10, 'max_per_slice': 1,
551 'value_fields': [{'description': "",
552 'name': "general_prop_share",
553 'type': "integer"}]},
554 {'name': "nm_cpu_share",
555 'description': "Number of CPU shares to be allocated to slice",
556 'is_exclusive': True, 'min_role_id': 10, 'max_per_slice': 1,
557 'value_fields': [{'description': "number of shares",
559 'type': "integer"}]},
562 {'name': "nm_net_min_rate",
563 'description': "Minimum network Tx bandwidth",
564 'is_exclusive': True, 'min_role_id': 10, 'max_per_slice': 1,
565 'value_fields': [{'description': "rate (kbps)",
567 'type': "integer"}]},
568 {'name': "nm_net_max_rate",
569 'description': "Maximum network Tx bandwidth",
570 'is_exclusive': True, 'min_role_id': 10, 'max_per_slice': 1,
571 'value_fields': [{'description': "rate (kbps)",
573 'type': "integer"}]},
574 {'name': "nm_net_avg_rate",
575 'description': "Average daily network Tx bandwidth",
576 'is_exclusive': True, 'min_role_id': 10, 'max_per_slice': 1,
577 'value_fields': [{'description': "rate (kbps)",
579 'type': "integer"}]},
580 {'name': "nm_net_exempt_min_rate",
581 'description': "Minimum network Tx bandwidth to Internet2 destinations",
582 'is_exclusive': True, 'min_role_id': 10, 'max_per_slice': 1,
583 'value_fields': [{'description': "rate (kbps)",
585 'type': "integer"}]},
586 {'name': "nm_net_exempt_max_rate",
587 'description': "Maximum network Tx bandwidth to Internet2 destinations",
588 'is_exclusive': True, 'min_role_id': 10, 'max_per_slice': 1,
589 'value_fields': [{'description': "rate (kbps)",
591 'type': "integer"}]},
592 {'name': "nm_net_exempt avg_rate",
593 'description': "Average daily network Tx bandwidth to Internet2 destinations",
594 'is_exclusive': True, 'min_role_id': 10, 'max_per_slice': 1,
595 'value_fields': [{'description': "rate (kbps)",
597 'type': "integer"}]},
600 {'name': "nm_disk_quota",
601 'description': "Disk quota",
602 'is_exclusive': True, 'min_role_id': 10, 'max_per_slice': 1,
603 'value_fields': [{'description': "Number of 1k disk blocks",
605 'type': "integer"}]},
607 # Special attributes applicable to Slice Creation Service (pl_conf) slice
608 {'name': "plc_agent_version",
609 'description': "Version of PLC agent (slice creation service) software to be deployed",
610 'is_exclusive': True, 'min_role_id': 10, 'max_per_slice': 1,
611 'value_fields': [{'description': "current version of PLC agent (SCS)",
614 {'name': "plc_ticket_pubkey",
615 'description': "Public key used to verify PLC-signed tickets",
616 'is_exclusive': True, 'min_role_id': 10, 'max_per_slice': 1,
617 'value_fields': [{'description': "PEM-encoded public key",
621 # Get list of existing attribute types
622 attribute_types = SliceAttributeTypeList()
624 # Create/update default slice attribute types
625 for default_attribute_type in default_attribute_types:
626 if default_attribute_type['name'] not in attribute_types:
627 SliceAttributeTypeCreate(default_attribute_type['name'],
628 default_attribute_type['description'],
629 default_attribute_type['min_role_id'],
630 default_attribute_type['max_per_slice'],
631 default_attribute_type['is_exclusive'],
632 default_attribute_type['value_fields'])
634 # XXX No way to update slice attribute types
637 # Get contents of SSL public certificate used for signing tickets
639 plc_ticket_pubkey = ""
640 for line in file(plc_api['ssl_key_pub']):
642 if line[0:5] != "-----":
643 # XXX The embedded newlines matter, do not strip()!
644 plc_ticket_pubkey += line
646 plc_ticket_pubkey = '%KEY%'
648 # Create/update system slices
649 slices = [{'name': "pl_conf",
650 'description': "PlanetLab Slice Creation Service (SCS)",
652 'attributes': {'plc_slice_type': {'type': "VServerSlice"},
653 'plc_agent_version': {'version': "1.0"},
654 'plc_ticket_pubkey': {'key': plc_ticket_pubkey}}},
655 {'name': "pl_conf_vserverslice",
656 'description': "Default attributes for vserver slices",
658 'attributes': {'nm_cpu_share': {'cpu_share': 32},
659 'plc_slice_type': {'type': "VServerSlice"},
660 'nm_disk_quota': {'quota': 5000000}}}]
663 SliceInfo([slice['name']])
665 SliceCreate(slice['name'])
666 SliceSetInstantiationMethod(slice['name'], 'plc-instantiated')
667 SliceUpdate(slice['name'], slice['url'], slice['description'])
669 SliceRenew(slice['name'], sys.maxint)
670 # Create/update all attributes
671 for attribute, values in slice['attributes'].iteritems():
672 SliceAttributeSet(slice['name'], attribute, values)
675 if __name__ == '__main__':