3 # Bootstraps the PLC database with a default administrator account and
4 # a default site, defines default slice attribute types, and
5 # creates/updates default system slices.
7 # Mark Huang <mlhuang@cs.princeton.edu>
8 # Copyright (C) 2006 The Trustees of Princeton University
10 # $Id: api-config,v 1.12 2006/05/30 15:06:20 mlhuang Exp $
14 (plcapi, moreopts, argv) = plcapilib.plcapi(globals())
15 from plc_config import PLCConfiguration
20 cfg = PLCConfiguration()
22 variables = cfg.variables()
24 # Load variables into dictionaries
25 for category_id, (category, variablelist) in variables.iteritems():
26 globals()[category_id] = dict(zip(variablelist.keys(),
27 [variable['value'] for variable in variablelist.values()]))
29 # Create/update the default administrator account (should be
31 admin = { 'person_id': 2,
32 'first_name': "Default",
33 'last_name': "Administrator",
34 'email': plc['root_user'],
35 'password': plc['root_password'] }
36 persons = AdmGetPersons([admin['person_id']])
38 person_id = AdmAddPerson(admin['first_name'], admin['last_name'], admin)
39 if person_id != admin['person_id']:
40 # Huh? Someone deleted the account manually from the database.
41 AdmDeletePerson(person_id)
42 raise Exception, "Someone deleted the \"%s %s\" account from the database!" % \
43 (admin['first_name'], admin['last_name'])
44 AdmSetPersonEnabled(person_id, True)
46 person_id = persons[0]['person_id']
47 AdmUpdatePerson(person_id, admin)
49 # Create/update the default site (should be site_id 1)
50 if plc_www['port'] == '80':
51 url = "http://" + plc_www['host'] + "/"
52 elif plc_www['port'] == '443':
53 url = "https://" + plc_www['host'] + "/"
55 url = "http://" + plc_www['host'] + ":" + plc_www['port'] + "/"
56 site = { 'site_id': 1,
57 'name': plc['name'] + " Central",
58 'abbreviated_name': plc['name'],
59 # XXX Default site slice_prefix/login_base must be "pl_"
60 # 'login_base': plc['slice_prefix'],
66 sites = AdmGetSites([site['site_id']])
68 site_id = AdmAddSite(site['name'], site['abbreviated_name'], site['login_base'], site)
69 if site_id != site['site_id']:
70 AdmDeleteSite(site_id)
71 raise Exception, "Someone deleted the \"%s\" site from the database!" % \
75 # Must call AdmUpdateSite() even after AdmAddSite() to update max_slices
76 site_id = sites[0]['site_id']
77 # XXX login_base cannot be updated
78 del site['login_base']
79 AdmUpdateSite(site_id, site)
81 # The default administrator account must be associated with a site
83 AdmAddPersonToSite(admin['person_id'], site['site_id'])
84 AdmSetPersonPrimarySite(admin['person_id'], site['site_id'])
86 # Grant admin and PI roles to the default administrator account
87 AdmGrantRoleToPerson(admin['person_id'], 10)
88 AdmGrantRoleToPerson(admin['person_id'], 20)
90 # Setup default PlanetLabConf entries
91 default_conf_files = [
94 'source': 'PlanetLabConf/ntpconf.php',
95 'dest': '/etc/ntp.conf',
96 'file_permissions': '644',
100 'postinstall_cmd': '/etc/rc.d/init.d/ntpd restart',
102 'ignore_cmd_errors': 0,
105 'source': 'PlanetLabConf/ntptickers.php',
106 'dest': '/etc/ntp/step-tickers',
107 'file_permissions': '644',
108 'file_owner': 'root',
109 'file_group': 'root',
110 'preinstall_cmd': '',
111 'postinstall_cmd': '/etc/rc.d/init.d/ntpd restart',
113 'ignore_cmd_errors': 0,
116 # SSH server configuration
118 'source': 'PlanetLabConf/sshd_config',
119 'dest': '/etc/ssh/sshd_config',
120 'file_permissions': '600',
121 'file_owner': 'root',
122 'file_group': 'root',
123 'preinstall_cmd': '',
124 'postinstall_cmd': '/etc/init.d/sshd restart',
126 'ignore_cmd_errors': 0,
129 # Administrative SSH keys
131 'source': 'PlanetLabConf/keys.php?root',
132 'dest': '/root/.ssh/authorized_keys',
133 'file_permissions': '644',
134 'file_owner': 'root',
135 'file_group': 'root',
136 'preinstall_cmd': '',
137 'postinstall_cmd': '',
139 'ignore_cmd_errors': 0,
142 'source': 'PlanetLabConf/keys.php?site_admin',
143 'dest': '/home/site_admin/.ssh/authorized_keys',
144 'file_permissions': '644',
145 'file_owner': 'site_admin',
146 'file_group': 'site_admin',
147 'preinstall_cmd': 'grep -q site_admin /etc/passwd',
148 'postinstall_cmd': '',
150 'ignore_cmd_errors': 0,
153 'source': 'PlanetLabConf/keys.php?role=admin',
154 'dest': '/home/pl_admin/.ssh/authorized_keys',
155 'file_permissions': '644',
156 'file_owner': 'pl_admin',
157 'file_group': 'pl_admin',
158 'preinstall_cmd': 'grep -q pl_admin /etc/passwd',
159 'postinstall_cmd': '',
161 'ignore_cmd_errors': 0,
164 # Log rotation configuration
166 'source': 'PlanetLabConf/logrotate.conf',
167 'dest': '/etc/logrotate.conf',
168 'file_permissions': '644',
169 'file_owner': 'root',
170 'file_group': 'root',
171 'preinstall_cmd': '',
172 'postinstall_cmd': '',
174 'ignore_cmd_errors': 0,
177 # updatedb/locate nightly cron job
179 'source': 'PlanetLabConf/slocate.cron',
180 'dest': '/etc/cron.daily/slocate.cron',
181 'file_permissions': '755',
182 'file_owner': 'root',
183 'file_group': 'root',
184 'preinstall_cmd': '',
185 'postinstall_cmd': '',
187 'ignore_cmd_errors': 0,
192 'source': 'PlanetLabConf/yum.conf.php?gpgcheck=1',
193 'dest': '/etc/yum.conf',
194 'file_permissions': '644',
195 'file_owner': 'root',
196 'file_group': 'root',
197 'preinstall_cmd': '',
198 'postinstall_cmd': '',
200 'ignore_cmd_errors': 0,
203 'source': 'PlanetLabConf/delete-rpm-list-production',
204 'dest': '/etc/planetlab/delete-rpm-list',
205 'file_permissions': '644',
206 'file_owner': 'root',
207 'file_group': 'root',
208 'preinstall_cmd': '',
209 'postinstall_cmd': '',
211 'ignore_cmd_errors': 0,
216 'source': 'PlanetLabConf/get_plc_config.php',
217 'dest': '/etc/planetlab/plc_config',
218 'file_permissions': '644',
219 'file_owner': 'root',
220 'file_group': 'root',
221 'preinstall_cmd': '',
222 'postinstall_cmd': '',
224 'ignore_cmd_errors': 0,
227 'source': 'PlanetLabConf/get_plc_config.php?python',
228 'dest': '/etc/planetlab/plc_config.py',
229 'file_permissions': '644',
230 'file_owner': 'root',
231 'file_group': 'root',
232 'preinstall_cmd': '',
233 'postinstall_cmd': '',
235 'ignore_cmd_errors': 0,
238 'source': 'PlanetLabConf/get_plc_config.php?perl',
239 'dest': '/etc/planetlab/plc_config.pl',
240 'file_permissions': '644',
241 'file_owner': 'root',
242 'file_group': 'root',
243 'preinstall_cmd': '',
244 'postinstall_cmd': '',
246 'ignore_cmd_errors': 0,
249 'source': 'PlanetLabConf/get_plc_config.php?php',
250 'dest': '/etc/planetlab/php/plc_config.php',
251 'file_permissions': '644',
252 'file_owner': 'root',
253 'file_group': 'root',
254 'preinstall_cmd': '',
255 'postinstall_cmd': '',
257 'ignore_cmd_errors': 0,
260 # Node Manager configuration
262 'source': 'PlanetLabConf/pl_nm-v3.conf',
263 'dest': '/etc/planetlab/pl_nm.conf',
264 'file_permissions': '644',
265 'file_owner': 'root',
266 'file_group': 'root',
267 'preinstall_cmd': '',
268 'postinstall_cmd': '/etc/init.d/pl_nm restart',
270 'ignore_cmd_errors': 0,
273 'source': 'PlanetLabConf/RootResources/plc_slice_pool.php',
274 'dest': '/home/pl_nm/RootResources/plc_slice_pool',
275 'file_permissions': '644',
276 'file_owner': 'pl_nm',
277 'file_group': 'pl_nm',
278 'preinstall_cmd': '',
279 'postinstall_cmd': '',
281 'ignore_cmd_errors': 0,
284 'source': 'PlanetLabConf/RootResources/pl_conf.py',
285 'dest': '/home/pl_nm/RootResources/pl_conf',
286 'file_permissions': '644',
287 'file_owner': 'pl_nm',
288 'file_group': 'pl_nm',
289 'preinstall_cmd': '',
290 'postinstall_cmd': '/etc/init.d/pl_nm restart',
292 'ignore_cmd_errors': 0,
295 'source': 'PlanetLabConf/RootResources/pl_netflow.py',
296 'dest': '/home/pl_nm/RootResources/pl_netflow',
297 'file_permissions': '644',
298 'file_owner': 'pl_nm',
299 'file_group': 'pl_nm',
300 'preinstall_cmd': '',
301 'postinstall_cmd': '',
303 'ignore_cmd_errors': 0,
306 # Proper configuration
308 'source': 'PlanetLabConf/propd-NM-1.0.conf',
309 'dest': '/etc/proper/propd.conf',
310 'file_permissions': '644',
311 'file_owner': 'root',
312 'file_group': 'root',
313 'preinstall_cmd': '',
314 'postinstall_cmd': '/etc/init.d/proper restart',
316 'ignore_cmd_errors': 1,
321 'source': 'PlanetLabConf/bwlimit.php',
322 'dest': '/etc/planetlab/bwcap',
323 'file_permissions': '644',
324 'file_owner': 'root',
325 'file_group': 'root',
326 'preinstall_cmd': '',
327 'postinstall_cmd': '/etc/init.d/pl_nm restart',
329 'ignore_cmd_errors': 1,
334 'source': 'PlanetLabConf/proxies.php',
335 'dest': '/etc/planetlab/proxies',
336 'file_permissions': '644',
337 'file_owner': 'root',
338 'file_group': 'root',
339 'preinstall_cmd': '',
340 'postinstall_cmd': '',
342 'ignore_cmd_errors': 0,
345 # Firewall configuration
347 'source': 'PlanetLabConf/iptables',
348 'dest': '/etc/sysconfig/iptables',
349 'file_permissions': '600',
350 'file_owner': 'root',
351 'file_group': 'root',
352 'preinstall_cmd': '',
353 'postinstall_cmd': '',
355 'ignore_cmd_errors': 0,
358 'source': 'PlanetLabConf/blacklist.php',
359 'dest': '/etc/planetlab/blacklist',
360 'file_permissions': '600',
361 'file_owner': 'root',
362 'file_group': 'root',
363 'preinstall_cmd': '',
364 'postinstall_cmd': '/sbin/iptables-restore --noflush < /etc/planetlab/blacklist',
366 'ignore_cmd_errors': 1,
371 'source': 'PlanetLabConf/issue.php',
372 'dest': '/etc/issue',
373 'file_permissions': '644',
374 'file_owner': 'root',
375 'file_group': 'root',
376 'preinstall_cmd': '',
377 'postinstall_cmd': '',
379 'ignore_cmd_errors': 0,
384 'source': 'PlanetLabConf/sysctl.php',
385 'dest': '/etc/sysctl.conf',
386 'file_permissions': '644',
387 'file_owner': 'root',
388 'file_group': 'root',
389 'preinstall_cmd': '',
390 'postinstall_cmd': '/sbin/sysctl -e -p /etc/sysctl.conf',
392 'ignore_cmd_errors': 0,
395 # Sendmail configuration
397 'source': 'PlanetLabConf/alpha-sendmail.mc',
398 'dest': '/etc/mail/sendmail.mc',
399 'file_permissions': '644',
400 'file_owner': 'root',
401 'file_group': 'root',
402 'preinstall_cmd': '',
403 'postinstall_cmd': '',
405 'ignore_cmd_errors': 0,
408 'source': 'PlanetLabConf/alpha-sendmail.cf',
409 'dest': '/etc/mail/sendmail.cf',
410 'file_permissions': '644',
411 'file_owner': 'root',
412 'file_group': 'root',
413 'preinstall_cmd': '',
414 'postinstall_cmd': 'service sendmail restart',
416 'ignore_cmd_errors': 0,
421 'source': 'PlanetLabConf/RPM-GPG-KEY-fedora',
422 'dest': '/etc/pki/rpm-gpg/RPM-GPG-KEY-fedora',
423 'file_permissions': '644',
424 'file_owner': 'root',
425 'file_group': 'root',
426 'preinstall_cmd': '',
427 'postinstall_cmd': 'rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY-fedora',
429 'ignore_cmd_errors': 0,
432 'source': 'PlanetLabConf/get_gpg_key.php',
433 'dest': '/etc/pki/rpm-gpg/RPM-GPG-KEY-planetlab',
434 'file_permissions': '644',
435 'file_owner': 'root',
436 'file_group': 'root',
437 'preinstall_cmd': '',
438 'postinstall_cmd': 'rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY-planetlab',
440 'ignore_cmd_errors': 0,
443 # Ping of death configuration
445 'source': 'PlanetLabConf/ipod.conf.php',
446 'dest': '/etc/ipod.conf',
447 'file_permissions': '644',
448 'file_owner': 'root',
449 'file_group': 'root',
450 'preinstall_cmd': '',
451 'postinstall_cmd': '',
453 'ignore_cmd_errors': 0,
458 'source': 'PlanetLabConf/v3-sudoers.php',
459 'dest': '/etc/sudoers',
460 'file_permissions': '440',
461 'file_owner': 'root',
462 'file_group': 'root',
463 'preinstall_cmd': '',
464 'postinstall_cmd': '/usr/sbin/visudo -c',
466 'ignore_cmd_errors': 0,
469 # Get list of existing (enabled, global) files
470 conf_files = AdmGetConfFile()
471 conf_files = filter(lambda conf_file: conf_file['enabled'] and \
472 not conf_file['node_id'] and \
473 not conf_file['nodegroup_id'],
475 dests = [conf_file['dest'] for conf_file in conf_files]
476 conf_files = dict(zip(dests, conf_files))
478 # Create/update default PlanetLabConf entries
479 for default_conf_file in default_conf_files:
480 if default_conf_file['dest'] not in dests:
481 AdmCreateConfFile(default_conf_file['enabled'],
482 default_conf_file['source'],
483 default_conf_file['dest'],
484 default_conf_file['file_permissions'],
485 default_conf_file['file_owner'],
486 default_conf_file['file_group'],
487 default_conf_file['preinstall_cmd'],
488 default_conf_file['postinstall_cmd'],
489 default_conf_file['error_cmd'],
490 default_conf_file['ignore_cmd_errors'],
491 default_conf_file['always_update'])
493 conf_file = conf_files[default_conf_file['dest']]
494 AdmUpdateConfFile(conf_file['conf_file_id'], default_conf_file)
496 # Setup default slice attribute types
497 default_attribute_types = [
498 # Slice type (only vserver is supported)
499 {'name': "plc_slice_type",
500 'description': "Type of slice rspec to be created",
501 'is_exclusive': True, 'min_role_id': 20, 'max_per_slice': 1,
502 'value_fields': [{'description': "rspec class",
506 # Slice initialization script
507 {'name': "initscript",
508 'description': "slice initialization script",
509 'is_exclusive': False, 'min_role_id': 10, 'max_per_slice': 1,
510 'value_fields': [{'description': "",
511 'name': "initscript_id",
512 'type': "integer"}]},
514 # CPU share (general_prop_share is deprecated)
515 {'name': "general_prop_share",
516 'description': "general share",
517 'is_exclusive': False, 'min_role_id': 10, 'max_per_slice': 1,
518 'value_fields': [{'description': "",
519 'name': "general_prop_share",
520 'type': "integer"}]},
521 {'name': "nm_cpu_share",
522 'description': "Number of CPU shares to be allocated to slice",
523 'is_exclusive': True, 'min_role_id': 10, 'max_per_slice': 1,
524 'value_fields': [{'description': "number of shares",
526 'type': "integer"}]},
529 {'name': "nm_net_min_rate",
530 'description': "Minimum network Tx bandwidth",
531 'is_exclusive': True, 'min_role_id': 10, 'max_per_slice': 1,
532 'value_fields': [{'description': "rate (bps)",
534 'type': "integer"}]},
535 {'name': "nm_net_max_rate",
536 'description': "Maximum network Tx bandwidth",
537 'is_exclusive': True, 'min_role_id': 10, 'max_per_slice': 1,
538 'value_fields': [{'description': "rate (bps)",
540 'type': "integer"}]},
541 {'name': "nm_net_avg_rate",
542 'description': "Average daily network Tx bandwidth",
543 'is_exclusive': True, 'min_role_id': 10, 'max_per_slice': 1,
544 'value_fields': [{'description': "rate (bps)",
546 'type': "integer"}]},
547 {'name': "nm_net_exempt_min_rate",
548 'description': "Minimum network Tx bandwidth to Internet2 destinations",
549 'is_exclusive': True, 'min_role_id': 10, 'max_per_slice': 1,
550 'value_fields': [{'description': "rate (bps)",
552 'type': "integer"}]},
553 {'name': "nm_net_exempt_max_rate",
554 'description': "Maximum network Tx bandwidth to Internet2 destinations",
555 'is_exclusive': True, 'min_role_id': 10, 'max_per_slice': 1,
556 'value_fields': [{'description': "rate (bps)",
558 'type': "integer"}]},
559 {'name': "nm_net_exempt avg_rate",
560 'description': "Average daily network Tx bandwidth to Internet2 destinations",
561 'is_exclusive': True, 'min_role_id': 10, 'max_per_slice': 1,
562 'value_fields': [{'description': "rate (bps)",
564 'type': "integer"}]},
567 {'name': "nm_disk_quota",
568 'description': "Disk quota",
569 'is_exclusive': True, 'min_role_id': 10, 'max_per_slice': 1,
570 'value_fields': [{'description': "Number of 1k disk blocks",
572 'type': "integer"}]},
574 # Special attributes applicable to Slice Creation Service (pl_conf) slice
575 {'name': "plc_agent_version",
576 'description': "Version of PLC agent (slice creation service) software to be deployed",
577 'is_exclusive': True, 'min_role_id': 10, 'max_per_slice': 1,
578 'value_fields': [{'description': "current version of PLC agent (SCS)",
581 {'name': "plc_ticket_pubkey",
582 'description': "Public key used to verify PLC-signed tickets",
583 'is_exclusive': True, 'min_role_id': 10, 'max_per_slice': 1,
584 'value_fields': [{'description': "PEM-encoded public key",
588 # Get list of existing attribute types
589 attribute_types = SliceAttributeTypeList()
591 # Create/update default slice attribute types
592 for default_attribute_type in default_attribute_types:
593 if default_attribute_type['name'] not in attribute_types:
594 SliceAttributeTypeCreate(default_attribute_type['name'],
595 default_attribute_type['description'],
596 default_attribute_type['min_role_id'],
597 default_attribute_type['max_per_slice'],
598 default_attribute_type['is_exclusive'],
599 default_attribute_type['value_fields'])
601 # XXX No way to update slice attribute types
604 # Get contents of SSL public certificate used for signing slice tickets
606 plc_ticket_pubkey = ""
607 for line in file(plc_ma_sa['ssl_key_pub']):
609 if line[0:5] != "-----":
610 # XXX The embedded newlines matter, do not strip()!
611 plc_ticket_pubkey += line
613 plc_ticket_pubkey = '%KEY%'
615 # Create/update system slices
616 slices = [{'name': "pl_conf",
617 'description': "PlanetLab Slice Creation Service (SCS)",
619 'attributes': {'plc_slice_type': {'type': "VServerSlice"},
620 'plc_agent_version': {'version': "1.0"},
621 'plc_ticket_pubkey': {'key': plc_ticket_pubkey}}},
622 {'name': "pl_conf_vserverslice",
623 'description': "Default attributes for vserver slices",
625 'attributes': {'nm_cpu_share': {'cpu_share': 32},
626 'plc_slice_type': {'type': "VServerSlice"},
627 'nm_disk_quota': {'quota': 5000000}}}]
630 SliceInfo([slice['name']])
632 SliceCreate(slice['name'])
633 SliceSetInstantiationMethod(slice['name'], 'plc-instantiated')
634 SliceUpdate(slice['name'], slice['url'], slice['description'])
636 SliceRenew(slice['name'], sys.maxint)
637 # Create/update all attributes
638 for attribute, values in slice['attributes'].iteritems():
639 SliceAttributeSet(slice['name'], attribute, values)
642 if __name__ == '__main__':