2 <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
8 <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
12 <style type="text/css">
30 div, address, ol, ul, li, option, select {
42 font-family: Verdana, sans-serif;
44 background-color: #ffffff;
49 -moz-force-broken-image-icon: 1;
54 background-color: #f3f3f3 !important;
66 border-top: 1px solid #ccc;
67 border-left: 1px solid #ccc;
68 border-right: 2px solid #bbb;
69 border-bottom: 2px solid #bbb;
70 width: 648px !important;
71 margin: 15px auto 25px;
78 * html.pageview body {
81 /* Prevent repaint errors when scrolling in Safari. This "Star-7" css hack
82 targets Safari 3.1, but not WebKit nightlies and presumably Safari 4.
83 That's OK because this bug is fixed in WebKit nightlies/Safari 4 :-). */
84 html*#wys_frame::before {
97 .writely-callout-data {
100 .writely-footnote-marker {
101 background-image: url('MISSING');
102 background-color: transparent;
103 background-repeat: no-repeat;
109 .editor .writely-footnote-marker {
112 .writely-footnote-marker-highlight {
113 background-position: -15px 0;
115 .writely-footnote-hide-selection ::-moz-selection, .writely-footnote-hide-selection::-moz-selection {
116 background: transparent;
118 .writely-footnote-hide-selection ::selection, .writely-footnote-hide-selection::selection {
119 background: transparent;
121 .writely-footnote-hide-selection {
126 .editor .writely-comment-yellow {
127 background-color: #FF9;
128 background-position: -240px 0;
130 .editor .writely-comment-yellow-hover {
131 background-color: #FF0;
132 background-position: -224px 0;
134 .editor .writely-comment-blue {
135 background-color: #C0D3FF;
136 background-position: -16px 0;
138 .editor .writely-comment-blue-hover {
139 background-color: #6292FE;
140 background-position: 0 0;
142 .editor .writely-comment-orange {
143 background-color: #FFDEAD;
144 background-position: -80px 0;
146 .editor .writely-comment-orange-hover {
147 background-color: #F90;
148 background-position: -64px 0;
150 .editor .writely-comment-green {
151 background-color: #99FBB3;
152 background-position: -48px 0;
154 .editor .writely-comment-green-hover {
155 background-color: #00F442;
156 background-position: -32px 0;
158 .editor .writely-comment-cyan {
159 background-color: #CFF;
160 background-position: -208px 0;
162 .editor .writely-comment-cyan-hover {
163 background-color: #0FF;
164 background-position: -192px 0;
166 .editor .writely-comment-purple {
167 background-color: #EBCCFF;
168 background-position: -144px 0;
170 .editor .writely-comment-purple-hover {
171 background-color: #90F;
172 background-position: -128px 0;
174 .editor .writely-comment-magenta {
175 background-color: #FCF;
176 background-position: -112px 0;
178 .editor .writely-comment-magenta-hover {
179 background-color: #F0F;
180 background-position: -96px 0;
182 .editor .writely-comment-red {
183 background-color: #FFCACA;
184 background-position: -176px 0;
186 .editor .writely-comment-red-hover {
187 background-color: #FF7A7A;
188 background-position: -160px 0;
191 .editor .writely-comment-marker {
192 background-image: url('MISSING');
193 background-color: transparent;
195 background-repeat: no-repeat;
198 -moz-user-select: none;
201 .editor .writely-comment-hidden {
205 .editor .writely-comment-marker-hidden {
210 .editor .writely-comment-none {
212 filter:progid:DXImageTransform.Microsoft.Alpha(opacity=20);
215 .editor .writely-comment-none-hover {
217 filter:progid:DXImageTransform.Microsoft.Alpha(opacity=20);
224 .br_fix br:not(:-moz-last-node):not(:-moz-first-node) {
233 position: static !important
237 h6 { font-size: 8pt }
238 h5 { font-size: 8pt }
239 h4 { font-size: 10pt }
240 h3 { font-size: 12pt }
241 h2 { font-size: 14pt }
242 h1 { font-size: 18pt }
244 blockquote {padding: 10px; border: 1px #DDD dashed }
250 page-break-after: always;
251 /* We don't want this to be resizeable, so enforce a width and height
253 height: 1px !important;
254 width: 100% !important;
258 border-top: 1px dashed #C0C0C0;
259 border-bottom: 1px dashed #C0C0C0;
262 div.google_header, div.google_footer {
269 /* Table of contents */
270 .editor div.writely-toc {
271 background-color: #f3f3f3;
272 border: 1px solid #ccc;
278 ol.writely-toc-subheading {
283 * html writely-toc ol {
284 list-style-position: inside;
287 list-style-type: none;
289 .writely-toc-decimal {
290 list-style-type: decimal;
292 .writely-toc-upper-alpha {
293 list-style-type: upper-alpha;
295 .writely-toc-lower-alpha {
296 list-style-type: lower-alpha;
298 .writely-toc-upper-roman {
299 list-style-type: upper-roman;
301 .writely-toc-lower-roman {
302 list-style-type: lower-roman;
305 list-style-type: disc;
308 /* end default css */
311 /* default print css */
319 div.google_header, div.google_footer {
326 flow: static(header);
329 /* used to insert page numbers */
330 div.google_header::before, div.google_footer::before {
336 flow: static(footer);
339 /* always consider this element at the start of the doc */
341 flow: static(footer, start);
344 span.google_pagenumber {
345 content: counter(page);
348 span.google_pagecount {
349 content: counter(pages);
353 callout.google_footnote {
355 display: prince-footnote;
356 footnote-style-position: inside;
357 /* These styles keep the footnote from taking on the style of the text
358 surrounding the footnote marker. They can be overridden in the
361 font-family: Verdana;
366 /* Table of contents */
367 #WritelyTableOfContents a::after {
368 content: leader('.') target-counter(attr(href), page);
371 #WritelyTableOfContents a {
372 text-decoration: none;
379 content: flow(header);
382 content: flow(footer);
385 border-top: solid black thin;
389 /* end default print css */
402 font-family: Verdana;
406 background-color: #ffffff;
408 /* end ui edited css */
413 .editor a:visited {color: #551A8B}
414 .editor table.zeroBorder {border: 1px dotted gray}
415 .editor table.zeroBorder td {border: 1px dotted gray}
416 .editor table.zeroBorder th {border: 1px dotted gray}
419 .editor div.google_header, .editor div.google_footer {
420 border: 2px #DDDDDD dashed;
426 .editor .misspell {background-color: yellow}
428 .editor .writely-comment {
432 border: 1px dashed #C0C0C0
442 <body onload="DoPageLoad();"
444 revision="dhkdd78p_13kvrgbnfb:273">
451 <b>Geniwrapper Design Document</b>
\r
458 <b>1.0 High Level Overview</b>
\r
464 The purpose of Geniwrapper is to provide a Geni-like interface around the
\r
465 existing planetlab infrastructure. The existing infrastructure consists of two
\r
466 parts: planetlab central (PLC) and planetlab nodes. Geni defines three
\r
467 interfaces: Registry, Slice, and Component Management. A part of the wrapper is co-located with PLC (it exports the Registry and Slice interfaces),
\r
468 and a part of the wrapper is co-located with each node (it exports the Slice
\r
469 and Management interfaces).
475 Geniwrapper is comprised of the following logical modules: <i>utility
\r
476 classes</i>, <i>plc wrapper</i>, <i>component wrapper</i>, and <i>command
\r
477 line client</i>. Client-server communication uses a variant of XML-RPC called
\r
478 the <i>Geni protocol</i>. Section 1 of this document presents a very brief
\r
479 overview of each module. In-depth discussion occurs later.
\r
485 Much of this design adheres to the SFA, and as such this document avoids
\r
486 duplication of the information already presented in the SFA. For example, the
\r
487 description of privileges, which operations are allowed by a specific
\r
488 privileges, and how privileges are assigned to principals is described fully
\r
489 in the SFA and is therefore not duplicated here.
\r
495 NOTE: <b>API documentation</b> is extracted from code comments automatically
\r
496 and is maintained in separate files, one documentation file corresponding to
\r
497 each python source file. An effort has been made to keep API documentation
\r
498 separate from this document, so that the API documentation may be
\r
499 self-maintaining as the code is updated.
\r
505 Geniwrapper is checked into a subversion repository at
\r
506 <a href=http://svn.planetlab.org/geniwrapper>http://svn.planetlab.org/geniwrapper</a>.
\r
507 [TODO: verify link]
\r
514 <b>1.1 Utility classes</b>
\r
520 Utility classes include python classes that implement certificates, GIDs,
\r
521 credentials, and tickets. There are also utility classes for implementing
\r
522 the server and client stubs and the security protocol. The utility modules
\r
523 are designed to be generally re-usable. For example, the credential
\r
524 management class may be used as part of the Geni Registry, Geni Components,
\r
525 and the end-user tools that interact with Geni.
\r
531 The utility classes are located in the
\r
532 <i>util</i> subdirectory.
\r
539 <b>1.2 PLC wrapper</b>
\r
545 The plc wrapper is intended to be colocated with PLC. All communication
\r
546 between the plc wrapper and PLC uses the PLCAPI interface and as such,
\r
547 the plc wrapper can be run on a separate machine for ease of development.
\r
548 In addition to the Geni registry operations (register, update, ...),
\r
549 the plc wrapper also implements slice operations, such as GetTicket.
\r
555 The plc wrapper is located in the <i>plc</i> subdirectory.
\r
561 TODO: Most of the slice interface is yet to be implemented in plc wrapper.
\r
567 <b>1.3 The component wrapper</b>
\r
573 The component wrapper is located on planetlab nodes. It implements
\r
574 the slice interface, and the component management interface. Due to SFA
\r
575 engineering decisions, some slice operations (i.e. GetTicket) are
\r
576 not supported in the component wrapper.
\r
582 The component wrapper is located in the <i>component</i> subdirectory.
\r
588 <b>1.4 Command line client</b>
\r
594 The command line client exports a client interface to Geni that may be used
\r
595 for testing and demonstration purposes. It allows easy invocation of Geni api
\r
596 functions and dumps the results in a human-readable format.
\r
602 The command line client is located in the <i>cmdline</i>
\r
609 <b>1.5 Geni Protocol</b>
\r
615 The Geni protocol is based on XML-RPC. It is implemented primarily in the
\r
616 geniserver.py and geniclient.py files located with the utility classes.
\r
617 Modifications to the XML-RPC protocol include the following:
\r
624 The transport mechanism uses HTTPS instead of HTTP.
\r
627 HTTPS certificate verification is disabled so that custom Geni verification
\r
628 based on GID can be done instead.
\r
631 When an exception occurs on the server, verbose exception information is
\r
632 sent to the client, to assist debugging efforts
\r
645 Authentication of the client by the server is done by using Credentials/GIDs.
\r
646 Generally, each operation contains a credential as the first argument. This
\r
647 credential includes the GID of the caller, which in turn contains the public
\r
648 key of the caller. The server ensures that this public key matches the public
\r
649 key that is being used to decrypt the HTTPS connection, thus ensuring the
\r
650 caller must posess the private key that corresponds to the GID.
\r
656 Authentication of the server by the client is left as an exercise for the
\r
657 client. It may be done easily by specifying the server's public key when the
\r
658 client create the HTTPS connection. This presumes the client knows the public
\r
659 key (or GID) of the server he is trying to connect to.
\r
663 <b>1.6 Extending Geniwrapper to other environments</b><br>
\r
665 The PLC Wrapper and Component Wrapper are implemented to work on top of the
\r
666 Planetlab environment, but Geniwrapper was designed specifically to be easy to
\r
667 port to other platforms or environments. The utility classes are generally
\r
668 planetlab-independent, and the planetlab specific code is located in the
\r
669 directories that house the PLC and Component wrappers. The utility classes
\r
670 implement most of the complexity of the Geni wrapper, allowing the PLC and
\r
671 Component wrappers to be relatively lightweight.<br>
\r
673 For example, looking at the code for the stop_slice function implemented in
\r
674 the component wrapper:<br>
\r
676 def stop_slice(self, cred_str):<br>
\r
677
\r
678 self.decode_authentication(cred_str, "stopslice")<br>
\r
679 slicename =
\r
680 hrn_to_pl_slicename(self.object_gid.get_hrn())<br>
\r
681 print "stopslice:", slicename<br>
\r
682 accounts.get(slicename).stop()<br>
\r
684 The hrn_to_pl_slicename() function and accounts() class are planetlab-specific
\r
685 and implement the actual stopping of the slice. The remaining code that
\r
686 implements the Geni protocol, decodes credentials and authentication, etc., is
\r
687 planetlab-independent, and could be easily used in a non-planetlab
\r
692 <b>2.0 Utility Classes</b>
\r
698 <b>2.1 Certificates and Keys (cert.py)</b>
\r
704 Geniwrapper uses two crypto libraries: pyOpenSSL and M2Crypto to implement the
\r
705 necessary crypto functionality. Ideally just one of these libraries would be
\r
706 used, but unfortunately each of these libraries is independently lacking. The
\r
707 pyOpenSSL library is missing many necessary functions, and the M2Crypto
\r
708 library has crashed inside of some of the functions. The design decision is to
\r
709 use pyOpenSSL whenever possible as it seems more stable, and only use M2Crypto
\r
710 for those functions that are not possible in pyOpenSSL.
\r
722 Public-private key pairs are implemented by the <b>Keypair </b>class. A
\r
723 Keypair object may represent both a public and private key pair, or it may
\r
724 represent only a public key (this usage is consistent with OpenSSL).
\r
727
\r
730 <b>2.1.2 Certificates</b>
\r
736 The certificate class implements a general purpose X509 certificate, making
\r
737 use of the appropriate pyOpenSSL or M2Crypto abstractions. It also adds
\r
738 several addition features, such as the ability to maintain a chain of parent
\r
739 certificates, and storage of application-specific data.
\r
745 Certificates include the ability to maintain a chain of parents. Each
\r
746 certificate includes a pointer to it's parent certificate. When loaded from a
\r
747 file or a string, the parent chain will be automatically loaded. When saving a
\r
748 certificate to a file or a string, the caller can choose whether to save the
\r
749 parent certificates as well.
\r
755 Example creation of a certificate:
\r
761 # create a key for an issuer<br>
\r
762 issuerKey = Keypair(create=True)<br>
\r
763 issuerSubject = "testissuer"
\r
769 # create a key for the certificate
\r
772 userKey = KeyPair(create=True)
\r
778 # create the certificate, set the issuer, and
\r
782 cert = Certificate(subject="test")<br>
\r
783 cert.set_issuer(issuerKey, issuerSubject)
\r
786 cert.set_pubkey(userKey)<br>
\r
787 cert.sign()
\r
793 <b>2.1.3 Certificate Verification</b>
\r
800 Verification examines a chain of certificates to ensure that each parent
\r
801 signs the child, and that some certificate in the chain is signed by a
\r
802 trusted certificate. Verification is a basic recursion:
\r
804 <pre> if this_certificate was signed by trusted_certs:<br> return<br> else<br> return verify_chain(parent, trusted_certs)</pre>
\r
807 At each recursion, the parent is tested to ensure that it did sign the child.
\r
808 If a parent did not sign a child, then an exception is thrown. If the bottom
\r
809 of the recursion is reached and the certificate does not match a trusted root,
\r
810 then an exception is thrown.
\r
813 <br>
\r
814 <b>2.2 GIDS (gid.py)</b>
\r
820 GIDs are a derivative class of certificates and as such the GID class
\r
821 inherits all the methods of the certificate class. A GID includes a tuple
\r
822 of the following fields:
\r
828 (uuid, hrn, public_key)
\r
834 UUID is a unique identifier and is created by the python uuid module (or the
\r
835 utility function create_uuid() in gid.py).
\r
841 HRN is a human readable name. It is a dotted form similar to a backward domain
\r
842 name. For example, planetlab.us.arizona.bakers.
\r
848 PUBLIC_KEY is the public key of the principal identified by the UUID/HRN. It
\r
849 is a Keypair object as defined in the cert.py module.
\r
855 It is expected that there is a one-to-one pairing between UUIDs and HRN, but
\r
856 it is uncertain how this would be inforced or if it needs to be enforced.
\r
862 <b>2.2.1 Encoding and Decoding</b>
\r
868 The 5 fields of the GID tuple are stored in the subject-alt-name field of
\r
869 the X509 certificate. Two routines are included to package and unpackage these
\r
870 fields: Encode() and Decode(). Encode should be called prior to signing the
\r
871 GID. Decode is automatically called on demand by the various get_*()
\r
878 <b>2.2.2 Verification of GIDs</b>
\r
883 Verification first performs the checks of the certificate class (verifying that
\r
884 each parent signs the child, etc). In addition, GIDs also confirm that the
\r
885 parent's HRN is a prefix of the child's HRN. Verifying these prefixes prevents a
\r
886 rogue authority from signing a GID for a principal that is not a member of that
\r
887 authority. For example, planetlab.us.arizona cannot sign a GID for
\r
888 planetlab.us.princeton.foo.
\r
893 <b>2.3 Credentials (credential.py)</b>
\r
899 Credentials are a derivative class of certificates and as such the credential
\r
900 class inherits all the methods of the certificate class. A credential includes
\r
901 a tuple of the following fields:
\r
907 (GIDCaller, GIDObject, LifeTime, Privileges, Delegate)
\r
913 GIDCaller identifies the holder of the credential. When a credential is
\r
914 presented to a component, the security layer ensures that the client matches
\r
915 the public key that is contained in GIDCaller.
\r
921 GIDObject identifies the object of the credential. This object depends upon
\r
922 the type of the credential. For example, the credential for a user likely has
\r
923 GIDObject == GIDCaller. Credentials for slices would include the GID of the
\r
924 slice in the GIDObject field. Credentials for authorities include the GID of
\r
925 the authority in the GIDObject field.
\r
931 LifeTime is the lifetime of the credential. Currently not implemented; expect
\r
932 to implement it as an expiration date, and refuse credentials beyond that
\r
939 Privileges is a Rights object that describes the rights that are granted to
\r
940 the holder of the credential.
\r
946 Delegate is a True/False bit that indicates whether or not a credential can be
\r
947 delegated to a different caller.
\r
953 <b>2.3.1 Encoding and Decoding</b>
\r
959 The 5 fields of the credential tuple are stored in the subject-alt-name field
\r
960 of the X509 certificate. Two routines are included to package and unpackage
\r
961 these fields: Encode() and Decode(). Encode should be called prior to signing
\r
962 the credential. Decode is automatically called on demand by the various
\r
969 <b>2.3.2 Verification of Credentials</b>
\r
975 In addition to the checks for ordinary certificates, verification of
\r
976 credentials also ensures that the delegate bit was set by each parent in the
\r
977 chain. If a delegate bit was not set, then an exception is thrown. Each
\r
978 credential must also contain a subset of the rights of the parent credential
\r
979 (i.e. a user credential cannot delegate authority rights).<br>
\r
981 <b>2.4 Rights (rights.py)<br>
\r
983 </b>Rights are implemented by two classes:<br>
\r
985 Right - represents a single right<br>
\r
986 RightList - represents a list of rights A right may allow several different
\r
989 For example, the "info" right allows "listslices", "listcomponentresources",
\r
992 <b>2.5 Records (record.py)</b><br>
\r
998 The GeniRecord class implements a Geni Record. The GeniRecord class implements
\r
999 an abstract interface for the record, so that a client may use records without
\r
1000 having to understant the underlying implementation details, such as whether
\r
1001 the record is realized in the registry database, a local cache, or has been
\r
1002 transmitted over the wire by an interface. A GeniRecord is a tuple (Name, GID,
\r
1009 Name specifies the HRN of the object GID is the GID of the object
\r
1015 Type is user | sa | ma | slice | component Info is comprised of the
\r
1016 following sub-fields
\r
1022 Pointer is a pointer to the record in the PL database
\r
1028 pl_info is planetlab-specific info (when talking to client)
\r
1034 geni_info = geni-specific info (when talking to client)
\r
1040 The pointer is interpreted depending on the type of the record. For example,
\r
1041 if the type=="user", then pointer is assumed to be a person_id that indexes
\r
1042 into the persons table.
\r
1048 A given HRN may have more than one record, provided that the records are of
\r
1049 different types. For example, planetlab.us.arizona may have both an SA and a
\r
1050 MA record, but cannot have two SA records.
\r
1056 <b>2.6 Tickets (geniticket.py)</b>
\r
1062 Similar to GIDs and Credentials, tickets also leverage the certificate object.
\r
1068 A Ticket is tuple:<br>
\r
1069 (gidCaller, gidObject, attributes, rspec, delegate)<br>
\r
1071 gidCaller = GID of the caller performing the operation<br>
\r
1072 gidObject = GID of the slice<br>
\r
1073 attributes = slice attributes (keys, vref, instantiation,
\r
1075 rspec = resources
\r
1081 Tickets are created by invoking GetTicket() on the plc wrapper. The slice
\r
1082 attributes and rspec are taken from the planetlab slice database and represent
\r
1083 the current state of the slice. As of yet, tickets do not include any concept
\r
1084 of time -- a ticket represents the state of the slice at the current time
\r
1091 Tickets are redeemed by invoking RedeemTicket() on the slice interface. The
\r
1092 attributes and spec are combined back into a planetlab slice record and handed
\r
1093 off to the node manager.
\r
1099 Tickets are signed by an authority and include parentage information that
\r
1100 traces the chain of authorities back to a trusted root.
\r
1106 <b>2.6.1 rspecs</b>
\r
1112 The rspec is currently a dictionary of {name: value} pairs. These pairs are
\r
1113 taken verbatim from the planetlab slice database.
\r
1119 The general rule that is used is that things in the slice record that do not
\r
1120 specifically imply a tangible resource (initscripts, keys, etc) are treated as
\r
1121 attributes and things that do specify a tangible resource (disk, network, etc)
\r
1122 are treated as the rspec.
\r
1128 TODO: The definition of an rspec is evolving. It remains to reconcile the
\r
1129 eclipse schema with Geniwrapper. Gacks is also using another rspec format,
\r
1130 which may be need to be reconciled with the eclipse schema and/or geniwrapper.
\r
1137 <b>2.6.2 Encoding and Decoding</b>
\r
1143 The 5 fields of the credential tuple are stored in the subject-alt-name
\r
1144 field of the X509 certificate. Two routines are included to package and
\r
1145 unpackage these fields: Encode() and Decode(). Encode should be called prior
\r
1146 to signing the ticket. Decode is automatically called on demand by the
\r
1147 various get_*() functions.
\r
1153 <b>2.6.3 Verification of Tickets</b>
\r
1159 Verification uses the standard parentage verification provided by the
\r
1160 certificate class. Specifically, each certificate is signed by a parent, and
\r
1161 some certificate must resolve to the trusted root set that is specified on
\r
1168 Unlike credentials and GIDs, the parent of a ticket may be a degenerate
\r
1169 ticket that does not include the full 5-tuple (caller, object, attributes,
\r
1170 rspec, delegate). In such a case, the parent is just a placeholder in the
\r
1171 chain of authority used to convey the parentage information.
\r
1177 Delegation of tickets is not something that is discussed in the SFA, but it
\r
1178 is supported in the ticket class and may be a useful feature. For example,
\r
1179 Alice may hold a ticket for a particular component, and delegate that ticket
\r
1180 to Bob. Bob could then instantiate a slice for Alice. This may be one way to
\r
1181 implement a slice manager.<br>
\r
1183 <b>2.7 Hierarchy of Authorities (hierarchy.py)</b><br>
\r
1185 This module implements a hierarchy of authorities and performs a similar
\r
1186 function as the "tree" module of the original geniwrapper prototype. An HRN
\r
1187 is assumed to be a string of authorities separated by dots. For example,
\r
1188 "planetlab.us.arizona.bakers". Each component of the HRN is a different
\r
1189 authority, with the last component being a leaf in the tree. Each authority
\r
1190 is stored in a subdirectory on the registry.<br>
\r
1192 Inside this subdirectory are several files:<br>
\r
1193 *.GID - GID file<br>
\r
1194 *.PKEY - private key file<br>
\r
1195 *.DBINFO - database info<br>
\r
1197 The hierarchy class can be used to create GIDs, Credentials, and Tickets for
\r
1198 a given authority.
\r
1205 The default behavior is that all authorities contained in the hierarchy will
\r
1206 be located together in a single physical registry. However, this is not
\r
1207 strictly necessary. The *.DBINFO files contain the database information for an
\r
1208 authority and can easily be configured to point to other machines. How an
\r
1209 authority would cause the DBINFO files to be installed in the correct places
\r
1210 is left as a separate exercise, possibly via an out-of-band management
\r
1211 interface or a web page.
\r
1215 <b>2.8 Configuration Information (config.py)</b><br>
\r
1217 This module holds configuration parameters for geniwrapper. There are two main
\r
1218 pieces of information that are used: the database connection and the PLCAPI
\r
1221 Geniwrapper uses a MYSQL database to store records. This database may be
\r
1222 co-located with the PLC database, or it may be a separate database. The
\r
1223 following parameters define the connection to the database. Note that
\r
1224 Geniwrapper does not access any of the PLC databases directly via a mysql
\r
1225 connection; All PLC databases are accessed via PLCAPI.<br>
\r
1228 Geniwrapper uses a PLCAPI connection to perform operations on the registry,
\r
1229 such as creating and deleting slices. This connection requires an account on
\r
1230 the PLC server with full administrator access. The Url parameter controls
\r
1231 whether the connection uses PLCAPI directly (i.e. Geniwrapper is located on
\r
1232 the same machine as PLC), or uses a XMLRPC connection to the PLC machine. If
\r
1233 you wish to use the API directly, then remove the Url field from the
\r
1238 <b>2.8.1 Database Configuration</b>
\r
1244 Below is an example database configuration from config.py:
\r
1250 def get_default_dbinfo():<br>
\r
1251 dbinfo={}<br>
\r
1252 dbinfo['dbname'] = 'planetlab4'<br>
\r
1253 dbinfo['address'] = 'localhost'<br>
\r
1254 dbinfo['port'] = 5432<br>
\r
1255 dbinfo['user'] = 'pgsqluser'<br>
\r
1256 dbinfo['password'] = '4c77b272-c892-4bdf-a833-dddeeee1a2ed'
\r
1259 return dbinfo
\r
1265 This identifies several important pieces of the database configuration. The
\r
1266 name specifies the database name as used by pgsql. The address is the hostname
\r
1267 (or ip-address) of the machine that is hosting the database. It is most likely
\r
1268 the local machine. Port specifies the socket port where the pgsql is
\r
1269 listening. The user and password authenticate Geniwrapper to the pgsql
\r
1270 database. In this example, an existing PLC database was used. This is not
\r
1271 strictly necessary as only Geni-specific information is stored in this
\r
1272 database. A separate database could be used, on a separate machine than PLC if
\r
1279 <b>2.8.2 PLCAPI Configuration</b>
\r
1285 Blow is an example PLCAPI configuration from config.py:
\r
1291 def get_pl_auth():<br>
\r
1292 pl_auth = {'Username':
\r
1293 <a href=mailto:%27root@198.0.0.132%27>'root@198.0.0.132'</a>,<br>
\r
1294 'AuthMethod': 'password',<br>
\r
1295 'AuthString': 'root',<br>
\r
1296 "Url":
\r
1297 "<a href=https://localhost/PLCAPI/>https://localhost:443/PLCAPI/</a>"<br>
\r
1298 }
\r
1301 return pl_auth
\r
1307 The PLCAPI configuration tells Geniwrapper how to connect to PLC. There are
\r
1308 two options: a local connection or a remote connection. If the Url field is
\r
1309 defined, then a remote connection is assumed, and Geniwrapper will attempt to
\r
1310 connect via XMLRPC to a remote PLCAPI server. If the Url field is not defined,
\r
1311 then Geniwrapper will assume that PYTHONPATH includes the relevant PLCAPI
\r
1312 classes to use PLCAPI directly.
\r
1318 Username specifies the name of the PLCAPI user. It is suggested that a user
\r
1319 with full administrative authority be allowed. Otherwise, Geniwrapper will be
\r
1320 unable to lookup public keys and other information that PLC does not make
\r
1321 available publicly. Administrative permission is also required to create PLC
\r
1322 sites, users, etc. Authmethod and AuthString specify the password require to
\r
1329 <b>2.9 GeniServer and GeniClient</b>
\r
1335 Two files, geniserver.py and geniclient.py implement a basic Geni server and
\r
1342 Geniserver forms the basis of any server that exports a Geni interface.
\r
1343 Examples include the PLC and Component wrappers. The Geniserver class itself
\r
1344 does not export any useful API functions other than a "noop" function that can
\r
1345 be used to test the server interface. Descendant classes register additional
\r
1346 API functions by overriding the register_function() member of the geniserver
\r
1353 Geniserver provides a function, decode_authentication, that decodes
\r
1354 credentials. Credentials are supplied as the first parameter to many registry
\r
1355 and slice interface API functions. This function converts the credential
\r
1356 string supplied by the user into a credential object, checks to see that the
\r
1357 key the caller is using to encrypt the SSL connection matches the public key
\r
1358 in the caller GID of the credential, checks to see that the credential allows
\r
1359 the operation the caller is attempting to do, and finally verifies that the
\r
1360 parentage of the credential traces back to a trusted root.
\r
1366 Geniclient provides a variety of client-side stubs for invoking operations on
\r
1367 Geni interfaces. These stubs convert objects into strings that may be encoded
\r
1368 by XMLRPC, call the associated XMLRPC function, and convert the results back
\r
1369 into objects. Use of the Geniclient class is optional, but it makes a
\r
1370 convenient mechanism to execute API calls.
\r
1376 <b>3.0 The PLC Wrapper</b>
\r
1382 This wrapper implements the Registry and Slice interfaces. According to the
\r
1383 SFA, the basic functionality of a registry is to map HRNs into records.
\r
1384 However, because of the interactions between Geniwrapper and PLC, the registry
\r
1385 does more than act as a simple database. The registry performs API calls on
\r
1386 PLC that create slices, sites, users, etc., and as such may indirectly cause
\r
1387 slices to be instantiated on components, because components are also linked to
\r
1394 The mapping of Geni objects to planetlab objects is relatively
\r
1401 slice = slice
\r
1404 user = person
\r
1407 component = node
\r
1410 sa = site
\r
1413 ma = site
\r
1419 The one part that is slightly counterintuitive is SA and MA, which both map to
\r
1420 the planetlab site object. In a unified registry (a registry that serves as
\r
1421 both slice and component registry), these will map to the same site record in
\r
1422 the PLC database. However, there are two distinct Geni records, one for
\r
1423 the SA and one for the MA.
\r
1429 Registry and slice operations generally authenticate the caller by
\r
1430 credential. There are a few exceptions, and the registry API documents
\r
1431 should note those exceptions.
\r
1437 <b>3.1 PLC Wrapper Tools</b>
\r
1443 The registry include several additional tools that are used to manage it.
\r
1450 import.py - imports existing PLC records into the registry
\r
1456 nuke.py - deletes all Geni records
\r
1462 <b>3.1 Bootstrapping the PLC Wrapper</b>
\r
1468 There are several items that need to be done before starting the plc wrapper.
\r
1474 1) Update util/config.py to match the parameters of your PLC installation.
\r
1480 2) Import the existing planetlab database, creating the appropriate geni
\r
1481 records. This is done by running the "import.py" tool.
\r
1487 3) Create a "trusted_roots" directory and place the certificate of the root
\r
1488 authority in that directory. Given the defaults in import.py, this certificate
\r
1489 would be named "planetlab.gid". For example, mkdir trusted_roots; cp
\r
1490 authorities/planetlab.gid trusted_roots/
\r
1496 <b>4.0 The Component Wrapper</b>
\r
1500 The Geni Component Wrapper implements the Geni Slice and Component Management
\r
1501 interfaces. It includes functions for redeeming tickets,
\r
1502 starting/stopping/resetting/deleting slices, and management such as rebooting
\r
1509 The design of the component differs from the plc wrapper in the respect that
\r
1510 the component wrapper must be run in the same domain (VM) as the NM for the
\r
1511 node it is responsible for. That is, the component wrapper directly calls
\r
1512 the local node manager.
\r
1518 <b>4.1 Component Authentication of Credentials</b>
\r
1524 The component authenticates credentials the same way that the plc wrapper
\r
1525 does. Specifically, there is a directory of trusted_root certificates (or
\r
1526 GIDs) on the component. Any credential presented to the component must include
\r
1527 in it's parentage some certificate in the set of trusted roots. Otherwise, and
\r
1528 exception is thrown.
\r
1534 <b>4.2 The Ticket interface</b>
\r
1540 Mainpulating tickets is split between the PLC wrapper and the Component wrapper.
\r
1541 Specifically, the authoritative copy of planetlab state is stored on PLC and only cached on
\r
1542 the components. Thus, GetTicket() is implemented by the plc wrapper, and
\r
1543 RedeemTicket() is implemented by the component wrapper. Attempting to call GetTicket()
\r
1544 on a component will fail.<br>
\r
1546 InstantiateSlice is not implemented, as that operation is a combination of
\r
1547 GetTicket/RedeemTicket and would therefore span the PLC and Component
\r
1554 <b>4.3 Sliver Credentials</b>
\r
1560 A recent Geni Architecture call mentioned the need for sliver credentials. A
\r
1561 sliver credential would be identical to a slice credential, but would 1) only
\r
1562 be redeemable on a particular component, and 2) would resolve to a
\r
1563 trusted_root unique to that component (likely the component's GID
\r
1564 certificate). Sliver credentials would be returned by the RedeemTicket call
\r
1565 and would give the caller the permission required to start and stop the
\r
1572 Sliver credentials are not yet implemented, but their implementation would be
\r
1579 <b>4.4 Bootstrapping the Component Wrapper</b>
\r
1585 The first step is to install some required libraries on the component. These
\r
1586 include the m2crypto and pyopenssl libraries. Installing the actual RPMs for
\r
1587 these libaries on a running component proved difficult due to additional
\r
1588 support packages that require installation (python-devel, etc). For
\r
1589 development purposes, it was sufficient to copy the installed/compiled version
\r
1590 of the libraries from the development machine to the component.
\r
1596 The second step is to copy the files required by the component wrapper to
\r
1597 the node manager. They are copied to the /usr/share/Nodemanager directory. A
\r
1598 list of the files is contained in the copynode.sh script in the component
\r
1605 The third step is to copy the trusted root certificates to the component. They
\r
1606 are stored in /usr/share/Nodemanager/trusted_roots. This should include the
\r
1607 certificate for the registry.
\r
1613 The fourth step is to start the component manager. This is done by
\r
1614 connecting to the component via SSH and running
\r
1615 /usr/share/Nodemanager/component.py.
\r
1619 In a production environment, all of these steps would be integrated into the
\r
1620 DVD boot image for the planetlab node.
\r
1626 <b>5.0 Command-Line Interface</b>
\r
1632 A command-line interface is provided that allows a user to interact with the
\r
1633 Geni Registry and Component. This command line interface is located in the
\r
1634 cmdline directory and can be invoked by running genicli.py. Specifying
\r
1635 "genicli.py help" will display a list of available commands.
\r
1641 <b>5.1 Examples</b>
\r
1647 Several examples of using the CLI are presented in the form of shell scripts
\r
1648 in the cmdline directory. These scripts demonstrate creating slices,
\r
1649 authorities, users, nodes, and getting tickets and redeeming tickets. Rather
\r
1650 than duplicating all of those examples here, a few short examples are
\r
1657 <b>5.1.1 Getting a Credential</b>
\r
1663 python ./genicli.py --username root --credfile None --outfile test.cred
\r
1664 getCredential user planetlab.us.pl.account_test
\r
1670 The credential for planetlab.us.pl.account_test is retrieved and stored in the
\r
1671 local file test.cred. The private ket test.pkey is used when opening the
\r
1672 XMLRPC connection and authenticates the client. test.pkey must match the
\r
1673 public key that is in the GID for the user record for
\r
1674 planetlab.us.pl.account_test.
\r
1680 Sample output: (in human-readable summary)
\r
1686 CREDENTIAL planetlab.us.pl.account_test<br>
\r
1687 privs: refresh,resolve,info<br>
\r
1688 gidCaller:<br>
\r
1689 hrn:
\r
1690 planetlab.us.pl.account_test<br>
\r
1691 uuid:
\r
1692 276262316202422735940395896620385479122<br>
\r
1693 gidObject:<br>
\r
1694 hrn:
\r
1695 planetlab.us.pl.account_test<br>
\r
1696 uuid:
\r
1697 276262316202422735940395896620385479122<br>
\r
1698 delegate: False
\r
1707 <b>5.1.2 Resolving a record</b>
\r
1713 python ./genicli.py --username test resolve planetlab.us.pl.account_test
\r
1719 The record for planetlab.us.pl.account_test is retrieved and printed to
\r
1720 stdout. The credential used comes from the local file test.cred.
\r
1726 Sample output: (in human-readable summary)
\r
1732 RECORD planetlab.us.pl.account_test<br>
\r
1733 hrn: planetlab.us.pl.account_test<br>
\r
1734 type: user<br>
\r
1735 gid:<br>
\r
1736 hrn:
\r
1737 planetlab.us.pl.account_test<br>
\r
1738 uuid:
\r
1739 276262316202422735940395896620385479122<br>
\r
1740 pointer: 6<br>
\r
1741 geni_info:<br>
\r
1742 email :
\r
1743 <a href=mailto:test@test.com>test@test.com</a><br>
\r
1744 pl_info:<br>
\r
1745 bio : None<br>
\r
1746 first_name : test<br>
\r
1747 last_name : account<br>
\r
1748 last_updated : 1222497672<br>
\r
1749 uuid : None<br>
\r
1750 roles : ['user']<br>
\r
1751 title : None<br>
\r
1752 &nbsp; url : None<br>
\r
1753 key_ids : [1]<br>
\r
1754 enabled : True<br>
\r
1755 slice_ids : [24]<br>
\r
1756 phone : None<br>
\r
1757 peer_person_id : None<br>
\r
1758 role_ids : [30]<br>
\r
1759 person_id : 6<br>
\r
1760 date_created : 1219083140<br>
\r
1761 site_ids : [1]<br>
\r
1762 peer_id : None<br>
\r
1763 email :
\r
1764 <a href=mailto:test@test.com>test@test.com</a>
\r
1770 <b>5.1.3 Updating a record</b>
\r
1776 python ./genicli.py --username test update user planetlab.us.pl.account_test
\r
1782 The record for planetlab.us.pl.account_test is updated. The credential used
\r
1783 comes from the local file test.cred. No changes are specified, so the only
\r
1784 thing that should be updated is the expiration time.
\r
1790 <b>5.1.4 Resolving an authority</b>
\r
1796 An authority is an example of an HRN that might resolve to two different
\r
1797 records, an SA and a MA record.
\r
1803 python ./genicli.py --username test resolve planetlab.us.pl
\r
1809 Sample Output: (in human readable summary)
\r
1815 RECORD planetlab.us.pl<br>
\r
1816 hrn: planetlab.us.pl<br>
\r
1817 type: sa<br>
\r
1818 gid:<br>
\r
1819 hrn: planetlab.us.pl<br>
\r
1820 uuid:
\r
1821 294786197975089072547582920862317666209<br>
\r
1822 pointer: 1<br>
\r
1823 geni_info:<br>
\r
1824 pi :
\r
1825 ['planetlab.us.pl.Administrator_Default']<br>
\r
1826 pl_info:<br>
\r
1827 last_updated : 1224136003<br>
\r
1828 node_ids : [1]<br>
\r
1829 site_id : 1<br>
\r
1830 pcu_ids : []<br>
\r
1831 max_slices : 100<br>
\r
1832 ext_consortium_id : None<br>
\r
1833 peer_site_id : None<br>
\r
1834 abbreviated_name : plctest<br>
\r
1835 uuid :
\r
1836 230749975723590978208303655640765327534<br>
\r
1837 person_ids : [2, 4, 6]<br>
\r
1838 slice_ids : [24, 1, 2]<br>
\r
1839 latitude : None<br>
\r
1840 peer_id : None<br>
\r
1841 max_slivers : 1000<br>
\r
1842 is_public : False<br>
\r
1843 address_ids : []<br>
\r
1844 name : plctest Central<br>
\r
1845 url :
\r
1846 <a href=http://198.0.0.132/>http://198.0.0.132/</a><br>
\r
1847 enabled : True<br>
\r
1848 longitude : None<br>
\r
1849 login_base : pl<br>
\r
1850 date_created : 1209428329<br>
\r
1852 RECORD planetlab.us.pl<br>
\r
1853 hrn: planetlab.us.pl<br>
\r
1854 type: ma<br>
\r
1855 gid:<br>
\r
1856 hrn: planetlab.us.pl<br>
\r
1857 uuid:
\r
1858 294786197975089072547582920862317666209<br>
\r
1859 pointer: 1<br>
\r
1860 geni_info:<br>
\r
1861 operator : []<br>
\r
1862 owner :
\r
1863 ['planetlab.us.pl.Administrator_Default']<br>
\r
1864 pl_info:<br>
\r
1865 last_updated : 1224136003<br>
\r
1866 node_ids : [1]<br>
\r
1867 site_id : 1<br>
\r
1868 pcu_ids : []<br>
\r
1869 max_slices : 100<br>
\r
1870 ext_consortium_id : None<br>
\r
1871 peer_site_id : None<br>
\r
1872 abbreviated_name : plctest<br>
\r
1873 uuid :
\r
1874 230749975723590978208303655640765327534<br>
\r
1875 person_ids : [2, 4, 6]<br>
\r
1876 slice_ids : [24, 1, 2]<br>
\r
1877 latitude : None<br>
\r
1878 peer_id : None<br>
\r
1879 max_slivers : 1000<br>
\r
1880 is_public : False<br>
\r
1881 address_ids : []<br>
\r
1882 name : plctest Central<br>
\r
1883 url :
\r
1884 <a href=http://198.0.0.132/>http://198.0.0.132/</a><br>
\r
1885 enabled : True<br>
\r
1886 longitude : None<br>
\r
1887 login_base : pl<br>
\r
1888 date_created : 1209428329
\r