1 ### $Id: slices.py 15842 2009-11-22 09:56:13Z anil $
2 ### $URL: https://svn.planet-lab.org/svn/sfa/trunk/sfa/plc/slices.py $
9 from types import StringTypes
10 from sfa.util.namespace import *
11 from sfa.util.rspec import *
12 from sfa.util.specdict import *
13 from sfa.util.faults import *
14 from sfa.util.record import SfaRecord
15 from sfa.util.policy import Policy
16 from sfa.util.record import *
17 from sfa.util.sfaticket import SfaTicket
18 from sfa.util.debug import log
19 from sfa.plc.slices import Slices
20 from sfa.trust.credential import Credential
21 import sfa.plc.peers as peers
22 from sfa.plc.network import *
23 from sfa.plc.api import SfaAPI
24 from sfa.plc.slices import *
27 Create a new plauth object that the Aggregate Manager can use to execute
28 plshell commands as the authenticated user.
30 def __get_user_plauth(api, registry, credential, creds, operation, hrn):
33 user_creds = api.auth.checkCredentials(creds, operation, hrn)
34 user_cred_obj = Credential(string=user_creds[0])
36 # If user cred has a parent then the caller is the parent's cred.
37 # This is true for delegated creds.
38 if user_cred_obj.parent:
39 user_hrn = user_cred_obj.parent.get_gid_caller().get_hrn()
41 user_hrn = user_cred_obj.get_gid_caller().get_hrn()
43 user_record = registry.Resolve(user_hrn, [credential])[0]
44 email = user_record['email']
46 person = api.plshell.GetPersons(api.plauth, email)
48 person_id = person[0]['person_id']
49 # Get the user's session if one exists, create one otherwise
50 session = api.plshell.GetSessions(api.plauth, {'person_id': person_id})
52 session = api.plshell.AddSession(api.plauth, person_id)
54 session = session[0]['session_id']
56 # Create new authentication token
57 plauth = {'Username':email, 'AuthMethod':'session', 'session':session}
62 def __get_registry_objects(slice_xrn, creds, users):
66 hrn, type = urn_to_hrn(slice_xrn)
68 hrn_auth = get_authority(hrn)
70 # Build up objects that an SFA registry would return if SFA
71 # could contact the slice's registry directly
79 site['name'] = 'geni.%s' % hrn_auth
80 site['enabled'] = True
81 site['max_slices'] = 100
84 # Is it okay if this login base is the same as one already at this myplc site?
85 # Do we need uniqueness? Should use hrn_auth instead of just the leaf perhaps?
86 site['login_base'] = get_leaf(hrn_auth)
87 site['abbreviated_name'] = hrn
88 site['max_slivers'] = 1000
89 reg_objects['site'] = site
92 slice['expires'] = int(time.mktime(Credential(string=creds[0]).get_lifetime().timetuple()))
94 slice['name'] = site['login_base'] + "_" + get_leaf(hrn)
96 slice['description'] = hrn
98 reg_objects['slice_record'] = slice
100 reg_objects['users'] = {}
103 hrn, _ = urn_to_hrn(user['urn'])
104 user['email'] = hrn + "@geni.net"
105 user['first_name'] = hrn
106 user['last_name'] = hrn
107 reg_objects['users'][user['email']] = user
111 def __get_hostnames(nodes):
114 hostnames.append(node.hostname)
119 version['geni_api'] = 1
123 def slice_status(api, slice_xrn, creds):
125 result['geni_urn'] = slice_xrn
126 result['geni_status'] = 'unknown'
127 result['geni_resources'] = {}
130 def create_slice(api, slice_xrn, creds, rspec, users):
132 Create the sliver[s] (slice) at this aggregate.
133 Verify HRN and initialize the slice record in PLC if necessary.
135 reg_objects = __get_registry_objects(slice_xrn, creds, users)
137 hrn, type = urn_to_hrn(slice_xrn)
140 peer = slices.get_peer(hrn)
141 sfa_peer = slices.get_sfa_peer(hrn)
142 registry = api.registries[api.hrn]
143 credential = api.getCredential()
144 site_id, remote_site_id = slices.verify_site(registry, credential, hrn,
145 peer, sfa_peer, reg_objects)
147 slice_record = slices.verify_slice(registry, credential, hrn, site_id,
148 remote_site_id, peer, sfa_peer, reg_objects)
150 user_plauth = __get_user_plauth(api, registry, credential, creds,
153 # The Network instance will use user_plauth to call the PLCAPI
154 network = Network(api, user_plauth)
156 slice = network.get_slice(api, hrn)
157 slice.peer_id = slice_record['peer_slice_id']
158 current = __get_hostnames(slice.get_nodes())
160 network.addRSpec(rspec, api.config.SFA_AGGREGATE_RSPEC_SCHEMA)
161 request = __get_hostnames(network.nodesWithSlivers())
163 # remove nodes not in rspec
164 deleted_nodes = list(set(current).difference(request))
166 # add nodes from rspec
167 added_nodes = list(set(request).difference(current))
170 api.plshell.UnBindObjectFromPeer(api.plauth, 'slice', slice.id, peer)
172 api.plshell.AddSliceToNodes(user_plauth, slice.name, added_nodes)
173 api.plshell.DeleteSliceFromNodes(user_plauth, slice.name, deleted_nodes)
175 network.updateSliceTags()
178 api.plshell.BindObjectToPeer(api.plauth, 'slice', slice.id, peer,
181 # print network.toxml()
185 def renew_slice(api, xrn, creds, exipration_time):
186 hrn, type = urn_to_hrn(xrn)
187 slicename = hrn_to_pl_slicename(hrn)
188 slices = api.plshell.GetSlices(api.plauth, {'name': slicename}, ['slice_id'])
190 raise RecordNotFound(hrn)
192 slice['expires'] = expiration_time
193 api.plshell.UpdateSlice(api.plauth, slice['slice_id'], slice)
196 def start_slice(api, xrn, creds):
197 hrn, type = urn_to_hrn(xrn)
198 slicename = hrn_to_pl_slicename(hrn)
199 slices = api.plshell.GetSlices(api.plauth, {'name': slicename}, ['slice_id'])
201 raise RecordNotFound(hrn)
202 slice_id = slices[0]['slice_id']
203 slice_tags = api.plshell.GetSliceTags(api.plauth, {'slice_id': slice_id, 'tagname': 'enabled'}, ['slice_tag_id'])
204 # just remove the tag if it exists
206 api.plshell.DeleteSliceTag(api.plauth, slice_tags[0]['slice_tag_id'])
210 def stop_slice(api, xrn, creds):
211 hrn, type = urn_to_hrn(xrn)
212 slicename = hrn_to_pl_slicename(hrn)
213 slices = api.plshell.GetSlices(api.plauth, {'name': slicename}, ['slice_id'])
215 raise RecordNotFound(hrn)
216 slice_id = slices[0]['slice_id']
217 slice_tags = api.plshell.GetSliceTags(api.plauth, {'slice_id': slice_id, 'tagname': 'enabled'})
219 api.plshell.AddSliceTag(api.plauth, slice_id, 'enabled', '0')
220 elif slice_tags[0]['value'] != "0":
221 tag_id = attributes[0]['slice_tag_id']
222 api.plshell.UpdateSliceTag(api.plauth, tag_id, '0')
225 def reset_slice(api, xrn):
226 # XX not implemented at this interface
229 def delete_slice(api, xrn, creds):
230 hrn, type = urn_to_hrn(xrn)
231 slicename = hrn_to_pl_slicename(hrn)
232 slices = api.plshell.GetSlices(api.plauth, {'name': slicename})
237 # determine if this is a peer slice
238 peer = peers.get_peer(api, hrn)
240 api.plshell.UnBindObjectFromPeer(api.plauth, 'slice', slice['slice_id'], peer)
241 api.plshell.DeleteSliceFromNodes(api.plauth, slicename, slice['node_ids'])
243 api.plshell.BindObjectToPeer(api.plauth, 'slice', slice['slice_id'], peer, slice['peer_slice_id'])
246 def get_slices(api, creds):
247 # look in cache first
249 slices = api.cache.get('slices')
254 slices = api.plshell.GetSlices(api.plauth, {'peer_id': None}, ['name'])
255 slice_hrns = [slicename_to_hrn(api.hrn, slice['name']) for slice in slices]
256 slice_urns = [hrn_to_urn(slice_hrn, 'slice') for slice_hrn in slice_hrns]
260 api.cache.add('slices', slice_urns)
264 def get_rspec(api, creds, options):
265 # get slice's hrn from options
266 xrn = options.get('geni_slice_urn', None)
267 hrn, type = urn_to_hrn(xrn)
270 # look in cache first
271 if api.cache and not xrn:
272 rspec = api.cache.get('nodes')
277 registry = api.registries[api.hrn]
278 credential = api.getCredential()
279 user_plauth = __get_user_plauth(api, registry, credential, creds,
282 # The Network instance will use user_plauth to call the PLCAPI
283 network = Network(api, user_plauth)
285 if network.get_slice(api, hrn):
288 rspec = network.toxml()
292 if api.cache and not xrn:
293 api.cache.add('nodes', rspec)
298 def get_ticket(api, xrn, creds, rspec, users):
300 reg_objects = __get_registry_objects(xrn, creds, users)
302 slice_hrn, type = urn_to_hrn(xrn)
304 peer = slices.get_peer(slice_hrn)
305 sfa_peer = slices.get_sfa_peer(slice_hrn)
307 # get the slice record
308 registry = api.registries[api.hrn]
309 credential = api.getCredential()
310 records = registry.Resolve(xrn, credential)
312 # similar to create_slice, we must verify that the required records exist
313 # at this aggregate before we can issue a ticket
314 site_id, remote_site_id = slices.verify_site(registry, credential, slice_hrn,
315 peer, sfa_peer, reg_objects)
316 slice = slices.verify_slice(registry, credential, slice_hrn, site_id,
317 remote_site_id, peer, sfa_peer, reg_objects)
319 # make sure we get a local slice record
321 for tmp_record in records:
322 if tmp_record['type'] == 'slice' and \
323 not tmp_record['peer_authority']:
324 record = SliceRecord(dict=tmp_record)
326 raise RecordNotFound(slice_hrn)
329 slivers = Slices(api).get_slivers(slice_hrn)
331 raise SliverDoesNotExist(slice_hrn)
336 'timestamp': int(time.time()),
337 'initscripts': initscripts,
342 object_gid = record.get_gid_object()
343 new_ticket = SfaTicket(subject = object_gid.get_subject())
344 new_ticket.set_gid_caller(api.auth.client_gid)
345 new_ticket.set_gid_object(object_gid)
346 new_ticket.set_issuer(key=api.key, subject=api.hrn)
347 new_ticket.set_pubkey(object_gid.get_pubkey())
348 new_ticket.set_attributes(data)
349 new_ticket.set_rspec(rspec)
350 #new_ticket.set_parent(api.auth.hierarchy.get_auth_ticket(auth_hrn))
354 return new_ticket.save_to_string(save_parents=True)
361 rspec = get_rspec(api, "plc.princeton.sapan", None)
362 #rspec = get_rspec(api, "plc.princeton.coblitz", None)
363 #rspec = get_rspec(api, "plc.pl.sirius", None)
366 f = open(sys.argv[1])
369 create_slice(api, "plc.princeton.sapan", xml)
371 if __name__ == "__main__":