4 from sfa.util.faults import MissingSfaInfo, UnknownSfaType, \
5 RecordNotFound, SfaNotImplemented, SfaInvalidArgument, UnsupportedOperation
7 from sfa.util.sfalogging import logger
8 from sfa.util.defaultdict import defaultdict
9 from sfa.util.sfatime import utcparse, datetime_to_string, datetime_to_epoch
10 from sfa.util.xrn import Xrn, hrn_to_urn, get_leaf
11 from sfa.openstack.osxrn import OSXrn, hrn_to_os_slicename, hrn_to_os_tenant_name
12 from sfa.util.cache import Cache
13 from sfa.trust.credential import Credential
14 # used to be used in get_ticket
15 #from sfa.trust.sfaticket import SfaTicket
16 from sfa.rspecs.version_manager import VersionManager
17 from sfa.rspecs.rspec import RSpec
18 from sfa.storage.alchemy import dbsession
19 from sfa.storage.model import RegRecord, SliverAllocation
21 # the driver interface, mostly provides default behaviours
22 from sfa.managers.driver import Driver
23 from sfa.openstack.shell import Shell
24 from sfa.openstack.osaggregate import OSAggregate
25 from sfa.planetlab.plslices import PlSlices
27 def list_to_dict(recs, key):
29 convert a list of dictionaries into a dictionary keyed on the
30 specified dictionary key
32 return dict ( [ (rec[key],rec) for rec in recs ] )
35 # PlShell is just an xmlrpc serverproxy where methods
36 # can be sent as-is; it takes care of authentication
37 # from the global config
39 class NovaDriver(Driver):
41 # the cache instance is a class member so it survives across incoming requests
44 def __init__ (self, config):
45 Driver.__init__(self, config)
46 self.shell = Shell(config=config)
48 if config.SFA_AGGREGATE_CACHING:
49 if NovaDriver.cache is None:
50 NovaDriver.cache = Cache()
51 self.cache = NovaDriver.cache
53 ########################################
54 ########## registry oriented
55 ########################################
57 ########## disabled users
58 def is_enabled (self, record):
59 # all records are enabled
62 def augment_records_with_testbed_info (self, sfa_records):
63 return self.fill_record_info (sfa_records)
66 def register (self, sfa_record, hrn, pub_key):
68 if sfa_record['type'] == 'slice':
69 record = self.register_slice(sfa_record, hrn)
70 elif sfa_record['type'] == 'user':
71 record = self.register_user(sfa_record, hrn, pub_key)
72 elif sfa_record['type'].startswith('authority'):
73 record = self.register_authority(sfa_record, hrn)
74 # We should be returning the records id as a pointer but
75 # this is a string and the records table expects this to be an
80 def register_slice(self, sfa_record, hrn):
81 # add slice description, name, researchers, PI
82 name = hrn_to_os_tenant_name(hrn)
83 description = sfa_record.get('description', None)
84 self.shell.auth_manager.tenants.create(name, description)
85 tenant = self.shell.auth_manager.tenants.find(name=name)
86 auth_hrn = OSXrn(xrn=hrn, type='slice').get_authority_hrn()
87 parent_tenant_name = OSXrn(xrn=auth_hrn, type='slice').get_tenant_name()
88 parent_tenant = self.shell.auth_manager.tenants.find(name=parent_tenant_name)
89 researchers = sfa_record.get('researchers', [])
90 for researcher in researchers:
91 name = Xrn(researcher).get_leaf()
92 user = self.shell.auth_manager.users.find(name=name)
93 self.shell.auth_manager.roles.add_user_role(user, 'Member', tenant)
94 self.shell.auth_manager.roles.add_user_role(user, 'user', tenant)
97 pis = sfa_record.get('pis', [])
99 name = Xrn(pi).get_leaf()
100 user = self.shell.auth_manager.users.find(name=name)
101 self.shell.auth_manager.roles.add_user_role(user, 'pi', tenant)
102 self.shell.auth_manager.roles.add_user_role(user, 'pi', parent_tenant)
106 def register_user(self, sfa_record, hrn, pub_key):
107 # add person roles, projects and keys
108 email = sfa_record.get('email', None)
110 name = xrn.get_leaf()
111 auth_hrn = xrn.get_authority_hrn()
112 tenant_name = OSXrn(xrn=auth_hrn, type='authority').get_tenant_name()
113 tenant = self.shell.auth_manager.tenants.find(name=tenant_name)
114 self.shell.auth_manager.users.create(name, email=email, tenant_id=tenant.id)
115 user = self.shell.auth_manager.users.find(name=name)
116 slices = sfa_records.get('slices', [])
117 for slice in projects:
118 slice_tenant_name = OSXrn(xrn=slice, type='slice').get_tenant_name()
119 slice_tenant = self.shell.auth_manager.tenants.find(name=slice_tenant_name)
120 self.shell.auth_manager.roles.add_user_role(user, slice_tenant, 'user')
121 keys = sfa_records.get('keys', [])
123 keyname = OSXrn(xrn=hrn, type='user').get_slicename()
124 self.shell.nova_client.keypairs.create(keyname, key)
127 def register_authority(self, sfa_record, hrn):
128 name = OSXrn(xrn=hrn, type='authority').get_tenant_name()
129 self.shell.auth_manager.tenants.create(name, sfa_record.get('description', ''))
130 tenant = self.shell.auth_manager.tenants.find(name=name)
135 # xxx actually old_sfa_record comes filled with plc stuff as well in the original code
136 def update (self, old_sfa_record, new_sfa_record, hrn, new_key):
137 type = new_sfa_record['type']
139 # new_key implemented for users only
140 if new_key and type not in [ 'user' ]:
141 raise UnknownSfaType(type)
143 elif type == "slice":
144 # can update project manager and description
145 name = hrn_to_os_slicename(hrn)
146 researchers = sfa_record.get('researchers', [])
147 pis = sfa_record.get('pis', [])
148 project_manager = None
149 description = sfa_record.get('description', None)
151 project_manager = Xrn(pis[0], 'user').get_leaf()
153 project_manager = Xrn(researchers[0], 'user').get_leaf()
154 self.shell.auth_manager.modify_project(name, project_manager, description)
157 # can techinally update access_key and secret_key,
158 # but that is not in our scope, so we do nothing.
164 def remove (self, sfa_record):
165 type=sfa_record['type']
167 name = Xrn(sfa_record['hrn']).get_leaf()
168 if self.shell.auth_manager.get_user(name):
169 self.shell.auth_manager.delete_user(name)
170 elif type == 'slice':
171 name = hrn_to_os_slicename(sfa_record['hrn'])
172 if self.shell.auth_manager.get_project(name):
173 self.shell.auth_manager.delete_project(name)
178 def fill_record_info(self, records):
180 Given a (list of) SFA record, fill in the PLC specific
181 and SFA specific fields in the record.
183 if not isinstance(records, list):
186 for record in records:
187 if record['type'] == 'user':
188 record = self.fill_user_record_info(record)
189 elif record['type'] == 'slice':
190 record = self.fill_slice_record_info(record)
191 elif record['type'].startswith('authority'):
192 record = self.fill_auth_record_info(record)
195 record['geni_urn'] = hrn_to_urn(record['hrn'], record['type'])
196 record['geni_certificate'] = record['gid']
197 #if os_record.created_at is not None:
198 # record['date_created'] = datetime_to_string(utcparse(os_record.created_at))
199 #if os_record.updated_at is not None:
200 # record['last_updated'] = datetime_to_string(utcparse(os_record.updated_at))
204 def fill_user_record_info(self, record):
205 xrn = Xrn(record['hrn'])
206 name = xrn.get_leaf()
207 record['name'] = name
208 user = self.shell.auth_manager.users.find(name=name)
209 record['email'] = user.email
210 tenant = self.shell.auth_manager.tenants.find(id=user.tenantId)
212 all_tenants = self.shell.auth_manager.tenants.list()
213 for tmp_tenant in all_tenants:
214 if tmp_tenant.name.startswith(tenant.name +"."):
215 for tmp_user in tmp_tenant.list_users():
216 if tmp_user.name == user.name:
217 slice_hrn = ".".join([self.hrn, tmp_tenant.name])
218 slices.append(slice_hrn)
219 record['slices'] = slices
220 roles = self.shell.auth_manager.roles.roles_for_user(user, tenant)
221 record['roles'] = [role.name for role in roles]
222 keys = self.shell.nova_manager.keypairs.findall(name=record['hrn'])
223 record['keys'] = [key.public_key for key in keys]
226 def fill_slice_record_info(self, record):
227 tenant_name = hrn_to_os_tenant_name(record['hrn'])
228 tenant = self.shell.auth_manager.tenants.find(name=tenant_name)
229 parent_tenant_name = OSXrn(xrn=tenant_name).get_authority_hrn()
230 parent_tenant = self.shell.auth_manager.tenants.find(name=parent_tenant_name)
234 # look for users and pis in slice tenant
235 for user in tenant.list_users():
236 for role in self.shell.auth_manager.roles.roles_for_user(user, tenant):
237 if role.name.lower() == 'pi':
238 user_tenant = self.shell.auth_manager.tenants.find(id=user.tenantId)
239 hrn = ".".join([self.hrn, user_tenant.name, user.name])
241 elif role.name.lower() in ['user', 'member']:
242 user_tenant = self.shell.auth_manager.tenants.find(id=user.tenantId)
243 hrn = ".".join([self.hrn, user_tenant.name, user.name])
244 researchers.append(hrn)
246 # look for pis in the slice's parent (site/organization) tenant
247 for user in parent_tenant.list_users():
248 for role in self.shell.auth_manager.roles.roles_for_user(user, parent_tenant):
249 if role.name.lower() == 'pi':
250 user_tenant = self.shell.auth_manager.tenants.find(id=user.tenantId)
251 hrn = ".".join([self.hrn, user_tenant.name, user.name])
253 record['name'] = tenant_name
254 record['description'] = tenant.description
257 record['geni_creator'] = pis[0]
259 record['geni_creator'] = None
260 record['researcher'] = researchers
263 def fill_auth_record_info(self, record):
264 tenant_name = hrn_to_os_tenant_name(record['hrn'])
265 tenant = self.shell.auth_manager.tenants.find(name=tenant_name)
269 # look for users and pis in slice tenant
270 for user in tenant.list_users():
271 for role in self.shell.auth_manager.roles.roles_for_user(user, tenant):
272 hrn = ".".join([self.hrn, tenant.name, user.name])
273 if role.name.lower() == 'pi':
275 elif role.name.lower() in ['user', 'member']:
276 researchers.append(hrn)
280 all_tenants = self.shell.auth_manager.tenants.list()
281 for tmp_tenant in all_tenants:
282 if tmp_tenant.name.startswith(tenant.name+"."):
283 slices.append(".".join([self.hrn, tmp_tenant.name]))
285 record['name'] = tenant_name
286 record['description'] = tenant.description
288 record['enabled'] = tenant.enabled
289 record['researchers'] = researchers
290 record['slices'] = slices
294 # plcapi works by changes, compute what needs to be added/deleted
295 def update_relation (self, subject_type, target_type, subject_id, target_ids):
296 # hard-wire the code for slice/user for now, could be smarter if needed
297 if subject_type =='slice' and target_type == 'user':
298 subject=self.shell.project_get(subject_id)[0]
299 current_target_ids = [user.name for user in subject.members]
300 add_target_ids = list ( set (target_ids).difference(current_target_ids))
301 del_target_ids = list ( set (current_target_ids).difference(target_ids))
302 logger.debug ("subject_id = %s (type=%s)"%(subject_id,type(subject_id)))
303 for target_id in add_target_ids:
304 self.shell.project_add_member(target_id,subject_id)
305 logger.debug ("add_target_id = %s (type=%s)"%(target_id,type(target_id)))
306 for target_id in del_target_ids:
307 logger.debug ("del_target_id = %s (type=%s)"%(target_id,type(target_id)))
308 self.shell.project_remove_member(target_id, subject_id)
310 logger.info('unexpected relation to maintain, %s -> %s'%(subject_type,target_type))
313 ########################################
314 ########## aggregate oriented
315 ########################################
317 def testbed_name (self): return "openstack"
319 def aggregate_version (self):
322 # first 2 args are None in case of resource discovery
323 def list_resources (self, version=None, options={}):
324 aggregate = OSAggregate(self)
325 rspec = aggregate.list_resources(version=version, options=options)
328 def describe(self, urns, version=None, options={}):
329 aggregate = OSAggregate(self)
330 return aggregate.describe(urns, version=version, options=options)
332 def status (self, urns, options={}):
333 aggregate = OSAggregate(self)
334 desc = aggregate.describe(urns)
335 return desc['geni_slivers']
337 def allocate (self, urn, rspec_string, options={}):
339 aggregate = OSAggregate(self)
341 # assume first user is the caller and use their context
342 # for the ec2/euca api connection. Also, use the first users
343 # key as the project key.
346 key_name = aggregate.create_instance_key(xrn.get_hrn(), users[0])
348 # collect public keys
349 users = options.get('geni_users', [])
352 pubkeys.extend(user['keys'])
354 rspec = RSpec(rspec_string)
355 instance_name = hrn_to_os_slicename(slice_hrn)
356 tenant_name = OSXrn(xrn=slice_hrn, type='slice').get_tenant_name()
357 slivers = aggregate.run_instances(instance_name, tenant_name, \
358 rspec_string, key_name, pubkeys)
360 # update all sliver allocation states setting then to geni_allocated
361 sliver_ids = [sliver.id for sliver in slivers]
362 SliverAllocation.set_allocations(sliver_ids, 'geni_allocated')
364 return aggregate.describe(urns=[urn], version=rspec.version)
366 def provision(self, urns, options={}):
367 # update sliver allocation states and set them to geni_provisioned
368 aggregate = OSAggregate(self)
369 instances = aggregate.get_instances(urns)
371 for instance in instances:
372 sliver_hrn = "%s.%s" % (self.driver.hrn, instance.id)
373 sliver_ids.append(Xrn(sliver_hrn, type='sliver').urn)
374 SliverAllocation.set_allocations(sliver_ids, 'geni_provisioned')
376 return self.describe(urns, options=options)
378 def delete (self, urns, options={}):
379 # collect sliver ids so we can update sliver allocation states after
380 # we remove the slivers.
381 aggregate = OSAggregate(self)
382 instances = aggregate.get_instances(urns)
384 for instance in instances:
385 sliver_hrn = "%s.%s" % (self.driver.hrn, instance.id)
386 sliver_ids.append(Xrn(sliver_hrn, type='sliver').urn)
388 # delete the instance
389 aggregate.delete_instance(instance)
391 # delete sliver allocation states
392 SliverAllocation.delete_allocations(sliver_ids)
395 def renew (self, urns, expiration_time, options={}):
398 def perform_operational_action (self, urns, action, options={}):
399 aggregate = OSAggregate(self)
400 action = action.lower()
401 if action == 'geni_start':
402 action_method = aggregate.start_instances
403 elif action == 'geni_stop':
404 action_method = aggregate.stop_instances
405 elif action == 'geni_restart':
406 action_method = aggreate.restart_instances
408 raise UnsupportedOperation(action)
411 tenant_name = xrn.get_tenant_name()
412 project_name = xrn.get_slicename()
414 aggreate.action_method(tenant_name, project_name, id)
415 description = self.describe(urns)
416 return description['geni_slivers']
418 def shutdown(self, xrn, options={}):
419 xrn = OSXrn(xrn=xrn, type='slice')
420 tenant_name = xrn.get_tenant_name()
421 name = xrn.get_slicename()
422 self.driver.shell.nova_manager.connect(tenant=tenant_name)
423 instances = self.driver.shell.nova_manager.servers.findall(name=name)
424 for instance in instances:
425 self.driver.shell.nova_manager.servers.shutdown(instance)