Geniwrapper Design Document
1.0 High Level Overview
The purpose of Geniwrapper is to provide a Geni-like interface around the
existing planetlab infrastructure. The existing infrastructure consists of two
parts: planetlab central (PLC) and planetlab nodes. Geni defines three
interfaces: Registry, Slice, and Component Management. A part of the wrapper is co-located with PLC (it exports the Registry and Slice interfaces),
and a part of the wrapper is co-located with each node (it exports the Slice
and Management interfaces).
Geniwrapper is comprised of the following logical modules: utility
classes, plc wrapper, component wrapper, and command
line client. Client-server communication uses a variant of XML-RPC called
the Geni protocol. Section 1 of this document presents a very brief
overview of each module. In-depth discussion occurs later.
Much of this design adheres to the SFA, and as such this document avoids
duplication of the information already presented in the SFA. For example, the
description of privileges, which operations are allowed by a specific
privileges, and how privileges are assigned to principals is described fully
in the SFA and is therefore not duplicated here.
NOTE: API documentation is extracted from code comments automatically
and is maintained in separate files, one documentation file corresponding to
each python source file. An effort has been made to keep API documentation
separate from this document, so that the API documentation may be
self-maintaining as the code is updated.
1.1 Utility classes
Utility classes include python classes that implement certificates, GIDs,
credentials, and tickets. There are also utility classes for implementing
the server and client stubs and the security protocol. The utility modules
are designed to be generally re-usable. For example, the credential
management class may be used as part of the Geni Registry, Geni Components,
and the end-user tools that interact with Geni.
The utility classes are located in the
util subdirectory.
1.2 PLC wrapper
The plc wrapper is intended to be colocated with PLC. All communication
between the plc wrapper and PLC uses the PLCAPI interface and as such,
the plc wrapper can be run on a separate machine for ease of development.
In addition to the Geni registry operations (register, update, ...),
the plc wrapper also implements slice operations, such as GetTicket.
The plc wrapper is located in the plc subdirectory.
TODO: Most of the slice interface is yet to be implemented in plc wrapper.
1.3 The component wrapper
The component wrapper is located on planetlab nodes. It implements
the slice interface, and the component management interface. Due to SFA
engineering decisions, some slice operations (i.e. GetTicket) are
not supported in the component wrapper.
The component wrapper is located in the component subdirectory.
1.4 Command line client
The command line client exports a client interface to Geni that may be used
for testing and demonstration purposes. It allows easy invocation of Geni api
functions and dumps the results in a human-readable format.
The command line client is located in the cmdline
subdirectory
1.5 Geni Protocol
The Geni protocol is based on XML-RPC. It is implemented primarily in the
geniserver.py and geniclient.py files located with the utility classes.
Modifications to the XML-RPC protocol include the following:
-
The transport mechanism uses HTTPS instead of HTTP.
-
HTTPS certificate verification is disabled so that custom Geni verification
based on GID can be done instead.
-
When an exception occurs on the server, verbose exception information is
sent to the client, to assist debugging efforts
Authentication:
Authentication of the client by the server is done by using Credentials/GIDs.
Generally, each operation contains a credential as the first argument. This
credential includes the GID of the caller, which in turn contains the public
key of the caller. The server ensures that this public key matches the public
key that is being used to decrypt the HTTPS connection, thus ensuring the
caller must posess the private key that corresponds to the GID.
Authentication of the server by the client is left as an exercise for the
client. It may be done easily by specifying the server's public key when the
client create the HTTPS connection. This presumes the client knows the public
key (or GID) of the server he is trying to connect to.
1.6 Extending Geniwrapper to other environments
The PLC Wrapper and Component Wrapper are implemented to work on top of the
Planetlab environment, but Geniwrapper was designed specifically to be easy to
port to other platforms or environments. The utility classes are generally
planetlab-independent, and the planetlab specific code is located in the
directories that house the PLC and Component wrappers. The utility classes
implement most of the complexity of the Geni wrapper, allowing the PLC and
Component wrappers to be relatively lightweight.
For example, looking at the code for the stop_slice function implemented in
the component wrapper:
def stop_slice(self, cred_str):
self.decode_authentication(cred_str, "stopslice")
slicename =
hrn_to_pl_slicename(self.object_gid.get_hrn())
print "stopslice:", slicename
accounts.get(slicename).stop()
The hrn_to_pl_slicename() function and accounts() class are planetlab-specific
and implement the actual stopping of the slice. The remaining code that
implements the Geni protocol, decodes credentials and authentication, etc., is
planetlab-independent, and could be easily used in a non-planetlab
environment.
2.0 Utility Classes
2.1 Certificates and Keys (cert.py)
Geniwrapper uses two crypto libraries: pyOpenSSL and M2Crypto to implement the
necessary crypto functionality. Ideally just one of these libraries would be
used, but unfortunately each of these libraries is independently lacking. The
pyOpenSSL library is missing many necessary functions, and the M2Crypto
library has crashed inside of some of the functions. The design decision is to
use pyOpenSSL whenever possible as it seems more stable, and only use M2Crypto
for those functions that are not possible in pyOpenSSL.
2.1.1 Keys
Public-private key pairs are implemented by the Keypair class. A
Keypair object may represent both a public and private key pair, or it may
represent only a public key (this usage is consistent with OpenSSL).
2.1.2 Certificates
The certificate class implements a general purpose X509 certificate, making
use of the appropriate pyOpenSSL or M2Crypto abstractions. It also adds
several addition features, such as the ability to maintain a chain of parent
certificates, and storage of application-specific data.
Certificates include the ability to maintain a chain of parents. Each
certificate includes a pointer to it's parent certificate. When loaded from a
file or a string, the parent chain will be automatically loaded. When saving a
certificate to a file or a string, the caller can choose whether to save the
parent certificates as well.
Example creation of a certificate:
# create a key for an issuer
issuerKey = Keypair(create=True)
issuerSubject = "testissuer"
# create a key for the certificate
userKey = KeyPair(create=True)
# create the certificate, set the issuer, and
sign it
cert = Certificate(subject="test")
cert.set_issuer(issuerKey, issuerSubject)
cert.set_pubkey(userKey)
cert.sign()
2.1.3 Certificate Verification
Verification examines a chain of certificates to ensure that each parent
signs the child, and that some certificate in the chain is signed by a
trusted certificate. Verification is a basic recursion:
if this_certificate was signed by trusted_certs:
return
else
return verify_chain(parent, trusted_certs)
At each recursion, the parent is tested to ensure that it did sign the child.
If a parent did not sign a child, then an exception is thrown. If the bottom
of the recursion is reached and the certificate does not match a trusted root,
then an exception is thrown.
2.2 GIDS (gid.py)
GIDs are a derivative class of certificates and as such the GID class
inherits all the methods of the certificate class. A GID includes a tuple
of the following fields:
(uuid, hrn, public_key)
UUID is a unique identifier and is created by the python uuid module (or the
utility function create_uuid() in gid.py).
HRN is a human readable name. It is a dotted form similar to a backward domain
name. For example, planetlab.us.arizona.bakers.
PUBLIC_KEY is the public key of the principal identified by the UUID/HRN. It
is a Keypair object as defined in the cert.py module.
It is expected that there is a one-to-one pairing between UUIDs and HRN, but
it is uncertain how this would be inforced or if it needs to be enforced.
2.2.1 Encoding and Decoding
The 5 fields of the GID tuple are stored in the subject-alt-name field of
the X509 certificate. Two routines are included to package and unpackage these
fields: Encode() and Decode(). Encode should be called prior to signing the
GID. Decode is automatically called on demand by the various get_*()
functions.
2.2.2 Verification of GIDs
Verification first performs the checks of the certificate class (verifying that
each parent signs the child, etc). In addition, GIDs also confirm that the
parent's HRN is a prefix of the child's HRN. Verifying these prefixes prevents a
rogue authority from signing a GID for a principal that is not a member of that
authority. For example, planetlab.us.arizona cannot sign a GID for
planetlab.us.princeton.foo.
2.3 Credentials (credential.py)
Credentials are a derivative class of certificates and as such the credential
class inherits all the methods of the certificate class. A credential includes
a tuple of the following fields:
(GIDCaller, GIDObject, LifeTime, Privileges, Delegate)
GIDCaller identifies the holder of the credential. When a credential is
presented to a component, the security layer ensures that the client matches
the public key that is contained in GIDCaller.
GIDObject identifies the object of the credential. This object depends upon
the type of the credential. For example, the credential for a user likely has
GIDObject == GIDCaller. Credentials for slices would include the GID of the
slice in the GIDObject field. Credentials for authorities include the GID of
the authority in the GIDObject field.
LifeTime is the lifetime of the credential. Currently not implemented; expect
to implement it as an expiration date, and refuse credentials beyond that
date.
Privileges is a Rights object that describes the rights that are granted to
the holder of the credential.
Delegate is a True/False bit that indicates whether or not a credential can be
delegated to a different caller.
2.3.1 Encoding and Decoding
The 5 fields of the credential tuple are stored in the subject-alt-name field
of the X509 certificate. Two routines are included to package and unpackage
these fields: Encode() and Decode(). Encode should be called prior to signing
the credential. Decode is automatically called on demand by the various
get_*() functions.
2.3.2 Verification of Credentials
In addition to the checks for ordinary certificates, verification of
credentials also ensures that the delegate bit was set by each parent in the
chain. If a delegate bit was not set, then an exception is thrown. Each
credential must also contain a subset of the rights of the parent credential
(i.e. a user credential cannot delegate authority rights).
2.4 Rights (rights.py)
Rights are implemented by two classes:
Right - represents a single right
RightList - represents a list of rights A right may allow several different
operations.
For example, the "info" right allows "listslices", "listcomponentresources",
etc.
2.5 Records (record.py)
The GeniRecord class implements a Geni Record. The GeniRecord class implements
an abstract interface for the record, so that a client may use records without
having to understant the underlying implementation details, such as whether
the record is realized in the registry database, a local cache, or has been
transmitted over the wire by an interface. A GeniRecord is a tuple (Name, GID,
Type, Info).
Name specifies the HRN of the object GID is the GID of the object
Type is user | sa | ma | slice | component Info is comprised of the
following sub-fields
Pointer is a pointer to the record in the PL database
pl_info is planetlab-specific info (when talking to client)
geni_info = geni-specific info (when talking to client)
The pointer is interpreted depending on the type of the record. For example,
if the type=="user", then pointer is assumed to be a person_id that indexes
into the persons table.
A given HRN may have more than one record, provided that the records are of
different types. For example, planetlab.us.arizona may have both an SA and a
MA record, but cannot have two SA records.
2.6 Tickets (geniticket.py)
Similar to GIDs and Credentials, tickets also leverage the certificate object.
A Ticket is tuple:
(gidCaller, gidObject, attributes, rspec, delegate)
gidCaller = GID of the caller performing the operation
gidObject = GID of the slice
attributes = slice attributes (keys, vref, instantiation,
etc)
rspec = resources
Tickets are created by invoking GetTicket() on the plc wrapper. The slice
attributes and rspec are taken from the planetlab slice database and represent
the current state of the slice. As of yet, tickets do not include any concept
of time -- a ticket represents the state of the slice at the current time
only.
Tickets are redeemed by invoking RedeemTicket() on the slice interface. The
attributes and spec are combined back into a planetlab slice record and handed
off to the node manager.
Tickets are signed by an authority and include parentage information that
traces the chain of authorities back to a trusted root.
2.6.1 rspecs
The rspec is currently a dictionary of {name: value} pairs. These pairs are
taken verbatim from the planetlab slice database.
The general rule that is used is that things in the slice record that do not
specifically imply a tangible resource (initscripts, keys, etc) are treated as
attributes and things that do specify a tangible resource (disk, network, etc)
are treated as the rspec.
TODO: The definition of an rspec is evolving. It remains to reconcile the
eclipse schema with Geniwrapper. Gacks is also using another rspec format,
which may be need to be reconciled with the eclipse schema and/or geniwrapper.
2.6.2 Encoding and Decoding
The 5 fields of the credential tuple are stored in the subject-alt-name
field of the X509 certificate. Two routines are included to package and
unpackage these fields: Encode() and Decode(). Encode should be called prior
to signing the ticket. Decode is automatically called on demand by the
various get_*() functions.
2.6.3 Verification of Tickets
Verification uses the standard parentage verification provided by the
certificate class. Specifically, each certificate is signed by a parent, and
some certificate must resolve to the trusted root set that is specified on
the component.
Unlike credentials and GIDs, the parent of a ticket may be a degenerate
ticket that does not include the full 5-tuple (caller, object, attributes,
rspec, delegate). In such a case, the parent is just a placeholder in the
chain of authority used to convey the parentage information.
Delegation of tickets is not something that is discussed in the SFA, but it
is supported in the ticket class and may be a useful feature. For example,
Alice may hold a ticket for a particular component, and delegate that ticket
to Bob. Bob could then instantiate a slice for Alice. This may be one way to
implement a slice manager.
2.7 Hierarchy of Authorities (hierarchy.py)
This module implements a hierarchy of authorities and performs a similar
function as the "tree" module of the original geniwrapper prototype. An HRN
is assumed to be a string of authorities separated by dots. For example,
"planetlab.us.arizona.bakers". Each component of the HRN is a different
authority, with the last component being a leaf in the tree. Each authority
is stored in a subdirectory on the registry.
Inside this subdirectory are several files:
*.GID - GID file
*.PKEY - private key file
*.DBINFO - database info
The hierarchy class can be used to create GIDs, Credentials, and Tickets for
a given authority.
The default behavior is that all authorities contained in the hierarchy will
be located together in a single physical registry. However, this is not
strictly necessary. The *.DBINFO files contain the database information for an
authority and can easily be configured to point to other machines. How an
authority would cause the DBINFO files to be installed in the correct places
is left as a separate exercise, possibly via an out-of-band management
interface or a web page.
2.8 Configuration Information (config.py)
This module holds configuration parameters for geniwrapper. There are two main
pieces of information that are used: the database connection and the PLCAPI
connection.
Geniwrapper uses a MYSQL database to store records. This database may be
co-located with the PLC database, or it may be a separate database. The
following parameters define the connection to the database. Note that
Geniwrapper does not access any of the PLC databases directly via a mysql
connection; All PLC databases are accessed via PLCAPI.
Geniwrapper uses a PLCAPI connection to perform operations on the registry,
such as creating and deleting slices. This connection requires an account on
the PLC server with full administrator access. The Url parameter controls
whether the connection uses PLCAPI directly (i.e. Geniwrapper is located on
the same machine as PLC), or uses a XMLRPC connection to the PLC machine. If
you wish to use the API directly, then remove the Url field from the
dictionary.
2.8.1 Database Configuration
Below is an example database configuration from config.py:
def get_default_dbinfo():
dbinfo={}
dbinfo['dbname'] = 'planetlab4'
dbinfo['address'] = 'localhost'
dbinfo['port'] = 5432
dbinfo['user'] = 'pgsqluser'
dbinfo['password'] = '4c77b272-c892-4bdf-a833-dddeeee1a2ed'
return dbinfo
This identifies several important pieces of the database configuration. The
name specifies the database name as used by pgsql. The address is the hostname
(or ip-address) of the machine that is hosting the database. It is most likely
the local machine. Port specifies the socket port where the pgsql is
listening. The user and password authenticate Geniwrapper to the pgsql
database. In this example, an existing PLC database was used. This is not
strictly necessary as only Geni-specific information is stored in this
database. A separate database could be used, on a separate machine than PLC if
desired.
2.8.2 PLCAPI Configuration
Blow is an example PLCAPI configuration from config.py:
return pl_auth
The PLCAPI configuration tells Geniwrapper how to connect to PLC. There are
two options: a local connection or a remote connection. If the Url field is
defined, then a remote connection is assumed, and Geniwrapper will attempt to
connect via XMLRPC to a remote PLCAPI server. If the Url field is not defined,
then Geniwrapper will assume that PYTHONPATH includes the relevant PLCAPI
classes to use PLCAPI directly.
Username specifies the name of the PLCAPI user. It is suggested that a user
with full administrative authority be allowed. Otherwise, Geniwrapper will be
unable to lookup public keys and other information that PLC does not make
available publicly. Administrative permission is also required to create PLC
sites, users, etc. Authmethod and AuthString specify the password require to
use this account.
2.9 GeniServer and GeniClient
Two files, geniserver.py and geniclient.py implement a basic Geni server and
client.
Geniserver forms the basis of any server that exports a Geni interface.
Examples include the PLC and Component wrappers. The Geniserver class itself
does not export any useful API functions other than a "noop" function that can
be used to test the server interface. Descendant classes register additional
API functions by overriding the register_function() member of the geniserver
object.
Geniserver provides a function, decode_authentication, that decodes
credentials. Credentials are supplied as the first parameter to many registry
and slice interface API functions. This function converts the credential
string supplied by the user into a credential object, checks to see that the
key the caller is using to encrypt the SSL connection matches the public key
in the caller GID of the credential, checks to see that the credential allows
the operation the caller is attempting to do, and finally verifies that the
parentage of the credential traces back to a trusted root.
Geniclient provides a variety of client-side stubs for invoking operations on
Geni interfaces. These stubs convert objects into strings that may be encoded
by XMLRPC, call the associated XMLRPC function, and convert the results back
into objects. Use of the Geniclient class is optional, but it makes a
convenient mechanism to execute API calls.
3.0 The PLC Wrapper
This wrapper implements the Registry and Slice interfaces. According to the
SFA, the basic functionality of a registry is to map HRNs into records.
However, because of the interactions between Geniwrapper and PLC, the registry
does more than act as a simple database. The registry performs API calls on
PLC that create slices, sites, users, etc., and as such may indirectly cause
slices to be instantiated on components, because components are also linked to
PLC.
The mapping of Geni objects to planetlab objects is relatively
straightforward:
slice = slice
user = person
component = node
sa = site
ma = site
The one part that is slightly counterintuitive is SA and MA, which both map to
the planetlab site object. In a unified registry (a registry that serves as
both slice and component registry), these will map to the same site record in
the PLC database. However, there are two distinct Geni records, one for
the SA and one for the MA.
Registry and slice operations generally authenticate the caller by
credential. There are a few exceptions, and the registry API documents
should note those exceptions.
3.1 PLC Wrapper Tools
The registry include several additional tools that are used to manage it.
These include:
import.py - imports existing PLC records into the registry
nuke.py - deletes all Geni records
3.1 Bootstrapping the PLC Wrapper
There are several items that need to be done before starting the plc wrapper.
1) Update util/config.py to match the parameters of your PLC installation.
2) Import the existing planetlab database, creating the appropriate geni
records. This is done by running the "import.py" tool.
3) Create a "trusted_roots" directory and place the certificate of the root
authority in that directory. Given the defaults in import.py, this certificate
would be named "planetlab.gid". For example, mkdir trusted_roots; cp
authorities/planetlab.gid trusted_roots/
4.0 The Component Wrapper
The Geni Component Wrapper implements the Geni Slice and Component Management
interfaces. It includes functions for redeeming tickets,
starting/stopping/resetting/deleting slices, and management such as rebooting
the component.
The design of the component differs from the plc wrapper in the respect that
the component wrapper must be run in the same domain (VM) as the NM for the
node it is responsible for. That is, the component wrapper directly calls
the local node manager.
4.1 Component Authentication of Credentials
The component authenticates credentials the same way that the plc wrapper
does. Specifically, there is a directory of trusted_root certificates (or
GIDs) on the component. Any credential presented to the component must include
in it's parentage some certificate in the set of trusted roots. Otherwise, and
exception is thrown.
4.2 The Ticket interface
Mainpulating tickets is split between the PLC wrapper and the Component wrapper.
Specifically, the authoritative copy of planetlab state is stored on PLC and only cached on
the components. Thus, GetTicket() is implemented by the plc wrapper, and
RedeemTicket() is implemented by the component wrapper. Attempting to call GetTicket()
on a component will fail.
InstantiateSlice is not implemented, as that operation is a combination of
GetTicket/RedeemTicket and would therefore span the PLC and Component
wrappers.
4.3 Sliver Credentials
A recent Geni Architecture call mentioned the need for sliver credentials. A
sliver credential would be identical to a slice credential, but would 1) only
be redeemable on a particular component, and 2) would resolve to a
trusted_root unique to that component (likely the component's GID
certificate). Sliver credentials would be returned by the RedeemTicket call
and would give the caller the permission required to start and stop the
sliver, etc.
Sliver credentials are not yet implemented, but their implementation would be
straightforward.
4.4 Bootstrapping the Component Wrapper
The first step is to install some required libraries on the component. These
include the m2crypto and pyopenssl libraries. Installing the actual RPMs for
these libaries on a running component proved difficult due to additional
support packages that require installation (python-devel, etc). For
development purposes, it was sufficient to copy the installed/compiled version
of the libraries from the development machine to the component.
The second step is to copy the files required by the component wrapper to
the node manager. They are copied to the /usr/share/Nodemanager directory. A
list of the files is contained in the copynode.sh script in the component
subdirectory.
The third step is to copy the trusted root certificates to the component. They
are stored in /usr/share/Nodemanager/trusted_roots. This should include the
certificate for the registry.
The fourth step is to start the component manager. This is done by
connecting to the component via SSH and running
/usr/share/Nodemanager/component.py.
In a production environment, all of these steps would be integrated into the
DVD boot image for the planetlab node.
5.0 Command-Line Interface
A command-line interface is provided that allows a user to interact with the
Geni Registry and Component. This command line interface is located in the
cmdline directory and can be invoked by running genicli.py. Specifying
"genicli.py help" will display a list of available commands.
5.1 Examples
Several examples of using the CLI are presented in the form of shell scripts
in the cmdline directory. These scripts demonstrate creating slices,
authorities, users, nodes, and getting tickets and redeeming tickets. Rather
than duplicating all of those examples here, a few short examples are
presented below.
5.1.1 Getting a Credential
python ./genicli.py --username root --credfile None --outfile test.cred
getCredential user planetlab.us.pl.account_test
The credential for planetlab.us.pl.account_test is retrieved and stored in the
local file test.cred. The private ket test.pkey is used when opening the
XMLRPC connection and authenticates the client. test.pkey must match the
public key that is in the GID for the user record for
planetlab.us.pl.account_test.
Sample output: (in human-readable summary)
CREDENTIAL planetlab.us.pl.account_test
privs: refresh,resolve,info
gidCaller:
hrn:
planetlab.us.pl.account_test
uuid:
276262316202422735940395896620385479122
gidObject:
hrn:
planetlab.us.pl.account_test
uuid:
276262316202422735940395896620385479122
delegate: False
5.1.2 Resolving a record
python ./genicli.py --username test resolve planetlab.us.pl.account_test
The record for planetlab.us.pl.account_test is retrieved and printed to
stdout. The credential used comes from the local file test.cred.
Sample output: (in human-readable summary)
RECORD planetlab.us.pl.account_test
hrn: planetlab.us.pl.account_test
type: user
gid:
hrn:
planetlab.us.pl.account_test
uuid:
276262316202422735940395896620385479122
pointer: 6
geni_info:
email :
test@test.com
pl_info:
bio : None
first_name : test
last_name : account
last_updated : 1222497672
uuid : None
roles : ['user']
title : None
url : None
key_ids : [1]
enabled : True
slice_ids : [24]
phone : None
peer_person_id : None
role_ids : [30]
person_id : 6
date_created : 1219083140
site_ids : [1]
peer_id : None
email :
test@test.com
5.1.3 Updating a record
python ./genicli.py --username test update user planetlab.us.pl.account_test
The record for planetlab.us.pl.account_test is updated. The credential used
comes from the local file test.cred. No changes are specified, so the only
thing that should be updated is the expiration time.
5.1.4 Resolving an authority
An authority is an example of an HRN that might resolve to two different
records, an SA and a MA record.
python ./genicli.py --username test resolve planetlab.us.pl
Sample Output: (in human readable summary)
RECORD planetlab.us.pl
hrn: planetlab.us.pl
type: sa
gid:
hrn: planetlab.us.pl
uuid:
294786197975089072547582920862317666209
pointer: 1
geni_info:
pi :
['planetlab.us.pl.Administrator_Default']
pl_info:
last_updated : 1224136003
node_ids : [1]
site_id : 1
pcu_ids : []
max_slices : 100
ext_consortium_id : None
peer_site_id : None
abbreviated_name : plctest
uuid :
230749975723590978208303655640765327534
person_ids : [2, 4, 6]
slice_ids : [24, 1, 2]
latitude : None
peer_id : None
max_slivers : 1000
is_public : False
address_ids : []
name : plctest Central
url :
http://198.0.0.132/
enabled : True
longitude : None
login_base : pl
date_created : 1209428329
RESULT:
RECORD planetlab.us.pl
hrn: planetlab.us.pl
type: ma
gid:
hrn: planetlab.us.pl
uuid:
294786197975089072547582920862317666209
pointer: 1
geni_info:
operator : []
owner :
['planetlab.us.pl.Administrator_Default']
pl_info:
last_updated : 1224136003
node_ids : [1]
site_id : 1
pcu_ids : []
max_slices : 100
ext_consortium_id : None
peer_site_id : None
abbreviated_name : plctest
uuid :
230749975723590978208303655640765327534
person_ids : [2, 4, 6]
slice_ids : [24, 1, 2]
latitude : None
peer_id : None
max_slivers : 1000
is_public : False
address_ids : []
name : plctest Central
url :
http://198.0.0.132/
enabled : True
longitude : None
login_base : pl
date_created : 1209428329