- url = "http://" + plc_www['host'] + ":" + plc_www['port'] + "/"
- site = { 'site_id': 1,
- 'name': plc['name'] + " Central",
- 'abbreviated_name': plc['name'],
- 'login_base': plc['slice_prefix'],
- 'is_public': False,
- 'url': url,
- 'max_slices': 100 }
-
- sites = GetSites([site['site_id']])
- if not sites:
- site_id = AddSite(site['name'], site['abbreviated_name'], site['login_base'], site)
- if site_id != site['site_id']:
- DeleteSite(site_id)
- raise Exception, "Someone deleted the \"%s\" site from the database!" % \
- site['name']
- sites = [site]
-
- # Must call UpdateSite() even after AddSite() to update max_slices
- site_id = sites[0]['site_id']
- UpdateSite(site_id, site)
-
- # The default administrator account must be associated with a site
- # in order to login.
- AddPersonToSite(admin['person_id'], site['site_id'])
- SetPersonPrimarySite(admin['person_id'], site['site_id'])
-
- # Grant admin and PI roles to the default administrator account
- AddRoleToPerson(10, admin['person_id'])
- AddRoleToPerson(20, admin['person_id'])
-
- #################### node tags
- default_node_types = [
- { 'tagname' : 'arch',
- 'description' : 'architecture name',
- 'category' : 'node/config',
- 'min_role_id' : 40} ,
- { 'tagname' : 'pldistro',
- 'description' : 'PlanetLab distribution',
- 'category' : 'node/config',
- 'min_role_id' : 10} ,
- { 'tagname' : 'deployment',
- 'description' : 'typically "alpha", "beta", or "production"',
- 'category' : 'node/operation',
- 'min_role_id' : 10} ,
- ]
-
- #################### interface settings
- # xxx this should move to PLC/Accessors
-
- # Setup default slice attribute types
- default_setting_types = [
- {'category' : "interface/general",
- 'tagname' : "ifname",
- 'description': "Set interface name, instead of eth0 or the like",
- 'min_role_id' : 40},
- {'category' : "interface/multihome",
- 'tagname' : "alias",
- 'description': "Specifies that the network is used for multihoming",
- 'min_role_id' : 40},
-
- {'category' : "interface/hidden",
- 'tagname' : "backdoor",
- 'description': "For testing new settings",
- 'min_role_id' : 10},
- ] + [
- { 'category' : "interface/wifi",
- 'tagname' : x,
- 'description' : "802.11 %s -- see %s"%(y,z),
- 'min_role_id' : 40 } for (x,y,z) in [
- ("mode","Mode","iwconfig"),
- ("essid","ESSID","iwconfig"),
- ("nw","Network Id","iwconfig"),
- ("freq","Frequency","iwconfig"),
- ("channel","Channel","iwconfig"),
- ("sens","sensitivity threshold","iwconfig"),
- ("rate","Rate","iwconfig"),
- ("key","key","iwconfig key"),
- ("key1","key1","iwconfig key [1]"),
- ("key2","key2","iwconfig key [2]"),
- ("key3","key3","iwconfig key [3]"),
- ("key4","key4","iwconfig key [4]"),
- ("securitymode","Security mode","iwconfig enc"),
- ("iwconfig","Additional parameters to iwconfig","ifup-wireless"),
- ("iwpriv","Additional parameters to iwpriv","ifup-wireless"),
- ]
- ]
-
- #################### slice attributes
- # xxx this should move to PLC/Accessors
-
- # Setup default slice attribute types
- default_attribute_types = [
- # Slice type (only vserver is supported)
- {'tagname': "type",
- 'description': "Type of slice (e.g. vserver)",
- 'category' : 'slice/general',
- 'min_role_id': 20},
-
- # System slice
- {'tagname': "system",
- 'description': "Is a default system slice (1) or not (0 or unset)",
- 'category' : 'slice/general',
- 'min_role_id': 10},
-
- # Slice enabled (1) or suspended (0)
- {'tagname': "enabled",
- 'description': "Slice enabled (1 or unset) or suspended (0)",
- 'category' : 'slice/general',
- 'min_role_id': 10},
-
- # Slice reference image
- {'tagname': "vref",
- 'description': "Reference image",
- 'category' : 'slice/config',
- 'min_role_id': 30},
-
- # Slice initialization script
- {'tagname': "initscript",
- 'description': "Slice initialization script",
- 'category' : 'slice/config',
- 'min_role_id': 10},
-
- # CPU share
- {'tagname': "cpu_pct",
- 'description': "Reserved CPU percent",
- 'category' : 'slice/rspec',
- 'min_role_id': 10},
- {'tagname': "cpu_share",
- 'description': "Number of CPU shares",
- 'category' : 'slice/rspec',
- 'min_role_id': 10},
-
- # Bandwidth limits
- {'tagname': "net_min_rate",
- 'description': "Minimum bandwidth (kbps)",
- 'category' : 'slice/rspec',
- 'min_role_id': 10},
- {'tagname': "net_max_rate",
- 'description': "Maximum bandwidth (kbps)",
- 'category' : 'slice/rspec',
- 'min_role_id': 10},
- {'tagname': "net_i2_min_rate",
- 'description': "Minimum bandwidth over I2 routes (kbps)",
- 'category' : 'slice/rspec',
- 'min_role_id': 10},
- {'tagname': "net_i2_max_rate",
- 'description': "Maximum bandwidth over I2 routes (kbps)",
- 'category' : 'slice/rspec',
- 'min_role_id': 10},
- {'tagname': "net_max_kbyte",
- 'description': "Maximum daily network Tx KByte limit.",
- 'category' : 'slice/rspec',
- 'min_role_id': 10},
- {'tagname': "net_thresh_kbyte",
- 'description': "KByte limit before warning and throttling.",
- 'category' : 'slice/rspec',
- 'min_role_id': 10},
- {'tagname': "net_i2_max_kbyte",
- 'description': "Maximum daily network Tx KByte limit to I2 hosts.",
- 'category' : 'slice/rspec',
- 'min_role_id': 10},
- {'tagname': "net_i2_thresh_kbyte",
- 'description': "KByte limit to I2 hosts before warning and throttling.",
- 'category' : 'slice/rspec',
- 'min_role_id': 10},
- {'tagname': "net_share",
- 'description': "Number of bandwidth shares",
- 'category' : 'slice/rspec',
- 'min_role_id': 10},
- {'tagname': "net_i2_share",
- 'description': "Number of bandwidth shares over I2 routes",
- 'category' : 'slice/rspec',
- 'min_role_id': 10},
-
- # Disk quota
- {'tagname': "disk_max",
- 'description': "Disk quota (1k disk blocks)",
- 'category' : 'slice/rspec',
- 'min_role_id': 10},
-
- # Proper operations
- {'tagname': "proper_op",
- 'description': "Proper operation (e.g. bind_socket)",
- 'category' : 'slice/rspec',
- 'min_role_id': 10},
-
- # VServer capabilities
- {'tagname': "capabilities",
- 'description': "VServer bcapabilities (separate by commas)",
- 'category' : 'slice/rspec',
- 'min_role_id': 10},
-
- # Vsys
- {'tagname': "vsys",
- 'description': "Bind vsys script fd's to a slice's vsys directory.",
- 'category' : 'slice/rspec',
- 'min_role_id': 10},
-
- # CoDemux
- {'tagname': "codemux",
- 'description': "Demux HTTP between slices using localhost ports. Value in the form 'host, localhost port'.",
- 'category' : 'slice/rspec',
- 'min_role_id': 10},
-
- # Delegation
- {'tagname': "delegations",
- 'description': "Coma seperated list of slices to give delegation authority to.",
- 'category' : 'slice/rspec',
- 'min_role_id': 10}
-
- ]
-
- # add in the platform supported rlimits to the default_attribute_types
- for entry in resource.__dict__.keys() + ["VLIMIT_OPENFD"]:
- if entry.find("LIMIT_")==1:
- rlim = entry[len("RLIMIT_"):]
- rlim = rlim.lower()
- for ty in ("min","soft","hard"):
- attribute = {
- 'tagname': "%s_%s"%(rlim,ty),
- 'description': "Per sliver RLIMIT %s_%s."%(rlim,ty),
- 'category': 'slice/limit',
- 'min_role_id': 10 #admin
- }
- default_attribute_types.append(attribute)
-
- # Get list of existing tag types
- known_tag_types = [tag_type['tagname'] for tag_type in GetTagTypes()]
-
- all_default_types = default_node_types + default_setting_types + default_attribute_types
- # Create/update default slice tag types
- for default_tag_type in all_default_types:
- if default_tag_type['tagname'] not in known_tag_types:
- AddTagType(default_tag_type)
- else:
- UpdateTagType(default_tag_type['tagname'], default_tag_type)
-
- #################### conf files
-
- # Setup default PlanetLabConf entries
- default_conf_files = [
- # NTP configuration
- {'enabled': True,
- 'source': 'PlanetLabConf/ntp.conf.php',
- 'dest': '/etc/ntp.conf',
- 'file_permissions': '644',
- 'file_owner': 'root',
- 'file_group': 'root',
- 'preinstall_cmd': '',
- 'postinstall_cmd': '/etc/rc.d/init.d/ntpd restart',
- 'error_cmd': '',
- 'ignore_cmd_errors': False,
- 'always_update': False},
- {'enabled': True,
- 'source': 'PlanetLabConf/ntp/step-tickers.php',
- 'dest': '/etc/ntp/step-tickers',
- 'file_permissions': '644',
- 'file_owner': 'root',
- 'file_group': 'root',
- 'preinstall_cmd': '',
- 'postinstall_cmd': '/etc/rc.d/init.d/ntpd restart',
- 'error_cmd': '',
- 'ignore_cmd_errors': False,
- 'always_update': False},
-
- # SSH server configuration
- {'enabled': True,
- 'source': 'PlanetLabConf/sshd_config',
- 'dest': '/etc/ssh/sshd_config',
- 'file_permissions': '600',
- 'file_owner': 'root',
- 'file_group': 'root',
- 'preinstall_cmd': '',
- 'postinstall_cmd': '/etc/init.d/sshd restart',
- 'error_cmd': '',
- 'ignore_cmd_errors': False,
- 'always_update': False},
-
- # Administrative SSH keys
- {'enabled': True,
- 'source': 'PlanetLabConf/keys.php?root',
- 'dest': '/root/.ssh/authorized_keys',
- 'file_permissions': '644',
- 'file_owner': 'root',
- 'file_group': 'root',
- 'preinstall_cmd': '',
- 'postinstall_cmd': '/bin/chmod 700 /root/.ssh',
- 'error_cmd': '',
- 'ignore_cmd_errors': False,
- 'always_update': False},
- {'enabled': True,
- 'source': 'PlanetLabConf/keys.php?site_admin',
- 'dest': '/home/site_admin/.ssh/authorized_keys',
- 'file_permissions': '644',
- 'file_owner': 'site_admin',
- 'file_group': 'site_admin',
- 'preinstall_cmd': 'grep -q site_admin /etc/passwd',
- 'postinstall_cmd': '/bin/chmod 700 /home/site_admin/.ssh',
- 'error_cmd': '',
- 'ignore_cmd_errors': False,
- 'always_update': False},
- # Log rotation configuration
- {'enabled': True,
- 'source': 'PlanetLabConf/logrotate.conf',
- 'dest': '/etc/logrotate.conf',
- 'file_permissions': '644',
- 'file_owner': 'root',
- 'file_group': 'root',
- 'preinstall_cmd': '',
- 'postinstall_cmd': '',
- 'error_cmd': '',
- 'ignore_cmd_errors': False,
- 'always_update': False},
-
- # updatedb/locate nightly cron job
- {'enabled': True,
- 'source': 'PlanetLabConf/slocate.cron',
- 'dest': '/etc/cron.daily/slocate.cron',
- 'file_permissions': '755',
- 'file_owner': 'root',
- 'file_group': 'root',
- 'preinstall_cmd': '',
- 'postinstall_cmd': '',
- 'error_cmd': '',
- 'ignore_cmd_errors': False,
- 'always_update': False},
-
- # YUM configuration
- {'enabled': True,
- 'source': 'yum/myplc.repo.php?gpgcheck=1',
- 'dest': '/etc/yum.myplc.d/myplc.repo',
- 'file_permissions': '644', 'file_owner': 'root', 'file_group': 'root',
- 'preinstall_cmd': '', 'postinstall_cmd': '', 'error_cmd': '',
- 'ignore_cmd_errors': False,
- 'always_update': False},
- {'enabled': True,
- 'source': 'yum/yum.conf',
- 'dest': '/etc/yum.conf',
- 'file_permissions': '644', 'file_owner': 'root', 'file_group': 'root',
- 'preinstall_cmd': '', 'postinstall_cmd': '', 'error_cmd': '',
- 'ignore_cmd_errors': False,
- 'always_update': False},
- {'enabled': True,
- 'source': 'yum/stock.repo',
- 'dest': '/etc/yum.myplc.d/stock.repo',
- 'file_permissions': '644', 'file_owner': 'root', 'file_group': 'root',
- 'preinstall_cmd': '', 'postinstall_cmd': '', 'error_cmd': '',
- 'ignore_cmd_errors': False,
- 'always_update': False},
-
- {'enabled': True,
- 'source': 'PlanetLabConf/delete-rpm-list-production',
- 'dest': '/etc/planetlab/delete-rpm-list',
- 'file_permissions': '644',
- 'file_owner': 'root',
- 'file_group': 'root',
- 'preinstall_cmd': '',
- 'postinstall_cmd': '',
- 'error_cmd': '',
- 'ignore_cmd_errors': False,
- 'always_update': False},
-
- # PLC configuration
- {'enabled': True,
- 'source': 'PlanetLabConf/get_plc_config.php',
- 'dest': '/etc/planetlab/plc_config',
- 'file_permissions': '644',
- 'file_owner': 'root',
- 'file_group': 'root',
- 'preinstall_cmd': '',
- 'postinstall_cmd': '',
- 'error_cmd': '',
- 'ignore_cmd_errors': False,
- 'always_update': False},
- {'enabled': True,
- 'source': 'PlanetLabConf/get_plc_config.php?python',
- 'dest': '/etc/planetlab/plc_config.py',
- 'file_permissions': '644',
- 'file_owner': 'root',
- 'file_group': 'root',
- 'preinstall_cmd': '',
- 'postinstall_cmd': '',
- 'error_cmd': '',
- 'ignore_cmd_errors': False,
- 'always_update': False},
- {'enabled': True,
- 'source': 'PlanetLabConf/get_plc_config.php?perl',
- 'dest': '/etc/planetlab/plc_config.pl',
- 'file_permissions': '644',
- 'file_owner': 'root',
- 'file_group': 'root',
- 'preinstall_cmd': '',
- 'postinstall_cmd': '',
- 'error_cmd': '',
- 'ignore_cmd_errors': False,
- 'always_update': False},
- {'enabled': True,
- 'source': 'PlanetLabConf/get_plc_config.php?php',
- 'dest': '/etc/planetlab/php/plc_config.php',
- 'file_permissions': '644',
- 'file_owner': 'root',
- 'file_group': 'root',
- 'preinstall_cmd': '',
- 'postinstall_cmd': '',
- 'error_cmd': '',
- 'ignore_cmd_errors': False,
- 'always_update': False},
-
- # Proxy ARP setup
- {'enabled': True,
- 'source': 'PlanetLabConf/proxies.php',
- 'dest': '/etc/planetlab/proxies',
- 'file_permissions': '644',
- 'file_owner': 'root',
- 'file_group': 'root',
- 'preinstall_cmd': '',
- 'postinstall_cmd': '',
- 'error_cmd': '',
- 'ignore_cmd_errors': False,
- 'always_update': False},
-
- # Firewall configuration
- {'enabled': True,
- 'source': 'PlanetLabConf/blacklist.php',
- 'dest': '/etc/planetlab/blacklist',
- 'file_permissions': '600',
- 'file_owner': 'root',
- 'file_group': 'root',
- 'preinstall_cmd': '',
- 'postinstall_cmd': '/sbin/iptables-restore --noflush < /etc/planetlab/blacklist',
- 'error_cmd': '',
- 'ignore_cmd_errors': True,
- 'always_update': False},
-
- # /etc/issue
- {'enabled': True,
- 'source': 'PlanetLabConf/issue.php',
- 'dest': '/etc/issue',
- 'file_permissions': '644',
- 'file_owner': 'root',
- 'file_group': 'root',
- 'preinstall_cmd': '',
- 'postinstall_cmd': '',
- 'error_cmd': '',
- 'ignore_cmd_errors': False,
- 'always_update': False},
-
- # Kernel parameters
- {'enabled': True,
- 'source': 'PlanetLabConf/sysctl.php',
- 'dest': '/etc/sysctl.conf',
- 'file_permissions': '644',
- 'file_owner': 'root',
- 'file_group': 'root',
- 'preinstall_cmd': '',
- 'postinstall_cmd': '/sbin/sysctl -e -p /etc/sysctl.conf',
- 'error_cmd': '',
- 'ignore_cmd_errors': False,
- 'always_update': False},
-
- # Sendmail configuration
- {'enabled': True,
- 'source': 'PlanetLabConf/sendmail.mc',
- 'dest': '/etc/mail/sendmail.mc',
- 'file_permissions': '644',
- 'file_owner': 'root',
- 'file_group': 'root',
- 'preinstall_cmd': '',
- 'postinstall_cmd': '',
- 'error_cmd': '',
- 'ignore_cmd_errors': False,
- 'always_update': False},
- {'enabled': True,
- 'source': 'PlanetLabConf/sendmail.cf',
- 'dest': '/etc/mail/sendmail.cf',
- 'file_permissions': '644',
- 'file_owner': 'root',
- 'file_group': 'root',
- 'preinstall_cmd': '',
- 'postinstall_cmd': 'service sendmail restart',
- 'error_cmd': '',
- 'ignore_cmd_errors': False,
- 'always_update': False},
-
- # GPG signing keys
- {'enabled': True,
- 'source': 'PlanetLabConf/RPM-GPG-KEY-fedora',
- 'dest': '/etc/pki/rpm-gpg/RPM-GPG-KEY-fedora',
- 'file_permissions': '644',
- 'file_owner': 'root',
- 'file_group': 'root',
- 'preinstall_cmd': '',
- 'postinstall_cmd': 'rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY-fedora',
- 'error_cmd': '',
- 'ignore_cmd_errors': False,
- 'always_update': False},
- {'enabled': True,
- 'source': 'PlanetLabConf/get_gpg_key.php',
- 'dest': '/etc/pki/rpm-gpg/RPM-GPG-KEY-planetlab',
- 'file_permissions': '644',
- 'file_owner': 'root',
- 'file_group': 'root',
- 'preinstall_cmd': '',
- 'postinstall_cmd': 'rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY-planetlab',
- 'error_cmd': '',
- 'ignore_cmd_errors': False,
- 'always_update': False},
-
- # Ping of death configuration
- # the 'restart' postcommand doesn't work, b/c the pod script doesn't support it.
- {'enabled': True,
- 'source': 'PlanetLabConf/ipod.conf.php',
- 'dest': '/etc/ipod.conf',
- 'file_permissions': '644',
- 'file_owner': 'root',
- 'file_group': 'root',
- 'preinstall_cmd': '',
- 'postinstall_cmd': '/etc/init.d/pod start',
- 'error_cmd': '',
- 'ignore_cmd_errors': False,
- 'always_update': False},
-
- # sudo configuration
- {'enabled': True,
- 'source': 'PlanetLabConf/sudoers.php',
- 'dest': '/etc/sudoers',
- 'file_permissions': '440',
- 'file_owner': 'root',
- 'file_group': 'root',
- 'preinstall_cmd': '',
- 'postinstall_cmd': '/usr/sbin/visudo -c',
- 'error_cmd': '',
- 'ignore_cmd_errors': False,
- 'always_update': False}
- ]
-
- # Get list of existing (enabled, global) files
- conf_files = GetConfFiles()
- conf_files = filter(lambda conf_file: conf_file['enabled'] and \
- not conf_file['node_ids'] and \
- not conf_file['nodegroup_ids'],
- conf_files)
- dests = [conf_file['dest'] for conf_file in conf_files]
- conf_files = dict(zip(dests, conf_files))
-
- # Create/update default PlanetLabConf entries
- for default_conf_file in default_conf_files:
- if default_conf_file['dest'] not in dests:
- AddConfFile(default_conf_file)
- else:
- conf_file = conf_files[default_conf_file['dest']]
- UpdateConfFile(conf_file['conf_file_id'], default_conf_file)
-
-
- #################### initscripts
-
- # Default Initscripts
- default_initscripts = []
-
- # Find initscripts and add them to the db
- for (root, dirs, files) in os.walk("/etc/plc_sliceinitscripts"):
- for f in files:
- # Read the file
- file = open(root + "/" + f, "ro")
- default_initscripts.append({"name": plc['slice_prefix'] + "_" + f,
- "enabled": True,
- "script": file.read().replace("@SITE@", url).replace("@PREFIX@", plc['slice_prefix'])})
- file.close()
-
- # Get list of existing initscripts
- oldinitscripts = GetInitScripts()
- oldinitscripts = [script['name'] for script in oldinitscripts]
-
- for initscript in default_initscripts:
- if initscript['name'] not in oldinitscripts: AddInitScript(initscript)
-
- # Create/update system slices
- default_slices = [
- # PlanetFlow
- {'name': plc['slice_prefix'] + "_netflow",
- 'description': "PlanetFlow Traffic Auditing Service. Logs, captured in the root context using fprobe-ulogd, are stored in a directory in the root context which is bind mounted to the planetflow slice. The Planetflow Central service then periodically rsyncs these logs from the planetflow slice for aggregation.",
- 'url': url,
- 'instantiation': "plc-instantiated",
- # Renew forever (minus one day, work around date conversion weirdness)
- 'expires': 0x7fffffff - (60 * 60 * 24),
- 'attributes': [('system', "1"),
- ('vref', "planetflow"),
- ('vsys', "pfmount")]},
- # Sirius
- {'name': plc['slice_prefix'] + "_sirius",
- 'description': 'The Sirius Calendar Service.\n\nSirius provides system-wide reservations of 25% CPU and 2Mb/s outgoing\nbandwidth. Sign up for hour-long slots using the Web GUI at the\nPlanetLab website.\n\nThis slice should not generate traffic external to PlanetLab.\n',
- 'url': url + "db/sirius/index.php",
- 'instantiation': "plc-instantiated",
- # Renew forever (minus one day, work around date conversion weirdness)
- 'expires': 0x7fffffff - (60 * 60 * 24),
- 'attributes': [('system', "1"),
- ('net_min_rate', "2000"),
- ('cpu_pct', "25"),
- ('initscript', plc['slice_prefix'] + "_sirius")]}
- ]
-
- for default_slice in default_slices:
- attributes=default_slice.pop('attributes')
- slices = GetSlices([default_slice['name']])
- if slices:
- slice = slices[0]
- UpdateSlice(slice['slice_id'], default_slice)