self.connectPLC()
self.connectRegistry()
- self.loadCredential()
+ #self.loadCredential()
def connectRegistry(self):
"""
# see if this file exists
try:
- cred = Credential(filename = ma_cred_filename)
+ cred = Credential(filename = ma_cred_filename, subject=self.hrn)
self.credential = cred.save_to_string()
except IOError:
# get self credential
- #self_cred = self.registry.get_credential(None, 'ma', self.hrn)
- #self_credential = Credential(string = self_cred)
- #self_credential.save_to_file(self_cred_filename)
+ self_cred = self.registry.get_credential(None, 'ma', self.hrn)
+ self_credential = Credential(string = self_cred)
+ self_credential.save_to_file(self_cred_filename)
# get ma credential
- #ma_cred = self.registry.get_gredential(self_cred)
- #ma_credential = Credential(string = ma_cred)
- #ma_credential.save_to_file(ma_cred_filename)
-
- ma_cred = Certificate(filename = self.cert_file)
-
- self.credential = ma_cred.save_to_string()
+ ma_cred = self.registry.get_credential(self_cred)
+ ma_credential = Credential(string = ma_cred)
+ ma_credential.save_to_file(ma_cred_filename)
+ self.credential = ma_cred
def hostname_to_hrn(self, login_base, hostname):
"""
ips.append(ifspec['addr'])
# resolve component hostnames
- nodes = self.shell.GetNodes(self.auth, {}, ['hostname', 'site_id'])
+ nodes = self.shell.GetNodes(self.auth, {}, ['hostname', 'site_id', 'slice_ids_whitelist'])
# resolve site login_bases
site_ids = [node['site_id'] for node in nodes]
for site in sites:
site_dict[site['site_id']] = site['login_base']
- # filter nodes according to policy
+ # filter nodes according to policy policy
+ # filter nodes with whitelist
# convert plc names to geni hrn
nodedict = {}
for node in nodes:
node_hrn = self.hostname_to_hrn(site_dict[node['site_id']], node['hostname'])
- # apply policy.
- # Do not allow nodes found in blacklist, only allow nodes found in whitelist
+ # filter nodes with a whitelist
+ if node.has_key('slice_ids_whitelist') and node['slice_ids_whitelist']:
+ continue
+ # Do not allow nodes not found in whitelist policy
if self.policy['whitelist'] and node_hrn not in self.polciy['whitelist']:
continue
+ # Do not allow nodes found in blacklist policy
if self.policy['blacklist'] and node_hrn in self.policy['blacklist']:
continue
nodedict[node_hrn] = node['hostname']
self.policy.load()
- def getComponents(self, type = 'rspec'):
+ def getNodes(self, format = 'rspec'):
"""
Return a list of components at this aggregate.
"""
- valid_types = ['rspec', 'hrn', 'dns', 'ip']
- if type not in valid_types:
- raise Exception, "Invalid type specified, must be one of the following: %s" \
- % ", ".join(valid_types)
+ valid_formats = ['rspec', 'hrn', 'dns', 'ip']
+ if not format:
+ format = 'rspec'
+ if format not in valid_formats:
+ raise Exception, "Invalid format specified, must be one of the following: %s" \
+ % ", ".join(valid_formats)
# Reload components list
now = datetime.datetime.now()
self.refresh_components()
elif now < self.threshold and not self.nodes.keys():
self.load_components()
- return self.nodes.keys()
+ return self.nodes[format]
- def getSlices(self, hrn):
+ def getSlices(self):
"""
Return a list of instnatiated managed by this slice manager.
"""
- # XX list only the slices at the specfied hrn
- return dict(self.slices)
+ slices = self.shell.GetSlices(self.auth, {}, ['name'])
+ slice_hrns = [self.slicename_to_hrn(slice['name']) for slice in slices]
+
+ return slice_hrns
def get_rspec(self, hrn, type):
"""
if type in ['aggregate']:
nodes = self.shell.GetNodes(self.auth)
elif type in ['slice']:
- print hrn
slicename = hrn_to_pl_slicename(hrn)
slices = self.shell.GetSlices(self.auth, [slicename])
node_ids = slices[0]['node_ids']
nodes = self.shell.GetNodes(self.auth, node_ids)
+ # Filter out whitelisted nodes
+ public_nodes = lambda n: n.has_key('slice_ids_whitelist') and not n['slice_ids_whitelist']
+ nodes = filter(public_nodes, nodes)
+
# Get all network interfaces
interface_ids = []
for node in nodes:
return rspec
+
+ def getTicket(self, hrn, rspec):
+ """
+ Retrieve a ticket. This operation is currently implemented on PLC
+ only (see SFA, engineering decisions); it is not implemented on
+ components.
+
+ @param name name of the slice to retrieve a ticket for
+ @param rspec resource specification dictionary
+ @return the string representation of a ticket object
+ """
+ #self.registry.get_ticket(name, rspec)
+
+ return
+
def createSlice(self, slice_hrn, rspec, attributes = []):
"""
Instantiate the specified slice according to whats defined in the rspec.
"""
+ spec = Rspec(rspec)
# save slice state locally
# we can assume that spec object has been validated so its safer to
# save this instead of the unvalidated rspec the user gave us
# Get slice info
slicename = hrn_to_pl_slicename(slice_hrn)
slices = self.shell.GetSlices(self.auth, [slicename], ['node_ids'])
- if not slice:
+ if not slices:
raise RecordNotFound(slice_hrn)
slice = slices[0]
hostnames = [node['hostname'] for node in nodes]
# get netspec details
- spec = Rspec(rspec)
nodespecs = spec.getDictsByTagName('NodeSpec')
nodes = [nodespec['name'] for nodespec in nodespecs]
self.slices.write()
# remove nodes not in rspec
- delete_nodes = set(hostnames).difference(nodes)
+ deleted_nodes = list(set(hostnames).difference(nodes))
# add nodes from rspec
- added_nodes = set(nodes).difference(hostnames)
+ added_nodes = list(set(nodes).difference(hostnames))
- shell.AddSliceToNodes(self.auth, slicename, added_nodes)
- shell.DeleteSliceFromNodes(self.auth, slicename, deleted_nodes)
+ self.shell.AddSliceToNodes(self.auth, slicename, added_nodes)
+ self.shell.DeleteSliceFromNodes(self.auth, slicename, deleted_nodes)
for attribute in attributes:
type, value, node, nodegroup = attribute['type'], attribute['value'], attribute['node'], attribute['nodegroup']
- shell.AddSliceAttribute(self.auth, slicename, type, value, node, nodegroup)
+ self.shell.AddSliceAttribute(self.auth, slicename, type, value, node, nodegroup)
# contact registry to get slice users and add them to the slice
- slice_record = self.registry.resolve(self.credential, slice_hrn)
+ #slice_record = self.registry.resolve(self.credential, slice_hrn)
# persons = slice_record['users']
#for person in persons:
# shell.AddPersonToSlice(person['email'], slice_name)
return 1
- def update_slice(self, slice_hrn, rspec, attributes = []):
+ def updateSlice(self, slice_hrn, rspec, attributes = []):
return self.create_slice(slice_hrn, rspec, attributes)
- def deleteSlice_(self, slice_hrn):
+ def deleteSlice(self, slice_hrn):
"""
Remove this slice from all components it was previouly associated with and
free up the resources it was using.
self.slices.write()
slicename = hrn_to_pl_slicename(slice_hrn)
- slices = shell.GetSlices(self.auth, [slicename])
- if not slice:
+ slices = self.shell.GetSlices(self.auth, [slicename])
+ if not slices:
return 1
slice = slices[0]
- shell.DeleteSliceFromNodes(self.auth, slicename, slice['node_ids'])
+ self.shell.DeleteSliceFromNodes(self.auth, slicename, slice['node_ids'])
return 1
def startSlice(self, slice_hrn):
## Server methods here for now
##############################
- def list_components(self):
- return self.getComponents()
- def list_slices(self, cred, hrn):
- self.decode_authentication(cred, 'list')
- return self.getSlices(hrn)
+ # XX fix rights, should be function name defined in
+ # privilege_table (from util/rights.py)
+ def list_nodes(self, cred, format):
+ self.decode_authentication(cred, 'listnodes')
+ return self.getNodes(format)
+
+ def list_slices(self, cred):
+ self.decode_authentication(cred, 'listslices')
+ return self.getSlices()
def get_resources(self, cred, hrn):
- self.decode_authentication(cred, 'info')
+ self.decode_authentication(cred, 'listnodes')
return self.getResources(hrn)
+ def get_ticket(self, cred, hrn, rspec):
+ self.decode_authentication(cred, 'getticket')
+ return self.getTicket(hrn, rspec)
+
def get_policy(self, cred):
- self.decode_authentication(cred, 'info')
+ self.decode_authentication(cred, 'getpolicy')
return self.getPolicy()
def create_slice(self, cred, hrn, rspec):
- self.decode_authentication(cred, 'embed')
- return self.createSlice(hrn)
+ self.decode_authentication(cred, 'createslice')
+ return self.createSlice(hrn, rspec)
def update_slice(self, cred, hrn, rspec):
- self.decode_authentication(cred, 'embed')
+ self.decode_authentication(cred, 'updateslice')
return self.updateSlice(hrn)
def delete_slice(self, cred, hrn):
- self.decode_authentication(cred, 'embed')
+ self.decode_authentication(cred, 'deleteslice')
return self.deleteSlice(hrn)
def start_slice(self, cred, hrn):
- self.decode_authentication(cred, 'control')
+ self.decode_authentication(cred, 'startslice')
return self.startSlice(hrn)
def stop_slice(self, cred, hrn):
- self.decode_authentication(cred, 'control')
+ self.decode_authentication(cred, 'stopslice')
return self.stopSlice(hrn)
def reset_slice(self, cred, hrn):
- self.decode_authentication(cred, 'control')
+ self.decode_authentication(cred, 'resetslice')
return self.resetSlice(hrn)
def register_functions(self):
GeniServer.register_functions(self)
# Aggregate interface methods
- self.server.register_function(self.list_components)
+ self.server.register_function(self.list_nodes)
self.server.register_function(self.list_slices)
self.server.register_function(self.get_resources)
self.server.register_function(self.get_policy)