import time
import datetime
-#
+
from sfa.util.faults import MissingSfaInfo, UnknownSfaType, \
- RecordNotFound, SfaNotImplemented, SliverDoesNotExist
+ RecordNotFound, SfaNotImplemented, SfaInvalidArgument
+
from sfa.util.sfalogging import logger
from sfa.util.defaultdict import defaultdict
from sfa.util.sfatime import utcparse, datetime_to_string, datetime_to_epoch
-from sfa.util.xrn import Xrn, hrn_to_urn, get_leaf, urn_to_sliver_id
+from sfa.util.xrn import Xrn, hrn_to_urn, get_leaf
+from sfa.openstack.osxrn import OSXrn, hrn_to_os_slicename, hrn_to_os_tenant_name
from sfa.util.cache import Cache
+from sfa.trust.credential import Credential
# used to be used in get_ticket
#from sfa.trust.sfaticket import SfaTicket
+
from sfa.rspecs.version_manager import VersionManager
from sfa.rspecs.rspec import RSpec
+
# the driver interface, mostly provides default behaviours
from sfa.managers.driver import Driver
-from sfa.openstack.nova_shell import NovaShell
+from sfa.openstack.shell import Shell
from sfa.openstack.osaggregate import OSAggregate
-from sfa.plc.plslices import PlSlices
-from sfa.util.osxrn import OSXrn
-
+from sfa.planetlab.plslices import PlSlices
def list_to_dict(recs, key):
"""
# can be sent as-is; it takes care of authentication
# from the global config
#
-class NovaDriver (Driver):
+class NovaDriver(Driver):
# the cache instance is a class member so it survives across incoming requests
cache = None
def __init__ (self, config):
- Driver.__init__ (self, config)
- self.shell = NovaShell (config)
+ Driver.__init__(self, config)
+ self.shell = Shell(config=config)
self.cache=None
if config.SFA_AGGREGATE_CACHING:
- if OpenstackDriver.cache is None:
- OpenstackDriver.cache = Cache()
- self.cache = OpenstackDriver.cache
+ if NovaDriver.cache is None:
+ NovaDriver.cache = Cache()
+ self.cache = NovaDriver.cache
########################################
########## registry oriented
##########
def register (self, sfa_record, hrn, pub_key):
- type = sfa_record['type']
- pl_record = self.sfa_fields_to_pl_fields(type, hrn, sfa_record)
+
+ if sfa_record['type'] == 'slice':
+ record = self.register_slice(sfa_record, hrn)
+ elif sfa_record['type'] == 'user':
+ record = self.register_user(sfa_record, hrn, pub_key)
+ elif sfa_record['type'].startswith('authority'):
+ record = self.register_authority(sfa_record, hrn)
+ # We should be returning the records id as a pointer but
+ # this is a string and the records table expects this to be an
+ # int.
+ #return record.id
+ return -1
- if type == 'slice':
- acceptable_fields=['url', 'instantiation', 'name', 'description']
- # add slice description, name, researchers, PI
- pass
+ def register_slice(self, sfa_record, hrn):
+ # add slice description, name, researchers, PI
+ name = hrn_to_os_tenant_name(hrn)
+ description = sfa_record.get('description', None)
+ self.shell.auth_manager.tenants.create(name, description)
+ tenant = self.shell.auth_manager.tenants.find(name=name)
+ auth_hrn = OSXrn(xrn=hrn, type='slice').get_authority_hrn()
+ parent_tenant_name = OSXrn(xrn=auth_hrn, type='slice').get_tenant_name()
+ parent_tenant = self.shell.auth_manager.tenants.find(name=parent_tenant_name)
+ researchers = sfa_record.get('researchers', [])
+ for researcher in researchers:
+ name = Xrn(researcher).get_leaf()
+ user = self.shell.auth_manager.users.find(name=name)
+ self.shell.auth_manager.roles.add_user_role(user, 'Member', tenant)
+ self.shell.auth_manager.roles.add_user_role(user, 'user', tenant)
+
- elif type == 'user':
- # add person roles, projects and keys
- pass
- return pointer
+ pis = sfa_record.get('pis', [])
+ for pi in pis:
+ name = Xrn(pi).get_leaf()
+ user = self.shell.auth_manager.users.find(name=name)
+ self.shell.auth_manager.roles.add_user_role(user, 'pi', tenant)
+ self.shell.auth_manager.roles.add_user_role(user, 'pi', parent_tenant)
+
+ return tenant
+
+ def register_user(self, sfa_record, hrn, pub_key):
+ # add person roles, projects and keys
+ email = sfa_record.get('email', None)
+ xrn = Xrn(hrn)
+ name = xrn.get_leaf()
+ auth_hrn = xrn.get_authority_hrn()
+ tenant_name = OSXrn(xrn=auth_hrn, type='authority').get_tenant_name()
+ tenant = self.shell.auth_manager.tenants.find(name=tenant_name)
+ self.shell.auth_manager.users.create(name, email=email, tenant_id=tenant.id)
+ user = self.shell.auth_manager.users.find(name=name)
+ slices = sfa_records.get('slices', [])
+ for slice in projects:
+ slice_tenant_name = OSXrn(xrn=slice, type='slice').get_tenant_name()
+ slice_tenant = self.shell.auth_manager.tenants.find(name=slice_tenant_name)
+ self.shell.auth_manager.roles.add_user_role(user, slice_tenant, 'user')
+ keys = sfa_records.get('keys', [])
+ for key in keys:
+ keyname = OSXrn(xrn=hrn, type='user').get_slicename()
+ self.shell.nova_client.keypairs.create(keyname, key)
+ return user
+
+ def register_authority(self, sfa_record, hrn):
+ name = OSXrn(xrn=hrn, type='authority').get_tenant_name()
+ self.shell.auth_manager.tenants.create(name, sfa_record.get('description', ''))
+ tenant = self.shell.auth_manager.tenants.find(name=name)
+ return tenant
+
##########
# xxx actually old_sfa_record comes filled with plc stuff as well in the original code
def update (self, old_sfa_record, new_sfa_record, hrn, new_key):
- pointer = old_sfa_record['pointer']
- type = old_sfa_record['type']
-
+ type = new_sfa_record['type']
+
# new_key implemented for users only
if new_key and type not in [ 'user' ]:
raise UnknownSfaType(type)
elif type == "slice":
- # can update description, researchers and PI
- pass
+ # can update project manager and description
+ name = hrn_to_os_slicename(hrn)
+ researchers = sfa_record.get('researchers', [])
+ pis = sfa_record.get('pis', [])
+ project_manager = None
+ description = sfa_record.get('description', None)
+ if pis:
+ project_manager = Xrn(pis[0], 'user').get_leaf()
+ elif researchers:
+ project_manager = Xrn(researchers[0], 'user').get_leaf()
+ self.shell.auth_manager.modify_project(name, project_manager, description)
+
elif type == "user":
- # can update slices, keys and roles
+ # can techinally update access_key and secret_key,
+ # but that is not in our scope, so we do nothing.
pass
return True
##########
def remove (self, sfa_record):
type=sfa_record['type']
- name = Xrn(sfa_record['hrn']).get_leaf()
if type == 'user':
- if self.shell.user_get(name):
- self.shell.user_delete(name)
+ name = Xrn(sfa_record['hrn']).get_leaf()
+ if self.shell.auth_manager.get_user(name):
+ self.shell.auth_manager.delete_user(name)
elif type == 'slice':
- if self.shell.project_get(name):
- self.shell.project_delete(name)
+ name = hrn_to_os_slicename(sfa_record['hrn'])
+ if self.shell.auth_manager.get_project(name):
+ self.shell.auth_manager.delete_project(name)
return True
records = [records]
for record in records:
- name = Xrn(record['hrn']).get_leaf()
- os_record = None
if record['type'] == 'user':
- os_record = self.shell.user_get(name)
- record['slices'] = [self.hrn + "." + proj.name for \
- proj in os_record.projects]
- record['roles'] = [role for role in os_record.roles]
- keys = self.shell.key_pair_get_all_by_user(name)
- record['keys'] = [key.public_key for key in keys]
- elif record['type'] == 'slice':
- os_record = self.shell.project_get(name)
- record['description'] = os_record.description
- record['PI'] = self.hrn + "." + os_record.project_manager
- record['geni_creator'] = record['PI']
- record['researcher'] = [self.hrn + "." + user.name for \
- user in os_record.members]
+ record = self.fill_user_record_info(record)
+ elif record['type'] == 'slice':
+ record = self.fill_slice_record_info(record)
+ elif record['type'].startswith('authority'):
+ record = self.fill_auth_record_info(record)
else:
continue
record['geni_urn'] = hrn_to_urn(record['hrn'], record['type'])
record['geni_certificate'] = record['gid']
- record['name'] = os_record.name
- if os_record.created_at is not None:
- record['date_created'] = datetime_to_string(utcparse(os_record.created_at))
- if os_record.updated_at is not None:
- record['last_updated'] = datetime_to_string(utcparse(os_record.updated_at))
+ #if os_record.created_at is not None:
+ # record['date_created'] = datetime_to_string(utcparse(os_record.created_at))
+ #if os_record.updated_at is not None:
+ # record['last_updated'] = datetime_to_string(utcparse(os_record.updated_at))
return records
+ def fill_user_record_info(self, record):
+ xrn = Xrn(record['hrn'])
+ name = xrn.get_leaf()
+ record['name'] = name
+ user = self.shell.auth_manager.users.find(name=name)
+ record['email'] = user.email
+ tenant = self.shell.auth_manager.tenants.find(id=user.tenantId)
+ slices = []
+ all_tenants = self.shell.auth_manager.tenants.list()
+ for tmp_tenant in all_tenants:
+ if tmp_tenant.name.startswith(tenant.name +"."):
+ for tmp_user in tmp_tenant.list_users():
+ if tmp_user.name == user.name:
+ slice_hrn = ".".join([self.hrn, tmp_tenant.name])
+ slices.append(slice_hrn)
+ record['slices'] = slices
+ roles = self.shell.auth_manager.roles.roles_for_user(user, tenant)
+ record['roles'] = [role.name for role in roles]
+ keys = self.shell.nova_manager.keypairs.findall(name=record['hrn'])
+ record['keys'] = [key.public_key for key in keys]
+ return record
+
+ def fill_slice_record_info(self, record):
+ tenant_name = hrn_to_os_tenant_name(record['hrn'])
+ tenant = self.shell.auth_manager.tenants.find(name=tenant_name)
+ parent_tenant_name = OSXrn(xrn=tenant_name).get_authority_hrn()
+ parent_tenant = self.shell.auth_manager.tenants.find(name=parent_tenant_name)
+ researchers = []
+ pis = []
+
+ # look for users and pis in slice tenant
+ for user in tenant.list_users():
+ for role in self.shell.auth_manager.roles.roles_for_user(user, tenant):
+ if role.name.lower() == 'pi':
+ user_tenant = self.shell.auth_manager.tenants.find(id=user.tenantId)
+ hrn = ".".join([self.hrn, user_tenant.name, user.name])
+ pis.append(hrn)
+ elif role.name.lower() in ['user', 'member']:
+ user_tenant = self.shell.auth_manager.tenants.find(id=user.tenantId)
+ hrn = ".".join([self.hrn, user_tenant.name, user.name])
+ researchers.append(hrn)
+
+ # look for pis in the slice's parent (site/organization) tenant
+ for user in parent_tenant.list_users():
+ for role in self.shell.auth_manager.roles.roles_for_user(user, parent_tenant):
+ if role.name.lower() == 'pi':
+ user_tenant = self.shell.auth_manager.tenants.find(id=user.tenantId)
+ hrn = ".".join([self.hrn, user_tenant.name, user.name])
+ pis.append(hrn)
+ record['name'] = tenant_name
+ record['description'] = tenant.description
+ record['PI'] = pis
+ if pis:
+ record['geni_creator'] = pis[0]
+ else:
+ record['geni_creator'] = None
+ record['researcher'] = researchers
+ return record
+
+ def fill_auth_record_info(self, record):
+ tenant_name = hrn_to_os_tenant_name(record['hrn'])
+ tenant = self.shell.auth_manager.tenants.find(name=tenant_name)
+ researchers = []
+ pis = []
+
+ # look for users and pis in slice tenant
+ for user in tenant.list_users():
+ for role in self.shell.auth_manager.roles.roles_for_user(user, tenant):
+ hrn = ".".join([self.hrn, tenant.name, user.name])
+ if role.name.lower() == 'pi':
+ pis.append(hrn)
+ elif role.name.lower() in ['user', 'member']:
+ researchers.append(hrn)
+
+ # look for slices
+ slices = []
+ all_tenants = self.shell.auth_manager.tenants.list()
+ for tmp_tenant in all_tenants:
+ if tmp_tenant.name.startswith(tenant.name+"."):
+ slices.append(".".join([self.hrn, tmp_tenant.name]))
+
+ record['name'] = tenant_name
+ record['description'] = tenant.description
+ record['PI'] = pis
+ record['enabled'] = tenant.enabled
+ record['researchers'] = researchers
+ record['slices'] = slices
+ return record
####################
# plcapi works by changes, compute what needs to be added/deleted
def testbed_name (self): return "openstack"
- # 'geni_request_rspec_versions' and 'geni_ad_rspec_versions' are mandatory
def aggregate_version (self):
- version_manager = VersionManager()
- ad_rspec_versions = []
- request_rspec_versions = []
- for rspec_version in version_manager.versions:
- if rspec_version.content_type in ['*', 'ad']:
- ad_rspec_versions.append(rspec_version.to_dict())
- if rspec_version.content_type in ['*', 'request']:
- request_rspec_versions.append(rspec_version.to_dict())
- return {
- 'testbed':self.testbed_name(),
- 'geni_request_rspec_versions': request_rspec_versions,
- 'geni_ad_rspec_versions': ad_rspec_versions,
- }
-
- def list_slices (self, creds, options):
- # look in cache first
- if self.cache:
- slices = self.cache.get('slices')
- if slices:
- logger.debug("OpenStackDriver.list_slices returns from cache")
- return slices
-
- # get data from db
- projs = self.shell.auth_manager.get_projects()
- slice_urns = [OSXrn(proj.name, 'slice').urn for proj in projs]
-
- # cache the result
- if self.cache:
- logger.debug ("OpenStackDriver.list_slices stores value in cache")
- self.cache.add('slices', slice_urns)
-
- return slice_urns
-
+ return {}
+
# first 2 args are None in case of resource discovery
- def list_resources (self, slice_urn, slice_hrn, creds, options):
- cached_requested = options.get('cached', True)
-
- version_manager = VersionManager()
- # get the rspec's return format from options
- rspec_version = version_manager.get_version(options.get('geni_rspec_version'))
- version_string = "rspec_%s" % (rspec_version)
-
- #panos adding the info option to the caching key (can be improved)
- if options.get('info'):
- version_string = version_string + "_"+options.get('info', 'default')
-
- # look in cache first
- if cached_requested and self.cache and not slice_hrn:
- rspec = self.cache.get(version_string)
- if rspec:
- logger.debug("OpenStackDriver.ListResources: returning cached advertisement")
- return rspec
-
- #panos: passing user-defined options
- #print "manager options = ",options
+ def list_resources (self, version, options):
aggregate = OSAggregate(self)
- rspec = aggregate.get_rspec(slice_xrn=slice_urn, version=rspec_version,
- options=options)
-
- # cache the result
- if self.cache and not slice_hrn:
- logger.debug("OpenStackDriver.ListResources: stores advertisement in cache")
- self.cache.add(version_string, rspec)
-
+ rspec = aggregate.list_resources(version=version, options=options)
return rspec
-
- def sliver_status (self, slice_urn, slice_hrn):
- # find out where this slice is currently running
- slicename = hrn_to_pl_slicename(slice_hrn)
-
- slices = self.shell.GetSlices([slicename], ['slice_id', 'node_ids','person_ids','name','expires'])
- if len(slices) == 0:
- raise SliverDoesNotExist("%s (used %s as slicename internally)" % (slice_hrn, slicename))
- slice = slices[0]
-
- # report about the local nodes only
- nodes = self.shell.GetNodes({'node_id':slice['node_ids'],'peer_id':None},
- ['node_id', 'hostname', 'site_id', 'boot_state', 'last_contact'])
- if len(nodes) == 0:
- raise SliverDoesNotExist("You have not allocated any slivers here")
-
- site_ids = [node['site_id'] for node in nodes]
-
- result = {}
- top_level_status = 'unknown'
- if nodes:
- top_level_status = 'ready'
- result['geni_urn'] = slice_urn
- result['pl_login'] = slice['name']
- result['pl_expires'] = datetime_to_string(utcparse(slice['expires']))
-
- resources = []
- for node in nodes:
- res = {}
- res['pl_hostname'] = node['hostname']
- res['pl_boot_state'] = node['boot_state']
- res['pl_last_contact'] = node['last_contact']
- if node['last_contact'] is not None:
-
- res['pl_last_contact'] = datetime_to_string(utcparse(node['last_contact']))
- sliver_id = urn_to_sliver_id(slice_urn, slice['slice_id'], node['node_id'])
- res['geni_urn'] = sliver_id
- if node['boot_state'] == 'boot':
- res['geni_status'] = 'ready'
- else:
- res['geni_status'] = 'failed'
- top_level_status = 'failed'
-
- res['geni_error'] = ''
+ def describe(self, urns, version, options):
+ aggregate = OSAggregate(self)
+ return aggregate.describe(urns, version=version, options=options)
- resources.append(res)
-
- result['geni_status'] = top_level_status
- result['geni_resources'] = resources
- return result
-
- def create_sliver (self, slice_urn, slice_hrn, creds, rspec_string, users, options):
+ def status (self, urns, options={}):
+ aggregate = OSAggregate(self)
+ desc = aggregate.describe(urns)
+ return desc['geni_slivers']
+ def allocate (self, urn, rspec_string, options):
+ xrn = Xrn(urn)
aggregate = OSAggregate(self)
- slicename = get_leaf(slice_hrn)
-
- # parse rspec
+
+ # assume first user is the caller and use their context
+ # for the ec2/euca api connection. Also, use the first users
+ # key as the project key.
+ key_name = None
+ if len(users) > 1:
+ key_name = aggregate.create_instance_key(xrn.get_hrn(), users[0])
+
+ # collect public keys
+ users = options.get('geni_users', [])
+ pubkeys = []
+ for user in users:
+ pubkeys.extend(user['keys'])
+
rspec = RSpec(rspec_string)
- requested_attributes = rspec.version.get_slice_attributes()
-
- # ensure slice record exists
- slice = aggregate.verify_slice(slicename, users, options=options)
- # ensure person records exists
- persons = aggregate.verify_slice_users(slicename, users, options=options)
- # add/remove slice from nodes
- slices.verify_instances(slicename, rspec)
+ instance_name = hrn_to_os_slicename(slice_hrn)
+ tenant_name = OSXrn(xrn=slice_hrn, type='slice').get_tenant_name()
+ aggregate.run_instances(instance_name, tenant_name, rspec_string, key_name, pubkeys)
- return aggregate.get_rspec(slice_xrn=slice_urn, version=rspec.version)
+ return aggregate.describe(slice_xrn=slice_urn, version=rspec.version)
- def delete_sliver (self, slice_urn, slice_hrn, creds, options):
- name = OSXrn(xrn=slice_urn).name
- slice = self.shell.project_get(name)
- if not slice:
- return 1
-
- self.shell.DeleteSliceFromNodes(slicename, slice['node_ids'])
- instances = self.shell.db.instance_get_all_by_project(name)
- for instance in instances:
- self.shell.db.instance_destroy(instance.instance_id)
- return 1
-
- def renew_sliver (self, slice_urn, slice_hrn, creds, expiration_time, options):
- return True
+ def provision(self, urns, version, options):
+ aggregate = OSAggregate(self)
+ return aggregate.describe(urns, version=version, options=options)
- def start_slice (self, slice_urn, slice_hrn, creds):
+ def delete (self, urns, options):
+ aggregate = OSAggregate(self)
+ for urn in urns:
+ xrn = OSXrn(xrn=urn, type='slice')
+ tenant_name = xrn.get_tenant_name()
+ project_name = xrn.get_slicename()
+ id = xrn.id
+ aggregate.delete_instance(tenant_name, project_name, id)
return 1
- def stop_slice (self, slice_urn, slice_hrn, creds):
+ def renew (self, urns, expiration_time, options):
+ return True
+
+ def perform_operational_action (self, urns, action, options):
+ tenant_name = OSXrn(xrn=slice_hrn, type='slice').get_tenant_name()
name = OSXrn(xrn=slice_urn).name
- slice = self.shell.get_project(name)
- instances = self.shell.db.instance_get_all_by_project(name)
- for instance in instances:
- self.shell.db.instance_stop(instance.instance_id)
- return 1
-
- def reset_slice (self, slice_urn, slice_hrn, creds):
- raise SfaNotImplemented ("reset_slice not available at this interface")
-
+ aggregate = OSAggregate(self)
+ return aggregate.stop_instances(name, tenant_name)
+
# xxx this code is quite old and has not run for ages
# it is obviously totally broken and needs a rewrite
def get_ticket (self, slice_urn, slice_hrn, creds, rspec_string, options):
git://git.onelab.eu / sfa.git / blobdiff