from sfa.util.specdict import *
from sfa.util.faults import *
from sfa.util.storage import *
+from sfa.util.record import GeniRecord
from sfa.util.policy import Policy
+from sfa.util.prefixTree import prefixTree
from sfa.util.debug import log
from sfa.server.aggregate import Aggregates
from sfa.server.registry import Registries
SimpleStorage.__init__(self, self.slices_file)
self.policy = Policy(self.api)
self.load()
- self.caller_cred=caller_cred
+ self.caller_cred=caller_cred
def get_peer(self, hrn):
return peer
+ def get_sfa_peer(self, hrn):
+ # return the authority for this hrn or None if we are the authority
+ sfa_peer = None
+ slice_authority = get_authority(hrn)
+ site_authority = get_authority(slice_authority)
+
+ if site_authority != self.api.hrn:
+ sfa_peer = site_authority
+
+ return sfa_peer
+
def refresh(self):
"""
Update the cached list of slices
aggregates = Aggregates(self.api)
credential = self.api.getCredential()
for aggregate in aggregates:
+ success = False
+ # request hash is optional so lets try the call without it
try:
slices = aggregates[aggregate].get_slices(credential)
slice_hrns.extend(slices)
+ success = True
except:
+ print >> log, "%s" % (traceback.format_exc())
print >> log, "Error calling slices at aggregate %(aggregate)s" % locals()
- # update timestamp and threshold
+
+ # try sending the request hash if the previous call failed
+ if not success:
+ arg_list = [credential]
+ request_hash = self.api.key.compute_hash(arg_list)
+ try:
+ slices = aggregates[aggregate].get_slices(credential, request_hash)
+ slice_hrns.extend(slices)
+ success = True
+ except:
+ print >> log, "%s" % (traceback.format_exc())
+ print >> log, "Error calling slices at aggregate %(aggregate)s" % locals()
+
+ # update timestamp and threshold
timestamp = datetime.datetime.now()
hr_timestamp = timestamp.strftime(self.api.time_format)
delta = datetime.timedelta(hours=self.ttl)
def delete_slice_smgr(self, hrn):
credential = self.api.getCredential()
+ caller_cred = self.caller_cred
aggregates = Aggregates(self.api)
for aggregate in aggregates:
+ success = False
+ # request hash is optional so lets try the call without it
try:
- aggregates[aggregate].delete_slice(credential, hrn, caller_cred=self.caller_cred)
+ aggregates[aggregate].delete_slice(credential, hrn, caller_cred)
+ success = True
except:
+ print >> log, "%s" % (traceback.format_exc())
print >> log, "Error calling list nodes at aggregate %s" % aggregate
- traceback.print_exc(log)
- exc_type, exc_value, exc_traceback = sys.exc_info()
- print exc_type, exc_value, exc_traceback
-
+
+ # try sending the request hash if the previous call failed
+ if not success:
+ try:
+ arg_list = [credential, hrn]
+ request_hash = self.api.key.compute_hash(arg_list)
+ aggregates[aggregate].delete_slice(credential, hrn, request_hash, caller_cred)
+ success = True
+ except:
+ print >> log, "%s" % (traceback.format_exc())
+ print >> log, "Error calling list nodes at aggregate %s" % aggregate
+
def create_slice(self, hrn, rspec):
# check our slice policy before we procede
elif self.api.interface in ['slicemgr']:
self.create_slice_smgr(hrn, rspec)
- def create_slice_aggregate(self, hrn, rspec):
+ def verify_site(self, registry, credential, slice_hrn, peer, sfa_peer):
+ authority = get_authority(slice_hrn)
+ try:
+ site_records = registry.resolve(credential, authority)
+ except:
+ arg_list = [credential, authority]
+ request_hash = self.api.key.compute_hash(arg_list)
+ site_records = registry.resolve(credential, authority, request_hash)
+
+ site = {}
+ for site_record in site_records:
+ if site_record['type'] == 'authority':
+ site = site_record
+ if not site:
+ raise RecordNotFound(authority)
+ remote_site_id = site.pop('site_id')
+
+ login_base = get_leaf(authority)
+ sites = self.api.plshell.GetSites(self.api.plauth, login_base)
+ if not sites:
+ site_id = self.api.plshell.AddSite(self.api.plauth, site)
+ if peer:
+ self.api.plshell.BindObjectToPeer(self.api.plauth, 'site', site_id, peer, remote_site_id)
+ # mark this site as an sfa peer record
+ if sfa_peer:
+ peer_dict = {'type': 'authority', 'hrn': authority, 'peer_authority': sfa_peer, 'pointer': site_id}
+ try:
+ registry.register_peer_object(credential, peer_dict)
+ except:
+ arg_list = [credential]
+ request_hash = self.api.key.compute_hash(arg_list)
+ registry.register_peer_object(credential, peer_dict, request_hash)
+ else:
+ site_id = sites[0]['site_id']
+ remote_site_id = sites[0]['peer_site_id']
- # Determine if this is a peer slice
- peer = self.get_peer(hrn)
- spec = Rspec(rspec)
- # Get the slice record from geni
+ return (site_id, remote_site_id)
+
+ def verify_slice(self, registry, credential, slice_hrn, site_id, remote_site_id, peer, sfa_peer):
slice = {}
slice_record = None
- registries = Registries(self.api)
- registry = registries[self.api.hrn]
- credential = self.api.getCredential()
- records = registry.resolve(credential, hrn)
- for record in records:
- if record.get_type() in ['slice']:
- slice_record = record.as_dict()
+ authority = get_authority(slice_hrn)
+ try:
+ slice_records = registry.resolve(credential, slice_hrn)
+ except:
+ arg_list = [credential, slice_hrn]
+ request_hash = self.api.key.compute_hash(arg_list)
+ slice_records = registry.resolve(credential, slice_hrn, request_hash)
+
+ for record in slice_records:
+ if record['type'] in ['slice']:
+ slice_record = record
if not slice_record:
- raise RecordNotFound(hrn)
-
- # Make sure slice exists at plc, if it doesnt add it
- slicename = hrn_to_pl_slicename(hrn)
- slices = self.api.plshell.GetSlices(self.api.plauth, [slicename], ['slice_id', 'node_ids'])
+ raise RecordNotFound(hrn)
+ slicename = hrn_to_pl_slicename(slice_hrn)
+ parts = slicename.split("_")
+ login_base = parts[0]
+ slices = self.api.plshell.GetSlices(self.api.plauth, [slicename], ['slice_id', 'node_ids', 'site_id'])
if not slices:
- parts = slicename.split("_")
- login_base = parts[0]
- # if site doesnt exist add it
- sites = self.api.plshell.GetSites(self.api.plauth, [login_base])
- if not sites:
- authority = get_authority(hrn)
- site_records = registry.resolve(credential, authority)
- site_record = {}
- if not site_records:
- raise RecordNotFound(authority)
- site_record = site_records[0]
- site = site_record.as_dict()
-
- # add the site
- remote_site_id = site.pop('site_id')
- site_id = self.api.plshell.AddSite(self.api.plauth, site)
- # this belongs to a peer
- if peer:
- self.api.plshell.BindObjectToPeer(self.api.plauth, 'site', site_id, peer, remote_site_id)
- else:
- site = sites[0]
- site_id = site['site_id']
- remote_site_id = site['peer_site_id']
-
- # create slice object
slice_fields = {}
slice_keys = ['name', 'url', 'description']
for key in slice_keys:
# add the slice
slice_id = self.api.plshell.AddSlice(self.api.plauth, slice_fields)
slice = slice_fields
-
+ slice['slice_id'] = slice_id
+
+ # mark this slice as an sfa peer record
+ if sfa_peer:
+ peer_dict = {'type': 'slice', 'hrn': slice_hrn, 'peer_authority': sfa_peer, 'pointer': slice_id}
+ try:
+ registry.register_peer_object(credential, peer_dict)
+ except:
+ arg_list = [credential]
+ request_hash = self.api.key.compute_hash(arg_list)
+ registry.register_peer_object(credential, peer_dict, request_hash)
+
#this belongs to a peer
if peer:
self.api.plshell.BindObjectToPeer(self.api.plauth, 'slice', slice_id, peer, slice_record['pointer'])
else:
slice = slices[0]
slice_id = slice['slice_id']
- site_id = slice['site_id']
+ site_id = slice['site_id']
+
+ slice['peer_slice_id'] = slice_record['pointer']
+ self.verify_persons(registry, credential, slice_record, site_id, remote_site_id, peer, sfa_peer)
+
+ return slice
+
+ def verify_persons(self, registry, credential, slice_record, site_id, remote_site_id, peer, sfa_peer):
# get the list of valid slice users from the registry and make
- # they are added to the slice
- researchers = record.get('researcher', [])
+ # sure they are added to the slice
+ slicename = hrn_to_pl_slicename(slice_record['hrn'])
+ researchers = slice_record.get('researcher', [])
for researcher in researchers:
person_record = {}
- person_records = registry.resolve(credential, researcher)
+ try:
+ person_records = registry.resolve(credential, researcher)
+ except:
+ arg_list = [credential, researcher]
+ request_hash = self.api.key.compute_hash(arg_list)
+ person_records = registry.resolve(credential, researcher, request_hash)
for record in person_records:
- if record.get_type() in ['user']:
+ if record['type'] in ['user']:
person_record = record
if not person_record:
pass
- person_dict = person_record.as_dict()
- persons = self.api.plshell.GetPersons(self.api.plauth, [person_dict['email']], ['person_id', 'key_ids'])
+ person_dict = person_record
+ local_person=False
+ if peer:
+ peer_id = self.api.plshell.GetPeers(self.api.plauth, {'shortname': peer}, ['peer_id'])[0]['peer_id']
+ persons = self.api.plshell.GetPersons(self.api.plauth, {'email': [person_dict['email']], 'peer_id': peer_id}, ['person_id', 'key_ids'])
+ if not persons:
+ persons = self.api.plshell.GetPersons(self.api.plauth, [person_dict['email']], ['person_id', 'key_ids'])
+ if persons:
+ local_person=True
- # Create the person record
+ else:
+ persons = self.api.plshell.GetPersons(self.api.plauth, [person_dict['email']], ['person_id', 'key_ids'])
+
if not persons:
person_id=self.api.plshell.AddPerson(self.api.plauth, person_dict)
-
- # The line below enables the user account on the remote
- # aggregate soon after it is created. without this the
- # user key is not transfered to the slice (as GetSlivers
- # returns key of only enabled users), which prevents the
- # user from login to the slice. We may do additional checks
- # before enabling the user.
-
self.api.plshell.UpdatePerson(self.api.plauth, person_id, {'enabled' : True})
+
+ # mark this person as an sfa peer record
+ if sfa_peer:
+ peer_dict = {'type': 'user', 'hrn': researcher, 'peer_authority': sfa_peer, 'pointer': person_id}
+ try:
+ registry.register_peer_object(credential, peer_dict)
+ except:
+ arg_list = [credential]
+ request_hash = self.api.key.compute_hash(arg_list)
+ registry.register_peer_object(credential, peer_dict, request_hash)
+
if peer:
- self.api.plshell.BindObjectToPeer(self.api.plauth, 'person', person_id, peer, person_record['pointer'])
+ self.api.plshell.BindObjectToPeer(self.api.plauth, 'person', person_id, peer, person_dict['pointer'])
key_ids = []
else:
- person_id = persons[0]['person_id']
+ person_id = persons[0]['person_id']
key_ids = persons[0]['key_ids']
+
# if this is a peer person, we must unbind them from the peer or PLCAPI will throw
# an error
if peer:
self.api.plshell.UnBindObjectFromPeer(self.api.plauth, 'site', site_id, peer)
self.api.plshell.AddPersonToSlice(self.api.plauth, person_dict['email'], slicename)
- self.api.plshell.AddPersonToSite(self.api.plauth, person_dict['email'], site_id)
+ self.api.plshell.AddPersonToSite(self.api.plauth, person_dict['email'], site_id)
+ if peer and not local_person:
+ self.api.plshell.BindObjectToPeer(self.api.plauth, 'person', person_id, peer, person_dict['pointer'])
if peer:
- self.api.plshell.BindObjectToPeer(self.api.plauth, 'person', person_id, peer, person_record['pointer'])
- self.api.plshell.BindObjectToPeer(self.api.plauth, 'site', site_id, peer, remote_site_id)
-
- # Get this users local keys
- keylist = self.api.plshell.GetKeys(self.api.plauth, key_ids, ['key'])
- keys = [key['key'] for key in keylist]
-
- # add keys that arent already there
- key_ids=person_record['key_ids']
- for personkey in person_dict['keys']:
- if personkey not in keys:
- key = {'key_type': 'ssh', 'key': personkey}
- if peer:
- self.api.plshell.UnBindObjectFromPeer(self.api.plauth, 'person', person_id, peer)
- key_id=self.api.plshell.AddPersonKey(self.api.plauth, person_dict['email'], key)
- if peer:
- self.api.plshell.BindObjectToPeer(self.api.plauth, 'person', person_id, peer, person_record['pointer'])
- self.api.plshell.BindObjectToPeer(self.api.plauth, 'key', key_id, peer, key_ids.pop(0))
+ self.api.plshell.BindObjectToPeer(self.api.plauth, 'site', site_id, peer, remote_site_id)
+
+ self.verify_keys(registry, credential, person_dict, key_ids, person_id, peer, local_person)
+
+ def verify_keys(self, registry, credential, person_dict, key_ids, person_id, peer, local_person):
+ keylist = self.api.plshell.GetKeys(self.api.plauth, key_ids, ['key'])
+ keys = [key['key'] for key in keylist]
+
+ #add keys that arent already there
+ key_ids = person_dict['key_ids']
+ for personkey in person_dict['keys']:
+ if personkey not in keys:
+ key = {'key_type': 'ssh', 'key': personkey}
+ if peer:
+ self.api.plshell.UnBindObjectFromPeer(self.api.plauth, 'person', person_id, peer)
+ key_id = self.api.plshell.AddPersonKey(self.api.plauth, person_dict['email'], key)
+ if peer and not local_person:
+ self.api.plshell.BindObjectToPeer(self.api.plauth, 'person', person_id, peer, person_dict['pointer'])
+ if peer:
+ try: self.api.plshell.BindObjectToPeer(self.api.plauth, 'key', key_id, peer, key_ids.pop(0))
+
+ except: pass
+
+ def create_slice_aggregate(self, hrn, rspec):
+
+ # Determine if this is a peer slice
+ peer = self.get_peer(hrn)
+ sfa_peer = self.get_sfa_peer(hrn)
+
+ spec = RSpec(rspec)
+ # Get the slice record from sfa
+ slicename = hrn_to_pl_slicename(hrn)
+ slice = {}
+ slice_record = None
+ registries = Registries(self.api)
+ registry = registries[self.api.hrn]
+ credential = self.api.getCredential()
+
+ site_id, remote_site_id = self.verify_site(registry, credential, hrn, peer, sfa_peer)
+ slice = self.verify_slice(registry, credential, hrn, site_id, remote_site_id, peer, sfa_peer)
# find out where this slice is currently running
nodelist = self.api.plshell.GetNodes(self.api.plauth, slice['node_ids'], ['hostname'])
added_nodes = list(set(nodes).difference(hostnames))
if peer:
- self.api.plshell.UnBindObjectFromPeer(self.api.plauth, 'slice', slice_id, peer)
+ self.api.plshell.UnBindObjectFromPeer(self.api.plauth, 'slice', slice['slice_id'], peer)
self.api.plshell.AddSliceToNodes(self.api.plauth, slicename, added_nodes)
self.api.plshell.DeleteSliceFromNodes(self.api.plauth, slicename, deleted_nodes)
if peer:
- self.api.plshell.BindObjectToPeer(self.api.plauth, 'slice', slice_id, peer, slice_record['pointer'])
+ self.api.plshell.BindObjectToPeer(self.api.plauth, 'slice', slice['slice_id'], peer, slice['peer_slice_id'])
return 1
def create_slice_smgr(self, hrn, rspec):
- spec = Rspec()
- tempspec = Rspec()
+ spec = RSpec()
+ tempspec = RSpec()
spec.parseString(rspec)
slicename = hrn_to_pl_slicename(hrn)
specDict = spec.toDict()
- if specDict.has_key('Rspec'): specDict = specDict['Rspec']
+ if specDict.has_key('RSpec'): specDict = specDict['RSpec']
if specDict.has_key('start_time'): start_time = specDict['start_time']
else: start_time = 0
if specDict.has_key('end_time'): end_time = specDict['end_time']
rspecs = {}
aggregates = Aggregates(self.api)
credential = self.api.getCredential()
- # only attempt to extract information about the aggregates we know about
- for aggregate in aggregates:
- netspec = spec.getDictByTagNameValue('NetSpec', aggregate)
- if netspec:
- # creat a plc dict
- resources = {'start_time': start_time, 'end_time': end_time, 'networks': netspec}
- resourceDict = {'Rspec': resources}
- tempspec.parseDict(resourceDict)
- rspecs[aggregate] = tempspec.toxml()
-
- # notify the aggregates
- for aggregate in rspecs.keys():
+
+ # split the netspecs into individual rspecs
+ netspecs = spec.getDictsByTagName('NetSpec')
+ for netspec in netspecs:
+ net_hrn = netspec['name']
+ resources = {'start_time': start_time, 'end_time': end_time, 'networks': netspec}
+ resourceDict = {'RSpec': resources}
+ tempspec.parseDict(resourceDict)
+ rspecs[net_hrn] = tempspec.toxml()
+
+ # send each rspec to the appropriate aggregate/sm
+ caller_cred = self.caller_cred
+ for net_hrn in rspecs:
try:
- # send the whloe rspec to the local aggregate
- if aggregate in [self.api.hrn]:
- aggregates[aggregate].create_slice(credential, hrn, rspec, caller_cred=self.caller_cred)
+ # if we are directly connected to the aggregate then we can just send them the rspec
+ # if not, then we may be connected to an sm thats connected to the aggregate
+ if net_hrn in aggregates:
+ # send the whloe rspec to the local aggregate
+ if net_hrn in [self.api.hrn]:
+ try:
+ aggregates[net_hrn].create_slice(credential, hrn, rspec, caller_cred)
+ except:
+ arg_list = [credential,hrn,rspec]
+ request_hash = self.api.key.compute_hash(arg_list)
+ aggregates[net_hrn].create_slice(credential, hrn, rspec, request_hash, caller_cred)
+ else:
+ try:
+ aggregates[net_hrn].create_slice(credential, hrn, rspecs[net_hrn], caller_cred)
+ except:
+ arg_list = [credential,hrn,rspecs[net_hrn]]
+ request_hash = self.api.key.compute_hash(arg_list)
+ aggregates[net_hrn].create_slice(credential, hrn, rspecs[net_hrn], request_hash, caller_cred)
else:
- aggregates[aggregate].create_slice(credential, hrn, rspecs[aggregate], caller_cred=self.caller_cred)
+ # lets forward this rspec to a sm that knows about the network
+ arg_list = [credential, net_hrn]
+ request_hash = self.api.compute_hash(arg_list)
+ for aggregate in aggregates:
+ try:
+ network_found = aggregates[aggregate].get_aggregates(credential, net_hrn)
+ except:
+ network_found = aggregates[aggregate].get_aggregates(credential, net_hrn, request_hash)
+ if network_networks:
+ try:
+ aggregates[aggregate].create_slice(credential, hrn, rspecs[net_hrn], caller_cred)
+ except:
+ arg_list = [credential, hrn, rspecs[net_hrn]]
+ request_hash = self.api.key.compute_hash(arg_list)
+ aggregates[aggregate].create_slice(credential, hrn, rspecs[net_hrn], request_hash, caller_cred)
+
except:
- print >> log, "Error creating slice %(hrn)s at aggregate %(aggregate)s" % locals()
+ print >> log, "Error creating slice %(hrn)s at aggregate %(net_hrn)s" % locals()
traceback.print_exc()
return 1
def stop_slice_smgr(self, hrn):
credential = self.api.getCredential()
aggregates = Aggregates(self.api)
+ arg_list = [credential, hrn]
+ request_hash = self.api.key.compute_hash(arg_list)
for aggregate in aggregates:
- aggregates[aggregate].stop_slice(credential, hrn)
+ try:
+ aggregates[aggregate].stop_slice(credential, hrn)
+ except:
+ aggregates[aggregate].stop_slice(credential, hrn, request_hash)