X-Git-Url: http://git.onelab.eu/?a=blobdiff_plain;f=PLC%2FMethods%2FGetBootMedium.py;h=64458e24bb48e35ff91cf77dc6ecd20d10a8841f;hb=cd3ec637874aca13e5a100349287f41254ed944a;hp=708b8514526038f61d4cccfb3b44f40af80dd241;hpb=8747a081fef6affa6753dc6cd2778bfc8bc2ebfe;p=plcapi.git diff --git a/PLC/Methods/GetBootMedium.py b/PLC/Methods/GetBootMedium.py index 708b851..64458e2 100644 --- a/PLC/Methods/GetBootMedium.py +++ b/PLC/Methods/GetBootMedium.py @@ -1,7 +1,10 @@ +# $Id$ +# $URL$ import random import base64 import os import os.path +import time from PLC.Faults import * from PLC.Method import Method @@ -9,48 +12,50 @@ from PLC.Parameter import Parameter, Mixed from PLC.Auth import Auth from PLC.Nodes import Node, Nodes -from PLC.NodeNetworks import NodeNetwork, NodeNetworks -from PLC.NodeNetworkSettings import NodeNetworkSetting, NodeNetworkSettings - -# -# xxx todo -# Thierry on june 5 2007 -# -# it turns out that having either apache (when invoked through xmlrpc) -# or root (when running plcsh directly) run this piece of code is -# problematic. In fact although we try to create intermediate dirs -# with mode 777, what happens is that root's umask in the plc chroot -# jail is set to 0022. -# -# the bottom line is, depending on who (apache or root) runs this for -# the first time, we can access denied issued (when root comes first) -# so probably we'd better implement a scheme where files are stored -# directly under /var/tmp or something -# -# in addition the sequels of a former run (e.g. with a non-empty -# filename) can prevent subsequent runs if the file is not properly -# cleaned up after use, which is generally the case if someone invokes -# this through plcsh and does not clean up -# so maybe a dedicated cleanup method could be useful just in case -# +from PLC.Interfaces import Interface, Interfaces +from PLC.InterfaceTags import InterfaceTag, InterfaceTags +from PLC.NodeTags import NodeTag, NodeTags + +from PLC.Accessors.Accessors_standard import * # import node accessors # could not define this in the class.. -boot_medium_actions = [ 'node-preview', - 'node-floppy', - 'node-iso', - 'node-usb', - 'generic-iso', - 'generic-usb', - ] +# create a dict with the allowed actions for each type of node +# reservable nodes being more recent, we do not support the floppy stuff anymore +allowed_actions = { + 'regular' : + [ 'node-preview', + 'node-floppy', + 'node-iso', + 'node-usb', + 'generic-iso', + 'generic-usb', + ], + 'reservable': + [ 'node-preview', + 'node-iso', + 'node-usb', + ], + } + +# compute a new key +def compute_key(): + # Generate 32 random bytes + bytes = random.sample(xrange(0, 256), 32) + # Base64 encode their string representation + key = base64.b64encode("".join(map(chr, bytes))) + # Boot Manager cannot handle = in the key + # XXX this sounds wrong, as it might prevent proper decoding + key = key.replace("=", "") + return key class GetBootMedium(Method): """ This method is a redesign based on former, supposedly dedicated, AdmGenerateNodeConfFile - As compared with its ancestor, this method provides a much more detailed + As compared with its ancestor, this method provides a much more detailed interface, that allows to - (*) either just preview the node config file (in which case + (*) either just preview the node config file -- in which case the node key is NOT recomputed, and NOT provided in the output (*) or regenerate the node config file for storage on a floppy that is, exactly what the ancestor method used todo, @@ -59,7 +64,10 @@ class GetBootMedium(Method): (*) or just provide the generic ISO or USB boot images in which case of course the node_id_or_hostname parameter is not used - action is expected among the following string constants + action is expected among the following string constants according the + node type value: + + for a 'regular' node: (*) node-preview (*) node-floppy (*) node-iso @@ -69,8 +77,8 @@ class GetBootMedium(Method): Apart for the preview mode, this method generates a new node key for the specified node, effectively invalidating any old boot medium. - - Non-admins can only generate files for nodes at their sites. + Note that 'reservable' nodes do not support 'node-floppy', + 'generic-iso' nor 'generic-usb'. In addition, two return mechanisms are supported. (*) The default behaviour is that the file's content is returned as a @@ -89,17 +97,35 @@ class GetBootMedium(Method): - %s : a file suffix appropriate in the context (.txt, .iso or the like) - %v : the bootcd version string (e.g. 4.0) - %p : the PLC name + - %f : the nodefamily + - %a : arch With the file-based return mechanism, the method returns the full pathname - of the result file; it is the caller's responsability to remove - this file after use. - - Options: an optional array of keywords. Currently supported are - - 'serial' + of the result file; + ** WARNING ** + It is the caller's responsability to remove this file after use. + + Options: an optional array of keywords. + options are not supported for generic images + Currently supported are + - 'partition' - for USB actions only - 'cramfs' - + - 'serial' or 'serial:' + console_spec (or 'default') is passed as-is to bootcd/build.sh + it is expected to be a colon separated string denoting + tty - baudrate - parity - bits + e.g. ttyS0:115200:n:8 + - 'variant:' + passed to build.sh as -V + variants are used to run a different kernel on the bootCD + see kvariant.sh for how to create a variant + - 'no-hangcheck' - disable hangcheck + + Tags: the following tags are taken into account when attached to the node: + 'serial', 'cramfs', 'kvariant', 'kargs', 'no-hangcheck' + Security: - When the user's role is not admin, the provided directory *must* be under - the %d area + - Non-admins can only generate files for nodes at their sites. + - Non-admins, when they provide a filename, *must* specify it in the %d area Housekeeping: Whenever needed, the method stores intermediate files in a @@ -114,18 +140,18 @@ class GetBootMedium(Method): Auth(), Mixed(Node.fields['node_id'], Node.fields['hostname']), - Parameter (str, "Action mode, expected in " + "|".join(boot_medium_actions)), + Parameter (str, "Action mode, expected value depends of the type of node"), Parameter (str, "Empty string for verbatim result, resulting file full path otherwise"), Parameter ([str], "Options"), ] - returns = Parameter(str, "Node boot medium, either inlined, or filename, depending to the filename parameter") + returns = Parameter(str, "Node boot medium, either inlined, or filename, depending on the filename parameter") - BOOTCDDIR = "/usr/share/bootcd/" - BOOTCDBUILD = "/usr/share/bootcd/build.sh" - GENERICDIR = "/var/www/html/download/" - NODEDIR = "/var/tmp/bootmedium/results" - WORKDIR = "/var/tmp/bootmedium/work" + # define globals for regular nodes, override later for other types + BOOTCDDIR = "/usr/share/bootcd-@NODEFAMILY@/" + BOOTCDBUILD = "/usr/share/bootcd-@NODEFAMILY@/build.sh" + GENERICDIR = "/var/www/html/download-@NODEFAMILY@/" + WORKDIR = "/var/tmp/bootmedium" DEBUG = False # uncomment this to preserve temporary area and bootcustom logs #DEBUG = True @@ -140,9 +166,15 @@ class GetBootMedium(Method): raise PLCInvalidArgument, "Node hostname %s is invalid"%node['hostname'] return parts - # plnode.txt content + # Generate the node (plnode.txt) configuration content. + # + # This function will create the configuration file a node + # composed by: + # - a common part, regardless of the 'node_type' tag + # - XXX a special part, depending on the 'node_type' tag value. def floppy_contents (self, node, renew_key): + # Do basic checks if node['peer_id'] is not None: raise PLCInvalidArgument, "Not a local node" @@ -152,26 +184,21 @@ class GetBootMedium(Method): if node['site_id'] not in self.caller['site_ids']: raise PLCPermissionDenied, "Not allowed to generate a configuration file for %s"%node['hostname'] - # Get node networks for this node + # Get interface for this node primary = None - nodenetworks = NodeNetworks(self.api, node['nodenetwork_ids']) - for nodenetwork in nodenetworks: - if nodenetwork['is_primary']: - primary = nodenetwork + interfaces = Interfaces(self.api, node['interface_ids']) + for interface in interfaces: + if interface['is_primary']: + primary = interface break if primary is None: raise PLCInvalidArgument, "No primary network configured on %s"%node['hostname'] ( host, domain ) = self.split_hostname (node) + # renew the key and save it on the database if renew_key: - # Generate 32 random bytes - bytes = random.sample(xrange(0, 256), 32) - # Base64 encode their string representation - node['key'] = base64.b64encode("".join(map(chr, bytes))) - # XXX Boot Manager cannot handle = in the key - node['key'] = node['key'].replace("=", "") - # Save it + node['key'] = compute_key() node.sync() # Generate node configuration file suitable for BootCD @@ -180,6 +207,8 @@ class GetBootMedium(Method): if renew_key: file += 'NODE_ID="%d"\n' % node['node_id'] file += 'NODE_KEY="%s"\n' % node['key'] + # not used anywhere, just a note for operations people + file += 'KEY_RENEWAL_DATE="%s"\n' % time.strftime('%Y/%m/%d at %H:%M +0000',time.gmtime()) if primary['mac']: file += 'NET_DEVICE="%s"\n' % primary['mac'].lower() @@ -198,8 +227,8 @@ class GetBootMedium(Method): file += 'HOST_NAME="%s"\n' % host file += 'DOMAIN_NAME="%s"\n' % domain - # define various nodenetwork settings attached to the primary nodenetwork - settings = NodeNetworkSettings (self.api, {'nodenetwork_id':nodenetwork['nodenetwork_id']}) + # define various interface settings attached to the primary interface + settings = InterfaceTags (self.api, {'interface_id':interface['interface_id']}) categories = set() for setting in settings: @@ -207,109 +236,240 @@ class GetBootMedium(Method): categories.add(setting['category']) for category in categories: - category_settings = NodeNetworkSettings(self.api,{'nodenetwork_id':nodenetwork['nodenetwork_id'], + category_settings = InterfaceTags(self.api,{'interface_id':interface['interface_id'], 'category':category}) if category_settings: file += '### Category : %s\n'%category for setting in category_settings: - file += '%s_%s="%s"\n'%(category.upper(),setting['name'].upper(),setting['value']) + file += '%s_%s="%s"\n'%(category.upper(),setting['tagname'].upper(),setting['value']) - for nodenetwork in nodenetworks: - if nodenetwork['method'] == 'ipmi': - file += 'IPMI_ADDRESS="%s"\n' % nodenetwork['ip'] - if nodenetwork['mac']: - file += 'IPMI_MAC="%s"\n' % nodenetwork['mac'].lower() + for interface in interfaces: + if interface['method'] == 'ipmi': + file += 'IPMI_ADDRESS="%s"\n' % interface['ip'] + if interface['mac']: + file += 'IPMI_MAC="%s"\n' % interface['mac'].lower() break return file + # see also GetNodeFlavour that does similar things + def get_nodefamily (self, node, auth): + pldistro = self.api.config.PLC_FLAVOUR_NODE_PLDISTRO + fcdistro = self.api.config.PLC_FLAVOUR_NODE_FCDISTRO + arch = self.api.config.PLC_FLAVOUR_NODE_ARCH + if not node: + return (pldistro,fcdistro,arch) + + node_id=node['node_id'] + + # no support for deployment-based BootCD's, use kvariants instead + node_pldistro = GetNodePldistro (self.api).call(auth, node_id) + if node_pldistro: pldistro = node_pldistro + + node_fcdistro = GetNodeFcdistro (self.api).call(auth, node_id) + if node_fcdistro: fcdistro = node_fcdistro + + node_arch = GetNodeArch (self.api).call(auth,node_id) + if node_arch: arch = node_arch + + return (pldistro,fcdistro,arch) + def bootcd_version (self): try: - f = open (self.BOOTCDDIR + "/build/version.txt") - version=f.readline().strip() - finally: - f.close() - return version + return file(self.BOOTCDDIR + "/build/version.txt").readline().strip() + except: + raise Exception,"Unknown boot cd version - probably wrong bootcd dir : %s"%self.BOOTCDDIR + + def cleantrash (self): + for file in self.trash: + if self.DEBUG: + print 'DEBUG -- preserving',file + else: + os.unlink(file) + + ### handle filename + # build the filename string + # check for permissions and concurrency + # returns the filename + def handle_filename (self, filename, nodename, suffix, arch): + # allow to set filename to None or any other empty value + if not filename: filename='' + filename = filename.replace ("%d",self.WORKDIR) + filename = filename.replace ("%n",nodename) + filename = filename.replace ("%s",suffix) + filename = filename.replace ("%p",self.api.config.PLC_NAME) + # let's be cautious + try: filename = filename.replace ("%f", self.nodefamily) + except: pass + try: filename = filename.replace ("%a", arch) + except: pass + try: filename = filename.replace ("%v",self.bootcd_version()) + except: pass - def cleandir (self,tempdir): - if not self.DEBUG: - os.system("rm -rf %s"%tempdir) + ### Check filename location + if filename != '': + if 'admin' not in self.caller['roles']: + if ( filename.index(self.WORKDIR) != 0): + raise PLCInvalidArgument, "File %s not under %s"%(filename,self.WORKDIR) + + ### output should not exist (concurrent runs ..) + if os.path.exists(filename): + raise PLCInvalidArgument, "Resulting file %s already exists"%filename + + ### we can now safely create the file, + ### either we are admin or under a controlled location + filedir=os.path.dirname(filename) + # dirname does not return "." for a local filename like its shell counterpart + if filedir: + if not os.path.exists(filedir): + try: + os.makedirs (filedir,0777) + except: + raise PLCPermissionDenied, "Could not create dir %s"%filedir + + return filename + + # Build the command line to be executed + # according the node type + def build_command(self, node_type, build_sh_spec, node_image, type, floppy_file, log_file): + + command = "" + + # regular node, make build's arguments + # and build the full command line to be called + if node_type in [ 'regular', 'reservable' ]: + + build_sh_options="" + if "cramfs" in build_sh_spec: + type += "_cramfs" + if "serial" in build_sh_spec: + build_sh_options += " -s %s"%build_sh_spec['serial'] + if "variant" in build_sh_spec: + build_sh_options += " -V %s"%build_sh_spec['variant'] + + for karg in build_sh_spec['kargs']: + build_sh_options += ' -k "%s"'%karg + + log_file="%s.log"%node_image + + command = '%s -f "%s" -o "%s" -t "%s" %s &> %s' % (self.BOOTCDBUILD, + floppy_file, + node_image, + type, + build_sh_options, + log_file) + + if self.DEBUG: + print "The build command line is %s" % command + + return command def call(self, auth, node_id_or_hostname, action, filename, options = []): - ### check action - if action not in boot_medium_actions: - raise PLCInvalidArgument, "Unknown action %s"%action + self.trash=[] ### compute file suffix and type if action.find("-iso") >= 0 : suffix=".iso" - type = ["iso"] + type = "iso" elif action.find("-usb") >= 0: suffix=".usb" - type = ["usb"] + type = "usb" else: suffix=".txt" - type = ["txt"] - - if type != "txt": - if 'serial' in options: - suffix = "-serial" + suffix - type.insert(1, "serial") - if 'cramfs' in options: - suffix = "-cramfs" + suffix - # XXX must be the same index as above - type.insert(1, "cramfs") - type = "_".join(type) - - ### compute a 8 bytes random number - tempbytes = random.sample (xrange(0,256), 8); - def hexa2 (c): - return chr((c>>4)+65) + chr ((c&16)+65) - temp = "".join(map(hexa2,tempbytes)) - - ### check node if needed + type = "txt" + + # check for node existence and get node_type + nodes = Nodes(self.api, [node_id_or_hostname]) + if not nodes: + raise PLCInvalidArgument, "No such node %r"%node_id_or_hostname + node = nodes[0] + + if self.DEBUG: print "%s required on node %s. Node type is: %s" \ + % (action, node['node_id'], node['node_type']) + + # check the required action against the node type + node_type = node['node_type'] + if action not in allowed_actions[node_type]: + raise PLCInvalidArgument, "Action %s not valid for %s nodes, valid actions are %s" \ + % (action, node_type, "|".join(allowed_actions[node_type])) + + # handle / canonicalize options + if type == "txt": + if options: + raise PLCInvalidArgument, "Options are not supported for node configs" + else: + # create a dict for build.sh + build_sh_spec={'kargs':[]} + # use node tags as defaults + # check for node tag equivalents + tags = NodeTags(self.api, + {'node_id': node['node_id'], + 'tagname': ['serial', 'cramfs', 'kvariant', 'kargs', 'no-hangcheck']}, + ['tagname', 'value']) + if tags: + for tag in tags: + if tag['tagname'] == 'serial': + build_sh_spec['serial'] = tag['value'] + if tag['tagname'] == 'cramfs': + build_sh_spec['cramfs'] = True + if tag['tagname'] == 'kvariant': + build_sh_spec['variant'] = tag['value'] + if tag['tagname'] == 'kargs': + build_sh_spec['kargs'] += tag['value'].split() + if tag['tagname'] == 'no-hangcheck': + build_sh_spec['kargs'].append('hcheck_reboot0') + # then options can override tags + for option in options: + if option == "cramfs": + build_sh_spec['cramfs']=True + elif option == 'partition': + if type != "usb": + raise PLCInvalidArgument, "option 'partition' is for USB images only" + else: + type="usb_partition" + elif option == "serial": + build_sh_spec['serial']='default' + elif option.find("serial:") == 0: + build_sh_spec['serial']=option.replace("serial:","") + elif option.find("variant:") == 0: + build_sh_spec['variant']=option.replace("variant:","") + elif option == "no-hangcheck": + build_sh_spec['kargs'].append('hcheck_reboot0') + else: + raise PLCInvalidArgument, "unknown option %s"%option + + # compute nodename according the action if action.find("node-") == 0: - nodes = Nodes(self.api, [node_id_or_hostname]) - if not nodes: - raise PLCInvalidArgument, "No such node %r"%node_id_or_hostname - node = nodes[0] nodename = node['hostname'] - else: node = None - nodename = temp + # compute a 8 bytes random number + tempbytes = random.sample (xrange(0,256), 8); + def hexa2 (c): return chr((c>>4)+65) + chr ((c&16)+65) + nodename = "".join(map(hexa2,tempbytes)) + + # get nodefamily + (pldistro,fcdistro,arch) = self.get_nodefamily(node,auth) + self.nodefamily="%s-%s-%s"%(pldistro,fcdistro,arch) + + # apply on globals + for attr in [ "BOOTCDDIR", "BOOTCDBUILD", "GENERICDIR" ]: + setattr(self,attr,getattr(self,attr).replace("@NODEFAMILY@",self.nodefamily)) - ### handle filename - filename = filename.replace ("%d",self.NODEDIR) - filename = filename.replace ("%n",nodename) - filename = filename.replace ("%s",suffix) - filename = filename.replace ("%p",self.api.config.PLC_NAME) - # only if filename contains "%v", bootcd is maybe not avail ? - if filename.find("%v") >=0: - filename = filename.replace ("%v",self.bootcd_version()) - - ### Check filename location - if filename != '': - if 'admin' not in self.caller['roles']: - if ( filename.index(self.NODEDIR) != 0): - raise PLCInvalidArgument, "File %s not under %s"%(filename,self.NODEDIR) - - ### output should not exist (concurrent runs ..) - if os.path.exists(filename): - raise PLCInvalidArgument, "Resulting file %s already exists"%filename - - ### we can now safely create the file, - ### either we are admin or under a controlled location - if not os.path.exists(os.path.dirname(filename)): - try: - os.makedirs (os.path.dirname(filename),0777) - except: - raise PLCPermissionDenied, "Could not create dir %s"%os.path.dirname(filename) - + filename = self.handle_filename(filename, nodename, suffix, arch) + # log call + if node: + self.message='GetBootMedium on node %s - action=%s'%(nodename,action) + self.event_objects={'Node': [ node ['node_id'] ]} + else: + self.message='GetBootMedium - generic - action=%s'%action + ### generic media if action == 'generic-iso' or action == 'generic-usb': + if options: + raise PLCInvalidArgument, "Options are not supported for generic images" # this raises an exception if bootcd is missing version = self.bootcd_version() generic_name = "%s-BootCD-%s%s"%(self.api.config.PLC_NAME, @@ -318,29 +478,19 @@ class GetBootMedium(Method): generic_path = "%s/%s" % (self.GENERICDIR,generic_name) if filename: - ret=os.system ("cp %s %s"%(generic_path,filename)) + ret=os.system ('cp "%s" "%s"'%(generic_path,filename)) if ret==0: return filename else: - raise PLCPermissionDenied, "Could not copy %s into"%(generic_path,filename) + raise PLCPermissionDenied, "Could not copy %s into %s"%(generic_path,filename) else: ### return the generic medium content as-is, just base64 encoded return base64.b64encode(file(generic_path).read()) - ### floppy preview - if action == 'node-preview': - floppy = self.floppy_contents (node,False) - if filename: - try: - file(filename,'w').write(floppy) - except: - raise PLCPermissionDenied, "Could not write into %s"%filename - return filename - else: - return floppy - - if action == 'node-floppy': - floppy = self.floppy_contents (node,True) + ### config file preview or regenerated + if action == 'node-preview' or action == 'node-floppy': + renew_key = (action == 'node-floppy') + floppy = self.floppy_contents (node,renew_key) if filename: try: file(filename,'w').write(floppy) @@ -351,6 +501,12 @@ class GetBootMedium(Method): return floppy ### we're left with node-iso and node-usb + # the steps involved in the image creation are: + # - create and test the working environment + # - generate the configuration file + # - build and invoke the build command + # - delivery the resulting image file + if action == 'node-iso' or action == 'node-usb': ### check we've got required material @@ -359,54 +515,60 @@ class GetBootMedium(Method): if not os.path.isfile(self.BOOTCDBUILD): raise PLCAPIError, "Cannot locate bootcd/build.sh script %s"%self.BOOTCDBUILD - # need a temporary area - tempdir = "%s/%s"%(self.WORKDIR,nodename) - if not os.path.isdir(tempdir): + # create the workdir if needed + if not os.path.isdir(self.WORKDIR): try: - os.makedirs(tempdir,0777) + os.makedirs(self.WORKDIR,0777) + os.chmod(self.WORKDIR,0777) except: - raise PLCPermissionDenied, "Could not create dir %s"%tempdir + raise PLCPermissionDenied, "Could not create dir %s"%self.WORKDIR try: # generate floppy config - floppy = self.floppy_contents(node,True) + floppy_text = self.floppy_contents(node,True) # store it - node_floppy = "%s/%s"%(tempdir,nodename) + floppy_file = "%s/%s.txt"%(self.WORKDIR,nodename) try: - file(node_floppy,"w").write(floppy) + file(floppy_file,"w").write(floppy_text) except: - raise PLCPermissionDenied, "Could not write into %s"%node_floppy - - node_image = "%s/%s"%(tempdir,nodename) - # invoke build.sh - build_command = '%s -f "%s" -O "%s" -t "%s" &> %s.log' % (self.BOOTCDBUILD, - node_floppy, - node_image, - type, - node_image) - if self.DEBUG: - print 'build command:',build_command - ret=os.system(build_command) + raise PLCPermissionDenied, "Could not write into %s"%floppy_file + + self.trash.append(floppy_file) + + node_image = "%s/%s%s"%(self.WORKDIR,nodename,suffix) + log_file="%s.log"%node_image + + command = self.build_command(node_type, build_sh_spec, node_image, type, floppy_file, log_file) + + # invoke the image build script + if command != "": + ret=os.system(command) + if ret != 0: - raise PLCPermissionDenied,"build.sh failed to create node-specific medium" + raise PLCAPIError, "%s failed Command line was: %s Error logs: %s" % \ + (self.BOOTCDBUILD, command, file(log_file).read()) + + self.trash.append(log_file) - node_image += suffix if not os.path.isfile (node_image): raise PLCAPIError,"Unexpected location of build.sh output - %s"%node_image - # cache result + # handle result if filename: - ret=os.system("mv %s %s"%(node_image,filename)) + ret=os.system('mv "%s" "%s"'%(node_image,filename)) if ret != 0: + self.trash.append(node_image) + self.cleantrash() raise PLCAPIError, "Could not move node image %s into %s"%(node_image,filename) - self.cleandir(tempdir) + self.cleantrash() return filename else: result = file(node_image).read() - self.cleandir(tempdir) + self.trash.append(node_image) + self.cleantrash() return base64.b64encode(result) except: - self.cleandir(tempdir) + self.cleantrash() raise # we're done here, or we missed something