X-Git-Url: http://git.onelab.eu/?a=blobdiff_plain;f=db-config;h=618fc610c4c15c7f9ce30c6f9b73ea0ae7d7f0c7;hb=cb1c71c3059e8b09b3b8b7e70baa39641afd5859;hp=833657aa2b3d56b68610118a6b5b1cc91e1588a0;hpb=bdc3b2afbe0007b7e8de74039143e582ebe82485;p=myplc.git diff --git a/db-config b/db-config index 833657a..618fc61 100755 --- a/db-config +++ b/db-config @@ -7,7 +7,7 @@ # Mark Huang # Copyright (C) 2006 The Trustees of Princeton University # -# $Id: db-config,v 1.1 2006/06/23 20:33:44 mlhuang Exp $ +# $Id: db-config,v 1.12 2006/12/12 16:33:45 thierry Exp $ # from plc_config import PLCConfiguration @@ -53,9 +53,7 @@ def main(): site = { 'site_id': 1, 'name': plc['name'] + " Central", 'abbreviated_name': plc['name'], - # XXX Default site slice_prefix/login_base must be "pl_" - # 'login_base': plc['slice_prefix'], - 'login_base': "pl", + 'login_base': plc['slice_prefix'], 'is_public': False, 'url': url, 'max_slices': 100 } @@ -69,10 +67,8 @@ def main(): site['name'] sites = [site] - # Must call AdmUpdateSite() even after AdmAddSite() to update max_slices + # Must call UpdateSite() even after AddSite() to update max_slices site_id = sites[0]['site_id'] - # XXX login_base cannot be updated - del site['login_base'] UpdateSite(site_id, site) # The default administrator account must be associated with a site @@ -88,7 +84,7 @@ def main(): default_conf_files = [ # NTP configuration {'enabled': True, - 'source': 'PlanetLabConf/ntpconf.php', + 'source': 'PlanetLabConf/ntp.conf.php', 'dest': '/etc/ntp.conf', 'file_permissions': '644', 'file_owner': 'root', @@ -99,7 +95,7 @@ def main(): 'ignore_cmd_errors': False, 'always_update': False}, {'enabled': True, - 'source': 'PlanetLabConf/ntptickers.php', + 'source': 'PlanetLabConf/ntp/step-tickers.php', 'dest': '/etc/ntp/step-tickers', 'file_permissions': '644', 'file_owner': 'root', @@ -131,7 +127,7 @@ def main(): 'file_owner': 'root', 'file_group': 'root', 'preinstall_cmd': '', - 'postinstall_cmd': '', + 'postinstall_cmd': '/bin/chmod 700 /root/.ssh', 'error_cmd': '', 'ignore_cmd_errors': False, 'always_update': False}, @@ -142,7 +138,7 @@ def main(): 'file_owner': 'site_admin', 'file_group': 'site_admin', 'preinstall_cmd': 'grep -q site_admin /etc/passwd', - 'postinstall_cmd': '', + 'postinstall_cmd': '/bin/chmod 700 /home/site_admin/.ssh', 'error_cmd': '', 'ignore_cmd_errors': False, 'always_update': False}, @@ -153,7 +149,7 @@ def main(): 'file_owner': 'pl_admin', 'file_group': 'pl_admin', 'preinstall_cmd': 'grep -q pl_admin /etc/passwd', - 'postinstall_cmd': '', + 'postinstall_cmd': '/bin/chmod 700 /home/pl_admin/.ssh', 'error_cmd': '', 'ignore_cmd_errors': False, 'always_update': False}, @@ -254,9 +250,10 @@ def main(): 'ignore_cmd_errors': False, 'always_update': False}, + # XXX Required for old Node Manager # Node Manager configuration {'enabled': True, - 'source': 'PlanetLabConf/pl_nm-v3.conf', + 'source': 'PlanetLabConf/pl_nm.conf', 'dest': '/etc/planetlab/pl_nm.conf', 'file_permissions': '644', 'file_owner': 'root', @@ -300,9 +297,10 @@ def main(): 'ignore_cmd_errors': False, 'always_update': False}, + # XXX Required for old Node Manager # Proper configuration {'enabled': True, - 'source': 'PlanetLabConf/propd-NM-1.0.conf', + 'source': 'PlanetLabConf/propd.conf', 'dest': '/etc/proper/propd.conf', 'file_permissions': '644', 'file_owner': 'root', @@ -313,6 +311,7 @@ def main(): 'ignore_cmd_errors': True, 'always_update': False}, + # XXX Required for old Node Manager # Bandwidth cap {'enabled': True, 'source': 'PlanetLabConf/bwlimit.php', @@ -361,7 +360,7 @@ def main(): 'postinstall_cmd': '/sbin/iptables-restore --noflush < /etc/planetlab/blacklist', 'error_cmd': '', 'ignore_cmd_errors': True, - 'always_update': True}, + 'always_update': False}, # /etc/issue {'enabled': True, @@ -387,11 +386,11 @@ def main(): 'postinstall_cmd': '/sbin/sysctl -e -p /etc/sysctl.conf', 'error_cmd': '', 'ignore_cmd_errors': False, - 'always_update': True}, + 'always_update': False}, # Sendmail configuration {'enabled': True, - 'source': 'PlanetLabConf/alpha-sendmail.mc', + 'source': 'PlanetLabConf/sendmail.mc', 'dest': '/etc/mail/sendmail.mc', 'file_permissions': '644', 'file_owner': 'root', @@ -402,7 +401,7 @@ def main(): 'ignore_cmd_errors': False, 'always_update': False}, {'enabled': True, - 'source': 'PlanetLabConf/alpha-sendmail.cf', + 'source': 'PlanetLabConf/sendmail.cf', 'dest': '/etc/mail/sendmail.cf', 'file_permissions': '644', 'file_owner': 'root', @@ -452,7 +451,7 @@ def main(): # sudo configuration {'enabled': True, - 'source': 'PlanetLabConf/v3-sudoers.php', + 'source': 'PlanetLabConf/sudoers', 'dest': '/etc/sudoers', 'file_permissions': '440', 'file_owner': 'root', @@ -475,7 +474,6 @@ def main(): # Create/update default PlanetLabConf entries for default_conf_file in default_conf_files: - print "Considering", default_conf_file['dest'] if default_conf_file['dest'] not in dests: AddConfFile(default_conf_file) else: @@ -485,49 +483,79 @@ def main(): # Setup default slice attribute types default_attribute_types = [ # Slice type (only vserver is supported) - {'name': "plc_slice_type", - 'description': "Type of slice rspec to be created", + {'name': "type", + 'description': "Type of slice (e.g. vserver)", 'min_role_id': 20}, + # System slice + {'name': "system", + 'description': "Is a default system slice (1) or not (0 or unset)", + 'min_role_id': 10}, + + # Slice enabled (1) or suspended (0) + {'name': "enabled", + 'description': "Slice enabled (1 or unset) or suspended (0)", + 'min_role_id': 10}, + + # Slice reference image + {'name': "vref", + 'description': "Reference image", + 'min_role_id': 30}, + # Slice initialization script {'name': "initscript", - 'description': "slice initialization script", + 'description': "Slice initialization script", 'min_role_id': 10}, - # CPU share (general_prop_share is deprecated) - {'name': "general_prop_share", - 'description': "general share", + # CPU share + {'name': "cpu_min", + 'description': "Minimum CPU share (ms/s)", 'min_role_id': 10}, - {'name': "nm_cpu_share", - 'description': "Number of CPU shares to be allocated to slice", + {'name': "cpu_share", + 'description': "Number of CPU shares", 'min_role_id': 10}, # Bandwidth limits - {'name': "nm_net_min_rate", - 'description': "Minimum network Tx bandwidth (bps)", + {'name': "net_min", + 'description': "Minimum bandwidth (bps)", + 'min_role_id': 10}, + {'name': "net_max", + 'description': "Maximum bandwidth (bps)", 'min_role_id': 10}, - {'name': "nm_net_max_rate", - 'description': "Maximum network Tx bandwidth (bps)", + {'name': "net_avg", + 'description': "Average bandwidth (bps)", 'min_role_id': 10}, - {'name': "nm_net_avg_rate", - 'description': "Average daily network Tx bandwidth (bps)", + {'name': "net_share", + 'description': "Number of bandwidth shares", 'min_role_id': 10}, - {'name': "nm_net_exempt_min_rate", - 'description': "Minimum network Tx bandwidth to Internet2 destinations (bps)", + {'name': "net2_min", + 'description': "Minimum bandwidth over routes exempt from node bandwidth limits (bps)", 'min_role_id': 10}, - {'name': "nm_net_exempt_max_rate", - 'description': "Maximum network Tx bandwidth to Internet2 destinations (bps)", + {'name': "net2_max", + 'description': "Maximum bandwidth over routes exempt from node bandwidth limits (bps)", 'min_role_id': 10}, - {'name': "nm_net_exempt avg_rate", - 'description': "Average daily network Tx bandwidth to Internet2 destinations (bps)", + {'name': "net2_avg", + 'description': "Average bandwidth over routes exempt from node bandwidth limits (bps)", + 'min_role_id': 10}, + {'name': "net2_share", + 'description': "Number of bandwidth shares over routes exempt from node bandwidth limits", 'min_role_id': 10}, # Disk quota - {'name': "nm_disk_quota", + {'name': "disk_max", 'description': "Disk quota (1k disk blocks)", 'min_role_id': 10}, + # Proper operations + {'name': "proper_op", + 'description': "Proper operation (e.g. bind_socket)", + 'min_role_id': 10}, + + # XXX Required for old Node Manager # Special attributes applicable to Slice Creation Service (pl_conf) slice + {'name': "plc_slice_type", + 'description': "Type of slice rspec to be created", + 'min_role_id': 20}, {'name': "plc_agent_version", 'description': "Version of PLC agent (slice creation service) software to be deployed", 'min_role_id': 10}, @@ -550,7 +578,7 @@ def main(): # Get contents of SSL public certificate used for signing slice tickets try: plc_ticket_pubkey = "" - for line in file(plc_ma_sa['ssl_key_pub']): + for line in file(plc_ma_sa['ca_ssl_key_pub']): # Skip comments if line[0:5] != "-----": # XXX The embedded newlines matter, do not strip()! @@ -559,33 +587,165 @@ def main(): plc_ticket_pubkey = '%KEY%' # Create/update system slices - slices = [{'name': "pl_conf", - 'description': "PlanetLab Slice Creation Service (SCS)", - 'url': url, - 'instantiation': "plc-instantiated", - # Renew forever - 'expires': sys.maxint, - 'attributes': {'plc_slice_type': "VServerSlice", - 'plc_agent_version': "1.0", - 'plc_ticket_pubkey': plc_ticket_pubkey}}, - {'name': "pl_conf_vserverslice", - 'description': "Default attributes for vserver slices", - 'url': url, - 'instantiation': "plc-instantiated", - # Renew forever - 'expires': sys.maxint, - 'attributes': {'nm_cpu_share': "32", - 'plc_slice_type': "VServerSlice", - 'nm_disk_quota': "5000000"}}] - for slice in slices: - try: - UpdateSlice(slice['name'], slice) - except: - AddSlice(slice) - # Create/update all attributes - for attribute, value in slice['attributes'].iteritems(): - AddSliceAttribute(slice['name'], attribute, value) + legacy_slices = [ + # XXX Required for old Node Manager + {'name': "pl_conf", + 'description': "PlanetLab Slice Creation Service (SCS)", + 'url': url, + 'instantiation': "plc-instantiated", + # Renew forever + 'expires': sys.maxint, + 'attributes': [('plc_slice_type', "VServerSlice"), + ('plc_agent_version', "1.0"), + ('plc_ticket_pubkey', plc_ticket_pubkey)]}, + + # XXX Required for old Node Manager + {'name': "pl_conf_vserverslice", + 'description': "Default attributes for vserver slices", + 'url': url, + 'instantiation': "plc-instantiated", + # Renew forever + 'expires': sys.maxint, + 'attributes': [('cpu_share', "32"), + ('plc_slice_type', "VServerSlice"), + ('disk_max', "5000000")]}, + ] + default_slices = [ + # PlanetFlow + {'name': plc['slice_prefix'] + "_netflow", + 'description': "PlanetFlow Traffic Auditing Service", + 'url': url, + 'instantiation': "plc-instantiated", + # Renew forever + 'expires': sys.maxint, + 'attributes': [('system', "1"), + ('vref', "planetflow"), + ('proper_op', "open file=/etc/passwd, flags=r"), + ('proper_op', "create_socket"), + ('proper_op', "bind_socket")]}, + ] + + ### xxx - to review once new node manager rolls out + # if PLC_SLICE_PREFIX is left to default - this is meant for the public PL only + if plc['slice_prefix'] == 'pl': + # create both legacy slices together with netflow through default_slices + default_slices += legacy_slices + else: + # we use another slice prefix : disable legacy slices if already created + for legacy_slice in legacy_slices: + try: + DeleteSlice(legacy_slice['name']) + except: + pass + + for default_slice in default_slices: + slices = GetSlices([default_slice['name']]) + if slices: + slice = slices[0] + UpdateSlice(slice['slice_id'], default_slice) + else: + AddSlice(default_slice) + slice = GetSlices([default_slice['name']])[0] + # Create/update all attributes + slice_attributes = [] + if slice['slice_attribute_ids']: + # Delete unknown attributes + for slice_attribute in GetSliceAttributes(slice['slice_attribute_ids']): + if (slice_attribute['name'], slice_attribute['value']) \ + not in default_slice['attributes']: + DeleteSliceAttribute(slice_attribute['slice_attribute_id']) + else: + slice_attributes.append((slice_attribute['name'], slice_attribute['value'])) + + for (name, value) in default_slice['attributes']: + if (name, value) not in slice_attributes: + AddSliceAttribute(slice['name'], name, value) + + # Load default email templates + email_templates = [ + {'message_id': 'JOIN_REQUEST_APPROVED', + 'subject': "Your request to join PlanetLab has been approved", + 'template': """ + Your request to join PlanetLab has been approved! + + At this point PI and tech contact accounts have been created + and enabled. You will not be able to create slices until at + least one node is up and running correctly. To use these + accounts, you must first reset your password to obtain a + new one. Once logged in, please change your password. + + Instructions for setting up your nodes can be found at: + http://%s/consortium/setup_procedure.php + + Please direct any questions to PlanetLab Support, thank you! + + %s + http://%s + """ + }, + {'message_id': 'JOIN_REQUEST_APPROVED_PL', + 'subject': "The join request for %s has been approved", + 'template':""" + The join request for %s has been approved. + + To view the details of this site, visit: + https://%s/db/sites/detail.php?site_id=%d + """ + }, + {'message_id': 'ACCOUNT_REGISTERED', + 'subject': "New account registration from %s at %s", + 'template': """ + %s has signed up for a new PlanetLab account at %s, but + has not yet been enabled. The following roles have been + requested:%s + + If this account includes a PI role, we require an email from + the current PI at that site indicating this is acceptable. + If this account includes Admin role, another PlanetLab administrator + will have to enable the account. For User and Tech roles, any site PI + can enable the account. + + If this account is registered at a site that does not have a PI, + this email is also being sent to PlanetLab support for further + followup. + + To view details and enable this account, visit: + https://%s/db/accounts/detail.php?person_id=%s + + %s + http://%s + """ + }, + {'message_id': 'PASSWORD_RESET_INITIATE', + 'subject': "PlanetLab password reset", + 'template': """ + Someone initiated a password reset on your PlanetLab account. If this + was you, you may continue with the reset, by visiting: + + https://%s/db/login/reset_passwd.php?key=%s&id=%s + + If this was not you, please contact PlanetLab support about this + request. Please do not share the above link with anyone, as it can be + used to gain access to your account. If responding to support, delete + the link before sending. Thank you. + + %s + http://%s + """ + } + ] + + for template in email_templates: + messages = GetMessages([template['message_id']]) + if not messages: + AddMessage(template) + if __name__ == '__main__': main() + +# Local variables: +# tab-width: 4 +# mode: python +# End: