X-Git-Url: http://git.onelab.eu/?a=blobdiff_plain;f=sfa%2Fmanagers%2Faggregate_manager_pl.py;h=ae4215a8cee4c06f2ab8cdfb7f9a434c901a2432;hb=eababa96fb603cdd552bc03091813544b099befd;hp=2bdfc21f46b3a52b4f9daacc2cccc1c8ff1a4476;hpb=b8e5bdd74a1734016305ac1aa2542ff7b087422e;p=sfa.git diff --git a/sfa/managers/aggregate_manager_pl.py b/sfa/managers/aggregate_manager_pl.py index 2bdfc21f..ae4215a8 100644 --- a/sfa/managers/aggregate_manager_pl.py +++ b/sfa/managers/aggregate_manager_pl.py @@ -5,21 +5,198 @@ import datetime import time import traceback import sys - +import re from types import StringTypes -from sfa.util.misc import * +from sfa.util.namespace import * from sfa.util.rspec import * from sfa.util.specdict import * from sfa.util.faults import * -from sfa.util.record import GeniRecord +from sfa.util.record import SfaRecord from sfa.util.policy import Policy from sfa.util.record import * from sfa.util.sfaticket import SfaTicket -from sfa.server.registry import Registries -from sfa.util.debug import log +from sfa.plc.slices import Slices +from sfa.trust.credential import Credential import sfa.plc.peers as peers +from sfa.plc.network import * +from sfa.plc.api import SfaAPI +from sfa.plc.slices import * + + +def __get_registry_objects(slice_xrn, creds, users): + """ + + """ + hrn, type = urn_to_hrn(slice_xrn) + + hrn_auth = get_authority(hrn) + + # Build up objects that an SFA registry would return if SFA + # could contact the slice's registry directly + reg_objects = None + + if users: + # dont allow special characters in the site login base + #only_alphanumeric = re.compile('[^a-zA-Z0-9]+') + #login_base = only_alphanumeric.sub('', hrn_auth[:20]).lower() + slicename = hrn_to_pl_slicename(hrn) + login_base = slicename.split('_')[0] + reg_objects = {} + + site = {} + site['site_id'] = 0 + site['name'] = 'geni.%s' % login_base + site['enabled'] = True + site['max_slices'] = 100 + + # Note: + # Is it okay if this login base is the same as one already at this myplc site? + # Do we need uniqueness? Should use hrn_auth instead of just the leaf perhaps? + site['login_base'] = login_base + site['abbreviated_name'] = login_base + site['max_slivers'] = 1000 + reg_objects['site'] = site + + slice = {} + slice['expires'] = int(time.mktime(Credential(string=creds[0]).get_lifetime().timetuple())) + slice['hrn'] = hrn + slice['name'] = hrn_to_pl_slicename(hrn) + slice['url'] = hrn + slice['description'] = hrn + slice['pointer'] = 0 + reg_objects['slice_record'] = slice + + reg_objects['users'] = {} + for user in users: + user['key_ids'] = [] + hrn, _ = urn_to_hrn(user['urn']) + user['email'] = hrn + "@geni.net" + user['first_name'] = hrn + user['last_name'] = hrn + reg_objects['users'][user['email']] = user + + return reg_objects + +def __get_hostnames(nodes): + hostnames = [] + for node in nodes: + hostnames.append(node.hostname) + return hostnames + +def get_version(): + version = {} + version['geni_api'] = 1 + version['sfa'] = 1 + return version + +def slice_status(api, slice_xrn, creds): + result = {} + result['geni_urn'] = slice_xrn + result['geni_status'] = 'unknown' + result['geni_resources'] = {} + return result + +def create_slice(api, slice_xrn, creds, rspec, users): + """ + Create the sliver[s] (slice) at this aggregate. + Verify HRN and initialize the slice record in PLC if necessary. + """ + + reg_objects = __get_registry_objects(slice_xrn, creds, users) + + hrn, type = urn_to_hrn(slice_xrn) + peer = None + slices = Slices(api) + peer = slices.get_peer(hrn) + sfa_peer = slices.get_sfa_peer(hrn) + registry = api.registries[api.hrn] + credential = api.getCredential() + site_id, remote_site_id = slices.verify_site(registry, credential, hrn, + peer, sfa_peer, reg_objects) + + slice_record = slices.verify_slice(registry, credential, hrn, site_id, + remote_site_id, peer, sfa_peer, reg_objects) + + network = Network(api) + + slice = network.get_slice(api, hrn) + slice.peer_id = slice_record['peer_slice_id'] + current = __get_hostnames(slice.get_nodes()) + + network.addRSpec(rspec, api.config.SFA_AGGREGATE_RSPEC_SCHEMA) + request = __get_hostnames(network.nodesWithSlivers()) + + # remove nodes not in rspec + deleted_nodes = list(set(current).difference(request)) + + # add nodes from rspec + added_nodes = list(set(request).difference(current)) + + try: + if peer: + api.plshell.UnBindObjectFromPeer(api.plauth, 'slice', slice.id, peer) + + api.plshell.AddSliceToNodes(api.plauth, slice.name, added_nodes) + api.plshell.DeleteSliceFromNodes(api.plauth, slice.name, deleted_nodes) + + network.updateSliceTags() + + finally: + if peer: + api.plshell.BindObjectToPeer(api.plauth, 'slice', slice.id, peer, + slice.peer_id) + + # print network.toxml() + + return True + + +def renew_slice(api, xrn, creds, exipration_time): + hrn, type = urn_to_hrn(xrn) + slicename = hrn_to_pl_slicename(hrn) + slices = api.plshell.GetSlices(api.plauth, {'name': slicename}, ['slice_id']) + if not slices: + raise RecordNotFound(hrn) + slice = slices[0] + slice['expires'] = expiration_time + api.plshell.UpdateSlice(api.plauth, slice['slice_id'], slice) + return 1 + +def start_slice(api, xrn, creds): + hrn, type = urn_to_hrn(xrn) + slicename = hrn_to_pl_slicename(hrn) + slices = api.plshell.GetSlices(api.plauth, {'name': slicename}, ['slice_id']) + if not slices: + raise RecordNotFound(hrn) + slice_id = slices[0]['slice_id'] + slice_tags = api.plshell.GetSliceTags(api.plauth, {'slice_id': slice_id, 'tagname': 'enabled'}, ['slice_tag_id']) + # just remove the tag if it exists + if slice_tags: + api.plshell.DeleteSliceTag(api.plauth, slice_tags[0]['slice_tag_id']) + + return 1 + +def stop_slice(api, xrn, creds): + hrn, type = urn_to_hrn(xrn) + slicename = hrn_to_pl_slicename(hrn) + slices = api.plshell.GetSlices(api.plauth, {'name': slicename}, ['slice_id']) + if not slices: + raise RecordNotFound(hrn) + slice_id = slices[0]['slice_id'] + slice_tags = api.plshell.GetSliceTags(api.plauth, {'slice_id': slice_id, 'tagname': 'enabled'}) + if not slice_tags: + api.plshell.AddSliceTag(api.plauth, slice_id, 'enabled', '0') + elif slice_tags[0]['value'] != "0": + tag_id = attributes[0]['slice_tag_id'] + api.plshell.UpdateSliceTag(api.plauth, tag_id, '0') + return 1 -def delete_slice(api, hrn): +def reset_slice(api, xrn): + # XX not implemented at this interface + return 1 + +def delete_slice(api, xrn, creds): + hrn, type = urn_to_hrn(xrn) slicename = hrn_to_pl_slicename(hrn) slices = api.plshell.GetSlices(api.plauth, {'name': slicename}) if not slices: @@ -28,32 +205,84 @@ def delete_slice(api, hrn): # determine if this is a peer slice peer = peers.get_peer(api, hrn) - if peer: - api.plshell.UnBindObjectFromPeer(api.plauth, 'slice', slice['slice_id'], peer) - api.plshell.DeleteSliceFromNodes(api.plauth, slicename, slice['node_ids']) - if peer: - api.plshell.BindObjectToPeer(api.plauth, 'slice', slice['slice_id'], peer, slice['peer_slice_id']) + try: + if peer: + api.plshell.UnBindObjectFromPeer(api.plauth, 'slice', slice['slice_id'], peer) + api.plshell.DeleteSliceFromNodes(api.plauth, slicename, slice['node_ids']) + finally: + if peer: + api.plshell.BindObjectToPeer(api.plauth, 'slice', slice['slice_id'], peer, slice['peer_slice_id']) return 1 -def create_slice(api, hrn, rspec): - # XX just import the legacy module and excute that until - # we transition the code to this module - from sfa.plc.slices import Slices - slices = Slices(api) - slices.create_slice(hrn, rspec) - -def get_ticket(api, slice_hrn, rspec): - # the the slice record - registries = Registries(api) - registry = registries[api.hrn] - credential = self.api.getCredential() - records = registry.resolve(credential, slice_hrn) +def get_slices(api, creds): + # look in cache first + if api.cache: + slices = api.cache.get('slices') + if slices: + return slices + + # get data from db + slices = api.plshell.GetSlices(api.plauth, {'peer_id': None}, ['name']) + slice_hrns = [slicename_to_hrn(api.hrn, slice['name']) for slice in slices] + slice_urns = [hrn_to_urn(slice_hrn, 'slice') for slice_hrn in slice_hrns] + + # cache the result + if api.cache: + api.cache.add('slices', slice_urns) + + return slice_urns +def get_rspec(api, creds, options): + # get slice's hrn from options + xrn = options.get('geni_slice_urn', None) + hrn, type = urn_to_hrn(xrn) + + # look in cache first + if api.cache and not xrn: + rspec = api.cache.get('nodes') + if rspec: + return rspec + + network = Network(api) + if (hrn): + if network.get_slice(api, hrn): + network.addSlice() + + rspec = network.toxml() + + # cache the result + if api.cache and not xrn: + api.cache.add('nodes', rspec) + + return rspec + + +def get_ticket(api, xrn, creds, rspec, users): + + reg_objects = __get_registry_objects(xrn, creds, users) + + slice_hrn, type = urn_to_hrn(xrn) + slices = Slices(api) + peer = slices.get_peer(slice_hrn) + sfa_peer = slices.get_sfa_peer(slice_hrn) + + # get the slice record + registry = api.registries[api.hrn] + credential = api.getCredential() + records = registry.Resolve(xrn, credential) + + # similar to create_slice, we must verify that the required records exist + # at this aggregate before we can issue a ticket + site_id, remote_site_id = slices.verify_site(registry, credential, slice_hrn, + peer, sfa_peer, reg_objects) + slice = slices.verify_slice(registry, credential, slice_hrn, site_id, + remote_site_id, peer, sfa_peer, reg_objects) + # make sure we get a local slice record - record = None + record = None for tmp_record in records: - if record['type'] == 'slice' and \ - not record['peer_authority']: + if tmp_record['type'] == 'slice' and \ + not tmp_record['peer_authority']: record = SliceRecord(dict=tmp_record) if not record: raise RecordNotFound(slice_hrn) @@ -62,93 +291,44 @@ def get_ticket(api, slice_hrn, rspec): slivers = Slices(api).get_slivers(slice_hrn) if not slivers: raise SliverDoesNotExist(slice_hrn) - + # get initscripts - initscripts = None + initscripts = [] data = { 'timestamp': int(time.time()), 'initscripts': initscripts, 'slivers': slivers } - + # create the ticket - auth_hrn = record['authority'] - auth_info = api.auth.get_auth_info(auth_hrn) object_gid = record.get_gid_object() new_ticket = SfaTicket(subject = object_gid.get_subject()) new_ticket.set_gid_caller(api.auth.client_gid) new_ticket.set_gid_object(object_gid) - new_ticket.set_issuer(key=auth_info.get_pkey_object(), subject=auth_hrn) + new_ticket.set_issuer(key=api.key, subject=api.hrn) new_ticket.set_pubkey(object_gid.get_pubkey()) new_ticket.set_attributes(data) new_ticket.set_rspec(rspec) - new_ticket.set_parent(api.auth.hierarchy.get_auth_ticket(auth_hrn)) + #new_ticket.set_parent(api.auth.hierarchy.get_auth_ticket(auth_hrn)) new_ticket.encode() new_ticket.sign() return new_ticket.save_to_string(save_parents=True) -def start_slice(api, hrn): - slicename = hrn_to_pl_slicename(hrn) - slices = api.plshell.GetSlices(api.plauth, {'name': slicename}, ['slice_id']) - if not slices: - raise RecordNotFound(hrn) - slice_id = slices[0] - attributes = api.plshell.GetSliceTags(api.plauth, {'slice_id': slice_id, 'name': 'enabled'}, ['slice_attribute_id']) - attribute_id = attreibutes[0]['slice_attribute_id'] - api.plshell.UpdateSliceTag(api.plauth, attribute_id, "1" ) - - return 1 - -def stop_slice(api, hrn): - slicename = hrn_to_pl_slicename(hrn) - slices = api.plshell.GetSlices(api.plauth, {'name': slicename}, ['slice_id']) - if not slices: - raise RecordNotFound(hrn) - slice_id = slices[0]['slice_id'] - attributes = api.plshell.GetSliceTags(api.plauth, {'slice_id': slice_id, 'name': 'enabled'}, ['slice_attribute_id']) - attribute_id = attributes[0]['slice_attribute_id'] - api.plshell.UpdateSliceTag(api.plauth, attribute_id, "0") - return 1 - -def reset_slice(api, hrn): - # XX not implemented at this interface - return 1 - -def get_slices(api): - # XX just import the legacy module and excute that until - # we transition the code to this module - from sfa.plc.slices import Slices - slices = Slices(api) - slices.refresh() - return slices['hrn'] - - -def get_rspec(api, hrn=None, caller_cred=None): - from sfa.plc.nodes import Nodes - nodes = Nodes(api, caller_cred=caller_cred) - if hrn: - rspec = nodes.get_rspec(hrn) - else: - nodes.refresh() - rspec = nodes['rspec'] - - return rspec -""" -Returns the request context required by sfatables. At some point, this mechanism should be changed -to refer to "contexts", which is the information that sfatables is requesting. But for now, we just -return the basic information needed in a dict. -""" -def fetch_context(slice_hrn, user_hrn, contexts): - base_context = {'sfa':{'user':{'hrn':user_hrn}}} - return base_context def main(): - r = RSpec() - r.parseFile(sys.argv[1]) - rspec = r.toDict() - create_slice(None,'plc.princeton.tmacktestslice',rspec) + api = SfaAPI() + """ + rspec = get_rspec(api, "plc.princeton.sapan", None) + #rspec = get_rspec(api, "plc.princeton.coblitz", None) + #rspec = get_rspec(api, "plc.pl.sirius", None) + print rspec + """ + f = open(sys.argv[1]) + xml = f.read() + f.close() + create_slice(api, "plc.princeton.sapan", xml) if __name__ == "__main__": main()