X-Git-Url: http://git.onelab.eu/?a=blobdiff_plain;f=sfa%2Fplanetlab%2Fplslices.py;h=e868acd187251be8aa85563f85b24804a6ed5113;hb=7eb34251548a271ae964b2f7d7e0fad7a1e41f5a;hp=3828e0b654c0d7fb3bb782755f9f6284315d3e2d;hpb=95128849e52d7fa8379fe4ab82e209d9a34fe6da;p=sfa.git diff --git a/sfa/planetlab/plslices.py b/sfa/planetlab/plslices.py index 3828e0b6..e868acd1 100644 --- a/sfa/planetlab/plslices.py +++ b/sfa/planetlab/plslices.py @@ -1,5 +1,4 @@ import time -from types import StringTypes from collections import defaultdict from sfa.util.sfatime import utcparse, datetime_to_epoch @@ -8,29 +7,31 @@ from sfa.util.xrn import Xrn, get_leaf, get_authority, urn_to_hrn from sfa.rspecs.rspec import RSpec from sfa.planetlab.vlink import VLink from sfa.planetlab.topology import Topology -from sfa.planetlab.plxrn import PlXrn, hrn_to_pl_slicename, xrn_to_hostname +from sfa.planetlab.plxrn import (PlXrn, hrn_to_pl_slicename, xrn_to_hostname, + top_auth, hash_loginbase) from sfa.storage.model import SliverAllocation -from sfa.storage.alchemy import dbsession -MAXINT = 2L**31-1 +MAXINT = 2L**31 - 1 + class PlSlices: - rspec_to_slice_tag = {'max_rate':'net_max_rate'} + rspec_to_slice_tag = {'max_rate': 'net_max_rate'} def __init__(self, driver): self.driver = driver def get_slivers(self, xrn, node=None): hrn, type = urn_to_hrn(xrn) - + slice_name = hrn_to_pl_slicename(hrn) # XX Should we just call PLCAPI.GetSliceTicket(slice_name) instead # of doing all of this? - #return self.driver.shell.GetSliceTicket(self.auth, slice_name) - + # return self.driver.shell.GetSliceTicket(self.auth, slice_name) + # from PLCAPI.GetSlivers.get_slivers() - slice_fields = ['slice_id', 'name', 'instantiation', 'expires', 'person_ids', 'slice_tag_ids'] + slice_fields = ['slice_id', 'name', 'instantiation', + 'expires', 'person_ids', 'slice_tag_ids'] slices = self.driver.shell.GetSlices(slice_name, slice_fields) # Build up list of users and slice attributes person_ids = set() @@ -41,10 +42,12 @@ class PlSlices: person_ids = list(person_ids) all_slice_tag_ids = list(all_slice_tag_ids) # Get user information - all_persons_list = self.driver.shell.GetPersons({'person_id':person_ids,'enabled':True}, ['person_id', 'enabled', 'key_ids']) + all_persons_list = self.driver.shell.GetPersons( + {'person_id': person_ids, 'enabled': True}, + ['person_id', 'enabled', 'key_ids']) all_persons = {} for person in all_persons_list: - all_persons[person['person_id']] = person + all_persons[person['person_id']] = person # Build up list of keys key_ids = set() @@ -52,7 +55,8 @@ class PlSlices: key_ids.update(person['key_ids']) key_ids = list(key_ids) # Get user account keys - all_keys_list = self.driver.shell.GetKeys(key_ids, ['key_id', 'key', 'key_type']) + all_keys_list = self.driver.shell.GetKeys( + key_ids, ['key_id', 'key', 'key_type']) all_keys = {} for key in all_keys_list: all_keys[key['key_id']] = key @@ -61,7 +65,7 @@ class PlSlices: all_slice_tags = {} for slice_tag in all_slice_tags_list: all_slice_tags[slice_tag['slice_tag_id']] = slice_tag - + slivers = [] for slice in slices: keys = [] @@ -74,13 +78,13 @@ class PlSlices: if key_id in all_keys: key = all_keys[key_id] keys += [{'key_type': key['key_type'], - 'key': key['key']}] + 'key': key['key']}] attributes = [] # All (per-node and global) attributes for this slice slice_tags = [] for slice_tag_id in slice['slice_tag_ids']: if slice_tag_id in all_slice_tags: - slice_tags.append(all_slice_tags[slice_tag_id]) + slice_tags.append(all_slice_tags[slice_tag_id]) # Per-node sliver attributes take precedence over global # slice attributes, so set them first. # Then comes nodegroup slice attributes @@ -88,32 +92,39 @@ class PlSlices: sliver_attributes = [] if node is not None: - for sliver_attribute in filter(lambda a: a['node_id'] == node['node_id'], slice_tags): + for sliver_attribute in filter( + lambda a: a['node_id'] == node['node_id'], + slice_tags): sliver_attributes.append(sliver_attribute['tagname']) attributes.append({'tagname': sliver_attribute['tagname'], - 'value': sliver_attribute['value']}) + 'value': sliver_attribute['value']}) # set nodegroup slice attributes - for slice_tag in filter(lambda a: a['nodegroup_id'] in node['nodegroup_ids'], slice_tags): + for slice_tag in filter( + lambda a: a['nodegroup_id'] in node['nodegroup_ids'], + slice_tags): # Do not set any nodegroup slice attributes for # which there is at least one sliver attribute # already set. if slice_tag not in slice_tags: attributes.append({'tagname': slice_tag['tagname'], - 'value': slice_tag['value']}) + 'value': slice_tag['value']}) - for slice_tag in filter(lambda a: a['node_id'] is None, slice_tags): + for slice_tag in filter( + lambda a: a['node_id'] is None, + slice_tags): # Do not set any global slice attributes for # which there is at least one sliver attribute # already set. if slice_tag['tagname'] not in sliver_attributes: attributes.append({'tagname': slice_tag['tagname'], - 'value': slice_tag['value']}) + 'value': slice_tag['value']}) # XXX Sanity check; though technically this should be a system invariant # checked with an assertion - if slice['expires'] > MAXINT: slice['expires']= MAXINT - + if slice['expires'] > MAXINT: + slice['expires'] = MAXINT + slivers.append({ 'hrn': hrn, 'name': slice['name'], @@ -125,28 +136,6 @@ class PlSlices: }) return slivers - - def get_peer(self, xrn): - hrn, type = urn_to_hrn(xrn) - # Becaues of myplc federation, we first need to determine if this - # slice belongs to out local plc or a myplc peer. We will assume it - # is a local site, unless we find out otherwise - peer = None - - # get this slice's authority (site) - slice_authority = get_authority(hrn) - - # get this site's authority (sfa root authority or sub authority) - site_authority = get_authority(slice_authority).lower() - - # check if we are already peered with this site_authority, if so - peers = self.driver.shell.GetPeers({}, ['peer_id', 'peername', 'shortname', 'hrn_root']) - for peer_record in peers: - names = [name.lower() for name in peer_record.values() if isinstance(name, StringTypes)] - if site_authority in names: - peer = peer_record - - return peer def get_sfa_peer(self, xrn): hrn, type = urn_to_hrn(xrn) @@ -161,113 +150,127 @@ class PlSlices: return sfa_peer - def verify_slice_leases(self, slice, rspec_requested_leases, peer): + def verify_slice_leases(self, slice, rspec_requested_leases): - leases = self.driver.shell.GetLeases({'name':slice['name'], 'clip':int(time.time())}, ['lease_id','name', 'hostname', 't_from', 't_until']) + leases = self.driver.shell.GetLeases( + {'name': slice['name'], 'clip': int(time.time())}, + ['lease_id', 'name', 'hostname', 't_from', 't_until']) grain = self.driver.shell.GetLeaseGranularity() requested_leases = [] for lease in rspec_requested_leases: - requested_lease = {} - slice_name = hrn_to_pl_slicename(lease['slice_id']) - if slice_name != slice['name']: - continue - elif Xrn(lease['component_id']).get_authority_urn().split(':')[0] != self.driver.hrn: - continue - - hostname = xrn_to_hostname(lease['component_id']) - # fill the requested node with nitos ids - requested_lease['name'] = slice['name'] - requested_lease['hostname'] = hostname - requested_lease['t_from'] = int(lease['start_time']) - requested_lease['t_until'] = int(lease['duration']) * grain + int(lease['start_time']) - requested_leases.append(requested_lease) - - - - # prepare actual slice leases by lease_id + requested_lease = {} + slice_hrn, _ = urn_to_hrn(lease['slice_id']) + + top_auth_hrn = top_auth(slice_hrn) + site_hrn = '.'.join(slice_hrn.split('.')[:-1]) + slice_part = slice_hrn.split('.')[-1] + if top_auth_hrn == self.driver.hrn: + login_base = slice_hrn.split('.')[-2][:12] + else: + login_base = hash_loginbase(site_hrn) + + slice_name = '_'.join([login_base, slice_part]) + + if slice_name != slice['name']: + continue + elif (Xrn(lease['component_id']).get_authority_urn().split(':')[0] + != self.driver.hrn): + continue + + hostname = xrn_to_hostname(lease['component_id']) + # fill the requested node with nitos ids + requested_lease['name'] = slice['name'] + requested_lease['hostname'] = hostname + requested_lease['t_from'] = int(lease['start_time']) + requested_lease['t_until'] = int( + lease['duration']) * grain + int(lease['start_time']) + requested_leases.append(requested_lease) + + # prepare actual slice leases by lease_id leases_by_id = {} for lease in leases: - leases_by_id[lease['lease_id']] = {'name': lease['name'], 'hostname': lease['hostname'], \ - 't_from': lease['t_from'], 't_until': lease['t_until']} - + leases_by_id[lease['lease_id']] = { + 'name': lease['name'], 'hostname': lease['hostname'], + 't_from': lease['t_from'], 't_until': lease['t_until']} + added_leases = [] kept_leases_id = [] deleted_leases_id = [] for lease_id in leases_by_id: - if leases_by_id[lease_id] not in requested_leases: - deleted_leases_id.append(lease_id) - else: - kept_leases_id.append(lease_id) - requested_leases.remove(leases_by_id[lease_id]) + if leases_by_id[lease_id] not in requested_leases: + deleted_leases_id.append(lease_id) + else: + kept_leases_id.append(lease_id) + requested_leases.remove(leases_by_id[lease_id]) added_leases = requested_leases - try: - if peer: - self.driver.shell.UnBindObjectFromPeer('slice', slice['slice_id'], peer['shortname']) self.driver.shell.DeleteLeases(deleted_leases_id) for lease in added_leases: - self.driver.shell.AddLeases(lease['hostname'], slice['name'], lease['t_from'], lease['t_until']) + self.driver.shell.AddLeases( + lease['hostname'], slice['name'], + lease['t_from'], lease['t_until']) - except: + except Exception: logger.log_exc('Failed to add/remove slice leases') return leases + def verify_slice_nodes(self, slice_urn, slice, rspec_nodes): - def verify_slice_nodes(self, slice_urn, slice, rspec_nodes, peer): - slivers = {} for node in rspec_nodes: hostname = node.get('component_name') client_id = node.get('client_id') - component_id = node.get('component_id').strip() + component_id = node.get('component_id').strip() if hostname: hostname = hostname.strip() elif component_id: hostname = xrn_to_hostname(component_id) if hostname: - slivers[hostname] = {'client_id': client_id, 'component_id': component_id} - - nodes = self.driver.shell.GetNodes(slice['node_ids'], ['node_id', 'hostname', 'interface_ids']) + slivers[hostname] = { + 'client_id': client_id, 'component_id': component_id} + + nodes = self.driver.shell.GetNodes( + slice['node_ids'], ['node_id', 'hostname', 'interface_ids']) current_slivers = [node['hostname'] for node in nodes] # remove nodes not in rspec deleted_nodes = list(set(current_slivers).difference(slivers.keys())) # add nodes from rspec - added_nodes = list(set(slivers.keys()).difference(current_slivers)) + added_nodes = list(set(slivers.keys()).difference(current_slivers)) try: - if peer: - self.driver.shell.UnBindObjectFromPeer('slice', slice['slice_id'], peer['shortname']) self.driver.shell.AddSliceToNodes(slice['name'], added_nodes) - self.driver.shell.DeleteSliceFromNodes(slice['name'], deleted_nodes) - - except: + self.driver.shell.DeleteSliceFromNodes( + slice['name'], deleted_nodes) + + except Exception: logger.log_exc('Failed to add/remove slice from nodes') - slices = self.driver.shell.GetSlices(slice['name'], ['node_ids']) + slices = self.driver.shell.GetSlices(slice['name'], ['node_ids']) resulting_nodes = self.driver.shell.GetNodes(slices[0]['node_ids']) # update sliver allocations for node in resulting_nodes: client_id = slivers[node['hostname']]['client_id'] component_id = slivers[node['hostname']]['component_id'] - sliver_hrn = '%s.%s-%s' % (self.driver.hrn, slice['slice_id'], node['node_id']) + sliver_hrn = '{}.{}-{}'.format(self.driver.hrn, + slice['slice_id'], node['node_id']) sliver_id = Xrn(sliver_hrn, type='sliver').urn - record = SliverAllocation(sliver_id=sliver_id, client_id=client_id, + record = SliverAllocation(sliver_id=sliver_id, client_id=client_id, component_id=component_id, - slice_urn = slice_urn, - allocation_state='geni_allocated') - record.sync() + slice_urn=slice_urn, + allocation_state='geni_allocated') + record.sync(self.driver.api.dbsession()) return resulting_nodes def free_egre_key(self): used = set() for tag in self.driver.shell.GetSliceTags({'tagname': 'egre_key'}): - used.add(int(tag['value'])) + used.add(int(tag['value'])) for i in range(1, 256): if i not in used: @@ -279,16 +282,16 @@ class PlSlices: return str(key) def verify_slice_links(self, slice, requested_links, nodes): - + if not requested_links: return # exit if links are not supported here topology = Topology() if not topology: - return + return - # build dict of nodes + # build dict of nodes nodes_dict = {} interface_ids = [] for node in nodes: @@ -298,402 +301,407 @@ class PlSlices: interfaces = self.driver.shell.GetInterfaces(interface_ids) interfaces_dict = {} for interface in interfaces: - interfaces_dict[interface['interface_id']] = interface + interfaces_dict[interface['interface_id']] = interface slice_tags = [] - + # set egre key slice_tags.append({'name': 'egre_key', 'value': self.free_egre_key()}) - + # set netns slice_tags.append({'name': 'netns', 'value': '1'}) - # set cap_net_admin + # set cap_net_admin # need to update the attribute string? - slice_tags.append({'name': 'capabilities', 'value': 'CAP_NET_ADMIN'}) - + slice_tags.append({'name': 'capabilities', 'value': 'CAP_NET_ADMIN'}) + for link in requested_links: # get the ip address of the first node in the link ifname1 = Xrn(link['interface1']['component_id']).get_leaf() - ifname_parts = ifname1.split(':') - node_raw = ifname_parts[0] - device = None - if len(ifname_parts) > 1: - device = ifname_parts[1] - node_id = int(node_raw.replace('node', '')) - node = nodes_dict[node_id] - if1 = interfaces_dict[node['interface_ids'][0]] - ipaddr = if1['ip'] - topo_rspec = VLink.get_topo_rspec(link, ipaddr) - # set topo_rspec tag - slice_tags.append({'name': 'topo_rspec', 'value': str([topo_rspec]), 'node_id': node_id}) - # set vini_topo tag - slice_tags.append({'name': 'vini_topo', 'value': 'manual', 'node_id': node_id}) - #self.driver.shell.AddSliceTag(slice['name'], 'topo_rspec', str([topo_rspec]), node_id) - - self.verify_slice_attributes(slice, slice_tags, {'append': True}, admin=True) - - - - def handle_peer(self, site, slice, persons, peer): - if peer: - # bind site - try: - if site: - self.driver.shell.BindObjectToPeer('site', site['site_id'], peer['shortname'], slice['site_id']) - except Exception,e: - self.driver.shell.DeleteSite(site['site_id']) - raise e - - # bind slice - try: - if slice: - self.driver.shell.BindObjectToPeer('slice', slice['slice_id'], peer['shortname'], slice['slice_id']) - except Exception,e: - self.driver.shell.DeleteSlice(slice['slice_id']) - raise e - - # bind persons - for person in persons: - try: - self.driver.shell.BindObjectToPeer('person', - person['person_id'], peer['shortname'], person['peer_person_id']) - - for (key, remote_key_id) in zip(person['keys'], person['key_ids']): - try: - self.driver.shell.BindObjectToPeer( 'key', key['key_id'], peer['shortname'], remote_key_id) - except: - self.driver.shell.DeleteKey(key['key_id']) - logger("failed to bind key: %s to peer: %s " % (key['key_id'], peer['shortname'])) - except Exception,e: - self.driver.shell.DeletePerson(person['person_id']) - raise e - - return slice - - def verify_site(self, slice_xrn, slice_record={}, peer=None, sfa_peer=None, options={}): + + if ifname1: + ifname_parts = ifname1.split(':') + node_raw = ifname_parts[0] + device = None + if len(ifname_parts) > 1: + device = ifname_parts[1] + node_id = int(node_raw.replace('node', '')) + node = nodes_dict[node_id] + if1 = interfaces_dict[node['interface_ids'][0]] + ipaddr = if1['ip'] + topo_rspec = VLink.get_topo_rspec(link, ipaddr) + # set topo_rspec tag + slice_tags.append({'name': 'topo_rspec', 'value': str( + [topo_rspec]), 'node_id': node_id}) + # set vini_topo tag + slice_tags.append( + {'name': 'vini_topo', 'value': 'manual', 'node_id': node_id}) + #self.driver.shell.AddSliceTag(slice['name'], 'topo_rspec', str([topo_rspec]), node_id) + + self.verify_slice_tags(slice, slice_tags, { + 'pltags': 'append'}, admin=True) + + def verify_site(self, slice_xrn, + slice_record=None, sfa_peer=None, options=None): + if slice_record is None: + slice_record = {} + if options is None: + options = {} (slice_hrn, type) = urn_to_hrn(slice_xrn) - site_hrn = get_authority(slice_hrn) - # login base can't be longer than 20 characters - slicename = hrn_to_pl_slicename(slice_hrn) - authority_name = slicename.split('_')[0] - login_base = authority_name[:20] - sites = self.driver.shell.GetSites(login_base) - if not sites: + top_auth_hrn = top_auth(slice_hrn) + site_hrn = '.'.join(slice_hrn.split('.')[:-1]) + if top_auth_hrn == self.driver.hrn: + login_base = slice_hrn.split('.')[-2][:12] + else: + login_base = hash_loginbase(site_hrn) + + # filter sites by hrn + sites = self.driver.shell.GetSites( + {'peer_id': None, 'hrn': site_hrn}, + ['site_id', 'name', 'abbreviated_name', 'login_base', 'hrn']) + + # alredy exists + if sites: + site = sites[0] + else: # create new site record - site = {'name': 'geni.%s' % authority_name, - 'abbreviated_name': authority_name, + site = {'name': 'sfa:{}'.format(site_hrn), + 'abbreviated_name': site_hrn, 'login_base': login_base, 'max_slices': 100, 'max_slivers': 1000, 'enabled': True, - 'peer_site_id': None} - if peer: - site['peer_site_id'] = slice_record.get('site_id', None) - site['site_id'] = self.driver.shell.AddSite(site) + 'peer_site_id': None, + 'hrn': site_hrn, + 'sfa_created': 'True', + } + site_id = self.driver.shell.AddSite(site) + # plcapi tends to mess with the incoming hrn so let's make sure + self.driver.shell.SetSiteHrn(site_id, site_hrn) + site['site_id'] = site_id # exempt federated sites from monitor policies - self.driver.shell.AddSiteTag(site['site_id'], 'exempt_site_until', "20200101") - -# # is this still necessary? -# # add record to the local registry -# if sfa_peer and slice_record: -# peer_dict = {'type': 'authority', 'hrn': site_hrn, \ -# 'peer_authority': sfa_peer, 'pointer': site['site_id']} -# self.registry.register_peer_object(self.credential, peer_dict) + self.driver.shell.AddSiteTag( + site_id, 'exempt_site_until', "20200101") + + return site + + def verify_slice(self, slice_hrn, slice_record, + sfa_peer, expiration, options=None): + if options is None: + options = {} + top_auth_hrn = top_auth(slice_hrn) + site_hrn = '.'.join(slice_hrn.split('.')[:-1]) + slice_part = slice_hrn.split('.')[-1] + if top_auth_hrn == self.driver.hrn: + login_base = slice_hrn.split('.')[-2][:12] else: - site = sites[0] - if peer: - # unbind from peer so we can modify if necessary. Will bind back later - self.driver.shell.UnBindObjectFromPeer('site', site['site_id'], peer['shortname']) - - return site - - def verify_slice(self, slice_hrn, slice_record, peer, sfa_peer, expiration, options={}): - slicename = hrn_to_pl_slicename(slice_hrn) - parts = slicename.split("_") - login_base = parts[0] - slices = self.driver.shell.GetSlices([slicename]) + login_base = hash_loginbase(site_hrn) + slice_name = '_'.join([login_base, slice_part]) + expires = int(datetime_to_epoch(utcparse(expiration))) - if not slices: - slice = {'name': slicename, - 'url': 'No Url', - 'description': 'No Description'} - # add the slice - slice['slice_id'] = self.driver.shell.AddSlice(slice) - slice['node_ids'] = [] - slice['person_ids'] = [] - if peer and slice_record: - slice['peer_slice_id'] = slice_record.get('slice_id', None) - # set the expiration - self.driver.shell.UpdateSlice(slice['slice_id'], {'expires': expires}) - else: + # Filter slices by HRN + slices = self.driver.shell.GetSlices( + {'peer_id': None, 'hrn': slice_hrn}, + ['slice_id', 'name', 'hrn', 'expires']) + + if slices: slice = slices[0] - if peer and slice_record: - slice['peer_slice_id'] = slice_record.get('slice_id', None) - # unbind from peer so we can modify if necessary. Will bind back later - self.driver.shell.UnBindObjectFromPeer('slice', slice['slice_id'], peer['shortname']) - - #Update expiration if necessary - if slice['expires'] != expires: - self.driver.shell.UpdateSlice( slice['slice_id'], {'expires' : expires}) - - return slice - - #def get_existing_persons(self, users): - def verify_persons(self, slice_hrn, slice_record, users, peer, sfa_peer, options={}): - users_by_email = {} - users_by_site = defaultdict(list) - users_dict = {} - for user in users: - user['urn'] = user['urn'].lower() - hrn, type = urn_to_hrn(user['urn']) - username = get_leaf(hrn) - login_base = PlXrn(xrn=user['urn']).pl_login_base() - user['username'] = username - user['site'] = login_base - - if 'email' in user: - user['email'] = user['email'].lower() - users_by_email[user['email']] = user - users_dict[user['email']] = user + slice_id = slice['slice_id'] + # Update expiration if necessary + if slice.get('expires', None) != expires: + self.driver.shell.UpdateSlice(slice_id, {'expires': expires}) + else: + if slice_record: + url = slice_record.get('url', slice_hrn) + description = slice_record.get('description', slice_hrn) else: - users_by_site[user['site']].append(user) - - # start building a list of existing users - existing_user_ids = [] - existing_user_ids_filter = [] - if users_by_email: - existing_user_ids_filter.extend(users_by_email.keys()) - if users_by_site: - for login_base in users_by_site: - users = users_by_site[login_base] - for user in users: - existing_user_ids_filter.append(user['username']+'@geni.net') - if existing_user_ids_filter: - # get existing users by email - existing_users = self.driver.shell.GetPersons({'email': existing_user_ids_filter}, - ['person_id', 'key_ids', 'email']) - existing_user_ids.extend([user['email'] for user in existing_users]) - - if users_by_site: - # get a list of user sites (based on requeste user urns - site_list = self.driver.shell.GetSites(users_by_site.keys(), \ - ['site_id', 'login_base', 'person_ids']) - # get all existing users at these sites - sites = {} - site_user_ids = [] - for site in site_list: - sites[site['site_id']] = site - site_user_ids.extend(site['person_ids']) - - existing_site_persons_list = self.driver.shell.GetPersons(site_user_ids, - ['person_id', 'key_ids', 'email', 'site_ids']) - - # all requested users are either existing users or new (added) users - for login_base in users_by_site: - requested_site_users = users_by_site[login_base] - for requested_user in requested_site_users: - user_found = False - for existing_user in existing_site_persons_list: - for site_id in existing_user['site_ids']: - if site_id in sites: - site = sites[site_id] - if login_base == site['login_base'] and \ - existing_user['email'].startswith(requested_user['username']+'@'): - existing_user_ids.append(existing_user['email']) - requested_user['email'] = existing_user['email'] - users_dict[existing_user['email']] = requested_user - user_found = True - break - if user_found: - break - - if user_found == False: - fake_email = requested_user['username'] + '@geni.net' - requested_user['email'] = fake_email - users_dict[fake_email] = requested_user - - # requested slice users - requested_user_ids = users_dict.keys() - # existing slice users - existing_slice_users_filter = {'person_id': slice_record.get('person_ids', [])} - existing_slice_users = self.driver.shell.GetPersons(existing_slice_users_filter, - ['person_id', 'key_ids', 'email']) - existing_slice_user_ids = [user['email'] for user in existing_slice_users] - - # users to be added, removed or updated - added_user_ids = set(requested_user_ids).difference(existing_user_ids) - added_slice_user_ids = set(requested_user_ids).difference(existing_slice_user_ids) - removed_user_ids = set(existing_slice_user_ids).difference(requested_user_ids) - updated_user_ids = set(existing_slice_user_ids).intersection(requested_user_ids) - - # Remove stale users (only if we are not appending). - # Append by default. - append = options.get('append', True) - if append == False: - for removed_user_id in removed_user_ids: - self.driver.shell.DeletePersonFromSlice(removed_user_id, slice_record['name']) - # update_existing users - updated_users_list = [user for user in users_dict.values() if user['email'] in \ - updated_user_ids] - self.verify_keys(existing_slice_users, updated_users_list, peer, options) - - added_persons = [] - # add new users - for added_user_id in added_user_ids: - added_user = users_dict[added_user_id] - hrn, type = urn_to_hrn(added_user['urn']) - person = { - 'first_name': added_user.get('first_name', hrn), - 'last_name': added_user.get('last_name', hrn), - 'email': added_user_id, - 'peer_person_id': None, - 'keys': [], - 'key_ids': added_user.get('key_ids', []), - } - person['person_id'] = self.driver.shell.AddPerson(person) - if peer: - person['peer_person_id'] = added_user['person_id'] - added_persons.append(person) - - # enable the account - self.driver.shell.UpdatePerson(person['person_id'], {'enabled': True}) - - # add person to site - self.driver.shell.AddPersonToSite(added_user_id, added_user['site']) - - for key_string in added_user.get('keys', []): - key = {'key':key_string, 'key_type':'ssh'} - key['key_id'] = self.driver.shell.AddPersonKey(person['person_id'], key) - person['keys'].append(key) - - # add the registry record -# if sfa_peer: -# peer_dict = {'type': 'user', 'hrn': hrn, 'peer_authority': sfa_peer, \ -# 'pointer': person['person_id']} -# self.registry.register_peer_object(self.credential, peer_dict) - - for added_slice_user_id in added_slice_user_ids.union(added_user_ids): - # add person to the slice - self.driver.shell.AddPersonToSlice(added_slice_user_id, slice_record['name']) - # if this is a peer record then it should already be bound to a peer. - # no need to return worry about it getting bound later - - return added_persons - - - def verify_keys(self, persons, users, peer, options={}): - # existing keys - key_ids = [] - for person in persons: - key_ids.extend(person['key_ids']) - keylist = self.driver.shell.GetKeys(key_ids, ['key_id', 'key']) - keydict = {} - for key in keylist: - keydict[key['key']] = key['key_id'] - existing_keys = keydict.keys() - persondict = {} - for person in persons: - persondict[person['email']] = person - - # add new keys - requested_keys = [] - updated_persons = [] + url = slice_hrn + description = slice_hrn + slice = {'name': slice_name, + 'url': url, + 'description': description, + 'hrn': slice_hrn, + 'sfa_created': 'True', + #'expires': expires, + } + # add the slice + slice_id = self.driver.shell.AddSlice(slice) + # plcapi tends to mess with the incoming hrn so let's make sure + self.driver.shell.SetSliceHrn(slice_id, slice_hrn) + # cannot be set with AddSlice + # set the expiration + self.driver.shell.UpdateSlice(slice_id, {'expires': expires}) + + return self.driver.shell.GetSlices(slice_id)[0] + + # in the following code, we use + # 'person' to denote a PLCAPI-like record with typically 'person_id' and 'email' + # 'user' to denote an incoming record with typically 'urn' and 'email' - we add 'hrn' in there + # 'slice_record': it seems like the first of these 'users' also contains a 'slice_record' + # key that holds stuff like 'hrn', 'slice_id', 'authority',... + # + def create_person_from_user(self, user, site_id): + user_hrn = user['hrn'] + # the value to use if 'user' has no 'email' attached - or if the attached email already exists + # typically + (auth_hrn, _, leaf) = user_hrn.rpartition('.') + # somehow this has backslashes, get rid of them + auth_hrn = auth_hrn.replace('\\', '') + default_email = "{}@{}.stub".format(leaf, auth_hrn) + + person_record = { + # required + 'first_name': user.get('first_name', user_hrn), + 'last_name': user.get('last_name', user_hrn), + 'email': user.get('email', default_email), + # our additions + 'enabled': True, + 'sfa_created': 'True', + 'hrn': user_hrn, + } + + logger.debug( + "about to attempt to AddPerson with {}".format(person_record)) + try: + # the thing is, the PLE db has a limitation on re-using the same e-mail + # in the case where people have an account on ple.upmc and then then come + # again from onelab.upmc, they will most likely have the same e-mail, and so kaboom.. + # so we first try with the accurate email + person_id = int(self.driver.shell.AddPerson(person_record)) + except: + logger.log_exc("caught during first attempt at AddPerson") + # and if that fails we start again with the email based on the hrn, + # which this time is unique.. + person_record['email'] = default_email + logger.debug("second chance with email={}".format( + person_record['email'])) + person_id = int(self.driver.shell.AddPerson(person_record)) + self.driver.shell.AddRoleToPerson('user', person_id) + self.driver.shell.AddPersonToSite(person_id, site_id) + # plcapi tends to mess with the incoming hrn so let's make sure + self.driver.shell.SetPersonHrn(person_id, user_hrn) + # also 'enabled':True does not seem to pass through with AddPerson + self.driver.shell.UpdatePerson(person_id, {'enabled': True}) + + return person_id + + def verify_persons(self, slice_hrn, slice_record, + users, sfa_peer, options=None): + if options is None: + options = {} + + # first we annotate the incoming users arg with a 'hrn' key + for user in users: + user['hrn'], _ = urn_to_hrn(user['urn']) + # this is for retrieving users from a hrn + users_by_hrn = {user['hrn']: user for user in users} + for user in users: - user_keys = user.get('keys', []) - updated_persons.append(user) - for key_string in user_keys: - requested_keys.append(key_string) - if key_string not in existing_keys: - key = {'key': key_string, 'key_type': 'ssh'} - try: - if peer: - person = persondict[user['email']] - self.driver.shell.UnBindObjectFromPeer('person', person['person_id'], peer['shortname']) - key['key_id'] = self.driver.shell.AddPersonKey(user['email'], key) - if peer: - key_index = user_keys.index(key['key']) - remote_key_id = user['key_ids'][key_index] - self.driver.shell.BindObjectToPeer('key', key['key_id'], peer['shortname'], remote_key_id) - - finally: - if peer: - self.driver.shell.BindObjectToPeer('person', person['person_id'], peer['shortname'], user['person_id']) - - # remove old keys (only if we are not appending) - append = options.get('append', True) - if append == False: - removed_keys = set(existing_keys).difference(requested_keys) - for existing_key_id in keydict: - if keydict[existing_key_id] in removed_keys: - try: - if peer: - self.driver.shell.UnBindObjectFromPeer('key', existing_key_id, peer['shortname']) - self.driver.shell.DeleteKey(existing_key_id) - except: - pass - - def verify_slice_attributes(self, slice, requested_slice_attributes, options={}, admin=False): - append = options.get('append', True) - # get list of attributes users ar able to manage + logger.debug("incoming user {}".format(user)) + + # compute the hrn's for the authority and site + top_auth_hrn = top_auth(slice_hrn) + site_hrn = '.'.join(slice_hrn.split('.')[:-1]) + slice_part = slice_hrn.split('.')[-1] + # deduce login_base and slice_name + if top_auth_hrn == self.driver.hrn: + login_base = slice_hrn.split('.')[-2][:12] + else: + login_base = hash_loginbase(site_hrn) + slice_name = '_'.join([login_base, slice_part]) + + # locate the site object + # due to a limitation in PLCAPI, we have to specify 'hrn' as part of + # the return fields + site = self.driver.shell.GetSites( + {'peer_id': None, 'hrn': site_hrn}, ['site_id', 'hrn'])[0] + site_id = site['site_id'] + + # locate the slice object + slice = self.driver.shell.GetSlices( + {'peer_id': None, 'hrn': slice_hrn}, + ['slice_id', 'hrn', 'person_ids'])[0] + slice_id = slice['slice_id'] + slice_person_ids = slice['person_ids'] + + # the common set of attributes for our calls to GetPersons + person_fields = ['person_id', 'email', 'hrn'] + + # for the intended set of hrns, locate existing persons + target_hrns = [user['hrn'] for user in users] + target_existing_persons = self.driver.shell.GetPersons( + {'peer_id': None, 'hrn': target_hrns}, person_fields) + target_existing_person_ids = [person['person_id'] + for person in target_existing_persons] + # find out the hrns that *do not* have a corresponding person + existing_hrns = [person['hrn'] for person in target_existing_persons] + tocreate_hrns = set(target_hrns) - set(existing_hrns) + # create these + target_created_person_ids = [self.create_person_from_user( + users_by_hrn[hrn], site_id) for hrn in tocreate_hrns] + + # we can partition the persons of interest into one of these 3 classes + add_person_ids = set(target_created_person_ids) | set( + target_existing_person_ids) - set(slice_person_ids) + keep_person_ids = set( + target_existing_person_ids) & set(slice_person_ids) + del_person_ids = set(slice_person_ids) - \ + set(target_existing_person_ids) + + # delete + for person_id in del_person_ids: + self.driver.shell.DeletePersonFromSlice(person_id, slice_id) + + # about the last 2 sets, for managing keys, we need to trace back person_id -> user + # and for this we need all the Person objects; we already have the target_existing ones + # also we avoid issuing a call if possible + target_created_persons = [] if not target_created_person_ids \ + else self.driver.shell.GetPersons( + {'peer_id': None, 'person_id': target_created_person_ids}, + person_fields) + persons_by_person_id = { + person['person_id']: person + for person in target_existing_persons + target_created_persons} + + def user_by_person_id(person_id): + person = persons_by_person_id[person_id] + hrn = person['hrn'] + return users_by_hrn[hrn] + + persons_to_verify_keys = {} + # add + for person_id in add_person_ids: + self.driver.shell.AddPersonToSlice(person_id, slice_id) + persons_to_verify_keys[person_id] = user_by_person_id(person_id) + # Update kept persons + for person_id in keep_person_ids: + persons_to_verify_keys[person_id] = user_by_person_id(person_id) + self.verify_keys(persons_to_verify_keys, options) + + # return hrns of the newly added persons + + return [persons_by_person_id[person_id]['hrn'] + for person_id in add_person_ids] + + def verify_keys(self, persons_to_verify_keys, options=None): + if options is None: + options = {} + # we only add keys that comes from sfa to persons in PL + for person_id in persons_to_verify_keys: + person_sfa_keys = persons_to_verify_keys[person_id].get('keys', []) + person_pl_keys = self.driver.shell.GetKeys( + {'person_id': int(person_id)}) + person_pl_keys_list = [key['key'] for key in person_pl_keys] + + keys_to_add = set(person_sfa_keys).difference(person_pl_keys_list) + + for key_string in keys_to_add: + key = {'key': key_string, 'key_type': 'ssh'} + self.driver.shell.AddPersonKey(int(person_id), key) + + def verify_slice_tags(self, slice, requested_slice_attributes, + options=None, admin=False): + """ + This function deals with slice tags, and supports 3 modes described + in the 'pltags' option that can be either + (*) 'ignore' (default) - do nothing + (*) 'append' - only add incoming tags, that do not match an existing tag + (*) 'sync' - tries to do the plain wholesale thing, + i.e. to leave the db in sync with incoming tags + """ + if options is None: + options = {} + + # lookup 'pltags' in options to find out which mode is requested here + pltags = options.get('pltags', 'ignore') + # make sure the default is 'ignore' + if pltags not in ('ignore', 'append', 'sync'): + pltags = 'ignore' + + if pltags == 'ignore': + logger.info( + 'verify_slice_tags in ignore mode - leaving slice tags as-is') + return + + # incoming data (attributes) have a (name, value) pair + # while PLC data (tags) have a (tagname, value) pair + # we must be careful not to mix these up + + # get list of tags users are able to manage - based on category filter = {'category': '*slice*'} if not admin: filter['|roles'] = ['user'] - slice_attributes = self.driver.shell.GetTagTypes(filter) - valid_slice_attribute_names = [attribute['tagname'] for attribute in slice_attributes] - - # get sliver attributes - added_slice_attributes = [] - removed_slice_attributes = [] - ignored_slice_attribute_names = [] - existing_slice_attributes = self.driver.shell.GetSliceTags({'slice_id': slice['slice_id']}) - - # get attributes that should be removed - for slice_tag in existing_slice_attributes: - if slice_tag['tagname'] in ignored_slice_attribute_names: + valid_tag_types = self.driver.shell.GetTagTypes(filter) + valid_tag_names = [tag_type['tagname'] for tag_type in valid_tag_types] + logger.debug( + "verify_slice_attributes: valid names={}".format(valid_tag_names)) + + # get slice tags + slice_attributes_to_add = [] + slice_tags_to_remove = [] + # we need to keep the slice hrn anyway + ignored_slice_tag_names = ['hrn'] + existing_slice_tags = self.driver.shell.GetSliceTags( + {'slice_id': slice['slice_id']}) + + # get tags that should be removed + for slice_tag in existing_slice_tags: + if slice_tag['tagname'] in ignored_slice_tag_names: # If a slice already has a admin only role it was probably given to them by an # admin, so we should ignore it. - ignored_slice_attribute_names.append(slice_tag['tagname']) + ignored_slice_tag_names.append(slice_tag['tagname']) + tag_found = True else: - # If an existing slice attribute was not found in the request it should + # If an existing slice tag was not found in the request it should # be removed - attribute_found=False + tag_found = False for requested_attribute in requested_slice_attributes: - if requested_attribute['name'] == slice_tag['tagname'] and \ - requested_attribute['value'] == slice_tag['value']: - attribute_found=True + if (requested_attribute['name'] == slice_tag['tagname'] and + requested_attribute['value'] == slice_tag['value']): + tag_found = True break + # remove tags only if not in append mode + if not tag_found and pltags != 'append': + slice_tags_to_remove.append(slice_tag) - if not attribute_found and not append: - removed_slice_attributes.append(slice_tag) - - # get attributes that should be added: + # get tags that should be added: for requested_attribute in requested_slice_attributes: # if the requested attribute wasn't found we should add it - if requested_attribute['name'] in valid_slice_attribute_names: - attribute_found = False - for existing_attribute in existing_slice_attributes: - if requested_attribute['name'] == existing_attribute['tagname'] and \ - requested_attribute['value'] == existing_attribute['value']: - attribute_found=True + if requested_attribute['name'] in valid_tag_names: + tag_found = False + for existing_attribute in existing_slice_tags: + if (requested_attribute['name'] == existing_attribute['tagname'] and \ + requested_attribute['value'] == existing_attribute['value']): + tag_found = True break - if not attribute_found: - added_slice_attributes.append(requested_attribute) - - - # remove stale attributes - for attribute in removed_slice_attributes: + if not tag_found: + slice_attributes_to_add.append(requested_attribute) + + def friendly_message(tag_or_att): + name = tag_or_att[ + 'tagname'] if 'tagname' in tag_or_att else tag_or_att['name'] + return "SliceTag slice={}, tagname={} value={}, node_id={}"\ + .format(slice['name'], tag_or_att['name'], + tag_or_att['value'], tag_or_att.get('node_id')) + + # remove stale tags + for tag in slice_tags_to_remove: try: - self.driver.shell.DeleteSliceTag(attribute['slice_tag_id']) - except Exception, e: - logger.warn('Failed to remove sliver attribute. name: %s, value: %s, node_id: %s\nCause:%s'\ - % (slice['name'], attribute['value'], attribute.get('node_id'), str(e))) - - # add requested_attributes - for attribute in added_slice_attributes: + logger.info("Removing Slice Tag {}".format( + friendly_message(tag))) + self.driver.shell.DeleteSliceTag(tag['slice_tag_id']) + except Exception as e: + logger.warning("Failed to remove slice tag {}\nCause:{}" + .format(friendly_message(tag), e)) + + # add requested_tags + for attribute in slice_attributes_to_add: try: - self.driver.shell.AddSliceTag(slice['name'], attribute['name'], attribute['value'], attribute.get('node_id', None)) - except Exception, e: - logger.warn('Failed to add sliver attribute. name: %s, value: %s, node_id: %s\nCause:%s'\ - % (slice['name'], attribute['value'], attribute.get('node_id'), str(e))) - + logger.info("Adding Slice Tag {}".format( + friendly_message(attribute))) + self.driver.shell.AddSliceTag( + slice['name'], attribute['name'], + attribute['value'], attribute.get('node_id', None)) + except Exception as e: + logger.warning("Failed to add slice tag {}\nCause:{}" + .format(friendly_message(attribute), e))