From: Mark Huang Date: Tue, 9 May 2006 19:52:01 +0000 (+0000) Subject: - hard-code all default PlanetLabConf entries; i.e., do not require X-Git-Tag: myplc-0_4-rc1~40 X-Git-Url: http://git.onelab.eu/?a=commitdiff_plain;h=9ee1a37d4f8af5906ce841d00e961a79782eed98;p=myplc.git - hard-code all default PlanetLabConf entries; i.e., do not require access to Princeton to bootstrap them, and don't depend on current Princeton PLC setup --- diff --git a/api-config b/api-config index 5d936f2..ff38b79 100755 --- a/api-config +++ b/api-config @@ -6,13 +6,12 @@ # Mark Huang # Copyright (C) 2006 The Trustees of Princeton University # -# $Id: api-config,v 1.5 2006/03/29 19:17:26 mlhuang Exp $ +# $Id: api-config,v 1.6 2006/05/02 15:09:08 mlhuang Exp $ # import plcapilib (plcapi, moreopts, argv) = plcapilib.plcapi(globals()) from plc_config import PLCConfiguration -import xmlrpclib import sys @@ -95,96 +94,519 @@ def main(): AdmGrantRoleToPerson(admin['person_id'], 10) AdmGrantRoleToPerson(admin['person_id'], 20) - # Further bootstrap the database. A few PlanetLabConf entries are - # absolutely required, and NM requires the slice tables to be - # populated. - # - # XXX This data should really become part of the DB schema so that - # we don't have to copy it from PLC. For now, this code is only - # intended to be called at build time, when we know that we have - # access to PLC. Once the tables have been populated, this code - # should never be called again and PLC access is not required, - # i.e., end users of MyPLC should never see this code be executed. - - # Use xmlrpclib to connect to PLC temporarily. plcapilib cannot - # connect to multiple servers at once. - auth = {'AuthMethod': 'anonymous'} - PLC = None + # Setup default PlanetLabConf entries + default_conf_files = [ + # NTP configuration + {'enabled': 1, + 'source': 'PlanetLabConf/ntpconf.php', + 'dest': '/etc/ntp.conf', + 'file_permissions': '644', + 'file_owner': 'root', + 'file_group': 'root', + 'preinstall_cmd': '', + 'postinstall_cmd': '/etc/rc.d/init.d/ntpd restart', + 'error_cmd': '', + 'ignore_cmd_errors': 0, + 'always_update': 0}, + {'enabled': 1, + 'source': 'PlanetLabConf/ntptickers.php', + 'dest': '/etc/ntp/step-tickers', + 'file_permissions': '644', + 'file_owner': 'root', + 'file_group': 'root', + 'preinstall_cmd': '', + 'postinstall_cmd': '/etc/rc.d/init.d/ntpd restart', + 'error_cmd': '', + 'ignore_cmd_errors': 0, + 'always_update': 0}, + # SSH server configuration + {'enabled': 1, + 'source': 'PlanetLabConf/sshd_config', + 'dest': '/etc/ssh/sshd_config', + 'file_permissions': '600', + 'file_owner': 'root', + 'file_group': 'root', + 'preinstall_cmd': '', + 'postinstall_cmd': '/etc/init.d/sshd restart', + 'error_cmd': '', + 'ignore_cmd_errors': 0, + 'always_update': 0}, + + # Administrative SSH keys + {'enabled': 1, + 'source': 'PlanetLabConf/keys.php?root', + 'dest': '/root/.ssh/authorized_keys', + 'file_permissions': '644', + 'file_owner': 'root', + 'file_group': 'root', + 'preinstall_cmd': '', + 'postinstall_cmd': '', + 'error_cmd': '', + 'ignore_cmd_errors': 0, + 'always_update': 0}, + {'enabled': 1, + 'source': 'PlanetLabConf/keys.php?site_admin', + 'dest': '/home/site_admin/.ssh/authorized_keys', + 'file_permissions': '644', + 'file_owner': 'site_admin', + 'file_group': 'site_admin', + 'preinstall_cmd': 'grep -q site_admin /etc/passwd', + 'postinstall_cmd': '', + 'error_cmd': '', + 'ignore_cmd_errors': 0, + 'always_update': 0}, + {'enabled': 1, + 'source': 'PlanetLabConf/keys.php?role=admin', + 'dest': '/home/pl_admin/.ssh/authorized_keys', + 'file_permissions': '644', + 'file_owner': 'pl_admin', + 'file_group': 'pl_admin', + 'preinstall_cmd': 'grep -q pl_admin /etc/passwd', + 'postinstall_cmd': '', + 'error_cmd': '', + 'ignore_cmd_errors': 0, + 'always_update': 0}, + + # Log rotation configuration + {'enabled': 1, + 'source': 'PlanetLabConf/logrotate.conf', + 'dest': '/etc/logrotate.conf', + 'file_permissions': '644', + 'file_owner': 'root', + 'file_group': 'root', + 'preinstall_cmd': '', + 'postinstall_cmd': '', + 'error_cmd': '', + 'ignore_cmd_errors': 0, + 'always_update': 0}, + + # updatedb/locate nightly cron job + {'enabled': 1, + 'source': 'PlanetLabConf/slocate.cron', + 'dest': '/etc/cron.daily/slocate.cron', + 'file_permissions': '755', + 'file_owner': 'root', + 'file_group': 'root', + 'preinstall_cmd': '', + 'postinstall_cmd': '', + 'error_cmd': '', + 'ignore_cmd_errors': 0, + 'always_update': 0}, + + # YUM configuration + {'enabled': 1, + 'source': 'PlanetLabConf/yum.conf.php', + 'dest': '/etc/yum.conf', + 'file_permissions': '644', + 'file_owner': 'root', + 'file_group': 'root', + 'preinstall_cmd': '', + 'postinstall_cmd': '', + 'error_cmd': '', + 'ignore_cmd_errors': 0, + 'always_update': 0}, + {'enabled': 1, + 'source': 'PlanetLabConf/delete-rpm-list-production', + 'dest': '/etc/planetlab/delete-rpm-list', + 'file_permissions': '644', + 'file_owner': 'root', + 'file_group': 'root', + 'preinstall_cmd': '', + 'postinstall_cmd': '', + 'error_cmd': '', + 'ignore_cmd_errors': 0, + 'always_update': 0}, + + # PLC configuration + {'enabled': 1, + 'source': 'PlanetLabConf/get_plc_config.php', + 'dest': '/etc/planetlab/plc_config', + 'file_permissions': '644', + 'file_owner': 'root', + 'file_group': 'root', + 'preinstall_cmd': '', + 'postinstall_cmd': '', + 'error_cmd': '', + 'ignore_cmd_errors': 0, + 'always_update': 0}, + {'enabled': 1, + 'source': 'PlanetLabConf/get_plc_config.php?python', + 'dest': '/etc/planetlab/plc_config.py', + 'file_permissions': '644', + 'file_owner': 'root', + 'file_group': 'root', + 'preinstall_cmd': '', + 'postinstall_cmd': '', + 'error_cmd': '', + 'ignore_cmd_errors': 0, + 'always_update': 0}, + {'enabled': 1, + 'source': 'PlanetLabConf/get_plc_config.php?perl', + 'dest': '/etc/planetlab/plc_config.pl', + 'file_permissions': '644', + 'file_owner': 'root', + 'file_group': 'root', + 'preinstall_cmd': '', + 'postinstall_cmd': '', + 'error_cmd': '', + 'ignore_cmd_errors': 0, + 'always_update': 0}, + {'enabled': 1, + 'source': 'PlanetLabConf/get_plc_config.php?php', + 'dest': '/etc/planetlab/php/plc_config.php', + 'file_permissions': '644', + 'file_owner': 'root', + 'file_group': 'root', + 'preinstall_cmd': '', + 'postinstall_cmd': '', + 'error_cmd': '', + 'ignore_cmd_errors': 0, + 'always_update': 0}, + + # Node Manager configuration + {'enabled': 1, + 'source': 'PlanetLabConf/pl_nm-v3.conf', + 'dest': '/etc/planetlab/pl_nm.conf', + 'file_permissions': '644', + 'file_owner': 'root', + 'file_group': 'root', + 'preinstall_cmd': '', + 'postinstall_cmd': '/etc/init.d/pl_nm restart', + 'error_cmd': '', + 'ignore_cmd_errors': 0, + 'always_update': 0}, + {'enabled': 1, + 'source': 'PlanetLabConf/RootResources/plc_slice_pool.php', + 'dest': '/home/pl_nm/RootResources/plc_slice_pool', + 'file_permissions': '644', + 'file_owner': 'pl_nm', + 'file_group': 'pl_nm', + 'preinstall_cmd': '', + 'postinstall_cmd': '', + 'error_cmd': '', + 'ignore_cmd_errors': 0, + 'always_update': 0}, + {'enabled': 1, + 'source': 'PlanetLabConf/RootResources/pl_conf.py', + 'dest': '/home/pl_nm/RootResources/pl_conf', + 'file_permissions': '644', + 'file_owner': 'pl_nm', + 'file_group': 'pl_nm', + 'preinstall_cmd': '', + 'postinstall_cmd': '/etc/init.d/pl_nm restart', + 'error_cmd': '', + 'ignore_cmd_errors': 0, + 'always_update': 0}, + {'enabled': 1, + 'source': 'PlanetLabConf/RootResources/pl_netflow.py', + 'dest': '/home/pl_nm/RootResources/pl_netflow', + 'file_permissions': '644', + 'file_owner': 'pl_nm', + 'file_group': 'pl_nm', + 'preinstall_cmd': '', + 'postinstall_cmd': '', + 'error_cmd': '', + 'ignore_cmd_errors': 0, + 'always_update': 0}, + + # Proper configuration + {'enabled': 1, + 'source': 'PlanetLabConf/propd-NM-1.0.conf', + 'dest': '/etc/proper/propd.conf', + 'file_permissions': '644', + 'file_owner': 'root', + 'file_group': 'root', + 'preinstall_cmd': '', + 'postinstall_cmd': '/etc/init.d/proper restart', + 'error_cmd': '', + 'ignore_cmd_errors': 1, + 'always_update': 0}, + + # Bandwidth cap + {'enabled': 1, + 'source': 'PlanetLabConf/bwlimit.php', + 'dest': '/etc/planetlab/bwcap', + 'file_permissions': '644', + 'file_owner': 'root', + 'file_group': 'root', + 'preinstall_cmd': '', + 'postinstall_cmd': '/etc/init.d/pl_nm restart', + 'error_cmd': '', + 'ignore_cmd_errors': 1, + 'always_update': 0}, + + # Proxy ARP setup + {'enabled': 1, + 'source': 'PlanetLabConf/proxies.php', + 'dest': '/etc/planetlab/proxies', + 'file_permissions': '644', + 'file_owner': 'root', + 'file_group': 'root', + 'preinstall_cmd': '', + 'postinstall_cmd': '', + 'error_cmd': '', + 'ignore_cmd_errors': 0, + 'always_update': 0}, + + # Firewall configuration + {'enabled': 1, + 'source': 'PlanetLabConf/iptables', + 'dest': '/etc/sysconfig/iptables', + 'file_permissions': '600', + 'file_owner': 'root', + 'file_group': 'root', + 'preinstall_cmd': '', + 'postinstall_cmd': '', + 'error_cmd': '', + 'ignore_cmd_errors': 0, + 'always_update': 0}, + {'enabled': 1, + 'source': 'PlanetLabConf/blacklist.php', + 'dest': '/etc/planetlab/blacklist', + 'file_permissions': '600', + 'file_owner': 'root', + 'file_group': 'root', + 'preinstall_cmd': '', + 'postinstall_cmd': '/sbin/iptables-restore --noflush < /etc/planetlab/blacklist', + 'error_cmd': '', + 'ignore_cmd_errors': 1, + 'always_update': 1}, + + # /etc/issue + {'enabled': 1, + 'source': 'PlanetLabConf/issue.php', + 'dest': '/etc/issue', + 'file_permissions': '644', + 'file_owner': 'root', + 'file_group': 'root', + 'preinstall_cmd': '', + 'postinstall_cmd': '', + 'error_cmd': '', + 'ignore_cmd_errors': 0, + 'always_update': 0}, + + # Kernel parameters + {'enabled': 1, + 'source': 'PlanetLabConf/sysctl.php', + 'dest': '/etc/sysctl.conf', + 'file_permissions': '644', + 'file_owner': 'root', + 'file_group': 'root', + 'preinstall_cmd': '', + 'postinstall_cmd': '/sbin/sysctl -e -p /etc/sysctl.conf', + 'error_cmd': '', + 'ignore_cmd_errors': 0, + 'always_update': 1}, + + # Sendmail configuration + {'enabled': 1, + 'source': 'PlanetLabConf/alpha-sendmail.mc', + 'dest': '/etc/mail/sendmail.mc', + 'file_permissions': '644', + 'file_owner': 'root', + 'file_group': 'root', + 'preinstall_cmd': '', + 'postinstall_cmd': '', + 'error_cmd': '', + 'ignore_cmd_errors': 0, + 'always_update': 0}, + {'enabled': 1, + 'source': 'PlanetLabConf/alpha-sendmail.cf', + 'dest': '/etc/mail/sendmail.cf', + 'file_permissions': '644', + 'file_owner': 'root', + 'file_group': 'root', + 'preinstall_cmd': '', + 'postinstall_cmd': 'service sendmail restart', + 'error_cmd': '', + 'ignore_cmd_errors': 0, + 'always_update': 0}, + + # GPG signing keys + {'enabled': 1, + 'source': 'PlanetLabConf/RPM-GPG-KEY-fedora', + 'dest': '/etc/pki/rpm-gpg/RPM-GPG-KEY-fedora', + 'file_permissions': '644', + 'file_owner': 'root', + 'file_group': 'root', + 'preinstall_cmd': '', + 'postinstall_cmd': 'rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY-fedora', + 'error_cmd': '', + 'ignore_cmd_errors': 0, + 'always_update': 0}, + {'enabled': 1, + 'source': 'PlanetLabConf/get_gpg_key.php', + 'dest': '/etc/pki/rpm-gpg/RPM-GPG-KEY-planetlab', + 'file_permissions': '644', + 'file_owner': 'root', + 'file_group': 'root', + 'preinstall_cmd': '', + 'postinstall_cmd': 'rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY-planetlab', + 'error_cmd': '', + 'ignore_cmd_errors': 0, + 'always_update': 0}, + + # Ping of death configuration + {'enabled': 1, + 'source': 'PlanetLabConf/ipod.conf.php', + 'dest': '/etc/ipod.conf', + 'file_permissions': '644', + 'file_owner': 'root', + 'file_group': 'root', + 'preinstall_cmd': '', + 'postinstall_cmd': '', + 'error_cmd': '', + 'ignore_cmd_errors': 0, + 'always_update': 0}, + + # sudo configuration + {'enabled': 1, + 'source': 'PlanetLabConf/v3-sudoers.php', + 'dest': '/etc/sudoers', + 'file_permissions': '440', + 'file_owner': 'root', + 'file_group': 'root', + 'preinstall_cmd': '', + 'postinstall_cmd': '/usr/sbin/visudo -c', + 'error_cmd': '', + 'ignore_cmd_errors': 0, + 'always_update': 0}] + + # Get list of existing (enabled, global) files conf_files = AdmGetConfFile() - if not conf_files: - if PLC is None: - PLC = xmlrpclib.Server("https://www.planet-lab.org/PLCAPI/") - for conf_file in PLC.AnonAdmGetConfFile(auth): - if conf_file['enabled'] and \ - not conf_file['node_id'] and \ - not conf_file['nodegroup_id']: - AdmCreateConfFile(conf_file['enabled'], - conf_file['source'], - conf_file['dest'], - conf_file['file_permissions'], - conf_file['file_owner'], - conf_file['file_group'], - conf_file['preinstall_cmd'], - conf_file['postinstall_cmd'], - conf_file['error_cmd'], - conf_file['ignore_cmd_errors'], - conf_file['always_update']) - - # Setup default slice attribute types, slices, and - # attributes. These are hard-coded here because we cannot safely - # support an anonymous interface to the SliceAttribute functions, - # yet we also do not want to require API authentication for - # bootstrapping. - - if not SliceAttributeTypeList(): - # Create system attribute types - attribute_types = [{'name': "general_prop_share", - 'description': "general share", - 'is_exclusive': False, 'min_role_id': 10, 'max_per_slice': 1, - 'value_fields': [{'description': "", - 'name': "general_prop_share", - 'type': "integer"}]}, - {'name': "initscript", - 'description': "slice initialization script", - 'is_exclusive': False, 'min_role_id': 10, 'max_per_slice': 1, - 'value_fields': [{'description': "", - 'name': "initscript_id", - 'type': "integer"}]}, - {'name': "plc_slice_type", - 'description': "Type of slice rspec to be created", - 'is_exclusive': True, 'min_role_id': 20, 'max_per_slice': 1, - 'value_fields': [{'description': "rspec class", - 'name': "type", - 'type': "string"}]}, - {'name': "nm_cpu_share", - 'description': "Number of CPU shares to be allocated to slice", - 'is_exclusive': True, 'min_role_id': 10, 'max_per_slice': 1, - 'value_fields': [{'description': "number of shares", - 'name': "cpu_share", - 'type': "integer"}]}, - {'name': "plc_agent_version", - 'description': "Version of PLC agent (slice creation service) software to be deployed", - 'is_exclusive': True, 'min_role_id': 10, 'max_per_slice': 1, - 'value_fields': [{'description': "current version of PLC agent (SCS)", - 'name': "version", - 'type': "string"}]}, - {'name': "plc_ticket_pubkey", - 'description': "Public key used to verify PLC-signed tickets", - 'is_exclusive': True, 'min_role_id': 10, 'max_per_slice': 1, - 'value_fields': [{'description': "PEM-encoded public key", - 'name': "key", - 'type': "string"}]}, - {'name': "nm_disk_quota", - 'description': "Disk quota", - 'is_exclusive': True, 'min_role_id': 10, 'max_per_slice': 1, - 'value_fields': [{'description': "Number of 1k disk blocks", - 'name': "quota", - 'type': "integer"}]}] - for attribute_type in attribute_types: - SliceAttributeTypeCreate(attribute_type['name'], attribute_type['description'], - attribute_type['min_role_id'], attribute_type['max_per_slice'], - attribute_type['is_exclusive'], attribute_type['value_fields']) + conf_files = filter(lambda conf_file: conf_file['enabled'] and \ + not conf_file['node_id'] and \ + not conf_file['nodegroup_id'], + conf_files) + dests = [conf_file['dest'] for conf_file in conf_files] + conf_files = dict(zip(dests, conf_files)) + + # Create/update default PlanetLabConf entries + for default_conf_file in default_conf_files: + if default_conf_file['dest'] not in dests: + AdmCreateConfFile(default_conf_file['enabled'], + default_conf_file['source'], + default_conf_file['dest'], + default_conf_file['file_permissions'], + default_conf_file['file_owner'], + default_conf_file['file_group'], + default_conf_file['preinstall_cmd'], + default_conf_file['postinstall_cmd'], + default_conf_file['error_cmd'], + default_conf_file['ignore_cmd_errors'], + default_conf_file['always_update']) + else: + conf_file = conf_files[default_conf_file['dest']] + AdmUpdateConfFile(conf_file['conf_file_id'], default_conf_file) + + # Setup default slice attribute types + default_attribute_types = [ + # Slice type (only vserver is supported) + {'name': "plc_slice_type", + 'description': "Type of slice rspec to be created", + 'is_exclusive': True, 'min_role_id': 20, 'max_per_slice': 1, + 'value_fields': [{'description': "rspec class", + 'name': "type", + 'type': "string"}]}, + + # Slice initialization script + {'name': "initscript", + 'description': "slice initialization script", + 'is_exclusive': False, 'min_role_id': 10, 'max_per_slice': 1, + 'value_fields': [{'description': "", + 'name': "initscript_id", + 'type': "integer"}]}, + + # CPU share (general_prop_share is deprecated) + {'name': "general_prop_share", + 'description': "general share", + 'is_exclusive': False, 'min_role_id': 10, 'max_per_slice': 1, + 'value_fields': [{'description': "", + 'name': "general_prop_share", + 'type': "integer"}]}, + {'name': "nm_cpu_share", + 'description': "Number of CPU shares to be allocated to slice", + 'is_exclusive': True, 'min_role_id': 10, 'max_per_slice': 1, + 'value_fields': [{'description': "number of shares", + 'name': "cpu_share", + 'type': "integer"}]}, + + # Bandwidth limits + {'name': "nm_net_min_rate", + 'description': "Minimum network Tx bandwidth", + 'is_exclusive': True, 'min_role_id': 10, 'max_per_slice': 1, + 'value_fields': [{'description': "rate (kbps)", + 'name': "rate", + 'type': "integer"}]}, + {'name': "nm_net_max_rate", + 'description': "Maximum network Tx bandwidth", + 'is_exclusive': True, 'min_role_id': 10, 'max_per_slice': 1, + 'value_fields': [{'description': "rate (kbps)", + 'name': "rate", + 'type': "integer"}]}, + {'name': "nm_net_avg_rate", + 'description': "Average daily network Tx bandwidth", + 'is_exclusive': True, 'min_role_id': 10, 'max_per_slice': 1, + 'value_fields': [{'description': "rate (kbps)", + 'name': "rate", + 'type': "integer"}]}, + {'name': "nm_net_exempt_min_rate", + 'description': "Minimum network Tx bandwidth to Internet2 destinations", + 'is_exclusive': True, 'min_role_id': 10, 'max_per_slice': 1, + 'value_fields': [{'description': "rate (kbps)", + 'name': "rate", + 'type': "integer"}]}, + {'name': "nm_net_exempt_max_rate", + 'description': "Maximum network Tx bandwidth to Internet2 destinations", + 'is_exclusive': True, 'min_role_id': 10, 'max_per_slice': 1, + 'value_fields': [{'description': "rate (kbps)", + 'name': "rate", + 'type': "integer"}]}, + {'name': "nm_net_exempt avg_rate", + 'description': "Average daily network Tx bandwidth to Internet2 destinations", + 'is_exclusive': True, 'min_role_id': 10, 'max_per_slice': 1, + 'value_fields': [{'description': "rate (kbps)", + 'name': "rate", + 'type': "integer"}]}, + + # Disk quota + {'name': "nm_disk_quota", + 'description': "Disk quota", + 'is_exclusive': True, 'min_role_id': 10, 'max_per_slice': 1, + 'value_fields': [{'description': "Number of 1k disk blocks", + 'name': "quota", + 'type': "integer"}]}, + + # Special attributes applicable to Slice Creation Service (pl_conf) slice + {'name': "plc_agent_version", + 'description': "Version of PLC agent (slice creation service) software to be deployed", + 'is_exclusive': True, 'min_role_id': 10, 'max_per_slice': 1, + 'value_fields': [{'description': "current version of PLC agent (SCS)", + 'name': "version", + 'type': "string"}]}, + {'name': "plc_ticket_pubkey", + 'description': "Public key used to verify PLC-signed tickets", + 'is_exclusive': True, 'min_role_id': 10, 'max_per_slice': 1, + 'value_fields': [{'description': "PEM-encoded public key", + 'name': "key", + 'type': "string"}]}] + + # Get list of existing attribute types + attribute_types = SliceAttributeTypeList() + + # Create/update default slice attribute types + for default_attribute_type in default_attribute_types: + if default_attribute_type['name'] not in attribute_types: + SliceAttributeTypeCreate(default_attribute_type['name'], + default_attribute_type['description'], + default_attribute_type['min_role_id'], + default_attribute_type['max_per_slice'], + default_attribute_type['is_exclusive'], + default_attribute_type['value_fields']) + else: + # XXX No way to update slice attribute types + pass # Get contents of SSL public certificate used for signing tickets try: