From b16ffb10a5464f54db3218b802c421ffc7be61d7 Mon Sep 17 00:00:00 2001 From: Tony Mack Date: Wed, 28 Jan 2009 14:19:02 +0000 Subject: [PATCH] this shouldnt be here --- geni/plc/addinitscript.py | 50 --- geni/plc/aggregate.py | 406 ------------------ geni/plc/createAuthority.py | 37 -- geni/plc/gimport.py | 330 --------------- geni/plc/import.py | 316 -------------- geni/plc/nuke.py | 32 -- geni/plc/plc.py | 100 ----- geni/plc/registry.py | 816 ------------------------------------ geni/plc/slicemgr.py | 393 ----------------- 9 files changed, 2480 deletions(-) delete mode 100644 geni/plc/addinitscript.py delete mode 100644 geni/plc/aggregate.py delete mode 100644 geni/plc/createAuthority.py delete mode 100755 geni/plc/gimport.py delete mode 100644 geni/plc/import.py delete mode 100644 geni/plc/nuke.py delete mode 100644 geni/plc/plc.py delete mode 100644 geni/plc/registry.py delete mode 100644 geni/plc/slicemgr.py diff --git a/geni/plc/addinitscript.py b/geni/plc/addinitscript.py deleted file mode 100644 index ea862904..00000000 --- a/geni/plc/addinitscript.py +++ /dev/null @@ -1,50 +0,0 @@ -## -# A simple tool for adding an initscript via the PLCAPI. I couldn't find the -# obvious way to do this through the PL interface, so I wrote this utility to -# do it. -# -# It takes two command line parameters: an initscript name and the contents of -# the initscript. -# -# For example, -# addinitscript.py foo "echo test" -## - -import getopt -import sys -import tempfile - -from config import * - -def connect_shell(): - global pl_auth, shell - - # get PL account settings from config module - pl_auth = get_pl_auth() - - # connect to planetlab - if "Url" in pl_auth: - import remoteshell - shell = remoteshell.RemoteShell() - else: - import PLC.Shell - shell = PLC.Shell.Shell(globals = globals()) - -def main(): - connect_shell() - - if len(sys.argv)<3: - print "syntax: addinitscript.py name value" - sys.exit(-1) - - name = sys.argv[1] - value = sys.argv[2] - - fields={} - fields['enabled'] = True - fields['name'] = name - fields['script'] = value - shell.AddInitScript(pl_auth, fields) - -if __name__ == "__main__": - main() diff --git a/geni/plc/aggregate.py b/geni/plc/aggregate.py deleted file mode 100644 index 78bb9beb..00000000 --- a/geni/plc/aggregate.py +++ /dev/null @@ -1,406 +0,0 @@ -import os -import sys -import datetime -import time -import xmlrpclib - -from util.geniserver import * -from util.geniclient import * -from util.cert import * -from util.trustedroot import * -from util.excep import * -from util.misc import * -from util.config import Config -from util.rspec import Rspec - -class Aggregate(GeniServer): - - hrn = None - components_file = None - components_ttl = None - components = [] - whitelist_file = None - blacklist_file = None - policy = {} - timestamp = None - threshold = None - shell = None - registry = None - - ## - # Create a new aggregate object. - # - # @param ip the ip address to listen on - # @param port the port to listen on - # @param key_file private key filename of registry - # @param cert_file certificate filename containing public key (could be a GID file) - - def __init__(self, ip, port, key_file, cert_file, config = "/usr/share/geniwrapper/util/geni_config"): - GeniServer.__init__(ip, port, keyfile, cert_file) - - conf = Config(config) - basedir = conf.GENI_BASE_DIR + os.sep - server_basedir = basedir + os.sep + "plc" + os.sep - self.hrn = conf.GENI_INTERFACE_HRN - self.components_file = os.sep.join([server_basedir, 'components', hrn + '.comp']) - self.whitelist_file = os.sep.join([server_basedir, 'policy', 'whitelist']) - self.blacklist_file = os.sep.join([server_basedir, 'policy', 'blacklist']) - self.timestamp_file = os.sep.join([server_basedir, 'components', hrn + '.timestamp']) - self.components_ttl = components_ttl - self.policy['whitelist'] = [] - self.policy['blacklist'] = [] - self.connectPLC() - self.connectRegistry() - - def connectRegistry(self): - """ - Connect to the registry - """ - - - def connectPLC(self): - """ - Connect to the plc api interface. First attempt to impor thte shell, if that fails - try to connect to the xmlrpc server. - """ - self.auth = {'Username': conf.GENI_PLC_USER, - 'AuthMethod': 'password', - 'AuthString': conf.GENI_PLC_PASSWORD} - - try: - # try to import PLC.Shell directly - sys.path.append(conf.GENI_PLC_SHELL_PATH) - import PLC.Shell - self.shell = PLC.Shell.Shell(globals()) - self.shell.AuthCheck() - except ImportError: - # connect to plc api via xmlrpc - plc_host = conf.GENI_PLC_HOST - plc_port = conf.GENI_PLC_PORT - plc_api_path = conf.GENI_PLC_API_PATH - url = "https://%(plc_host)s:%(plc_port)s/%(plc_api_path)s/" % locals() - self.auth = {'Username': conf.GENI_PLC_USER, - 'AuthMethod': 'password', - 'AuthString': conf.GENI_PLC_PASSWORD} - - self.shell = xmlrpclib.Server(url, verbose = 0, allow_none = True) - self.shell.AuthCheck(self.auth) - - def hostname_to_hrn(self, login_base, hostname): - """ - Convert hrn to plantelab name. - """ - genihostname = "_".join(hostname.split(".")) - return ".".join([self.hrn, login_base, genihostname]) - - def slicename_to_hrn(self, slicename): - """ - Convert hrn to planetlab name. - """ - slicename = slicename.replace("_", ".") - return ".".join([self.hrn, slicename]) - - def refresh_components(self): - """ - Update the cached list of nodes. - """ - # resolve component hostnames - nodes = self.shell.GetNodes(self.auth, {}, ['hostname', 'site_id']) - - # resolve site login_bases - site_ids = [node['site_id'] for node in nodes] - sites = self.shell.GetSites(self.auth, site_ids, ['site_id', 'login_base']) - site_dict = {} - for site in sites: - site_dict[site['site_id']] = site['login_base'] - - # convert plc names to geni hrn - self.components = [self.hostname_to_hrn(site_dict[node['site_id']], node['hostname']) for node in nodes] - - # apply policy. Do not allow nodes found in blacklist, only allow nodes found in whitelist - whitelist_policy = lambda node: node in self.policy['whitelist'] - blacklist_policy = lambda node: node not in self.policy['blacklist'] - - if self.policy['blacklist']: - self.components = blacklist_policy(self.components) - if self.policy['whitelist']: - self.components = whitelist_policy(self.components) - - # update timestamp and threshold - self.timestamp = datetime.datetime.now() - delta = datetime.timedelta(hours=self.components_ttl) - self.threshold = self.timestamp + delta - - f = open(self.components_file, 'w') - f.write(str(self.components)) - f.close() - f = open(self.timestamp_file, 'w') - f.write(str(self.threshold)) - f.close() - - def load_components(self): - """ - Read cached list of nodes. - """ - # Read component list from cached file - if os.path.exists(self.components_file): - f = open(self.components_file, 'r') - self.components = eval(f.read()) - f.close() - - time_format = "%Y-%m-%d %H:%M:%S" - if os.path.exists(self.timestamp_file): - f = open(self.timestamp_file, 'r') - timestamp = str(f.read()).split(".")[0] - self.timestamp = datetime.datetime.fromtimestamp(time.mktime(time.strptime(timestamp, time_format))) - delta = datetime.timedelta(hours=self.components_ttl) - self.threshold = self.timestamp + delta - f.close() - - def load_policy(self): - """ - Read the list of blacklisted and whitelisted nodes. - """ - whitelist = [] - blacklist = [] - if os.path.exists(self.whitelist_file): - f = open(self.whitelist_file, 'r') - lines = f.readlines() - f.close() - for line in lines: - line = line.strip().replace(" ", "").replace("\n", "") - whitelist.extend(line.split(",")) - - - if os.path.exists(self.blacklist_file): - f = open(self.blacklist_file, 'r') - lines = f.readlines() - f.close() - for line in lines: - line = line.strip().replace(" ", "").replace("\n", "") - blacklist.extend(line.split(",")) - - self.policy['whitelist'] = whitelist - self.policy['blacklist'] = blacklist - - def get_components(self): - """ - Return a list of components at this aggregate. - """ - # Reload components list - now = datetime.datetime.now() - #self.load_components() - if not self.threshold or not self.timestamp or now > self.threshold: - self.refresh_components() - elif now < self.threshold and not self.components: - self.load_components() - return self.components - - def get_rspec(self, hrn, type): - rspec = Rspec() - rspec['nodespec'] = {'name': self.conf.GENI_INTERFACE_HRN} - rsepc['nodespec']['nodes'] = [] - if type in ['node']: - nodes = self.shell.GetNodes(self.auth) - elif type in ['slice']: - slicename = hrn_to_pl_slicename(hrn) - slices = self.shell.GetSlices(self.auth, [slicename]) - node_ids = slices[0]['node_ids'] - nodes = self.shell.GetNodes(self.auth, node_ids) - for node in nodes: - nodespec = {'name': node['hostname'], 'type': 'std'} - elif type in ['aggregate']: - pass - - return rspec - - def get_resources(self, slice_hrn): - """ - Return the current rspec for the specified slice. - """ - slicename = hrn_to_plcslicename(slice_hrn) - rspec = self.get_rspec(slicenamem, 'slice') - - return rspec - - def create_slice(self, slice_hrn, rspec, attributes = []): - """ - Instantiate the specified slice according to whats defined in the rspec. - """ - slicename = self.hrn_to_plcslicename(slice_hrn) - spec = Rspec(rspec) - nodespecs = spec.getDictsByTagName('NodeSpec') - nodes = [nodespec['name'] for nodespec in nodespecs] - self.shell.AddSliceToNodes(self.auth, slicename, nodes) - for attribute in attributes: - type, value, node, nodegroup = attribute['type'], attribute['value'], attribute['node'], attribute['nodegroup'] - shell.AddSliceAttribute(self.auth, slicename, type, value, node, nodegroup) - - # XX contact the registry to get the list of users on this slice and - # their keys. - #slice_record = self.registry.resolve(slice_hrn) - #person_records = slice_record['users'] - # for person in person_record: - # email = person['email'] - # self.shell.AddPersonToSlice(self.auth, email, slicename) - - - return 1 - - def update_slice(self, slice_hrn, rspec, attributes = []): - """ - Update the specified slice. - """ - # Get slice info - slicename = self.hrn_to_plcslicename(slice_hrn) - slices = self.shell.GetSlices(self.auth, [slicename], ['node_ids']) - if not slice: - raise RecordNotFound(slice_hrn) - slice = slices[0] - - # find out where this slice is currently running - nodes = self.shell.GetNodes(self.auth, slice['node_ids'], ['hostname']) - hostnames = [node['hostname'] for node in nodes] - - # get netspec details - spec = Rspec(rspec) - nodespecs = spec.getDictsByTagName('NodeSpec') - nodes = [nodespec['name'] for nodespec in nodespecs] - # remove nodes not in rspec - delete_nodes = set(hostnames).difference(nodes) - # add nodes from rspec - added_nodes = set(nodes).difference(hostnames) - - shell.AddSliceToNodes(self.auth, slicename, added_nodes) - shell.DeleteSliceFromNodes(self.auth, slicename, deleted_nodes) - - for attribute in attributes: - type, value, node, nodegroup = attribute['type'], attribute['value'], attribute['node'], attribute['nodegroup'] - shell.AddSliceAttribute(self.auth, slicename, type, value, node, nodegroup) - - # contact registry to get slice users and add them to the slice - # slice_record = self.registry.resolve(slice_hrn) - # persons = slice_record['users'] - - #for person in persons: - # shell.AddPersonToSlice(person['email'], slice_name) - def delete_slice_(self, slice_hrn): - """ - Remove this slice from all components it was previouly associated with and - free up the resources it was using. - """ - slicename = self.hrn_to_plcslicename(slice_hrn) - slices = shell.GetSlices(self.auth, [slicename]) - if not slice: - raise RecordNotFound(slice_hrn) - slice = slices[0] - - shell.DeleteSliceFromNodes(self.auth, slicename, slice['node_ids']) - return 1 - - def start_slice(self, slice_hrn): - """ - Stop the slice at plc. - """ - slicename = hrn_to_plcslicename(slice_hrn) - slices = self.shell.GetSlices(self.auth, {'name': slicename}, ['slice_id']) - if not slices: - raise RecordNotFound(slice_hrn) - slice_id = slices[0] - atrribtes = self.shell.GetSliceAttributes({'slice_id': slice_id, 'name': 'enabled'}, ['slice_attribute_id']) - attribute_id = attreibutes[0] - self.shell.UpdateSliceAttribute(self.auth, attribute_id, "1" ) - return 1 - - def stop_slice(self, slice_hrn): - """ - Stop the slice at plc - """ - slicename = hrn_to_plcslicename(slice_hrn) - slices = self.shell.GetSlices(self.auth, {'name': slicename}, ['slice_id']) - if not slices: - raise RecordNotFound(slice_hrn) - slice_id = slices[0] - atrribtes = self.shell.GetSliceAttributes({'slice_id': slice_id, 'name': 'enabled'}, ['slice_attribute_id']) - attribute_id = attreibutes[0] - self.shell.UpdateSliceAttribute(self.auth, attribute_id, "0") - return 1 - - - def reset_slice(self, slice_hrn): - """ - Reset the slice - """ - slicename = self.hrn_to_plcslicename(slice_hrn) - return 1 - - def get_policy(self): - """ - Return this aggregates policy. - """ - - return self.policy - - - -############################## -## Server methods here for now -############################## - - def nodes(self): - return self..get_components() - - #def slices(self): - # return self.get_slices() - - def resources(self, cred, hrn): - self.decode_authentication(cred, 'info') - self.verify_object_belongs_to_me(hrn) - - return self.get_resources(hrn) - - def create(self, cred, hrn, rspec): - self.decode_authentication(cred, 'embed') - self.verify_object_belongs_to_me(hrn) - return self.create(hrn) - - def update(self, cred, hrn, rspec): - self.decode_authentication(cred, 'embed') - self.verify_object_belongs_to_me(hrn) - return self.update(hrn) - - def delete(self, cred, hrn): - self.decode_authentication(cred, 'embed') - self.verify_object_belongs_to_me(hrn) - return self.delete_slice(hrn) - - def start(self, cred, hrn): - self.decode_authentication(cred, 'control') - return self.start(hrn) - - def stop(self, cred, hrn): - self.decode_authentication(cred, 'control') - return self.stop(hrn) - - def reset(self, cred, hrn): - self.decode_authentication(cred, 'control') - return self.reset(hrn) - - def policy(self, cred): - self.decode_authentication(cred, 'info') - return self.get_policy() - - def register_functions(self): - GeniServer.register_functions(self) - - # Aggregate interface methods - self.server.register_function(self.components) - #self.server.register_function(self.slices) - self.server.register_function(self.resources) - self.server.register_function(self.create) - self.server.register_function(self.delete) - self.server.register_function(self.start) - self.server.register_function(self.stop) - self.server.register_function(self.reset) - self.server.register_function(self.policy) - diff --git a/geni/plc/createAuthority.py b/geni/plc/createAuthority.py deleted file mode 100644 index 302eed19..00000000 --- a/geni/plc/createAuthority.py +++ /dev/null @@ -1,37 +0,0 @@ -## -# Create an authority via the hierarchy module. -# -# This tool was most likely used during development and is deprecated by the -# import tool. -## - -import getopt -import sys - -from hierarchy import * - -hrn = None - -def process_options(): - global hrn - - (options, args) = getopt.getopt(sys.argv[1:], '', []) - for opt in options: - name = opt[0] - val = opt[1] - - if not args: - print "no hrn specified" - sys.exit(-1) - - hrn = args[0] - - -def main(): - process_options() - - h = Hierarchy() - h.create_auth(hrn) - -if __name__ == "__main__": - main() diff --git a/geni/plc/gimport.py b/geni/plc/gimport.py deleted file mode 100755 index 31e3faeb..00000000 --- a/geni/plc/gimport.py +++ /dev/null @@ -1,330 +0,0 @@ -## -# Import PLC records into the Geni database. It is indended that this tool be -# run once to create Geni records that reflect the current state of the -# planetlab database. -# -# The import tool assumes that the existing PLC hierarchy should all be part -# of "planetlab.us" (see the root_auth and level1_auth variables below). -# -# Public keys are extracted from the users' SSH keys automatically and used to -# create GIDs. This is relatively experimental as a custom tool had to be -# written to perform conversion from SSH to OpenSSL format. It only supports -# RSA keys at this time, not DSA keys. -## - -import getopt -import sys -import tempfile - -from cert import * -from trustedroot import * -from hierarchy import * -from record import * -from genitable import * -from misc import * - -shell = None - -## -# Two authorities are specified: the root authority and the level1 authority. - -root_auth = "planetlab" -level1_auth = "planetlab.us" - - -def un_unicode(str): - if isinstance(str, unicode): - return str.encode("ascii", "ignore") - else: - return str - -def cleanup_string(str): - # pgsql has a fit with strings that have high ascii in them, so filter it - # out when generating the hrns. - tmp = "" - for c in str: - if ord(c) < 128: - tmp = tmp + c - str = tmp - - str = un_unicode(str) - str = str.replace(" ", "_") - str = str.replace(".", "_") - str = str.replace("(", "_") - str = str.replace("'", "_") - str = str.replace(")", "_") - str = str.replace('"', "_") - return str - -def process_options(): - global hrn - - (options, args) = getopt.getopt(sys.argv[1:], '', []) - for opt in options: - name = opt[0] - val = opt[1] - -def connect_shell(): - global pl_auth, shell - - # get PL account settings from config module - pl_auth = get_pl_auth() - - # connect to planetlab - if "Url" in pl_auth: - import remoteshell - shell = remoteshell.RemoteShell() - else: - import PLC.Shell - shell = PLC.Shell.Shell(globals = globals()) - -def get_auth_table(auth_name): - AuthHierarchy = Hierarchy() - auth_info = AuthHierarchy.get_auth_info(auth_name) - - table = GeniTable(hrn=auth_name, - cninfo=auth_info.get_dbinfo()) - - # if the table doesn't exist, then it means we haven't put any records - # into this authority yet. - - if not table.exists(): - report.trace("Import: creating table for authority " + auth_name) - table.create() - - return table - -def get_pl_pubkey(key_id): - keys = shell.GetKeys(pl_auth, [key_id]) - if keys: - key_str = keys[0]['key'] - - if "ssh-dss" in key_str: - print "XXX: DSA key encountered, ignoring" - return None - - # generate temporary files to hold the keys - (ssh_f, ssh_fn) = tempfile.mkstemp() - ssl_fn = tempfile.mktemp() - - os.write(ssh_f, key_str) - os.close(ssh_f) - - cmd = "../keyconvert/keyconvert " + ssh_fn + " " + ssl_fn - print cmd - os.system(cmd) - - # this check leaves the temporary file containing the public key so - # that it can be expected to see why it failed. - # TODO: for production, cleanup the temporary files - if not os.path.exists(ssl_fn): - report.trace(" failed to convert key from " + ssh_fn + " to " + ssl_fn) - return None - - k = Keypair() - try: - k.load_pubkey_from_file(ssl_fn) - except: - print "XXX: Error while converting key: ", key_str - k = None - - # remove the temporary files - os.remove(ssh_fn) - os.remove(ssl_fn) - - return k - else: - return None - -def person_to_hrn(parent_hrn, person): - personname = person['last_name'] + "_" + person['first_name'] - - personname = cleanup_string(personname) - - hrn = parent_hrn + "." + personname - return hrn - -def import_person(parent_hrn, person): - AuthHierarchy = Hierarchy() - hrn = person_to_hrn(parent_hrn, person) - - # ASN.1 will have problems with hrn's longer than 64 characters - if len(hrn) > 64: - hrn = hrn[:64] - - report.trace("Import: importing person " + hrn) - - table = get_auth_table(parent_hrn) - - person_record = table.resolve("user", hrn) - if not person_record: - key_ids = person["key_ids"] - - if key_ids: - # get the user's private key from the SSH keys they have uploaded - # to planetlab - pkey = get_pl_pubkey(key_ids[0]) - else: - # the user has no keys - report.trace(" person " + hrn + " does not have a PL public key") - pkey = None - - # if a key is unavailable, then we still need to put something in the - # user's GID. So make one up. - if not pkey: - pkey = Keypair(create=True) - - person_gid = AuthHierarchy.create_gid(hrn, create_uuid(), pkey) - person_record = GeniRecord(name=hrn, gid=person_gid, type="user", pointer=person['person_id']) - report.trace(" inserting user record for " + hrn) - table.insert(person_record) - else: - key_ids = person["key_ids"] - if key_ids: - pkey = get_pl_pubkey(key_ids[0]) - person_gid = AuthHierarchy.create_gid(hrn, create_uuid(), pkey) - person_record = GeniRecord(name=hrn, gid=person_gid, type="user", pointer=person['person_id']) - report.trace(" updating user record for " + hrn) - table.update(person_record) - -def import_slice(parent_hrn, slice): - AuthHierarchy = Hierarchy() - slicename = slice['name'].split("_",1)[-1] - slicename = cleanup_string(slicename) - - if not slicename: - report.error("Import_Slice: failed to parse slice name " + slice['name']) - return - - hrn = parent_hrn + "." + slicename - report.trace("Import: importing slice " + hrn) - - table = get_auth_table(parent_hrn) - - slice_record = table.resolve("slice", hrn) - if not slice_record: - pkey = Keypair(create=True) - slice_gid = AuthHierarchy.create_gid(hrn, create_uuid(), pkey) - slice_record = GeniRecord(name=hrn, gid=slice_gid, type="slice", pointer=slice['slice_id']) - report.trace(" inserting slice record for " + hrn) - table.insert(slice_record) - -def import_node(parent_hrn, node): - AuthHierarchy = Hierarchy() - nodename = node['hostname'] - nodename = cleanup_string(nodename) - - if not nodename: - report.error("Import_node: failed to parse node name " + node['hostname']) - return - - hrn = parent_hrn + "." + nodename - - # ASN.1 will have problems with hrn's longer than 64 characters - if len(hrn) > 64: - hrn = hrn[:64] - - report.trace("Import: importing node " + hrn) - - table = get_auth_table(parent_hrn) - - node_record = table.resolve("node", hrn) - if not node_record: - pkey = Keypair(create=True) - node_gid = AuthHierarchy.create_gid(hrn, create_uuid(), pkey) - node_record = GeniRecord(name=hrn, gid=node_gid, type="node", pointer=node['node_id']) - report.trace(" inserting node record for " + hrn) - table.insert(node_record) - -def import_site(parent_hrn, site): - AuthHierarchy = Hierarchy() - sitename = site['login_base'] - sitename = cleanup_string(sitename) - - hrn = parent_hrn + "." + sitename - - report.trace("Import_Site: importing site " + hrn) - - # create the authority - if not AuthHierarchy.auth_exists(hrn): - AuthHierarchy.create_auth(hrn) - - auth_info = AuthHierarchy.get_auth_info(hrn) - - table = get_auth_table(parent_hrn) - - sa_record = table.resolve("sa", hrn) - if not sa_record: - sa_record = GeniRecord(name=hrn, gid=auth_info.get_gid_object(), type="sa", pointer=site['site_id']) - report.trace(" inserting sa record for " + hrn) - table.insert(sa_record) - - ma_record = table.resolve("ma", hrn) - if not ma_record: - ma_record = GeniRecord(name=hrn, gid=auth_info.get_gid_object(), type="ma", pointer=site['site_id']) - report.trace(" inserting ma record for " + hrn) - table.insert(ma_record) - - for person_id in site['person_ids']: - persons = shell.GetPersons(pl_auth, [person_id]) - if persons: - import_person(hrn, persons[0]) - - for slice_id in site['slice_ids']: - slices = shell.GetSlices(pl_auth, [slice_id]) - if slices: - import_slice(hrn, slices[0]) - - for node_id in site['node_ids']: - nodes = shell.GetNodes(pl_auth, [node_id]) - if nodes: - import_node(hrn, nodes[0]) - -def create_top_level_auth_records(hrn): - parent_hrn = get_authority(hrn) - print hrn, ":", parent_hrn - auth_info = AuthHierarchy.get_auth_info(parent_hrn) - table = get_auth_table(parent_hrn) - - sa_record = table.resolve("sa", hrn) - if not sa_record: - sa_record = GeniRecord(name=hrn, gid=auth_info.get_gid_object(), type="sa", pointer=-1) - report.trace(" inserting sa record for " + hrn) - table.insert(sa_record) - - ma_record = table.resolve("ma", hrn) - if not ma_record: - ma_record = GeniRecord(name=hrn, gid=auth_info.get_gid_object(), type="ma", pointer=-1) - report.trace(" inserting ma record for " + hrn) - table.insert(ma_record) - -def main(): - global AuthHierarchy - global TrustedRoots - - process_options() - - AuthHierarchy = Hierarchy() - TrustedRoots = TrustedRootList() - - print "Import: creating top level authorities" - - if not AuthHierarchy.auth_exists(root_auth): - AuthHierarchy.create_auth(root_auth) - #create_top_level_auth_records(root_auth) - if not AuthHierarchy.auth_exists(level1_auth): - AuthHierarchy.create_auth(level1_auth) - create_top_level_auth_records(level1_auth) - - print "Import: adding", root_auth, "to trusted list" - root = AuthHierarchy.get_auth_info(root_auth) - TrustedRoots.add_gid(root.get_gid_object()) - - connect_shell() - - sites = shell.GetSites(pl_auth) - for site in sites: - import_site(level1_auth, site) - -if __name__ == "__main__": - main() diff --git a/geni/plc/import.py b/geni/plc/import.py deleted file mode 100644 index b2177b89..00000000 --- a/geni/plc/import.py +++ /dev/null @@ -1,316 +0,0 @@ -## -# Import PLC records into the Geni database. It is indended that this tool be -# run once to create Geni records that reflect the current state of the -# planetlab database. -# -# The import tool assumes that the existing PLC hierarchy should all be part -# of "planetlab.us" (see the root_auth and level1_auth variables below). -# -# Public keys are extracted from the users' SSH keys automatically and used to -# create GIDs. This is relatively experimental as a custom tool had to be -# written to perform conversion from SSH to OpenSSL format. It only supports -# RSA keys at this time, not DSA keys. -## - -import getopt -import sys -import tempfile - -from cert import * -from trustedroot import * -from hierarchy import * -from record import * -from genitable import * -from misc import * - -shell = None - -## -# Two authorities are specified: the root authority and the level1 authority. - -root_auth = "planetlab" -level1_auth = "planetlab.us" - -def un_unicode(str): - if isinstance(str, unicode): - return str.encode("ascii", "ignore") - else: - return str - -def cleanup_string(str): - # pgsql has a fit with strings that have high ascii in them, so filter it - # out when generating the hrns. - tmp = "" - for c in str: - if ord(c) < 128: - tmp = tmp + c - str = tmp - - str = un_unicode(str) - str = str.replace(" ", "_") - str = str.replace(".", "_") - str = str.replace("(", "_") - str = str.replace("'", "_") - str = str.replace(")", "_") - str = str.replace('"', "_") - return str - -def process_options(): - global hrn - - (options, args) = getopt.getopt(sys.argv[1:], '', []) - for opt in options: - name = opt[0] - val = opt[1] - -def connect_shell(): - global pl_auth, shell - - # get PL account settings from config module - pl_auth = get_pl_auth() - - # connect to planetlab - if "Url" in pl_auth: - import remoteshell - shell = remoteshell.RemoteShell() - else: - import PLC.Shell - shell = PLC.Shell.Shell(globals = globals()) - -def get_auth_table(auth_name): - auth_info = AuthHierarchy.get_auth_info(auth_name) - - table = GeniTable(hrn=auth_name, - cninfo=auth_info.get_dbinfo()) - - # if the table doesn't exist, then it means we haven't put any records - # into this authority yet. - - if not table.exists(): - report.trace("Import: creating table for authority " + auth_name) - table.create() - - return table - -def get_pl_pubkey(key_id): - keys = shell.GetKeys(pl_auth, [key_id]) - if keys: - key_str = keys[0]['key'] - - if "ssh-dss" in key_str: - print "XXX: DSA key encountered, ignoring" - return None - - # generate temporary files to hold the keys - (ssh_f, ssh_fn) = tempfile.mkstemp() - ssl_fn = tempfile.mktemp() - - os.write(ssh_f, key_str) - os.close(ssh_f) - - cmd = "../keyconvert/keyconvert " + ssh_fn + " " + ssl_fn - print cmd - os.system(cmd) - - # this check leaves the temporary file containing the public key so - # that it can be expected to see why it failed. - # TODO: for production, cleanup the temporary files - if not os.path.exists(ssl_fn): - report.trace(" failed to convert key from " + ssh_fn + " to " + ssl_fn) - return None - - k = Keypair() - try: - k.load_pubkey_from_file(ssl_fn) - except: - print "XXX: Error while converting key: ", key_str - k = None - - # remove the temporary files - os.remove(ssh_fn) - os.remove(ssl_fn) - - return k - else: - return None - -def person_to_hrn(parent_hrn, person): - personname = person['last_name'] + "_" + person['first_name'] - - personname = cleanup_string(personname) - - hrn = parent_hrn + "." + personname - return hrn - -def import_person(parent_hrn, person): - hrn = person_to_hrn(parent_hrn, person) - - # ASN.1 will have problems with hrn's longer than 64 characters - if len(hrn) > 64: - hrn = hrn[:64] - - report.trace("Import: importing person " + hrn) - - table = get_auth_table(parent_hrn) - - person_record = table.resolve("user", hrn) - if not person_record: - key_ids = person["key_ids"] - - if key_ids: - # get the user's private key from the SSH keys they have uploaded - # to planetlab - pkey = get_pl_pubkey(key_ids[0]) - else: - # the user has no keys - report.trace(" person " + hrn + " does not have a PL public key") - pkey = None - - # if a key is unavailable, then we still need to put something in the - # user's GID. So make one up. - if not pkey: - pkey = Keypair(create=True) - - person_gid = AuthHierarchy.create_gid(hrn, create_uuid(), pkey) - person_record = GeniRecord(name=hrn, gid=person_gid, type="user", pointer=person['person_id']) - report.trace(" inserting user record for " + hrn) - table.insert(person_record) - -def import_slice(parent_hrn, slice): - slicename = slice['name'].split("_",1)[-1] - slicename = cleanup_string(slicename) - - if not slicename: - report.error("Import_Slice: failed to parse slice name " + slice['name']) - return - - hrn = parent_hrn + "." + slicename - report.trace("Import: importing slice " + hrn) - - table = get_auth_table(parent_hrn) - - slice_record = table.resolve("slice", hrn) - if not slice_record: - pkey = Keypair(create=True) - slice_gid = AuthHierarchy.create_gid(hrn, create_uuid(), pkey) - slice_record = GeniRecord(name=hrn, gid=slice_gid, type="slice", pointer=slice['slice_id']) - report.trace(" inserting slice record for " + hrn) - table.insert(slice_record) - -def import_node(parent_hrn, node): - nodename = node['hostname'] - nodename = cleanup_string(nodename) - - if not nodename: - report.error("Import_node: failed to parse node name " + node['hostname']) - return - - hrn = parent_hrn + "." + nodename - - # ASN.1 will have problems with hrn's longer than 64 characters - if len(hrn) > 64: - hrn = hrn[:64] - - report.trace("Import: importing node " + hrn) - - table = get_auth_table(parent_hrn) - - node_record = table.resolve("node", hrn) - if not node_record: - pkey = Keypair(create=True) - node_gid = AuthHierarchy.create_gid(hrn, create_uuid(), pkey) - node_record = GeniRecord(name=hrn, gid=node_gid, type="node", pointer=node['node_id']) - report.trace(" inserting node record for " + hrn) - table.insert(node_record) - -def import_site(parent_hrn, site): - sitename = site['login_base'] - sitename = cleanup_string(sitename) - - hrn = parent_hrn + "." + sitename - - report.trace("Import_Site: importing site " + hrn) - - # create the authority - if not AuthHierarchy.auth_exists(hrn): - AuthHierarchy.create_auth(hrn) - - auth_info = AuthHierarchy.get_auth_info(hrn) - - table = get_auth_table(parent_hrn) - - sa_record = table.resolve("sa", hrn) - if not sa_record: - sa_record = GeniRecord(name=hrn, gid=auth_info.get_gid_object(), type="sa", pointer=site['site_id']) - report.trace(" inserting sa record for " + hrn) - table.insert(sa_record) - - ma_record = table.resolve("ma", hrn) - if not ma_record: - ma_record = GeniRecord(name=hrn, gid=auth_info.get_gid_object(), type="ma", pointer=site['site_id']) - report.trace(" inserting ma record for " + hrn) - table.insert(ma_record) - - for person_id in site['person_ids']: - persons = shell.GetPersons(pl_auth, [person_id]) - if persons: - import_person(hrn, persons[0]) - - for slice_id in site['slice_ids']: - slices = shell.GetSlices(pl_auth, [slice_id]) - if slices: - import_slice(hrn, slices[0]) - - for node_id in site['node_ids']: - nodes = shell.GetNodes(pl_auth, [node_id]) - if nodes: - import_node(hrn, nodes[0]) - -def create_top_level_auth_records(hrn): - parent_hrn = get_authority(hrn) - - auth_info = AuthHierarchy.get_auth_info(parent_hrn) - table = get_auth_table(parent_hrn) - - sa_record = table.resolve("sa", hrn) - if not sa_record: - sa_record = GeniRecord(name=hrn, gid=auth_info.get_gid_object(), type="sa", pointer=-1) - report.trace(" inserting sa record for " + hrn) - table.insert(sa_record) - - ma_record = table.resolve("ma", hrn) - if not ma_record: - ma_record = GeniRecord(name=hrn, gid=auth_info.get_gid_object(), type="ma", pointer=-1) - report.trace(" inserting ma record for " + hrn) - table.insert(ma_record) - -def main(): - global AuthHierarchy - global TrustedRoots - - process_options() - - AuthHierarchy = Hierarchy() - TrustedRoots = TrustedRootList() - - print "Import: creating top level authorities" - - if not AuthHierarchy.auth_exists(root_auth): - AuthHierarchy.create_auth(root_auth) - #create_top_level_auth_records(root_auth) - if not AuthHierarchy.auth_exists(level1_auth): - AuthHierarchy.create_auth(level1_auth) - create_top_level_auth_records(level1_auth) - - print "Import: adding", root_auth, "to trusted list" - root = AuthHierarchy.get_auth_info(root_auth) - TrustedRoots.add_gid(root.get_gid_object()) - - connect_shell() - - sites = shell.GetSites(pl_auth) - for site in sites: - import_site(level1_auth, site) - -if __name__ == "__main__": - main() diff --git a/geni/plc/nuke.py b/geni/plc/nuke.py deleted file mode 100644 index b9b2c883..00000000 --- a/geni/plc/nuke.py +++ /dev/null @@ -1,32 +0,0 @@ -## -# Delete all the database records for Geni. This tool is used to clean out Geni -# records during testing. -# -# Authority info (maintained by the hierarchy module in a subdirectory tree) -# is not purged by this tool and may be deleted by a command like 'rm'. -## - -import getopt -import sys - -from hierarchy import * -from record import * -from genitable import * -from config import * - -def process_options(): - global hrn - - (options, args) = getopt.getopt(sys.argv[1:], '', []) - for opt in options: - name = opt[0] - val = opt[1] - -def main(): - process_options() - - print "purging geni records from database" - geni_records_purge(get_default_dbinfo()) - -if __name__ == "__main__": - main() diff --git a/geni/plc/plc.py b/geni/plc/plc.py deleted file mode 100644 index 7c3052af..00000000 --- a/geni/plc/plc.py +++ /dev/null @@ -1,100 +0,0 @@ -## -# GENI PLC Wrapper -# -# This wrapper implements the Geni Registry and Slice Interfaces on PLC. -# Depending on command line options, it starts some combination of a -# Registry, an Aggregate Manager, and a Slice Manager. -# -# There are several items that need to be done before starting the wrapper -# server. -# -# NOTE: Many configuration settings, including the PLC maintenance account -# credentials, URI of the PLCAPI, and PLC DB URI and admin credentials are initialized -# from your MyPLC configuration (/etc/planetlab/plc_config*). Please make sure this information -# is up to date and accurate. -# -# 1) Import the existing planetlab database, creating the -# appropriate geni records. This is done by running the "import.py" tool. -# -# 2) Create a "trusted_roots" directory and place the certificate of the root -# authority in that directory. Given the defaults in import.py, this -# certificate would be named "planetlab.gid". For example, -# -# mkdir trusted_roots; cp authorities/planetlab.gid trusted_roots/ -# -# TODO: Can all three servers use the same "registry" certificate? -## - -# TCP ports for the three servers -registry_port=12345 -aggregate_port=12346 -slicemgr_port=12347 - -import os, os.path -from optparse import OptionParser - -from util.hierarchy import Hierarchy -from util.trustedroot import TrustedRootList -from util.cert import Keypair, Certificate -from registry import Registry -#from aggregate import Aggregate -from slicemgr import SliceMgr - -def main(): - global AuthHierarchy - global TrustedRoots - global registry_port - global aggregate_port - global slicemgr_port - - # Generate command line parser - parser = OptionParser(usage="plc [options]") - parser.add_option("-r", "--registry", dest="registry", action="store_true", - help="run registry server", default=False) - parser.add_option("-s", "--slicemgr", dest="sm", action="store_true", - help="run slice manager", default=False) - parser.add_option("-a", "--aggregate", dest="am", action="store_true", - help="run aggregate manager", default=False) - parser.add_option("-v", "--verbose", dest="verbose", action="store_true", - help="verbose mode", default=False) - (options, args) = parser.parse_args() - - key_file = "server.key" - cert_file = "server.cert" - - # if no key is specified, then make one up - if (not os.path.exists(key_file)) or (not os.path.exists(cert_file)): - key = Keypair(create=True) - key.save_to_file(key_file) - - cert = Certificate(subject="registry") - cert.set_issuer(key=key, subject="registry") - cert.set_pubkey(key) - cert.sign() - cert.save_to_file(cert_file) - - AuthHierarchy = Hierarchy() - - TrustedRoots = TrustedRootList() - - # start registry server - if (options.registry): - r = Registry("", registry_port, key_file, cert_file) - r.trusted_cert_list = TrustedRoots.get_list() - r.hierarchy = AuthHierarchy - r.start() - - # start aggregate manager - if (options.am): - a = Aggregate("", aggregate_port, key_file, cert_file) - a.trusted_cert_list = TrustedRoots.get_list() - a.start() - - # start slice manager - if (options.sm): - s = SliceMgr("", slicemgr_port, key_file, cert_file) - s.trusted_cert_list = TrustedRoots.get_list() - s.start() - -if __name__ == "__main__": - main() diff --git a/geni/plc/registry.py b/geni/plc/registry.py deleted file mode 100644 index 53581d43..00000000 --- a/geni/plc/registry.py +++ /dev/null @@ -1,816 +0,0 @@ -## -# Registry is a GeniServer that implements the Registry interface - -import tempfile -import os -import time -import sys - -from util.credential import Credential -from util.hierarchy import Hierarchy -from util.trustedroot import TrustedRootList -from util.cert import Keypair, Certificate -from util.gid import GID, create_uuid -from util.geniserver import GeniServer -from util.record import GeniRecord -from util.rights import RightList -from util.genitable import GeniTable -from util.geniticket import Ticket -from util.excep import * -from util.misc import * - -from util.config import * - -## -# Convert geni fields to PLC fields for use when registering up updating -# registry record in the PLC database -# -# @param type type of record (user, slice, ...) -# @param hrn human readable name -# @param geni_fields dictionary of geni fields -# @param pl_fields dictionary of PLC fields (output) - -def geni_fields_to_pl_fields(type, hrn, geni_fields, pl_fields): - if type == "user": - if not "email" in pl_fields: - if not "email" in geni_fields: - raise MissingGeniInfo("email") - pl_fields["email"] = geni_fields["email"] - - if not "first_name" in pl_fields: - pl_fields["first_name"] = "geni" - - if not "last_name" in pl_fields: - pl_fields["last_name"] = hrn - - elif type == "slice": - if not "instantiation" in pl_fields: - pl_fields["instantiation"] = "delegated" # "plc-instantiated" - if not "name" in pl_fields: - pl_fields["name"] = hrn_to_pl_slicename(hrn) - if not "max_nodes" in pl_fields: - pl_fields["max_nodes"] = 10 - - elif type == "node": - if not "hostname" in pl_fields: - if not "dns" in geni_fields: - raise MissingGeniInfo("dns") - pl_fields["hostname"] = geni_fields["dns"] - - if not "model" in pl_fields: - pl_fields["model"] = "geni" - - elif type == "sa": - pl_fields["login_base"] = hrn_to_pl_login_base(hrn) - - if not "name" in pl_fields: - pl_fields["name"] = hrn - - if not "abbreviated_name" in pl_fields: - pl_fields["abbreviated_name"] = hrn - - if not "enabled" in pl_fields: - pl_fields["enabled"] = True - - if not "is_public" in pl_fields: - pl_fields["is_public"] = True - -## -# Registry is a GeniServer that serves registry and slice operations at PLC. - -class Registry(GeniServer): - ## - # Create a new registry object. - # - # @param ip the ip address to listen on - # @param port the port to listen on - # @param key_file private key filename of registry - # @param cert_file certificate filename containing public key (could be a GID file) - - def __init__(self, ip, port, key_file, cert_file): - GeniServer.__init__(self, ip, port, key_file, cert_file) - - # get PL account settings from config module - self.pl_auth = get_pl_auth() - - # connect to planetlab - if "Url" in self.pl_auth: - self.connect_remote_shell() - else: - self.connect_local_shell() - - ## - # Connect to a remote shell via XMLRPC - - def connect_remote_shell(self): - import remoteshell - self.shell = remoteshell.RemoteShell() - - ## - # Connect to a local shell via local API functions - - def connect_local_shell(self): - import PLC.Shell - self.shell = PLC.Shell.Shell(globals = globals()) - - ## - # Register the server RPCs for the registry - - def register_functions(self): - GeniServer.register_functions(self) - # registry interface - self.server.register_function(self.create_gid) - self.server.register_function(self.get_self_credential) - self.server.register_function(self.get_credential) - self.server.register_function(self.get_gid) - self.server.register_function(self.register) - self.server.register_function(self.remove) - self.server.register_function(self.update) - self.server.register_function(self.list) - self.server.register_function(self.resolve) - - ## - # Given an authority name, return the information for that authority. This - # is basically a stub that calls the hierarchy module. - # - # @param auth_hrn human readable name of authority - - def get_auth_info(self, auth_hrn): - return self.hierarchy.get_auth_info(auth_hrn) - - ## - # Given an authority name, return the database table for that authority. If - # the database table does not exist, then one will be automatically - # created. - # - # @param auth_name human readable name of authority - - def get_auth_table(self, auth_name): - auth_info = self.get_auth_info(auth_name) - - table = GeniTable(hrn=auth_name, - cninfo=auth_info.get_dbinfo()) - - # if the table doesn't exist, then it means we haven't put any records - # into this authority yet. - - if not table.exists(): - print "Registry: creating table for authority", auth_name - table.create() - - return table - - ## - # Verify that an authority belongs to this registry. This is basically left - # up to the implementation of the hierarchy module. If the specified name - # does not belong to this registry, an exception is thrown indicating the - # caller should contact someone else. - # - # @param auth_name human readable name of authority - - def verify_auth_belongs_to_me(self, name): - # get_auth_info will throw an exception if the authority does not - # exist - self.get_auth_info(name) - - ## - # Verify that an object belongs to this registry. By extension, this implies - # that the authority that owns the object belongs to this registry. If the - # object does not belong to this registry, then an exception is thrown. - # - # @param name human readable name of object - - def verify_object_belongs_to_me(self, name): - auth_name = get_authority(name) - if not auth_name: - # the root authority belongs to the registry by default? - # TODO: is this true? - return - self.verify_auth_belongs_to_me(auth_name) - - ## - # Verify that the object_gid that was specified in the credential allows - # permission to the object 'name'. This is done by a simple prefix test. - # For example, an object_gid for planetlab.us.arizona would match the - # objects planetlab.us.arizona.slice1 and planetlab.us.arizona. - # - # @param name human readable name to test - - def verify_object_permission(self, name): - object_hrn = self.object_gid.get_hrn() - if object_hrn == name: - return - if name.startswith(object_hrn + "."): - return - raise PermissionError(name) - - ## - # Fill in the planetlab-specific fields of a Geni record. This involves - # calling the appropriate PLC methods to retrieve the database record for - # the object. - # - # PLC data is filled into the pl_info field of the record. - # - # @param record record to fill in fields (in/out param) - - def fill_record_pl_info(self, record): - type = record.get_type() - pointer = record.get_pointer() - - # records with pointer==-1 do not have plc info associated with them. - # for example, the top level authority records which are - # authorities, but not PL "sites" - if pointer == -1: - record.set_pl_info({}) - return - - if (type == "sa") or (type == "ma"): - pl_res = self.shell.GetSites(self.pl_auth, [pointer]) - elif (type == "slice"): - pl_res = self.shell.GetSlices(self.pl_auth, [pointer]) - elif (type == "user"): - pl_res = self.shell.GetPersons(self.pl_auth, [pointer]) - elif (type == "node"): - pl_res = self.shell.GetNodes(self.pl_auth, [pointer]) - else: - raise UnknownGeniType(type) - - if not pl_res: - # the planetlab record no longer exists - # TODO: delete the geni record ? - raise PlanetLabRecordDoesNotExist(record.get_name()) - - record.set_pl_info(pl_res[0]) - - ## - # Look up user records given PLC user-ids. This is used as part of the - # process for reverse-mapping PLC records into Geni records. - # - # @param auth_table database table for the authority that holds the user records - # @param user_id_list list of user ids - # @param role either "*" or a string describing the role to look for ("pi", "user", ...) - # - # TODO: This function currently only searches one authority because it would - # be inefficient to brute-force search all authorities for a user id. The - # solution would likely be to implement a reverse mapping of user-id to - # (type, hrn) pairs. - - def lookup_users(self, auth_table, user_id_list, role="*"): - record_list = [] - for person_id in user_id_list: - user_records = auth_table.find("user", person_id, "pointer") - for user_record in user_records: - self.fill_record_info(user_record) - - user_roles = user_record.get_pl_info().get("roles") - if (role=="*") or (role in user_roles): - record_list.append(user_record.get_name()) - return record_list - - ## - # Fill in the geni-specific fields of the record. - # - # Note: It is assumed the fill_record_pl_info() has already been performed - # on the record. - - def fill_record_geni_info(self, record): - geni_info = {} - type = record.get_type() - - if (type == "slice"): - auth_table = self.get_auth_table(get_authority(record.get_name())) - person_ids = record.pl_info.get("person_ids", []) - researchers = self.lookup_users(auth_table, person_ids) - geni_info['researcher'] = researchers - - elif (type == "sa"): - auth_table = self.get_auth_table(record.get_name()) - person_ids = record.pl_info.get("person_ids", []) - pis = self.lookup_users(auth_table, person_ids, "pi") - geni_info['pi'] = pis - # TODO: OrganizationName - - elif (type == "ma"): - auth_table = self.get_auth_table(record.get_name()) - person_ids = record.pl_info.get("person_ids", []) - operators = self.lookup_users(auth_table, person_ids, "tech") - geni_info['operator'] = operators - # TODO: OrganizationName - - auth_table = self.get_auth_table(record.get_name()) - person_ids = record.pl_info.get("person_ids", []) - owners = self.lookup_users(auth_table, person_ids, "admin") - geni_info['owner'] = owners - - elif (type == "node"): - geni_info['dns'] = record.pl_info.get("hostname", "") - # TODO: URI, LatLong, IP, DNS - - elif (type == "user"): - geni_info['email'] = record.pl_info.get("email", "") - # TODO: PostalAddress, Phone - - record.set_geni_info(geni_info) - - ## - # Given a Geni record, fill in the PLC-specific and Geni-specific fields - # in the record. - - def fill_record_info(self, record): - self.fill_record_pl_info(record) - self.fill_record_geni_info(record) - - ## - # GENI API: register - # - # Register an object with the registry. In addition to being stored in the - # Geni database, the appropriate records will also be created in the - # PLC databases - # - # @param cred credential string - # @param record_dict dictionary containing record fields - - def register(self, cred, record_dict): - self.decode_authentication(cred, "register") - - record = GeniRecord(dict = record_dict) - type = record.get_type() - name = record.get_name() - - auth_name = get_authority(name) - self.verify_object_permission(auth_name) - auth_info = self.get_auth_info(auth_name) - table = self.get_auth_table(auth_name) - - pkey = None - - # check if record already exists - existing_records = table.resolve(type, name) - if existing_records: - raise ExistingRecord(name) - - if (type == "sa") or (type=="ma"): - # update the tree - if not self.hierarchy.auth_exists(name): - self.hierarchy.create_auth(name) - - # authorities are special since they are managed by the registry - # rather than by the caller. We create our own GID for the - # authority rather than relying on the caller to supply one. - - # get the GID from the newly created authority - child_auth_info = self.get_auth_info(name) - gid = auth_info.get_gid_object() - record.set_gid(gid.save_to_string(save_parents=True)) - - geni_fields = record.get_geni_info() - site_fields = record.get_pl_info() - - # if registering a sa, see if a ma already exists - # if registering a ma, see if a sa already exists - if (type == "sa"): - other_rec = table.resolve("ma", record.get_name()) - elif (type == "ma"): - other_rec = table.resolve("sa", record.get_name()) - - if other_rec: - print "linking ma and sa to the same plc site" - pointer = other_rec[0].get_pointer() - else: - geni_fields_to_pl_fields(type, name, geni_fields, site_fields) - print "adding site with fields", site_fields - pointer = self.shell.AddSite(self.pl_auth, site_fields) - - record.set_pointer(pointer) - - elif (type == "slice"): - geni_fields = record.get_geni_info() - slice_fields = record.get_pl_info() - - geni_fields_to_pl_fields(type, name, geni_fields, slice_fields) - - pointer = self.shell.AddSlice(self.pl_auth, slice_fields) - record.set_pointer(pointer) - - elif (type == "user"): - geni_fields = record.get_geni_info() - user_fields = record.get_pl_info() - - geni_fields_to_pl_fields(type, name, geni_fields, user_fields) - - pointer = self.shell.AddPerson(self.pl_auth, user_fields) - record.set_pointer(pointer) - - elif (type == "node"): - geni_fields = record.get_geni_info() - node_fields = record.get_pl_info() - - geni_fields_to_pl_fields(type, name, geni_fields, node_fields) - - login_base = hrn_to_pl_login_base(auth_name) - - print "calling addnode with", login_base, node_fields - pointer = self.shell.AddNode(self.pl_auth, login_base, node_fields) - record.set_pointer(pointer) - - else: - raise UnknownGeniType(type) - - table.insert(record) - - return record.get_gid_object().save_to_string(save_parents=True) - - ## - # GENI API: remove - # - # Remove an object from the registry. If the object represents a PLC object, - # then the PLC records will also be removed. - # - # @param cred credential string - # @param record_dict dictionary containing record fields. The only relevant - # fields of the record are 'name' and 'type', which are used to lookup - # the current copy of the record in the Geni database, to make sure - # that the appopriate record is removed. - - def remove(self, cred, type, hrn): - self.decode_authentication(cred, "remove") - - self.verify_object_permission(hrn) - - auth_name = get_authority(hrn) - table = self.get_auth_table(auth_name) - - record_list = table.resolve(type, hrn) - if not record_list: - raise RecordNotFound(name) - record = record_list[0] - - # TODO: sa, ma - if type == "user": - self.shell.DeletePerson(self.pl_auth, record.get_pointer()) - elif type == "slice": - self.shell.DeleteSlice(self.pl_auth, record.get_pointer()) - elif type == "node": - self.shell.DeleteNode(self.pl_auth, record.get_pointer()) - elif (type == "sa") or (type == "ma"): - if (type == "sa"): - other_rec = table.resolve("ma", record.get_name()) - elif (type == "ma"): - other_rec = table.resolve("sa", record.get_name()) - - if other_rec: - # sa and ma both map to a site, so if we are deleting one - # but the other still exists, then do not delete the site - print "not removing site", record.get_name(), "because either sa or ma still exists" - pass - else: - print "removing site", record.get_name() - self.shell.DeleteSite(self.pl_auth, record.get_pointer()) - else: - raise UnknownGeniType(type) - - table.remove(record) - - return True - - ## - # GENI API: Register - # - # Update an object in the registry. Currently, this only updates the - # PLC information associated with the record. The Geni fields (name, type, - # GID) are fixed. - # - # The record is expected to have the pl_info field filled in with the data - # that should be updated. - # - # TODO: The geni_info member of the record should be parsed and the pl_info - # adjusted as necessary (add/remove users from a slice, etc) - # - # @param cred credential string specifying rights of the caller - # @param record a record dictionary to be updated - - def update(self, cred, record_dict): - self.decode_authentication(cred, "update") - - record = GeniRecord(dict = record_dict) - type = record.get_type() - - self.verify_object_permission(record.get_name()) - - auth_name = get_authority(record.get_name()) - table = self.get_auth_table(auth_name) - - # make sure the record exists - existing_record_list = table.resolve(type, record.get_name()) - if not existing_record_list: - raise RecordNotFound(record.get_name()) - - existing_record = existing_record_list[0] - pointer = existing_record.get_pointer() - - # update the PLC information that was specified with the record - - if (type == "sa") or (type == "ma"): - self.shell.UpdateSite(self.pl_auth, pointer, record.get_pl_info()) - - elif type == "slice": - self.shell.UpdateSlice(self.pl_auth, pointer, record.get_pl_info()) - - elif type == "user": - # SMBAKER: UpdatePerson only allows a limited set of fields to be - # updated. Ideally we should have a more generic way of doing - # this. I copied the field names from UpdatePerson.py... - update_fields = {} - all_fields = record.get_pl_info() - for key in all_fields.keys(): - if key in ['first_name', 'last_name', 'title', 'email', - 'password', 'phone', 'url', 'bio', 'accepted_aup', - 'enabled']: - update_fields[key] = all_fields[key] - self.shell.UpdatePerson(self.pl_auth, pointer, update_fields) - - elif type == "node": - self.shell.UpdateNode(self.pl_auth, pointer, record.get_pl_info()) - - else: - raise UnknownGeniType(type) - - ## - # List the records in an authority. The objectGID in the supplied credential - # should name the authority that will be listed. - # - # TODO: List doesn't take an hrn and uses the hrn contained in the - # objectGid of the credential. Does this mean the only way to list an - # authority is by having a credential for that authority? - # - # @param cred credential string specifying rights of the caller - # - # @return list of record dictionaries - def list(self, cred, auth_hrn): - self.decode_authentication(cred, "list") - - if not self.hierarchy.auth_exists(auth_hrn): - raise MissingAuthority(auth_hrn) - - table = self.get_auth_table(auth_hrn) - - records = table.list() - - good_records = [] - for record in records: - try: - self.fill_record_info(record) - good_records.append(record) - except PlanetLabRecordDoesNotExist: - # silently drop the ones that are missing in PL. - # is this the right thing to do? - print "ignoring geni record ", record.get_name(), " because pl record does not exist" - table.remove(record) - - dicts = [] - for record in good_records: - dicts.append(record.as_dict()) - - return dicts - - return dict_list - - ## - # Resolve a record. This is an internal version of the Resolve API call - # and returns records in record object format rather than dictionaries - # that may be sent over XMLRPC. - # - # @param type type of record to resolve (user | sa | ma | slice | node) - # @param name human readable name of object - # @param must_exist if True, throw an exception if no records are found - # - # @return a list of record objects, or an empty list [] - - def resolve_raw(self, type, name, must_exist=True): - auth_name = get_authority(name) - - table = self.get_auth_table(auth_name) - - records = table.resolve(type, name) - - if (not records) and must_exist: - raise RecordNotFound(name) - - good_records = [] - for record in records: - try: - self.fill_record_info(record) - good_records.append(record) - except PlanetLabRecordDoesNotExist: - # silently drop the ones that are missing in PL. - # is this the right thing to do? - print "ignoring geni record ", record.get_name(), "because pl record does not exist" - table.remove(record) - - return good_records - - ## - # GENI API: Resolve - # - # This is a wrapper around resolve_raw that converts records objects into - # dictionaries before returning them to the user. - # - # @param cred credential string authorizing the caller - # @param name human readable name to resolve - # - # @return a list of record dictionaries, or an empty list - - def resolve(self, cred, name): - self.decode_authentication(cred, "resolve") - - records = self.resolve_raw("*", name) - dicts = [] - for record in records: - dicts.append(record.as_dict()) - - return dicts - - ## - # GENI API: get_gid - # - # Retrieve the GID for an object. This function looks up a record in the - # registry and returns the GID of the record if it exists. - # TODO: Is this function needed? It's a shortcut for Resolve() - # - # @param name hrn to look up - # - # @return the string representation of a GID object - - def get_gid(self, name): - self.verify_object_belongs_to_me(name) - records = self.resolve_raw("*", name) - gid_string_list = [] - for record in records: - gid = record.get_gid() - gid_string_list.append(gid.save_to_string(save_parents=True)) - return gid_string_list - - ## - # Determine tje rights that an object should have. The rights are entirely - # dependent on the type of the object. For example, users automatically - # get "refresh", "resolve", and "info". - # - # @param type the type of the object (user | sa | ma | slice | node) - # @param name human readable name of the object (not used at this time) - # - # @return RightList object containing rights - - def determine_rights(self, type, name): - rl = RightList() - - # rights seem to be somewhat redundant with the type of the credential. - # For example, a "sa" credential implies the authority right, because - # a sa credential cannot be issued to a user who is not an owner of - # the authority - - if type == "user": - rl.add("refresh") - rl.add("resolve") - rl.add("info") - elif type == "sa": - rl.add("authority") - elif type == "ma": - rl.add("authority") - elif type == "slice": - rl.add("refresh") - rl.add("embed") - rl.add("bind") - rl.add("control") - rl.add("info") - elif type == "component": - rl.add("operator") - - return rl - - ## - # GENI API: Get_self_credential - # - # Get_self_credential a degenerate version of get_credential used by a - # client to get his initial credential when he doesn't have one. This is - # the same as get_credential(..., cred=None,...). - # - # The registry ensures that the client is the principal that is named by - # (type, name) by comparing the public key in the record's GID to the - # private key used to encrypt the client-side of the HTTPS connection. Thus - # it is impossible for one principal to retrieve another principal's - # credential without having the appropriate private key. - # - # @param type type of object (user | slice | sa | ma | node - # @param name human readable name of object - # - # @return the string representation of a credential object - - def get_self_credential(self, type, name): - self.verify_object_belongs_to_me(name) - - auth_hrn = get_authority(name) - auth_info = self.get_auth_info(auth_hrn) - - # find a record that matches - records = self.resolve_raw(type, name, must_exist=True) - record = records[0] - - gid = record.get_gid_object() - peer_cert = self.server.peer_cert - if not peer_cert.is_pubkey(gid.get_pubkey()): - raise ConnectionKeyGIDMismatch(gid.get_subject()) - - # create the credential - gid = record.get_gid_object() - cred = Credential(subject = gid.get_subject()) - cred.set_gid_caller(gid) - cred.set_gid_object(gid) - cred.set_issuer(key=auth_info.get_pkey_object(), subject=auth_hrn) - cred.set_pubkey(gid.get_pubkey()) - - rl = self.determine_rights(type, name) - cred.set_privileges(rl) - - cred.set_parent(self.hierarchy.get_auth_cred(auth_hrn)) - - cred.encode() - cred.sign() - - return cred.save_to_string(save_parents=True) - - ## - # GENI API: Get_credential - # - # Retrieve a credential for an object. - # - # If cred==None, then the behavior reverts to get_self_credential() - # - # @param cred credential object specifying rights of the caller - # @param type type of object (user | slice | sa | ma | node) - # @param name human readable name of object - # - # @return the string representation of a credental object - - def get_credential(self, cred, type, name): - if not cred: - return get_self_credential(self, type, name) - - self.decode_authentication(cred, "getcredential") - - self.verify_object_belongs_to_me(name) - - auth_hrn = get_authority(name) - auth_info = self.get_auth_info(auth_hrn) - - records = self.resolve_raw(type, name, must_exist=True) - record = records[0] - - # TODO: Check permission that self.client_cred can access the object - - object_gid = record.get_gid_object() - new_cred = Credential(subject = object_gid.get_subject()) - new_cred.set_gid_caller(self.client_gid) - new_cred.set_gid_object(object_gid) - new_cred.set_issuer(key=auth_info.get_pkey_object(), subject=auth_hrn) - new_cred.set_pubkey(object_gid.get_pubkey()) - - rl = self.determine_rights(type, name) - new_cred.set_privileges(rl) - - new_cred.set_parent(self.hierarchy.get_auth_cred(auth_hrn)) - - new_cred.encode() - new_cred.sign() - - return new_cred.save_to_string(save_parents=True) - - ## - # GENI_API: Create_gid - # - # Create a new GID. For MAs and SAs that are physically located on the - # registry, this allows a owner/operator/PI to create a new GID and have it - # signed by his respective authority. - # - # @param cred credential of caller - # @param name hrn for new GID - # @param uuid unique identifier for new GID - # @param pkey_string public-key string (TODO: why is this a string and not a keypair object?) - # - # @return the string representation of a GID object - - def create_gid(self, cred, name, uuid, pubkey_str): - self.decode_authentication(cred, "getcredential") - - self.verify_object_belongs_to_me(name) - - self.verify_object_permission(name) - - if uuid == None: - uuid = create_uuid() - - pkey = Keypair() - pkey.load_pubkey_from_string(pubkey_str) - gid = self.hierarchy.create_gid(name, uuid, pkey) - - return gid.save_to_string(save_parents=True) - diff --git a/geni/plc/slicemgr.py b/geni/plc/slicemgr.py deleted file mode 100644 index 0f28d544..00000000 --- a/geni/plc/slicemgr.py +++ /dev/null @@ -1,393 +0,0 @@ -import os -import sys -import datetime -import time - -from util.geniserver import * -from util.geniclient import * -from util.cert import * -from util.trustedroot import * -from util.excep import * -from util.misc import * -from util.config import Config - -class SliceMgr(GeniServer): - - hrn = None - key_file = None - cert_file = None - components_file = None - slices_file = None - components_ttl = None - components = [] - slices = [] - policy = {} - timestamp = None - threshold = None - shell = None - aggregates = {} - - - ## - # Create a new slice manager object. - # - # @param ip the ip address to listen on - # @param port the port to listen on - # @param key_file private key filename of registry - # @param cert_file certificate filename containing public key (could be a GID file) - - def __init__(self, ip, port, key_file, cert_file, config = "/usr/share/geniwrapper/util/geni_config"): - GeniServer.__init__(ip, port, key_file, cert_file) - self.key_file = key_file - self.cert_file = cert_file - self.conf = Config(config) - basedir = self.conf.GENI_BASE_DIR + os.sep - server_basedir = basedir + os.sep + "plc" + os.sep - self.hrn = conf.GENI_INTERFACE_HRN - - # Get list of aggregates this sm talks to - aggregates_file = server_basedir + os.sep + 'aggregates' - self.load_aggregates(aggregates_file) - self.components_file = os.sep.join([server_basedir, 'components', 'slicemgr.' + hrn + '.comp']) - self.slices_file = os.sep.join([server_basedir, 'components', 'slicemgr' + hrn + '.slices']) - self.timestamp_file = os.sep.join([server_basedir, 'components', 'slicemgr' + hrn + '.timestamp']) - self.components_ttl = components_ttl - self.policy['whitelist'] = [] - self.policy['blacklist'] = [] - self.connect() - - def load_aggregates(self, aggregates_file): - """ - Get info about the aggregates available to us from file and create - an xmlrpc connection to each. If any info is invalid, skip it. - """ - lines = [] - try: - f = open(aggregates_file, 'r') - lines = f.readlines() - f.close() - except: raise - - for line in lines: - # Skip comments - if line.strip.startswith("#"): - continue - agg_info = line.split("\t").split(" ") - - # skip invalid info - if len(agg_info) != 3: - continue - - # create xmlrpc connection using GeniClient - hrn, address, port = agg_info[0], agg_info[1], agg_info[2] - url = 'https://%(address)s:%(port)s' % locals() - self.aggregates[hrn] = GeniClient(url, self.key_file, self.cert_file) - - - def item_hrns(self, items): - """ - Take a list of items (components or slices) and return a dictionary where - the key is the authoritative hrn and the value is a list of items at that - hrn. - """ - item_hrns = {} - agg_hrns = self.aggregates.keys() - for agg_hrn in agg_hrns: - item_hrns[agg_hrn] = [] - for item in items: - for agg_hrn in agg_hrns: - if item.startswith(agg_hrn): - item_hrns[agg_hrn] = item - - return item_hrns - - - def hostname_to_hrn(self, login_base, hostname): - """ - Convert hrn to plantelab name. - """ - genihostname = "_".join(hostname.split(".")) - return ".".join([self.hrn, login_base, genihostname]) - - def slicename_to_hrn(self, slicename): - """ - Convert hrn to planetlab name. - """ - slicename = slicename.replace("_", ".") - return ".".join([self.hrn, slicename]) - - def refresh_components(self): - """ - Update the cached list of nodes. - """ - print "refreshing" - - aggregates = self.aggregates.keys() - all_nodes = [] - all_slices = [] - for aggregate in aggregates: - try: - # resolve components hostnames - nodes = self.aggregates[aggregate].get_components() - all_nodes.extend(nodes) - # update timestamp and threshold - self.timestamp = datetime.datetime.now() - delta = datetime.timedelta(hours=self.components_ttl) - self.threshold = self.timestamp + delta - except: - # XX print out to some error log - pass - - self.components = all_nodes - f = open(self.components_file, 'w') - f.write(str(self.components)) - f.close() - f = open(self.timestamp_file, 'w') - f.write(str(self.threshold)) - f.close() - - def load_components(self): - """ - Read cached list of nodes and slices. - """ - print "loading nodes" - # Read component list from cached file - if os.path.exists(self.components_file): - f = open(self.components_file, 'r') - self.components = eval(f.read()) - f.close() - - time_format = "%Y-%m-%d %H:%M:%S" - if os.path.exists(self.timestamp_file): - f = open(self.timestamp_file, 'r') - timestamp = str(f.read()).split(".")[0] - self.timestamp = datetime.datetime.fromtimestamp(time.mktime(time.strptime(timestamp, time_format))) - delta = datetime.timedelta(hours=self.components_ttl) - self.threshold = self.timestamp + delta - f.close() - - def load_policy(self): - """ - Read the list of blacklisted and whitelisted nodes. - """ - whitelist = [] - blacklist = [] - if os.path.exists(self.whitelist_file): - f = open(self.whitelist_file, 'r') - lines = f.readlines() - f.close() - for line in lines: - line = line.strip().replace(" ", "").replace("\n", "") - whitelist.extend(line.split(",")) - - - if os.path.exists(self.blacklist_file): - f = open(self.blacklist_file, 'r') - lines = f.readlines() - f.close() - for line in lines: - line = line.strip().replace(" ", "").replace("\n", "") - blacklist.extend(line.split(",")) - - self.policy['whitelist'] = whitelist - self.policy['blacklist'] = blacklist - - def load_slices(self): - """ - Read current slice instantiation states. - """ - print "loading slices" - if os.path.exists(self.slices_file): - f = open(self.components_file, 'r') - self.slices = eval(f.read()) - f.close() - - def write_slices(self): - """ - Write current slice instantiations to file. - """ - print "writing slices" - f = open(self.slices_file, 'w') - f.write(str(self.slices)) - f.close() - - - def get_components(self): - """ - Return a list of components managed by this slice manager. - """ - # Reload components list - now = datetime.datetime.now() - #self.load_components() - if not self.threshold or not self.timestamp or now > self.threshold: - self.refresh_components() - elif now < self.threshold and not self.components: - self.load_components() - return self.components - - - def get_slices(self): - """ - Return a list of instnatiated managed by this slice manager. - """ - now = datetime.datetime.now() - #self.load_components() - if not self.threshold or not self.timestamp or now > self.threshold: - self.refresh_components() - elif now < self.threshold and not self.slices: - self.load_components() - return self.slices - - def get_slivers(self, hrn): - """ - Return the list of slices instantiated at the specified component. - """ - - # hrn is assumed to be a component hrn - if hrn not in self.slices: - raise RecordNotFound(hrn) - - return self.slices[hrn] - - def get_rspec(self, hrn, type): - #rspec = Rspec() - if type in ['node']: - nodes = self.shell.GetNodes(self.auth) - elif type in ['slice']: - slices = self.shell.GetSlices(self.auth) - elif type in ['aggregate']: - pass - - def get_resources(self, slice_hrn): - """ - Return the current rspec for the specified slice. - """ - slicename = hrn_to_plcslicename(slice_hrn) - rspec = self.get_rspec(slicenamem, 'slice' ) - - return rspec - - def create_slice(self, slice_hrn, rspec, attributes): - """ - Instantiate the specified slice according to whats defined in the rspec. - """ - slicename = self.hrn_to_plcslicename(slice_hrn) - #spec = Rspec(rspec) - node_hrns = [] - #for netspec in spec['networks]: - # networkname = netspec['name'] - # nodespec = spec['networks']['nodes'] - # nodes = [nspec['name'] for nspec in nodespec] - # node_hrns = [networkname + node for node in nodes] - # - self.db.AddSliceToNodes(slice_hrn, node_hrns) - return 1 - - def delete_slice_(self, slice_hrn): - """ - Remove this slice from all components it was previouly associated with and - free up the resources it was using. - """ - self.db.DeleteSliceFromNodes(self.auth, slicename, self.components) - return 1 - - def start_slice(self, slice_hrn): - """ - Stop the slice at plc. - """ - slicename = hrn_to_plcslicename(slice_hrn) - slices = self.shell.GetSlices(self.auth, {'name': slicename}, ['slice_id']) - if not slices: - raise RecordNotFound(slice_hrn) - slice_id = slices[0] - atrribtes = self.shell.GetSliceAttributes({'slice_id': slice_id, 'name': 'enabled'}, ['slice_attribute_id']) - attribute_id = attreibutes[0] - self.shell.UpdateSliceAttribute(self.auth, attribute_id, "1" ) - return 1 - - def stop_slice(self, slice_hrn): - """ - Stop the slice at plc - """ - slicename = hrn_to_plcslicename(slice_hrn) - slices = self.shell.GetSlices(self.auth, {'name': slicename}, ['slice_id']) - if not slices: - raise RecordNotFound(slice_hrn) - slice_id = slices[0] - atrribtes = self.shell.GetSliceAttributes({'slice_id': slice_id, 'name': 'enabled'}, ['slice_attribute_id']) - attribute_id = attreibutes[0] - self.shell.UpdateSliceAttribute(self.auth, attribute_id, "0") - return 1 - - def reset_slice(self, slice_hrn): - """ - Reset the slice - """ - slicename = self.hrn_to_plcslicename(slice_hrn) - return 1 - - def get_policy(self): - """ - Return the policy of this slice manager. - """ - - return self.policy - - - -############################## -## Server methods here for now -############################## - - def nodes(self): - return self..get_components() - - def slices(self): - return self.get_slices() - - def resources(self, cred, hrn): - self.decode_authentication(cred, 'info') - self.verify_object_belongs_to_me(hrn) - - return self.get_resources(hrn) - - def create(self, cred, hrn, rspec): - self.decode_authentication(cred, 'embed') - self.verify_object_belongs_to_me(hrn, rspec) - return self.create(hrn) - - def delete(self, cred, hrn): - self.decode_authentication(cred, 'embed') - self.verify_object_belongs_to_me(hrn) - return self.delete_slice(hrn) - - def start(self, cred, hrn): - self.decode_authentication(cred, 'control') - return self.start(hrn) - - def stop(self, cred, hrn): - self.decode_authentication(cred, 'control') - return self.stop(hrn) - - def reset(self, cred, hrn): - self.decode_authentication(cred, 'control') - return self.reset(hrn) - - def policy(self, cred): - self.decode_authentication(cred, 'info') - return self.get_policy() - - def register_functions(self): - GeniServer.register_functions(self) - - # Aggregate interface methods - self.server.register_function(self.components) - self.server.register_function(self.slices) - self.server.register_function(self.resources) - self.server.register_function(self.create) - self.server.register_function(self.delete) - self.server.register_function(self.start) - self.server.register_function(self.stop) - self.server.register_function(self.reset) - self.server.register_function(self.policy) - -- 2.43.0