1 #!/usr/bin/env /usr/bin/plcsh
3 # Bootstraps the PLC database with a default administrator account and
4 # a default site, defines default slice attribute types, and
5 # creates/updates default system slices.
7 # Mark Huang <mlhuang@cs.princeton.edu>
8 # Copyright (C) 2006 The Trustees of Princeton University
10 # $Id: db-config,v 1.3 2006/11/06 22:03:05 mlhuang Exp $
13 from plc_config import PLCConfiguration
17 cfg = PLCConfiguration()
19 variables = cfg.variables()
21 # Load variables into dictionaries
22 for category_id, (category, variablelist) in variables.iteritems():
23 globals()[category_id] = dict(zip(variablelist.keys(),
24 [variable['value'] for variable in variablelist.values()]))
26 # Create/update the default administrator account (should be
28 admin = { 'person_id': 2,
29 'first_name': "Default",
30 'last_name': "Administrator",
31 'email': plc['root_user'],
32 'password': plc['root_password'] }
33 persons = GetPersons([admin['person_id']])
35 person_id = AddPerson(admin)
36 if person_id != admin['person_id']:
37 # Huh? Someone deleted the account manually from the database.
38 DeletePerson(person_id)
39 raise Exception, "Someone deleted the \"%s %s\" account from the database!" % \
40 (admin['first_name'], admin['last_name'])
41 UpdatePerson(person_id, { 'enabled': True })
43 person_id = persons[0]['person_id']
44 UpdatePerson(person_id, admin)
46 # Create/update the default site (should be site_id 1)
47 if plc_www['port'] == '80':
48 url = "http://" + plc_www['host'] + "/"
49 elif plc_www['port'] == '443':
50 url = "https://" + plc_www['host'] + "/"
52 url = "http://" + plc_www['host'] + ":" + plc_www['port'] + "/"
53 site = { 'site_id': 1,
54 'name': plc['name'] + " Central",
55 'abbreviated_name': plc['name'],
56 # XXX Default site slice_prefix/login_base must be "pl_"
57 # 'login_base': plc['slice_prefix'],
63 sites = GetSites([site['site_id']])
65 site_id = AddSite(site['name'], site['abbreviated_name'], site['login_base'], site)
66 if site_id != site['site_id']:
68 raise Exception, "Someone deleted the \"%s\" site from the database!" % \
72 # Must call AdmUpdateSite() even after AdmAddSite() to update max_slices
73 site_id = sites[0]['site_id']
74 # XXX login_base cannot be updated
75 del site['login_base']
76 UpdateSite(site_id, site)
78 # The default administrator account must be associated with a site
80 AddPersonToSite(admin['person_id'], site['site_id'])
81 SetPersonPrimarySite(admin['person_id'], site['site_id'])
83 # Grant admin and PI roles to the default administrator account
84 AddRoleToPerson(10, admin['person_id'])
85 AddRoleToPerson(20, admin['person_id'])
87 # Setup default PlanetLabConf entries
88 default_conf_files = [
91 'source': 'PlanetLabConf/ntp.conf.php',
92 'dest': '/etc/ntp.conf',
93 'file_permissions': '644',
97 'postinstall_cmd': '/etc/rc.d/init.d/ntpd restart',
99 'ignore_cmd_errors': False,
100 'always_update': False},
102 'source': 'PlanetLabConf/ntp/step-tickers.php',
103 'dest': '/etc/ntp/step-tickers',
104 'file_permissions': '644',
105 'file_owner': 'root',
106 'file_group': 'root',
107 'preinstall_cmd': '',
108 'postinstall_cmd': '/etc/rc.d/init.d/ntpd restart',
110 'ignore_cmd_errors': False,
111 'always_update': False},
113 # SSH server configuration
115 'source': 'PlanetLabConf/sshd_config',
116 'dest': '/etc/ssh/sshd_config',
117 'file_permissions': '600',
118 'file_owner': 'root',
119 'file_group': 'root',
120 'preinstall_cmd': '',
121 'postinstall_cmd': '/etc/init.d/sshd restart',
123 'ignore_cmd_errors': False,
124 'always_update': False},
126 # Administrative SSH keys
128 'source': 'PlanetLabConf/keys.php?root',
129 'dest': '/root/.ssh/authorized_keys',
130 'file_permissions': '644',
131 'file_owner': 'root',
132 'file_group': 'root',
133 'preinstall_cmd': '',
134 'postinstall_cmd': '',
136 'ignore_cmd_errors': False,
137 'always_update': False},
139 'source': 'PlanetLabConf/keys.php?site_admin',
140 'dest': '/home/site_admin/.ssh/authorized_keys',
141 'file_permissions': '644',
142 'file_owner': 'site_admin',
143 'file_group': 'site_admin',
144 'preinstall_cmd': 'grep -q site_admin /etc/passwd',
145 'postinstall_cmd': '',
147 'ignore_cmd_errors': False,
148 'always_update': False},
150 'source': 'PlanetLabConf/keys.php?role=admin',
151 'dest': '/home/pl_admin/.ssh/authorized_keys',
152 'file_permissions': '644',
153 'file_owner': 'pl_admin',
154 'file_group': 'pl_admin',
155 'preinstall_cmd': 'grep -q pl_admin /etc/passwd',
156 'postinstall_cmd': '',
158 'ignore_cmd_errors': False,
159 'always_update': False},
161 # Log rotation configuration
163 'source': 'PlanetLabConf/logrotate.conf',
164 'dest': '/etc/logrotate.conf',
165 'file_permissions': '644',
166 'file_owner': 'root',
167 'file_group': 'root',
168 'preinstall_cmd': '',
169 'postinstall_cmd': '',
171 'ignore_cmd_errors': False,
172 'always_update': False},
174 # updatedb/locate nightly cron job
176 'source': 'PlanetLabConf/slocate.cron',
177 'dest': '/etc/cron.daily/slocate.cron',
178 'file_permissions': '755',
179 'file_owner': 'root',
180 'file_group': 'root',
181 'preinstall_cmd': '',
182 'postinstall_cmd': '',
184 'ignore_cmd_errors': False,
185 'always_update': False},
189 'source': 'PlanetLabConf/yum.conf.php?gpgcheck=1',
190 'dest': '/etc/yum.conf',
191 'file_permissions': '644',
192 'file_owner': 'root',
193 'file_group': 'root',
194 'preinstall_cmd': '',
195 'postinstall_cmd': '',
197 'ignore_cmd_errors': False,
198 'always_update': False},
200 'source': 'PlanetLabConf/delete-rpm-list-production',
201 'dest': '/etc/planetlab/delete-rpm-list',
202 'file_permissions': '644',
203 'file_owner': 'root',
204 'file_group': 'root',
205 'preinstall_cmd': '',
206 'postinstall_cmd': '',
208 'ignore_cmd_errors': False,
209 'always_update': False},
213 'source': 'PlanetLabConf/get_plc_config.php',
214 'dest': '/etc/planetlab/plc_config',
215 'file_permissions': '644',
216 'file_owner': 'root',
217 'file_group': 'root',
218 'preinstall_cmd': '',
219 'postinstall_cmd': '',
221 'ignore_cmd_errors': False,
222 'always_update': False},
224 'source': 'PlanetLabConf/get_plc_config.php?python',
225 'dest': '/etc/planetlab/plc_config.py',
226 'file_permissions': '644',
227 'file_owner': 'root',
228 'file_group': 'root',
229 'preinstall_cmd': '',
230 'postinstall_cmd': '',
232 'ignore_cmd_errors': False,
233 'always_update': False},
235 'source': 'PlanetLabConf/get_plc_config.php?perl',
236 'dest': '/etc/planetlab/plc_config.pl',
237 'file_permissions': '644',
238 'file_owner': 'root',
239 'file_group': 'root',
240 'preinstall_cmd': '',
241 'postinstall_cmd': '',
243 'ignore_cmd_errors': False,
244 'always_update': False},
246 'source': 'PlanetLabConf/get_plc_config.php?php',
247 'dest': '/etc/planetlab/php/plc_config.php',
248 'file_permissions': '644',
249 'file_owner': 'root',
250 'file_group': 'root',
251 'preinstall_cmd': '',
252 'postinstall_cmd': '',
254 'ignore_cmd_errors': False,
255 'always_update': False},
257 # Node Manager configuration
259 'source': 'PlanetLabConf/pl_nm.conf',
260 'dest': '/etc/planetlab/pl_nm.conf',
261 'file_permissions': '644',
262 'file_owner': 'root',
263 'file_group': 'root',
264 'preinstall_cmd': '',
265 'postinstall_cmd': '/etc/init.d/pl_nm restart',
267 'ignore_cmd_errors': False,
268 'always_update': False},
270 'source': 'PlanetLabConf/RootResources/plc_slice_pool.php',
271 'dest': '/home/pl_nm/RootResources/plc_slice_pool',
272 'file_permissions': '644',
273 'file_owner': 'pl_nm',
274 'file_group': 'pl_nm',
275 'preinstall_cmd': '',
276 'postinstall_cmd': '',
278 'ignore_cmd_errors': False,
279 'always_update': False},
281 'source': 'PlanetLabConf/RootResources/pl_conf.py',
282 'dest': '/home/pl_nm/RootResources/pl_conf',
283 'file_permissions': '644',
284 'file_owner': 'pl_nm',
285 'file_group': 'pl_nm',
286 'preinstall_cmd': '',
287 'postinstall_cmd': '/etc/init.d/pl_nm restart',
289 'ignore_cmd_errors': False,
290 'always_update': False},
292 'source': 'PlanetLabConf/RootResources/pl_netflow.py',
293 'dest': '/home/pl_nm/RootResources/pl_netflow',
294 'file_permissions': '644',
295 'file_owner': 'pl_nm',
296 'file_group': 'pl_nm',
297 'preinstall_cmd': '',
298 'postinstall_cmd': '',
300 'ignore_cmd_errors': False,
301 'always_update': False},
303 # Proper configuration
305 'source': 'PlanetLabConf/propd.conf',
306 'dest': '/etc/proper/propd.conf',
307 'file_permissions': '644',
308 'file_owner': 'root',
309 'file_group': 'root',
310 'preinstall_cmd': '',
311 'postinstall_cmd': '/etc/init.d/proper restart',
313 'ignore_cmd_errors': True,
314 'always_update': False},
318 'source': 'PlanetLabConf/bwlimit.php',
319 'dest': '/etc/planetlab/bwcap',
320 'file_permissions': '644',
321 'file_owner': 'root',
322 'file_group': 'root',
323 'preinstall_cmd': '',
324 'postinstall_cmd': '/etc/init.d/pl_nm restart',
326 'ignore_cmd_errors': True,
327 'always_update': False},
331 'source': 'PlanetLabConf/proxies.php',
332 'dest': '/etc/planetlab/proxies',
333 'file_permissions': '644',
334 'file_owner': 'root',
335 'file_group': 'root',
336 'preinstall_cmd': '',
337 'postinstall_cmd': '',
339 'ignore_cmd_errors': False,
340 'always_update': False},
342 # Firewall configuration
344 'source': 'PlanetLabConf/iptables',
345 'dest': '/etc/sysconfig/iptables',
346 'file_permissions': '600',
347 'file_owner': 'root',
348 'file_group': 'root',
349 'preinstall_cmd': '',
350 'postinstall_cmd': '',
352 'ignore_cmd_errors': False,
353 'always_update': False},
355 'source': 'PlanetLabConf/blacklist.php',
356 'dest': '/etc/planetlab/blacklist',
357 'file_permissions': '600',
358 'file_owner': 'root',
359 'file_group': 'root',
360 'preinstall_cmd': '',
361 'postinstall_cmd': '/sbin/iptables-restore --noflush < /etc/planetlab/blacklist',
363 'ignore_cmd_errors': True,
364 'always_update': True},
368 'source': 'PlanetLabConf/issue.php',
369 'dest': '/etc/issue',
370 'file_permissions': '644',
371 'file_owner': 'root',
372 'file_group': 'root',
373 'preinstall_cmd': '',
374 'postinstall_cmd': '',
376 'ignore_cmd_errors': False,
377 'always_update': False},
381 'source': 'PlanetLabConf/sysctl.php',
382 'dest': '/etc/sysctl.conf',
383 'file_permissions': '644',
384 'file_owner': 'root',
385 'file_group': 'root',
386 'preinstall_cmd': '',
387 'postinstall_cmd': '/sbin/sysctl -e -p /etc/sysctl.conf',
389 'ignore_cmd_errors': False,
390 'always_update': True},
392 # Sendmail configuration
394 'source': 'PlanetLabConf/sendmail.mc',
395 'dest': '/etc/mail/sendmail.mc',
396 'file_permissions': '644',
397 'file_owner': 'root',
398 'file_group': 'root',
399 'preinstall_cmd': '',
400 'postinstall_cmd': '',
402 'ignore_cmd_errors': False,
403 'always_update': False},
405 'source': 'PlanetLabConf/sendmail.cf',
406 'dest': '/etc/mail/sendmail.cf',
407 'file_permissions': '644',
408 'file_owner': 'root',
409 'file_group': 'root',
410 'preinstall_cmd': '',
411 'postinstall_cmd': 'service sendmail restart',
413 'ignore_cmd_errors': False,
414 'always_update': False},
418 'source': 'PlanetLabConf/RPM-GPG-KEY-fedora',
419 'dest': '/etc/pki/rpm-gpg/RPM-GPG-KEY-fedora',
420 'file_permissions': '644',
421 'file_owner': 'root',
422 'file_group': 'root',
423 'preinstall_cmd': '',
424 'postinstall_cmd': 'rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY-fedora',
426 'ignore_cmd_errors': False,
427 'always_update': False},
429 'source': 'PlanetLabConf/get_gpg_key.php',
430 'dest': '/etc/pki/rpm-gpg/RPM-GPG-KEY-planetlab',
431 'file_permissions': '644',
432 'file_owner': 'root',
433 'file_group': 'root',
434 'preinstall_cmd': '',
435 'postinstall_cmd': 'rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY-planetlab',
437 'ignore_cmd_errors': False,
438 'always_update': False},
440 # Ping of death configuration
442 'source': 'PlanetLabConf/ipod.conf.php',
443 'dest': '/etc/ipod.conf',
444 'file_permissions': '644',
445 'file_owner': 'root',
446 'file_group': 'root',
447 'preinstall_cmd': '',
448 'postinstall_cmd': '',
450 'ignore_cmd_errors': False,
451 'always_update': False},
455 'source': 'PlanetLabConf/sudoers',
456 'dest': '/etc/sudoers',
457 'file_permissions': '440',
458 'file_owner': 'root',
459 'file_group': 'root',
460 'preinstall_cmd': '',
461 'postinstall_cmd': '/usr/sbin/visudo -c',
463 'ignore_cmd_errors': False,
464 'always_update': False}
467 # Get list of existing (enabled, global) files
468 conf_files = GetConfFiles()
469 conf_files = filter(lambda conf_file: conf_file['enabled'] and \
470 not conf_file['node_ids'] and \
471 not conf_file['nodegroup_ids'],
473 dests = [conf_file['dest'] for conf_file in conf_files]
474 conf_files = dict(zip(dests, conf_files))
476 # Create/update default PlanetLabConf entries
477 for default_conf_file in default_conf_files:
478 if default_conf_file['dest'] not in dests:
479 AddConfFile(default_conf_file)
481 conf_file = conf_files[default_conf_file['dest']]
482 UpdateConfFile(conf_file['conf_file_id'], default_conf_file)
484 # Setup default slice attribute types
485 default_attribute_types = [
486 # Slice type (only vserver is supported)
487 {'name': "plc_slice_type",
488 'description': "Type of slice rspec to be created",
491 # Slice initialization script
492 {'name': "initscript",
493 'description': "slice initialization script",
496 # CPU share (general_prop_share is deprecated)
497 {'name': "general_prop_share",
498 'description': "general share",
500 {'name': "nm_cpu_share",
501 'description': "Number of CPU shares to be allocated to slice",
505 {'name': "nm_net_min_rate",
506 'description': "Minimum network Tx bandwidth (bps)",
508 {'name': "nm_net_max_rate",
509 'description': "Maximum network Tx bandwidth (bps)",
511 {'name': "nm_net_avg_rate",
512 'description': "Average daily network Tx bandwidth (bps)",
514 {'name': "nm_net_exempt_min_rate",
515 'description': "Minimum network Tx bandwidth to Internet2 destinations (bps)",
517 {'name': "nm_net_exempt_max_rate",
518 'description': "Maximum network Tx bandwidth to Internet2 destinations (bps)",
520 {'name': "nm_net_exempt avg_rate",
521 'description': "Average daily network Tx bandwidth to Internet2 destinations (bps)",
525 {'name': "nm_disk_quota",
526 'description': "Disk quota (1k disk blocks)",
529 # Special attributes applicable to Slice Creation Service (pl_conf) slice
530 {'name': "plc_agent_version",
531 'description': "Version of PLC agent (slice creation service) software to be deployed",
533 {'name': "plc_ticket_pubkey",
534 'description': "Public key used to verify PLC-signed tickets",
538 # Get list of existing attribute types
539 attribute_types = GetSliceAttributeTypes()
540 attribute_types = [attribute_type['name'] for attribute_type in attribute_types]
542 # Create/update default slice attribute types
543 for default_attribute_type in default_attribute_types:
544 if default_attribute_type['name'] not in attribute_types:
545 AddSliceAttributeType(default_attribute_type)
547 UpdateSliceAttributeType(default_attribute_type['name'], default_attribute_type)
549 # Get contents of SSL public certificate used for signing slice tickets
551 plc_ticket_pubkey = ""
552 for line in file(plc_ma_sa['ca_ssl_key_pub']):
554 if line[0:5] != "-----":
555 # XXX The embedded newlines matter, do not strip()!
556 plc_ticket_pubkey += line
558 plc_ticket_pubkey = '%KEY%'
560 # Create/update system slices
563 'description': "PlanetLab Slice Creation Service (SCS)",
565 'instantiation': "plc-instantiated",
567 'expires': sys.maxint,
568 'attributes': {'plc_slice_type': "VServerSlice",
569 'plc_agent_version': "1.0",
570 'plc_ticket_pubkey': plc_ticket_pubkey}},
571 {'name': "pl_conf_vserverslice",
572 'description': "Default attributes for vserver slices",
574 'instantiation': "plc-instantiated",
576 'expires': sys.maxint,
577 'attributes': {'nm_cpu_share': "32",
578 'plc_slice_type': "VServerSlice",
579 'nm_disk_quota': "5000000"}}]
581 for default_slice in default_slices:
582 slices = GetSlices([default_slice['name']])
585 UpdateSlice(slice['slice_id'], default_slice)
587 AddSlice(default_slice)
588 slice = GetSlices([default_slice['name']])[0]
590 # Create/update all attributes
591 slice_attributes = {}
592 if slice['slice_attribute_ids']:
593 for slice_attribute in GetSliceAttributes(slice['slice_attribute_ids']):
594 slice_attributes[slice_attribute['name']] = slice_attribute
596 for name, value in default_slice['attributes'].iteritems():
597 if name not in slice_attributes:
598 AddSliceAttribute(slice['name'], name, value)
600 UpdateSliceAttribute(slice_attributes[name]['slice_attribute_id'], value)
602 if __name__ == '__main__':
git://git.onelab.eu / myplc.git / blob