# Mark Huang <mlhuang@cs.princeton.edu>
# Copyright (C) 2006 The Trustees of Princeton University
#
-# $Id: db-config,v 1.3 2006/11/06 22:03:05 mlhuang Exp $
+# $Id: db-config,v 1.12 2006/12/12 16:33:45 thierry Exp $
#
from plc_config import PLCConfiguration
site = { 'site_id': 1,
'name': plc['name'] + " Central",
'abbreviated_name': plc['name'],
- # XXX Default site slice_prefix/login_base must be "pl_"
- # 'login_base': plc['slice_prefix'],
- 'login_base': "pl",
+ 'login_base': plc['slice_prefix'],
'is_public': False,
'url': url,
'max_slices': 100 }
site['name']
sites = [site]
- # Must call AdmUpdateSite() even after AdmAddSite() to update max_slices
+ # Must call UpdateSite() even after AddSite() to update max_slices
site_id = sites[0]['site_id']
- # XXX login_base cannot be updated
- del site['login_base']
UpdateSite(site_id, site)
# The default administrator account must be associated with a site
'file_owner': 'root',
'file_group': 'root',
'preinstall_cmd': '',
- 'postinstall_cmd': '',
+ 'postinstall_cmd': '/bin/chmod 700 /root/.ssh',
'error_cmd': '',
'ignore_cmd_errors': False,
'always_update': False},
'file_owner': 'site_admin',
'file_group': 'site_admin',
'preinstall_cmd': 'grep -q site_admin /etc/passwd',
- 'postinstall_cmd': '',
+ 'postinstall_cmd': '/bin/chmod 700 /home/site_admin/.ssh',
'error_cmd': '',
'ignore_cmd_errors': False,
'always_update': False},
'file_owner': 'pl_admin',
'file_group': 'pl_admin',
'preinstall_cmd': 'grep -q pl_admin /etc/passwd',
- 'postinstall_cmd': '',
+ 'postinstall_cmd': '/bin/chmod 700 /home/pl_admin/.ssh',
'error_cmd': '',
'ignore_cmd_errors': False,
'always_update': False},
'ignore_cmd_errors': False,
'always_update': False},
+ # XXX Required for old Node Manager
# Node Manager configuration
{'enabled': True,
'source': 'PlanetLabConf/pl_nm.conf',
'ignore_cmd_errors': False,
'always_update': False},
+ # XXX Required for old Node Manager
# Proper configuration
{'enabled': True,
'source': 'PlanetLabConf/propd.conf',
'ignore_cmd_errors': True,
'always_update': False},
+ # XXX Required for old Node Manager
# Bandwidth cap
{'enabled': True,
'source': 'PlanetLabConf/bwlimit.php',
'postinstall_cmd': '/sbin/iptables-restore --noflush < /etc/planetlab/blacklist',
'error_cmd': '',
'ignore_cmd_errors': True,
- 'always_update': True},
+ 'always_update': False},
# /etc/issue
{'enabled': True,
'postinstall_cmd': '/sbin/sysctl -e -p /etc/sysctl.conf',
'error_cmd': '',
'ignore_cmd_errors': False,
- 'always_update': True},
+ 'always_update': False},
# Sendmail configuration
{'enabled': True,
# Setup default slice attribute types
default_attribute_types = [
# Slice type (only vserver is supported)
- {'name': "plc_slice_type",
- 'description': "Type of slice rspec to be created",
+ {'name': "type",
+ 'description': "Type of slice (e.g. vserver)",
'min_role_id': 20},
+ # System slice
+ {'name': "system",
+ 'description': "Is a default system slice (1) or not (0 or unset)",
+ 'min_role_id': 10},
+
+ # Slice enabled (1) or suspended (0)
+ {'name': "enabled",
+ 'description': "Slice enabled (1 or unset) or suspended (0)",
+ 'min_role_id': 10},
+
+ # Slice reference image
+ {'name': "vref",
+ 'description': "Reference image",
+ 'min_role_id': 30},
+
# Slice initialization script
{'name': "initscript",
- 'description': "slice initialization script",
+ 'description': "Slice initialization script",
'min_role_id': 10},
- # CPU share (general_prop_share is deprecated)
- {'name': "general_prop_share",
- 'description': "general share",
+ # CPU share
+ {'name': "cpu_min",
+ 'description': "Minimum CPU share (ms/s)",
'min_role_id': 10},
- {'name': "nm_cpu_share",
- 'description': "Number of CPU shares to be allocated to slice",
+ {'name': "cpu_share",
+ 'description': "Number of CPU shares",
'min_role_id': 10},
# Bandwidth limits
- {'name': "nm_net_min_rate",
- 'description': "Minimum network Tx bandwidth (bps)",
+ {'name': "net_min",
+ 'description': "Minimum bandwidth (bps)",
+ 'min_role_id': 10},
+ {'name': "net_max",
+ 'description': "Maximum bandwidth (bps)",
'min_role_id': 10},
- {'name': "nm_net_max_rate",
- 'description': "Maximum network Tx bandwidth (bps)",
+ {'name': "net_avg",
+ 'description': "Average bandwidth (bps)",
'min_role_id': 10},
- {'name': "nm_net_avg_rate",
- 'description': "Average daily network Tx bandwidth (bps)",
+ {'name': "net_share",
+ 'description': "Number of bandwidth shares",
'min_role_id': 10},
- {'name': "nm_net_exempt_min_rate",
- 'description': "Minimum network Tx bandwidth to Internet2 destinations (bps)",
+ {'name': "net2_min",
+ 'description': "Minimum bandwidth over routes exempt from node bandwidth limits (bps)",
'min_role_id': 10},
- {'name': "nm_net_exempt_max_rate",
- 'description': "Maximum network Tx bandwidth to Internet2 destinations (bps)",
+ {'name': "net2_max",
+ 'description': "Maximum bandwidth over routes exempt from node bandwidth limits (bps)",
'min_role_id': 10},
- {'name': "nm_net_exempt avg_rate",
- 'description': "Average daily network Tx bandwidth to Internet2 destinations (bps)",
+ {'name': "net2_avg",
+ 'description': "Average bandwidth over routes exempt from node bandwidth limits (bps)",
+ 'min_role_id': 10},
+ {'name': "net2_share",
+ 'description': "Number of bandwidth shares over routes exempt from node bandwidth limits",
'min_role_id': 10},
# Disk quota
- {'name': "nm_disk_quota",
+ {'name': "disk_max",
'description': "Disk quota (1k disk blocks)",
'min_role_id': 10},
+ # Proper operations
+ {'name': "proper_op",
+ 'description': "Proper operation (e.g. bind_socket)",
+ 'min_role_id': 10},
+
+ # XXX Required for old Node Manager
# Special attributes applicable to Slice Creation Service (pl_conf) slice
+ {'name': "plc_slice_type",
+ 'description': "Type of slice rspec to be created",
+ 'min_role_id': 20},
{'name': "plc_agent_version",
'description': "Version of PLC agent (slice creation service) software to be deployed",
'min_role_id': 10},
plc_ticket_pubkey = '%KEY%'
# Create/update system slices
- default_slices = [
+ legacy_slices = [
+ # XXX Required for old Node Manager
{'name': "pl_conf",
'description': "PlanetLab Slice Creation Service (SCS)",
'url': url,
'instantiation': "plc-instantiated",
# Renew forever
'expires': sys.maxint,
- 'attributes': {'plc_slice_type': "VServerSlice",
- 'plc_agent_version': "1.0",
- 'plc_ticket_pubkey': plc_ticket_pubkey}},
+ 'attributes': [('plc_slice_type', "VServerSlice"),
+ ('plc_agent_version', "1.0"),
+ ('plc_ticket_pubkey', plc_ticket_pubkey)]},
+
+ # XXX Required for old Node Manager
{'name': "pl_conf_vserverslice",
'description': "Default attributes for vserver slices",
'url': url,
'instantiation': "plc-instantiated",
# Renew forever
'expires': sys.maxint,
- 'attributes': {'nm_cpu_share': "32",
- 'plc_slice_type': "VServerSlice",
- 'nm_disk_quota': "5000000"}}]
-
+ 'attributes': [('cpu_share', "32"),
+ ('plc_slice_type', "VServerSlice"),
+ ('disk_max', "5000000")]},
+ ]
+ default_slices = [
+ # PlanetFlow
+ {'name': plc['slice_prefix'] + "_netflow",
+ 'description': "PlanetFlow Traffic Auditing Service",
+ 'url': url,
+ 'instantiation': "plc-instantiated",
+ # Renew forever
+ 'expires': sys.maxint,
+ 'attributes': [('system', "1"),
+ ('vref', "planetflow"),
+ ('proper_op', "open file=/etc/passwd, flags=r"),
+ ('proper_op', "create_socket"),
+ ('proper_op', "bind_socket")]},
+ ]
+
+ ### xxx - to review once new node manager rolls out
+ # if PLC_SLICE_PREFIX is left to default - this is meant for the public PL only
+ if plc['slice_prefix'] == 'pl':
+ # create both legacy slices together with netflow through default_slices
+ default_slices += legacy_slices
+ else:
+ # we use another slice prefix : disable legacy slices if already created
+ for legacy_slice in legacy_slices:
+ try:
+ DeleteSlice(legacy_slice['name'])
+ except:
+ pass
+
for default_slice in default_slices:
slices = GetSlices([default_slice['name']])
if slices:
slice = GetSlices([default_slice['name']])[0]
# Create/update all attributes
- slice_attributes = {}
+ slice_attributes = []
if slice['slice_attribute_ids']:
+ # Delete unknown attributes
for slice_attribute in GetSliceAttributes(slice['slice_attribute_ids']):
- slice_attributes[slice_attribute['name']] = slice_attribute
-
- for name, value in default_slice['attributes'].iteritems():
- if name not in slice_attributes:
+ if (slice_attribute['name'], slice_attribute['value']) \
+ not in default_slice['attributes']:
+ DeleteSliceAttribute(slice_attribute['slice_attribute_id'])
+ else:
+ slice_attributes.append((slice_attribute['name'], slice_attribute['value']))
+
+ for (name, value) in default_slice['attributes']:
+ if (name, value) not in slice_attributes:
AddSliceAttribute(slice['name'], name, value)
- else:
- UpdateSliceAttribute(slice_attributes[name]['slice_attribute_id'], value)
+
+ # Load default email templates
+ email_templates = [
+ {'message_id': 'JOIN_REQUEST_APPROVED',
+ 'subject': "Your request to join PlanetLab has been approved",
+ 'template': """
+ Your request to join PlanetLab has been approved!
+
+ At this point PI and tech contact accounts have been created
+ and enabled. You will not be able to create slices until at
+ least one node is up and running correctly. To use these
+ accounts, you must first reset your password to obtain a
+ new one. Once logged in, please change your password.
+
+ Instructions for setting up your nodes can be found at:
+ http://%s/consortium/setup_procedure.php
+
+ Please direct any questions to PlanetLab Support, thank you!
+
+ %s
+ http://%s
+ """
+ },
+ {'message_id': 'JOIN_REQUEST_APPROVED_PL',
+ 'subject': "The join request for %s has been approved",
+ 'template':"""
+ The join request for %s has been approved.
+
+ To view the details of this site, visit:
+ https://%s/db/sites/detail.php?site_id=%d
+ """
+ },
+ {'message_id': 'ACCOUNT_REGISTERED',
+ 'subject': "New account registration from %s at %s",
+ 'template': """
+ %s has signed up for a new PlanetLab account at %s, but
+ has not yet been enabled. The following roles have been
+ requested:%s
+
+ If this account includes a PI role, we require an email from
+ the current PI at that site indicating this is acceptable.
+ If this account includes Admin role, another PlanetLab administrator
+ will have to enable the account. For User and Tech roles, any site PI
+ can enable the account.
+
+ If this account is registered at a site that does not have a PI,
+ this email is also being sent to PlanetLab support for further
+ followup.
+
+ To view details and enable this account, visit:
+ https://%s/db/accounts/detail.php?person_id=%s
+
+ %s
+ http://%s
+ """
+ },
+ {'message_id': 'PASSWORD_RESET_INITIATE',
+ 'subject': "PlanetLab password reset",
+ 'template': """
+ Someone initiated a password reset on your PlanetLab account. If this
+ was you, you may continue with the reset, by visiting:
+
+ https://%s/db/login/reset_passwd.php?key=%s&id=%s
+
+ If this was not you, please contact PlanetLab support about this
+ request. Please do not share the above link with anyone, as it can be
+ used to gain access to your account. If responding to support, delete
+ the link before sending. Thank you.
+
+ %s
+ http://%s
+ """
+ }
+ ]
+
+ for template in email_templates:
+ messages = GetMessages([template['message_id']])
+ if not messages:
+ AddMessage(template)
+
if __name__ == '__main__':
main()
+
+# Local variables:
+# tab-width: 4
+# mode: python
+# End:
git://git.onelab.eu / myplc.git / blobdiff