# Mark Huang <mlhuang@cs.princeton.edu>
# Copyright (C) 2006 The Trustees of Princeton University
#
-# $Id: db-config,v 1.4 2006/11/08 23:34:28 mlhuang Exp $
+# $Id: db-config,v 1.21 2007/02/02 19:56:21 mlhuang Exp $
#
from plc_config import PLCConfiguration
'file_owner': 'root',
'file_group': 'root',
'preinstall_cmd': '',
- 'postinstall_cmd': '',
+ 'postinstall_cmd': '/bin/chmod 700 /root/.ssh',
'error_cmd': '',
'ignore_cmd_errors': False,
'always_update': False},
'file_owner': 'site_admin',
'file_group': 'site_admin',
'preinstall_cmd': 'grep -q site_admin /etc/passwd',
- 'postinstall_cmd': '',
+ 'postinstall_cmd': '/bin/chmod 700 /home/site_admin/.ssh',
'error_cmd': '',
'ignore_cmd_errors': False,
'always_update': False},
'file_owner': 'pl_admin',
'file_group': 'pl_admin',
'preinstall_cmd': 'grep -q pl_admin /etc/passwd',
- 'postinstall_cmd': '',
+ 'postinstall_cmd': '/bin/chmod 700 /home/pl_admin/.ssh',
'error_cmd': '',
'ignore_cmd_errors': False,
'always_update': False},
'ignore_cmd_errors': False,
'always_update': False},
+ # XXX Required for old Node Manager
+ # Node Manager configuration
+ {'enabled': True,
+ 'source': 'PlanetLabConf/pl_nm.conf',
+ 'dest': '/etc/planetlab/pl_nm.conf',
+ 'file_permissions': '644',
+ 'file_owner': 'root',
+ 'file_group': 'root',
+ 'preinstall_cmd': '',
+ 'postinstall_cmd': '/etc/init.d/pl_nm restart',
+ 'error_cmd': '',
+ 'ignore_cmd_errors': False,
+ 'always_update': False},
+ {'enabled': True,
+ 'source': 'PlanetLabConf/RootResources/plc_slice_pool.php',
+ 'dest': '/home/pl_nm/RootResources/plc_slice_pool',
+ 'file_permissions': '644',
+ 'file_owner': 'pl_nm',
+ 'file_group': 'pl_nm',
+ 'preinstall_cmd': '',
+ 'postinstall_cmd': '',
+ 'error_cmd': '',
+ 'ignore_cmd_errors': False,
+ 'always_update': False},
+ {'enabled': True,
+ 'source': 'PlanetLabConf/RootResources/pl_conf.py',
+ 'dest': '/home/pl_nm/RootResources/pl_conf',
+ 'file_permissions': '644',
+ 'file_owner': 'pl_nm',
+ 'file_group': 'pl_nm',
+ 'preinstall_cmd': '',
+ 'postinstall_cmd': '/etc/init.d/pl_nm restart',
+ 'error_cmd': '',
+ 'ignore_cmd_errors': False,
+ 'always_update': False},
+ {'enabled': True,
+ 'source': 'PlanetLabConf/RootResources/pl_netflow.py',
+ 'dest': '/home/pl_nm/RootResources/pl_netflow',
+ 'file_permissions': '644',
+ 'file_owner': 'pl_nm',
+ 'file_group': 'pl_nm',
+ 'preinstall_cmd': '',
+ 'postinstall_cmd': '',
+ 'error_cmd': '',
+ 'ignore_cmd_errors': False,
+ 'always_update': False},
+
+ # XXX Required for old Node Manager
# Proper configuration
{'enabled': True,
'source': 'PlanetLabConf/propd.conf',
'ignore_cmd_errors': True,
'always_update': False},
+ # XXX Required for old Node Manager
+ # Bandwidth cap
+ {'enabled': True,
+ 'source': 'PlanetLabConf/bwlimit.php',
+ 'dest': '/etc/planetlab/bwcap',
+ 'file_permissions': '644',
+ 'file_owner': 'root',
+ 'file_group': 'root',
+ 'preinstall_cmd': '',
+ 'postinstall_cmd': '/etc/init.d/pl_nm restart',
+ 'error_cmd': '',
+ 'ignore_cmd_errors': True,
+ 'always_update': False},
+
# Proxy ARP setup
{'enabled': True,
'source': 'PlanetLabConf/proxies.php',
'postinstall_cmd': '/sbin/iptables-restore --noflush < /etc/planetlab/blacklist',
'error_cmd': '',
'ignore_cmd_errors': True,
- 'always_update': True},
+ 'always_update': False},
# /etc/issue
{'enabled': True,
'postinstall_cmd': '/sbin/sysctl -e -p /etc/sysctl.conf',
'error_cmd': '',
'ignore_cmd_errors': False,
- 'always_update': True},
+ 'always_update': False},
# Sendmail configuration
{'enabled': True,
'description': "Type of slice (e.g. vserver)",
'min_role_id': 20},
+ # System slice
+ {'name': "system",
+ 'description': "Is a default system slice (1) or not (0 or unset)",
+ 'min_role_id': 10},
+
# Slice enabled (1) or suspended (0)
{'name': "enabled",
- 'description': "Slice enabled (1) or suspended (0)",
+ 'description': "Slice enabled (1 or unset) or suspended (0)",
'min_role_id': 10},
# Slice reference image
'min_role_id': 10},
# Bandwidth limits
- {'name': "net_min",
- 'description': "Minimum bandwidth (bps)",
+ {'name': "net_min_rate",
+ 'description': "Minimum bandwidth (kbps)",
'min_role_id': 10},
- {'name': "net_max",
- 'description': "Maximum bandwidth (bps)",
+ {'name': "net_max_rate",
+ 'description': "Maximum bandwidth (kbps)",
'min_role_id': 10},
- {'name': "net_avg",
- 'description': "Average bandwidth (bps)",
+ {'name': "net_i2_min_rate",
+ 'description': "Minimum bandwidth over I2 routes (kbps)",
'min_role_id': 10},
- {'name': "net_share",
- 'description': "Number of bandwidth shares",
+ {'name': "net_i2_max_rate",
+ 'description': "Maximum bandwidth over I2 routes (kbps)",
'min_role_id': 10},
- {'name': "net2_min",
- 'description': "Minimum bandwidth over routes exempt from node bandwidth limits (bps)",
+ {'name': "net_max_kbyte",
+ 'description': "Maximum daily network Tx KByte limit.",
'min_role_id': 10},
- {'name': "net2_max",
- 'description': "Maximum bandwidth over routes exempt from node bandwidth limits (bps)",
+ {'name': "net_thresh_kbyte",
+ 'description': "KByte limit before warning and throttling.",
'min_role_id': 10},
- {'name': "net2_avg",
- 'description': "Average bandwidth over routes exempt from node bandwidth limits (bps)",
+ {'name': "net_i2_max_kbyte",
+ 'description': "Maximum daily network Tx KByte limit to I2 hosts.",
'min_role_id': 10},
- {'name': "net2_share",
- 'description': "Number of bandwidth shares over routes exempt from node bandwidth limits",
+ {'name': "net_i2_thresh_kbyte",
+ 'description': "KByte limit to I2 hosts before warning and throttling.",
'min_role_id': 10},
-
+ {'name': "net_share",
+ 'description': "Number of bandwidth shares",
+ 'min_role_id': 10},
+ {'name': "net_i2_share",
+ 'description': "Number of bandwidth shares over I2 routes",
+ 'min_role_id': 10},
+
# Disk quota
{'name': "disk_max",
- 'description': "Disk quota (bytes)",
+ 'description': "Disk quota (1k disk blocks)",
+ 'min_role_id': 10},
+
+ # Proper operations
+ {'name': "proper_op",
+ 'description': "Proper operation (e.g. bind_socket)",
'min_role_id': 10},
+
+ # XXX Required for old Node Manager
+ # Special attributes applicable to Slice Creation Service (pl_conf) slice
+ {'name': "plc_slice_type",
+ 'description': "Type of slice rspec to be created",
+ 'min_role_id': 20},
+ {'name': "plc_agent_version",
+ 'description': "Version of PLC agent (slice creation service) software to be deployed",
+ 'min_role_id': 10},
+ {'name': "plc_ticket_pubkey",
+ 'description': "Public key used to verify PLC-signed tickets",
+ 'min_role_id': 10}
]
# Get list of existing attribute types
UpdateSliceAttributeType(default_attribute_type['name'], default_attribute_type)
# Create/update system slices
+ legacy_slices = [
+ # XXX Required for old Node Manager
+ {'name': "pl_conf",
+ 'description': "PlanetLab Slice Creation Service (SCS)",
+ 'url': url,
+ 'instantiation': "plc-instantiated",
+ # Renew forever
+ 'expires': sys.maxint,
+ 'attributes': [('plc_slice_type', "VServerSlice"),
+ ('plc_agent_version', "1.0"),
+ ('plc_ticket_pubkey', "")]},
+
+ # XXX Required for old Node Manager
+ {'name': "pl_conf_vserverslice",
+ 'description': "Default attributes for vserver slices",
+ 'url': url,
+ 'instantiation': "plc-instantiated",
+ # Renew forever
+ 'expires': sys.maxint,
+ 'attributes': [('cpu_share', "32"),
+ ('plc_slice_type', "VServerSlice"),
+ ('disk_max', "5000000")]},
+ ]
default_slices = [
+ # PlanetFlow
{'name': plc['slice_prefix'] + "_netflow",
'description': "PlanetFlow Traffic Auditing Service",
+ 'url': url,
'instantiation': "plc-instantiated",
# Renew forever
'expires': sys.maxint,
- 'attributes': {'reference': "planetflow"}},
+ 'attributes': [('system', "1"),
+ ('vref', "planetflow"),
+ ('proper_op', "open file=/etc/passwd, flags=r"),
+ ('proper_op', "create_socket"),
+ ('proper_op', "bind_socket")]},
]
-
+
+ ### xxx - to review once new node manager rolls out
+ # if PLC_SLICE_PREFIX is left to default - this is meant for the public PL only
+ if plc['slice_prefix'] == 'pl':
+ # create both legacy slices together with netflow through default_slices
+ default_slices += legacy_slices
+ else:
+ # we use another slice prefix : disable legacy slices if already created
+ for legacy_slice in legacy_slices:
+ try:
+ DeleteSlice(legacy_slice['name'])
+ except:
+ pass
+
for default_slice in default_slices:
slices = GetSlices([default_slice['name']])
if slices:
slice = GetSlices([default_slice['name']])[0]
# Create/update all attributes
- slice_attributes = {}
+ slice_attributes = []
if slice['slice_attribute_ids']:
+ # Delete unknown attributes
for slice_attribute in GetSliceAttributes(slice['slice_attribute_ids']):
- slice_attributes[slice_attribute['name']] = slice_attribute
-
- for name, value in default_slice['attributes'].iteritems():
- if name not in slice_attributes:
+ if (slice_attribute['name'], slice_attribute['value']) \
+ not in default_slice['attributes']:
+ DeleteSliceAttribute(slice_attribute['slice_attribute_id'])
+ else:
+ slice_attributes.append((slice_attribute['name'], slice_attribute['value']))
+
+ for (name, value) in default_slice['attributes']:
+ if (name, value) not in slice_attributes:
AddSliceAttribute(slice['name'], name, value)
- else:
- UpdateSliceAttribute(slice_attributes[name]['slice_attribute_id'], value)
+
+ installfailed = """
+Once the node meets these requirements, please reinitiate the install
+by visiting:
+
+https://%(PLC_WWW_HOST)s:%(PLC_WWW_SSL_PORT)d/db/nodes/?id=%(node_id)d
+
+Click the Reinstall link, then reboot the node.
+
+If you have already performed this step and are still receiving this
+message, please reply so that we may investigate the problem.
+"""
+
+ # Load default message templates
+ message_templates = [
+ {'message_id': 'Verify account',
+ 'subject': "Verify account registration",
+ 'template': """
+Please verify that you registered for a %(PLC_NAME)s account with the
+username %(email)s by visiting:
+
+https://%(PLC_WWW_HOST)s:%(PLC_WWW_SSL_PORT)d/db/persons/register.php?id=%(person_id)d&key=%(verification_key)s
+
+If you did not register for a %(PLC_NAME)s account, please ignore this
+message, or contact %(PLC_NAME)s Support <%(PLC_MAIL_SUPPORT_ADDRESS)s>.
+"""
+ },
+
+ {'message_id': 'New PI account',
+ 'subject': "New PI account registration from %(first_name)s %(last_name)s <%(email)s> at %(site_name)s",
+ 'template': """
+%(first_name)s %(last_name)s <%(email)s> has signed up for a new
+%(PLC_NAME)s account at %(site_name)s and has requested a PI role. PIs
+are responsible for enabling user accounts, creating slices, and
+ensuring that all users abide by the %(PLC_NAME)s Acceptable Use
+Policy.
+
+Only %(PLC_NAME)s administrators may enable new PI accounts. If you
+are a PI at %(site_name)s, please respond and indicate whether this
+registration is acceptable.
+
+To view the request, visit:
+
+https://%(PLC_WWW_HOST)s:%(PLC_WWW_SSL_PORT)d/db/persons/index.php?id=%(person_id)d
+"""
+ },
+
+ {'message_id': 'New account',
+ 'subject': "New account registration from %(first_name)s %(last_name)s <%(email)s> at %(site_name)s",
+ 'template': """
+%(first_name)s %(last_name)s <%(email)s> has signed up for a new
+%(PLC_NAME)s account at %(site_name)s and has requested the following
+roles: %(roles)s.
+
+To deny the request or enable the account, visit:
+
+https://%(PLC_WWW_HOST)s:%(PLC_WWW_SSL_PORT)d/db/persons/index.php?id=%(person_id)d
+"""
+ },
+
+ {'message_id': 'Password reset requested',
+ 'subject': "Password reset requested",
+ 'template': """
+Someone has requested that the password of your %(PLC_NAME)s account
+%(email)s be reset. If this person was you, you may continue with the
+reset by visiting:
+
+https://%(PLC_WWW_HOST)s:%(PLC_WWW_SSL_PORT)d/db/persons/reset_password.php?id=%(person_id)d&key=%(verification_key)s
+
+If you did not request that your password be reset, please contact
+%(PLC_NAME)s Support <%(PLC_MAIL_SUPPORT_ADDRESS)s>. Do not quote or
+otherwise include any of this text in any correspondence.
+"""
+ },
+
+ {'message_id': 'Password reset',
+ 'subject': "Password reset",
+ 'template': """
+The password of your %(PLC_NAME)s account %(email)s has been
+temporarily reset to:
+
+%(password)s
+
+Please change it at as soon as possible by visiting:
+
+https://%(PLC_WWW_HOST)s:%(PLC_WWW_SSL_PORT)d/db/persons/index.php?id=%(person_id)d
+
+If you did not request that your password be reset, please contact
+%(PLC_NAME)s Support <%(PLC_MAIL_SUPPORT_ADDRESS)s>. Do not quote or
+otherwise include any of this text in any correspondence.
+"""
+ },
+
+ # Boot Manager messages
+ {'message_id': "installfinished",
+ 'subject': "%(hostname)s completed installation",
+ 'template': """
+%(hostname)s just completed installation.
+
+The node should be usable in a couple of minutes if installation was
+successful.
+"""
+ },
+
+ {'message_id': "insufficientdisk",
+ 'subject': "%(hostname)s does not have sufficient disk space",
+ 'template': """
+%(hostname)s failed to boot because it does not have sufficent disk
+space, or because its disk controller was not recognized.
+
+Please replace the current disk or disk controller or install
+additional disks to meet the current hardware requirements.
+""" + installfailed
+ },
+
+ {'message_id': "insufficientmemory",
+ 'subject': "%(hostname)s does not have sufficient memory",
+ 'template': """
+%(hostname)s failed to boot because it does not have sufficent
+memory.
+
+Please install additional memory to meet the current hardware
+requirements.
+""" + installfailed
+ },
+
+ {'message_id': "authfail",
+ 'subject': "%(hostname)s failed to authenticate",
+ 'template':
+"""
+%(hostname)s failed to authenticate for the following reason:
+
+%(fault)s
+
+The most common reason for authentication failure is that the
+authentication key stored in the node configuration file, does not
+match the key on record. Regenerate the node configuration file by
+visiting:
+
+https://%(PLC_WWW_HOST)s:%(PLC_WWW_SSL_PORT)d/db/nodes/?id=%(node_id)d
+
+Click the Configuration File link, and save the downloaded file as
+plnode.txt on either a floppy disk or a USB flash drive. Click the
+Boot link, then reboot the node.
+
+If you have already performed this step and are still receiving this
+message, please reply so that we may investigate the problem.
+"""
+ },
+
+ {'message_id': "notinstalled",
+ 'subject': "%(hostname)s is not installed",
+ 'template':
+"""
+%(hostname)s failed to boot because it has either never been
+installed, or the installation is corrupt.
+
+Please check if the hard drive has failed, and replace it if so. After
+doing so, visit:
+
+https://%(PLC_WWW_HOST)s:%(PLC_WWW_SSL_PORT)d/db/nodes/?id=%(node_id)d
+
+Click the Reinstall link, then reboot the node.
+
+If you have already performed this step and are still receiving this
+message, please reply so that we may investigate the problem.
+"""
+ },
+
+ {'message_id': "hostnamenotresolve",
+ 'subject': "%(hostname)s does not resolve",
+ 'template':
+"""
+%(hostname)s failed to boot because its hostname does not resolve, or
+does resolve but does not match its configured IP address.
+
+Please check the network settings for the node, especially its
+hostname, IP address, and DNS servers, by visiting:
+
+https://%(PLC_WWW_HOST)s:%(PLC_WWW_SSL_PORT)d/db/nodes/?id=%(node_id)d
+
+Correct any errors, click the Reinstall link, then reboot the node.
+
+If you have already performed this step and are still receiving this
+message, please reply so that we may investigate the problem.
+"""
+ },
+
+ # XXX N.B. I don't think these are necessary, since there's no
+ # way that the Boot Manager would even be able to contact the
+ # API to send these messages.
+
+ {'message_id': "noconfig",
+ 'subject': "%(hostname)s does not have a configuration file",
+ 'template': """
+%(hostname)s failed to boot because it could not find a PlanetLab
+configuration file. To create this file, visit:
+
+https://%(PLC_WWW_HOST)s:%(PLC_WWW_SSL_PORT)d/db/nodes/?id=%(node_id)d
+
+Click the Configuration File link, and save the downloaded file as
+plnode.txt on either a floppy disk or a USB flash drive. Click the
+Reinstall link, then reboot the node.
+
+If you have already performed this step and are still receiving this
+message, please reply so that we may investigate the problem.
+"""
+ },
+
+ {'message_id': "nodetectednetwork",
+ 'subject': "%(hostname)s has unsupported network hardware",
+ 'template':
+"""
+
+%(hostname)s failed to boot because it has network hardware that is
+unsupported by the current production kernel. If it has booted
+successfully in the past, please try re-installing it by visiting:
+
+https://%(PLC_WWW_HOST)s:%(PLC_WWW_SSL_PORT)d/db/nodes/?id=%(node_id)d
+
+Click the Reinstall link, then reboot the node.
+
+If you have already performed this step and are still receiving this
+message, please reply so that we may investigate the problem.
+"""
+ },
+ ]
+
+ for template in message_templates:
+ messages = GetMessages([template['message_id']])
+ if not messages:
+ AddMessage(template)
if __name__ == '__main__':
main()