# Mark Huang <mlhuang@cs.princeton.edu>
# Copyright (C) 2006 The Trustees of Princeton University
#
-# $Id: api-config,v 1.12 2006/05/30 15:06:20 mlhuang Exp $
+# $Id: api-config,v 1.15 2006/07/11 20:57:25 mlhuang Exp $
#
from plc_config import PLCConfiguration
globals()[category_id] = dict(zip(variablelist.keys(),
[variable['value'] for variable in variablelist.values()]))
- # Get the issuer e-mail address of the root CA certificate
+ # Get the issuer e-mail address and public key from the root CA certificate
root_ca_email = commands.getoutput("openssl x509 -in %s -noout -email" % \
- plc['root_ca_ssl_crt'])
+ plc_ma_sa['ca_ssl_crt'])
+ root_ca_key_pub = commands.getoutput("openssl x509 -in %s -noout -pubkey" % \
+ plc_ma_sa['ca_ssl_crt'])
# Verify API certificate
if os.path.exists(plc_ma_sa['api_crt']):
try:
cert_xml = file(plc_ma_sa['api_crt']).read().strip()
# Verify root CA signature
- CertOps.authenticate_cert(cert_xml,
- {root_ca_email:
- file(plc['root_ca_ssl_key_pub']).read().strip()})
+ CertOps.authenticate_cert(cert_xml, {root_ca_email: root_ca_key_pub})
# Check if MA/SA e-mail address has changed
dom = xml.dom.minidom.parseString(cert_xml)
- for issuer in dom.getElementsByTagName('issuer'):
- if issuer.getAttribute('email') != plc_mail['support_address']:
+ for subject in dom.getElementsByTagName('subject'):
+ if subject.getAttribute('email') != plc_mail['support_address']:
raise Exception, "E-mail address '%s' in certificate '%s' does not match support address '%s'" % \
- (issuer.getAttribute('email'), plc_ma_sa['api_crt'], plc_mail['support_address'])
+ (subject.getAttribute('email'), plc_ma_sa['api_crt'], plc_mail['support_address'])
except Exception, e:
# Delete invalid API certificate
print "Warning: ", e
os.unlink(plc_ma_sa['api_crt'])
- # Generate API certificate
+ # Generate self-signed API certificate
if not os.path.exists(plc_ma_sa['api_crt']):
print "Generating new API certificate"
try:
cert = Certificate.Certificate('ticket-cert-0')
- ma_sa_ssl_key_pub = file(plc_ma_sa['ssl_key_pub']).read().strip()
+ ma_sa_ssl_key_pub = commands.getoutput("openssl x509 -in %s -noout -pubkey" % \
+ plc_ma_sa['ssl_crt'])
cert.add_subject_pubkey(pubkey = ma_sa_ssl_key_pub, email = plc_mail['support_address'])
root_ca_subject = commands.getoutput("openssl x509 -in %s -noout -subject" % \
- plc['root_ca_ssl_crt'])
+ plc_ma_sa['ssl_crt'])
m = re.search('/CN=([^/]*).*', root_ca_subject)
if m is None:
- root_ca_cn = plc['name'] + " Root CA"
+ root_ca_cn = plc['name'] + " Management and Slice Authority"
else:
root_ca_cn = m.group(1)
cert.set_issuer(email = root_ca_email, cn = root_ca_cn)
- cert_xml = cert.sign(plc['root_ca_ssl_key'])
+ cert_xml = cert.sign(plc_ma_sa['ssl_key'])
ma_sa_api_crt = file(plc_ma_sa['api_crt'], "w")
ma_sa_api_crt.write(cert_xml)
ma_sa_api_crt.close()
os.symlink(plc['root_ssh_key_pub'], "/etc/planetlab/node_root_key")
# Old variable names littered throughout the API
+ if plc_mail['enabled'] == "true":
+ plc_mail_enabled = "1"
+ else:
+ plc_mail_enabled = "0"
+
old_variables = {'PL_API_SERVER': plc_api['host'],
'PL_API_PATH': plc_api['path'],
'PL_API_PORT': plc_api['port'],
'WWW_BASE': plc_www['host'],
'BOOT_BASE': plc_boot['host'],
+ 'PLC_MAIL_ENABLED': plc_mail_enabled,
'MA_SA_NAMESPACE': plc_ma_sa['namespace'],
'SESSION_LENGTH_HOURS': "24",
'ROOT_CA_EMAIL': root_ca_email,
- 'ROOT_CA_PUB_KEY': plc['root_ca_ssl_key_pub'],
+ 'ROOT_CA_PUB_KEY': plc_ma_sa['ca_ssl_key_pub'],
'API_CERT_PATH': plc_ma_sa['api_crt'],
'MA_SA_PRIVATE_KEY': plc_ma_sa['ssl_key'],
'PL_API_TICKET_KEY_FILE': plc_ma_sa['ssl_key']}
# Mark Huang <mlhuang@cs.princeton.edu>
# Copyright (C) 2006 The Trustees of Princeton University
#
-# $Id: functions,v 1.6 2006/07/10 21:05:37 mlhuang Exp $
+# $Id: build.functions,v 1.1 2006/07/17 21:31:31 mlhuang Exp $
#
PATH=/sbin:/bin:/usr/sbin:/usr/bin
#!/bin/bash
#
-# Builds a Fedora based PLC image. You should be able to run this
-# script multiple times without a problem.
+# Builds MyPLC, either inside the MyPLC development environment in
+# devel/root (if PLC_DEVEL_BOOTSTRAP is true), or in the current host
+# environment (may be itself a MyPLC development environment or a
+# Fedora Core 4 environment with the appropriate development packages
+# installed).
+#
+# root.img (loopback image)
+# root/ (mount point)
+# data/ (various data files)
+# data/etc/planetlab/ (configuration files)
#
# Mark Huang <mlhuang@cs.princeton.edu>
# Copyright (C) 2006 The Trustees of Princeton University
#
-# $Id$
+# $Id: build.sh,v 1.26 2006/07/18 20:06:51 mlhuang Exp $
#
-PATH=/sbin:/bin:/usr/sbin:/usr/bin
-
-# In both a normal CVS environment and a PlanetLab RPM
-# build environment, all of our dependencies are checked out into
-# directories at the same level as us.
-if [ -d ../build ] ; then
- PATH=$PATH:../build
- srcdir=..
-else
- echo "Error: Could not find $(cd .. && pwd -P)/build/"
- exit 1
-fi
-
-export PATH
-
-# PLC configuration file
-config=plc_config.xml
+. build.functions
-# Release and architecture to install
-releasever=4
-basearch=i386
-
-# Initial size of the image
-size=1000000000
+#
+# Build myplc inside myplc-devel. Infinite recursion is avoided only
+# if PLC_DEVEL_BOOTSTRAP is false in the default configuration file.
+#
-usage()
-{
- echo "Usage: build.sh [OPTION]..."
- echo " -c file PLC configuration file (default: $config)"
- echo " -r release Fedora release number (default: $releasever)"
- echo " -a arch Fedora architecture (default: $basearch)"
- echo " -s size Approximate size of the installation (default: $size)"
- echo " -h This message"
- exit 1
-}
+if [ "$PLC_DEVEL_BOOTSTRAP" = "true" ] ; then
+ # So that we don't pollute the actual myplc-devel image, we use
+ # the directory that was used to build the image instead of the
+ # image itself, and mount everything by hand.
+ mount -o bind,rw devel/data devel/root/data
+ mount -t proc none devel/root/proc
+
+ # If we used a local mirror, bind mount it into the chroot so that
+ # we can use it again.
+ if [ "${PLC_DEVEL_FEDORA_URL:0:7}" = "file://" ] ; then
+ mkdir -p devel/root/usr/share/mirrors/fedora
+ mount -o bind,ro ${PLC_DEVEL_FEDORA_URL#file://} devel/root/usr/share/mirrors/fedora
+ fi
-# Get options
-while getopts "c:r:a:s:h" opt ; do
- case $opt in
- c)
- config=$OPTARG
- ;;
- r)
- releasever=$OPTARG
- ;;
- a)
- basearch=$OPTARG
- ;;
- s)
- size=$OPTARG
- ;;
- h|*)
- usage
- ;;
- esac
-done
+ # Clean up before exiting if anything goes wrong
+ trap "umount $PWD/devel/root/data;
+ umount $PWD/devel/root/proc;
+ umount $PWD/devel/root/usr/share/mirrors/fedora" ERR INT
+
+ # Build myplc inside myplc-devel. Make sure PLC_DEVEL_BOOTSTRAP is
+ # false to avoid infinite recursion.
+ chroot devel/root su - <<EOF
+set -x
+service plc start
+plc-config --category=plc_devel --variable=bootstrap --value="false" --save
+service plc reload
+cd /
+cvs -d /cvs checkout build
+make -C /build myplc
+EOF
-# Do not tolerate errors
-set -e
+ # Yoink the image that was just built
+ mv devel/data/build/BUILD/myplc-*/myplc/root{,.img} devel/data/build/BUILD/myplc-*/myplc/data .
-root=root
-data=data
+ # Clean up
+ umount devel/root/data
+ umount devel/root/proc
+ umount devel/root/usr/share/mirrors/fedora || :
+ rm -rf devel/data/build
+ mkdir -p devel/data/build
-if [ ! -f $root.img ] ; then
- bs=4096
- count=$(($size / 4096))
- dd bs=$bs count=$count if=/dev/zero of=$root.img
- mkfs.ext3 -j -F $root.img
+ # No need to continue
+ exit 0
fi
-mkdir -p $root $data
-mount -o loop $root.img $root
-trap "umount $root" ERR
-
#
-# Build
+# Build myplc in the host environment. This section is executed if
+# PLC_DEVEL_BOOTSTRAP is false.
#
-# Get package list
-while read package ; do
- packages="$packages -p $package"
-done < <(./plc-config --packages $config)
-
-# Install base system
-mkfedora -v -r $releasever -a $basearch -k $packages $root
-
-# Disable all services in reference image
-chroot $root sh -c "/sbin/chkconfig --list | awk '{ print \$1 }' | xargs -i /sbin/chkconfig {} off"
-
-# FC2 minilogd starts up during shutdown and makes unmounting
-# impossible. Just get rid of it.
-rm -f $root/sbin/minilogd
-ln -nsf /bin/true $root/sbin/minilogd
+echo "* myplc: Installing base filesystem"
+mkdir -p root data
+make_chroot root plc_config.xml
# Build schema
+echo "* myplc: Building database schema"
make -C $srcdir/pl_db
-#
-# Install
-#
-
# Install configuration scripts
-echo "* Installing configuration scripts"
-install -D -m 755 plc_config.py $root/tmp/plc_config.py
-chroot $root sh -c 'cd /tmp; python plc_config.py build; python plc_config.py install'
-install -D -m 755 plc-config $root/usr/bin/plc-config
-install -D -m 755 api-config $root/usr/bin/api-config
-install -D -m 755 db-config $root/usr/bin/db-config
-install -D -m 755 dns-config $root/usr/bin/dns-config
-
-# Install OpenSSL configuration
-install -D -m 644 openssl.cnf $root/etc/planetlab/ssl/openssl.cnf
+echo "* myplc: Installing configuration scripts"
+install -D -m 755 plc_config.py root/tmp/plc_config.py
+chroot root sh -c 'cd /tmp; python plc_config.py build; python plc_config.py install'
+install -D -m 755 plc-config root/usr/bin/plc-config
+install -D -m 755 api-config root/usr/bin/api-config
+install -D -m 755 db-config root/usr/bin/db-config
+install -D -m 755 dns-config root/usr/bin/dns-config
# Install initscripts
-echo "* Installing initscripts"
-find plc.d | cpio -p -d -u $root/etc/
-install -D -m 755 guest.init $root/etc/init.d/plc
-chroot $root sh -c 'chkconfig --add plc; chkconfig plc on'
+echo "* myplc: Installing initscripts"
+find plc.d | cpio -p -d -u root/etc/
+install -D -m 755 guest.init root/etc/init.d/plc
+chroot root sh -c 'chkconfig --add plc; chkconfig plc on'
# Install DB schema and API code
-echo "* Installing DB schema and API code"
-mkdir -p $root/usr/share
-rsync -a $srcdir/pl_db $srcdir/plc_api $root/usr/share/
+echo "* myplc: Installing DB schema and API code"
+mkdir -p root/usr/share
+rsync -a $srcdir/pl_db $srcdir/plc_api root/usr/share/
# Install web scripts
-echo "* Installing web scripts"
-mkdir -p $root/usr/bin
+echo "* myplc: Installing web scripts"
+mkdir -p root/usr/bin
install -m 755 \
$srcdir/plc/scripts/gen-sites-xml.py \
$srcdir/plc/scripts/gen-slices-xml-05.py \
$srcdir/plc/scripts/gen-static-content.py \
- $root/usr/bin/
+ root/usr/bin/
# Install web pages
-echo "* Installing web pages"
-mkdir -p $root/var/www/html
+echo "* myplc: Installing web pages"
+mkdir -p root/var/www/html
# Exclude old cruft, unrelated GENI pages, and official documents
rsync -a \
--exclude='*2002' --exclude='*2003' \
--exclude=geni --exclude=PDN --exclude=Talks \
- $srcdir/plc_www/ $root/var/www/html/
+ $srcdir/plc_www/ root/var/www/html/
# Install configuration file
-echo "* Installing configuration file"
-install -D -m 444 $config $data/etc/planetlab/default_config.xml
-install -D -m 444 plc_config.dtd $data/etc/planetlab/plc_config.dtd
+echo "* myplc: Installing configuration file"
+install -D -m 444 $config data/etc/planetlab/default_config.xml
+install -D -m 444 plc_config.dtd data/etc/planetlab/plc_config.dtd
# Move "data" directories out of the installation
datadirs=(
/var/www/html/xml
)
-echo "* Moving data directories out of the installation"
-mkdir -p $root/data
-for datadir in "${datadirs[@]}" ; do
- mkdir -p ${data}$datadir
- if [ -d $root/$datadir -a ! -h $root/$datadir ] ; then
- (cd $root && find ./$datadir | cpio -p -d -u ../$data/)
- fi
- rm -rf $root/$datadir
- mkdir -p $(dirname $root/$datadir)
- ln -nsf /data$datadir $root/$datadir
-done
+move_datadirs root data "${datadirs[@]}"
-# Shrink to 100 MB free space
-kb=$(python <<EOF
-import os
-df = os.statvfs('$root')
-target = 100 * 1024 * 1024 / df.f_bsize
-if df.f_bavail > target:
- print (df.f_blocks - (df.f_bavail - target)) * df.f_bsize / 1024
-EOF
-)
-
-umount $root
-trap - ERR
-
-if [ -n "$kb" ] ; then
- # Setup loopback association. Newer versions of losetup have a -f
- # option which finds an unused loopback device, but we must
- # support FC2 for now.
- # dev_loop=$(losetup -f)
- for i in `seq 1 7` ; do
- if ! grep -q "^/dev/loop$i" /proc/mounts ; then
- dev_loop="/dev/loop$i"
- break
- fi
- done
- losetup $dev_loop $root.img
- trap "losetup -d $dev_loop" ERR
-
- # Resize the filesystem
- echo "* Checking filesystem"
- e2fsck -a -f $dev_loop
- echo "* Shrinking filesystem"
- resize2fs $dev_loop ${kb}K
-
- # Tear down loopback association
- losetup -d $dev_loop
- trap - ERR
-
- # Truncate the image file
- perl -e "truncate '$root.img', $kb*1024"
-fi
-
-# Write sysconfig
-cat >plc.sysconfig <<EOF
-PLC_ROOT=/plc/$root
-PLC_DATA=/plc/$data
-#PLC_OPTIONS="-v"
-EOF
+# Remove generated bootmanager script
+rm -f data/var/www/html/boot/bootmanager.sh
# Initialize node RPMs directory. The PlanetLab-Bootstrap.tar.bz2
# tarball already contains all of the node RPMs pre-installed. Only
# updates or optional packages should be placed in this directory.
-if [ -n "$RPM_BUILD_DIR" ] ; then
- echo "* Initializing node RPMs directory"
- RPM_RPMS_DIR=$(cd $(dirname $RPM_BUILD_DIR)/RPMS && pwd -P)
- mkdir -p $data/var/www/html/install-rpms/planetlab
- if [ -f $RPM_RPMS_DIR/yumgroups.xml ] ; then
- install -D -m 644 $RPM_RPMS_DIR/yumgroups.xml \
- $data/var/www/html/install-rpms/planetlab/yumgroups.xml
- fi
- # yum-2.0.x
- if [ -x /usr/bin/yum-arch ] ; then
- yum-arch $data/var/www/html/install-rpms/planetlab
- fi
- # yum-2.4.x
- if [ -x /usr/bin/createrepo ] ; then
- if [ -f $data/var/www/html/install-rpms/planetlab/yumgroups.xml ] ; then
- groupfile="-g yumgroups.xml"
- fi
- createrepo $groupfile $data/var/www/html/install-rpms/planetlab
- fi
-fi
-
-# Bootstrap the system for quicker startup (and to populate the
-# PlanetLabConf tables from PLC, which may not be accessible
-# later). The bootstrap.xml configuration overlay configures the web
-# server to run on an alternate port (in case the build machine itself
-# is running a web server on port 80). Start everything up to
-# bootstrap the database, then shut it back down again immediately.
-echo "* Bootstrapping installation"
-
-install -D -m 644 bootstrap.xml $data/etc/planetlab/configs/bootstrap.xml
-
-# Otherwise, host.init will try to read /etc/sysconfig/plc
-export PLC_ROOT=$PWD/$root
-export PLC_DATA=$PWD/$data
-#export PLC_OPTIONS="-v"
-
-./host.init start
-RETVAL=$?
-
-# Remove ISO and USB images, which take up >100MB but only take a
-# couple of seconds to generate at first boot.
-rm -f $data/var/www/html/download/*.{iso,usb}
-
-./host.init stop
-RETVAL=$(($RETVAL+$?))
+install -D -m 644 ../build/groups/v3_yumgroups.xml \
+ data/var/www/html/install-rpms/planetlab/yumgroups.xml
-# Restore default configuration
-rm -f $data/etc/planetlab/configs/bootstrap.xml
-install -D -m 444 $config $data/etc/planetlab/plc_config.xml
+# Make image out of directory
+echo "* myplc: Building loopback image"
+make_image root root.img
-exit $RETVAL
+exit 0
# Mark Huang <mlhuang@cs.princeton.edu>
# Copyright (C) 2006 The Trustees of Princeton University
#
-# $Id$
+# $Id: build_devel.sh,v 1.1 2006/07/17 21:31:31 mlhuang Exp $
#
. build.functions
# Mark Huang <mlhuang@cs.princeton.edu>
# Copyright (C) 2006 The Trustees of Princeton University
#
-# $Id: Makefile,v 1.3 2006/04/24 22:14:56 mlhuang Exp $
+# $Id: Makefile,v 1.5 2006/07/18 22:41:44 mlhuang Exp $
#
vpath GenDoc.xsl ../../plc_www/doc
-vpath plc_config.xml ..
+vpath %_config.xml ..
all: myplc.pdf myplc.php
# Dependencies
-.myplc.xml.valid: architecture.eps architecture.png variables.xml
+.myplc.xml.valid: architecture.eps architecture.png plc_variables.xml plc_devel_variables.xml
-variables.xml: variables.xsl plc_config.xml
+%_variables.xml: variables.xsl %_config.xml
xsltproc $(XSLFLAGS) --output $@ $^
# Validate the XML
<td align="left">April 7, 2006</td>
<td align="left">MLH</td>
</tr>
-<tr><td align="left" colspan="3">
- <p>Initial draft.</p>
- </td></tr>
+<tr><td align="left" colspan="3"><p>Initial draft.</p></td></tr>
+<tr>
+<td align="left">Revision 1.1</td>
+<td align="left">July 19, 2006</td>
+<td align="left">MLH</td>
+</tr>
+<tr><td align="left" colspan="3"><p>Add development environment.</p></td></tr>
</table></div></div>
<div><div class="abstract">
<p class="title"><b>Abstract</b></p>
<div class="toc">
<p><b>Table of Contents</b></p>
<dl>
-<dt><span class="section"><a href="#id225357">1. Overview</a></span></dt>
-<dt><span class="section"><a href="#id225202">2. Installation</a></span></dt>
-<dt><span class="section"><a href="#id267666">3. Quickstart</a></span></dt>
+<dt><span class="section"><a href="#id225375">1. Overview</a></span></dt>
+<dt><span class="section"><a href="#Installation">2. Installation</a></span></dt>
+<dt><span class="section"><a href="#id267694">3. Quickstart</a></span></dt>
<dd><dl>
<dt><span class="section"><a href="#ChangingTheConfiguration">3.1. Changing the configuration</a></span></dt>
-<dt><span class="section"><a href="#id268167">3.2. Installing nodes</a></span></dt>
-<dt><span class="section"><a href="#id268241">3.3. Administering nodes</a></span></dt>
-<dt><span class="section"><a href="#id268335">3.4. Creating a slice</a></span></dt>
+<dt><span class="section"><a href="#id268201">3.2. Installing nodes</a></span></dt>
+<dt><span class="section"><a href="#id268275">3.3. Administering nodes</a></span></dt>
+<dt><span class="section"><a href="#id268369">3.4. Creating a slice</a></span></dt>
+</dl></dd>
+<dt><span class="section"><a href="#id268444">4. Rebuilding and customizing MyPLC</a></span></dt>
+<dd><dl>
+<dt><span class="section"><a href="#id268469">4.1. Installation</a></span></dt>
+<dt><span class="section"><a href="#id268676">4.2. Fedora Core 4 mirror requirement</a></span></dt>
+<dt><span class="section"><a href="#BuildingMyPLC">4.3. Building MyPLC</a></span></dt>
+<dt><span class="section"><a href="#UpdatingCVS">4.4. Updating CVS</a></span></dt>
</dl></dd>
-<dt><span class="appendix"><a href="#id268410">A. Configuration variables</a></span></dt>
-<dt><span class="bibliography"><a href="#id271055">Bibliography</a></span></dt>
+<dt><span class="appendix"><a href="#id269037">A. Configuration variables</a></span></dt>
+<dt><span class="appendix"><a href="#id271742">B. Development environment configuration variables</a></span></dt>
+<dt><span class="bibliography"><a href="#id271824">Bibliography</a></span></dt>
</dl>
</div>
<div class="section" lang="en">
<div class="titlepage"><div><div><h2 class="title" style="clear: both">
-<a name="id225357"></a>1. Overview</h2></div></div></div>
+<a name="id225375"></a>1. Overview</h2></div></div></div>
<p>MyPLC is a complete PlanetLab Central (PLC) portable
installation contained within a <span><strong class="command">chroot</strong></span>
jail. The default installation consists of a web server, an
</div>
<div class="section" lang="en">
<div class="titlepage"><div><div><h2 class="title" style="clear: both">
-<a name="id225202"></a>2. Installation</h2></div></div></div>
+<a name="Installation"></a>2. Installation</h2></div></div></div>
<p>Though internally composed of commodity software
subpackages, MyPLC should be treated as a monolithic software
application. MyPLC is distributed as single RPM package that has
no external dependencies, allowing it to be installed on
practically any Linux 2.6 based distribution:</p>
<div class="example">
-<a name="id225260"></a><p class="title"><b>Example 1. Installing MyPLC.</b></p>
+<a name="id225278"></a><p class="title"><b>Example 1. Installing MyPLC.</b></p>
<pre class="programlisting"># If your distribution supports RPM
-rpm -U myplc-0.3-1.planetlab.i386.rpm
+rpm -U http://build.planet-lab.org/build/myplc-0_4-rc1/RPMS/i386/myplc-0.4-1.planetlab.i386.rpm
# If your distribution does not support RPM
+cd /tmp
+wget http://build.planet-lab.org/build/myplc-0_4-rc1/RPMS/i386/myplc-0.4-1.planetlab.i386.rpm
cd /
-rpm2cpio myplc-0.3-1.planetlab.i386.rpm | cpio -diu</pre>
+rpm2cpio /tmp/myplc-0.4-1.planetlab.i386.rpm | cpio -diu</pre>
</div>
<p>MyPLC installs the following files and directories:</p>
<div class="itemizedlist"><ul type="disc">
<li><p><code class="filename">/plc/root.img</code>: The main
root filesystem of the MyPLC application. This file is an
uncompressed ext3 filesystem that is loopback mounted on
- <code class="filename">/plc/root</code> when MyPLC starts. The
- filesystem, even when mounted, should be treated an opaque
+ <code class="filename">/plc/root</code> when MyPLC starts. This
+ filesystem, even when mounted, should be treated as an opaque
binary that can and will be replaced in its entirety by any
upgrade of MyPLC.</p></li>
<li><p><code class="filename">/plc/root</code>: The mount point
<li>
<p><code class="filename">/plc/data</code>: The directory where user
data and generated files are stored. This directory is bind
- mounted into the <span><strong class="command">chroot</strong></span> jail on
- <code class="filename">/data</code>. Files in this directory are marked
- with <span><strong class="command">%config(noreplace)</strong></span> in the RPM. That
- is, during an upgrade of MyPLC, if a file has not changed
- since the last installation or upgrade of MyPLC, it is subject
- to upgrade and replacement. If the file has chanegd, the new
- version of the file will be created with a
+ mounted onto <code class="filename">/plc/root/data</code> so that it is
+ accessible as <code class="filename">/data</code> from within the
+ <span><strong class="command">chroot</strong></span> jail. Files in this directory are
+ marked with <span><strong class="command">%config(noreplace)</strong></span> in the
+ RPM. That is, during an upgrade of MyPLC, if a file has not
+ changed since the last installation or upgrade of MyPLC, it is
+ subject to upgrade and replacement. If the file has changed,
+ the new version of the file will be created with a
<code class="filename">.rpmnew</code> extension. Symlinks within the
MyPLC root filesystem ensure that the following directories
(relative to <code class="filename">/plc/root</code>) are stored
the <span><strong class="command">chkconfig</strong></span> command on a Red Hat or Fedora
host system:</p>
<div class="example">
-<a name="id243542"></a><p class="title"><b>Example 3. Disabling automatic startup of MyPLC.</b></p>
+<a name="id243568"></a><p class="title"><b>Example 3. Disabling automatic startup of MyPLC.</b></p>
<pre class="programlisting"># Disable automatic startup
chkconfig plc off
</div>
<div class="section" lang="en">
<div class="titlepage"><div><div><h2 class="title" style="clear: both">
-<a name="id267666"></a>3. Quickstart</h2></div></div></div>
+<a name="id267694"></a>3. Quickstart</h2></div></div></div>
<p>Once installed, start MyPLC (see <a href="#StartingAndStoppingMyPLC" title="Example 2. Starting and stopping MyPLC.">Example 2, “Starting and stopping MyPLC.”</a>). MyPLC must be started as
root. Observe the output of this command for any failures. If no
failures occur, you should see output similar to the
following:</p>
<div class="example">
-<a name="id267786"></a><p class="title"><b>Example 4. A successful MyPLC startup.</b></p>
+<a name="id267814"></a><p class="title"><b>Example 4. A successful MyPLC startup.</b></p>
<pre class="programlisting">Mounting PLC: [ OK ]
PLC: Generating network files: [ OK ]
PLC: Starting system logger: [ OK ]
mounts, or your kernel may not support loopback mounting, bind
mounting, or the ext3 filesystem. Try freeing at least one
loopback device, or re-compiling your kernel to support loopback
- mounting, bind mounting, and the ext3 filesystem. SELinux may
- also be enabled. If you install MyPLC on Fedora Core 4 or 5, use
- the <span class="application">Security Level Configuration</span>
- utility to configure SELinux to be
+ mounting, bind mounting, and the ext3 filesystem. If you see an
+ error similar to <code class="literal">Permission denied while trying to open
+ /plc/root.img</code>, then SELinux may be enabled. If you
+ installed MyPLC on Fedora Core 4 or 5, use the
+ <span class="application">Security Level Configuration</span> utility
+ to configure SELinux to be
<code class="literal">Permissive</code>.</p></li>
<li><p><code class="literal">Starting database server</code>: If
this step fails, check
</div>
<div class="section" lang="en">
<div class="titlepage"><div><div><h3 class="title">
-<a name="id268167"></a>3.2. Installing nodes</h3></div></div></div>
+<a name="id268201"></a>3.2. Installing nodes</h3></div></div></div>
<p>Install your first node by clicking <code class="literal">Add
Node</code> under the <code class="literal">Nodes</code> tab. Fill in
all the appropriate details, then click
</div>
<div class="section" lang="en">
<div class="titlepage"><div><div><h3 class="title">
-<a name="id268241"></a>3.3. Administering nodes</h3></div></div></div>
+<a name="id268275"></a>3.3. Administering nodes</h3></div></div></div>
<p>You may administer nodes as <code class="literal">root</code> by
using the SSH key stored in
<code class="filename">/etc/planetlab/root_ssh_key.rsa</code>.</p>
<div class="example">
-<a name="id268263"></a><p class="title"><b>Example 5. Accessing nodes via SSH. Replace
+<a name="id268297"></a><p class="title"><b>Example 5. Accessing nodes via SSH. Replace
<code class="literal">node</code> with the hostname of the node.</b></p>
<pre class="programlisting">ssh -i /etc/planetlab/root_ssh_key.rsa root@node</pre>
</div>
</div>
<div class="section" lang="en">
<div class="titlepage"><div><div><h3 class="title">
-<a name="id268335"></a>3.4. Creating a slice</h3></div></div></div>
+<a name="id268369"></a>3.4. Creating a slice</h3></div></div></div>
<p>Create a slice by clicking <code class="literal">Create Slice</code>
under the <code class="literal">Slices</code> tab. Fill in all the
appropriate details, then click <code class="literal">Create</code>. Add
to determine if it needs to create or delete any slices. You may
accelerate this process manually if desired.</p>
<div class="example">
-<a name="id268393"></a><p class="title"><b>Example 6. Forcing slice creation on a node.</b></p>
+<a name="id268427"></a><p class="title"><b>Example 6. Forcing slice creation on a node.</b></p>
<pre class="programlisting"># Update slices.xml immediately
service plc start crond
</div>
</div>
</div>
+<div class="section" lang="en">
+<div class="titlepage"><div><div><h2 class="title" style="clear: both">
+<a name="id268444"></a>4. Rebuilding and customizing MyPLC</h2></div></div></div>
+<p>The MyPLC package, though distributed as an RPM, is not a
+ traditional package that can be easily rebuilt from SRPM. The
+ requisite build environment is quite extensive and numerous
+ assumptions are made throughout the PlanetLab source code base,
+ that the build environment is based on Fedora Core 4 and that
+ access to a complete Fedora Core 4 mirror is available.</p>
+<p>For this reason, it is recommended that you only rebuild
+ MyPLC (or any of its components) from within the MyPLC development
+ environment. The MyPLC development environment is similar to MyPLC
+ itself in that it is a portable filesystem contained within a
+ <span><strong class="command">chroot</strong></span> jail. The filesystem contains all the
+ necessary tools required to rebuild MyPLC, as well as a snapshot
+ of the PlanetLab source code base in the form of a local CVS
+ repository.</p>
+<div class="section" lang="en">
+<div class="titlepage"><div><div><h3 class="title">
+<a name="id268469"></a>4.1. Installation</h3></div></div></div>
+<p>Install the MyPLC development environment similarly to how
+ you would install MyPLC. You may install both packages on the same
+ host system if you wish. As with MyPLC, the MyPLC development
+ environment should be treated as a monolithic software
+ application, and any files present in the
+ <span><strong class="command">chroot</strong></span> jail should not be modified directly, as
+ they are subject to upgrade.</p>
+<div class="example">
+<a name="id268487"></a><p class="title"><b>Example 7. Installing the MyPLC development environment.</b></p>
+<pre class="programlisting"># If your distribution supports RPM
+rpm -U http://build.planet-lab.org/build/myplc-0_4-rc2/RPMS/i386/myplc-devel-0.4-2.planetlab.i386.rpm
+
+# If your distribution does not support RPM
+cd /tmp
+wget http://build.planet-lab.org/build/myplc-0_4-rc2/RPMS/i386/myplc-devel-0.4-2.planetlab.i386.rpm
+cd /
+rpm2cpio /tmp/myplc-devel-0.4-2.planetlab.i386.rpm | cpio -diu</pre>
+</div>
+<p>The MyPLC development environment installs the following
+ files and directories:</p>
+<div class="itemizedlist"><ul type="disc">
+<li><p><code class="filename">/plc/devel/root.img</code>: The
+ main root filesystem of the MyPLC development environment. This
+ file is an uncompressed ext3 filesystem that is loopback mounted
+ on <code class="filename">/plc/devel/root</code> when the MyPLC
+ development environment is initialized. This filesystem, even
+ when mounted, should be treated as an opaque binary that can and
+ will be replaced in its entirety by any upgrade of the MyPLC
+ development environment.</p></li>
+<li><p><code class="filename">/plc/devel/root</code>: The mount
+ point for
+ <code class="filename">/plc/devel/root.img</code>.</p></li>
+<li>
+<p><code class="filename">/plc/devel/data</code>: The directory
+ where user data and generated files are stored. This directory
+ is bind mounted onto <code class="filename">/plc/devel/root/data</code>
+ so that it is accessible as <code class="filename">/data</code> from
+ within the <span><strong class="command">chroot</strong></span> jail. Files in this
+ directory are marked with
+ <span><strong class="command">%config(noreplace)</strong></span> in the RPM. Symlinks
+ ensure that the following directories (relative to
+ <code class="filename">/plc/devel/root</code>) are stored outside the
+ root filesystem image:</p>
+<div class="itemizedlist"><ul type="circle">
+<li><p><code class="filename">/etc/planetlab</code>: This
+ directory contains the configuration files that define your
+ MyPLC development environment.</p></li>
+<li><p><code class="filename">/cvs</code>: A
+ snapshot of the PlanetLab source code is stored as a CVS
+ repository in this directory. Files in this directory will
+ <span class="bold"><strong>not</strong></span> be updated by an upgrade of
+ <code class="filename">myplc-devel</code>. See <a href="#UpdatingCVS" title="4.4. Updating CVS">Section 4.4, “Updating CVS”</a> for more information about updating
+ PlanetLab source code.</p></li>
+<li><p><code class="filename">/build</code>:
+ Builds are stored in this directory. This directory is bind
+ mounted onto <code class="filename">/plc/devel/root/build</code> so that
+ it is accessible as <code class="filename">/build</code> from within the
+ <span><strong class="command">chroot</strong></span> jail. The build scripts in this
+ directory are themselves source controlled; see <a href="#BuildingMyPLC" title="4.3. Building MyPLC">Section 4.3, “Building MyPLC”</a> for more information about executing
+ builds.</p></li>
+</ul></div>
+</li>
+<li><p><code class="filename">/etc/init.d/plc-devel</code>: This file is
+ a System V init script installed on your host filesystem, that
+ allows you to start up and shut down the MyPLC development
+ environment with a single command.</p></li>
+</ul></div>
+</div>
+<div class="section" lang="en">
+<div class="titlepage"><div><div><h3 class="title">
+<a name="id268676"></a>4.2. Fedora Core 4 mirror requirement</h3></div></div></div>
+<p>The MyPLC development environment requires access to a
+ complete Fedora Core 4 i386 RPM repository, because several
+ different filesystems based upon Fedora Core 4 are constructed
+ during the process of building MyPLC. You may configure the
+ location of this repository via the
+ <code class="envar">PLC_DEVEL_FEDORA_URL</code> variable in
+ <code class="filename">/plc/devel/data/etc/planetlab/plc_config.xml</code>. The
+ value of the variable should be a URL that points to the top
+ level of a Fedora mirror that provides the
+ <code class="filename">base</code>, <code class="filename">updates</code>, and
+ <code class="filename">extras</code> repositories, e.g.,</p>
+<div class="itemizedlist"><ul type="disc">
+<li><p><code class="filename">file:///data/fedora</code></p></li>
+<li><p><code class="filename">http://coblitz.planet-lab.org/pub/fedora</code></p></li>
+<li><p><code class="filename">ftp://mirror.cs.princeton.edu/pub/mirrors/fedora</code></p></li>
+<li><p><code class="filename">ftp://mirror.stanford.edu/pub/mirrors/fedora</code></p></li>
+<li><p><code class="filename">http://rpmfind.net/linux/fedora</code></p></li>
+</ul></div>
+<p>As implied by the list, the repository may be located on
+ the local filesystem, or it may be located on a remote FTP or
+ HTTP server. URLs beginning with <code class="filename">file://</code>
+ should exist at the specified location relative to the root of
+ the <span><strong class="command">chroot</strong></span> jail. For optimum performance and
+ reproducibility, specify
+ <code class="envar">PLC_DEVEL_FEDORA_URL=file:///data/fedora</code> and
+ download all Fedora Core 4 RPMS into
+ <code class="filename">/plc/devel/data/fedora</code> on the host system
+ after installing <code class="filename">myplc-devel</code>. Use a tool
+ such as <span><strong class="command">wget</strong></span> or <span><strong class="command">rsync</strong></span> to
+ download the RPMS from a public mirror:</p>
+<div class="example">
+<a name="id268807"></a><p class="title"><b>Example 8. Setting up a local Fedora Core 4 repository.</b></p>
+<pre class="programlisting">mkdir -p /plc/devel/data/fedora
+cd /plc/devel/data/fedora
+
+for repo in core/4/i386/os core/updates/4/i386 extras/4/i386 ; do
+ wget -m -nH --cut-dirs=3 http://coblitz.planet-lab.org/pub/fedora/linux/$repo
+done</pre>
+</div>
+<p>Change the repository URI and <span><strong class="command">--cut-dirs</strong></span>
+ level as needed to produce a hierarchy that resembles:</p>
+<pre class="programlisting">/plc/devel/data/fedora/core/4/i386/os
+/plc/devel/data/fedora/core/updates/4/i386
+/plc/devel/data/fedora/extras/4/i386</pre>
+<p>A list of additional Fedora Core 4 mirrors is available at
+ <a href="http://fedora.redhat.com/Download/mirrors.html" target="_top">http://fedora.redhat.com/Download/mirrors.html</a>.</p>
+</div>
+<div class="section" lang="en">
+<div class="titlepage"><div><div><h3 class="title">
+<a name="BuildingMyPLC"></a>4.3. Building MyPLC</h3></div></div></div>
+<p>All PlanetLab source code modules are built and installed
+ as RPMS. A set of build scripts, checked into the
+ <code class="filename">build/</code> directory of the PlanetLab CVS
+ repository, eases the task of rebuilding PlanetLab source
+ code.</p>
+<p>To build MyPLC, or any PlanetLab source code module, from
+ within the MyPLC development environment, execute the following
+ commands as root:</p>
+<div class="example">
+<a name="id268873"></a><p class="title"><b>Example 9. Building MyPLC.</b></p>
+<pre class="programlisting"># Initialize MyPLC development environment
+service plc-devel start
+
+# Enter development environment
+chroot /plc/devel/root su -
+
+# Check out build scripts into a directory named after the current
+# date. This is simply a convention, it need not be followed
+# exactly. See build/build.sh for an example of a build script that
+# names build directories after CVS tags.
+DATE=$(date +%Y.%m.%d)
+cd /build
+cvs -d /cvs checkout -d $DATE build
+
+# Build everything
+make -C $DATE</pre>
+</div>
+<p>If the build succeeds, a set of binary RPMS will be
+ installed under
+ <code class="filename">/plc/devel/data/build/$DATE/RPMS/</code> that you
+ may copy to the
+ <code class="filename">/var/www/html/install-rpms/planetlab</code>
+ directory of your MyPLC installation (see <a href="#Installation" title="2. Installation">Section 2, “Installation”</a>).</p>
+</div>
+<div class="section" lang="en">
+<div class="titlepage"><div><div><h3 class="title">
+<a name="UpdatingCVS"></a>4.4. Updating CVS</h3></div></div></div>
+<p>A complete snapshot of the PlanetLab source code is included
+ with the MyPLC development environment as a CVS repository in
+ <code class="filename">/plc/devel/data/cvs</code>. This CVS repository may
+ be accessed like any other CVS repository. It may be accessed
+ using an interface such as <a href="http://www.freebsd.org/projects/cvsweb.html" target="_top">CVSweb</a>,
+ and file permissions may be altered to allow for fine-grained
+ access control. Although the files are included with the
+ <code class="filename">myplc-devel</code> RPM, they are <span class="bold"><strong>not</strong></span> subject to upgrade once installed. New
+ versions of the <code class="filename">myplc-devel</code> RPM will install
+ updated snapshot repositories in
+ <code class="filename">/plc/devel/data/cvs-%{version}-%{release}</code>,
+ where <code class="literal">%{version}-%{release}</code> is replaced with
+ the version number of the RPM.</p>
+<p>Because the CVS repository is not automatically upgraded,
+ if you wish to keep your local repository synchronized with the
+ public PlanetLab repository, it is highly recommended that you
+ use CVS's support for <a href="http://ximbiot.com/cvs/wiki/index.php?title=CVS--Concurrent_Versions_System_v1.12.12.1:_Tracking_third-party_sources" target="_top">vendor
+ branches</a> to track changes. Vendor branches ease the task
+ of merging upstream changes with your local modifications. To
+ import a new snapshot into your local repository (for example,
+ if you have just upgraded from
+ <code class="filename">myplc-devel-0.4-2</code> to
+ <code class="filename">myplc-devel-0.4-3</code> and you notice the new
+ repository in <code class="filename">/plc/devel/data/cvs-0.4-3</code>),
+ execute the following commands as root from within the MyPLC
+ development environment:</p>
+<div class="example">
+<a name="id269004"></a><p class="title"><b>Example 10. Updating /data/cvs from /data/cvs-0.4-3.</b></p>
+<p><span class="bold"><strong>Warning</strong></span>: This may cause
+ severe, irreversible changes to be made to your local
+ repository. Always tag your local repository before
+ importing.</p>
+<pre class="programlisting"># Initialize MyPLC development environment
+service plc-devel start
+
+# Enter development environment
+chroot /plc/devel/root su -
+
+# Tag current state
+cvs -d /cvs rtag before-myplc-0_4-3-merge
+
+# Export snapshot
+TMP=$(mktemp -d /data/export.XXXXXX)
+pushd $TMP
+cvs -d /data/cvs-0.4-3 export -r HEAD .
+cvs -d /cvs import -m "PlanetLab sources from myplc-0.4-3" -ko -I ! . planetlab myplc-0_4-3
+popd
+rm -rf $TMP</pre>
+</div>
+<p>If there any merge conflicts, use the command suggested by
+ CVS to help the merge. Explaining how to fix merge conflicts is
+ beyond the scope of this document; consult the CVS documentation
+ for more information on how to use CVS.</p>
+</div>
+</div>
<div class="appendix" lang="en">
<h2 class="title" style="clear: both">
-<a name="id268410"></a>A. Configuration variables</h2>
+<a name="id269037"></a>A. Configuration variables</h2>
<p>Listed below is the set of standard configuration variables
and their default values, defined in the template
<code class="filename">/etc/planetlab/default_config.xml</code>. Additional
<p>The SSH private key used to access the root
account on your nodes.</p>
</dd>
-<dt><span class="term">PLC_ROOT_CA_SSL_KEY</span></dt>
-<dd>
-<p>
- Type: file</p>
-<p>
- Default: /etc/planetlab/root_ca_ssl.key</p>
-<p>The SSL private key used for signing all other
- generated certificates. If non-existent, one will be
- generated.</p>
-</dd>
-<dt><span class="term">PLC_ROOT_CA_SSL_KEY_PUB</span></dt>
-<dd>
-<p>
- Type: file</p>
-<p>
- Default: /etc/planetlab/root_ca_ssl.pub</p>
-<p>The corresponding SSL public key.</p>
-</dd>
-<dt><span class="term">PLC_ROOT_CA_SSL_CRT</span></dt>
-<dd>
-<p>
- Type: file</p>
-<p>
- Default: /etc/planetlab/root_ca_ssl.crt</p>
-<p>The corresponding SSL public
- certificate.</p>
-</dd>
<dt><span class="term">PLC_MA_SA_NAMESPACE</span></dt>
<dd>
<p>
with the signature of your MA/SA. If non-existent, one will
be generated.</p>
</dd>
-<dt><span class="term">PLC_MA_SA_SSL_KEY_PUB</span></dt>
+<dt><span class="term">PLC_MA_SA_SSL_CRT</span></dt>
<dd>
<p>
Type: file</p>
<p>
- Default: /etc/planetlab/ma_sa_ssl.pub</p>
-<p>The corresponding SSL public key.</p>
+ Default: /etc/planetlab/ma_sa_ssl.crt</p>
+<p>The corresponding SSL public certificate. By
+ default, this certificate is self-signed. You may replace
+ the certificate later with one signed by the PLC root
+ CA.</p>
</dd>
-<dt><span class="term">PLC_MA_SA_SSL_CRT</span></dt>
+<dt><span class="term">PLC_MA_SA_CA_SSL_CRT</span></dt>
<dd>
<p>
Type: file</p>
<p>
- Default: /etc/planetlab/ma_sa_ssl.crt</p>
-<p>The corresponding SSL public certificate,
- signed by the root CA.</p>
+ Default: /etc/planetlab/ma_sa_ca_ssl.crt</p>
+<p>If applicable, the certificate of the PLC root
+ CA. If your MA/SA certificate is self-signed, then this file
+ is the same as your MA/SA certificate.</p>
+</dd>
+<dt><span class="term">PLC_MA_SA_CA_SSL_KEY_PUB</span></dt>
+<dd>
+<p>
+ Type: file</p>
+<p>
+ Default: /etc/planetlab/ma_sa_ca_ssl.pub</p>
+<p>If applicable, the public key of the PLC root
+ CA. If your MA/SA certificate is self-signed, then this file
+ is the same as your MA/SA public key.</p>
</dd>
<dt><span class="term">PLC_MA_SA_API_CRT</span></dt>
<dd>
Type: file</p>
<p>
Default: /etc/planetlab/ma_sa_api.xml</p>
-<p>The API Certificate for your MA/SA is the SSL
- public key for your MA/SA embedded in an XML document and
- signed by the root CA SSL private key. The API Certificate
- can be used by any PlanetLab node managed by any MA, to
- verify that your MA/SA public key is valid.</p>
+<p>The API Certificate is your MA/SA public key
+ embedded in a digitally signed XML document. By default,
+ this document is self-signed. You may replace this
+ certificate later with one signed by the PLC root
+ CA.</p>
</dd>
<dt><span class="term">PLC_NET_DNS1</span></dt>
<dd>
Type: file</p>
<p>
Default: /etc/planetlab/api_ssl.crt</p>
-<p>The corresponding SSL public certificate,
- signed by the root CA.</p>
+<p>The corresponding SSL public certificate. By
+ default, this certificate is self-signed. You may replace
+ the certificate later with one signed by a root
+ CA.</p>
+</dd>
+<dt><span class="term">PLC_API_CA_SSL_CRT</span></dt>
+<dd>
+<p>
+ Type: file</p>
+<p>
+ Default: /etc/planetlab/api_ca_ssl.crt</p>
+<p>The certificate of the root CA, if any, that
+ signed your server certificate. If your server certificate is
+ self-signed, then this file is the same as your server
+ certificate.</p>
</dd>
<dt><span class="term">PLC_WWW_ENABLED</span></dt>
<dd>
Type: file</p>
<p>
Default: /etc/planetlab/www_ssl.crt</p>
-<p>The corresponding SSL public certificate,
- signed by the root CA.</p>
+<p>The corresponding SSL public certificate for
+ the HTTP server. By default, this certificate is
+ self-signed. You may replace the certificate later with one
+ signed by a root CA.</p>
+</dd>
+<dt><span class="term">PLC_WWW_CA_SSL_CRT</span></dt>
+<dd>
+<p>
+ Type: file</p>
+<p>
+ Default: /etc/planetlab/www_ca_ssl.crt</p>
+<p>The certificate of the root CA, if any, that
+ signed your server certificate. If your server certificate is
+ self-signed, then this file is the same as your server
+ certificate.</p>
</dd>
<dt><span class="term">PLC_BOOT_ENABLED</span></dt>
<dd>
<p>
Default: /etc/planetlab/boot_ssl.key</p>
<p>The SSL private key to use for encrypting HTTPS
- traffic. If non-existent, one will be
- generated.</p>
+ traffic.</p>
</dd>
<dt><span class="term">PLC_BOOT_SSL_CRT</span></dt>
<dd>
Type: file</p>
<p>
Default: /etc/planetlab/boot_ssl.crt</p>
-<p>The corresponding SSL public certificate,
- signed by the root CA.</p>
+<p>The corresponding SSL public certificate for
+ the HTTP server. By default, this certificate is
+ self-signed. You may replace the certificate later with one
+ signed by a root CA.</p>
+</dd>
+<dt><span class="term">PLC_BOOT_CA_SSL_CRT</span></dt>
+<dd>
+<p>
+ Type: file</p>
+<p>
+ Default: /etc/planetlab/boot_ca_ssl.crt</p>
+<p>The certificate of the root CA, if any, that
+ signed your server certificate. If your server certificate is
+ self-signed, then this file is the same as your server
+ certificate.</p>
+</dd>
+</dl></div>
+</div>
+<div class="appendix" lang="en">
+<h2 class="title" style="clear: both">
+<a name="id271742"></a>B. Development environment configuration variables</h2>
+<div class="variablelist"><dl>
+<dt><span class="term">PLC_DEVEL_FEDORA_RELEASE</span></dt>
+<dd>
+<p>
+ Type: string</p>
+<p>
+ Default: 4</p>
+<p>Version number of Fedora Core upon which to
+ base the build environment. Warning: Currently, only Fedora
+ Core 4 is supported.</p>
+</dd>
+<dt><span class="term">PLC_DEVEL_FEDORA_ARCH</span></dt>
+<dd>
+<p>
+ Type: string</p>
+<p>
+ Default: i386</p>
+<p>Base architecture of the build
+ environment. Warning: Currently, only i386 is
+ supported.</p>
+</dd>
+<dt><span class="term">PLC_DEVEL_FEDORA_URL</span></dt>
+<dd>
+<p>
+ Type: string</p>
+<p>
+ Default: file:///usr/share/mirrors/fedora</p>
+<p>Fedora Core mirror from which to install
+ filesystems.</p>
+</dd>
+<dt><span class="term">PLC_DEVEL_CVSROOT</span></dt>
+<dd>
+<p>
+ Type: string</p>
+<p>
+ Default: /cvs</p>
+<p>CVSROOT to use when checking out code.</p>
+</dd>
+<dt><span class="term">PLC_DEVEL_BOOTSTRAP</span></dt>
+<dd>
+<p>
+ Type: boolean</p>
+<p>
+ Default: false</p>
+<p>Controls whether MyPLC should be built inside
+ of its own development environment.</p>
</dd>
</dl></div>
</div>
<div class="bibliography">
<div class="titlepage"><div><div><h2 class="title">
-<a name="id271055"></a>Bibliography</h2></div></div></div>
+<a name="id271824"></a>Bibliography</h2></div></div></div>
<div class="biblioentry">
<a name="TechsGuide"></a><p>[1] <span class="author"><span class="firstname">Mark</span> <span class="surname">Huang</span>. </span><span class="title"><i><a href="http://www.planet-lab.org/doc/TechsGuide.php" target="_top">PlanetLab
Technical Contact's Guide</a></i>. </span></p>
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE article PUBLIC "-//OASIS//DTD DocBook XML V4.3//EN"
"http://www.oasis-open.org/docbook/xml/4.3/docbookx.dtd" [
- <!ENTITY Variables SYSTEM "variables.xml">
+ <!ENTITY Variables SYSTEM "plc_variables.xml">
+ <!ENTITY DevelVariables SYSTEM "plc_devel_variables.xml">
]>
<article>
<articleinfo>
<revhistory>
<revision>
<revnumber>1.0</revnumber>
-
<date>April 7, 2006</date>
-
<authorinitials>MLH</authorinitials>
-
- <revdescription>
- <para>Initial draft.</para>
- </revdescription>
+ <revdescription><para>Initial draft.</para></revdescription>
+ </revision>
+ <revision>
+ <revnumber>1.1</revnumber>
+ <date>July 19, 2006</date>
+ <authorinitials>MLH</authorinitials>
+ <revdescription><para>Add development environment.</para></revdescription>
</revision>
</revhistory>
</articleinfo>
</figure>
</section>
- <section>
+ <section id="Installation">
<title>Installation</title>
<para>Though internally composed of commodity software
<example>
<title>Installing MyPLC.</title>
- <programlisting><![CDATA[# If your distribution supports RPM
-rpm -U myplc-0.3-1.planetlab.i386.rpm
+ <programlisting><![CDATA[# If your distribution supports RPM
+rpm -U http://build.planet-lab.org/build/myplc-0_4-rc1/RPMS/i386/myplc-0.4-1.planetlab.i386.rpm
# If your distribution does not support RPM
+cd /tmp
+wget http://build.planet-lab.org/build/myplc-0_4-rc1/RPMS/i386/myplc-0.4-1.planetlab.i386.rpm
cd /
-rpm2cpio myplc-0.3-1.planetlab.i386.rpm | cpio -diu]]></programlisting>
+rpm2cpio /tmp/myplc-0.4-1.planetlab.i386.rpm | cpio -diu]]></programlisting>
</example>
<para>MyPLC installs the following files and directories:</para>
<listitem><para><filename>/plc/root.img</filename>: The main
root filesystem of the MyPLC application. This file is an
uncompressed ext3 filesystem that is loopback mounted on
- <filename>/plc/root</filename> when MyPLC starts. The
- filesystem, even when mounted, should be treated an opaque
+ <filename>/plc/root</filename> when MyPLC starts. This
+ filesystem, even when mounted, should be treated as an opaque
binary that can and will be replaced in its entirety by any
upgrade of MyPLC.</para></listitem>
<listitem>
<para><filename>/plc/data</filename>: The directory where user
data and generated files are stored. This directory is bind
- mounted into the <command>chroot</command> jail on
- <filename>/data</filename>. Files in this directory are marked
- with <command>%config(noreplace)</command> in the RPM. That
- is, during an upgrade of MyPLC, if a file has not changed
- since the last installation or upgrade of MyPLC, it is subject
- to upgrade and replacement. If the file has chanegd, the new
- version of the file will be created with a
+ mounted onto <filename>/plc/root/data</filename> so that it is
+ accessible as <filename>/data</filename> from within the
+ <command>chroot</command> jail. Files in this directory are
+ marked with <command>%config(noreplace)</command> in the
+ RPM. That is, during an upgrade of MyPLC, if a file has not
+ changed since the last installation or upgrade of MyPLC, it is
+ subject to upgrade and replacement. If the file has changed,
+ the new version of the file will be created with a
<filename>.rpmnew</filename> extension. Symlinks within the
MyPLC root filesystem ensure that the following directories
(relative to <filename>/plc/root</filename>) are stored
mounts, or your kernel may not support loopback mounting, bind
mounting, or the ext3 filesystem. Try freeing at least one
loopback device, or re-compiling your kernel to support loopback
- mounting, bind mounting, and the ext3 filesystem. SELinux may
- also be enabled. If you install MyPLC on Fedora Core 4 or 5, use
- the <application>Security Level Configuration</application>
- utility to configure SELinux to be
+ mounting, bind mounting, and the ext3 filesystem. If you see an
+ error similar to <literal>Permission denied while trying to open
+ /plc/root.img</literal>, then SELinux may be enabled. If you
+ installed MyPLC on Fedora Core 4 or 5, use the
+ <application>Security Level Configuration</application> utility
+ to configure SELinux to be
<literal>Permissive</literal>.</para></listitem>
<listitem><para><literal>Starting database server</literal>: If
</section>
</section>
+ <section>
+ <title>Rebuilding and customizing MyPLC</title>
+
+ <para>The MyPLC package, though distributed as an RPM, is not a
+ traditional package that can be easily rebuilt from SRPM. The
+ requisite build environment is quite extensive and numerous
+ assumptions are made throughout the PlanetLab source code base,
+ that the build environment is based on Fedora Core 4 and that
+ access to a complete Fedora Core 4 mirror is available.</para>
+
+ <para>For this reason, it is recommended that you only rebuild
+ MyPLC (or any of its components) from within the MyPLC development
+ environment. The MyPLC development environment is similar to MyPLC
+ itself in that it is a portable filesystem contained within a
+ <command>chroot</command> jail. The filesystem contains all the
+ necessary tools required to rebuild MyPLC, as well as a snapshot
+ of the PlanetLab source code base in the form of a local CVS
+ repository.</para>
+
+ <section>
+ <title>Installation</title>
+
+ <para>Install the MyPLC development environment similarly to how
+ you would install MyPLC. You may install both packages on the same
+ host system if you wish. As with MyPLC, the MyPLC development
+ environment should be treated as a monolithic software
+ application, and any files present in the
+ <command>chroot</command> jail should not be modified directly, as
+ they are subject to upgrade.</para>
+
+ <example>
+ <title>Installing the MyPLC development environment.</title>
+
+ <programlisting><![CDATA[# If your distribution supports RPM
+rpm -U http://build.planet-lab.org/build/myplc-0_4-rc2/RPMS/i386/myplc-devel-0.4-2.planetlab.i386.rpm
+
+# If your distribution does not support RPM
+cd /tmp
+wget http://build.planet-lab.org/build/myplc-0_4-rc2/RPMS/i386/myplc-devel-0.4-2.planetlab.i386.rpm
+cd /
+rpm2cpio /tmp/myplc-devel-0.4-2.planetlab.i386.rpm | cpio -diu]]></programlisting>
+ </example>
+
+ <para>The MyPLC development environment installs the following
+ files and directories:</para>
+
+ <itemizedlist>
+ <listitem><para><filename>/plc/devel/root.img</filename>: The
+ main root filesystem of the MyPLC development environment. This
+ file is an uncompressed ext3 filesystem that is loopback mounted
+ on <filename>/plc/devel/root</filename> when the MyPLC
+ development environment is initialized. This filesystem, even
+ when mounted, should be treated as an opaque binary that can and
+ will be replaced in its entirety by any upgrade of the MyPLC
+ development environment.</para></listitem>
+
+ <listitem><para><filename>/plc/devel/root</filename>: The mount
+ point for
+ <filename>/plc/devel/root.img</filename>.</para></listitem>
+
+ <listitem>
+ <para><filename>/plc/devel/data</filename>: The directory
+ where user data and generated files are stored. This directory
+ is bind mounted onto <filename>/plc/devel/root/data</filename>
+ so that it is accessible as <filename>/data</filename> from
+ within the <command>chroot</command> jail. Files in this
+ directory are marked with
+ <command>%config(noreplace)</command> in the RPM. Symlinks
+ ensure that the following directories (relative to
+ <filename>/plc/devel/root</filename>) are stored outside the
+ root filesystem image:</para>
+
+ <itemizedlist>
+ <listitem><para><filename>/etc/planetlab</filename>: This
+ directory contains the configuration files that define your
+ MyPLC development environment.</para></listitem>
+
+ <listitem><para><filename>/cvs</filename>: A
+ snapshot of the PlanetLab source code is stored as a CVS
+ repository in this directory. Files in this directory will
+ <emphasis role="bold">not</emphasis> be updated by an upgrade of
+ <filename>myplc-devel</filename>. See <xref
+ linkend="UpdatingCVS" /> for more information about updating
+ PlanetLab source code.</para></listitem>
+
+ <listitem><para><filename>/build</filename>:
+ Builds are stored in this directory. This directory is bind
+ mounted onto <filename>/plc/devel/root/build</filename> so that
+ it is accessible as <filename>/build</filename> from within the
+ <command>chroot</command> jail. The build scripts in this
+ directory are themselves source controlled; see <xref
+ linkend="BuildingMyPLC" /> for more information about executing
+ builds.</para></listitem>
+ </itemizedlist>
+ </listitem>
+
+ <listitem>
+ <para><filename>/etc/init.d/plc-devel</filename>: This file is
+ a System V init script installed on your host filesystem, that
+ allows you to start up and shut down the MyPLC development
+ environment with a single command.</para>
+ </listitem>
+ </itemizedlist>
+ </section>
+
+ <section>
+ <title>Fedora Core 4 mirror requirement</title>
+
+ <para>The MyPLC development environment requires access to a
+ complete Fedora Core 4 i386 RPM repository, because several
+ different filesystems based upon Fedora Core 4 are constructed
+ during the process of building MyPLC. You may configure the
+ location of this repository via the
+ <envar>PLC_DEVEL_FEDORA_URL</envar> variable in
+ <filename>/plc/devel/data/etc/planetlab/plc_config.xml</filename>. The
+ value of the variable should be a URL that points to the top
+ level of a Fedora mirror that provides the
+ <filename>base</filename>, <filename>updates</filename>, and
+ <filename>extras</filename> repositories, e.g.,</para>
+
+ <itemizedlist>
+ <listitem><para><filename>file:///data/fedora</filename></para></listitem>
+ <listitem><para><filename>http://coblitz.planet-lab.org/pub/fedora</filename></para></listitem>
+ <listitem><para><filename>ftp://mirror.cs.princeton.edu/pub/mirrors/fedora</filename></para></listitem>
+ <listitem><para><filename>ftp://mirror.stanford.edu/pub/mirrors/fedora</filename></para></listitem>
+ <listitem><para><filename>http://rpmfind.net/linux/fedora</filename></para></listitem>
+ </itemizedlist>
+
+ <para>As implied by the list, the repository may be located on
+ the local filesystem, or it may be located on a remote FTP or
+ HTTP server. URLs beginning with <filename>file://</filename>
+ should exist at the specified location relative to the root of
+ the <command>chroot</command> jail. For optimum performance and
+ reproducibility, specify
+ <envar>PLC_DEVEL_FEDORA_URL=file:///data/fedora</envar> and
+ download all Fedora Core 4 RPMS into
+ <filename>/plc/devel/data/fedora</filename> on the host system
+ after installing <filename>myplc-devel</filename>. Use a tool
+ such as <command>wget</command> or <command>rsync</command> to
+ download the RPMS from a public mirror:</para>
+
+ <example>
+ <title>Setting up a local Fedora Core 4 repository.</title>
+
+ <programlisting><![CDATA[mkdir -p /plc/devel/data/fedora
+cd /plc/devel/data/fedora
+
+for repo in core/4/i386/os core/updates/4/i386 extras/4/i386 ; do
+ wget -m -nH --cut-dirs=3 http://coblitz.planet-lab.org/pub/fedora/linux/$repo
+done]]></programlisting>
+ </example>
+
+ <para>Change the repository URI and <command>--cut-dirs</command>
+ level as needed to produce a hierarchy that resembles:</para>
+
+ <programlisting><![CDATA[/plc/devel/data/fedora/core/4/i386/os
+/plc/devel/data/fedora/core/updates/4/i386
+/plc/devel/data/fedora/extras/4/i386]]></programlisting>
+
+ <para>A list of additional Fedora Core 4 mirrors is available at
+ <ulink url="http://fedora.redhat.com/Download/mirrors.html">http://fedora.redhat.com/Download/mirrors.html</ulink>.</para>
+ </section>
+
+ <section id="BuildingMyPLC">
+ <title>Building MyPLC</title>
+
+ <para>All PlanetLab source code modules are built and installed
+ as RPMS. A set of build scripts, checked into the
+ <filename>build/</filename> directory of the PlanetLab CVS
+ repository, eases the task of rebuilding PlanetLab source
+ code.</para>
+
+ <para>To build MyPLC, or any PlanetLab source code module, from
+ within the MyPLC development environment, execute the following
+ commands as root:</para>
+
+ <example>
+ <title>Building MyPLC.</title>
+
+ <programlisting><![CDATA[# Initialize MyPLC development environment
+service plc-devel start
+
+# Enter development environment
+chroot /plc/devel/root su -
+
+# Check out build scripts into a directory named after the current
+# date. This is simply a convention, it need not be followed
+# exactly. See build/build.sh for an example of a build script that
+# names build directories after CVS tags.
+DATE=$(date +%Y.%m.%d)
+cd /build
+cvs -d /cvs checkout -d $DATE build
+
+# Build everything
+make -C $DATE]]></programlisting>
+ </example>
+
+ <para>If the build succeeds, a set of binary RPMS will be
+ installed under
+ <filename>/plc/devel/data/build/$DATE/RPMS/</filename> that you
+ may copy to the
+ <filename>/var/www/html/install-rpms/planetlab</filename>
+ directory of your MyPLC installation (see <xref
+ linkend="Installation" />).</para>
+ </section>
+
+ <section id="UpdatingCVS">
+ <title>Updating CVS</title>
+
+ <para>A complete snapshot of the PlanetLab source code is included
+ with the MyPLC development environment as a CVS repository in
+ <filename>/plc/devel/data/cvs</filename>. This CVS repository may
+ be accessed like any other CVS repository. It may be accessed
+ using an interface such as <ulink
+ url="http://www.freebsd.org/projects/cvsweb.html">CVSweb</ulink>,
+ and file permissions may be altered to allow for fine-grained
+ access control. Although the files are included with the
+ <filename>myplc-devel</filename> RPM, they are <emphasis
+ role="bold">not</emphasis> subject to upgrade once installed. New
+ versions of the <filename>myplc-devel</filename> RPM will install
+ updated snapshot repositories in
+ <filename>/plc/devel/data/cvs-%{version}-%{release}</filename>,
+ where <literal>%{version}-%{release}</literal> is replaced with
+ the version number of the RPM.</para>
+
+ <para>Because the CVS repository is not automatically upgraded,
+ if you wish to keep your local repository synchronized with the
+ public PlanetLab repository, it is highly recommended that you
+ use CVS's support for <ulink
+ url="http://ximbiot.com/cvs/wiki/index.php?title=CVS--Concurrent_Versions_System_v1.12.12.1:_Tracking_third-party_sources">vendor
+ branches</ulink> to track changes. Vendor branches ease the task
+ of merging upstream changes with your local modifications. To
+ import a new snapshot into your local repository (for example,
+ if you have just upgraded from
+ <filename>myplc-devel-0.4-2</filename> to
+ <filename>myplc-devel-0.4-3</filename> and you notice the new
+ repository in <filename>/plc/devel/data/cvs-0.4-3</filename>),
+ execute the following commands as root from within the MyPLC
+ development environment:</para>
+
+ <example>
+ <title>Updating /data/cvs from /data/cvs-0.4-3.</title>
+
+ <para><emphasis role="bold">Warning</emphasis>: This may cause
+ severe, irreversible changes to be made to your local
+ repository. Always tag your local repository before
+ importing.</para>
+
+ <programlisting><![CDATA[# Initialize MyPLC development environment
+service plc-devel start
+
+# Enter development environment
+chroot /plc/devel/root su -
+
+# Tag current state
+cvs -d /cvs rtag before-myplc-0_4-3-merge
+
+# Export snapshot
+TMP=$(mktemp -d /data/export.XXXXXX)
+pushd $TMP
+cvs -d /data/cvs-0.4-3 export -r HEAD .
+cvs -d /cvs import -m "PlanetLab sources from myplc-0.4-3" -ko -I ! . planetlab myplc-0_4-3
+popd
+rm -rf $TMP]]></programlisting>
+ </example>
+
+ <para>If there any merge conflicts, use the command suggested by
+ CVS to help the merge. Explaining how to fix merge conflicts is
+ beyond the scope of this document; consult the CVS documentation
+ for more information on how to use CVS.</para>
+ </section>
+ </section>
+
<appendix>
<title>Configuration variables</title>
&Variables;
</appendix>
+ <appendix>
+ <title>Development environment configuration variables</title>
+
+ &DevelVariables;
+ </appendix>
+
<bibliography>
<title>Bibliography</title>
+++ /dev/null
-<variablelist>
- <varlistentry>
- <term>PLC_NAME</term>
- <listitem>
- <para>
- Type: string</para>
- <para>
- Default: PlanetLab Test</para>
- <para>The name of this PLC installation. It is used in
- the name of the default system site (e.g., PlanetLab Central)
- and in the names of various administrative entities (e.g.,
- PlanetLab Support).</para>
- </listitem>
- </varlistentry>
- <varlistentry>
- <term>PLC_SLICE_PREFIX</term>
- <listitem>
- <para>
- Type: string</para>
- <para>
- Default: pl</para>
- <para>The abbreviated name of this PLC
- installation. It is used as the prefix for system slices
- (e.g., pl_conf). Warning: Currently, this variable should
- not be changed.</para>
- </listitem>
- </varlistentry>
- <varlistentry>
- <term>PLC_ROOT_USER</term>
- <listitem>
- <para>
- Type: email</para>
- <para>
- Default: root@localhost.localdomain</para>
- <para>The name of the initial administrative
- account. We recommend that this account be used only to create
- additional accounts associated with real
- administrators, then disabled.</para>
- </listitem>
- </varlistentry>
- <varlistentry>
- <term>PLC_ROOT_PASSWORD</term>
- <listitem>
- <para>
- Type: password</para>
- <para>
- Default: root</para>
- <para>The password of the initial administrative
- account. Also the password of the root account on the Boot
- CD.</para>
- </listitem>
- </varlistentry>
- <varlistentry>
- <term>PLC_ROOT_SSH_KEY_PUB</term>
- <listitem>
- <para>
- Type: file</para>
- <para>
- Default: /etc/planetlab/root_ssh_key.pub</para>
- <para>The SSH public key used to access the root
- account on your nodes.</para>
- </listitem>
- </varlistentry>
- <varlistentry>
- <term>PLC_ROOT_SSH_KEY</term>
- <listitem>
- <para>
- Type: file</para>
- <para>
- Default: /etc/planetlab/root_ssh_key.rsa</para>
- <para>The SSH private key used to access the root
- account on your nodes.</para>
- </listitem>
- </varlistentry>
- <varlistentry>
- <term>PLC_DEBUG_SSH_KEY_PUB</term>
- <listitem>
- <para>
- Type: file</para>
- <para>
- Default: /etc/planetlab/debug_ssh_key.pub</para>
- <para>The SSH public key used to access the root
- account on your nodes when they are in Debug mode.</para>
- </listitem>
- </varlistentry>
- <varlistentry>
- <term>PLC_DEBUG_SSH_KEY</term>
- <listitem>
- <para>
- Type: file</para>
- <para>
- Default: /etc/planetlab/debug_ssh_key.rsa</para>
- <para>The SSH private key used to access the root
- account on your nodes when they are in Debug mode.</para>
- </listitem>
- </varlistentry>
- <varlistentry>
- <term>PLC_ROOT_GPG_KEY_PUB</term>
- <listitem>
- <para>
- Type: file</para>
- <para>
- Default: /etc/planetlab/pubring.gpg</para>
- <para>The GPG public keyring used to sign the Boot
- Manager and all node packages.</para>
- </listitem>
- </varlistentry>
- <varlistentry>
- <term>PLC_ROOT_GPG_KEY</term>
- <listitem>
- <para>
- Type: file</para>
- <para>
- Default: /etc/planetlab/secring.gpg</para>
- <para>The SSH private key used to access the root
- account on your nodes.</para>
- </listitem>
- </varlistentry>
- <varlistentry>
- <term>PLC_ROOT_CA_SSL_KEY</term>
- <listitem>
- <para>
- Type: file</para>
- <para>
- Default: /etc/planetlab/root_ca_ssl.key</para>
- <para>The SSL private key used for signing all other
- generated certificates. If non-existent, one will be
- generated.</para>
- </listitem>
- </varlistentry>
- <varlistentry>
- <term>PLC_ROOT_CA_SSL_KEY_PUB</term>
- <listitem>
- <para>
- Type: file</para>
- <para>
- Default: /etc/planetlab/root_ca_ssl.pub</para>
- <para>The corresponding SSL public key.</para>
- </listitem>
- </varlistentry>
- <varlistentry>
- <term>PLC_ROOT_CA_SSL_CRT</term>
- <listitem>
- <para>
- Type: file</para>
- <para>
- Default: /etc/planetlab/root_ca_ssl.crt</para>
- <para>The corresponding SSL public
- certificate.</para>
- </listitem>
- </varlistentry>
- <varlistentry>
- <term>PLC_MA_SA_NAMESPACE</term>
- <listitem>
- <para>
- Type: ip</para>
- <para>
- Default: test</para>
- <para>The namespace of your MA/SA. This should be a
- globally unique value assigned by PlanetLab
- Central.</para>
- </listitem>
- </varlistentry>
- <varlistentry>
- <term>PLC_MA_SA_SSL_KEY</term>
- <listitem>
- <para>
- Type: file</para>
- <para>
- Default: /etc/planetlab/ma_sa_ssl.key</para>
- <para>The SSL private key used for signing documents
- with the signature of your MA/SA. If non-existent, one will
- be generated.</para>
- </listitem>
- </varlistentry>
- <varlistentry>
- <term>PLC_MA_SA_SSL_KEY_PUB</term>
- <listitem>
- <para>
- Type: file</para>
- <para>
- Default: /etc/planetlab/ma_sa_ssl.pub</para>
- <para>The corresponding SSL public key.</para>
- </listitem>
- </varlistentry>
- <varlistentry>
- <term>PLC_MA_SA_SSL_CRT</term>
- <listitem>
- <para>
- Type: file</para>
- <para>
- Default: /etc/planetlab/ma_sa_ssl.crt</para>
- <para>The corresponding SSL public certificate,
- signed by the root CA.</para>
- </listitem>
- </varlistentry>
- <varlistentry>
- <term>PLC_MA_SA_API_CRT</term>
- <listitem>
- <para>
- Type: file</para>
- <para>
- Default: /etc/planetlab/ma_sa_api.xml</para>
- <para>The API Certificate for your MA/SA is the SSL
- public key for your MA/SA embedded in an XML document and
- signed by the root CA SSL private key. The API Certificate
- can be used by any PlanetLab node managed by any MA, to
- verify that your MA/SA public key is valid.</para>
- </listitem>
- </varlistentry>
- <varlistentry>
- <term>PLC_NET_DNS1</term>
- <listitem>
- <para>
- Type: ip</para>
- <para>
- Default: 127.0.0.1</para>
- <para>Primary DNS server address.</para>
- </listitem>
- </varlistentry>
- <varlistentry>
- <term>PLC_NET_DNS2</term>
- <listitem>
- <para>
- Type: ip</para>
- <para>
- Default: </para>
- <para>Secondary DNS server address.</para>
- </listitem>
- </varlistentry>
- <varlistentry>
- <term>PLC_DNS_ENABLED</term>
- <listitem>
- <para>
- Type: boolean</para>
- <para>
- Default: true</para>
- <para>Enable the internal DNS server. The server does
- not provide reverse resolution and is not a production
- quality or scalable DNS solution. Use the internal DNS
- server only for small deployments or for
- testing.</para>
- </listitem>
- </varlistentry>
- <varlistentry>
- <term>PLC_MAIL_ENABLED</term>
- <listitem>
- <para>
- Type: boolean</para>
- <para>
- Default: false</para>
- <para>Set to false to suppress all e-mail notifications
- and warnings.</para>
- </listitem>
- </varlistentry>
- <varlistentry>
- <term>PLC_MAIL_SUPPORT_ADDRESS</term>
- <listitem>
- <para>
- Type: email</para>
- <para>
- Default: root+support@localhost.localdomain</para>
- <para>This address is used for support
- requests. Support requests may include traffic complaints,
- security incident reporting, web site malfunctions, and
- general requests for information. We recommend that the
- address be aliased to a ticketing system such as Request
- Tracker.</para>
- </listitem>
- </varlistentry>
- <varlistentry>
- <term>PLC_MAIL_BOOT_ADDRESS</term>
- <listitem>
- <para>
- Type: email</para>
- <para>
- Default: root+install-msgs@localhost.localdomain</para>
- <para>The API will notify this address when a problem
- occurs during node installation or boot.</para>
- </listitem>
- </varlistentry>
- <varlistentry>
- <term>PLC_MAIL_SLICE_ADDRESS</term>
- <listitem>
- <para>
- Type: email</para>
- <para>
- Default: root+SLICE@localhost.localdomain</para>
- <para>This address template is used for sending
- e-mail notifications to slices. SLICE will be replaced with
- the name of the slice.</para>
- </listitem>
- </varlistentry>
- <varlistentry>
- <term>PLC_DB_ENABLED</term>
- <listitem>
- <para>
- Type: boolean</para>
- <para>
- Default: true</para>
- <para>Enable the database server on this
- machine.</para>
- </listitem>
- </varlistentry>
- <varlistentry>
- <term>PLC_DB_TYPE</term>
- <listitem>
- <para>
- Type: string</para>
- <para>
- Default: postgresql</para>
- <para>The type of database server. Currently, only
- postgresql is supported.</para>
- </listitem>
- </varlistentry>
- <varlistentry>
- <term>PLC_DB_HOST</term>
- <listitem>
- <para>
- Type: hostname</para>
- <para>
- Default: localhost.localdomain</para>
- <para>The fully qualified hostname of the database
- server.</para>
- </listitem>
- </varlistentry>
- <varlistentry>
- <term>PLC_DB_IP</term>
- <listitem>
- <para>
- Type: ip</para>
- <para>
- Default: 127.0.0.1</para>
- <para>The IP address of the database server, if not
- resolvable by the configured DNS servers.</para>
- </listitem>
- </varlistentry>
- <varlistentry>
- <term>PLC_DB_PORT</term>
- <listitem>
- <para>
- Type: int</para>
- <para>
- Default: 5432</para>
- <para>The TCP port number through which the database
- server should be accessed.</para>
- </listitem>
- </varlistentry>
- <varlistentry>
- <term>PLC_DB_NAME</term>
- <listitem>
- <para>
- Type: string</para>
- <para>
- Default: planetlab3</para>
- <para>The name of the database to access.</para>
- </listitem>
- </varlistentry>
- <varlistentry>
- <term>PLC_DB_USER</term>
- <listitem>
- <para>
- Type: string</para>
- <para>
- Default: pgsqluser</para>
- <para>The username to use when accessing the
- database.</para>
- </listitem>
- </varlistentry>
- <varlistentry>
- <term>PLC_DB_PASSWORD</term>
- <listitem>
- <para>
- Type: password</para>
- <para>
- Default: </para>
- <para>The password to use when accessing the
- database. If left blank, one will be
- generated.</para>
- </listitem>
- </varlistentry>
- <varlistentry>
- <term>PLC_API_ENABLED</term>
- <listitem>
- <para>
- Type: boolean</para>
- <para>
- Default: true</para>
- <para>Enable the API server on this
- machine.</para>
- </listitem>
- </varlistentry>
- <varlistentry>
- <term>PLC_API_DEBUG</term>
- <listitem>
- <para>
- Type: boolean</para>
- <para>
- Default: false</para>
- <para>Enable verbose API debugging. Do not enable on
- a production system!</para>
- </listitem>
- </varlistentry>
- <varlistentry>
- <term>PLC_API_HOST</term>
- <listitem>
- <para>
- Type: hostname</para>
- <para>
- Default: localhost.localdomain</para>
- <para>The fully qualified hostname of the API
- server.</para>
- </listitem>
- </varlistentry>
- <varlistentry>
- <term>PLC_API_IP</term>
- <listitem>
- <para>
- Type: ip</para>
- <para>
- Default: 127.0.0.1</para>
- <para>The IP address of the API server, if not
- resolvable by the configured DNS servers.</para>
- </listitem>
- </varlistentry>
- <varlistentry>
- <term>PLC_API_PORT</term>
- <listitem>
- <para>
- Type: int</para>
- <para>
- Default: 80</para>
- <para>The TCP port number through which the API
- should be accessed. Warning: SSL (port 443) access is not
- fully supported by the website code yet. We recommend that
- port 80 be used for now and that the API server either run
- on the same machine as the web server, or that they both be
- on a secure wired network.</para>
- </listitem>
- </varlistentry>
- <varlistentry>
- <term>PLC_API_PATH</term>
- <listitem>
- <para>
- Type: string</para>
- <para>
- Default: /PLCAPI/</para>
- <para>The base path of the API URL.</para>
- </listitem>
- </varlistentry>
- <varlistentry>
- <term>PLC_API_MAINTENANCE_USER</term>
- <listitem>
- <para>
- Type: string</para>
- <para>
- Default: maint@localhost.localdomain</para>
- <para>The username of the maintenance account. This
- account is used by local scripts that perform automated
- tasks, and cannot be used for normal logins.</para>
- </listitem>
- </varlistentry>
- <varlistentry>
- <term>PLC_API_MAINTENANCE_PASSWORD</term>
- <listitem>
- <para>
- Type: password</para>
- <para>
- Default: </para>
- <para>The password of the maintenance account. If
- left blank, one will be generated. We recommend that the
- password be changed periodically.</para>
- </listitem>
- </varlistentry>
- <varlistentry>
- <term>PLC_API_MAINTENANCE_SOURCES</term>
- <listitem>
- <para>
- Type: hostname</para>
- <para>
- Default: </para>
- <para>A space-separated list of IP addresses allowed
- to access the API through the maintenance account. The value
- of this variable is set automatically to allow only the API,
- web, and boot servers, and should not be
- changed.</para>
- </listitem>
- </varlistentry>
- <varlistentry>
- <term>PLC_API_SSL_KEY</term>
- <listitem>
- <para>
- Type: file</para>
- <para>
- Default: /etc/planetlab/api_ssl.key</para>
- <para>The SSL private key to use for encrypting HTTPS
- traffic. If non-existent, one will be
- generated.</para>
- </listitem>
- </varlistentry>
- <varlistentry>
- <term>PLC_API_SSL_CRT</term>
- <listitem>
- <para>
- Type: file</para>
- <para>
- Default: /etc/planetlab/api_ssl.crt</para>
- <para>The corresponding SSL public certificate,
- signed by the root CA.</para>
- </listitem>
- </varlistentry>
- <varlistentry>
- <term>PLC_WWW_ENABLED</term>
- <listitem>
- <para>
- Type: boolean</para>
- <para>
- Default: true</para>
- <para>Enable the web server on this
- machine.</para>
- </listitem>
- </varlistentry>
- <varlistentry>
- <term>PLC_WWW_DEBUG</term>
- <listitem>
- <para>
- Type: boolean</para>
- <para>
- Default: false</para>
- <para>Enable debugging output on web pages. Do not
- enable on a production system!</para>
- </listitem>
- </varlistentry>
- <varlistentry>
- <term>PLC_WWW_HOST</term>
- <listitem>
- <para>
- Type: hostname</para>
- <para>
- Default: localhost.localdomain</para>
- <para>The fully qualified hostname of the web
- server.</para>
- </listitem>
- </varlistentry>
- <varlistentry>
- <term>PLC_WWW_IP</term>
- <listitem>
- <para>
- Type: ip</para>
- <para>
- Default: 127.0.0.1</para>
- <para>The IP address of the web server, if not
- resolvable by the configured DNS servers.</para>
- </listitem>
- </varlistentry>
- <varlistentry>
- <term>PLC_WWW_PORT</term>
- <listitem>
- <para>
- Type: int</para>
- <para>
- Default: 80</para>
- <para>The TCP port number through which the
- unprotected portions of the web site should be
- accessed.</para>
- </listitem>
- </varlistentry>
- <varlistentry>
- <term>PLC_WWW_SSL_PORT</term>
- <listitem>
- <para>
- Type: int</para>
- <para>
- Default: 443</para>
- <para>The TCP port number through which the protected
- portions of the web site should be accessed.</para>
- </listitem>
- </varlistentry>
- <varlistentry>
- <term>PLC_WWW_SSL_KEY</term>
- <listitem>
- <para>
- Type: file</para>
- <para>
- Default: /etc/planetlab/www_ssl.key</para>
- <para>The SSL private key to use for encrypting HTTPS
- traffic. If non-existent, one will be
- generated.</para>
- </listitem>
- </varlistentry>
- <varlistentry>
- <term>PLC_WWW_SSL_CRT</term>
- <listitem>
- <para>
- Type: file</para>
- <para>
- Default: /etc/planetlab/www_ssl.crt</para>
- <para>The corresponding SSL public certificate,
- signed by the root CA.</para>
- </listitem>
- </varlistentry>
- <varlistentry>
- <term>PLC_BOOT_ENABLED</term>
- <listitem>
- <para>
- Type: boolean</para>
- <para>
- Default: true</para>
- <para>Enable the boot server on this
- machine.</para>
- </listitem>
- </varlistentry>
- <varlistentry>
- <term>PLC_BOOT_HOST</term>
- <listitem>
- <para>
- Type: hostname</para>
- <para>
- Default: localhost.localdomain</para>
- <para>The fully qualified hostname of the boot
- server.</para>
- </listitem>
- </varlistentry>
- <varlistentry>
- <term>PLC_BOOT_IP</term>
- <listitem>
- <para>
- Type: ip</para>
- <para>
- Default: 127.0.0.1</para>
- <para>The IP address of the boot server, if not
- resolvable by the configured DNS servers.</para>
- </listitem>
- </varlistentry>
- <varlistentry>
- <term>PLC_BOOT_PORT</term>
- <listitem>
- <para>
- Type: int</para>
- <para>
- Default: 80</para>
- <para>The TCP port number through which the
- unprotected portions of the boot server should be
- accessed.</para>
- </listitem>
- </varlistentry>
- <varlistentry>
- <term>PLC_BOOT_SSL_PORT</term>
- <listitem>
- <para>
- Type: int</para>
- <para>
- Default: 443</para>
- <para>The TCP port number through which the protected
- portions of the boot server should be
- accessed.</para>
- </listitem>
- </varlistentry>
- <varlistentry>
- <term>PLC_BOOT_SSL_KEY</term>
- <listitem>
- <para>
- Type: file</para>
- <para>
- Default: /etc/planetlab/boot_ssl.key</para>
- <para>The SSL private key to use for encrypting HTTPS
- traffic. If non-existent, one will be
- generated.</para>
- </listitem>
- </varlistentry>
- <varlistentry>
- <term>PLC_BOOT_SSL_CRT</term>
- <listitem>
- <para>
- Type: file</para>
- <para>
- Default: /etc/planetlab/boot_ssl.crt</para>
- <para>The corresponding SSL public certificate,
- signed by the root CA.</para>
- </listitem>
- </varlistentry>
-</variablelist>
#
# description: Manages all PLC services on this machine
#
-# $Id: guest.init,v 1.17 2006/04/27 21:50:00 mlhuang Exp $
+# $Id: guest.init,v 1.19 2006/07/10 21:10:21 mlhuang Exp $
#
# Source function library and configuration
{
# Regenerate the main configuration file from default values
# overlaid with site-specific and current values.
- tmp=$(mktemp /tmp/plc_config.xml.XXXXXX)
- plc-config --xml \
- /etc/planetlab/default_config.xml \
- /etc/planetlab/configs/* \
- /etc/planetlab/plc_config.xml \
- >$tmp
- if [ $? -eq 0 ] ; then
- mv $tmp /etc/planetlab/plc_config.xml
- chmod 644 /etc/planetlab/plc_config.xml
- else
- echo "PLC: Warning: Invalid configuration file(s) detected"
- rm -f $tmp
- fi
-
- # Shell constants
- plc-config --shell >/etc/planetlab/plc_config
- . /etc/planetlab/plc_config
+ files=(
+ /etc/planetlab/default_config.xml
+ /etc/planetlab/configs/*
+ /etc/planetlab/plc_config.xml
+ )
+ for file in "${files[@]}" ; do
+ if [ $file -nt /etc/planetlab/plc_config.xml ] ; then
+ tmp=$(mktemp /tmp/plc_config.xml.XXXXXX)
+ plc-config --xml "${files[@]}" >$tmp
+ if [ $? -eq 0 ] ; then
+ mv $tmp /etc/planetlab/plc_config.xml
+ chmod 644 /etc/planetlab/plc_config.xml
+ else
+ echo "PLC: Warning: Invalid configuration file(s) detected"
+ rm -f $tmp
+ fi
+ break
+ fi
+ done
- # Generate various defaults
- if [ -z "$PLC_DB_PASSWORD" ] ; then
- PLC_DB_PASSWORD=$(uuidgen)
- plc-config --category=plc_db --variable=password --value="$PLC_DB_PASSWORD" --save
+ # Convert configuration to various formats
+ if [ /etc/planetlab/plc_config.xml -nt /etc/planetlab/plc_config ] ; then
+ plc-config --shell >/etc/planetlab/plc_config
fi
-
- if [ -z "$PLC_API_MAINTENANCE_PASSWORD" ] ; then
- PLC_API_MAINTENANCE_PASSWORD=$(uuidgen)
- plc-config --category=plc_api --variable=maintenance_password --value="$PLC_API_MAINTENANCE_PASSWORD" --save
+ if [ /etc/planetlab/plc_config.xml -nt /etc/planetlab/php/plc_config.php ] ; then
+ mkdir -p /etc/planetlab/php
+ plc-config --php >/etc/planetlab/php/plc_config.php
fi
-
- # Need to configure network before resolving hostnames
- /etc/plc.d/network start 3>/dev/null 4>/dev/null
-
- PLC_API_MAINTENANCE_SOURCES=$(
- for server in API BOOT WWW ; do
- hostname=PLC_${server}_HOST
- gethostbyname ${!hostname}
- done | sort -u
- )
- plc-config --category=plc_api --variable=maintenance_sources --value="$PLC_API_MAINTENANCE_SOURCES" --save
-
- # Save configuration
- mkdir -p /etc/planetlab/php
- plc-config --php >/etc/planetlab/php/plc_config.php
- plc-config --shell >/etc/planetlab/plc_config
-
- # For backward compatibility, until we can convert all code to use
- # the now standardized variable names.
-
- # DB constants are all named the same
- ln -sf plc_config /etc/planetlab/plc_db
-
- # PHP constants
- cat >/etc/planetlab/php/site_constants.php <<"EOF"
-<?php
-include('plc_config.php');
-
-define('PL_API_SERVER', PLC_API_HOST);
-define('PL_API_PATH', PLC_API_PATH);
-define('PL_API_PORT', PLC_API_PORT);
-define('PL_API_CAPABILITY_AUTH_METHOD', 'capability');
-define('PL_API_CAPABILITY_PASS', PLC_API_MAINTENANCE_PASSWORD);
-define('PL_API_CAPABILITY_USERNAME', PLC_API_MAINTENANCE_USER);
-define('WWW_BASE', PLC_WWW_HOST);
-define('BOOT_BASE', PLC_BOOT_HOST);
-define('DEBUG', PLC_WWW_DEBUG);
-define('API_CALL_DEBUG', PLC_API_DEBUG);
-define('SENDMAIL', PLC_MAIL_ENABLED);
-define('PLANETLAB_SUPPORT_EMAIL', PLC_NAME . ' Support <' . PLC_MAIL_SUPPORT_ADDRESS . '>');
-define('PLANETLAB_SUPPORT_EMAIL_ONLY', PLC_MAIL_SUPPORT_ADDRESS);
-?>
-EOF
-
- # API constants are written in plc.d/api
}
usage()
for step in "${steps[@]}" ; do
if [ -x /etc/plc.d/$step ] ; then
/etc/plc.d/$step start
+ # Steps may alter the configuration, may need to regenerate
+ reload
else
echo "PLC: $step: unrecognized step" >&4
exit 1
step=${steps[$(($nsteps - $i))]}
if [ -x /etc/plc.d/$step ] ; then
/etc/plc.d/$step stop
+ # Steps may alter the configuration, may need to regenerate
+ reload
else
echo "PLC: $step: unrecognized step" >&4
exit 1
#
# description: Manages all PLC services on this machine
#
-# $Id: host.init,v 1.8 2006/07/06 17:43:52 mlhuang Exp $
+# $Id: host.init,v 1.9 2006/07/17 21:30:33 mlhuang Exp $
#
PATH=/sbin:/bin:/usr/bin:/usr/sbin
fi
# Source configuration
-if [ -f /etc/sysconfig/plc -a -z "${PLC_ROOT}${PLC_DATA}" ] ; then
- . /etc/sysconfig/plc
+SERVICE=$(basename $0)
+if [ ! -f /etc/sysconfig/$SERVICE ] ; then
+ SERVICE=plc
+fi
+if [ -f /etc/sysconfig/$SERVICE -a -z "${PLC_ROOT}${PLC_DATA}" ] ; then
+ . /etc/sysconfig/$SERVICE
fi
# Total number of errors
start $*
;;
+ reload)
+ chroot $PLC_ROOT /sbin/service plc $PLC_OPTIONS reload $*
+ ;;
+
mount|umount|mountstatus)
${command}_plc $*
;;
*)
- echo "Usage: $0 {start|stop|restart|mount|umount|mountstatus}"
+ echo "Usage: $0 {start|stop|restart|reload|mount|umount|mountstatus}"
RETVAL=1
;;
esac
Summary: PlanetLab Central (PLC) Portable Installation
Name: myplc
Version: 0.4
-Release: 1%{?pldistro:.%{pldistro}}%{?date:.%{date}}
+Release: 2%{?pldistro:.%{pldistro}}%{?date:.%{date}}
License: PlanetLab
Group: Applications/Systems
Source0: %{name}-%{version}.tar.gz
shut down through a single System V init script installed in the host
system.
+%package devel
+Summary: PlanetLab Central (PLC) Development Environment
+Group: Development/Tools
+AutoReqProv: no
+
+%description devel
+This package install a complete PlanetLab development environment
+contained within a chroot jail. The default installation consists of a
+local CVS repository bootstrapped with a snapshot of all PlanetLab
+source code, and all the tools necessary to compile it.
+
%prep
%setup -q
%build
pushd myplc
+./build_devel.sh
./build.sh
popd
pushd myplc
+#
+# myplc
+#
+
# Install host startup script and configuration file
install -D -m 755 host.init $RPM_BUILD_ROOT/%{_sysconfdir}/init.d/plc
install -D -m 644 plc.sysconfig $RPM_BUILD_ROOT/%{_sysconfdir}/sysconfig/plc
# Install data directory
find data | cpio -p -d -u $RPM_BUILD_ROOT/plc/
+#
+# myplc-devel
+#
+
+# Install host startup script and configuration file
+install -D -m 755 host.init $RPM_BUILD_ROOT/%{_sysconfdir}/init.d/plc-devel
+install -D -m 644 plc-devel.sysconfig $RPM_BUILD_ROOT/%{_sysconfdir}/sysconfig/plc-devel
+
+# Install root filesystem
+install -d -m 755 $RPM_BUILD_ROOT/plc/devel/root
+install -D -m 644 devel/root.img $RPM_BUILD_ROOT/plc/devel/root.img
+
+# Install data directory
+find devel/data | cpio -p -d -u $RPM_BUILD_ROOT/plc/
+
+# Make sure /cvs is never upgraded once installed by giving it a
+# unique name. A hard-linked copy is made in %post.
+mv $RPM_BUILD_ROOT/plc/devel/data/{cvs,cvs-%{version}-%{release}}
+
popd
%clean
%pre
if [ -x %{_sysconfdir}/init.d/plc ] ; then
- service plc stop
+ %{_sysconfdir}/init.d/plc stop
+fi
+
+# Old versions of myplc used to ship with a bootstrapped database and
+# /etc/planetlab directory. Including generated files in the manifest
+# was dangerous; if /plc/data/var/lib/pgsql/data/base/1/16676 changed
+# names from one RPM build to another, it would be rpmsaved and thus
+# effectively deleted. Now we do not include these files in the
+# manifest. However, to avoid deleting these files in the process of
+# upgrading from one of these old versions of myplc, we must back up
+# the database and /etc/planetlab and restore them after the old
+# version has been uninstalled in %triggerpostun.
+#
+# This code can be removed once all myplc-0.4-1 installations have
+# been upgraded to at least myplc-0.4-2.
+
+# 0 = install, 1 = upgrade
+if [ $1 -gt 0 ] ; then
+ for dir in /var/lib/pgsql/data /etc/planetlab ; do
+ if [ -d /plc/data/$dir ] ; then
+ echo "Preserving /plc/data/$dir"
+ mv /plc/data/$dir /plc/data/$dir.rpmsave
+ fi
+ done
+
+ # Except for the default configuration file and DTD, which really
+ # should be considered for upgrade.
+ mkdir -m 755 -p /plc/data/etc/planetlab
+ mv /plc/data/etc/planetlab.rpmsave/{default_config.xml,plc_config.dtd} \
+ /plc/data/etc/planetlab/ || :
fi
%post
/sbin/chkconfig plc on
fi
+# Force a regeneration to take into account new variables
+touch /plc/data/etc/planetlab/default_config.xml
+
+%triggerpostun -- %{name}
+# 0 = erase, 1 = upgrade
+if [ $1 -gt 0 ] ; then
+ for dir in /var/lib/pgsql/data /etc/planetlab ; do
+ if [ -d /plc/data/$dir.rpmsave -a -d /plc/data/$dir ] ; then
+ echo "Merging /plc/data/$dir"
+ if tar -C /plc/data/$dir.rpmsave -cpf - . | \
+ tar -C /plc/data/$dir -xpf - ; then
+ rm -rf /plc/data/$dir.rpmsave
+ fi
+ fi
+ done
+fi
+
%preun
# 0 = erase, 1 = upgrade
if [ $1 -eq 0 ] ; then
fi
fi
+%pre devel
+if [ -x %{_sysconfdir}/init.d/plc-devel ] ; then
+ %{_sysconfdir}/init.d/plc-devel stop
+fi
+
+%post devel
+if [ -x /sbin/chkconfig ] ; then
+ /sbin/chkconfig --add plc-devel
+ /sbin/chkconfig plc-devel on
+fi
+
+# If /cvs does not already exist, make a hard-linked copy of this
+# version's /cvs repository.
+if [ ! -d /plc/devel/data/cvs ] ; then
+ cp -rl /plc/devel/data/{cvs-%{version}-%{release},cvs}
+fi
+
+%preun devel
+# 0 = erase, 1 = upgrade
+if [ $1 -eq 0 ] ; then
+ %{_sysconfdir}/init.d/plc-devel stop
+ if [ -x /sbin/chkconfig ] ; then
+ /sbin/chkconfig plc-devel off
+ /sbin/chkconfig --del plc-devel
+ fi
+fi
+
%files
%defattr(-,root,root,-)
# Host startup script and configuration file
%dir /plc/data
%config(noreplace) /plc/data/*
+%files devel
+%defattr(-,root,root,-)
+# Host startup script and configuration file
+%{_sysconfdir}/init.d/plc-devel
+%{_sysconfdir}/sysconfig/plc-devel
+
+# Root filesystem
+/plc/devel/root.img
+/plc/devel/root
+
+# Data directory
+%dir /plc/devel/data
+%config(noreplace) /plc/devel/data/*
+
%changelog
+* Thu Jul 13 2006 Mark Huang <mlhuang@CS.Princeton.EDU> - 0.4-2, 0.5-2
+- MyPLC 0.4 RC2.
+- Fix many spec files (License replaces Copyright).
+- Fix kernel build under gcc32 (module verification bug).
+- Fix vnet build under gcc32
+- Fix PlanetFlow. MySQL RPM postinstall script no longer starts the
+ server. Also, get hostnames list from PLC_WWW_HOST, not
+ www.planet-lab.org.
+- Fix pl_mom/bwmon to use cached values if NM is unresponsive
+- Fix pl_mom/swapmon reset logic to avoid endless loops
+- Remove ksymoops, add kernel-smp to standard PlanetLab package group
+- Add kernel-smp boot support to bootmanager
+- Add badblock search support to bootmanager
+- Build development environment (myplc-devel). Add support for
+ building myplc itself inside myplc-devel.
+- Move step-specific initialization to appropriate plc.d scripts
+- Fix postgresql startup failure when bootstrapping
+- Allow CA to be configured for each SSL certificate set. Stop doing
+ root CA stuff, this is outside the scope of MyPLC. MyPLC now only
+ generates self-signed certificates, but supports replacement of the
+ self-signed certificates with real certifcates signed by another CA,
+ as long as the CA is specified.
+- Self-sign the MA/SA SSL certificate (and by extension, the MA/SA API
+ certificate).
+- pl_mom: Workarounds for when NM queries time out.
+- plc_api: Honor PLC_MAIL_ENABLED.
+
+* Wed Jul 6 2006 Mark Huang <mlhuang@CS.Princeton.EDU> - 0.4-1, 0.5-1
+- First stable release of MyPLC 0.4 RC1.
+
* Wed Apr 5 2006 Mark Huang <mlhuang@CS.Princeton.EDU> - 0.2-1
- Basic functionality complete. Consolidate into a single package
installed in /plc.
+++ /dev/null
-#
-# OpenSSL example configuration file.
-# This is mostly being used for generation of certificate requests.
-#
-
-RANDFILE = /etc/planetlab/ssl/.rnd
-
-# Extra OBJECT IDENTIFIER info:
-#oid_file = /etc/planetlab/ssl/.oid
-oid_section = new_oids
-
-# To use this configuration file with the "-extfile" option of the
-# "openssl x509" utility, name here the section containing the
-# X.509v3 extensions to use:
-# extensions =
-# (Alternatively, use a configuration file that has only
-# X.509v3 extensions in its main [= default] section.)
-
-[ new_oids ]
-
-# We can add new OIDs in here for use by 'ca' and 'req'.
-# Add a simple OID like this:
-# testoid1=1.2.3.4
-# Or use config file substitution like this:
-# testoid2=${testoid1}.5.6
-
-####################################################################
-[ ca ]
-default_ca = CA_default # The default ca section
-
-####################################################################
-[ CA_default ]
-
-dir = /etc/planetlab/ssl # Where everything is kept
-certs = $dir # Where the issued certs are kept
-crl_dir = $dir # Where the issued crl are kept
-database = $dir/index.txt # database index file.
-unique_subject = no # Set to 'no' to allow creation of
- # several ctificates with same subject.
-new_certs_dir = $dir # default place for new certs.
-
-certificate = $dir/cacert.pem # The CA certificate
-serial = $dir/serial # The current serial number
-#crlnumber = $dir/crlnumber # the current crl number must be
- # commented out to leave a V1 CRL
-crl = $dir/crl.pem # The current CRL
-private_key = $dir/cakey.pem # The private key
-RANDFILE = $dir/.rand # private random number file
-
-x509_extensions = usr_cert # The extentions to add to the cert
-
-# Comment out the following two lines for the "traditional"
-# (and highly broken) format.
-name_opt = ca_default # Subject Name options
-cert_opt = ca_default # Certificate field options
-
-# Extension copying option: use with caution.
-# copy_extensions = copy
-
-# Extensions to add to a CRL. Note: Netscape communicator chokes on V2 CRLs
-# so this is commented out by default to leave a V1 CRL.
-# crlnumber must also be commented out to leave a V1 CRL.
-# crl_extensions = crl_ext
-
-default_days = 365 # how long to certify for
-default_crl_days= 30 # how long before next CRL
-default_md = md5 # which md to use.
-preserve = no # keep passed DN ordering
-
-# A few difference way of specifying how similar the request should look
-# For type CA, the listed attributes must be the same, and the optional
-# and supplied fields are just that :-)
-policy = policy_match
-
-# For the CA policy
-[ policy_match ]
-countryName = optional
-stateOrProvinceName = optional
-organizationName = optional
-organizationalUnitName = optional
-commonName = supplied
-emailAddress = optional
-
-# For the 'anything' policy
-# At this point in time, you must list all acceptable 'object'
-# types.
-[ policy_anything ]
-countryName = optional
-stateOrProvinceName = optional
-localityName = optional
-organizationName = optional
-organizationalUnitName = optional
-commonName = supplied
-emailAddress = optional
-
-####################################################################
-[ req ]
-default_bits = 1024
-default_keyfile = privkey.pem
-distinguished_name = req_distinguished_name
-attributes = req_attributes
-x509_extensions = v3_ca # The extentions to add to the self signed cert
-
-# Passwords for private keys if not present they will be prompted for
-# input_password = secret
-# output_password = secret
-
-# This sets a mask for permitted string types. There are several options.
-# default: PrintableString, T61String, BMPString.
-# pkix : PrintableString, BMPString.
-# utf8only: only UTF8Strings.
-# nombstr : PrintableString, T61String (no BMPStrings or UTF8Strings).
-# MASK:XXXX a literal mask value.
-# WARNING: current versions of Netscape crash on BMPStrings or UTF8Strings
-# so use this option with caution!
-# we use PrintableString+UTF8String mask so if pure ASCII texts are used
-# the resulting certificates are compatible with Netscape
-string_mask = MASK:0x2002
-
-# req_extensions = v3_req # The extensions to add to a certificate request
-
-[ req_distinguished_name ]
-countryName = Country Name (2 letter code)
-countryName_default = GB
-countryName_min = 2
-countryName_max = 2
-
-stateOrProvinceName = State or Province Name (full name)
-stateOrProvinceName_default = Berkshire
-
-localityName = Locality Name (eg, city)
-localityName_default = Newbury
-
-0.organizationName = Organization Name (eg, company)
-0.organizationName_default = My Company Ltd
-
-# we can do this but it is not needed normally :-)
-#1.organizationName = Second Organization Name (eg, company)
-#1.organizationName_default = World Wide Web Pty Ltd
-
-organizationalUnitName = Organizational Unit Name (eg, section)
-#organizationalUnitName_default =
-
-commonName = Common Name (eg, your name or your server\'s hostname)
-commonName_max = 64
-
-emailAddress = Email Address
-emailAddress_max = 64
-
-# SET-ex3 = SET extension number 3
-
-[ req_attributes ]
-challengePassword = A challenge password
-challengePassword_min = 4
-challengePassword_max = 20
-
-unstructuredName = An optional company name
-
-[ usr_cert ]
-
-# These extensions are added when 'ca' signs a request.
-
-# This goes against PKIX guidelines but some CAs do it and some software
-# requires this to avoid interpreting an end user certificate as a CA.
-
-basicConstraints=CA:FALSE
-
-# Here are some examples of the usage of nsCertType. If it is omitted
-# the certificate can be used for anything *except* object signing.
-
-# This is OK for an SSL server.
-# nsCertType = server
-
-# For an object signing certificate this would be used.
-# nsCertType = objsign
-
-# For normal client use this is typical
-# nsCertType = client, email
-
-# and for everything including object signing:
-# nsCertType = client, email, objsign
-
-# This is typical in keyUsage for a client certificate.
-# keyUsage = nonRepudiation, digitalSignature, keyEncipherment
-
-# This will be displayed in Netscape's comment listbox.
-nsComment = "OpenSSL Generated Certificate"
-
-# PKIX recommendations harmless if included in all certificates.
-subjectKeyIdentifier=hash
-authorityKeyIdentifier=keyid,issuer:always
-
-# This stuff is for subjectAltName and issuerAltname.
-# Import the email address.
-# subjectAltName=email:copy
-# An alternative to produce certificates that aren't
-# deprecated according to PKIX.
-# subjectAltName=email:move
-
-# Copy subject details
-# issuerAltName=issuer:copy
-
-#nsCaRevocationUrl = http://www.domain.dom/ca-crl.pem
-#nsBaseUrl
-#nsRevocationUrl
-#nsRenewalUrl
-#nsCaPolicyUrl
-#nsSslServerName
-
-[ v3_req ]
-
-# Extensions to add to a certificate request
-
-basicConstraints = CA:FALSE
-keyUsage = nonRepudiation, digitalSignature, keyEncipherment
-
-[ v3_ca ]
-
-
-# Extensions for a typical CA
-
-
-# PKIX recommendation.
-
-subjectKeyIdentifier=hash
-
-authorityKeyIdentifier=keyid:always,issuer:always
-
-# This is what PKIX recommends but some broken software chokes on critical
-# extensions.
-#basicConstraints = critical,CA:true
-# So we do this instead.
-basicConstraints = CA:true
-
-# Key usage: this is typical for a CA certificate. However since it will
-# prevent it being used as an test self-signed certificate it is best
-# left out by default.
-# keyUsage = cRLSign, keyCertSign
-
-# Some might want this also
-# nsCertType = sslCA, emailCA
-
-# Include email address in subject alt name: another PKIX recommendation
-# subjectAltName=email:copy
-# Copy issuer details
-# issuerAltName=issuer:copy
-
-# DER hex encoding of an extension: beware experts only!
-# obj=DER:02:03
-# Where 'obj' is a standard or added object
-# You can even override a supported extension:
-# basicConstraints= critical, DER:30:03:01:01:FF
-
-[ crl_ext ]
-
-# CRL extensions.
-# Only issuerAltName and authorityKeyIdentifier make any sense in a CRL.
-
-# issuerAltName=issuer:copy
-authorityKeyIdentifier=keyid:always,issuer:always
# Mark Huang <mlhuang@cs.princeton.edu>
# Copyright (C) 2006 The Trustees of Princeton University
#
-# $Id$
+# $Id: plc-config,v 1.2 2006/07/17 21:29:21 mlhuang Exp $
#
import sys
"xml",
"variables",
"packages",
+ "groups",
"comps",
"category=", "variable=", "value=",
"group=", "package=", "type=",
output = plc.output_variables
elif opt == "--packages":
output = plc.output_packages
+ elif opt == "--groups":
+ output = plc.output_groups
elif opt == "--comps":
output = plc.output_comps
elif opt == "--category":
# Mark Huang <mlhuang@cs.princeton.edu>
# Copyright (C) 2006 The Trustees of Princeton University
#
-# $Id: api,v 1.3 2006/04/25 21:18:19 mlhuang Exp $
+# $Id: api,v 1.5 2006/07/10 21:08:06 mlhuang Exp $
#
# Source function library and configuration
MESSAGE=$"Configuring the API"
dialog "$MESSAGE"
+ # Generate old DB configuration file
+ ln -sf plc_config /etc/planetlab/plc_db
+
+ # Make sure that the API maintenance account is protected by a
+ # password.
+ if [ -z "$PLC_API_MAINTENANCE_PASSWORD" ] ; then
+ PLC_API_MAINTENANCE_PASSWORD=$(uuidgen)
+ plc-config --category=plc_api --variable=maintenance_password --value="$PLC_API_MAINTENANCE_PASSWORD" --save
+ fi
+
+ # Make sure that all PLC servers are allowed to access the API
+ # through the maintenance account.
+ PLC_API_MAINTENANCE_SOURCES=$(
+ for server in API BOOT WWW ; do
+ hostname=PLC_${server}_HOST
+ gethostbyname ${!hostname}
+ done | sort -u
+ )
+ plc-config --category=plc_api --variable=maintenance_sources --value="$PLC_API_MAINTENANCE_SOURCES" --save
+
+ # Generate old API configuration file
api-config
check
# Mark Huang <mlhuang@cs.princeton.edu>
# Copyright (C) 2006 The Trustees of Princeton University
#
-# $Id: functions,v 1.4 2006/04/25 21:18:19 mlhuang Exp $
+# $Id: functions,v 1.6 2006/07/10 21:05:37 mlhuang Exp $
#
export PATH=/sbin:/bin:/usr/bin:/usr/sbin
perl -MSocket -e '($a,$b,$c,$d,@addrs) = gethostbyname($ARGV[0]); print inet_ntoa($addrs[0]) . "\n";' $1 2>/dev/null
}
-# Print the CNAME of an SSL certificate
-ssl_cname ()
-{
- openssl x509 -noout -in $1 -subject | \
- sed -n -e 's@.*/CN=\([^/]*\).*@\1@p'
-}
-
-# Print the emailAddress of an SSL certificate
-ssl_email ()
-{
- openssl x509 -noout -in $1 -subject | \
- sed -n -e 's@.*/emailAddress=\([^/]*\).*@\1@p'
-}
-
# Forcefully make a symlink
symlink ()
{
# Mark Huang <mlhuang@cs.princeton.edu>
# Copyright (C) 2006 The Trustees of Princeton University
#
-# $Id: httpd,v 1.2 2006/04/25 21:18:19 mlhuang Exp $
+# $Id: httpd,v 1.4 2006/07/10 21:08:46 mlhuang Exp $
#
# Source function library and configuration
# Make alpina-logs directory writable for bootmanager log upload
chown apache:apache $DocumentRoot/alpina-logs/nodes
+ # Old style PHP constants
+ mkdir -p /etc/planetlab/php
+ cat >/etc/planetlab/php/site_constants.php <<"EOF"
+<?php
+include('plc_config.php');
+
+define('PL_API_SERVER', PLC_API_HOST);
+define('PL_API_PATH', PLC_API_PATH);
+define('PL_API_PORT', PLC_API_PORT);
+define('PL_API_CAPABILITY_AUTH_METHOD', 'capability');
+define('PL_API_CAPABILITY_PASS', PLC_API_MAINTENANCE_PASSWORD);
+define('PL_API_CAPABILITY_USERNAME', PLC_API_MAINTENANCE_USER);
+define('WWW_BASE', PLC_WWW_HOST);
+define('BOOT_BASE', PLC_BOOT_HOST);
+define('DEBUG', PLC_WWW_DEBUG);
+define('API_CALL_DEBUG', PLC_API_DEBUG);
+define('SENDMAIL', PLC_MAIL_ENABLED);
+define('PLANETLAB_SUPPORT_EMAIL', PLC_NAME . ' Support <' . PLC_MAIL_SUPPORT_ADDRESS . '>');
+define('PLANETLAB_SUPPORT_EMAIL_ONLY', PLC_MAIL_SUPPORT_ADDRESS);
+?>
+EOF
+
plc_daemon httpd
check
# Mark Huang <mlhuang@cs.princeton.edu>
# Copyright (C) 2006 The Trustees of Princeton University
#
-# $Id: packages,v 1.2 2006/05/18 22:58:20 mlhuang Exp $
+# $Id: packages,v 1.4 2006/07/19 14:15:15 mlhuang Exp $
#
# Source function library and configuration
check
fi
- # Update yum metadata. createrepo sometimes leaves behind
- # an .olddata file accidentally.
- rm -rf $repository/.olddata
+ # Update yum metadata. yum-arch createrepo sometimes leaves behind
+ # .oldheaders and .olddata directories accidentally.
+ rm -rf $repository/{.oldheaders,.olddata}
yum-arch $repository
check
createrepo -g yumgroups.xml $repository
# Mark Huang <mlhuang@cs.princeton.edu>
# Copyright (C) 2006 The Trustees of Princeton University
#
-# $Id: postgresql,v 1.3 2006/05/02 23:52:50 mlhuang Exp $
+# $Id: postgresql,v 1.5 2006/07/10 21:09:24 mlhuang Exp $
#
# Source function library and configuration
if status postmaster && [ -f /var/lock/subsys/postgresql ] ; then
# The only way we can be sure is if we can access it
for i in $(seq 1 10) ; do
- psql -U postgres -c "" template1 && return 0
+ # Must do this as the postgres user initially (before we
+ # fix pg_hba.conf to passwordless localhost access).
+ su -c 'psql -U postgres -c "" template1' postgres && return 0
sleep 1
done
fi
check
# Create/update the unprivileged database user and password
+ if [ -z "$PLC_DB_PASSWORD" ] ; then
+ PLC_DB_PASSWORD=$(uuidgen)
+ plc-config --category=plc_db --variable=password --value="$PLC_DB_PASSWORD" --save
+ fi
if ! psql -U $PLC_DB_USER -c "" template1 >/dev/null 2>&1 ; then
psql -U postgres -c "CREATE USER $PLC_DB_USER PASSWORD '$PLC_DB_PASSWORD'" template1
else
# Mark Huang <mlhuang@cs.princeton.edu>
# Copyright (C) 2006 The Trustees of Princeton University
#
-# $Id: ssl,v 1.6 2006/06/28 20:44:17 alk Exp $
+# $Id: ssl,v 1.9 2006/07/17 21:28:55 mlhuang Exp $
#
# Source function library and configuration
# Be verbose
set -x
-mkcert ()
+# Print the CNAME of an SSL certificate
+ssl_cname ()
{
- CN=$1
- KEY=$2
- CRT=$3
-
- # Generate a temporary CSR. We could save the CSR, but it's not
- # worth the trouble.
- csr=$(mktemp /tmp/csr.XXXXXX)
-
- mkdir -p $(dirname $KEY)
- openssl req -config /etc/planetlab/ssl/openssl.cnf \
- -new -extensions v3_req -days 3650 -set_serial $RANDOM \
- -batch -subj "/CN=$CN" \
- -nodes -keyout $KEY -out $csr
- check
- chmod 600 $KEY
-
- # Generate and sign certificate from CSR
- serial=$(cat /etc/planetlab/ssl/serial)
-
- openssl ca -config /etc/planetlab/ssl/openssl.cnf \
- -keyfile $PLC_ROOT_CA_SSL_KEY \
- -cert $PLC_ROOT_CA_SSL_CRT \
- -batch -infiles $csr
- check
-
- mv /etc/planetlab/ssl/$serial.pem $CRT
- chmod 644 $CRT
-
- # Delete CSR
- rm -f $csr
+ openssl x509 -noout -in $1 -subject | \
+ sed -n -e 's@.*/CN=\([^/]*\).*@\1@p'
}
-case "$1" in
- start)
- MESSAGE=$"Generating SSL certificates"
- dialog "$MESSAGE"
+# Print the emailAddress of an SSL certificate
+ssl_email ()
+{
+ openssl x509 -noout -in $1 -subject | \
+ sed -n -e 's@.*/emailAddress=\([^/]*\).*@\1@p'
+}
- # Check if root CA certificate is valid
- if [ -f $PLC_ROOT_CA_SSL_CRT ] ; then
- verify=$(openssl verify $PLC_ROOT_CA_SSL_CRT)
- # If self signed, assume that we generated it
- if grep -q "self signed certificate" <<<$verify ; then
- # Delete if expired or PLC name or e-mail address has changed
- if grep -q "expired" <<<$verify || \
- [ "$(ssl_cname $PLC_ROOT_CA_SSL_CRT)" != "$PLC_NAME Root CA" ] || \
- [ "$(ssl_email $PLC_ROOT_CA_SSL_CRT)" != "$PLC_MAIL_SUPPORT_ADDRESS" ] ; then
- rm -f $PLC_ROOT_CA_SSL_CRT
- fi
- fi
+# Verify a certificate. If invalid, generate a new self-signed
+# certificate.
+verify_or_generate_certificate() {
+ crt=$1
+ key=$2
+ ca=$3
+ cname=$4
+ email=$5
+
+ # If the CA certificate does not exist, assume that the
+ # certificate is self-signed.
+ if [ ! -f $ca ] ; then
+ cp -a $crt $ca
+ fi
+
+ if [ -f $crt ] ; then
+ # Check if certificate is valid
+ verify=$(openssl verify -CAfile $ca $crt)
+ # Delete if invalid or if the subject has changed
+ if grep -q "error" <<<$verify || \
+ [ "$(ssl_cname $crt)" != "$cname" ] || \
+ [ "$(ssl_email $crt)" != "$email" ] ; then
+ rm -f $crt $ca
fi
+ fi
- # Generate root CA key pair and certificate
- if [ ! -f $PLC_ROOT_CA_SSL_CRT ] ; then
- mkdir -p $(dirname $PLC_ROOT_CA_SSL_CRT)
- openssl req -config /etc/planetlab/ssl/openssl.cnf \
- -new -x509 -extensions v3_ca -days 3650 -set_serial $RANDOM \
- -batch -subj "/CN=$PLC_NAME Root CA/emailAddress=$PLC_MAIL_SUPPORT_ADDRESS" \
- -nodes -keyout $PLC_ROOT_CA_SSL_KEY -out $PLC_ROOT_CA_SSL_CRT
- check
- chmod 600 $PLC_ROOT_CA_SSL_KEY
- chmod 644 $PLC_ROOT_CA_SSL_CRT
-
- # API certificate verification requires a public key
- openssl rsa -pubout <$PLC_ROOT_CA_SSL_KEY >$PLC_ROOT_CA_SSL_KEY_PUB
- check
- chmod 644 $PLC_ROOT_CA_SSL_KEY_PUB
-
- # Reset DB
- >/etc/planetlab/ssl/index.txt
- echo "01" >/etc/planetlab/ssl/serial
+ if [ ! -f $crt ] ; then
+ # Set subject
+ subj=
+ if [ -n "$cname" ] ; then
+ subj="$subj/CN=$cname"
fi
-
- # Check if MA/SA certificate is valid
- if [ -f $PLC_MA_SA_SSL_CRT ] ; then
- verify=$(openssl verify -CAfile $PLC_ROOT_CA_SSL_CRT $PLC_MA_SA_SSL_CRT)
- # Delete if expired or not signed correctly
- if grep -q "error" <<<$verify ; then
- rm -f $PLC_MA_SA_SSL_CRT
- fi
+ if [ -n "$email" ] ; then
+ subj="$subj/emailAddress=$email"
fi
- # Generate MA/SA key pair and certificate
- if [ ! -f $PLC_MA_SA_SSL_CRT ] ; then
- mkcert "$PLC_NAME Management and Slice Authority" \
- $PLC_MA_SA_SSL_KEY $PLC_MA_SA_SSL_CRT
-
- # Make readable by apache so that the API can sign certificates
- chown apache $PLC_MA_SA_SSL_KEY
- chmod 600 $PLC_MA_SA_SSL_KEY
+ # Generate new self-signed certificate
+ mkdir -p $(dirname $crt)
+ openssl req -new -x509 -days 3650 -set_serial $RANDOM \
+ -batch -subj "$subj" \
+ -nodes -keyout $key -out $crt
+ check
+ chmod 644 $crt
+
+ # The certificate it self-signed, so it is its own CA
+ cp -a $crt $ca
+ fi
+}
- # API requires a public key for slice ticket verification
- openssl rsa -pubout <$PLC_MA_SA_SSL_KEY >$PLC_MA_SA_SSL_KEY_PUB
- check
- chmod 644 $PLC_MA_SA_SSL_KEY_PUB
- fi
+case "$1" in
+ start)
+ MESSAGE=$"Generating SSL certificates"
+ dialog "$MESSAGE"
- # Generate self-signed HTTPS certificate(s). These nice
- # commands come from the mod_ssl spec file for Fedora Core
- # 2. We generate a certificate for each enabled server
- # with a different hostname. These self-signed
- # certificates may be overridden later.
+ # Verify or generate MA/SA certificate if necessary. This
+ # self-signed certificate may be overridden later.
+ verify_or_generate_certificate \
+ $PLC_MA_SA_SSL_CRT $PLC_MA_SA_SSL_KEY $PLC_MA_SA_CA_SSL_CRT \
+ "$PLC_NAME Management and Slice Authority" \
+ $PLC_MAIL_SUPPORT_ADDRESS
+
+ # Make MA/SA key readable by apache so that the API can sign
+ # certificates
+ chown apache $PLC_MA_SA_SSL_KEY
+ chmod 600 $PLC_MA_SA_SSL_KEY
+
+ # Extract the public key of the root CA (if any) that signed
+ # the MA/SA certificate.
+ openssl x509 -in $PLC_MA_SA_CA_SSL_CRT -noout -pubkey >$PLC_MA_SA_CA_SSL_KEY_PUB
+ check
+ chmod 644 $PLC_MA_SA_CA_SSL_KEY_PUB
+
+ # Generate HTTPS certificates if necessary. We generate a
+ # certificate for each enabled server with a different
+ # hostname. These self-signed certificates may be overridden
+ # later.
for server in WWW API BOOT ; do
ssl_key=PLC_${server}_SSL_KEY
ssl_crt=PLC_${server}_SSL_CRT
+ ca_ssl_crt=PLC_${server}_CA_SSL_CRT
hostname=PLC_${server}_HOST
# Check if we have already generated a certificate for
fi
previous_ssl_key=PLC_${previous_server}_SSL_KEY
previous_ssl_crt=PLC_${previous_server}_SSL_CRT
+ previous_ca_ssl_crt=PLC_${previous_server}_CA_SSL_CRT
previous_hostname=PLC_${previous_server}_HOST
if [ -f ${!previous_ssl_crt} ] && \
[ "$(ssl_cname ${!previous_ssl_crt})" = "${!hostname}" ] ; then
cp -a ${!previous_ssl_key} ${!ssl_key}
cp -a ${!previous_ssl_crt} ${!ssl_crt}
+ cp -a ${!previous_ca_ssl_crt} ${!ca_ssl_crt}
break
fi
done
- # Check if self-signed certificate is valid
- if [ -f ${!ssl_crt} ] ; then
- verify=$(openssl verify ${!ssl_crt})
- # If self-signed
- if grep -q "self signed certificate" <<<$verify ; then
- # Delete if expired or hostname changed
- if grep -q "expired" <<<$verify || \
- [ "$(ssl_cname ${!ssl_crt})" != "${!hostname}" ] ; then
- rm -f ${!ssl_crt}
- fi
- fi
- fi
+ verify_or_generate_certificate \
+ ${!ssl_crt} ${!ssl_key} ${!ca_ssl_crt} \
+ ${!hostname} $PLC_MAIL_SUPPORT_ADDRESS
- # Generate new self-signed certificate
- if [ ! -f ${!ssl_crt} ] ; then
- mkdir -p $(dirname ${!ssl_crt})
- openssl req -new -x509 -days 3650 -set_serial $RANDOM \
- -batch -subj "/CN=${!hostname}" \
- -nodes -keyout ${!ssl_key} -out ${!ssl_crt}
- check
- chmod 644 ${!ssl_crt}
- fi
done
# Install HTTPS certificates into both /etc/pki (Fedora Core
# Mark Huang <mlhuang@cs.princeton.edu>
# Copyright (C) 2006 The Trustees of Princeton University
#
-# $Id: plc_config.py,v 1.2 2006/04/04 22:09:25 mlhuang Exp $
+# $Id: plc_config.py,v 1.4 2006/07/17 21:29:15 mlhuang Exp $
#
import xml.dom.minidom
return buf.getvalue()
+ def output_groups(self, encoding = "utf-8"):
+ """
+ Return list of all package group names.
+ """
+
+ buf = codecs.lookup(encoding)[3](StringIO())
+
+ for (group, packages) in self._packages.values():
+ buf.write(group['name'] + os.linesep)
+
+ return buf.getvalue()
+
+
def output_comps(self, encoding = "utf-8"):
"""
Return <comps> section of configuration.
Mark Huang <mlhuang@cs.princeton.edu>
Copyright (C) 2006 The Trustees of Princeton University
-$Id: plc_config.xml,v 1.13 2006/05/23 18:14:47 mlhuang Exp $
+$Id: plc_config.xml,v 1.15 2006/07/10 21:04:17 mlhuang Exp $
-->
<!DOCTYPE configuration PUBLIC "-//PlanetLab Central//DTD PLC configuration//EN" "plc_config.dtd">
<description>The SSH private key used to access the root
account on your nodes.</description>
</variable>
-
- <variable id="root_ca_ssl_key" type="file">
- <name>Root CA SSL Private Key</name>
- <value>/etc/planetlab/root_ca_ssl.key</value>
- <description>The SSL private key used for signing all other
- generated certificates. If non-existent, one will be
- generated.</description>
- </variable>
-
- <variable id="root_ca_ssl_key_pub" type="file">
- <name>Root CA SSL Public Key</name>
- <value>/etc/planetlab/root_ca_ssl.pub</value>
- <description>The corresponding SSL public key.</description>
- </variable>
-
- <variable id="root_ca_ssl_crt" type="file">
- <name>Root CA SSL Public Certificate</name>
- <value>/etc/planetlab/root_ca_ssl.crt</value>
- <description>The corresponding SSL public
- certificate.</description>
- </variable>
</variablelist>
</category>
be generated.</description>
</variable>
- <variable id="ssl_key_pub" type="file">
- <name>SSL Public Key</name>
- <value>/etc/planetlab/ma_sa_ssl.pub</value>
- <description>The corresponding SSL public key.</description>
- </variable>
-
<variable id="ssl_crt" type="file">
<name>SSL Public Certificate</name>
<value>/etc/planetlab/ma_sa_ssl.crt</value>
- <description>The corresponding SSL public certificate,
- signed by the root CA.</description>
+ <description>The corresponding SSL public certificate. By
+ default, this certificate is self-signed. You may replace
+ the certificate later with one signed by the PLC root
+ CA.</description>
+ </variable>
+
+ <variable id="ca_ssl_crt" type="file">
+ <name>Root CA SSL Public Certificate</name>
+ <value>/etc/planetlab/ma_sa_ca_ssl.crt</value>
+ <description>If applicable, the certificate of the PLC root
+ CA. If your MA/SA certificate is self-signed, then this file
+ is the same as your MA/SA certificate.</description>
+ </variable>
+
+ <variable id="ca_ssl_key_pub" type="file">
+ <name>Root CA SSL Public Key</name>
+ <value>/etc/planetlab/ma_sa_ca_ssl.pub</value>
+ <description>If applicable, the public key of the PLC root
+ CA. If your MA/SA certificate is self-signed, then this file
+ is the same as your MA/SA public key.</description>
</variable>
<variable id="api_crt" type="file">
<name>API Certificate</name>
<value>/etc/planetlab/ma_sa_api.xml</value>
- <description>The API Certificate for your MA/SA is the SSL
- public key for your MA/SA embedded in an XML document and
- signed by the root CA SSL private key. The API Certificate
- can be used by any PlanetLab node managed by any MA, to
- verify that your MA/SA public key is valid.</description>
+ <description>The API Certificate is your MA/SA public key
+ embedded in a digitally signed XML document. By default,
+ this document is self-signed. You may replace this
+ certificate later with one signed by the PLC root
+ CA.</description>
</variable>
</variablelist>
</category>
<variable id="ssl_crt" type="file">
<name>SSL Public Certificate</name>
<value>/etc/planetlab/api_ssl.crt</value>
- <description>The corresponding SSL public certificate,
- signed by the root CA.</description>
+ <description>The corresponding SSL public certificate. By
+ default, this certificate is self-signed. You may replace
+ the certificate later with one signed by a root
+ CA.</description>
+ </variable>
+
+ <variable id="ca_ssl_crt" type="file">
+ <name>Root CA SSL Public Certificate</name>
+ <value>/etc/planetlab/api_ca_ssl.crt</value>
+ <description>The certificate of the root CA, if any, that
+ signed your server certificate. If your server certificate is
+ self-signed, then this file is the same as your server
+ certificate.</description>
</variable>
</variablelist>
</category>
<variable id="ssl_crt" type="file">
<name>SSL Public Certificate</name>
<value>/etc/planetlab/www_ssl.crt</value>
- <description>The corresponding SSL public certificate,
- signed by the root CA.</description>
+ <description>The corresponding SSL public certificate for
+ the HTTP server. By default, this certificate is
+ self-signed. You may replace the certificate later with one
+ signed by a root CA.</description>
+ </variable>
+
+ <variable id="ca_ssl_crt" type="file">
+ <name>Root CA SSL Public Certificate</name>
+ <value>/etc/planetlab/www_ca_ssl.crt</value>
+ <description>The certificate of the root CA, if any, that
+ signed your server certificate. If your server certificate is
+ self-signed, then this file is the same as your server
+ certificate.</description>
</variable>
</variablelist>
</category>
<name>SSL Private Key</name>
<value>/etc/planetlab/boot_ssl.key</value>
<description>The SSL private key to use for encrypting HTTPS
- traffic. If non-existent, one will be
- generated.</description>
+ traffic.</description>
</variable>
<variable id="ssl_crt" type="file">
<name>SSL Public Certificate</name>
<value>/etc/planetlab/boot_ssl.crt</value>
- <description>The corresponding SSL public certificate,
- signed by the root CA.</description>
+ <description>The corresponding SSL public certificate for
+ the HTTP server. By default, this certificate is
+ self-signed. You may replace the certificate later with one
+ signed by a root CA.</description>
+ </variable>
+
+ <variable id="ca_ssl_crt" type="file">
+ <name>Root CA SSL Public Certificate</name>
+ <value>/etc/planetlab/boot_ca_ssl.crt</value>
+ <description>The certificate of the root CA, if any, that
+ signed your server certificate. If your server certificate is
+ self-signed, then this file is the same as your server
+ certificate.</description>
</variable>
</variablelist>
</category>
Mark Huang <mlhuang@cs.princeton.edu>
Copyright (C) 2006 The Trustees of Princeton University
-$Id: plc_devel_config.xml,v 1.1 2006/07/17 21:31:31 mlhuang Exp $
+$Id: plc_devel_config.xml,v 1.2 2006/07/18 17:37:53 mlhuang Exp $
-->
<!DOCTYPE configuration PUBLIC "-//PlanetLab Central//DTD PLC configuration//EN" "plc_config.dtd">