%define name sfa
-%define version 3.1
-%define taglevel 1
+%define version 5.0
+%define taglevel 0
%define release %{taglevel}%{?pldistro:.%{pldistro}}%{?date:.%{date}}
-%global python_sitearch %( python -c "from distutils.sysconfig import get_python_lib; print get_python_lib(1)" )
-%{!?python_sitelib: %define python_sitelib %(%{__python} -c "from distutils.sysconfig import get_python_lib; print get_python_lib()")}
Name: %{name}
Version: %{version}
Distribution: PlanetLab
URL: %{SCMURL}
-Summary: Server-side for SFA, generic implementation derived from PlanetLab
+Summary: Server-side for SFA, generic implementation derived from PlanetLab
Group: Applications/System
BuildRequires: make
-BuildRequires: python-setuptools
-# for the registry
-Requires: postgresql >= 8.2, postgresql-server >= 8.2
-Requires: postgresql-python
-Requires: python-psycopg2
-# f8=0.4 - f12=0.5 f14=0.6 f16=0.7
-Requires: python-sqlalchemy
-Requires: python-migrate
-# the eucalyptus aggregate uses this module
-Requires: python-xmlbuilder
# for uuidgen - used in db password generation
-# on f8 this actually comes with e2fsprogs, go figure
Requires: util-linux-ng
-# and the SFA libraries of course
+# for the registry
+Requires: postgresql >= 8.2, postgresql-server >= 8.2
+Requires: python3-PyGreSQL
+Requires: python3-psycopg2
+Requires: python3-sqlalchemy
+Requires: python3-migrate
+Requires: python3-tempita
+Requires: python3-decorator
+# and of course the bulk of it
Requires: sfa-common
-
+
%package common
Summary: Python libraries for SFA, generic implementation derived from PlanetLab
Group: Applications/System
-Requires: python >= 2.7
-Requires: pyOpenSSL >= 0.7
-Requires: m2crypto
-Requires: python-dateutil
-Requires: python-lxml
-Requires: libxslt-python
-Requires: python-ZSI
+Requires: python3
+Requires: python3-pyOpenSSL
+Requires: python3-m2crypto
+Requires: python3-dateutil
+Requires: python3-lxml
+# %if "%{distro}" == "Fedora" && "%{distrorelease}" <= "27"
+# Requires: python-ZSI
+# %else
+# Requires: python2-zsi
+# %endif
+# Requires: libxslt-python
Requires: xmlsec1-openssl-devel
%package client
Group: Applications/System
Requires: sfa
-%package flashpolicy
-Summary: SFA support for flash clients
-Group: Applications/System
-Requires: sfa
-
-%package federica
-Summary: the SFA layer around Federica
-Group: Applications/System
-Requires: sfa
-
-%package nitos
-Summary: the SFA layer around NITOS
-Group: Applications/System
-Requires: sfa
-
-%package senslab
-Summary: the SFA layer around SensLab
+%package iotlab
+Summary: the SFA layer around IotLab
Group: Applications/System
Requires: sfa
%package dummy
-Summary: the SFA layer around a Dummy Testbed
+Summary: the SFA layer around a Dummy Testbed
Group: Applications/System
Requires: sfa
Group: Applications/System
Requires: sfa
-%package xmlbuilder
-Summary: third-party xmlbuilder tool
-Group: Applications/System
-Provides: python-xmlbuilder
-
%package tests
Summary: unit tests suite for SFA
Group: Applications/System
Requires: sfa-common
-%description
+%description
This package provides the registry, aggregate manager and slice
managers for SFA. In most cases it is advisable to install additional
package for a given testbed, like e.g. sfa-plc for a PlanetLab tesbed.
This package implements the SFA interface which serves as a layer
between the existing PlanetLab interfaces and the SFA API.
-%description flashpolicy
-This package provides support for adobe flash client applications.
-
-%description federica
-The SFA driver for FEDERICA.
-
-%description nitos
-The SFA driver for NITOS.
-
-%description senslab
-The SFA driver for SensLab.
+%description iotlab
+The SFA driver for IotLab.
%description dummy
The SFA driver for a Dummy Testbed.
in an SFA network, in much the same way as iptables is for ip
networks. This is the command line interface to manage sfatables
-%description xmlbuilder
-This package contains the xmlbuilder python library, packaged for
-convenience as it is not supported by fedora
-
%description tests
Provides some binary unit tests in /usr/share/sfa/tests
rm -rf $RPM_BUILD_ROOT
%files
-/etc/init.d/sfa
+/lib/systemd/system/*.service
%{_bindir}/sfa-start.py*
%{_bindir}/sfaadmin.py*
%{_bindir}/sfaadmin
%{_bindir}/keyconvert.py*
%{_bindir}/sfa-config-tty
%{_bindir}/sfa-config
+%{_bindir}/sfa-setup.sh
%config /etc/sfa/default_config.xml
%config (noreplace) /etc/sfa/aggregates.xml
%config (noreplace) /etc/sfa/registries.xml
%config (noreplace) /etc/sfa/api_versions.xml
/usr/share/sfa/migrations
/usr/share/sfa/examples
-/var/www/html/wsdl/*.wsdl
%files common
-%{python_sitelib}/sfa/__init__.py*
-%{python_sitelib}/sfa/trust
-%{python_sitelib}/sfa/storage
-%{python_sitelib}/sfa/util
-%{python_sitelib}/sfa/server
-%{python_sitelib}/sfa/methods
-%{python_sitelib}/sfa/generic
-%{python_sitelib}/sfa/managers
-%{python_sitelib}/sfa/importer
-%{python_sitelib}/sfa/rspecs
-%{python_sitelib}/sfa/client
+%{python3_sitelib}/sfa/__init__.py*
+%{python3_sitelib}/sfa/__pycache__/__init__*.pyc
+%{python3_sitelib}/sfa/trust
+%{python3_sitelib}/sfa/storage
+%{python3_sitelib}/sfa/util
+%{python3_sitelib}/sfa/server
+%{python3_sitelib}/sfa/methods
+%{python3_sitelib}/sfa/generic
+%{python3_sitelib}/sfa/managers
+%{python3_sitelib}/sfa/importer
+%{python3_sitelib}/sfa/rspecs
+%{python3_sitelib}/sfa/client
%files client
%config (noreplace) /etc/sfa/sfi_config
%{_bindir}/sfascan.py*
%{_bindir}/sfascan
%{_bindir}/sfadump.py*
+%{_bindir}/sfax509.py*
%files plc
%defattr(-,root,root)
-%{python_sitelib}/sfa/planetlab
-%{python_sitelib}/sfa/openstack
+%{python3_sitelib}/sfa/planetlab
/etc/sfa/pl.rng
/etc/sfa/credential.xsd
/etc/sfa/top.xsd
/etc/sfa/protogeni-rspec-common.xsd
/etc/sfa/topology
-%files flashpolicy
-%{_bindir}/sfa_flashpolicy.py*
-/etc/sfa/sfa_flashpolicy_config.xml
-
-%files federica
-%{python_sitelib}/sfa/federica
-
-%files nitos
-%{python_sitelib}/sfa/nitos
-
-%files senslab
-%{python_sitelib}/sfa/iotlab
+%files iotlab
+%{python3_sitelib}/sfa/iotlab
%files dummy
-%{python_sitelib}/sfa/dummy
+%{python3_sitelib}/sfa/dummy
%files sfatables
/etc/sfatables/*
%{_bindir}/sfatables
-%{python_sitelib}/sfatables
-
-%files xmlbuilder
-%{python_sitelib}/xmlbuilder
+%{python3_sitelib}/sfatables
%files tests
%{_datadir}/sfa/tests
-### sfa installs the 'sfa' service
-%post
-chkconfig --add sfa
+# arbitrary choice here, subject to manual tweaks if needed
+# this is in line with default_config.xml
+# no need to enable sfa-db, will be activated as a dependency
+%post
+systemctl enable sfa-aggregate
+systemctl enable sfa-registry
+true
-%preun
+%preun
if [ "$1" = 0 ] ; then
- /sbin/service sfa stop || :
- /sbin/chkconfig --del sfa || :
+ for service in sfa-aggregate sfa-registry sfa-db; do
+ systemctl is-enabled $service && systemctl disable $service
+ systemctl is-active $service && systemctl stop $service
+ done
fi
+true
%postun
-[ "$1" -ge "1" ] && { service sfa dbdump ; service sfa restart ; }
-
-#### sfa-cm installs the 'sfa-cm' service
-#%post cm
-#chkconfig --add sfa-cm
-#
-#%preun cm
-#if [ "$1" = 0 ] ; then
-# /sbin/service sfa-cm stop || :
-# /sbin/chkconfig --del sfa-cm || :
-#fi
-#
-#%postun cm
-#[ "$1" -ge "1" ] && service sfa-cm restart || :
+if [ "$1" -ge "1" ] ; then
+ for service in sfa-db sfa-registry sfa-aggregate; do
+ systemctl is-active $service && systemctl restart $service
+ done
+fi
+true
%changelog
+* Fri Mar 29 2019 Thierry Parmentelat <thierry.parmentelat@inria.fr> - sfa-5.0-0
+- ported to python3 - no other change
+
+* Mon Jan 07 2019 Thierry <Parmentelat> - sfa-4.0-2
+- have shebangs mention python2 since it is what this version runs on
+- use rpm names in python2-something for expressing dependencies
+- remove build dependency to python-setuptools
+- Handle C-BAS hrn format with "\" (Loic)
+- sfa-start does not daemonize anymore (this is handled by systemd)
+- a little nicer logs when troubleshooting auth issues
+- use systemctl in Makefile when syncing
+
+* Wed May 30 2018 Thierry <Parmentelat> - sfa-4.0-1
+- systemd service files install in /lib instead of /usr/lib for ubuntus
+- removed all features relating to slice manager
+- removed all features relating to component manager
+
+* Mon May 28 2018 Thierry <Parmentelat> - sfa-4.0-0
+- expose geni_api_versions as https://
+- avoid publishing non-relevant entries in GetVersion
+- fixes in the IoT-lab driver (thanks Loic)
+- reviewed logging policy, less awkward and more reliable; /var/log/sfa{,-import}.log should now be alive and time rotate
+- rewrote init-style startup script into systemd-native services: sfa-aggregate and sfa-registry, that both depend on sfa-db
+- huge cleanup, removed everything related to init.d; debian; flash-policy; max aggregate; federica, openstack/nova and nitos drivers
+
+* Fri Mar 16 2018 Thierry <Parmentelat> - sfa-3.1-22
+- pl: tweaks for exposing country / city on nodes from site tags if set
+- pl: tweaks for exposing hardware_types on nodes from node tag 'hardware_type' if set
+- pl: fix exposing granularity
+- sfaresetgids.py: a utility to reset gids when a update of the tolpevel gis is needed
+- iotlab: various tweaks
+- patch backported from plcapi about issues with xmlrpc and unicode under fedora >= 24
+
+* Fri Jan 13 2017 Thierry Parmentelat <thierry.parmentelat@sophia.inria.fr> - sfa-3.1-21
+- sfax509 command can run openssl x509 on all the parts of a gid
+- bugfix in sfi when running the discover subcommand
+- PEP8'ed a substantial part of the code
+- additional debug in chain verification
+- sfi myslice more robust - ignores broken slices
+- new sfi introspect
+- for myslice: the trust/ package should be python3-ready
+- * provided that m2crypto is
+- * although the devel version of m2crypto wroks just fine for us
+- * even if it's incomplete for other aspects that we do not care about
+
+* Thu Dec 17 2015 Thierry Parmentelat <thierry.parmentelat@sophia.inria.fr> - sfa-3.1-20
+- minor fixes for migrating on fedora23
+
+* Tue Dec 08 2015 Thierry Parmentelat <thierry.parmentelat@sophia.inria.fr> - sfa-3.1-19
+- imported changes from GENI as reported - Aaron Helsinger
+- minimal changes so that parts can be imported from nepi/py3
+- iotlab driver : fix ASAP jobs with state != Waiting, Running - Frederic
+- sfi client more accurately advertises rspec version - Loic
+- + bugfix in initscript
+
+* Mon Jun 08 2015 Thierry Parmentelat <thierry.parmentelat@sophia.inria.fr> - sfa-3.1-18
+- incorporated Frederic Saint Marcel's addition of ASAP management tag
+
+* Fri Jun 05 2015 Thierry Parmentelat <thierry.parmentelat@sophia.inria.fr> - sfa-3.1-17
+- workaround for 'name' not being exposed properly by List() on authority objects
+- fix a corner case in PL importer
+- trashed module registry_manager_openstack
+
+* Thu Jun 04 2015 Thierry Parmentelat <thierry.parmentelat@sophia.inria.fr> - sfa-3.1-16
+- added a new builtin column 'name' for authorities in the sfa registry
+- this is kept in sync with MyPLC's site names when relevant
+- sfa update -t authority thus now has a new -n/--name option
+- sfi register or update can specify record type on only 2 characters (au, us, no, or sl)
+- reviewed Describe and Allocate wrt slice tags for a PL AM:
+- Describe now exposes all slice tags with a 'scope' being 'sliver' or 'slice'
+- Allocate now by default ignores incoming slice tags
+- Allocate's options can mention 'pltags' among 'ignore', 'append', 'sync'
+- default being 'ignore'
+- in 'ignore' mode, slice tags are unchanged in the PL db
+- in 'append' mode, slice tags from the rspec are added to the db unless
+- they are already present
+- in 'sync' mode, the code attempts to leave the PL db in sync with the tags
+- provided in rspec; this can be dangerous and is thus no longer the default
+- behaviour
+
+* Thu Apr 23 2015 Thierry Parmentelat <thierry.parmentelat@sophia.inria.fr> - sfa-3.1-15
+- major rework of the iotlab driver, that uses an IoT-lab REST API
+- and so does not need to interact with LDAP and OAR directly
+- deprecated cortexlab driver altogether
+- cosmetic changes in displaying credentials, rights and certificates
+- for hopefully more readable error messages
+- always start postgresql if not running (ignore /etc/myplc-release)
+- does not need lxc=enter-namespace anymore for make sync
+
+* Thu Apr 09 2015 Thierry Parmentelat <thierry.parmentelat@sophia.inria.fr> - sfa-3.1-14
+- for SSL & python-2.7.9: ignore server verification
+- assume 2.7: remove compat code - always use HTTPSConnection (not HTTPS anymore)
+- fix: Reset GIDs works even if user has no pub_key
+- tweak for ubuntu (that does not have systemctl)
+- iotlab driver: fix ldap account creation at each lease
+- miscell cosmetic & layout
+
+* Mon Dec 01 2014 Thierry Parmentelat <thierry.parmentelat@sophia.inria.fr> - sfa-3.1-13
+- bugfix - was adding extraneous backslashes in email address when attempting to AddPerson
+
+* Mon Sep 15 2014 Thierry Parmentelat <thierry.parmentelat@sophia.inria.fr> - sfa-3.1-12
+- getting closer with the pip/pypi packaging
+
+* Mon Sep 15 2014 Thierry Parmentelat <thierry.parmentelat@sophia.inria.fr> - sfa-3.1-11
+- various tweaks for the openlab demo
+- first stab at uploading onto a pypi (for pip install sfa)
+
+* Wed Aug 20 2014 Thierry Parmentelat <thierry.parmentelat@sophia.inria.fr> - sfa-3.1-10
+- rewrote an optimized version of verify_persons in the PL driver:
+- Allocate and Provision should now perform much faster
+- in the bargain, changed the way dummy persons are created by SFA:
+- the sfa email is used when free, otherwise a fake email is made up from hrn
+- e.g. hrn=onelab.inria.thierry_parmentelat -> email=thierry_parmentelat@onelab.inria.stub
+- verify_chain debug flow does not up any more by default
+- various fixes in the iotlab driver
+
+* Mon Jul 21 2014 Thierry Parmentelat <thierry.parmentelat@sophia.inria.fr> - sfa-3.1-9
+- Register can change the user keys using 'reg-keys' as well as 'keys'
+- also accept a single string rather than a list of keys
+- remove 'geni_api' from the registry GetVersion (which is not based on geni anymore)
+- bump the 'sfa' tag in the same registry GetVersion to 3
+- remove all mutable used as default arguments
+
+* Thu Jun 05 2014 Thierry Parmentelat <thierry.parmentelat@sophia.inria.fr> - sfa-3.1-8
+- bugfix, sfi remove was broken
+
+* Wed Jun 04 2014 Thierry Parmentelat <thierry.parmentelat@sophia.inria.fr> - sfa-3.1-7
+- sfi return code should be more meaningful - not yet for all commands though
+- DEFAULT_CREDENTIAL_LIFETIME now 28 days (was 31)
+- dropped support for legacy credentials
+- bugfix: short-lived credentials triggered a bug with UTC translated into localtime
+- further minor cleanup of timestamp formats
+
+* Mon Jun 02 2014 Thierry Parmentelat <thierry.parmentelat@sophia.inria.fr> - sfa-3.1-6
+- iotlab driver: Allocate uses OAR
+- iotlab driver: using actual_caller_hrn
+
+* Thu May 29 2014 Thierry Parmentelat <thierry.parmentelat@sophia.inria.fr> - sfa-3.1-5
+- Slice Manager is down by default
+- sfi renew -l/--as-long-as-possible and e.g. sfi renew <> +2[d|w|m]
+- also renew tries to find a max date for renewal instead of bailing out
+- sfaclientlib file names scheme keeps track of user as well as object for credentials
+- none fields get removed before sending over xmlrpc - partially for now
+- cleanup on time formats and - hopefully timezones
+- cleanup on speaking_for
+- Allocate passes actual_caller_hrn as part of options to driver
+- iotlab driver and leases
+- new modules abac_credential, credential_factory and speaksfor_util
+
+* Tue May 06 2014 Thierry Parmentelat <thierry.parmentelat@sophia.inria.fr> - sfa-3.1-4
+- for register and update, client is expected to set
+- reg-researchers rather than researcher
+- reg-pis rather than pi
+- although the old forms are still supported
+- renamed sfi add into sfi register (add still works)
+- sfaadmin to return a meaningful exit code when fails
+- fix for sfadump
+- plimporter to report and ignore person or slice without a hrn
+- add support for stuff like sfi update -t slice -x the.slice.hrn -r none
+
+* Thu Apr 03 2014 Thierry Parmentelat <thierry.parmentelat@sophia.inria.fr> - sfa-3.1-3
+- fix for user hrn's that have a dash in their leaf
+- fix for names of GENI federates
+- fix for SFA_MAX_SLICE_RENEW
+
+* Thu Feb 20 2014 Mohamed Larabi <mohamed.larabi@inria.fr> - sfa-3.1-2
+- -- Core
+- added support for geni_extend_alap (as long as possible) in RenewSliver.
+- adding support for geni_speaking_for option,
+- -- RSpecs
+- Add support for Ofelia OpenFlow RSpecs
+- -- PlanetLab
+- Set Admins as PI's of the top authority while importing.
+- -- IoTLab
+- Iotlab and cortexlab ported to geni-v3.
+- Moving methods using the SFA db and api object from Shell to Driver.
+- Propagating the changes in iotlabimporter, iotlabaggregate and iotlabslices.
+- Iotlab now using sfa database for the special table lease_table.
+- Using alchemy.py classes to create a session to the DB.
+- Cleaning and documenting.
+- Fix Allocate() API call
+- -- client
+- handle single slivers.
+- fix sfi.py version and trusted.
+- -- PlanetLab
+- handle single slivers by Provision(), Delete() and PerformOperationalAction().
+- fix foreign slices mgt in sliver_to_slice_xrn() and check_sliver_credentials().
+- wider mgt of new slice url and description.
+- -- Packaging
+- rename senslab package into iotlab.
+- don't package xml-builder anymore.
+- fix debian/ubuntu packaging.
+
* Tue Dec 10 2013 Thierry Parmentelat <thierry.parmentelat@sophia.inria.fr> - sfa-3.1-1
- -- core
- clean up rspecs.
* Tue Jul 10 2012 Tony Mack <tmack@cs.princeton.edu> - sfa-2.1-12
- Update Openstack driver to support Essex release/
- Fix authority xrn bug.
-
+
* Thu Jun 07 2012 Thierry Parmentelat <thierry.parmentelat@sophia.inria.fr> - sfa-2.1-11
- review packaging - site-packages/planetlab now come with sfa-plc
* Mon Apr 16 2012 Tony Mack <tmack@cs.princeton.edu> - sfa-2.1-5
- make sync now supports vserver or lxc.
-- Added slice expiration and login info to SliverStatus response.
+- Added slice expiration and login info to SliverStatus response.
- Fixed CreateSliver bug that causes the method to fail if any node element is missing
the 'component_name' attribute.
- Fixed various bugs that caused SFA to generate invalid or incorrect sliver ids.
-
+
* Tue Mar 20 2012 Tony Mack <tmack@cs.princeton.edu> - sfa-2.1-4
- Introduced new administrative command line script, sfaadmin.py. Removed various single
purpose scripts and migrated their functionality into sfaadmin.py.
- Refactored Registry import scripts.
- Removed SQLAlchemy dependency from sfi.py.
- Fixed bugs in sfi.py
-- Registry, Aggregate and SliceManager now support the OpenStack framework.
+- Registry, Aggregate and SliceManager now support the OpenStack framework.
* Fri Feb 24 2012 Thierry Parmentelat <thierry.parmentelat@sophia.inria.fr> - sfa-2.1-3
- slice x researcher rel. in database,
* Wed Jan 25 2012 Tony Mack <tmack@cs.princeton.edu> - sfa-2.0-10
- client: added -R --raw sfi cmdline option that displays raw server response.
-- client: request GENI RSpec by default.
+- client: request GENI RSpec by default.
- server: remove database dependencies from sfa.server.sfaapi.
- server: increased default credential lifetime to 31 days.
- bugfix: fixed bug in sfa.storage.record.SfaRecord.delete().
- bugfix: fixed server key path in sfa.server.sfa-clean-peer-records.
-- bugfix: fixed bug in sfa.server.sfa-start.install_peer_certs().
-
+- bugfix: fixed bug in sfa.server.sfa-start.install_peer_certs().
+
* Sat Jan 7 2012 Tony Mack <tmack@cs.princeton.edu> - sfa-2.0-9
- bugfix: 'geni_api' should be in the top level struct, not the code struct
- bugfix: Display the correct host and port in 'geni_api_versions' field of the GetVersion
- bugfix: sfa.util.sfatime.datetime_to_epoch() returns integers instead of doubles.
- bugfix: Fixed bug that prevented the rspec parser from identifying an rspec's schema when
there is extra whitespace in the schemaLocation field.
-- bugfix: Fixed bug that caused PlanetLab initscripts from showing up in the PGv2 and GENIv3
+- bugfix: Fixed bug that caused PlanetLab initscripts from showing up in the PGv2 and GENIv3
advertisement rspecs.
- bugfix: <login> RSpec element should contain the 'username' attribute.
-- bugfix: Use sfa.util.plxrn.PlXrn to parse the login_base (authority) out of a urn.
-
+- bugfix: Use sfa.util.plxrn.PlXrn to parse the login_base (authority) out of a urn.
+
* Wed Jan 4 2012 Tony Mack <tmack@cs.princeton.edu> - sfa-2.0-8
-- bugfix: Fixed a bug in the sfa-import-plc.py script that caused the script to
+- bugfix: Fixed a bug in the sfa-import-plc.py script that caused the script to
exit when it encountered a user with an invalid public key.
- server: imporved logging in sfa-import-plc.py
-
+
* Tue Jan 3 2012 Tony Mack <tmack@cs.princeton.edu> - sfa-2.0-7
- bugfix: Fixed appending public keys in CreateSliver
- bugfix: Fixed various bugs in the PGv2/GENIv3 request, advertisement and manifest rspecs.
- client: -c --current option allows users to request the current/uncached rspec.
- server: Added 'geni_api_versions' field to GetVersion() output.
- server: Moved PLC specific code from sfa.importer.sfaImport to sfa.importer.sfa-import-plc.
-
+
* Fri Dec 16 2011 Thierry Parmentelat <thierry.parmentelat@sophia.inria.fr> - sfa-2.0-6
- bugfix: sfi was not sending call_id with ListResources to v2 servers
- SFA_API_DEBUG replaced with SFA_API_LOGLEVEL
- Unicode-friendliness for user names with accents/special chars.
- Fix bug that could cause create the client to fail when calling CreateSliver for a slice that has the same hrn as a user.
- CreaetSliver no longer fails for users that have a capital letter in their URN.
-- Fix bug in CreateSliver that generated incorrect login bases and email addresses for ProtoGENI requests.
+- Fix bug in CreateSliver that generated incorrect login bases and email addresses for ProtoGENI requests.
- Allow files with .gid, .pem or .crt extension to be loaded into the server's list of trusted certs.
-- Fix bugs and missing imports
-
+- Fix bugs and missing imports
+
* Tue Aug 30 2011 Thierry Parmentelat <thierry.parmentelat@sophia.inria.fr> - sfa-1.0-35
- new method record.get_field for sface
* Wed Aug 24 2011 Tony Mack <tmack@cs.princeton.edu> - sfa-1.0-32
- Fixed exploit that allowed an authorities to issue certs for objects that dont belong to them.
- Fixed holes in certificate verification logic.
-- Aggregates no longer try to lookup slice and person records when processing CreateSliver requests. Clients are now required to specify this info in the 'users' argument.
+- Aggregates no longer try to lookup slice and person records when processing CreateSliver requests. Clients are now required to specify this info in the 'users' argument.
- Added 'boot_state' as an attribute of the node element in SFA rspec.
- Non authority certificates are marked as CA:FALSE.
- Added SFA_MAX_SLICE_RENEW which allows operators to configure the max ammout
of days a user can extend their slice expiration.
- CA certs are only issued to objects of type authority
-
+
* Fri Aug 05 2011 Thierry Parmentelat <thierry.parmentelat@sophia.inria.fr> - sfa-1.0-29
- tag 1.0-28 was broken due to typo in the changelog
- new class sfa/util/httpsProtocol.py that supports timeouts
- Support authority+sm type.
- Fix rspec merging bugs.
- Only load certs that have .gid extension from /etc/sfa/trusted_roots/
-- Created a 'planetlab' extension to the ProtoGENI v2 rspec for supporting
- planetlab hosted initscripts using the <planetlab:initscript> tag
-- Can now handle extraneous whitespace in the rspec without failing.
-
+- Created a 'planetlab' extension to the ProtoGENI v2 rspec for supporting
+ planetlab hosted initscripts using the <planetlab:initscript> tag
+- Can now handle extraneous whitespace in the rspec without failing.
+
* Fri Jul 8 2011 Tony Mack <tmack@cs.princeton.edu> - sfa-1.0-27
- ProtoGENI v2 RSpec updates.
- Convert expiration timestamps with timezone info in credentials to utc.
-- Fixed redundant logging issue.
+- Fixed redundant logging issue.
- Improved SliceManager and SFI client logging.
-- Support aggregates that don't support the optional 'call_id' argument.
+- Support aggregates that don't support the optional 'call_id' argument.
- Only call get_trusted_certs() at aggreage interfaces that support the call.
- CreateSliver() now handles MyPLC slice attributes/tags.
- Cache now supports persistence.
* Fri Jun 10 2011 Thierry Parmentelat <thierry.parmentelat@sophia.inria.fr> - sfa-1.0-23
- includes a change on passphrases that was intended in 1.0-22
-* Thu Jun 6 2011 Tony Mack <tmack@cs.princeton.edu> - sfa-1.0-22
+* Mon Jun 6 2011 Tony Mack <tmack@cs.princeton.edu> - sfa-1.0-22
- Added support for ProtoGENI RSpec v2
-
+
* Wed Mar 16 2011 Thierry Parmentelat <thierry.parmentelat@sophia.inria.fr> - sfa-1.0-21
- stable sfascan
- fix in initscript, *ENABLED tags in config now taken into account
* Tue Sep 07 2010 Tony Mack <tmack@cs.princeton.edu> - sfa-0.9-16
- truncate login base of external (ProtoGeni, etc) slices to 20 characters
to avoid returning a PLCAPI exception that might confuse users.
-- Enhance PLC aggregate performace by using a better filter when querying SliceTags.
-- fix build errors.
+- Enhance PLC aggregate performace by using a better filter when querying SliceTags.
+- fix build errors.
* Tue Aug 24 2010 Tony Mack <tmack@cs.princeton.edu> - sfa-0.9-15
- (Architecture) Credential format changed to match ProtoGENI xml format
- (Architecture) All interfaces export a new set of methods that are compatible
- with the ProtoGeni Aggregate spec. These new methods are considered a
- replacement for the pervious methods exported by the interfaces. All
- previous methods are still exported and work as normal, but they are
- considered deprecated and will not be supported in future releases.
+ with the ProtoGeni Aggregate spec. These new methods are considered a
+ replacement for the pervious methods exported by the interfaces. All
+ previous methods are still exported and work as normal, but they are
+ considered deprecated and will not be supported in future releases.
- (Architecture) SFI has been updated to use the new interface methods.
- (Architecture) Changed keyconvet implementation from c to python.
- (Architecture) Slice Manager now attempts looks for a delegated credential
provided by the client before using its own server credential.
-- (Archiceture) Slice Interface no longers stores cache of resources on disk.
+- (Archiceture) Slice Interface no longers stores cache of resources on disk.
This cache now exists only in memory and is cleared when service is restarted
- or cache lifetime is exceeded.
-- (Performance) SliceManager sends request to Aggregates in parallel instead
+ or cache lifetime is exceeded.
+- (Performance) SliceManager sends request to Aggregates in parallel instead
of sequentially.
- (Bug fix) SFA tickets now support the new rspec format.
- (Bug fix) SFI only uses cahced credential if they aren't expired.
- (Enhancement) SFI -a --aggregatge option now sends requests directly to the
Aggregate instead of relaying through the Slice Manager.
- (Enhancement) Simplified caching. Accociated a global cache instance with
- the api handler on every new server request, making it easier to access the
- cache and use in more general ways.
+ the api handler on every new server request, making it easier to access the
+ cache and use in more general ways.
-* Thu May 11 2010 Tony Mack <tmack@cs.princeton.edu> - sfa-0.9-11
+* Tue May 11 2010 Tony Mack <tmack@cs.princeton.edu> - sfa-0.9-11
- SfaServer now uses a pool of threads to handle requests concurrently
- sfa.util.rspec no longer used to process/manage rspecs (deprecated). This is now handled by sfa.plc.network and is not backwards compatible
- PIs can now get a slice credential for any slice at their site without having to be a member of the slice
- Registry records for federated peers (defined in registries.xml, aggregates.xml) updated when sfa service is started
-- Interfaces will try to fetch and install gids from peers listed in registries.xml/aggregates.xml if gid is not found in /etc/sfa/trusted_roots dir
-- Component manager does not install gid files if slice already has them
+- Interfaces will try to fetch and install gids from peers listed in registries.xml/aggregates.xml if gid is not found in /etc/sfa/trusted_roots dir
+- Component manager does not install gid files if slice already has them
- Server automatically fetches and installs peer certificats (defined in registries/aggregates.xml) when service is restarted.
- fix credential verification exploit (verify that the trusted signer is a parent of the object it it signed)
- made it easier for root authorities to sign their sub's certifiacate using the sfa-ca.py (sfa/server/sfa-ca.py) tool
-
+
* Thu Jan 21 2010 anil vengalil <avengali@sophia.inria.fr> - sfa-0.9-10
- This tag is quite same as the previous one (sfa-0.9-9) except that the vini and max aggregate managers are also updated for urn support. Other features are:
- - sfa-config-tty now has the same features like plc-config-tty
* Sat May 30 2009 Thierry Parmentelat <thierry.parmentelat@sophia.inria.fr> - geniwrapper-0.2-2
- bugfixes - still a work in progress
-* Fri May 18 2009 Baris Metin <tmetin@sophia.inria.fr>
+* Mon May 18 2009 Baris Metin <tmetin@sophia.inria.fr>
- initial package
git://git.onelab.eu / sfa.git / blobdiff