GeniCM.pm.in 11.3 KB
Newer Older
Leigh B. Stoller's avatar
Leigh B. Stoller committed
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23
#!/usr/bin/perl -wT
#
# EMULAB-COPYRIGHT
# Copyright (c) 2008 University of Utah and the Flux Group.
# All rights reserved.
#
package GeniCM;

#
# The server side of the CM interface on remote sites. Also communicates
# with the GMC interface at Geni Central as a client.
#
use strict;
use Exporter;
use vars qw(@ISA @EXPORT);

@ISA    = "Exporter";
@EXPORT = qw ( );

# Must come after package declaration!
use lib '@prefix@/lib';
use GeniDB;
use Genixmlrpc;
Leigh B. Stoller's avatar
Leigh B. Stoller committed
24 25
use GeniResponse;
use GeniTicket;
Leigh B. Stoller's avatar
Leigh B. Stoller committed
26
use GeniCredential;
27
use GeniCertificate;
Leigh B. Stoller's avatar
Leigh B. Stoller committed
28
use GeniSlice;
Leigh B. Stoller's avatar
Leigh B. Stoller committed
29
use GeniSliver;
Leigh B. Stoller's avatar
Leigh B. Stoller committed
30
use GeniUser;
Leigh B. Stoller's avatar
Leigh B. Stoller committed
31
use libtestbed;
Leigh B. Stoller's avatar
Leigh B. Stoller committed
32 33 34
# Hate to import all this crap; need a utility library.
use libdb qw(TBGetUniqueIndex TBcheck_dbslot TBDB_CHECKDBSLOT_ERROR);
use User;
Leigh B. Stoller's avatar
Leigh B. Stoller committed
35
use Node;
Leigh B. Stoller's avatar
Leigh B. Stoller committed
36 37
use English;
use Data::Dumper;
Leigh B. Stoller's avatar
Leigh B. Stoller committed
38
use XML::Simple;
Leigh B. Stoller's avatar
Leigh B. Stoller committed
39
use Experiment;
Leigh B. Stoller's avatar
Leigh B. Stoller committed
40 41 42 43 44 45 46 47

# Configure variables
my $TB		   = "@prefix@";
my $TBOPS          = "@TBOPSEMAIL@";
my $TBAPPROVAL     = "@TBAPPROVALEMAIL@";
my $TBAUDIT   	   = "@TBAUDITEMAIL@";
my $BOSSNODE       = "@BOSSNODE@";
my $OURDOMAIN      = "@OURDOMAIN@";
Leigh B. Stoller's avatar
Leigh B. Stoller committed
48 49
my $CREATEEXPT     = "$TB/bin/batchexp";
my $NALLOC	   = "$TB/bin/nalloc";
Leigh B. Stoller's avatar
Leigh B. Stoller committed
50 51 52 53 54 55 56 57
my $AVAIL	   = "$TB/sbin/avail";

#
# Discover resources on this component, returning a resource availablity spec
#
sub DiscoverResources($)
{
    my ($argref) = @_;
Leigh B. Stoller's avatar
Leigh B. Stoller committed
58
    my $slice      = $argref->{'slice'};
Leigh B. Stoller's avatar
Leigh B. Stoller committed
59 60
    my $credential = $argref->{'credential'};
    my $user_uuid  = $ENV{'GENIUSER'};
Leigh B. Stoller's avatar
Leigh B. Stoller committed
61
    my $slice_uuid;
Leigh B. Stoller's avatar
Leigh B. Stoller committed
62

Leigh B. Stoller's avatar
Leigh B. Stoller committed
63
    if (! defined($slice)) {
Leigh B. Stoller's avatar
Leigh B. Stoller committed
64 65 66 67 68 69 70 71
	return GeniResponse->MalformedArgsResponse();
    }

    $credential = GeniCredential->CreateFromSigned($credential);
    if (!defined($credential)) {
	return GeniResponse->Create(GENIRESPONSE_ERROR, undef,
				    "Could not create GeniCredential object");
    }
72
    GeniCertificate->CertificateInfo($slice, \$slice_uuid) == 0 or
Leigh B. Stoller's avatar
Leigh B. Stoller committed
73 74 75
	return GeniResponse->Create(GENIRESPONSE_ERROR, undef,
				    "Could not get uuid from Certificate");
	
Leigh B. Stoller's avatar
Leigh B. Stoller committed
76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100
    # The credential owner/slice has to match what was provided.
    if (! ($user_uuid eq $credential->owner_uuid() &&
	   $slice_uuid eq $credential->this_uuid())) {
	return GeniResponse->Create(GENIRESPONSE_FORBIDDEN, undef,
				    "Invalid credentials for operation");
    }

    #
    # Eventually we will take an optional rspec, but for now just return
    # a list of free nodes using avail. 
    #
    if (! open(AVAIL, "$AVAIL type=pc aslist |")) {
	return GeniResponse->Create(GENIRESPONSE_ERROR, undef,
				    "Could not start avail");
    }
    my @nodelist = ();
    while (<AVAIL>) {
	my $nodeid = $_;
	chomp($nodeid);
	my $node = Node->Lookup($nodeid);
	push(@nodelist, $node)
	    if (defined($node));
    }
    close(AVAIL);

Leigh B. Stoller's avatar
Leigh B. Stoller committed
101
    my $xml = "<rspec xmlns=\"http://protogeni.net/resources/rspec/0.1\">\n";
Leigh B. Stoller's avatar
Leigh B. Stoller committed
102 103 104 105 106 107 108 109 110 111 112
    foreach my $node (@nodelist) {
	my $uuid = $node->uuid();
	my $nodeid = $node->node_id();
	
	$xml .= "<node uuid=\"$uuid\" name=\"$nodeid\">".
	    "<available>true</available></node>\n";
    }
    $xml .= "</rspec>";

    return GeniResponse->Create(GENIRESPONSE_SUCCESS, $xml);
}
Leigh B. Stoller's avatar
Leigh B. Stoller committed
113

Leigh B. Stoller's avatar
Leigh B. Stoller committed
114
#
Leigh B. Stoller's avatar
Leigh B. Stoller committed
115
# Respond to a GetTicket request. 
Leigh B. Stoller's avatar
Leigh B. Stoller committed
116 117 118 119
#
sub GetTicket($)
{
    my ($argref) = @_;
Leigh B. Stoller's avatar
Leigh B. Stoller committed
120
    my $slice_cert = $argref->{'slice'};
Leigh B. Stoller's avatar
Leigh B. Stoller committed
121
    my $rspec      = $argref->{'rspec'};
Leigh B. Stoller's avatar
Leigh B. Stoller committed
122
    my $impotent   = $argref->{'impotent'};
Leigh B. Stoller's avatar
Leigh B. Stoller committed
123
    my $credential = $argref->{'credential'};
Leigh B. Stoller's avatar
Leigh B. Stoller committed
124
    my $owner_uuid = $ENV{'GENIUSER'};
Leigh B. Stoller's avatar
Leigh B. Stoller committed
125
    my $slice_uuid;
Leigh B. Stoller's avatar
Leigh B. Stoller committed
126

Leigh B. Stoller's avatar
Leigh B. Stoller committed
127
    if (! defined($slice_cert)) {
Leigh B. Stoller's avatar
Leigh B. Stoller committed
128
	GeniResponse->Create(GENIRESPONSE_BADARGS, undef,
Leigh B. Stoller's avatar
Leigh B. Stoller committed
129
			     "Improper slice");
Leigh B. Stoller's avatar
Leigh B. Stoller committed
130
    }
Leigh B. Stoller's avatar
Leigh B. Stoller committed
131 132 133
    if (! (defined($rspec) && ($rspec =~ /^[-\w]+$/))) {
	GeniResponse->Create(GENIRESPONSE_BADARGS, undef,
			     "Improper rspec");	
Leigh B. Stoller's avatar
Leigh B. Stoller committed
134
    }
Leigh B. Stoller's avatar
Leigh B. Stoller committed
135 136 137
    # Convert the rspec back to a structure.
    $rspec = XMLin($rspec, ForceArray => ["node"]);

Leigh B. Stoller's avatar
Leigh B. Stoller committed
138 139 140
    $impotent = 0
	if (!defined($impotent));

Leigh B. Stoller's avatar
Leigh B. Stoller committed
141
    $credential = GeniCredential->CreateFromSigned($credential);
Leigh B. Stoller's avatar
Leigh B. Stoller committed
142 143 144 145
    if (!defined($credential)) {
	return GeniResponse->Create(GENIRESPONSE_ERROR, undef,
				    "Could not create GeniCredential object");
    }
146
    GeniCertificate->CertificateInfo($slice_cert, \$slice_uuid) == 0 or
Leigh B. Stoller's avatar
Leigh B. Stoller committed
147 148 149 150
	return GeniResponse->Create(GENIRESPONSE_ERROR, undef,
				    "Could not get uuid from Certificate");
	
	
Leigh B. Stoller's avatar
Leigh B. Stoller committed
151 152 153 154 155 156
    # The credential owner/slice has to match what was provided.
    if (! ($owner_uuid eq $credential->owner_uuid() &&
	   $slice_uuid eq $credential->this_uuid())) {
	return GeniResponse->Create(GENIRESPONSE_FORBIDDEN, undef,
				    "Invalid credentials for operation");
    }
Leigh B. Stoller's avatar
Leigh B. Stoller committed
157

Leigh B. Stoller's avatar
Leigh B. Stoller committed
158 159 160 161 162 163 164
    #
    # See if we have a record of this slice in the DB. If not, then we have
    # to go to the ClearingHouse to find its record, so that we can find out
    # who the SA for it is.
    #
    my $slice = GeniSlice->Lookup($slice_uuid);
    if (!defined($slice)) {
Leigh B. Stoller's avatar
Leigh B. Stoller committed
165 166 167 168 169 170
	$slice = GeniSlice->CreateFromRegistry($slice_uuid);
	if (!defined($slice)) {
	    print STDERR "No slice $slice_uuid in the ClearingHouse\n";
	    return GeniResponse->Create(GENIRESPONSE_ERROR, undef,
			    "Could not get slice info from ClearingHouse");
	}
Leigh B. Stoller's avatar
Leigh B. Stoller committed
171 172
    }

Leigh B. Stoller's avatar
Leigh B. Stoller committed
173
    #
Leigh B. Stoller's avatar
Leigh B. Stoller committed
174 175 176 177 178 179 180 181 182 183 184 185
    # Ditto the user.
    #
    my $user = GeniUser->Lookup($owner_uuid);
    if (!defined($user)) {
	$user = GeniUser->CreateFromRegistry($owner_uuid);
	if (!defined($user)) {
	    print STDERR "No user $owner_uuid in the ClearingHouse\n";
	    return GeniResponse->Create(GENIRESPONSE_ERROR, undef,
			    "Could not get user info from ClearingHouse");
	}
    }

Leigh B. Stoller's avatar
Leigh B. Stoller committed
186
    #
Leigh B. Stoller's avatar
Leigh B. Stoller committed
187 188 189 190
    # If the underlying experiment does not exist, need to create
    # a holding experiment. All these are going to go into the same
    # project for now. Generally, users for non-local slices do not
    # have local accounts or directories.
Leigh B. Stoller's avatar
Leigh B. Stoller committed
191
    #
Leigh B. Stoller's avatar
Leigh B. Stoller committed
192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208
    my $experiment = Experiment->Lookup($slice_uuid);
    if (!defined($experiment)) {
	#
	# Form an eid for the experiment. 
	#
	my $eid = "slice" . TBGetUniqueIndex('next_sliceid', 1);

	# Note the -h option; allows experiment with no NS file.
	system("$CREATEEXPT -q -i -w -E 'Geni Slice Experiment' ".
	       "-h '$slice_uuid' -p genislices -e $eid");
	if ($?) {
	    return GeniResponse->Create(GENIRESPONSE_ERROR, undef,
					"Internal Error");
	}
	$experiment = Experiment->Lookup($slice_uuid);
    }

Leigh B. Stoller's avatar
Leigh B. Stoller committed
209
    #
Leigh B. Stoller's avatar
Leigh B. Stoller committed
210 211 212
    # An rspec is a structure that requests specific nodes. If those
    # nodes are available, then reserve it. Otherwise the ticket
    # cannot be granted. 
Leigh B. Stoller's avatar
Leigh B. Stoller committed
213
    #
Leigh B. Stoller's avatar
Leigh B. Stoller committed
214
    my @nodeids = ();
Leigh B. Stoller's avatar
Leigh B. Stoller committed
215 216 217
    my $pid     = $experiment->pid();
    my $eid     = $experiment->eid();

Leigh B. Stoller's avatar
Leigh B. Stoller committed
218 219 220 221 222 223 224 225 226
    foreach my $node_id (keys(%{$rspec->{'node'}})) {
	if ($node_id =~ /^(\w*)$/) {
	    $node_id = $1;
	}
	else {
	    return GeniResponse->Create(GENIRESPONSE_BADARGS, undef,
					"Improper node id: $node_id");
	}
	push(@nodeids, $node_id);
Leigh B. Stoller's avatar
Leigh B. Stoller committed
227
    }
Leigh B. Stoller's avatar
Leigh B. Stoller committed
228 229

    #
Leigh B. Stoller's avatar
Leigh B. Stoller committed
230
    # Create the ticket first, before allocating the node.
Leigh B. Stoller's avatar
Leigh B. Stoller committed
231
    #
Leigh B. Stoller's avatar
Leigh B. Stoller committed
232
    my $ticket = GeniTicket->Create($slice, $user, $rspec);
Leigh B. Stoller's avatar
Leigh B. Stoller committed
233 234 235 236
    if (!defined($ticket)) {
	return GeniResponse->Create(GENIRESPONSE_ERROR, undef,
				    "Could not create GeniTicket object");
    }
Leigh B. Stoller's avatar
Leigh B. Stoller committed
237
    # Nalloc might fail if the node gets picked up by someone else.
Leigh B. Stoller's avatar
Leigh B. Stoller committed
238
    if (!$impotent) {
Leigh B. Stoller's avatar
Leigh B. Stoller committed
239
	system("$NALLOC $pid $eid @nodeids");
Leigh B. Stoller's avatar
Leigh B. Stoller committed
240 241 242 243 244 245 246 247 248 249
	if (($? >> 8) < 0) {
	    $ticket->Delete();
	    return GeniResponse->Create(GENIRESPONSE_ERROR, undef,
					"Allocation failure");
	}
	elsif (($? >> 8) > 0) {
	    $ticket->Delete();
	    return GeniResponse->Create(GENIRESPONSE_UNAVAILABLE, undef,
					"Could not allocate node\n");
	}
Leigh B. Stoller's avatar
Leigh B. Stoller committed
250
    }
Leigh B. Stoller's avatar
Leigh B. Stoller committed
251
    if ($ticket->Sign() != 0) {
Leigh B. Stoller's avatar
Leigh B. Stoller committed
252
	# Release will free the nodes.
Leigh B. Stoller's avatar
Leigh B. Stoller committed
253
	$ticket->Release();
Leigh B. Stoller's avatar
Leigh B. Stoller committed
254 255 256
	return GeniResponse->Create(GENIRESPONSE_ERROR, undef,
				    "Could not sign Ticket");
    }
Leigh B. Stoller's avatar
Leigh B. Stoller committed
257 258 259 260 261 262 263 264 265 266
    return GeniResponse->Create(GENIRESPONSE_SUCCESS,
				$ticket->asString());
}

#
# Create a sliver.
#
sub CreateSliver($)
{
    my ($argref) = @_;
Leigh B. Stoller's avatar
Leigh B. Stoller committed
267 268
    my $owner_uuid = $ENV{'GENIUSER'};
    my $ticket     = $argref->{'ticket'};
269 270 271 272
    my $impotent   = $argref->{'impotent'};

    $impotent = 0
	if (!defined($impotent));
Leigh B. Stoller's avatar
Leigh B. Stoller committed
273 274 275 276 277 278 279 280 281 282 283 284

    if (! (defined($ticket) &&
	   !TBcheck_dbslot($ticket, "default", "text",
			   TBDB_CHECKDBSLOT_ERROR))) {
	return GeniResponse->Create(GENIRESPONSE_ERROR, undef,
				    "ticket: ". TBFieldErrorString());
    }
    $ticket = GeniTicket->CreateFromSignedTicket($ticket);
    if (!defined($ticket)) {
	return GeniResponse->Create(GENIRESPONSE_ERROR, undef,
				    "Could not create GeniTicket object");
    }
Leigh B. Stoller's avatar
Leigh B. Stoller committed
285 286 287 288 289
    # The credential owner has to match what is in the ticket.
    if ($owner_uuid ne $ticket->owner_uuid()) {
	return GeniResponse->Create(GENIRESPONSE_FORBIDDEN, undef,
				    "Invalid credentials for operation");
    }
Leigh B. Stoller's avatar
Leigh B. Stoller committed
290

Leigh B. Stoller's avatar
Leigh B. Stoller committed
291 292 293 294 295 296
    my $experiment = Experiment->Lookup($ticket->slice_uuid());
    if (!defined($experiment)) {
	return GeniResponse->Create(GENIRESPONSE_ERROR, undef,
				    "No local experiment for slice");
    }

297 298 299 300 301 302 303 304 305 306 307 308 309 310 311 312 313 314 315
    #
    # See if we have a record of this slice in the DB. If not, throw an
    # error; might change later.
    #
    my $slice = GeniSlice->Lookup($ticket->slice_uuid());
    if (!defined($slice)) {
	return GeniResponse->Create(GENIRESPONSE_ERROR, undef,
				    "No slice record for slice");
    }

    #
    # Ditto the user.
    #
    my $owner = GeniUser->Lookup($owner_uuid);
    if (!defined($owner)) {
	return GeniResponse->Create(GENIRESPONSE_ERROR, undef,
				    "No user record for $owner_uuid");
    }

Leigh B. Stoller's avatar
Leigh B. Stoller committed
316 317 318 319 320
    my $sliver = GeniSliver->Create($ticket);
    if (!defined($sliver)) {
	return GeniResponse->Create(GENIRESPONSE_ERROR, undef,
				    "Could not create GeniSliver object");
    }
Leigh B. Stoller's avatar
Leigh B. Stoller committed
321 322 323 324 325 326

    #
    # Provision the slice. Okay, we already allocated the node above,
    # so this should just work, unless the node has been released cause
    # it has been too long.
    #
327
    if (!$impotent && $sliver->Provision() != 0) {
Leigh B. Stoller's avatar
Leigh B. Stoller committed
328 329 330 331
	$sliver->Delete();
	return GeniResponse->Create(GENIRESPONSE_ERROR, undef,
				    "Could not provision sliver");
    }
Leigh B. Stoller's avatar
Leigh B. Stoller committed
332 333 334
    #
    # The API states we return a credential to control the sliver.
    #
335
    my $credential = $sliver->NewCredential($owner);
Leigh B. Stoller's avatar
Leigh B. Stoller committed
336
    if (!defined($credential)) {
337 338 339 340
	$sliver->UnProvision();
	$sliver->Delete();
	return GeniResponse->Create(GENIRESPONSE_ERROR, undef,
				    "Could not create credential sliver");
Leigh B. Stoller's avatar
Leigh B. Stoller committed
341 342
    }
    return GeniResponse->Create(GENIRESPONSE_SUCCESS, $credential->asString());
Leigh B. Stoller's avatar
Leigh B. Stoller committed
343 344 345
}

#
Leigh B. Stoller's avatar
Leigh B. Stoller committed
346
# Destroy a sliver.
Leigh B. Stoller's avatar
Leigh B. Stoller committed
347
#
Leigh B. Stoller's avatar
Leigh B. Stoller committed
348
sub DestroySliver($)
Leigh B. Stoller's avatar
Leigh B. Stoller committed
349 350
{
    my ($argref) = @_;
Leigh B. Stoller's avatar
Leigh B. Stoller committed
351
    my $owner_uuid  = $ENV{'GENIUSER'};
352
    my $sliver_cert = $argref->{'sliver'};
Leigh B. Stoller's avatar
Leigh B. Stoller committed
353
    my $credential  = $argref->{'credential'};
354
    my $sliver_uuid;
Leigh B. Stoller's avatar
Leigh B. Stoller committed
355

356
    if (!defined($sliver_cert) || !defined($credential)) {
Leigh B. Stoller's avatar
Leigh B. Stoller committed
357 358
	return GeniResponse->Create(GENIRESPONSE_BADARGS);
    }
359 360 361 362
    GeniCertificate->CertificateInfo($sliver_cert, \$sliver_uuid) == 0 or
	return GeniResponse->Create(GENIRESPONSE_ERROR, undef,
				    "Could not get uuid from Certificate");
    
Leigh B. Stoller's avatar
Leigh B. Stoller committed
363 364 365 366 367
    my $sliver = GeniSliver->Lookup($sliver_uuid);
    if (!defined($sliver)) {
	return GeniResponse->Create(GENIRESPONSE_BADARGS, undef,
				    "No such sliver $sliver_uuid");
    }
Leigh B. Stoller's avatar
Leigh B. Stoller committed
368 369
    $credential = GeniCredential->CreateFromSigned($credential);
    if (!defined($credential)) {
Leigh B. Stoller's avatar
Leigh B. Stoller committed
370
	return GeniResponse->Create(GENIRESPONSE_ERROR, undef,
Leigh B. Stoller's avatar
Leigh B. Stoller committed
371
				    "Could not create GeniCredential object");
Leigh B. Stoller's avatar
Leigh B. Stoller committed
372
    }
Leigh B. Stoller's avatar
Leigh B. Stoller committed
373 374 375 376 377
    # The credential owner has to match what is in the ticket.
    if (! ($owner_uuid eq $credential->owner_uuid() &&
	   $sliver_uuid eq $credential->this_uuid())) {
	return GeniResponse->Create(GENIRESPONSE_FORBIDDEN, undef,
				    "Invalid credentials for operation");
Leigh B. Stoller's avatar
Leigh B. Stoller committed
378 379 380 381 382 383 384 385 386
    }
    $sliver->UnProvision() == 0 or
	return GeniResponse->Create(GENIRESPONSE_ERROR, undef,
				    "Could not unprovision sliver");
    $sliver->Delete() == 0 or
	return GeniResponse->Create(GENIRESPONSE_ERROR, undef,
				    "Could not delete sliver");
    
    return GeniResponse->Create(GENIRESPONSE_SUCCESS);
Leigh B. Stoller's avatar
Leigh B. Stoller committed
387
}