GeniCM.pm.in 10.8 KB
Newer Older
Leigh B. Stoller's avatar
Leigh B. Stoller committed
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23
#!/usr/bin/perl -wT
#
# EMULAB-COPYRIGHT
# Copyright (c) 2008 University of Utah and the Flux Group.
# All rights reserved.
#
package GeniCM;

#
# The server side of the CM interface on remote sites. Also communicates
# with the GMC interface at Geni Central as a client.
#
use strict;
use Exporter;
use vars qw(@ISA @EXPORT);

@ISA    = "Exporter";
@EXPORT = qw ( );

# Must come after package declaration!
use lib '@prefix@/lib';
use GeniDB;
use Genixmlrpc;
Leigh B. Stoller's avatar
Leigh B. Stoller committed
24 25
use GeniResponse;
use GeniTicket;
Leigh B. Stoller's avatar
Leigh B. Stoller committed
26
use GeniCredential;
Leigh B. Stoller's avatar
Leigh B. Stoller committed
27
use GeniSlice;
Leigh B. Stoller's avatar
Leigh B. Stoller committed
28
use GeniSliver;
Leigh B. Stoller's avatar
Leigh B. Stoller committed
29
use GeniUser;
Leigh B. Stoller's avatar
Leigh B. Stoller committed
30
use libtestbed;
Leigh B. Stoller's avatar
Leigh B. Stoller committed
31 32 33
# Hate to import all this crap; need a utility library.
use libdb qw(TBGetUniqueIndex TBcheck_dbslot TBDB_CHECKDBSLOT_ERROR);
use User;
Leigh B. Stoller's avatar
Leigh B. Stoller committed
34
use Node;
Leigh B. Stoller's avatar
Leigh B. Stoller committed
35 36
use English;
use Data::Dumper;
Leigh B. Stoller's avatar
Leigh B. Stoller committed
37
use XML::Simple;
Leigh B. Stoller's avatar
Leigh B. Stoller committed
38
use Experiment;
Leigh B. Stoller's avatar
Leigh B. Stoller committed
39 40 41 42 43 44 45 46

# Configure variables
my $TB		   = "@prefix@";
my $TBOPS          = "@TBOPSEMAIL@";
my $TBAPPROVAL     = "@TBAPPROVALEMAIL@";
my $TBAUDIT   	   = "@TBAUDITEMAIL@";
my $BOSSNODE       = "@BOSSNODE@";
my $OURDOMAIN      = "@OURDOMAIN@";
Leigh B. Stoller's avatar
Leigh B. Stoller committed
47 48
my $CREATEEXPT     = "$TB/bin/batchexp";
my $NALLOC	   = "$TB/bin/nalloc";
Leigh B. Stoller's avatar
Leigh B. Stoller committed
49 50 51 52 53 54 55 56
my $AVAIL	   = "$TB/sbin/avail";

#
# Discover resources on this component, returning a resource availablity spec
#
sub DiscoverResources($)
{
    my ($argref) = @_;
Leigh B. Stoller's avatar
Leigh B. Stoller committed
57
    my $slice      = $argref->{'slice'};
Leigh B. Stoller's avatar
Leigh B. Stoller committed
58 59
    my $credential = $argref->{'credential'};
    my $user_uuid  = $ENV{'GENIUSER'};
Leigh B. Stoller's avatar
Leigh B. Stoller committed
60
    my $slice_uuid;
Leigh B. Stoller's avatar
Leigh B. Stoller committed
61

Leigh B. Stoller's avatar
Leigh B. Stoller committed
62
    if (! defined($slice)) {
Leigh B. Stoller's avatar
Leigh B. Stoller committed
63 64 65 66 67 68 69 70
	return GeniResponse->MalformedArgsResponse();
    }

    $credential = GeniCredential->CreateFromSigned($credential);
    if (!defined($credential)) {
	return GeniResponse->Create(GENIRESPONSE_ERROR, undef,
				    "Could not create GeniCredential object");
    }
Leigh B. Stoller's avatar
Leigh B. Stoller committed
71 72 73 74
    GeniCredential->CertificateInfo($slice, \$slice_uuid) == 0 or
	return GeniResponse->Create(GENIRESPONSE_ERROR, undef,
				    "Could not get uuid from Certificate");
	
Leigh B. Stoller's avatar
Leigh B. Stoller committed
75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99
    # The credential owner/slice has to match what was provided.
    if (! ($user_uuid eq $credential->owner_uuid() &&
	   $slice_uuid eq $credential->this_uuid())) {
	return GeniResponse->Create(GENIRESPONSE_FORBIDDEN, undef,
				    "Invalid credentials for operation");
    }

    #
    # Eventually we will take an optional rspec, but for now just return
    # a list of free nodes using avail. 
    #
    if (! open(AVAIL, "$AVAIL type=pc aslist |")) {
	return GeniResponse->Create(GENIRESPONSE_ERROR, undef,
				    "Could not start avail");
    }
    my @nodelist = ();
    while (<AVAIL>) {
	my $nodeid = $_;
	chomp($nodeid);
	my $node = Node->Lookup($nodeid);
	push(@nodelist, $node)
	    if (defined($node));
    }
    close(AVAIL);

Leigh B. Stoller's avatar
Leigh B. Stoller committed
100
    my $xml = "<rspec xmlns=\"http://protogeni.net/resources/rspec/0.1\">\n";
Leigh B. Stoller's avatar
Leigh B. Stoller committed
101 102 103 104 105 106 107 108 109 110 111
    foreach my $node (@nodelist) {
	my $uuid = $node->uuid();
	my $nodeid = $node->node_id();
	
	$xml .= "<node uuid=\"$uuid\" name=\"$nodeid\">".
	    "<available>true</available></node>\n";
    }
    $xml .= "</rspec>";

    return GeniResponse->Create(GENIRESPONSE_SUCCESS, $xml);
}
Leigh B. Stoller's avatar
Leigh B. Stoller committed
112

Leigh B. Stoller's avatar
Leigh B. Stoller committed
113
#
Leigh B. Stoller's avatar
Leigh B. Stoller committed
114
# Respond to a GetTicket request. 
Leigh B. Stoller's avatar
Leigh B. Stoller committed
115 116 117 118
#
sub GetTicket($)
{
    my ($argref) = @_;
Leigh B. Stoller's avatar
Leigh B. Stoller committed
119
    my $slice_cert = $argref->{'slice'};
Leigh B. Stoller's avatar
Leigh B. Stoller committed
120
    my $rspec      = $argref->{'rspec'};
Leigh B. Stoller's avatar
Leigh B. Stoller committed
121
    my $impotent   = $argref->{'impotent'};
Leigh B. Stoller's avatar
Leigh B. Stoller committed
122
    my $credential = $argref->{'credential'};
Leigh B. Stoller's avatar
Leigh B. Stoller committed
123
    my $owner_uuid = $ENV{'GENIUSER'};
Leigh B. Stoller's avatar
Leigh B. Stoller committed
124
    my $slice_uuid;
Leigh B. Stoller's avatar
Leigh B. Stoller committed
125

Leigh B. Stoller's avatar
Leigh B. Stoller committed
126
    if (! defined($slice_cert)) {
Leigh B. Stoller's avatar
Leigh B. Stoller committed
127
	GeniResponse->Create(GENIRESPONSE_BADARGS, undef,
Leigh B. Stoller's avatar
Leigh B. Stoller committed
128
			     "Improper slice");
Leigh B. Stoller's avatar
Leigh B. Stoller committed
129
    }
Leigh B. Stoller's avatar
Leigh B. Stoller committed
130 131 132
    if (! (defined($rspec) && ($rspec =~ /^[-\w]+$/))) {
	GeniResponse->Create(GENIRESPONSE_BADARGS, undef,
			     "Improper rspec");	
Leigh B. Stoller's avatar
Leigh B. Stoller committed
133
    }
Leigh B. Stoller's avatar
Leigh B. Stoller committed
134 135 136
    # Convert the rspec back to a structure.
    $rspec = XMLin($rspec, ForceArray => ["node"]);

Leigh B. Stoller's avatar
Leigh B. Stoller committed
137 138 139
    $impotent = 0
	if (!defined($impotent));

Leigh B. Stoller's avatar
Leigh B. Stoller committed
140
    $credential = GeniCredential->CreateFromSigned($credential);
Leigh B. Stoller's avatar
Leigh B. Stoller committed
141 142 143 144
    if (!defined($credential)) {
	return GeniResponse->Create(GENIRESPONSE_ERROR, undef,
				    "Could not create GeniCredential object");
    }
Leigh B. Stoller's avatar
Leigh B. Stoller committed
145 146 147 148 149
    GeniCredential->CertificateInfo($slice_cert, \$slice_uuid) == 0 or
	return GeniResponse->Create(GENIRESPONSE_ERROR, undef,
				    "Could not get uuid from Certificate");
	
	
Leigh B. Stoller's avatar
Leigh B. Stoller committed
150 151 152 153 154 155
    # The credential owner/slice has to match what was provided.
    if (! ($owner_uuid eq $credential->owner_uuid() &&
	   $slice_uuid eq $credential->this_uuid())) {
	return GeniResponse->Create(GENIRESPONSE_FORBIDDEN, undef,
				    "Invalid credentials for operation");
    }
Leigh B. Stoller's avatar
Leigh B. Stoller committed
156

Leigh B. Stoller's avatar
Leigh B. Stoller committed
157 158 159 160 161 162 163
    #
    # See if we have a record of this slice in the DB. If not, then we have
    # to go to the ClearingHouse to find its record, so that we can find out
    # who the SA for it is.
    #
    my $slice = GeniSlice->Lookup($slice_uuid);
    if (!defined($slice)) {
Leigh B. Stoller's avatar
Leigh B. Stoller committed
164 165 166 167 168 169
	$slice = GeniSlice->CreateFromRegistry($slice_uuid);
	if (!defined($slice)) {
	    print STDERR "No slice $slice_uuid in the ClearingHouse\n";
	    return GeniResponse->Create(GENIRESPONSE_ERROR, undef,
			    "Could not get slice info from ClearingHouse");
	}
Leigh B. Stoller's avatar
Leigh B. Stoller committed
170 171
    }

Leigh B. Stoller's avatar
Leigh B. Stoller committed
172
    #
Leigh B. Stoller's avatar
Leigh B. Stoller committed
173 174 175 176 177 178 179 180 181 182 183 184
    # Ditto the user.
    #
    my $user = GeniUser->Lookup($owner_uuid);
    if (!defined($user)) {
	$user = GeniUser->CreateFromRegistry($owner_uuid);
	if (!defined($user)) {
	    print STDERR "No user $owner_uuid in the ClearingHouse\n";
	    return GeniResponse->Create(GENIRESPONSE_ERROR, undef,
			    "Could not get user info from ClearingHouse");
	}
    }

Leigh B. Stoller's avatar
Leigh B. Stoller committed
185
    #
Leigh B. Stoller's avatar
Leigh B. Stoller committed
186 187 188 189
    # If the underlying experiment does not exist, need to create
    # a holding experiment. All these are going to go into the same
    # project for now. Generally, users for non-local slices do not
    # have local accounts or directories.
Leigh B. Stoller's avatar
Leigh B. Stoller committed
190
    #
Leigh B. Stoller's avatar
Leigh B. Stoller committed
191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207
    my $experiment = Experiment->Lookup($slice_uuid);
    if (!defined($experiment)) {
	#
	# Form an eid for the experiment. 
	#
	my $eid = "slice" . TBGetUniqueIndex('next_sliceid', 1);

	# Note the -h option; allows experiment with no NS file.
	system("$CREATEEXPT -q -i -w -E 'Geni Slice Experiment' ".
	       "-h '$slice_uuid' -p genislices -e $eid");
	if ($?) {
	    return GeniResponse->Create(GENIRESPONSE_ERROR, undef,
					"Internal Error");
	}
	$experiment = Experiment->Lookup($slice_uuid);
    }

Leigh B. Stoller's avatar
Leigh B. Stoller committed
208
    #
Leigh B. Stoller's avatar
Leigh B. Stoller committed
209 210 211
    # An rspec is a structure that requests specific nodes. If those
    # nodes are available, then reserve it. Otherwise the ticket
    # cannot be granted. 
Leigh B. Stoller's avatar
Leigh B. Stoller committed
212
    #
Leigh B. Stoller's avatar
Leigh B. Stoller committed
213
    my @nodeids = ();
Leigh B. Stoller's avatar
Leigh B. Stoller committed
214 215 216
    my $pid     = $experiment->pid();
    my $eid     = $experiment->eid();

Leigh B. Stoller's avatar
Leigh B. Stoller committed
217 218 219 220 221 222 223 224 225
    foreach my $node_id (keys(%{$rspec->{'node'}})) {
	if ($node_id =~ /^(\w*)$/) {
	    $node_id = $1;
	}
	else {
	    return GeniResponse->Create(GENIRESPONSE_BADARGS, undef,
					"Improper node id: $node_id");
	}
	push(@nodeids, $node_id);
Leigh B. Stoller's avatar
Leigh B. Stoller committed
226
    }
Leigh B. Stoller's avatar
Leigh B. Stoller committed
227 228

    #
Leigh B. Stoller's avatar
Leigh B. Stoller committed
229
    # Create the ticket first, before allocating the node.
Leigh B. Stoller's avatar
Leigh B. Stoller committed
230
    #
Leigh B. Stoller's avatar
Leigh B. Stoller committed
231
    my $ticket = GeniTicket->Create($slice, $user, $rspec);
Leigh B. Stoller's avatar
Leigh B. Stoller committed
232 233 234 235
    if (!defined($ticket)) {
	return GeniResponse->Create(GENIRESPONSE_ERROR, undef,
				    "Could not create GeniTicket object");
    }
Leigh B. Stoller's avatar
Leigh B. Stoller committed
236
    # Nalloc might fail if the node gets picked up by someone else.
Leigh B. Stoller's avatar
Leigh B. Stoller committed
237
    if (!$impotent) {
Leigh B. Stoller's avatar
Leigh B. Stoller committed
238
	system("$NALLOC $pid $eid @nodeids");
Leigh B. Stoller's avatar
Leigh B. Stoller committed
239 240 241 242 243 244 245 246 247 248
	if (($? >> 8) < 0) {
	    $ticket->Delete();
	    return GeniResponse->Create(GENIRESPONSE_ERROR, undef,
					"Allocation failure");
	}
	elsif (($? >> 8) > 0) {
	    $ticket->Delete();
	    return GeniResponse->Create(GENIRESPONSE_UNAVAILABLE, undef,
					"Could not allocate node\n");
	}
Leigh B. Stoller's avatar
Leigh B. Stoller committed
249
    }
Leigh B. Stoller's avatar
Leigh B. Stoller committed
250
    if ($ticket->Sign() != 0) {
Leigh B. Stoller's avatar
Leigh B. Stoller committed
251
	# Release will free the nodes.
Leigh B. Stoller's avatar
Leigh B. Stoller committed
252
	$ticket->Release();
Leigh B. Stoller's avatar
Leigh B. Stoller committed
253 254 255
	return GeniResponse->Create(GENIRESPONSE_ERROR, undef,
				    "Could not sign Ticket");
    }
Leigh B. Stoller's avatar
Leigh B. Stoller committed
256 257 258 259 260 261 262 263 264 265
    return GeniResponse->Create(GENIRESPONSE_SUCCESS,
				$ticket->asString());
}

#
# Create a sliver.
#
sub CreateSliver($)
{
    my ($argref) = @_;
Leigh B. Stoller's avatar
Leigh B. Stoller committed
266 267
    my $owner_uuid = $ENV{'GENIUSER'};
    my $ticket     = $argref->{'ticket'};
Leigh B. Stoller's avatar
Leigh B. Stoller committed
268 269 270 271 272 273 274 275 276 277 278 279

    if (! (defined($ticket) &&
	   !TBcheck_dbslot($ticket, "default", "text",
			   TBDB_CHECKDBSLOT_ERROR))) {
	return GeniResponse->Create(GENIRESPONSE_ERROR, undef,
				    "ticket: ". TBFieldErrorString());
    }
    $ticket = GeniTicket->CreateFromSignedTicket($ticket);
    if (!defined($ticket)) {
	return GeniResponse->Create(GENIRESPONSE_ERROR, undef,
				    "Could not create GeniTicket object");
    }
Leigh B. Stoller's avatar
Leigh B. Stoller committed
280 281 282 283 284
    # The credential owner has to match what is in the ticket.
    if ($owner_uuid ne $ticket->owner_uuid()) {
	return GeniResponse->Create(GENIRESPONSE_FORBIDDEN, undef,
				    "Invalid credentials for operation");
    }
Leigh B. Stoller's avatar
Leigh B. Stoller committed
285

Leigh B. Stoller's avatar
Leigh B. Stoller committed
286 287 288 289 290 291
    my $experiment = Experiment->Lookup($ticket->slice_uuid());
    if (!defined($experiment)) {
	return GeniResponse->Create(GENIRESPONSE_ERROR, undef,
				    "No local experiment for slice");
    }

Leigh B. Stoller's avatar
Leigh B. Stoller committed
292 293 294 295 296
    my $sliver = GeniSliver->Create($ticket);
    if (!defined($sliver)) {
	return GeniResponse->Create(GENIRESPONSE_ERROR, undef,
				    "Could not create GeniSliver object");
    }
Leigh B. Stoller's avatar
Leigh B. Stoller committed
297 298 299 300 301 302 303 304 305 306 307

    #
    # Provision the slice. Okay, we already allocated the node above,
    # so this should just work, unless the node has been released cause
    # it has been too long.
    #
    if ($sliver->Provision() != 0) {
	$sliver->Delete();
	return GeniResponse->Create(GENIRESPONSE_ERROR, undef,
				    "Could not provision sliver");
    }
Leigh B. Stoller's avatar
Leigh B. Stoller committed
308 309 310 311 312 313 314 315 316 317 318 319 320 321
    #
    # The API states we return a credential to control the sliver.
    #
    my $credential = GeniCredential->Create($sliver->uuid(),
					    $owner_uuid);
    if (!defined($credential)) {
	print STDERR "Could not create a credential for $sliver!\n";
	return -1;
    }
    if ($credential->Sign()) {
	print STDERR "Could not sign sliver credential!\n";
	return -1;
    }
    return GeniResponse->Create(GENIRESPONSE_SUCCESS, $credential->asString());
Leigh B. Stoller's avatar
Leigh B. Stoller committed
322 323 324
}

#
Leigh B. Stoller's avatar
Leigh B. Stoller committed
325
# Destroy a sliver.
Leigh B. Stoller's avatar
Leigh B. Stoller committed
326
#
Leigh B. Stoller's avatar
Leigh B. Stoller committed
327
sub DestroySliver($)
Leigh B. Stoller's avatar
Leigh B. Stoller committed
328 329
{
    my ($argref) = @_;
Leigh B. Stoller's avatar
Leigh B. Stoller committed
330
    my $owner_uuid  = $ENV{'GENIUSER'};
Leigh B. Stoller's avatar
Leigh B. Stoller committed
331
    my $sliver_uuid = $argref->{'uuid'};
Leigh B. Stoller's avatar
Leigh B. Stoller committed
332
    my $credential  = $argref->{'credential'};
Leigh B. Stoller's avatar
Leigh B. Stoller committed
333 334 335 336 337 338 339 340 341 342

    if (!defined($sliver_uuid)) {
	return GeniResponse->Create(GENIRESPONSE_BADARGS);
    }
    my $sliver = GeniSliver->Lookup($sliver_uuid);
    if (!defined($sliver)) {
	return GeniResponse->Create(GENIRESPONSE_BADARGS, undef,
				    "No such sliver $sliver_uuid");
    }

Leigh B. Stoller's avatar
Leigh B. Stoller committed
343 344
    if (! (defined($credential) &&
	   !TBcheck_dbslot($credential, "default", "text",
Leigh B. Stoller's avatar
Leigh B. Stoller committed
345 346
			   TBDB_CHECKDBSLOT_ERROR))) {
	return GeniResponse->Create(GENIRESPONSE_ERROR, undef,
Leigh B. Stoller's avatar
Leigh B. Stoller committed
347
				    "credential: ". TBFieldErrorString());
Leigh B. Stoller's avatar
Leigh B. Stoller committed
348
    }
Leigh B. Stoller's avatar
Leigh B. Stoller committed
349 350
    $credential = GeniCredential->CreateFromSigned($credential);
    if (!defined($credential)) {
Leigh B. Stoller's avatar
Leigh B. Stoller committed
351
	return GeniResponse->Create(GENIRESPONSE_ERROR, undef,
Leigh B. Stoller's avatar
Leigh B. Stoller committed
352
				    "Could not create GeniCredential object");
Leigh B. Stoller's avatar
Leigh B. Stoller committed
353
    }
Leigh B. Stoller's avatar
Leigh B. Stoller committed
354 355 356 357 358
    # The credential owner has to match what is in the ticket.
    if (! ($owner_uuid eq $credential->owner_uuid() &&
	   $sliver_uuid eq $credential->this_uuid())) {
	return GeniResponse->Create(GENIRESPONSE_FORBIDDEN, undef,
				    "Invalid credentials for operation");
Leigh B. Stoller's avatar
Leigh B. Stoller committed
359
    }
Leigh B. Stoller's avatar
Leigh B. Stoller committed
360

Leigh B. Stoller's avatar
Leigh B. Stoller committed
361 362 363 364 365 366 367 368
    $sliver->UnProvision() == 0 or
	return GeniResponse->Create(GENIRESPONSE_ERROR, undef,
				    "Could not unprovision sliver");
    $sliver->Delete() == 0 or
	return GeniResponse->Create(GENIRESPONSE_ERROR, undef,
				    "Could not delete sliver");
    
    return GeniResponse->Create(GENIRESPONSE_SUCCESS);
Leigh B. Stoller's avatar
Leigh B. Stoller committed
369
}