GeniCM.pm.in 9.52 KB
Newer Older
Leigh B. Stoller's avatar
Leigh B. Stoller committed
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23
#!/usr/bin/perl -wT
#
# EMULAB-COPYRIGHT
# Copyright (c) 2008 University of Utah and the Flux Group.
# All rights reserved.
#
package GeniCM;

#
# The server side of the CM interface on remote sites. Also communicates
# with the GMC interface at Geni Central as a client.
#
use strict;
use Exporter;
use vars qw(@ISA @EXPORT);

@ISA    = "Exporter";
@EXPORT = qw ( );

# Must come after package declaration!
use lib '@prefix@/lib';
use GeniDB;
use Genixmlrpc;
Leigh B. Stoller's avatar
Leigh B. Stoller committed
24 25
use GeniResponse;
use GeniTicket;
Leigh B. Stoller's avatar
Leigh B. Stoller committed
26
use GeniCredential;
Leigh B. Stoller's avatar
Leigh B. Stoller committed
27
use GeniSliver;
Leigh B. Stoller's avatar
Leigh B. Stoller committed
28
use GeniUser;
Leigh B. Stoller's avatar
Leigh B. Stoller committed
29
use libtestbed;
Leigh B. Stoller's avatar
Leigh B. Stoller committed
30 31 32
# Hate to import all this crap; need a utility library.
use libdb qw(TBGetUniqueIndex TBcheck_dbslot TBDB_CHECKDBSLOT_ERROR);
use User;
Leigh B. Stoller's avatar
Leigh B. Stoller committed
33
use Node;
Leigh B. Stoller's avatar
Leigh B. Stoller committed
34 35
use English;
use Data::Dumper;
Leigh B. Stoller's avatar
Leigh B. Stoller committed
36
use Experiment;
Leigh B. Stoller's avatar
Leigh B. Stoller committed
37 38 39 40 41 42 43 44

# Configure variables
my $TB		   = "@prefix@";
my $TBOPS          = "@TBOPSEMAIL@";
my $TBAPPROVAL     = "@TBAPPROVALEMAIL@";
my $TBAUDIT   	   = "@TBAUDITEMAIL@";
my $BOSSNODE       = "@BOSSNODE@";
my $OURDOMAIN      = "@OURDOMAIN@";
Leigh B. Stoller's avatar
Leigh B. Stoller committed
45 46
my $CREATEEXPT     = "$TB/bin/batchexp";
my $NALLOC	   = "$TB/bin/nalloc";
Leigh B. Stoller's avatar
Leigh B. Stoller committed
47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104
my $AVAIL	   = "$TB/sbin/avail";

#
# Discover resources on this component, returning a resource availablity spec
#
sub DiscoverResources($)
{
    my ($argref) = @_;
    my $slice_uuid = $argref->{'slice_uuid'};
    my $credential = $argref->{'credential'};
    my $user_uuid  = $ENV{'GENIUSER'};

    if (! (defined($slice_uuid) && ($slice_uuid =~ /^[-\w]+$/))) {
	return GeniResponse->MalformedArgsResponse();
    }

    $credential = GeniCredential->CreateFromSigned($credential);
    if (!defined($credential)) {
	return GeniResponse->Create(GENIRESPONSE_ERROR, undef,
				    "Could not create GeniCredential object");
    }
    # The credential owner/slice has to match what was provided.
    if (! ($user_uuid eq $credential->owner_uuid() &&
	   $slice_uuid eq $credential->this_uuid())) {
	return GeniResponse->Create(GENIRESPONSE_FORBIDDEN, undef,
				    "Invalid credentials for operation");
    }

    #
    # Eventually we will take an optional rspec, but for now just return
    # a list of free nodes using avail. 
    #
    if (! open(AVAIL, "$AVAIL type=pc aslist |")) {
	return GeniResponse->Create(GENIRESPONSE_ERROR, undef,
				    "Could not start avail");
    }
    my @nodelist = ();
    while (<AVAIL>) {
	my $nodeid = $_;
	chomp($nodeid);
	my $node = Node->Lookup($nodeid);
	push(@nodelist, $node)
	    if (defined($node));
    }
    close(AVAIL);

    my $xml = "<rspec xmlns:\"http://protogeni.net/resources/rspec/0.1\">\n";
    foreach my $node (@nodelist) {
	my $uuid = $node->uuid();
	my $nodeid = $node->node_id();
	
	$xml .= "<node uuid=\"$uuid\" name=\"$nodeid\">".
	    "<available>true</available></node>\n";
    }
    $xml .= "</rspec>";

    return GeniResponse->Create(GENIRESPONSE_SUCCESS, $xml);
}
Leigh B. Stoller's avatar
Leigh B. Stoller committed
105

Leigh B. Stoller's avatar
Leigh B. Stoller committed
106 107 108 109 110 111 112 113
#
# Respond to a GetTicket request. No worries about credentials yet; we
# trust the caller cause it got past the SSL client verify checks in the
# web server.
#
sub GetTicket($)
{
    my ($argref) = @_;
Leigh B. Stoller's avatar
Leigh B. Stoller committed
114
    my $slice_uuid = $argref->{'slice_uuid'};
Leigh B. Stoller's avatar
Leigh B. Stoller committed
115
    my $rspec      = $argref->{'rspec'};
Leigh B. Stoller's avatar
Leigh B. Stoller committed
116
    my $impotent   = $argref->{'impotent'};
Leigh B. Stoller's avatar
Leigh B. Stoller committed
117
    my $credential = $argref->{'credential'};
Leigh B. Stoller's avatar
Leigh B. Stoller committed
118
    my $owner_uuid = $ENV{'GENIUSER'};
Leigh B. Stoller's avatar
Leigh B. Stoller committed
119 120 121 122 123 124 125

    if (! (defined($slice_uuid) && ($slice_uuid =~ /^[-\w]+$/))) {
	return GeniResponse->MalformedArgsResponse();
    }
    if (! defined($rspec)) {
	return GeniResponse->MalformedArgsResponse();
    }
Leigh B. Stoller's avatar
Leigh B. Stoller committed
126 127 128
    $impotent = 0
	if (!defined($impotent));

Leigh B. Stoller's avatar
Leigh B. Stoller committed
129
    $credential = GeniCredential->CreateFromSigned($credential);
Leigh B. Stoller's avatar
Leigh B. Stoller committed
130 131 132 133 134 135 136 137 138 139
    if (!defined($credential)) {
	return GeniResponse->Create(GENIRESPONSE_ERROR, undef,
				    "Could not create GeniCredential object");
    }
    # The credential owner/slice has to match what was provided.
    if (! ($owner_uuid eq $credential->owner_uuid() &&
	   $slice_uuid eq $credential->this_uuid())) {
	return GeniResponse->Create(GENIRESPONSE_FORBIDDEN, undef,
				    "Invalid credentials for operation");
    }
Leigh B. Stoller's avatar
Leigh B. Stoller committed
140 141

    #
Leigh B. Stoller's avatar
Leigh B. Stoller committed
142
    # XXX Should we create a local geni_slices record in the DB?
Leigh B. Stoller's avatar
Leigh B. Stoller committed
143
    #
Leigh B. Stoller's avatar
Leigh B. Stoller committed
144 145 146 147
    # If the underlying experiment does not exist, need to create
    # a holding experiment. All these are going to go into the same
    # project for now. Generally, users for non-local slices do not
    # have local accounts or directories.
Leigh B. Stoller's avatar
Leigh B. Stoller committed
148
    #
Leigh B. Stoller's avatar
Leigh B. Stoller committed
149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165
    my $experiment = Experiment->Lookup($slice_uuid);
    if (!defined($experiment)) {
	#
	# Form an eid for the experiment. 
	#
	my $eid = "slice" . TBGetUniqueIndex('next_sliceid', 1);

	# Note the -h option; allows experiment with no NS file.
	system("$CREATEEXPT -q -i -w -E 'Geni Slice Experiment' ".
	       "-h '$slice_uuid' -p genislices -e $eid");
	if ($?) {
	    return GeniResponse->Create(GENIRESPONSE_ERROR, undef,
					"Internal Error");
	}
	$experiment = Experiment->Lookup($slice_uuid);
    }

Leigh B. Stoller's avatar
Leigh B. Stoller committed
166
    #
Leigh B. Stoller's avatar
Leigh B. Stoller committed
167 168 169
    # An rspec is a structure that requests a specific node. If that node
    # is available, then reserve it. Otherwise the ticket cannot be
    # granted.
Leigh B. Stoller's avatar
Leigh B. Stoller committed
170
    #
Leigh B. Stoller's avatar
Leigh B. Stoller committed
171 172 173 174 175 176 177 178 179 180 181
    my $node_id = $rspec->{'node_id'};
    my $pid     = $experiment->pid();
    my $eid     = $experiment->eid();

    if (defined($node_id) && $node_id =~ /^(\w*)$/) {
	$node_id = $1;
    }
    else {
	return GeniResponse->Create(GENIRESPONSE_BADARGS, undef,
				    "Improper node id");
    }
Leigh B. Stoller's avatar
Leigh B. Stoller committed
182 183

    #
Leigh B. Stoller's avatar
Leigh B. Stoller committed
184
    # Create the ticket first, before allocating the node.
Leigh B. Stoller's avatar
Leigh B. Stoller committed
185
    #
Leigh B. Stoller's avatar
Leigh B. Stoller committed
186
    my $ticket = GeniTicket->Create($slice_uuid, $owner_uuid, $rspec);
Leigh B. Stoller's avatar
Leigh B. Stoller committed
187 188 189 190
    if (!defined($ticket)) {
	return GeniResponse->Create(GENIRESPONSE_ERROR, undef,
				    "Could not create GeniTicket object");
    }
Leigh B. Stoller's avatar
Leigh B. Stoller committed
191
    # Nalloc might fail if the node gets picked up by someone else.
Leigh B. Stoller's avatar
Leigh B. Stoller committed
192 193 194 195 196 197 198 199 200 201 202 203
    if (!$impotent) {
	system("$NALLOC $pid $eid $node_id");
	if (($? >> 8) < 0) {
	    $ticket->Delete();
	    return GeniResponse->Create(GENIRESPONSE_ERROR, undef,
					"Allocation failure");
	}
	elsif (($? >> 8) > 0) {
	    $ticket->Delete();
	    return GeniResponse->Create(GENIRESPONSE_UNAVAILABLE, undef,
					"Could not allocate node\n");
	}
Leigh B. Stoller's avatar
Leigh B. Stoller committed
204
    }
Leigh B. Stoller's avatar
Leigh B. Stoller committed
205
    if ($ticket->Sign() != 0) {
Leigh B. Stoller's avatar
Leigh B. Stoller committed
206 207
	# Release will free the node.
	$ticket->Release();
Leigh B. Stoller's avatar
Leigh B. Stoller committed
208 209 210
	return GeniResponse->Create(GENIRESPONSE_ERROR, undef,
				    "Could not sign Ticket");
    }
Leigh B. Stoller's avatar
Leigh B. Stoller committed
211 212 213 214 215 216 217
    return GeniResponse->Create(GENIRESPONSE_SUCCESS,
				$ticket->asString());
}

#
# Create a sliver.
#
Leigh B. Stoller's avatar
Leigh B. Stoller committed
218 219
# XXX Credentials stuff.
#
Leigh B. Stoller's avatar
Leigh B. Stoller committed
220 221 222
sub CreateSliver($)
{
    my ($argref) = @_;
Leigh B. Stoller's avatar
Leigh B. Stoller committed
223 224
    my $owner_uuid = $ENV{'GENIUSER'};
    my $ticket     = $argref->{'ticket'};
Leigh B. Stoller's avatar
Leigh B. Stoller committed
225 226 227 228 229 230 231 232 233 234 235 236

    if (! (defined($ticket) &&
	   !TBcheck_dbslot($ticket, "default", "text",
			   TBDB_CHECKDBSLOT_ERROR))) {
	return GeniResponse->Create(GENIRESPONSE_ERROR, undef,
				    "ticket: ". TBFieldErrorString());
    }
    $ticket = GeniTicket->CreateFromSignedTicket($ticket);
    if (!defined($ticket)) {
	return GeniResponse->Create(GENIRESPONSE_ERROR, undef,
				    "Could not create GeniTicket object");
    }
Leigh B. Stoller's avatar
Leigh B. Stoller committed
237 238 239 240 241
    # The credential owner has to match what is in the ticket.
    if ($owner_uuid ne $ticket->owner_uuid()) {
	return GeniResponse->Create(GENIRESPONSE_FORBIDDEN, undef,
				    "Invalid credentials for operation");
    }
Leigh B. Stoller's avatar
Leigh B. Stoller committed
242

Leigh B. Stoller's avatar
Leigh B. Stoller committed
243 244 245 246 247 248
    my $experiment = Experiment->Lookup($ticket->slice_uuid());
    if (!defined($experiment)) {
	return GeniResponse->Create(GENIRESPONSE_ERROR, undef,
				    "No local experiment for slice");
    }

Leigh B. Stoller's avatar
Leigh B. Stoller committed
249 250 251 252 253
    my $sliver = GeniSliver->Create($ticket);
    if (!defined($sliver)) {
	return GeniResponse->Create(GENIRESPONSE_ERROR, undef,
				    "Could not create GeniSliver object");
    }
Leigh B. Stoller's avatar
Leigh B. Stoller committed
254 255 256 257 258 259 260 261 262 263 264

    #
    # Provision the slice. Okay, we already allocated the node above,
    # so this should just work, unless the node has been released cause
    # it has been too long.
    #
    if ($sliver->Provision() != 0) {
	$sliver->Delete();
	return GeniResponse->Create(GENIRESPONSE_ERROR, undef,
				    "Could not provision sliver");
    }
Leigh B. Stoller's avatar
Leigh B. Stoller committed
265 266 267 268 269 270 271 272 273 274 275 276 277 278
    #
    # The API states we return a credential to control the sliver.
    #
    my $credential = GeniCredential->Create($sliver->uuid(),
					    $owner_uuid);
    if (!defined($credential)) {
	print STDERR "Could not create a credential for $sliver!\n";
	return -1;
    }
    if ($credential->Sign()) {
	print STDERR "Could not sign sliver credential!\n";
	return -1;
    }
    return GeniResponse->Create(GENIRESPONSE_SUCCESS, $credential->asString());
Leigh B. Stoller's avatar
Leigh B. Stoller committed
279 280 281
}

#
Leigh B. Stoller's avatar
Leigh B. Stoller committed
282
# Destroy a sliver.
Leigh B. Stoller's avatar
Leigh B. Stoller committed
283
#
Leigh B. Stoller's avatar
Leigh B. Stoller committed
284
sub DestroySliver($)
Leigh B. Stoller's avatar
Leigh B. Stoller committed
285 286
{
    my ($argref) = @_;
Leigh B. Stoller's avatar
Leigh B. Stoller committed
287
    my $owner_uuid  = $ENV{'GENIUSER'};
Leigh B. Stoller's avatar
Leigh B. Stoller committed
288
    my $sliver_uuid = $argref->{'uuid'};
Leigh B. Stoller's avatar
Leigh B. Stoller committed
289
    my $credential  = $argref->{'credential'};
Leigh B. Stoller's avatar
Leigh B. Stoller committed
290 291 292 293 294 295 296 297 298 299

    if (!defined($sliver_uuid)) {
	return GeniResponse->Create(GENIRESPONSE_BADARGS);
    }
    my $sliver = GeniSliver->Lookup($sliver_uuid);
    if (!defined($sliver)) {
	return GeniResponse->Create(GENIRESPONSE_BADARGS, undef,
				    "No such sliver $sliver_uuid");
    }

Leigh B. Stoller's avatar
Leigh B. Stoller committed
300 301
    if (! (defined($credential) &&
	   !TBcheck_dbslot($credential, "default", "text",
Leigh B. Stoller's avatar
Leigh B. Stoller committed
302 303
			   TBDB_CHECKDBSLOT_ERROR))) {
	return GeniResponse->Create(GENIRESPONSE_ERROR, undef,
Leigh B. Stoller's avatar
Leigh B. Stoller committed
304
				    "credential: ". TBFieldErrorString());
Leigh B. Stoller's avatar
Leigh B. Stoller committed
305
    }
Leigh B. Stoller's avatar
Leigh B. Stoller committed
306 307
    $credential = GeniCredential->CreateFromSigned($credential);
    if (!defined($credential)) {
Leigh B. Stoller's avatar
Leigh B. Stoller committed
308
	return GeniResponse->Create(GENIRESPONSE_ERROR, undef,
Leigh B. Stoller's avatar
Leigh B. Stoller committed
309
				    "Could not create GeniCredential object");
Leigh B. Stoller's avatar
Leigh B. Stoller committed
310
    }
Leigh B. Stoller's avatar
Leigh B. Stoller committed
311 312 313 314 315
    # The credential owner has to match what is in the ticket.
    if (! ($owner_uuid eq $credential->owner_uuid() &&
	   $sliver_uuid eq $credential->this_uuid())) {
	return GeniResponse->Create(GENIRESPONSE_FORBIDDEN, undef,
				    "Invalid credentials for operation");
Leigh B. Stoller's avatar
Leigh B. Stoller committed
316
    }
Leigh B. Stoller's avatar
Leigh B. Stoller committed
317

Leigh B. Stoller's avatar
Leigh B. Stoller committed
318 319 320 321 322 323 324 325
    $sliver->UnProvision() == 0 or
	return GeniResponse->Create(GENIRESPONSE_ERROR, undef,
				    "Could not unprovision sliver");
    $sliver->Delete() == 0 or
	return GeniResponse->Create(GENIRESPONSE_ERROR, undef,
				    "Could not delete sliver");
    
    return GeniResponse->Create(GENIRESPONSE_SUCCESS);
Leigh B. Stoller's avatar
Leigh B. Stoller committed
326
}