GeniCM.pm.in 9.52 KB
Newer Older
Leigh B. Stoller's avatar
Leigh B. Stoller committed
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
#!/usr/bin/perl -wT
#
# EMULAB-COPYRIGHT
# Copyright (c) 2008 University of Utah and the Flux Group.
# All rights reserved.
#
package GeniCM;

#
# The server side of the CM interface on remote sites. Also communicates
# with the GMC interface at Geni Central as a client.
#
use strict;
use Exporter;
use vars qw(@ISA @EXPORT);

@ISA    = "Exporter";
@EXPORT = qw ( );

# Must come after package declaration!
use lib '@prefix@/lib';
use GeniDB;
use Genixmlrpc;
Leigh B. Stoller's avatar
Leigh B. Stoller committed
24
25
use GeniResponse;
use GeniTicket;
Leigh B. Stoller's avatar
Leigh B. Stoller committed
26
use GeniCredential;
Leigh B. Stoller's avatar
Leigh B. Stoller committed
27
use GeniSliver;
Leigh B. Stoller's avatar
Leigh B. Stoller committed
28
use GeniUser;
Leigh B. Stoller's avatar
Leigh B. Stoller committed
29
use libtestbed;
Leigh B. Stoller's avatar
Leigh B. Stoller committed
30
31
32
# Hate to import all this crap; need a utility library.
use libdb qw(TBGetUniqueIndex TBcheck_dbslot TBDB_CHECKDBSLOT_ERROR);
use User;
Leigh B. Stoller's avatar
Leigh B. Stoller committed
33
use Node;
Leigh B. Stoller's avatar
Leigh B. Stoller committed
34
35
use English;
use Data::Dumper;
Leigh B. Stoller's avatar
Leigh B. Stoller committed
36
use Experiment;
Leigh B. Stoller's avatar
Leigh B. Stoller committed
37
38
39
40
41
42
43
44

# Configure variables
my $TB		   = "@prefix@";
my $TBOPS          = "@TBOPSEMAIL@";
my $TBAPPROVAL     = "@TBAPPROVALEMAIL@";
my $TBAUDIT   	   = "@TBAUDITEMAIL@";
my $BOSSNODE       = "@BOSSNODE@";
my $OURDOMAIN      = "@OURDOMAIN@";
Leigh B. Stoller's avatar
Leigh B. Stoller committed
45
46
my $CREATEEXPT     = "$TB/bin/batchexp";
my $NALLOC	   = "$TB/bin/nalloc";
Leigh B. Stoller's avatar
Leigh B. Stoller committed
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
my $AVAIL	   = "$TB/sbin/avail";

#
# Discover resources on this component, returning a resource availablity spec
#
sub DiscoverResources($)
{
    my ($argref) = @_;
    my $slice_uuid = $argref->{'slice_uuid'};
    my $credential = $argref->{'credential'};
    my $user_uuid  = $ENV{'GENIUSER'};

    if (! (defined($slice_uuid) && ($slice_uuid =~ /^[-\w]+$/))) {
	return GeniResponse->MalformedArgsResponse();
    }

    $credential = GeniCredential->CreateFromSigned($credential);
    if (!defined($credential)) {
	return GeniResponse->Create(GENIRESPONSE_ERROR, undef,
				    "Could not create GeniCredential object");
    }
    # The credential owner/slice has to match what was provided.
    if (! ($user_uuid eq $credential->owner_uuid() &&
	   $slice_uuid eq $credential->this_uuid())) {
	return GeniResponse->Create(GENIRESPONSE_FORBIDDEN, undef,
				    "Invalid credentials for operation");
    }

    #
    # Eventually we will take an optional rspec, but for now just return
    # a list of free nodes using avail. 
    #
    if (! open(AVAIL, "$AVAIL type=pc aslist |")) {
	return GeniResponse->Create(GENIRESPONSE_ERROR, undef,
				    "Could not start avail");
    }
    my @nodelist = ();
    while (<AVAIL>) {
	my $nodeid = $_;
	chomp($nodeid);
	my $node = Node->Lookup($nodeid);
	push(@nodelist, $node)
	    if (defined($node));
    }
    close(AVAIL);

    my $xml = "<rspec xmlns:\"http://protogeni.net/resources/rspec/0.1\">\n";
    foreach my $node (@nodelist) {
	my $uuid = $node->uuid();
	my $nodeid = $node->node_id();
	
	$xml .= "<node uuid=\"$uuid\" name=\"$nodeid\">".
	    "<available>true</available></node>\n";
    }
    $xml .= "</rspec>";

    return GeniResponse->Create(GENIRESPONSE_SUCCESS, $xml);
}
Leigh B. Stoller's avatar
Leigh B. Stoller committed
105

Leigh B. Stoller's avatar
Leigh B. Stoller committed
106
107
108
109
110
111
112
113
#
# Respond to a GetTicket request. No worries about credentials yet; we
# trust the caller cause it got past the SSL client verify checks in the
# web server.
#
sub GetTicket($)
{
    my ($argref) = @_;
Leigh B. Stoller's avatar
Leigh B. Stoller committed
114
    my $slice_uuid = $argref->{'slice_uuid'};
Leigh B. Stoller's avatar
Leigh B. Stoller committed
115
    my $rspec      = $argref->{'rspec'};
Leigh B. Stoller's avatar
Leigh B. Stoller committed
116
    my $impotent   = $argref->{'impotent'};
Leigh B. Stoller's avatar
Leigh B. Stoller committed
117
    my $credential = $argref->{'credential'};
Leigh B. Stoller's avatar
Leigh B. Stoller committed
118
    my $owner_uuid = $ENV{'GENIUSER'};
Leigh B. Stoller's avatar
Leigh B. Stoller committed
119
120
121
122
123
124
125

    if (! (defined($slice_uuid) && ($slice_uuid =~ /^[-\w]+$/))) {
	return GeniResponse->MalformedArgsResponse();
    }
    if (! defined($rspec)) {
	return GeniResponse->MalformedArgsResponse();
    }
Leigh B. Stoller's avatar
Leigh B. Stoller committed
126
127
128
    $impotent = 0
	if (!defined($impotent));

Leigh B. Stoller's avatar
Leigh B. Stoller committed
129
    $credential = GeniCredential->CreateFromSigned($credential);
Leigh B. Stoller's avatar
Leigh B. Stoller committed
130
131
132
133
134
135
136
137
138
139
    if (!defined($credential)) {
	return GeniResponse->Create(GENIRESPONSE_ERROR, undef,
				    "Could not create GeniCredential object");
    }
    # The credential owner/slice has to match what was provided.
    if (! ($owner_uuid eq $credential->owner_uuid() &&
	   $slice_uuid eq $credential->this_uuid())) {
	return GeniResponse->Create(GENIRESPONSE_FORBIDDEN, undef,
				    "Invalid credentials for operation");
    }
Leigh B. Stoller's avatar
Leigh B. Stoller committed
140
141

    #
Leigh B. Stoller's avatar
Leigh B. Stoller committed
142
    # XXX Should we create a local geni_slices record in the DB?
Leigh B. Stoller's avatar
Leigh B. Stoller committed
143
    #
Leigh B. Stoller's avatar
Leigh B. Stoller committed
144
145
146
147
    # If the underlying experiment does not exist, need to create
    # a holding experiment. All these are going to go into the same
    # project for now. Generally, users for non-local slices do not
    # have local accounts or directories.
Leigh B. Stoller's avatar
Leigh B. Stoller committed
148
    #
Leigh B. Stoller's avatar
Leigh B. Stoller committed
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
    my $experiment = Experiment->Lookup($slice_uuid);
    if (!defined($experiment)) {
	#
	# Form an eid for the experiment. 
	#
	my $eid = "slice" . TBGetUniqueIndex('next_sliceid', 1);

	# Note the -h option; allows experiment with no NS file.
	system("$CREATEEXPT -q -i -w -E 'Geni Slice Experiment' ".
	       "-h '$slice_uuid' -p genislices -e $eid");
	if ($?) {
	    return GeniResponse->Create(GENIRESPONSE_ERROR, undef,
					"Internal Error");
	}
	$experiment = Experiment->Lookup($slice_uuid);
    }

Leigh B. Stoller's avatar
Leigh B. Stoller committed
166
    #
Leigh B. Stoller's avatar
Leigh B. Stoller committed
167
168
169
    # An rspec is a structure that requests a specific node. If that node
    # is available, then reserve it. Otherwise the ticket cannot be
    # granted.
Leigh B. Stoller's avatar
Leigh B. Stoller committed
170
    #
Leigh B. Stoller's avatar
Leigh B. Stoller committed
171
172
173
174
175
176
177
178
179
180
181
    my $node_id = $rspec->{'node_id'};
    my $pid     = $experiment->pid();
    my $eid     = $experiment->eid();

    if (defined($node_id) && $node_id =~ /^(\w*)$/) {
	$node_id = $1;
    }
    else {
	return GeniResponse->Create(GENIRESPONSE_BADARGS, undef,
				    "Improper node id");
    }
Leigh B. Stoller's avatar
Leigh B. Stoller committed
182
183

    #
Leigh B. Stoller's avatar
Leigh B. Stoller committed
184
    # Create the ticket first, before allocating the node.
Leigh B. Stoller's avatar
Leigh B. Stoller committed
185
    #
Leigh B. Stoller's avatar
Leigh B. Stoller committed
186
    my $ticket = GeniTicket->Create($slice_uuid, $owner_uuid, $rspec);
Leigh B. Stoller's avatar
Leigh B. Stoller committed
187
188
189
190
    if (!defined($ticket)) {
	return GeniResponse->Create(GENIRESPONSE_ERROR, undef,
				    "Could not create GeniTicket object");
    }
Leigh B. Stoller's avatar
Leigh B. Stoller committed
191
    # Nalloc might fail if the node gets picked up by someone else.
Leigh B. Stoller's avatar
Leigh B. Stoller committed
192
193
194
195
196
197
198
199
200
201
202
203
    if (!$impotent) {
	system("$NALLOC $pid $eid $node_id");
	if (($? >> 8) < 0) {
	    $ticket->Delete();
	    return GeniResponse->Create(GENIRESPONSE_ERROR, undef,
					"Allocation failure");
	}
	elsif (($? >> 8) > 0) {
	    $ticket->Delete();
	    return GeniResponse->Create(GENIRESPONSE_UNAVAILABLE, undef,
					"Could not allocate node\n");
	}
Leigh B. Stoller's avatar
Leigh B. Stoller committed
204
    }
Leigh B. Stoller's avatar
Leigh B. Stoller committed
205
    if ($ticket->Sign() != 0) {
Leigh B. Stoller's avatar
Leigh B. Stoller committed
206
207
	# Release will free the node.
	$ticket->Release();
Leigh B. Stoller's avatar
Leigh B. Stoller committed
208
209
210
	return GeniResponse->Create(GENIRESPONSE_ERROR, undef,
				    "Could not sign Ticket");
    }
Leigh B. Stoller's avatar
Leigh B. Stoller committed
211
212
213
214
215
216
217
    return GeniResponse->Create(GENIRESPONSE_SUCCESS,
				$ticket->asString());
}

#
# Create a sliver.
#
Leigh B. Stoller's avatar
Leigh B. Stoller committed
218
219
# XXX Credentials stuff.
#
Leigh B. Stoller's avatar
Leigh B. Stoller committed
220
221
222
sub CreateSliver($)
{
    my ($argref) = @_;
Leigh B. Stoller's avatar
Leigh B. Stoller committed
223
224
    my $owner_uuid = $ENV{'GENIUSER'};
    my $ticket     = $argref->{'ticket'};
Leigh B. Stoller's avatar
Leigh B. Stoller committed
225
226
227
228
229
230
231
232
233
234
235
236

    if (! (defined($ticket) &&
	   !TBcheck_dbslot($ticket, "default", "text",
			   TBDB_CHECKDBSLOT_ERROR))) {
	return GeniResponse->Create(GENIRESPONSE_ERROR, undef,
				    "ticket: ". TBFieldErrorString());
    }
    $ticket = GeniTicket->CreateFromSignedTicket($ticket);
    if (!defined($ticket)) {
	return GeniResponse->Create(GENIRESPONSE_ERROR, undef,
				    "Could not create GeniTicket object");
    }
Leigh B. Stoller's avatar
Leigh B. Stoller committed
237
238
239
240
241
    # The credential owner has to match what is in the ticket.
    if ($owner_uuid ne $ticket->owner_uuid()) {
	return GeniResponse->Create(GENIRESPONSE_FORBIDDEN, undef,
				    "Invalid credentials for operation");
    }
Leigh B. Stoller's avatar
Leigh B. Stoller committed
242

Leigh B. Stoller's avatar
Leigh B. Stoller committed
243
244
245
246
247
248
    my $experiment = Experiment->Lookup($ticket->slice_uuid());
    if (!defined($experiment)) {
	return GeniResponse->Create(GENIRESPONSE_ERROR, undef,
				    "No local experiment for slice");
    }

Leigh B. Stoller's avatar
Leigh B. Stoller committed
249
250
251
252
253
    my $sliver = GeniSliver->Create($ticket);
    if (!defined($sliver)) {
	return GeniResponse->Create(GENIRESPONSE_ERROR, undef,
				    "Could not create GeniSliver object");
    }
Leigh B. Stoller's avatar
Leigh B. Stoller committed
254
255
256
257
258
259
260
261
262
263
264

    #
    # Provision the slice. Okay, we already allocated the node above,
    # so this should just work, unless the node has been released cause
    # it has been too long.
    #
    if ($sliver->Provision() != 0) {
	$sliver->Delete();
	return GeniResponse->Create(GENIRESPONSE_ERROR, undef,
				    "Could not provision sliver");
    }
Leigh B. Stoller's avatar
Leigh B. Stoller committed
265
266
267
268
269
270
271
272
273
274
275
276
277
278
    #
    # The API states we return a credential to control the sliver.
    #
    my $credential = GeniCredential->Create($sliver->uuid(),
					    $owner_uuid);
    if (!defined($credential)) {
	print STDERR "Could not create a credential for $sliver!\n";
	return -1;
    }
    if ($credential->Sign()) {
	print STDERR "Could not sign sliver credential!\n";
	return -1;
    }
    return GeniResponse->Create(GENIRESPONSE_SUCCESS, $credential->asString());
Leigh B. Stoller's avatar
Leigh B. Stoller committed
279
280
281
}

#
Leigh B. Stoller's avatar
Leigh B. Stoller committed
282
# Destroy a sliver.
Leigh B. Stoller's avatar
Leigh B. Stoller committed
283
#
Leigh B. Stoller's avatar
Leigh B. Stoller committed
284
sub DestroySliver($)
Leigh B. Stoller's avatar
Leigh B. Stoller committed
285
286
{
    my ($argref) = @_;
Leigh B. Stoller's avatar
Leigh B. Stoller committed
287
    my $owner_uuid  = $ENV{'GENIUSER'};
Leigh B. Stoller's avatar
Leigh B. Stoller committed
288
    my $sliver_uuid = $argref->{'uuid'};
Leigh B. Stoller's avatar
Leigh B. Stoller committed
289
    my $credential  = $argref->{'credential'};
Leigh B. Stoller's avatar
Leigh B. Stoller committed
290
291
292
293
294
295
296
297
298
299

    if (!defined($sliver_uuid)) {
	return GeniResponse->Create(GENIRESPONSE_BADARGS);
    }
    my $sliver = GeniSliver->Lookup($sliver_uuid);
    if (!defined($sliver)) {
	return GeniResponse->Create(GENIRESPONSE_BADARGS, undef,
				    "No such sliver $sliver_uuid");
    }

Leigh B. Stoller's avatar
Leigh B. Stoller committed
300
301
    if (! (defined($credential) &&
	   !TBcheck_dbslot($credential, "default", "text",
Leigh B. Stoller's avatar
Leigh B. Stoller committed
302
303
			   TBDB_CHECKDBSLOT_ERROR))) {
	return GeniResponse->Create(GENIRESPONSE_ERROR, undef,
Leigh B. Stoller's avatar
Leigh B. Stoller committed
304
				    "credential: ". TBFieldErrorString());
Leigh B. Stoller's avatar
Leigh B. Stoller committed
305
    }
Leigh B. Stoller's avatar
Leigh B. Stoller committed
306
307
    $credential = GeniCredential->CreateFromSigned($credential);
    if (!defined($credential)) {
Leigh B. Stoller's avatar
Leigh B. Stoller committed
308
	return GeniResponse->Create(GENIRESPONSE_ERROR, undef,
Leigh B. Stoller's avatar
Leigh B. Stoller committed
309
				    "Could not create GeniCredential object");
Leigh B. Stoller's avatar
Leigh B. Stoller committed
310
    }
Leigh B. Stoller's avatar
Leigh B. Stoller committed
311
312
313
314
315
    # The credential owner has to match what is in the ticket.
    if (! ($owner_uuid eq $credential->owner_uuid() &&
	   $sliver_uuid eq $credential->this_uuid())) {
	return GeniResponse->Create(GENIRESPONSE_FORBIDDEN, undef,
				    "Invalid credentials for operation");
Leigh B. Stoller's avatar
Leigh B. Stoller committed
316
    }
Leigh B. Stoller's avatar
Leigh B. Stoller committed
317

Leigh B. Stoller's avatar
Leigh B. Stoller committed
318
319
320
321
322
323
324
325
    $sliver->UnProvision() == 0 or
	return GeniResponse->Create(GENIRESPONSE_ERROR, undef,
				    "Could not unprovision sliver");
    $sliver->Delete() == 0 or
	return GeniResponse->Create(GENIRESPONSE_ERROR, undef,
				    "Could not delete sliver");
    
    return GeniResponse->Create(GENIRESPONSE_SUCCESS);
Leigh B. Stoller's avatar
Leigh B. Stoller committed
326
}