GeniCM.pm.in 40 KB
Newer Older
Leigh B. Stoller's avatar
Leigh B. Stoller committed
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23
#!/usr/bin/perl -wT
#
# EMULAB-COPYRIGHT
# Copyright (c) 2008 University of Utah and the Flux Group.
# All rights reserved.
#
package GeniCM;

#
# The server side of the CM interface on remote sites. Also communicates
# with the GMC interface at Geni Central as a client.
#
use strict;
use Exporter;
use vars qw(@ISA @EXPORT);

@ISA    = "Exporter";
@EXPORT = qw ( );

# Must come after package declaration!
use lib '@prefix@/lib';
use GeniDB;
use Genixmlrpc;
Leigh B. Stoller's avatar
Leigh B. Stoller committed
24 25
use GeniResponse;
use GeniTicket;
Leigh B. Stoller's avatar
Leigh B. Stoller committed
26
use GeniCredential;
27
use GeniCertificate;
Leigh B. Stoller's avatar
Leigh B. Stoller committed
28
use GeniSlice;
Leigh B. Stoller's avatar
Leigh B. Stoller committed
29
use GeniAggregate;
30
use GeniAuthority;
Leigh B. Stoller's avatar
Leigh B. Stoller committed
31
use GeniSliver;
Leigh B. Stoller's avatar
Leigh B. Stoller committed
32
use GeniUser;
Leigh B. Stoller's avatar
Leigh B. Stoller committed
33
use GeniRegistry;
Leigh B. Stoller's avatar
Leigh B. Stoller committed
34
use libtestbed;
Leigh B. Stoller's avatar
Leigh B. Stoller committed
35 36 37
# Hate to import all this crap; need a utility library.
use libdb qw(TBGetUniqueIndex TBcheck_dbslot TBDB_CHECKDBSLOT_ERROR);
use User;
Leigh B. Stoller's avatar
Leigh B. Stoller committed
38
use Node;
39
use Interface;
Leigh B. Stoller's avatar
Leigh B. Stoller committed
40 41
use English;
use Data::Dumper;
Leigh B. Stoller's avatar
Leigh B. Stoller committed
42
use XML::Simple;
Leigh B. Stoller's avatar
Leigh B. Stoller committed
43
use Experiment;
Leigh B. Stoller's avatar
Leigh B. Stoller committed
44 45 46 47 48 49 50 51

# Configure variables
my $TB		   = "@prefix@";
my $TBOPS          = "@TBOPSEMAIL@";
my $TBAPPROVAL     = "@TBAPPROVALEMAIL@";
my $TBAUDIT   	   = "@TBAUDITEMAIL@";
my $BOSSNODE       = "@BOSSNODE@";
my $OURDOMAIN      = "@OURDOMAIN@";
Leigh B. Stoller's avatar
Leigh B. Stoller committed
52
my $CREATEEXPT     = "$TB/bin/batchexp";
Leigh B. Stoller's avatar
Leigh B. Stoller committed
53
my $ENDEXPT        = "$TB/bin/endexp";
Leigh B. Stoller's avatar
Leigh B. Stoller committed
54
my $NALLOC	   = "$TB/bin/nalloc";
55
my $NFREE	   = "$TB/bin/nfree";
Leigh B. Stoller's avatar
Leigh B. Stoller committed
56
my $AVAIL	   = "$TB/sbin/avail";
57
my $PTOPGEN	   = "$TB/libexec/ptopgen";
Leigh B. Stoller's avatar
Leigh B. Stoller committed
58 59
my $TBSWAP	   = "$TB/bin/tbswap";
my $SWAPEXP	   = "$TB/bin/swapexp";
Leigh B. Stoller's avatar
Leigh B. Stoller committed
60 61 62 63
my $PLABSLICE	   = "$TB/sbin/plabslicewrapper";
my $NAMEDSETUP     = "$TB/sbin/named_setup";
my $VNODESETUP     = "$TB/sbin/vnode_setup";
my $GENTOPOFILE    = "$TB/libexec/gentopofile";
Leigh B. Stoller's avatar
Leigh B. Stoller committed
64 65

#
Leigh B. Stoller's avatar
Leigh B. Stoller committed
66
# Respond to a Resolve request. 
Leigh B. Stoller's avatar
Leigh B. Stoller committed
67 68 69 70 71 72 73
#
sub Resolve($)
{
    my ($argref) = @_;
    my $uuid       = $argref->{'uuid'};
    my $cred       = $argref->{'credential'};
    my $type       = $argref->{'type'};
Leigh B. Stoller's avatar
Leigh B. Stoller committed
74
    my $hrn;
Leigh B. Stoller's avatar
Leigh B. Stoller committed
75 76 77 78 79 80 81 82

    if (! defined($cred)) {
	return GeniResponse->MalformedArgsResponse();
    }
    if (! (defined($type) && ($type =~ /^(Node)$/))) {
	return GeniResponse->MalformedArgsResponse();
    }
    # Allow lookup by uuid or hrn.
Leigh B. Stoller's avatar
Leigh B. Stoller committed
83
    if (! defined($uuid)) {
Leigh B. Stoller's avatar
Leigh B. Stoller committed
84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126
	return GeniResponse->MalformedArgsResponse();
    }
    if (defined($uuid) && !($uuid =~ /^[-\w]*$/)) {
	return GeniResponse->MalformedArgsResponse();
    }

    my $credential = GeniCredential->CreateFromSigned($cred);
    if (!defined($credential)) {
	return GeniResponse->Create(GENIRESPONSE_ERROR, undef,
				    "Could not create GeniCredential object");
    }
    
    #
    # Make sure the credential was issued to the caller, but no special
    # permission required to resolve component resources.
    #
    if ($credential->owner_uuid() ne $ENV{'GENIUUID'}) {
	return GeniResponse->Create(GENIRESPONSE_ERROR, undef,
				    "This is not your credential!");
    }
    if ($type eq "Node") {
	my $node;
	
	if (defined($uuid)) {
	    $node= Node->Lookup($uuid);
	}
	else {
	    #
	    # We only want the last token for node lookup.
	    #
	    if ($hrn =~ /\./) {
		($hrn) = ($hrn =~ /\.(\w*)$/);
	    }
	    $node= Node->Lookup($hrn);
	}
	if (!defined($node)) {
	    return GeniResponse->Create(GENIRESPONSE_SEARCHFAILED,
					undef, "Nothing here by that name");
	}
	
	# Return a blob.
	my $blob = { "hrn"          => "${OURDOMAIN}." . $node->node_id(),
		     "uuid"         => $node->uuid(),
127
		     "role"	    => $node->role(),
Leigh B. Stoller's avatar
Leigh B. Stoller committed
128 129 130 131 132 133 134 135 136 137 138 139 140
		   };

	#
	# Get the list of interfaces for the node.
	#
	my @interfaces;
	if ($node->AllInterfaces(\@interfaces) != 0) {
	    return GeniResponse->Create(GENIRESPONSE_ERROR, undef,
					"Could not get interfaces for $uuid");
	}

	my @iblobs = ();
	foreach my $interface (@interfaces) {
141 142 143
	    next
		if (!defined($interface->switch_id()));
		
Leigh B. Stoller's avatar
Leigh B. Stoller committed
144 145 146 147 148 149
	    my $iblob = { "uuid"	=> $interface->uuid(),
			  "iface"	=> $interface->iface(),
			  "type"	=> $interface->type(),
			  "card"	=> $interface->card(),
			  "port"	=> $interface->port(),
			  "role"	=> $interface->role(),
150 151
			  "IP"		=> $interface->IP() || "",
			  "mask"	=> $interface->mask() || "",
Leigh B. Stoller's avatar
Leigh B. Stoller committed
152
			  "MAC"		=> $interface->mac(),
153 154 155 156 157
			  "switch_id"   => "${OURDOMAIN}." . 
			      $interface->switch_id(),
			  "switch_card"	=> $interface->switch_card(),
			  "switch_port"	=> $interface->switch_port(),
			  "wire_type"	=> $interface->wire_type(),
Leigh B. Stoller's avatar
Leigh B. Stoller committed
158 159 160 161 162 163 164 165 166 167 168 169
		      };

	    push(@iblobs, $iblob);
	}
	$blob->{'interfaces'} = \@iblobs
	    if (@iblobs);
	
	return GeniResponse->Create(GENIRESPONSE_SUCCESS, $blob);
    }
    return GeniResponse->Create(GENIRESPONSE_UNSUPPORTED);
}

Leigh B. Stoller's avatar
Leigh B. Stoller committed
170 171 172 173 174 175 176 177 178 179 180 181 182 183 184
#
# Discover resources on this component, returning a resource availablity spec
#
sub DiscoverResources($)
{
    my ($argref) = @_;
    my $credential = $argref->{'credential'};
    my $user_uuid  = $ENV{'GENIUSER'};

    $credential = GeniCredential->CreateFromSigned($credential);
    if (!defined($credential)) {
	return GeniResponse->Create(GENIRESPONSE_ERROR, undef,
				    "Could not create GeniCredential object");
    }
    # The credential owner/slice has to match what was provided.
185
    if ($user_uuid ne $credential->owner_uuid()) {
Leigh B. Stoller's avatar
Leigh B. Stoller committed
186 187 188 189 190
	return GeniResponse->Create(GENIRESPONSE_FORBIDDEN, undef,
				    "Invalid credentials for operation");
    }

    #
191
    # Use ptopgen in xml mode to spit back an xml file. 
Leigh B. Stoller's avatar
Leigh B. Stoller committed
192
    #
193
    if (! open(AVAIL, "$PTOPGEN -x -g -r -p GeniSlices |")) {
Leigh B. Stoller's avatar
Leigh B. Stoller committed
194 195 196
	return GeniResponse->Create(GENIRESPONSE_ERROR, undef,
				    "Could not start avail");
    }
197
    my $xml = "";
Leigh B. Stoller's avatar
Leigh B. Stoller committed
198
    while (<AVAIL>) {
199
	$xml .= $_;
Leigh B. Stoller's avatar
Leigh B. Stoller committed
200 201 202 203 204
    }
    close(AVAIL);

    return GeniResponse->Create(GENIRESPONSE_SUCCESS, $xml);
}
Leigh B. Stoller's avatar
Leigh B. Stoller committed
205

Leigh B. Stoller's avatar
Leigh B. Stoller committed
206
#
Leigh B. Stoller's avatar
Leigh B. Stoller committed
207
# Respond to a GetTicket request. 
Leigh B. Stoller's avatar
Leigh B. Stoller committed
208 209 210 211 212
#
sub GetTicket($)
{
    my ($argref) = @_;
    my $rspec      = $argref->{'rspec'};
Leigh B. Stoller's avatar
Leigh B. Stoller committed
213
    my $impotent   = $argref->{'impotent'};
214
    my $cred       = $argref->{'credential'};
215
    my $vtopo      = $argref->{'virtual_topology'};
Leigh B. Stoller's avatar
Leigh B. Stoller committed
216
    my $owner_uuid = $ENV{'GENIUSER'};
Leigh B. Stoller's avatar
Leigh B. Stoller committed
217

218 219
    if (! defined($cred)) {
	return GeniResponse->MalformedArgsResponse();
Leigh B. Stoller's avatar
Leigh B. Stoller committed
220
    }
Leigh B. Stoller's avatar
Leigh B. Stoller committed
221 222 223
    if (! (defined($rspec) && ($rspec =~ /^[-\w]+$/))) {
	GeniResponse->Create(GENIRESPONSE_BADARGS, undef,
			     "Improper rspec");	
Leigh B. Stoller's avatar
Leigh B. Stoller committed
224
    }
225
    $rspec = XMLin($rspec, ForceArray => ["node", "link", "linkendpoints"]);
Leigh B. Stoller's avatar
Leigh B. Stoller committed
226

Leigh B. Stoller's avatar
Leigh B. Stoller committed
227 228 229
    $impotent = 0
	if (!defined($impotent));

230
    my $credential = GeniCredential->CreateFromSigned($cred);
Leigh B. Stoller's avatar
Leigh B. Stoller committed
231 232 233 234
    if (!defined($credential)) {
	return GeniResponse->Create(GENIRESPONSE_ERROR, undef,
				    "Could not create GeniCredential object");
    }
235
    my $slice_uuid = $credential->target_uuid();
236 237
    my $user_uuid  = $credential->owner_uuid();
    
238

239 240 241 242
    #
    # Make sure the credential was issued to the caller.
    #
    if ($credential->owner_uuid() ne $ENV{'GENIUUID'}) {
Leigh B. Stoller's avatar
Leigh B. Stoller committed
243
	return GeniResponse->Create(GENIRESPONSE_ERROR, undef,
244
				    "This is not your credential!");
Leigh B. Stoller's avatar
Leigh B. Stoller committed
245
    }
Leigh B. Stoller's avatar
Leigh B. Stoller committed
246

Leigh B. Stoller's avatar
Leigh B. Stoller committed
247 248 249 250 251 252 253
    #
    # See if we have a record of this slice in the DB. If not, then we have
    # to go to the ClearingHouse to find its record, so that we can find out
    # who the SA for it is.
    #
    my $slice = GeniSlice->Lookup($slice_uuid);
    if (!defined($slice)) {
254
	$slice = CreateSliceFromCertificate($credential);
Leigh B. Stoller's avatar
Leigh B. Stoller committed
255
	if (!defined($slice)) {
256
	    print STDERR "Could not create $slice_uuid\n";
Leigh B. Stoller's avatar
Leigh B. Stoller committed
257
	    return GeniResponse->Create(GENIRESPONSE_ERROR, undef,
258
					"Could not create slice");
Leigh B. Stoller's avatar
Leigh B. Stoller committed
259
	}
Leigh B. Stoller's avatar
Leigh B. Stoller committed
260 261
    }

Leigh B. Stoller's avatar
Leigh B. Stoller committed
262
    #
Leigh B. Stoller's avatar
Leigh B. Stoller committed
263 264
    # Ditto the user.
    #
265
    my $user = GeniUser->Lookup($user_uuid);
Leigh B. Stoller's avatar
Leigh B. Stoller committed
266
    if (!defined($user)) {
267
	$user = CreateUserFromCertificate($credential->owner_cert());
Leigh B. Stoller's avatar
Leigh B. Stoller committed
268
	if (!defined($user)) {
269
	    print STDERR "No user $user_uuid in the ClearingHouse\n";
Leigh B. Stoller's avatar
Leigh B. Stoller committed
270 271 272 273 274
	    return GeniResponse->Create(GENIRESPONSE_ERROR, undef,
			    "Could not get user info from ClearingHouse");
	}
    }

275
    my $experiment = GeniExperiment($slice_uuid);
Leigh B. Stoller's avatar
Leigh B. Stoller committed
276
    if (!defined($experiment)) {
277 278
	return GeniResponse->Create(GENIRESPONSE_ERROR, undef,
				    "Internal Error");
Leigh B. Stoller's avatar
Leigh B. Stoller committed
279 280
    }

Leigh B. Stoller's avatar
Leigh B. Stoller committed
281
    #
Leigh B. Stoller's avatar
Leigh B. Stoller committed
282 283
    # An rspec is a structure that requests specific nodes. If those
    # nodes are available, then reserve it. Otherwise the ticket
Leigh B. Stoller's avatar
Leigh B. Stoller committed
284 285 286 287
    # cannot be granted.
    #
    # XXX Simpleminded ... assumes only physical nodes for now. Need to deal
    # with virtual nodes (vservers on shared nodes, planetlab nodes, etc).
Leigh B. Stoller's avatar
Leigh B. Stoller committed
288
    #
Leigh B. Stoller's avatar
Leigh B. Stoller committed
289
    my @nodeids = ();
Leigh B. Stoller's avatar
Leigh B. Stoller committed
290 291 292
    my $pid     = $experiment->pid();
    my $eid     = $experiment->eid();

293 294
    foreach my $ref (@{$rspec->{'node'}}) {
	my $resource_uuid = $ref->{'uuid'};
295 296
	my $node = Node->Lookup($resource_uuid);
	if (!defined($node)) {
Leigh B. Stoller's avatar
Leigh B. Stoller committed
297
	    return GeniResponse->Create(GENIRESPONSE_BADARGS, undef,
298
					"Bad resource_uuid $resource_uuid");
Leigh B. Stoller's avatar
Leigh B. Stoller committed
299
	}
300 301 302 303 304 305 306 307 308 309 310
	#
	# Widearea nodes do not need to be allocated, but for now all
	# I allow is a plabdslice node.
	#
	if ($node->isremotenode()) {
	    if (! $node->isplabphysnode()) {
		return GeniResponse->Create(GENIRESPONSE_BADARGS, undef,
					    "Only plab widearea nodes");
	    }
	    next;
	}
Leigh B. Stoller's avatar
Leigh B. Stoller committed
311 312 313 314 315 316 317 318 319

	#
	# See if the node is already reserved.
	#
	my $reservation = $node->Reservation();
	if (defined($reservation)) {
	    return GeniResponse->Create(GENIRESPONSE_UNAVAILABLE, undef,
				"$resource_uuid ($node) is not available");
	}
320
	push(@nodeids, $node->node_id());
Leigh B. Stoller's avatar
Leigh B. Stoller committed
321
    }
Leigh B. Stoller's avatar
Leigh B. Stoller committed
322 323

    #
Leigh B. Stoller's avatar
Leigh B. Stoller committed
324
    # Create the ticket first, before allocating the node.
Leigh B. Stoller's avatar
Leigh B. Stoller committed
325
    #
Leigh B. Stoller's avatar
Leigh B. Stoller committed
326
    my $ticket = GeniTicket->Create($slice, $user, $rspec);
Leigh B. Stoller's avatar
Leigh B. Stoller committed
327 328 329 330
    if (!defined($ticket)) {
	return GeniResponse->Create(GENIRESPONSE_ERROR, undef,
				    "Could not create GeniTicket object");
    }
Leigh B. Stoller's avatar
Leigh B. Stoller committed
331
    # Nalloc might fail if the node gets picked up by someone else.
332
    if (@nodeids && !$impotent) {
Leigh B. Stoller's avatar
Leigh B. Stoller committed
333
	system("$NALLOC $pid $eid @nodeids");
Leigh B. Stoller's avatar
Leigh B. Stoller committed
334 335 336 337 338 339 340 341
	if (($? >> 8) < 0) {
	    $ticket->Delete();
	    return GeniResponse->Create(GENIRESPONSE_ERROR, undef,
					"Allocation failure");
	}
	elsif (($? >> 8) > 0) {
	    $ticket->Delete();
	    return GeniResponse->Create(GENIRESPONSE_UNAVAILABLE, undef,
342
					"Could not allocate node");
Leigh B. Stoller's avatar
Leigh B. Stoller committed
343
	}
Leigh B. Stoller's avatar
Leigh B. Stoller committed
344
    }
345 346 347 348 349 350 351
    if (defined($vtopo) && $experiment->InsertVirtTopo($vtopo) != 0) {
	# Release will free the nodes.
	$ticket->Release();
	return GeniResponse->Create(GENIRESPONSE_ERROR, undef,
				    "Could not insert virt topology");
    }
    
Leigh B. Stoller's avatar
Leigh B. Stoller committed
352
    if ($ticket->Sign() != 0) {
Leigh B. Stoller's avatar
Leigh B. Stoller committed
353
	# Release will free the nodes.
Leigh B. Stoller's avatar
Leigh B. Stoller committed
354
	$ticket->Release();
Leigh B. Stoller's avatar
Leigh B. Stoller committed
355 356 357
	return GeniResponse->Create(GENIRESPONSE_ERROR, undef,
				    "Could not sign Ticket");
    }
Leigh B. Stoller's avatar
Leigh B. Stoller committed
358 359 360 361 362 363 364
    return GeniResponse->Create(GENIRESPONSE_SUCCESS,
				$ticket->asString());
}

#
# Create a sliver.
#
365
sub RedeemTicket($)
Leigh B. Stoller's avatar
Leigh B. Stoller committed
366 367
{
    my ($argref) = @_;
Leigh B. Stoller's avatar
Leigh B. Stoller committed
368
    my $ticket     = $argref->{'ticket'};
369
    my $impotent   = $argref->{'impotent'};
Leigh B. Stoller's avatar
Leigh B. Stoller committed
370
    my $extraargs  = $argref->{'extraargs'};
371 372 373

    $impotent = 0
	if (!defined($impotent));
Leigh B. Stoller's avatar
Leigh B. Stoller committed
374 375 376 377 378 379 380 381 382 383 384 385

    if (! (defined($ticket) &&
	   !TBcheck_dbslot($ticket, "default", "text",
			   TBDB_CHECKDBSLOT_ERROR))) {
	return GeniResponse->Create(GENIRESPONSE_ERROR, undef,
				    "ticket: ". TBFieldErrorString());
    }
    $ticket = GeniTicket->CreateFromSignedTicket($ticket);
    if (!defined($ticket)) {
	return GeniResponse->Create(GENIRESPONSE_ERROR, undef,
				    "Could not create GeniTicket object");
    }
386 387 388 389 390 391 392
    
    #
    # Make sure the credential was issued to the caller.
    #
    if ($ticket->owner_uuid() ne $ENV{'GENIUUID'}) {
	return GeniResponse->Create(GENIRESPONSE_ERROR, undef,
				    "This is not your credential!");
Leigh B. Stoller's avatar
Leigh B. Stoller committed
393
    }
394 395
    return ModifySliver(undef, $ticket, $ticket->rspec(), $impotent);
}
Leigh B. Stoller's avatar
Leigh B. Stoller committed
396

397 398 399 400 401 402 403 404 405 406 407 408 409 410 411 412 413 414 415
#
# Update a sliver with a different resource set.
#
sub UpdateSliver($)
{
    my ($argref) = @_;
    my $cred        = $argref->{'credential'};
    my $rspec       = $argref->{'rspec'};
    my $impotent    = $argref->{'impotent'};

    $impotent = 0
	if (!defined($impotent));

    if (!defined($cred)) {
	return GeniResponse->Create(GENIRESPONSE_BADARGS);
    }
    if (! (defined($rspec) && ($rspec =~ /^[-\w]+$/))) {
	GeniResponse->Create(GENIRESPONSE_BADARGS, undef, "Improper rspec");
    }
416
    $rspec = XMLin($rspec, ForceArray => ["node", "link", "linkendpoints"]);
417 418 419

    my $credential = GeniCredential->CreateFromSigned($cred);
    if (!defined($credential)) {
Leigh B. Stoller's avatar
Leigh B. Stoller committed
420
	return GeniResponse->Create(GENIRESPONSE_ERROR, undef,
421 422
				    "Could not create GeniCredential object");
    }
423
    my $sliver_uuid = $credential->target_uuid();
424 425 426 427 428 429 430 431 432 433 434 435 436
    my $user_uuid   = $credential->owner_uuid();
    
    #
    # Make sure the credential was issued to the caller.
    #
    if ($credential->owner_uuid() ne $ENV{'GENIUUID'}) {
	return GeniResponse->Create(GENIRESPONSE_ERROR, undef,
				    "This is not your credential!");
    }
    my $sliver = GeniSliver->Lookup($sliver_uuid);
    if (defined($sliver)) {
	return GeniResponse->Create(GENIRESPONSE_BADARGS, undef,
				    "Only aggregates for now");
Leigh B. Stoller's avatar
Leigh B. Stoller committed
437
    }
438 439 440 441 442 443 444
    my $aggregate = GeniAggregate->Lookup($sliver_uuid);
    if (!defined($aggregate)) {
	return GeniResponse->Create(GENIRESPONSE_BADARGS, undef,
				    "No such aggregate $sliver_uuid");
    }
    return ModifySliver($aggregate, $credential, $rspec, $impotent);
}
Leigh B. Stoller's avatar
Leigh B. Stoller committed
445

446 447 448 449 450 451 452 453 454 455 456 457
#
# Utility function for above routines.
#
sub ModifySliver($$$$)
{
    my ($object, $credential, $rspec, $impotent) = @_;

    my $owner_uuid = $credential->owner_uuid();
    my $message    = "Error creating sliver/aggregate";
    my $slice_uuid;
    my $aggregate;
    
458 459 460 461
    #
    # See if we have a record of this slice in the DB. If not, throw an
    # error; might change later.
    #
462 463 464 465 466 467 468 469
    if (defined($object)) {
	# We get the slice via the sliver/aggregate.
	$slice_uuid = $object->slice_uuid();
    }
    else {
	$slice_uuid = $credential->slice_uuid();
    }
    my $slice = GeniSlice->Lookup($slice_uuid);
470 471 472 473 474 475 476 477 478 479
    if (!defined($slice)) {
	return GeniResponse->Create(GENIRESPONSE_ERROR, undef,
				    "No slice record for slice");
    }

    #
    # Ditto the user.
    #
    my $owner = GeniUser->Lookup($owner_uuid);
    if (!defined($owner)) {
480
	$owner = CreateUserFromCertificate($credential->owner_cert());
481 482 483 484 485
	if (!defined($owner)) {
	    print STDERR "No user $owner_uuid in the ClearingHouse\n";
	    return GeniResponse->Create(GENIRESPONSE_ERROR, undef,
					"No user record for $owner_uuid");
	}
486 487
    }

488 489 490 491 492
    my $experiment = GeniExperiment($slice_uuid);
    if (!defined($experiment)) {
	return GeniResponse->Create(GENIRESPONSE_ERROR, undef,
				    "No local experiment for slice");
    }
493
    print STDERR Dumper($rspec);
494 495 496 497 498 499 500 501 502 503

    #
    # Figure out what nodes to allocate or free. 
    #
    my %nodelist = ();
    my %linklist = ();
    my %toalloc  = ();
    my @tofree   = ();
    my $pid      = $experiment->pid();
    my $eid      = $experiment->eid();
504
    my $needplabslice = 0;
505 506 507 508 509

    #
    # Find current nodes and record their uuids. 
    #
    if (defined($object)) {
Leigh B. Stoller's avatar
Leigh B. Stoller committed
510
	if ($object->type() ne "Aggregate") {
511 512 513 514 515 516 517 518 519 520 521 522 523 524 525 526 527 528 529 530 531 532 533 534 535 536 537 538 539 540 541 542
	    return GeniResponse->Create(GENIRESPONSE_UNSUPPORTED, undef,
					"Only node aggregates allowed");
	}
	my @slivers;
	if ($object->SliverList(\@slivers) != 0) {
	    return GeniResponse->Create(GENIRESPONSE_ERROR, undef);
	}
	foreach my $s (@slivers) {
	    if (ref($s) eq "GeniSliver::Node") {
		$nodelist{$s->resource_uuid()} = $s;
	    }
	    elsif (ref($s) eq "GeniAggregate::Link") {
		$linklist{$s->uuid()} = $s;
	    }
	    else {
		return GeniResponse->Create(GENIRESPONSE_UNSUPPORTED, undef,
					    "Only nodes or links allowed");
	    }
	}
    }

    #
    # Figure out what nodes need to be allocated.
    #
    foreach my $ref (@{$rspec->{'node'}}) {
	my $resource_uuid = $ref->{'uuid'};
	my $node = Node->Lookup($resource_uuid);
	if (!defined($node)) {
	    return GeniResponse->Create(GENIRESPONSE_BADARGS, undef,
					"Bad resource_uuid $resource_uuid");
	}

543 544 545 546 547 548 549 550 551 552 553 554 555
	#
	# Widearea nodes do not need to be allocated, but for now all
	# I allow is a plabdslice node.
	#
	if ($node->isremotenode()) {
	    if (! $node->isplabphysnode()) {
		return GeniResponse->Create(GENIRESPONSE_BADARGS, undef,
					    "Only plab widearea nodes");
	    }
	    $needplabslice = 1;
	    next;
	}

556 557 558 559 560 561 562 563 564 565 566 567 568 569 570 571 572 573 574 575 576 577 578 579 580 581 582 583 584 585 586 587 588 589 590 591 592 593 594 595 596 597 598 599 600 601 602 603 604 605 606
	#
	# See if the node is already reserved. 
	#
	my $reservation = $node->Reservation();
	if (defined($reservation)) {
	    # Reserved during previous operation on the sliver.
	    next
		if ($reservation->SameExperiment($experiment));
	    
	    return GeniResponse->Create(GENIRESPONSE_UNAVAILABLE, undef,
				"$resource_uuid ($node) is not available");
	}
	#
	# Sanity check on the list of already allocated nodes.
	#
	foreach my $s (values(%nodelist)) {
	    if ($resource_uuid eq $s->resource_uuid()) {
		print STDERR
		    "$resource_uuid is not supposed to be allocated\n";
		return GeniResponse->Create(GENIRESPONSE_ERROR, undef);
	    }
	}
	$toalloc{$resource_uuid} = $node->node_id();
    }

    #
    # What nodes need to be released?
    #
    foreach my $s (values(%nodelist)) {
	my $node_uuid = $s->resource_uuid();
	my $node      = Node->Lookup($node_uuid);
	my $needfree  = 1;
	
	foreach my $ref (@{$rspec->{'node'}}) {
	    my $resource_uuid = $ref->{'uuid'};
	    if ($node_uuid eq $resource_uuid) {
		$needfree = 0;
		last;
	    }
	}
	if ($needfree) {
	    #
	    # Not yet.
	    #
	    my @dlist;
	    if ($s->DependentSlivers(\@dlist) != 0) {
		return GeniResponse->Create(GENIRESPONSE_ERROR, undef,
					    "Could not get DependentSlivers");
	    }
	    if (@dlist) {
		return GeniResponse->Create(GENIRESPONSE_REFUSED, undef,
607
				    "Must tear down dependent slivers first");
608 609 610 611 612
	    }
	    push(@tofree, $s);
	}
    }

Leigh B. Stoller's avatar
Leigh B. Stoller committed
613 614 615 616 617 618
    #
    # Create an emulab nonlocal user for tmcd.
    #
    $owner->BindToSlice($slice) == 0
	or return GeniResponse->Create(GENIRESPONSE_ERROR, undef,
				       "Error binding user to slice");
619

620

Leigh B. Stoller's avatar
Leigh B. Stoller committed
621
    # Bind the other users too.
Leigh B. Stoller's avatar
Leigh B. Stoller committed
622 623 624
    # XXX Need to figure out where these come from.
    my @userbindings = ();

Leigh B. Stoller's avatar
Leigh B. Stoller committed
625 626
    foreach my $otheruuid (@userbindings) {
	my $otheruser = GeniUser->Lookup($otheruuid);
627
	if (!defined($otheruser)) {
628
	    $otheruser = CreateUserFromCertificate($otheruuid);
629 630 631 632 633
	    if (!defined($otheruser)) {
		print STDERR "No user $otheruser, cannot bind to slice\n";
		next;
	    }
	}
Leigh B. Stoller's avatar
Leigh B. Stoller committed
634
	if ($otheruser->BindToSlice($slice) != 0) {
Leigh B. Stoller's avatar
Leigh B. Stoller committed
635 636 637 638
	    print STDERR "Could not bind $otheruser to $slice\n";
	}
    }

Leigh B. Stoller's avatar
Leigh B. Stoller committed
639
    #
Leigh B. Stoller's avatar
Leigh B. Stoller committed
640
    # We are actually an Aggregate, so return an aggregate of slivers,
641
    # even if there is just one node. This makes sliceupdate easier.
Leigh B. Stoller's avatar
Leigh B. Stoller committed
642
    #
643 644 645 646
    if (defined($object)) {
	$aggregate = $object;
    }
    else {
647 648 649 650 651 652 653
	#
	# Form the hrn from the slicename.
	#
	my $hrn = "${OURDOMAIN}." . $slice->slicename();
	
	$aggregate = GeniAggregate->Create($slice, $owner, "Aggregate",
					   $hrn, $slice->hrn());
654 655
	if (!defined($aggregate)) {
	    return GeniResponse->Create(GENIRESPONSE_ERROR, undef,
656 657 658 659 660 661 662 663 664 665 666 667 668
				"Could not create GeniAggregate object");
	}
    }

    # Nalloc might fail if the node gets picked up by someone else.
    if (values(%toalloc) && !$impotent) {
	my @list = values(%toalloc);
	system("$NALLOC $pid $eid @list");
	if ($?) {
	    # Nothing to deallocate if this fails.
	    %toalloc = undef;
	    $message = "Allocation failure";
	    goto bad;
669
	}
Leigh B. Stoller's avatar
Leigh B. Stoller committed
670
    }
Leigh B. Stoller's avatar
Leigh B. Stoller committed
671

672 673 674 675 676 677 678 679 680 681 682 683
    #
    # We need to tear down links that are no longer in the rspec or
    # have changed.
    #
    foreach my $s (values(%linklist)) {
	my $needfree  = 1;

	if (! exists($rspec->{'link'}->{$s->hrn()})) {
	    $s->UnProvision();
	    $s->Delete();
	    next;
	}
684

685 686 687 688 689 690 691 692 693 694 695
	my $delete     = 0;
	my @interfaces = ();
	if ($s->SliverList(\@interfaces) != 0) {
	    $message = "Failed to get sliverlist for $s";
	    goto bad;
	}
	foreach my $i (@interfaces) {
	    my $node_uuid   = $i->resource_uuid();
	    my $iface_name  = $i->rspec()->{'iface_name'};

	    my $linkendpoints =
Leigh B. Stoller's avatar
Leigh B. Stoller committed
696
		$rspec->{'link'}->{$s->hrn()}->{'linkendpoints'};
697 698 699
	}
    }
    
Leigh B. Stoller's avatar
Leigh B. Stoller committed
700
    #
Leigh B. Stoller's avatar
Leigh B. Stoller committed
701 702
    # Now for each resource (okay, node) in the ticket create a sliver and
    # add it to the aggregate.
Leigh B. Stoller's avatar
Leigh B. Stoller committed
703
    #
Leigh B. Stoller's avatar
Leigh B. Stoller committed
704 705
    my %slivers   = ();
    my @plabnodes = ();
706
    foreach my $ref (@{$rspec->{'node'}}) {
707
	my $resource_uuid = $ref->{'uuid'};
708 709 710 711
	# Already in the aggregate?
	next
	    if (grep {$_ eq $resource_uuid} keys(%nodelist));
	
712 713 714
	my $node = Node->Lookup($resource_uuid);
	if (!defined($node)) {
	    $message = "Unknown resource_uuid in ticket: $resource_uuid";
Leigh B. Stoller's avatar
Leigh B. Stoller committed
715 716
	    goto bad;
	}
Leigh B. Stoller's avatar
Leigh B. Stoller committed
717 718 719 720
	my $sliver = GeniSliver::Node->Create($slice,
					      $owner->uuid(),
					      $resource_uuid,
					      $ref);
Leigh B. Stoller's avatar
Leigh B. Stoller committed
721 722 723 724
	if (!defined($sliver)) {
	    $message = "Could not create GeniSliver object for $resource_uuid";
	    goto bad;
	}
725
	$slivers{$resource_uuid} = $sliver;
726 727 728 729 730 731 732

	#
	# Remove this from %toalloc; if there is an error, the slivers are
	# deleted and the node released there. We only delete nodes that
	# have not turned into slivers yet. Ick.
	#
	delete($toalloc{$resource_uuid});
Leigh B. Stoller's avatar
Leigh B. Stoller committed
733 734 735 736 737 738 739 740 741 742

	# See below; setup all pnodes at once.
	if ($node->isremotenode()) {
	    my $vnode = Node->Lookup($sliver->uuid());
	    if (!defined($vnode)) {
		print STDERR "Could not locate vnode $sliver\n";
		goto bad;
	    }
	    push(@plabnodes, $vnode);
	}
Leigh B. Stoller's avatar
Leigh B. Stoller committed
743
    }
Leigh B. Stoller's avatar
Leigh B. Stoller committed
744

745 746 747 748 749
    #
    # Now do the links. For each link, we have to add a sliver for the
    # interfaces, and then combine those two interfaces into an aggregate,
    # and then that aggregate goes into the aggregate for toplevel sliver.
    #
750
    foreach my $linkname (keys(%{$rspec->{'link'}})) {
751 752 753 754 755
	my @linkslivers  = ();
	if (! ($linkname =~ /^[-\w]*$/)) {
	    $message = "Bad name for link: $linkname";
	    goto bad;
	}
Leigh B. Stoller's avatar
Leigh B. Stoller committed
756 757 758 759 760 761 762 763 764 765 766 767 768 769 770 771 772 773 774 775 776 777 778 779 780 781 782 783 784
	my $linkref = $rspec->{'link'}->{$linkname};

	#
	# XXX Tunnels are a total kludge right now ...
	#
	if (exists($linkref->{'link_type'}) &&
	    $linkref->{'link_type'} eq "tunnel") {

	    my $node1ref = (@{$linkref->{'linkendpoints'}})[0];
	    my $node2ref = (@{$linkref->{'linkendpoints'}})[1];

	    my $node1sliver = $slivers{$node1ref->{'node_uuid'}} ||
		$nodelist{$node1ref->{'node_uuid'}};
	    my $node2sliver = $slivers{$node2ref->{'node_uuid'}} ||
		$nodelist{$node2ref->{'node_uuid'}};
	    
	    my $tunnel = GeniAggregate::Tunnel->Create($slice,
						       $owner,
						       $node1sliver,
						       $node2sliver,
						       $linkref);

	    if (!defined($tunnel)) {
		$message = "Could not create tunnel aggregate for $linkname";
		goto bad;
	    }
	    $slivers{$tunnel->uuid()} = $tunnel;
	    next;
	}
785

786 787
	my $linkaggregate = GeniAggregate::Link->Create($slice, $owner,
							$linkname);
788 789 790 791 792 793
	if (!defined($linkaggregate)) {
	    $message = "Could not create link aggregate for $linkname";
	    goto bad;
	}
	$slivers{$linkaggregate->uuid()} = $linkaggregate;

Leigh B. Stoller's avatar
Leigh B. Stoller committed
794
	foreach my $ref (@{$rspec->{'link'}->{$linkname}->{'linkendpoints'}}) {
795 796
	    my $node_uuid  = $ref->{'node_uuid'};
	    my $iface_name = $ref->{'iface_name'};
797
	    my $nodesliver = $slivers{$node_uuid} || $nodelist{$node_uuid};
798 799 800 801 802 803 804 805 806
	    if (!defined($nodesliver)) {
		$message = "Link $linkname specifies a non-existent node";
		goto bad;
	    }
	    my $nodeobject= Node->Lookup($node_uuid);
	    if (!defined($nodeobject)) {
		$message = "Could not find node object for $node_uuid";
		goto bad;
	    }
807
	    my $interface = Interface->LookupByIface($nodeobject, $iface_name);
808
	    if (!defined($interface)) {
809
		$message = "No such interface $iface_name on node $nodeobject";
810 811
		goto bad;
	    }
Leigh B. Stoller's avatar
Leigh B. Stoller committed
812 813 814
	    my $sliver = GeniSliver::Interface->Create($slice,
						       $owner->uuid(),
						       $interface->uuid(),
815 816
						       $nodeobject,
						       $ref);
817 818 819 820 821 822 823 824 825 826 827 828
	    if (!defined($sliver)) {
		$message = "Could not create GeniSliver ".
		    "$interface in $linkname";
		goto bad;
	    }
	    if ($sliver->SetAggregate($linkaggregate) != 0) {
		$message = "Could not add link sliver $sliver to $aggregate";
		goto bad;
	    }
	}
    }

829 830 831 832 833 834 835 836 837 838 839
    #
    # Create a planetlab slice before provisioning (which creates nodes).
    #
    if ($needplabslice && !$impotent) {
	system("$PLABSLICE create $pid $eid");
	if ($?) {
	    $message = "Plab Slice creation failure";
	    goto bad;
	}
    }

Leigh B. Stoller's avatar
Leigh B. Stoller committed
840
    #
841 842
    # Now do the provisioning (note that we actually allocated the
    # node above when the ticket was granted). Then add the sliver to
843
    # the aggregate. 
Leigh B. Stoller's avatar
Leigh B. Stoller committed
844
    #
845
    foreach my $sliver (values(%slivers)) {
846
	if (!$impotent && $sliver->Provision() != 0) {
Leigh B. Stoller's avatar
Leigh B. Stoller committed
847 848
	    $message = "Could not provision $sliver";
	    goto bad;
849

Leigh B. Stoller's avatar
Leigh B. Stoller committed
850
	}
851 852
	if ($sliver->SetAggregate($aggregate) != 0) {
	    $message = "Could not set aggregate for $sliver to $aggregate";
Leigh B. Stoller's avatar
Leigh B. Stoller committed
853 854 855 856
	    goto bad;
	}
    }

Leigh B. Stoller's avatar
Leigh B. Stoller committed
857 858 859 860 861 862 863 864 865 866 867 868 869 870 871 872 873 874 875 876 877 878 879 880
    #
    # We want to do this stuff only once, not for each node. 
    #
    # Must have the topofile for node boot. Might need locking on this.
    if (system("$GENTOPOFILE $pid $eid")) {
	print STDERR "$GENTOPOFILE failed\n";
	goto bad;
    }
    # The nodes will not boot locally unless there is a DNS record.
    if (system("$NAMEDSETUP")) {
	print STDERR "$NAMEDSETUP failed\n";
	goto bad;
    }
    # Set up plab nodes all at once. 
    if ($needplabslice && @plabnodes && !$impotent) {
	my @node_ids = map { $_->node_id() } @plabnodes;

	system("$VNODESETUP -p -q -m $pid $eid @node_ids");
	if ($?) {
	    print STDERR "$VNODESETUP failed\n";
	    goto bad;
	}
    }

Leigh B. Stoller's avatar
Leigh B. Stoller committed
881
    #
882
    # The API states we return a credential to control the aggregate.
Leigh B. Stoller's avatar
Leigh B. Stoller committed
883
    #
884 885
    if (ref($credential) eq "GeniTicket") {
	my $ticket  = $credential;
886
	$credential = $aggregate->NewCredential($owner);
887 888 889 890 891 892 893 894 895 896 897 898 899 900
	if (!defined($credential)) {
	    $message = "Could not create credential";
	    goto bad;
	}
    
	#
	# The last step is to delete the ticket, since it is no longer needed.
	# and will cause less confusion if it is not in the DB.
	#
	if ($ticket->Delete() != 0) {
	    print STDERR "Error deleting $ticket for $slice\n";
	}
	return GeniResponse->Create(GENIRESPONSE_SUCCESS,
				    $credential->asString());
Leigh B. Stoller's avatar
Leigh B. Stoller committed
901
    }
Leigh B. Stoller's avatar
Leigh B. Stoller committed
902
    #
903
    # Free any slivers that were no longer wanted.
Leigh B. Stoller's avatar
Leigh B. Stoller committed
904
    #
905 906
    if (@tofree) {

Leigh B. Stoller's avatar
Leigh B. Stoller committed
907
    }
908
    return GeniResponse->Create(GENIRESPONSE_SUCCESS);
Leigh B. Stoller's avatar
Leigh B. Stoller committed
909 910

  bad:
911
    foreach my $sliver (values(%slivers)) {
Leigh B. Stoller's avatar
Leigh B. Stoller committed
912 913 914 915
	$sliver->UnProvision()
	    if (! $impotent);
	$sliver->Delete();
    }
916 917 918 919 920
    if (values(%toalloc)) {
	my @list = values(%toalloc);

	system("export NORELOAD=1; $NFREE -x -q $pid $eid @list");
    }
Leigh B. Stoller's avatar
Leigh B. Stoller committed
921
    $aggregate->Delete()
922
	if (defined($aggregate) && !defined($object));
Leigh B. Stoller's avatar
Leigh B. Stoller committed
923 924
    
    return GeniResponse->Create(GENIRESPONSE_ERROR, undef, $message);
Leigh B. Stoller's avatar
Leigh B. Stoller committed
925 926
}

Leigh B. Stoller's avatar
Leigh B. Stoller committed
927 928 929 930 931 932 933 934 935 936 937 938 939 940 941 942 943 944 945 946 947 948 949 950 951 952 953 954 955 956 957 958 959 960
#
# Release a ticket.
#
sub ReleaseTicket($)
{
    my ($argref) = @_;
    my $ticket     = $argref->{'ticket'};

    if (! (defined($ticket) &&
	   !TBcheck_dbslot($ticket, "default", "text",
			   TBDB_CHECKDBSLOT_ERROR))) {
	return GeniResponse->Create(GENIRESPONSE_ERROR, undef,
				    "ticket: ". TBFieldErrorString());
    }
    $ticket = GeniTicket->CreateFromSignedTicket($ticket);
    if (!defined($ticket)) {
	return GeniResponse->Create(GENIRESPONSE_ERROR, undef,
				    "Could not create GeniTicket object");
    }
    
    #
    # Make sure the credential was issued to the caller.
    #
    if ($ticket->owner_uuid() ne $ENV{'GENIUUID'}) {
	return GeniResponse->Create(GENIRESPONSE_ERROR, undef,
				    "This is not your credential!");
    }
    if ($ticket->Release() != 0) {
	print STDERR "Error releasing $ticket\n";
	return GeniResponse->Create(GENIRESPONSE_ERROR);
    }
    return GeniResponse->Create(GENIRESPONSE_SUCCESS);
}

Leigh B. Stoller's avatar
Leigh B. Stoller committed
961
#
Leigh B. Stoller's avatar
Leigh B. Stoller committed
962
# Start a sliver (not sure what this means yet, so reboot for now).
Leigh B. Stoller's avatar
Leigh B. Stoller committed
963
#
Leigh B. Stoller's avatar
Leigh B. Stoller committed
964
sub StartSliver($)
Leigh B. Stoller's avatar
Leigh B. Stoller committed
965 966
{
    my ($argref) = @_;
967 968
    my $cred        = $argref->{'credential'};
    my $impotent    = $argref->{'impotent'};
Leigh B. Stoller's avatar
Leigh B. Stoller committed
969 970 971

    $impotent = 0
	if (!defined($impotent));
Leigh B. Stoller's avatar
Leigh B. Stoller committed
972

973
    if (!defined($cred)) {
Leigh B. Stoller's avatar
Leigh B. Stoller committed
974 975
	return GeniResponse->Create(GENIRESPONSE_BADARGS);
    }
976
    my $credential = GeniCredential->CreateFromSigned($cred);
Leigh B. Stoller's avatar
Leigh B. Stoller committed
977 978 979 980
    if (!defined($credential)) {
	return GeniResponse->Create(GENIRESPONSE_ERROR, undef,
				    "Could not create GeniCredential object");
    }
981
    my $sliver_uuid = $credential->target_uuid();
982 983 984 985 986 987 988 989 990
    my $user_uuid   = $credential->owner_uuid();
    
    #
    # Make sure the credential was issued to the caller.
    #
    if ($credential->owner_uuid() ne $ENV{'GENIUUID'}) {
	return GeniResponse->Create(GENIRESPONSE_ERROR, undef,
				    "This is not your credential!");
    }
Leigh B. Stoller's avatar
Leigh B. Stoller committed
991 992
    my $sliver = GeniSliver->Lookup($sliver_uuid);
    if (!defined($sliver)) {
Leigh B. Stoller's avatar
Leigh B. Stoller committed
993 994 995 996 997 998
	# Might be an aggregate instead.
	$sliver = GeniAggregate->Lookup($sliver_uuid);
	if (!defined($sliver)) {
	    return GeniResponse->Create(GENIRESPONSE_BADARGS, undef,
				    "No such sliver/aggregate $sliver_uuid");
	}
Leigh B. Stoller's avatar
Leigh B. Stoller committed
999
    }
Leigh B. Stoller's avatar
Leigh B. Stoller committed
1000
    if (!$impotent) {
1001
	$sliver->Start() == 0 or
Leigh B. Stoller's avatar
Leigh B. Stoller committed
1002 1003 1004 1005 1006 1007 1008 1009 1010
	    return GeniResponse->Create(GENIRESPONSE_ERROR, undef,
				"Could not start sliver/aggregate");
    }
    return GeniResponse->Create(GENIRESPONSE_SUCCESS);
}

#
# Destroy a sliver/aggregate.
#
1011
sub DeleteSliver($)
Leigh B. Stoller's avatar
Leigh B. Stoller committed
1012 1013
{
    my ($argref) = @_;
1014 1015
    my $cred        = $argref->{'credential'};
    my $impotent    = $argref->{'impotent'};
Leigh B. Stoller's avatar
Leigh B. Stoller committed
1016 1017 1018 1019

    $impotent = 0
	if (!defined($impotent));

1020
    if (!defined($cred)) {
Leigh B. Stoller's avatar
Leigh B. Stoller committed
1021 1022
	return GeniResponse->Create(GENIRESPONSE_BADARGS);
    }
1023
    my $credential = GeniCredential->CreateFromSigned($cred);
Leigh B. Stoller's avatar
Leigh B. Stoller committed
1024
    if (!defined($credential)) {
Leigh B. Stoller's avatar
Leigh B. Stoller committed
1025
	return GeniResponse->Create(GENIRESPONSE_ERROR, undef,
Leigh B. Stoller's avatar
Leigh B. Stoller committed
1026
				    "Could not create GeniCredential object");
Leigh B. Stoller's avatar
Leigh B. Stoller committed
1027
    }
1028
    my $sliver_uuid = $credential->target_uuid();
1029
    my $user_uuid   = $credential->owner_uuid();
1030
    my @slivers     = ();
1031 1032 1033 1034 1035 1036 1037 1038
    
    #
    # Make sure the credential was issued to the caller.
    #
    if ($credential->owner_uuid() ne $ENV{'GENIUUID'}) {
	return GeniResponse->Create(GENIRESPONSE_ERROR, undef,
				    "This is not your credential!");
    }
Leigh B. Stoller's avatar
Leigh B. Stoller committed
1039 1040 1041
    my $sliver = GeniSliver->Lookup($sliver_uuid);
    if (!defined($sliver)) {
	# Might be an aggregate instead.
1042 1043
	my $aggregate = GeniAggregate->Lookup($sliver_uuid);
	if (!defined($aggregate)) {
Leigh B. Stoller's avatar
Leigh B. Stoller committed
1044 1045 1046
	    return GeniResponse->Create(GENIRESPONSE_BADARGS, undef,
				    "No such sliver/aggregate $sliver_uuid");
	}
1047
	push(@slivers, $aggregate);
Leigh B. Stoller's avatar
Leigh B. Stoller committed
1048
    }
1049 1050
    else {
	# 
1051 1052 1053 1054
	# Find dependent slivers first (say, links on a node). For now,
	# do not allow this sliver to be torn down until the dependent
	# sliver(s) are torn down first. Eventually we want to tear them
	# down here in the proper order, hence the code below.
1055 1056
	#
	if ($sliver->DependentSlivers(\@slivers) != 0) {
Leigh B. Stoller's avatar
Leigh B. Stoller committed
1057
	    return GeniResponse->Create(GENIRESPONSE_ERROR, undef,
1058 1059
					"Could not get DependentSlivers");
	}
1060 1061 1062 1063 1064
	if (@slivers) {
	    return GeniResponse->Create(GENIRESPONSE_REFUSED, undef,
					"Must tear dow dependent slivers");
	}
	@slivers = (@slivers, $sliver);	
1065 1066 1067 1068 1069 1070 1071 1072 1073 1074 1075
    }

    foreach $sliver (@slivers) {
	if (!$impotent) {
	    $sliver->UnProvision() == 0 or
		return GeniResponse->Create(GENIRESPONSE_ERROR, undef,
					    "Could not unprovision sliver");
	}
	$sliver->Delete() == 0 or
	    return GeniResponse->Create(GENIRESPONSE_ERROR, undef,
					"Could not delete sliver");
Leigh B. Stoller's avatar
Leigh B. Stoller committed
1076
    }
Leigh B. Stoller's avatar
Leigh B. Stoller committed
1077
    return GeniResponse->Create(GENIRESPONSE_SUCCESS);
Leigh B. Stoller's avatar
Leigh B. Stoller committed
1078
}
Leigh B. Stoller's avatar
Leigh B. Stoller committed
1079

1080 1081 1082
#
# Utility Routines.
#
1083
# Create a slice from the a certificate (GID).
1084
#
1085
sub CreateSliceFromCertificate($)
1086
{
1087
    my ($credential) = @_;
1088

1089 1090
    my $certificate = $credential->target_cert();
    my $owner_uuid  = $credential->owner_uuid();
1091

1092
    my $authority = GeniAuthority->LookupByPrefix($certificate->uuid());
1093
    if (!defined($authority)) {
1094
	$authority = CreateAuthorityFromRegistry($certificate->uuid());
1095 1096 1097 1098 1099
	if (!defined($authority)) {
	    print STDERR "Could not create new authority record\n";
	    return undef;
	}
    }
1100 1101

    #
1102
    # The problem with HRNs is that people will tend to reuse them.
1103 1104 1105 1106
    # So check to see if we have a slice with the hrn, and if so
    # we need to check with the registry to see if its still active.
    # Destroy it locally if not active.
    #
1107
    my $slice = GeniSlice->Lookup($certificate->hrn());
1108 1109
    if (defined($slice)) {
	return $slice
1110
	    if ($slice->uuid() eq $certificate->uuid());
1111 1112 1113 1114
	
	return undef
	    if (CleanupDeadSlice($slice) != 0);
    }
1115
    $slice = GeniSlice->Create($certificate, $owner_uuid, $authority);
1116 1117 1118 1119 1120 1121 1122
    return undef
	if (!defined($slice));

    return $slice;
}

#
1123
# Create a user from a certificate.
1124
#
1125
sub CreateUserFromCertificate($)
1126
{
1127
    my ($certificate) = @_;
1128

1129 1130 1131
    #
    # Check Emulab users table first.
    #
1132
    my $user = User->LookupByUUID($certificate->uuid());
1133 1134 1135 1136