GeniCM.pm.in 70.5 KB
Newer Older
Leigh B. Stoller's avatar
Leigh B. Stoller committed
1
2
#!/usr/bin/perl -wT
#
3
# GENIPUBLIC-COPYRIGHT
4
# Copyright (c) 2008-2009 University of Utah and the Flux Group.
Leigh B. Stoller's avatar
Leigh B. Stoller committed
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
# All rights reserved.
#
package GeniCM;

#
# The server side of the CM interface on remote sites. Also communicates
# with the GMC interface at Geni Central as a client.
#
use strict;
use Exporter;
use vars qw(@ISA @EXPORT);

@ISA    = "Exporter";
@EXPORT = qw ( );

# Must come after package declaration!
use lib '@prefix@/lib';
use GeniDB;
use Genixmlrpc;
Leigh B. Stoller's avatar
Leigh B. Stoller committed
24
25
use GeniResponse;
use GeniTicket;
Leigh B. Stoller's avatar
Leigh B. Stoller committed
26
use GeniCredential;
27
use GeniCertificate;
Leigh B. Stoller's avatar
Leigh B. Stoller committed
28
use GeniSlice;
Leigh B. Stoller's avatar
Leigh B. Stoller committed
29
use GeniAggregate;
30
use GeniAuthority;
Leigh B. Stoller's avatar
Leigh B. Stoller committed
31
use GeniSliver;
Leigh B. Stoller's avatar
Leigh B. Stoller committed
32
use GeniUser;
Leigh B. Stoller's avatar
Leigh B. Stoller committed
33
use GeniRegistry;
Leigh B. Stoller's avatar
Leigh B. Stoller committed
34
use libtestbed;
35
use emutil;
Leigh B. Stoller's avatar
Leigh B. Stoller committed
36
# Hate to import all this crap; need a utility library.
37
use libdb qw(TBGetSiteVar);
Leigh B. Stoller's avatar
Leigh B. Stoller committed
38
use User;
Leigh B. Stoller's avatar
Leigh B. Stoller committed
39
use Node;
Leigh B. Stoller's avatar
Leigh B. Stoller committed
40
use libadminctrl;
41
use Interface;
Leigh B. Stoller's avatar
Leigh B. Stoller committed
42
43
use English;
use Data::Dumper;
Leigh B. Stoller's avatar
Leigh B. Stoller committed
44
use XML::Simple;
Leigh B. Stoller's avatar
Leigh B. Stoller committed
45
46
47
use Date::Parse;
use POSIX qw(strftime);
use Time::Local;
Leigh B. Stoller's avatar
Leigh B. Stoller committed
48
use Experiment;
49
use Firewall;
Leigh B. Stoller's avatar
Leigh B. Stoller committed
50
51
52
53
54
55
56
57

# Configure variables
my $TB		   = "@prefix@";
my $TBOPS          = "@TBOPSEMAIL@";
my $TBAPPROVAL     = "@TBAPPROVALEMAIL@";
my $TBAUDIT   	   = "@TBAUDITEMAIL@";
my $BOSSNODE       = "@BOSSNODE@";
my $OURDOMAIN      = "@OURDOMAIN@";
58
my $PGENIDOMAIN    = "@PROTOGENI_DOMAIN@";
Leigh B. Stoller's avatar
Leigh B. Stoller committed
59
my $CREATEEXPT     = "$TB/bin/batchexp";
Leigh B. Stoller's avatar
Leigh B. Stoller committed
60
my $ENDEXPT        = "$TB/bin/endexp";
Leigh B. Stoller's avatar
Leigh B. Stoller committed
61
my $NALLOC	   = "$TB/bin/nalloc";
62
my $NFREE	   = "$TB/bin/nfree";
Leigh B. Stoller's avatar
Leigh B. Stoller committed
63
my $AVAIL	   = "$TB/sbin/avail";
64
my $PTOPGEN	   = "$TB/libexec/ptopgen";
Leigh B. Stoller's avatar
Leigh B. Stoller committed
65
66
my $TBSWAP	   = "$TB/bin/tbswap";
my $SWAPEXP	   = "$TB/bin/swapexp";
Leigh B. Stoller's avatar
Leigh B. Stoller committed
67
68
69
70
my $PLABSLICE	   = "$TB/sbin/plabslicewrapper";
my $NAMEDSETUP     = "$TB/sbin/named_setup";
my $VNODESETUP     = "$TB/sbin/vnode_setup";
my $GENTOPOFILE    = "$TB/libexec/gentopofile";
Leigh B. Stoller's avatar
Leigh B. Stoller committed
71
72

#
Leigh B. Stoller's avatar
Leigh B. Stoller committed
73
# Respond to a Resolve request. 
Leigh B. Stoller's avatar
Leigh B. Stoller committed
74
75
76
77
78
79
80
#
sub Resolve($)
{
    my ($argref) = @_;
    my $uuid       = $argref->{'uuid'};
    my $cred       = $argref->{'credential'};
    my $type       = $argref->{'type'};
Leigh B. Stoller's avatar
Leigh B. Stoller committed
81
    my $hrn;
Leigh B. Stoller's avatar
Leigh B. Stoller committed
82
83
84
85
86
87
88
89

    if (! defined($cred)) {
	return GeniResponse->MalformedArgsResponse();
    }
    if (! (defined($type) && ($type =~ /^(Node)$/))) {
	return GeniResponse->MalformedArgsResponse();
    }
    # Allow lookup by uuid or hrn.
Leigh B. Stoller's avatar
Leigh B. Stoller committed
90
    if (! defined($uuid)) {
Leigh B. Stoller's avatar
Leigh B. Stoller committed
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
	return GeniResponse->MalformedArgsResponse();
    }
    if (defined($uuid) && !($uuid =~ /^[-\w]*$/)) {
	return GeniResponse->MalformedArgsResponse();
    }

    my $credential = GeniCredential->CreateFromSigned($cred);
    if (!defined($credential)) {
	return GeniResponse->Create(GENIRESPONSE_ERROR, undef,
				    "Could not create GeniCredential object");
    }
    
    #
    # Make sure the credential was issued to the caller, but no special
    # permission required to resolve component resources.
    #
    if ($credential->owner_uuid() ne $ENV{'GENIUUID'}) {
	return GeniResponse->Create(GENIRESPONSE_ERROR, undef,
				    "This is not your credential!");
    }
    if ($type eq "Node") {
	my $node;
	
	if (defined($uuid)) {
	    $node= Node->Lookup($uuid);
	}
	else {
	    #
	    # We only want the last token for node lookup.
	    #
	    if ($hrn =~ /\./) {
		($hrn) = ($hrn =~ /\.(\w*)$/);
	    }
	    $node= Node->Lookup($hrn);
	}
	if (!defined($node)) {
	    return GeniResponse->Create(GENIRESPONSE_SEARCHFAILED,
					undef, "Nothing here by that name");
	}
	
	# Return a blob.
132
	my $blob = { "hrn"          => "${PGENIDOMAIN}." . $node->node_id(),
Leigh B. Stoller's avatar
Leigh B. Stoller committed
133
		     "uuid"         => $node->uuid(),
134
		     "role"	    => $node->role(),
135
		     "hostname"     => $node->node_id() . ".${OURDOMAIN}",
136
137
		     "physctrl"     => 
			 Interface->LookupControl( $node->phys_nodeid() )->IP(),
Leigh B. Stoller's avatar
Leigh B. Stoller committed
138
139
140
141
142
143
144
145
146
147
148
149
150
		   };

	#
	# Get the list of interfaces for the node.
	#
	my @interfaces;
	if ($node->AllInterfaces(\@interfaces) != 0) {
	    return GeniResponse->Create(GENIRESPONSE_ERROR, undef,
					"Could not get interfaces for $uuid");
	}

	my @iblobs = ();
	foreach my $interface (@interfaces) {
151
152
153
	    next
		if (!defined($interface->switch_id()));
		
Leigh B. Stoller's avatar
Leigh B. Stoller committed
154
155
156
157
158
159
	    my $iblob = { "uuid"	=> $interface->uuid(),
			  "iface"	=> $interface->iface(),
			  "type"	=> $interface->type(),
			  "card"	=> $interface->card(),
			  "port"	=> $interface->port(),
			  "role"	=> $interface->role(),
160
161
			  "IP"		=> $interface->IP() || "",
			  "mask"	=> $interface->mask() || "",
Leigh B. Stoller's avatar
Leigh B. Stoller committed
162
			  "MAC"		=> $interface->mac(),
163
164
165
166
167
			  "switch_id"   => "${OURDOMAIN}." . 
			      $interface->switch_id(),
			  "switch_card"	=> $interface->switch_card(),
			  "switch_port"	=> $interface->switch_port(),
			  "wire_type"	=> $interface->wire_type(),
Leigh B. Stoller's avatar
Leigh B. Stoller committed
168
169
170
171
172
173
174
175
176
177
178
179
		      };

	    push(@iblobs, $iblob);
	}
	$blob->{'interfaces'} = \@iblobs
	    if (@iblobs);
	
	return GeniResponse->Create(GENIRESPONSE_SUCCESS, $blob);
    }
    return GeniResponse->Create(GENIRESPONSE_UNSUPPORTED);
}

Leigh B. Stoller's avatar
Leigh B. Stoller committed
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
#
# Discover resources on this component, returning a resource availablity spec
#
sub DiscoverResources($)
{
    my ($argref) = @_;
    my $credential = $argref->{'credential'};
    my $user_uuid  = $ENV{'GENIUSER'};

    $credential = GeniCredential->CreateFromSigned($credential);
    if (!defined($credential)) {
	return GeniResponse->Create(GENIRESPONSE_ERROR, undef,
				    "Could not create GeniCredential object");
    }
    # The credential owner/slice has to match what was provided.
195
    if ($user_uuid ne $credential->owner_uuid()) {
Leigh B. Stoller's avatar
Leigh B. Stoller committed
196
197
198
199
	return GeniResponse->Create(GENIRESPONSE_FORBIDDEN, undef,
				    "Invalid credentials for operation");
    }

Leigh B. Stoller's avatar
Leigh B. Stoller committed
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
    #
    # A sitevar controls whether external users can get any nodes.
    #
    my $allow_externalusers = 0;
    if (!TBGetSiteVar('protogeni/allow_externalusers', \$allow_externalusers)){
	# Cannot get the value, say no.
	$allow_externalusers = 0;
    }
    if (!$allow_externalusers) {
	my $user = GeniUser->Lookup($user_uuid, 1);
	# No record means the user is remote.
	if (!defined($user) || !$user->IsLocal()) {
	    return GeniResponse->Create(GENIRESPONSE_UNAVAILABLE, undef,
					"External users temporarily denied");
	}
    }

Leigh B. Stoller's avatar
Leigh B. Stoller committed
217
    #
218
    # Use ptopgen in xml mode to spit back an xml file. 
Leigh B. Stoller's avatar
Leigh B. Stoller committed
219
    #
220
    if (! open(AVAIL, "$PTOPGEN -x -g -r -p GeniSlices |")) {
Leigh B. Stoller's avatar
Leigh B. Stoller committed
221
222
223
	return GeniResponse->Create(GENIRESPONSE_ERROR, undef,
				    "Could not start avail");
    }
224
    my $xml = "";
Leigh B. Stoller's avatar
Leigh B. Stoller committed
225
    while (<AVAIL>) {
226
	$xml .= $_;
Leigh B. Stoller's avatar
Leigh B. Stoller committed
227
228
229
230
231
    }
    close(AVAIL);

    return GeniResponse->Create(GENIRESPONSE_SUCCESS, $xml);
}
Leigh B. Stoller's avatar
Leigh B. Stoller committed
232

Leigh B. Stoller's avatar
Leigh B. Stoller committed
233
#
Leigh B. Stoller's avatar
Leigh B. Stoller committed
234
# Respond to a GetTicket request. 
Leigh B. Stoller's avatar
Leigh B. Stoller committed
235
236
237
238
239
#
sub GetTicket($)
{
    my ($argref) = @_;
    my $rspec      = $argref->{'rspec'};
Leigh B. Stoller's avatar
Leigh B. Stoller committed
240
    my $impotent   = $argref->{'impotent'};
241
    my $cred       = $argref->{'credential'};
242
    my $vtopo      = $argref->{'virtual_topology'};
Leigh B. Stoller's avatar
Leigh B. Stoller committed
243
    my $owner_uuid = $ENV{'GENIUSER'};
Leigh B. Stoller's avatar
Leigh B. Stoller committed
244
    my $response   = undef;
Leigh B. Stoller's avatar
Leigh B. Stoller committed
245

246
247
    if (! defined($cred)) {
	return GeniResponse->MalformedArgsResponse();
Leigh B. Stoller's avatar
Leigh B. Stoller committed
248
    }
Leigh B. Stoller's avatar
Leigh B. Stoller committed
249
250
251
    if (! (defined($rspec) && ($rspec =~ /^[-\w]+$/))) {
	GeniResponse->Create(GENIRESPONSE_BADARGS, undef,
			     "Improper rspec");	
Leigh B. Stoller's avatar
Leigh B. Stoller committed
252
    }
253
    $rspec = XMLin($rspec, ForceArray => ["node", "link", "linkendpoints"]);
Leigh B. Stoller's avatar
Leigh B. Stoller committed
254

Leigh B. Stoller's avatar
Leigh B. Stoller committed
255
256
257
    $impotent = 0
	if (!defined($impotent));

258
    my $credential = GeniCredential->CreateFromSigned($cred);
Leigh B. Stoller's avatar
Leigh B. Stoller committed
259
260
261
262
    if (!defined($credential)) {
	return GeniResponse->Create(GENIRESPONSE_ERROR, undef,
				    "Could not create GeniCredential object");
    }
263
    my $slice_uuid = $credential->target_uuid();
264
265
    my $user_uuid  = $credential->owner_uuid();
    
266

267
268
269
270
    #
    # Make sure the credential was issued to the caller.
    #
    if ($credential->owner_uuid() ne $ENV{'GENIUUID'}) {
Leigh B. Stoller's avatar
Leigh B. Stoller committed
271
	return GeniResponse->Create(GENIRESPONSE_ERROR, undef,
272
				    "This is not your credential!");
Leigh B. Stoller's avatar
Leigh B. Stoller committed
273
    }
Leigh B. Stoller's avatar
Leigh B. Stoller committed
274

275
276
277
278
279
280
    $credential->HasPrivilege( "pi" ) or
	$credential->HasPrivilege( "instantiate" ) or
	$credential->HasPrivilege( "bind" ) or
	return GeniResponse->Create( GENIRESPONSE_FORBIDDEN, undef,
				     "Insufficient privilege" );

Leigh B. Stoller's avatar
Leigh B. Stoller committed
281
    #
Leigh B. Stoller's avatar
Leigh B. Stoller committed
282
    # Create slice form the certificate.
Leigh B. Stoller's avatar
Leigh B. Stoller committed
283
284
285
    #
    my $slice = GeniSlice->Lookup($slice_uuid);
    if (!defined($slice)) {
286
	$slice = CreateSliceFromCertificate($credential);
Leigh B. Stoller's avatar
Leigh B. Stoller committed
287
	if (!defined($slice)) {
288
	    print STDERR "Could not create $slice_uuid\n";
Leigh B. Stoller's avatar
Leigh B. Stoller committed
289
	    return GeniResponse->Create(GENIRESPONSE_ERROR, undef,
290
					"Could not create slice");
Leigh B. Stoller's avatar
Leigh B. Stoller committed
291
	}
Leigh B. Stoller's avatar
Leigh B. Stoller committed
292
293
    }

Leigh B. Stoller's avatar
Leigh B. Stoller committed
294
    #
Leigh B. Stoller's avatar
Leigh B. Stoller committed
295
296
    # Ditto the user.
    #
297
    my $user = GeniUser->Lookup($user_uuid);
Leigh B. Stoller's avatar
Leigh B. Stoller committed
298
    if (!defined($user)) {
299
	$user = CreateUserFromCertificate($credential->owner_cert());
Leigh B. Stoller's avatar
Leigh B. Stoller committed
300
	if (!defined($user)) {
301
	    print STDERR "No user $user_uuid in the ClearingHouse\n";
Leigh B. Stoller's avatar
Leigh B. Stoller committed
302
303
304
305
306
	    return GeniResponse->Create(GENIRESPONSE_ERROR, undef,
			    "Could not get user info from ClearingHouse");
	}
    }

Leigh B. Stoller's avatar
Leigh B. Stoller committed
307
308
309
310
311
312
313
314
315
316
317
318
319
320
    #
    # A sitevar controls whether external users can get any nodes.
    #
    my $allow_externalusers = 0;
    if (!TBGetSiteVar('protogeni/allow_externalusers', \$allow_externalusers)){
	# Cannot get the value, say no.
	$allow_externalusers = 0;
    }
    if (!$allow_externalusers && !$user->IsLocal()) {
	return GeniResponse->Create(GENIRESPONSE_UNAVAILABLE, undef,
				    "External users temporarily denied");
    }
    
    #
321
    # For now all tickets expire very quickly (minutes), but once the
Leigh B. Stoller's avatar
Leigh B. Stoller committed
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
    # ticket is redeemed, it will expire according to the rspec request.
    #
    if (exists($rspec->{'valid_until'})) {
	my $expires = $rspec->{'valid_until'};

	if (! ($expires =~ /^[-\w:.\/]+/)) {
	    return GeniResponse->Create(GENIRESPONSE_BADARGS, undef,
					"Illegal valid_until in rspec");
	}
	# Convert to a localtime.
	my $when = timegm(strptime($expires));
	if (!defined($when)) {
	    return GeniResponse->Create(GENIRESPONSE_BADARGS, undef,
					"Could not parse valid_until");
	}
	
	#
	# No more then 24 hours out ... Needs to be a sitevar?
	#
	my $diff = $when - time();
	if ($diff < (60 * 15) || $diff > (3600 * 24)) {
	    return GeniResponse->Create(GENIRESPONSE_BADARGS, undef,
					"valid_until out of range");
	}
    }
    else {
	# Give it a reasonable default for later when the ticket is redeemed.
	$rspec->{'valid_until'} =
	    POSIX::strftime("20%y-%m-%dT%H:%M:%S", gmtime(time() + (3600*1)));
    }
    
    #
    #
    # Lock the slice from further access.
    #
    if ($slice->Lock() != 0) {
	return GeniResponse->BusyResponse();
    }
360
361
362
363
364
365
    # Shutdown slices get nothing.
    if ($slice->shutdown()) {
	$slice->UnLock();
	return GeniResponse->Create(GENIRESPONSE_FORBIDDEN, undef,
				    "Slice has been shutdown");
    }
Leigh B. Stoller's avatar
Leigh B. Stoller committed
366

367
    #
Leigh B. Stoller's avatar
Leigh B. Stoller committed
368
    # For now, there can be only a single toplevel aggregate per slice.
369
    # The existence of an aggregate means the slice is active here. 
Leigh B. Stoller's avatar
Leigh B. Stoller committed
370
371
372
373
374
375
376
    #
    my $aggregate = GeniAggregate->SliceAggregate($slice);
    if (defined($aggregate)) {
	$slice->UnLock();
	return GeniResponse->Create(GENIRESPONSE_BADARGS, undef,
				    "Already have an aggregate for slice");
    }
377
378
379
380
381
382
383
384
385
386
387

    #
    # Say a ticket already exists in the DB? Lets throw that ticket
    # away and generate a new one. This is partly a debugging
    # mechanism.  To really do this correctly, would want to merge in
    # the existing resources with the new rspec request. Do not
    # want to go there yet.
    #
    my $existing_ticket = GeniTicket->LookupForSlice($slice);
    if (defined($existing_ticket)) {
	print STDERR "Releasing existing ticket $existing_ticket\n";
388
	if ($existing_ticket->Release(TICKET_EXPIRED) != 0) {
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
	    print STDERR "Error releasing existing ticket $existing_ticket\n";
	    $slice->UnLock();
	    return GeniResponse->Create(GENIRESPONSE_ERROR);
	}
    }

    #
    # Firewall hack; just a flag in the rspec for now.
    #
    if (exists($rspec->{'needsfirewall'}) && $rspec->{'needsfirewall'}) {
	if ($slice->SetFirewallFlag($rspec->{'needsfirewall'}) != 0) {
	    $slice->UnLock();
	    return GeniResponse->Create(GENIRESPONSE_ERROR);
	}
    }
    
    my $experiment = GeniExperiment($slice);
Leigh B. Stoller's avatar
Leigh B. Stoller committed
406
    if (!defined($experiment)) {
Leigh B. Stoller's avatar
Leigh B. Stoller committed
407
408
409
	$slice->UnLock();
	return GeniResponse->Create(GENIRESPONSE_ERROR,
				    undef, "Internal Error");
Leigh B. Stoller's avatar
Leigh B. Stoller committed
410
411
    }

Leigh B. Stoller's avatar
Leigh B. Stoller committed
412
    #
Leigh B. Stoller's avatar
Leigh B. Stoller committed
413
414
    # An rspec is a structure that requests specific nodes. If those
    # nodes are available, then reserve it. Otherwise the ticket
Leigh B. Stoller's avatar
Leigh B. Stoller committed
415
416
    # cannot be granted.
    #
417
    # XXX Simpleminded.
Leigh B. Stoller's avatar
Leigh B. Stoller committed
418
    #
419
    my %namemap = ();
420
421
    my %physmap = ();
    my %virtmap = ();
Leigh B. Stoller's avatar
Leigh B. Stoller committed
422
    my @nodeids = ();
423
    my @dealloc;
Leigh B. Stoller's avatar
Leigh B. Stoller committed
424
425
426
    my $pid     = $experiment->pid();
    my $eid     = $experiment->eid();

427
428
    foreach my $ref (@{$rspec->{'node'}}) {
	my $resource_uuid = $ref->{'uuid'};
429
	my $node_nickname = $ref->{'nickname'};
430
	my $phys_nickname = $ref->{'phys_nickname'};
Leigh B. Stoller's avatar
Leigh B. Stoller committed
431
	my $virtualization_type = $ref->{'virtualization_type'};
432
	my $sliver_uuid   = NewUUID();
Leigh B. Stoller's avatar
Leigh B. Stoller committed
433
434
435
436
437
438
	my $node;

	#
	# Mostly for debugging right now, allow a wildcard.
	#
	if ($resource_uuid eq "*") {
439
440
441
442
443
444
	    if (defined($phys_nickname) && exists($physmap{$phys_nickname})) {
		$node = $physmap{$phys_nickname};
	    }
	    else {
		$node = FindFreeNode($virtualization_type, @nodeids);
	    }
Leigh B. Stoller's avatar
Leigh B. Stoller committed
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
	    
	    if (!defined($node)) {
		$response = GeniResponse->Create(GENIRESPONSE_UNAVAILABLE,
						 undef,
						 "No free nodes for wildcard");
		goto bad;
	    }
	    $resource_uuid = $node->uuid();
	    $ref->{'uuid'} = $node->uuid();
	}
	else {
	    $node = Node->Lookup($resource_uuid);

	    if (!defined($node)) {
		$response =
		    GeniResponse->Create(GENIRESPONSE_BADARGS, undef,
					 "Bad resource $resource_uuid");
		goto bad;
	    }
Leigh B. Stoller's avatar
Leigh B. Stoller committed
464
	}
465
466
467
468
	# We assign the sliver uuids here so that user can associate
	# slivers with parts of the rspec later.
	$ref->{'sliver_uuid'} = $sliver_uuid;
	
469
470
471
472
473
474
	#
	# Widearea nodes do not need to be allocated, but for now all
	# I allow is a plabdslice node.
	#
	if ($node->isremotenode()) {
	    if (! $node->isplabphysnode()) {
Leigh B. Stoller's avatar
Leigh B. Stoller committed
475
476
477
478
		$response =
		    GeniResponse->Create(GENIRESPONSE_BADARGS, undef,
					 "Only plab widearea nodes");
		goto bad;
479
	    }
480
	    goto skipalloc;
481
	}
Leigh B. Stoller's avatar
Leigh B. Stoller committed
482
483

	#
484
	# See if the node is already reserved. 
Leigh B. Stoller's avatar
Leigh B. Stoller committed
485
486
487
	#
	my $reservation = $node->Reservation();
	if (defined($reservation)) {
Leigh B. Stoller's avatar
Leigh B. Stoller committed
488
489
490
491
	    $response =
		GeniResponse->Create(GENIRESPONSE_UNAVAILABLE, undef,
				     "$resource_uuid ($node) not available");
	    goto bad;
Leigh B. Stoller's avatar
Leigh B. Stoller committed
492
	}
493
494
495
496
497
498
	# watch for duplicates, as for multiple vnodes on a pnode.
	push(@nodeids, $node->node_id())
	    if (! grep {$_ eq $node->node_id()} @nodeids);

      skipalloc:
	$virtmap{$sliver_uuid}   = $node;
499
	# For wildcarded nodes in links.
500
	$namemap{$node_nickname} = $sliver_uuid
501
	    if (defined($node_nickname));
502
503
	$physmap{$phys_nickname} = $node
	    if (defined($phys_nickname));
Leigh B. Stoller's avatar
Leigh B. Stoller committed
504
    }
Leigh B. Stoller's avatar
Leigh B. Stoller committed
505

Leigh B. Stoller's avatar
Leigh B. Stoller committed
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
    #
    # A sitevar controls how many total nodes external users can allocate.
    #
    # XXX All this policy stuff is a whack job for the initial release. 
    #
    my $max_externalnodes = 0;
    if (!TBGetSiteVar('protogeni/max_externalnodes', \$max_externalnodes)){
	# Cannot get the value, say none.
	$max_externalnodes = 0;
    }
    if (scalar(@nodeids) > $max_externalnodes) {
	$slice->UnLock();
	return GeniResponse->Create(GENIRESPONSE_UNAVAILABLE, undef,
			   "Too many nodes; limited to $max_externalnodes");
    }
    # Check current usage by dipping into the libadminctrl library.
    my $curusage = libadminctrl::LoadCurrent($experiment->creator(),
					     $experiment->pid(),
					     $experiment->gid());
    if (!defined($curusage)) {
	$slice->UnLock();
	print STDERR "Could not get current usage from adminctl library\n";
	return GeniResponse->Create(GENIRESPONSE_UNAVAILABLE, undef,
				    "Temporarily unavailable");
    }
    if ($curusage->{"nodes"}->{'project'} + scalar(@nodeids) >=
	$max_externalnodes) {
	$slice->UnLock();
	my $nodesleft = $max_externalnodes - $curusage->{"nodes"}->{'project'};
	return GeniResponse->Create(GENIRESPONSE_UNAVAILABLE, undef,
				    "Too many nodes; limited to $nodesleft");
    }

Leigh B. Stoller's avatar
Leigh B. Stoller committed
539
    # Nalloc might fail if the node gets picked up by someone else.
540
    if (@nodeids && !$impotent) {
Leigh B. Stoller's avatar
Leigh B. Stoller committed
541
	system("$NALLOC $pid $eid @nodeids");
Leigh B. Stoller's avatar
Leigh B. Stoller committed
542
	if (($? >> 8) < 0) {
Leigh B. Stoller's avatar
Leigh B. Stoller committed
543
544
545
546
	    $response =
		GeniResponse->Create(GENIRESPONSE_ERROR, undef,
				     "Allocation failure");
	    goto bad;
Leigh B. Stoller's avatar
Leigh B. Stoller committed
547
548
	}
	elsif (($? >> 8) > 0) {
Leigh B. Stoller's avatar
Leigh B. Stoller committed
549
550
551
552
	    $response =
		GeniResponse->Create(GENIRESPONSE_UNAVAILABLE, undef,
				     "Could not allocate node");
	    goto bad;
Leigh B. Stoller's avatar
Leigh B. Stoller committed
553
	}
554
555
556
557
558
559
560
561
562
563
564
565
566
567
	# In case the code below fails, before ticket is created.
	@dealloc = @nodeids;
    }
    #
    # Now deal with links for wildcarded nodes. We need to fill in the
    # node_uuid.
    #
    foreach my $linkname (keys(%{$rspec->{'link'}})) {
	my $linkref = $rspec->{'link'}->{$linkname};

	foreach my $ref (@{$linkref->{'linkendpoints'}}) {
	    my $node_uuid     = $ref->{'node_uuid'};
	    my $node_nickname = $ref->{'node_nickname'};
	    my $iface_name    = $ref->{'iface_name'};
568
569
	    my $istunnel      = (exists($linkref->{'link_type'}) &&
				 $linkref->{'link_type'} eq "tunnel");
570

571
	    if (!defined($node_nickname)) {
572
		$response = GeniResponse->Create(GENIRESPONSE_ERROR, undef,
573
						 "Need nickname for links");
574
575
576
		goto bad;
	    }

577
578
579
	    # XXX No wildcarding for tunnels unless its a node from above.
	    if ($istunnel) {
		if ($node_uuid eq "*" && !exists($namemap{$node_nickname})) {
580
581
582
583
		    $response = GeniResponse->Create(GENIRESPONSE_ERROR, undef,
					 "Tunnels cannot be wildcarded");
		    goto bad;
		}
584
585
586
		# Not a local node, so skip.
		next
		    if (!exists($namemap{$node_nickname}));
587
	    }
588

589
590
591
592
	    # Map the nickname to the actual sliver (node) request.
	    my $sliver_uuid = $namemap{$node_nickname};
	    my $node = $virtmap{$sliver_uuid};

593
	    #
594
	    # Fill in the physnode if its wildcarded.
595
596
597
598
 	    #
	    if ($node_uuid eq "*") {
		$ref->{'node_uuid'} = $node->uuid();
	    }
599
600
	    # and the sliver_uuid we assigned above.
	    $ref->{'sliver_uuid'} = $sliver_uuid;
601
602
603

	    next
		if ($istunnel);
604
	    
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
	    #
	    # Now do wildcarded interfaces.
	    #
	    if ($iface_name eq "*") {
		my @interfaces;
		if ($node->AllInterfaces(\@interfaces) != 0) {
		    $response = GeniResponse->Create(GENIRESPONSE_ERROR, undef,
				     "Could not get interfaces for $node");
		    goto bad;
		}
		foreach my $interface (@interfaces) {
		    next
			if (!defined($interface->switch_id()));
		    next
			if ($interface->role() ne "expt");

		    $ref->{'iface_name'} = $interface->iface();
		    last;
		}
	    }
	}
    }
    
    #
    # Create the ticket. 
    #
    my $ticket = GeniTicket->Create($slice, $user, $rspec);
    if (!defined($ticket)) {
	$response =
	    GeniResponse->Create(GENIRESPONSE_ERROR, undef,
				 "Could not create GeniTicket object");
	goto bad;
Leigh B. Stoller's avatar
Leigh B. Stoller committed
637
    }
Leigh B. Stoller's avatar
Leigh B. Stoller committed
638
    if ($ticket->Sign() != 0) {
Leigh B. Stoller's avatar
Leigh B. Stoller committed
639
640
641
	$response = GeniResponse->Create(GENIRESPONSE_ERROR, undef,
					 "Could not sign Ticket");
	goto bad;
Leigh B. Stoller's avatar
Leigh B. Stoller committed
642
    }
Leigh B. Stoller's avatar
Leigh B. Stoller committed
643
    $slice->UnLock();
644
    return GeniResponse->Create(GENIRESPONSE_SUCCESS, $ticket->asString());
Leigh B. Stoller's avatar
Leigh B. Stoller committed
645
  bad:
646
647
    # Release will free the nodes.
    if (defined($ticket)) {
648
	$ticket->Release(TICKET_PURGED);
649
650
651
652
    }
    elsif (@dealloc) {
	system("export NORELOAD=1; $NFREE -x -q $pid $eid @dealloc");
    }
Leigh B. Stoller's avatar
Leigh B. Stoller committed
653
654
655
    $slice->UnLock()
	if (defined($slice));
    return $response;
Leigh B. Stoller's avatar
Leigh B. Stoller committed
656
657
658
659
660
}

#
# Create a sliver.
#
661
sub RedeemTicket($)
Leigh B. Stoller's avatar
Leigh B. Stoller committed
662
663
{
    my ($argref) = @_;
Leigh B. Stoller's avatar
Leigh B. Stoller committed
664
    my $ticket     = $argref->{'ticket'};
665
    my $impotent   = $argref->{'impotent'};
Leigh B. Stoller's avatar
Leigh B. Stoller committed
666
    my $keys       = $argref->{'keys'};
Leigh B. Stoller's avatar
Leigh B. Stoller committed
667
    my $extraargs  = $argref->{'extraargs'};
668
669
670

    $impotent = 0
	if (!defined($impotent));
Leigh B. Stoller's avatar
Leigh B. Stoller committed
671
672
673
674
675
676
677
678
679
680
681
682

    if (! (defined($ticket) &&
	   !TBcheck_dbslot($ticket, "default", "text",
			   TBDB_CHECKDBSLOT_ERROR))) {
	return GeniResponse->Create(GENIRESPONSE_ERROR, undef,
				    "ticket: ". TBFieldErrorString());
    }
    $ticket = GeniTicket->CreateFromSignedTicket($ticket);
    if (!defined($ticket)) {
	return GeniResponse->Create(GENIRESPONSE_ERROR, undef,
				    "Could not create GeniTicket object");
    }
683
684
685
686
687
688
689
    
    #
    # Make sure the credential was issued to the caller.
    #
    if ($ticket->owner_uuid() ne $ENV{'GENIUUID'}) {
	return GeniResponse->Create(GENIRESPONSE_ERROR, undef,
				    "This is not your credential!");
Leigh B. Stoller's avatar
Leigh B. Stoller committed
690
    }
Leigh B. Stoller's avatar
Leigh B. Stoller committed
691
692
693
694
695
696
697
698
699
700
701
702
703

    my $slice = GeniSlice->Lookup($ticket->slice_uuid());
    if (!defined($slice)) {
	return GeniResponse->Create(GENIRESPONSE_ERROR, undef,
				    "No slice record for slice");
    }
    if ($slice->Lock() != 0) {
	return GeniResponse->BusyResponse();
    }
    #
    # Do not redeem an expired ticket, kill it now.
    #
    if ($ticket->Expired()) {
704
	$ticket->Release(TICKET_EXPIRED);
Leigh B. Stoller's avatar
Leigh B. Stoller committed
705
706
707
708
	$slice->UnLock();
	return GeniResponse->Create(GENIRESPONSE_EXPIRED, undef,
				    "Ticket has expired");
    }
709
710
711
712
713
714
    # Shutdown slices get nothing.
    if ($slice->shutdown()) {
	$slice->UnLock();
	return GeniResponse->Create(GENIRESPONSE_FORBIDDEN, undef,
				    "Slice has been shutdown");
    }
Leigh B. Stoller's avatar
Leigh B. Stoller committed
715
716
717
718
719
720

    #
    # For now, ther can be only a single toplevel aggregate per slice.
    #
    my $aggregate = GeniAggregate->SliceAggregate($slice);
    if (defined($aggregate)) {
721
	$ticket->Release(TICKET_EXPIRED);
Leigh B. Stoller's avatar
Leigh B. Stoller committed
722
723
724
725
726
727
728
729
	$slice->UnLock();
	return GeniResponse->Create(GENIRESPONSE_BADARGS, undef,
				    "Already have an aggregate for slice");
    }
    my $response = ModifySliver(undef, $slice, $ticket,
				$ticket->rspec(), $impotent, $keys);
    $slice->UnLock();
    return $response;
730
}
Leigh B. Stoller's avatar
Leigh B. Stoller committed
731

732
733
734
735
736
737
738
739
740
#
# Update a sliver with a different resource set.
#
sub UpdateSliver($)
{
    my ($argref) = @_;
    my $cred        = $argref->{'credential'};
    my $rspec       = $argref->{'rspec'};
    my $impotent    = $argref->{'impotent'};
Leigh B. Stoller's avatar
Leigh B. Stoller committed
741
742
    my $keys        = $argref->{'keys'};
    my $extraargs   = $argref->{'extraargs'};
743
744
745
746
747
748
749
750
751
752

    $impotent = 0
	if (!defined($impotent));

    if (!defined($cred)) {
	return GeniResponse->Create(GENIRESPONSE_BADARGS);
    }
    if (! (defined($rspec) && ($rspec =~ /^[-\w]+$/))) {
	GeniResponse->Create(GENIRESPONSE_BADARGS, undef, "Improper rspec");
    }
753
    $rspec = XMLin($rspec, ForceArray => ["node", "link", "linkendpoints"]);
754
755
756

    my $credential = GeniCredential->CreateFromSigned($cred);
    if (!defined($credential)) {
Leigh B. Stoller's avatar
Leigh B. Stoller committed
757
	return GeniResponse->Create(GENIRESPONSE_ERROR, undef,
758
759
				    "Could not create GeniCredential object");
    }
760
    my $sliver_uuid = $credential->target_uuid();
761
    my $user_uuid   = $credential->owner_uuid();
Leigh B. Stoller's avatar
Leigh B. Stoller committed
762

763
764
765
766
767
768
769
    #
    # Make sure the credential was issued to the caller.
    #
    if ($credential->owner_uuid() ne $ENV{'GENIUUID'}) {
	return GeniResponse->Create(GENIRESPONSE_ERROR, undef,
				    "This is not your credential!");
    }
770
771
772
773
774
775
    $credential->HasPrivilege( "pi" ) or
	$credential->HasPrivilege( "instantiate" ) or
	$credential->HasPrivilege( "control" ) or
	return GeniResponse->Create( GENIRESPONSE_FORBIDDEN, undef,
				     "Insufficient privilege" );

776
777
778
779
    my $sliver = GeniSliver->Lookup($sliver_uuid);
    if (defined($sliver)) {
	return GeniResponse->Create(GENIRESPONSE_BADARGS, undef,
				    "Only aggregates for now");
Leigh B. Stoller's avatar
Leigh B. Stoller committed
780
    }
781
782
783
784
785
    my $aggregate = GeniAggregate->Lookup($sliver_uuid);
    if (!defined($aggregate)) {
	return GeniResponse->Create(GENIRESPONSE_BADARGS, undef,
				    "No such aggregate $sliver_uuid");
    }
Leigh B. Stoller's avatar
Leigh B. Stoller committed
786
787
788
789
790
791
792
793
    my $slice = GeniSlice->Lookup($aggregate->slice_uuid());
    if (!defined($slice)) {
	return GeniResponse->Create(GENIRESPONSE_ERROR, undef,
				    "No slice record for slice");
    }
    if ($slice->Lock() != 0) {
	return GeniResponse->BusyResponse();
    }
794
795
796
797
798
799
    # Shutdown slices get nothing.
    if ($slice->shutdown()) {
	$slice->UnLock();
	return GeniResponse->Create(GENIRESPONSE_FORBIDDEN, undef,
				    "Slice has been shutdown");
    }
Leigh B. Stoller's avatar
Leigh B. Stoller committed
800
801
802
803
804

    my $response = ModifySliver($aggregate, $slice,
				$credential, $rspec, $impotent, $keys);
    $slice->UnLock();
    return $response;
805
}
Leigh B. Stoller's avatar
Leigh B. Stoller committed
806

807
808
809
#
# Utility function for above routines.
#
Leigh B. Stoller's avatar
Leigh B. Stoller committed
810
sub ModifySliver($$$$$$)
811
{
Leigh B. Stoller's avatar
Leigh B. Stoller committed
812
    my ($object, $slice, $credential, $rspec, $impotent, $keys) = @_;
813
814
815
816
817

    my $owner_uuid = $credential->owner_uuid();
    my $message    = "Error creating sliver/aggregate";
    my $aggregate;
    
818
    #
Leigh B. Stoller's avatar
Leigh B. Stoller committed
819
    # Create the user.
820
821
822
    #
    my $owner = GeniUser->Lookup($owner_uuid);
    if (!defined($owner)) {
823
	$owner = CreateUserFromCertificate($credential->owner_cert());
824
825
826
827
828
	if (!defined($owner)) {
	    print STDERR "No user $owner_uuid in the ClearingHouse\n";
	    return GeniResponse->Create(GENIRESPONSE_ERROR, undef,
					"No user record for $owner_uuid");
	}
829
    }
Leigh B. Stoller's avatar
Leigh B. Stoller committed
830
831
832
    if (!$owner->IsLocal() && defined($keys)) {
	$owner->Modify(undef, undef, $keys);
    }
833

834
    my $experiment = GeniExperiment($slice);
835
836
837
838
    if (!defined($experiment)) {
	return GeniResponse->Create(GENIRESPONSE_ERROR, undef,
				    "No local experiment for slice");
    }
839
    print STDERR Dumper($rspec);
840
841
842
843
844
845
846

    #
    # Figure out what nodes to allocate or free. 
    #
    my %nodelist = ();
    my %linklist = ();
    my %toalloc  = ();
847
    my @allocated= ();
848
849
850
    my @tofree   = ();
    my $pid      = $experiment->pid();
    my $eid      = $experiment->eid();
851
    my $needplabslice = 0;
852
    my $didfwsetup = 0;
853
854
855
856
857

    #
    # Find current nodes and record their uuids. 
    #
    if (defined($object)) {
Leigh B. Stoller's avatar
Leigh B. Stoller committed
858
	if ($object->type() ne "Aggregate") {
859
860
861
862
863
864
865
866
867
	    return GeniResponse->Create(GENIRESPONSE_UNSUPPORTED, undef,
					"Only node aggregates allowed");
	}
	my @slivers;
	if ($object->SliverList(\@slivers) != 0) {
	    return GeniResponse->Create(GENIRESPONSE_ERROR, undef);
	}
	foreach my $s (@slivers) {
	    if (ref($s) eq "GeniSliver::Node") {
868
		$nodelist{$s->uuid()} = $s;
869
	    }
Leigh B. Stoller's avatar
Leigh B. Stoller committed
870
871
	    elsif (ref($s) eq "GeniAggregate::Link" ||
		   ref($s) eq "GeniAggregate::Tunnel") {
872
873
874
875
876
877
878
879
880
		$linklist{$s->uuid()} = $s;
	    }
	    else {
		return GeniResponse->Create(GENIRESPONSE_UNSUPPORTED, undef,
					    "Only nodes or links allowed");
	    }
	}
    }

Leigh B. Stoller's avatar
Leigh B. Stoller committed
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
    #
    # Figure out new expiration time; this is the time at which we can
    # idleswap the slice out. 
    #
    if (exists($rspec->{'valid_until'})) {
	my $expires = $rspec->{'valid_until'};

	if (! ($expires =~ /^[-\w:.\/]+/)) {
	    return GeniResponse->Create(GENIRESPONSE_BADARGS, undef,
					"Illegal valid_until in rspec");
	}
	# Convert to a localtime.
	my $when = timegm(strptime($expires));
	if (!defined($when)) {
	    return GeniResponse->Create(GENIRESPONSE_BADARGS, undef,
					"Could not parse valid_until");
	}
	#
	# No more then 24 hours out ... Needs to be a sitevar?
	#
	my $diff = $when - time();
	if ($diff < (60 * 15) || $diff > (3600 * 24)) {
	    return GeniResponse->Create(GENIRESPONSE_BADARGS, undef,
					"valid_until out of range");
	}
	if ($slice->SetExpiration($when) != 0) {
	    return GeniResponse->Create(GENIRESPONSE_ERROR, undef,
					"Could not set expiration time");
	}
    }

912
913
914
915
916
917
918
919
920
921
922
    #
    # Figure out what nodes need to be allocated.
    #
    foreach my $ref (@{$rspec->{'node'}}) {
	my $resource_uuid = $ref->{'uuid'};
	my $node = Node->Lookup($resource_uuid);
	if (!defined($node)) {
	    return GeniResponse->Create(GENIRESPONSE_BADARGS, undef,
					"Bad resource_uuid $resource_uuid");
	}

923
924
925
926
927
928
929
930
931
932
933
934
935
	#
	# Widearea nodes do not need to be allocated, but for now all
	# I allow is a plabdslice node.
	#
	if ($node->isremotenode()) {
	    if (! $node->isplabphysnode()) {
		return GeniResponse->Create(GENIRESPONSE_BADARGS, undef,
					    "Only plab widearea nodes");
	    }
	    $needplabslice = 1;
	    next;
	}

936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
	#
	# See if the node is already reserved. 
	#
	my $reservation = $node->Reservation();
	if (defined($reservation)) {
	    # Reserved during previous operation on the sliver.
	    next
		if ($reservation->SameExperiment($experiment));
	    
	    return GeniResponse->Create(GENIRESPONSE_UNAVAILABLE, undef,
				"$resource_uuid ($node) is not available");
	}
	#
	# Sanity check on the list of already allocated nodes.
	#
	foreach my $s (values(%nodelist)) {
	    if ($resource_uuid eq $s->resource_uuid()) {
		print STDERR
		    "$resource_uuid is not supposed to be allocated\n";
		return GeniResponse->Create(GENIRESPONSE_ERROR, undef);
	    }
	}
	$toalloc{$resource_uuid} = $node->node_id();
    }

    #
    # What nodes need to be released?
    #
    foreach my $s (values(%nodelist)) {
	my $node_uuid = $s->resource_uuid();
	my $node      = Node->Lookup($node_uuid);
	my $needfree  = 1;
	
	foreach my $ref (@{$rspec->{'node'}}) {
	    my $resource_uuid = $ref->{'uuid'};
	    if ($node_uuid eq $resource_uuid) {
		$needfree = 0;
		last;
	    }
	}
	if ($needfree) {
	    #
	    # Not yet.
	    #
	    my @dlist;
	    if ($s->DependentSlivers(\@dlist) != 0) {
		return GeniResponse->Create(GENIRESPONSE_ERROR, undef,
					    "Could not get DependentSlivers");
	    }
	    if (@dlist) {
		return GeniResponse->Create(GENIRESPONSE_REFUSED, undef,
987
				    "Must tear down dependent slivers first");
988
989
990
991
992
	    }
	    push(@tofree, $s);
	}
    }

Leigh B. Stoller's avatar
Leigh B. Stoller committed
993
994
995
996
997
998
    #
    # Create an emulab nonlocal user for tmcd.
    #
    $owner->BindToSlice($slice) == 0
	or return GeniResponse->Create(GENIRESPONSE_ERROR, undef,
				       "Error binding user to slice");
999

1000

Leigh B. Stoller's avatar
Leigh B. Stoller committed
1001
    # Bind the other users too.
Leigh B. Stoller's avatar
Leigh B. Stoller committed
1002
1003
1004
    # XXX Need to figure out where these come from.
    my @userbindings = ();

Leigh B. Stoller's avatar
Leigh B. Stoller committed
1005
1006
    foreach my $otheruuid (@userbindings) {
	my $otheruser = GeniUser->Lookup($otheruuid);
1007
	if (!defined($otheruser)) {
1008
	    $otheruser = CreateUserFromCertificate($otheruuid);
1009
1010
1011
1012
1013
	    if (!defined($otheruser)) {
		print STDERR "No user $otheruser, cannot bind to slice\n";
		next;
	    }
	}
Leigh B. Stoller's avatar
Leigh B. Stoller committed
1014
	if ($otheruser->BindToSlice($slice) != 0) {
Leigh B. Stoller's avatar
Leigh B. Stoller committed
1015
1016
1017
1018
	    print STDERR "Could not bind $otheruser to $slice\n";
	}
    }

Leigh B. Stoller's avatar
Leigh B. Stoller committed
1019
    #
Leigh B. Stoller's avatar
Leigh B. Stoller committed
1020
    # We are actually an Aggregate, so return an aggregate of slivers,
1021
    # even if there is just one node. This makes sliceupdate easier.
Leigh B. Stoller's avatar
Leigh B. Stoller committed
1022
    #
1023
1024
1025
1026
    if (defined($object)) {
	$aggregate = $object;
    }
    else {
1027
1028
1029
1030
1031
1032
1033
	#
	# Form the hrn from the slicename.
	#
	my $hrn = "${OURDOMAIN}." . $slice->slicename();
	
	$aggregate = GeniAggregate->Create($slice, $owner, "Aggregate",
					   $hrn, $slice->hrn());
1034
1035
	if (!defined($aggregate)) {
	    return GeniResponse->Create(GENIRESPONSE_ERROR, undef,
1036
1037
1038
1039
1040
1041
1042
1043
1044
1045
1046
1047
1048
				"Could not create GeniAggregate object");
	}
    }

    # Nalloc might fail if the node gets picked up by someone else.
    if (values(%toalloc) && !$impotent) {
	my @list = values(%toalloc);
	system("$NALLOC $pid $eid @list");
	if ($?) {
	    # Nothing to deallocate if this fails.
	    %toalloc = undef;
	    $message = "Allocation failure";
	    goto bad;
1049
	}
Leigh B. Stoller's avatar
Leigh B. Stoller committed
1050
    }
Leigh B. Stoller's avatar
Leigh B. Stoller committed
1051

1052
1053
1054
1055
1056
1057
1058
    #
    # We need to tear down links that are no longer in the rspec or
    # have changed.
    #
    foreach my $s (values(%linklist)) {
	if (! exists($rspec->{'link'}->{$s->hrn()})) {
	    $s->UnProvision();
1059
	    $s->Delete(0);
1060
1061
	    next;
	}
1062

1063
1064
1065
1066
1067
1068
1069
1070
1071
1072
1073
	my $delete     = 0;
	my @interfaces = ();
	if ($s->SliverList(\@interfaces) != 0) {
	    $message = "Failed to get sliverlist for $s";
	    goto bad;
	}
	foreach my $i (@interfaces) {
	    my $node_uuid   = $i->resource_uuid();
	    my $iface_name  = $i->rspec()->{'iface_name'};

	    my $linkendpoints =
Leigh B. Stoller's avatar
Leigh B. Stoller committed
1074
		$rspec->{'link'}->{$s->hrn()}->{'linkendpoints'};
1075
1076
1077
	}
    }
    
Leigh B. Stoller's avatar
Leigh B. Stoller committed
1078
    #
Leigh B. Stoller's avatar
Leigh B. Stoller committed
1079
1080
    # Now for each resource (okay, node) in the ticket create a sliver and
    # add it to the aggregate.
Leigh B. Stoller's avatar
Leigh B. Stoller committed
1081
    #
Leigh B. Stoller's avatar
Leigh B. Stoller committed
1082
1083
    my %slivers   = ();
    my @plabnodes = ();
1084
    foreach my $ref (@{$rspec->{'node'}}) {
1085
	my $resource_uuid = $ref->{'uuid'};
1086
1087
	my $sliver_uuid   = $ref->{'sliver_uuid'};
	
1088
1089
	# Already in the aggregate?
	next
1090
	    if (grep {$_ eq $sliver_uuid} keys(%nodelist));
1091
	
1092
1093
1094
	my $node = Node->Lookup($resource_uuid);
	if (!defined($node)) {
	    $message = "Unknown resource_uuid in ticket: $resource_uuid";
Leigh B. Stoller's avatar
Leigh B. Stoller committed
1095
1096
	    goto bad;
	}
Leigh B. Stoller's avatar
Leigh B. Stoller committed
1097
	my $sliver = GeniSliver::Node->Create($slice,
1098
					      $owner,
Leigh B. Stoller's avatar
Leigh B. Stoller committed
1099
					      $resource_uuid,
1100
					      $sliver_uuid,
Leigh B. Stoller's avatar
Leigh B. Stoller committed
1101
					      $ref);
Leigh B. Stoller's avatar
Leigh B. Stoller committed
1102
1103
1104
1105
	if (!defined($sliver)) {
	    $message = "Could not create GeniSliver object for $resource_uuid";
	    goto bad;
	}
1106
	$slivers{$sliver_uuid} = $sliver;
1107
1108
1109
1110
1111
1112
1113

	#
	# Remove this from %toalloc; if there is an error, the slivers are
	# deleted and the node released there. We only delete nodes that
	# have not turned into slivers yet. Ick.
	#
	delete($toalloc{$resource_uuid});
Leigh B. Stoller's avatar
Leigh B. Stoller committed
1114

1115
	# Used below.
1116
1117
1118
1119
1120
1121
1122
1123
	push(@allocated, $node)
	    if (! grep {$_->node_id() eq $node->node_id()} @allocated);

	# Add to the aggregate.
	if ($sliver->SetAggregate($aggregate) != 0) {
	    $message = "Could not set aggregate for $sliver to $aggregate";
	    goto bad;
	}
1124

Leigh B. Stoller's avatar
Leigh B. Stoller committed
1125
1126
1127
1128
1129
1130
1131
1132
1133
	# See below; setup all pnodes at once.
	if ($node->isremotenode()) {
	    my $vnode = Node->Lookup($sliver->uuid());
	    if (!defined($vnode)) {
		print STDERR "Could not locate vnode $sliver\n";
		goto bad;
	    }
	    push(@plabnodes, $vnode);
	}
Leigh B. Stoller's avatar
Leigh B. Stoller committed
1134
    }
Leigh B. Stoller's avatar
Leigh B. Stoller committed
1135

1136
1137
1138
1139
1140
    #
    # Now do the links. For each link, we have to add a sliver for the
    # interfaces, and then combine those two interfaces into an aggregate,
    # and then that aggregate goes into the aggregate for toplevel sliver.
    #
1141
1142
1143
    goto skiplinks
	if (!exists($rspec->{'link'}));
    
1144
    foreach my $linkname (keys(%{$rspec->{'link'}})) {
1145
1146
1147
1148
1149
	my @linkslivers  = ();
	if (! ($linkname =~ /^[-\w]*$/)) {
	    $message = "Bad name for link: $linkname";
	    goto bad;
	}
Leigh B. Stoller's avatar
Leigh B. Stoller committed
1150
1151
1152
1153
1154
1155
1156
1157
1158
1159
	my $linkref = $rspec->{'link'}->{$linkname};

	#
	# XXX Tunnels are a total kludge right now ...
	#
	if (exists($linkref->{'link_type'}) &&
	    $linkref->{'link_type'} eq "tunnel") {

	    my $node1ref = (@{$linkref->{'linkendpoints'}})[0];
	    my $node2ref = (@{$linkref->{'linkendpoints'}})[1];
1160
1161
1162
1163
1164
1165
1166
1167
1168
1169
1170
1171
1172
	    my $node1sliver_uuid = $node1ref->{'sliver_uuid'};
	    my $node2sliver_uuid = $node2ref->{'sliver_uuid'};
	    my $node1sliver;
	    my $node2sliver;

	    if (defined($node1sliver_uuid)) {
		$node1sliver = $slivers{$node1sliver_uuid} ||
		    $nodelist{$node1sliver_uuid};
	    }
	    if (defined($node2sliver_uuid)) {
		$node2sliver = $slivers{$node2sliver_uuid} ||
		    $nodelist{$node2sliver_uuid};
	    }
Leigh B. Stoller's avatar
Leigh B. Stoller committed
1173
1174
1175
1176
1177
1178
1179
1180
1181
1182
1183
1184
	    
	    my $tunnel = GeniAggregate::Tunnel->Create($slice,
						       $owner,
						       $node1sliver,
						       $node2sliver,
						       $linkref);

	    if (!defined($tunnel)) {
		$message = "Could not create tunnel aggregate for $linkname";
		goto bad;
	    }
	    $slivers{$tunnel->uuid()} = $tunnel;
1185
1186
1187
1188
1189
1190

	    # Add to the aggregate.
	    if ($tunnel->SetAggregate($aggregate) != 0) {
		$message = "Could not set aggregate for $tunnel to $aggregate";
		goto bad;
	    }
Leigh B. Stoller's avatar
Leigh B. Stoller committed
1191
1192
	    next;
	}
1193

1194
1195
	my $linkaggregate = GeniAggregate::Link->Create($slice, $owner,
							$linkname);
1196
1197
1198
1199
1200
1201
	if (!defined($linkaggregate)) {
	    $message = "Could not create link aggregate for $linkname";
	    goto bad;
	}
	$slivers{$linkaggregate->uuid()} = $linkaggregate;

1202
1203
1204
1205
1206
1207
1208
	# Add to the aggregate.
	if ($linkaggregate->SetAggregate($aggregate) != 0) {
	    $message = "Could not set aggregate for $linkaggregate ".
		"to $aggregate";
	    goto bad;
	}

Leigh B. Stoller's avatar
Leigh B. Stoller committed
1209
	foreach my $ref (@{$rspec->{'link'}->{$linkname}->{'linkendpoints'}}) {
1210
1211
1212
1213
1214
	    my $sliver_uuid  = $ref->{'sliver_uuid'};
	    my $iface_name   = $ref->{'iface_name'};
	    my $nodesliver   = $slivers{$sliver_uuid} ||
		$nodelist{$sliver_uuid};
	    
1215
1216
1217
1218