GeniCM.pm.in 70.4 KB
Newer Older
Leigh B. Stoller's avatar
Leigh B. Stoller committed
1
2
#!/usr/bin/perl -wT
#
3
# GENIPUBLIC-COPYRIGHT
4
# Copyright (c) 2008-2009 University of Utah and the Flux Group.
Leigh B. Stoller's avatar
Leigh B. Stoller committed
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
# All rights reserved.
#
package GeniCM;

#
# The server side of the CM interface on remote sites. Also communicates
# with the GMC interface at Geni Central as a client.
#
use strict;
use Exporter;
use vars qw(@ISA @EXPORT);

@ISA    = "Exporter";
@EXPORT = qw ( );

# Must come after package declaration!
use lib '@prefix@/lib';
use GeniDB;
use Genixmlrpc;
Leigh B. Stoller's avatar
Leigh B. Stoller committed
24
25
use GeniResponse;
use GeniTicket;
Leigh B. Stoller's avatar
Leigh B. Stoller committed
26
use GeniCredential;
27
use GeniCertificate;
Leigh B. Stoller's avatar
Leigh B. Stoller committed
28
use GeniSlice;
Leigh B. Stoller's avatar
Leigh B. Stoller committed
29
use GeniAggregate;
30
use GeniAuthority;
Leigh B. Stoller's avatar
Leigh B. Stoller committed
31
use GeniSliver;
Leigh B. Stoller's avatar
Leigh B. Stoller committed
32
use GeniUser;
Leigh B. Stoller's avatar
Leigh B. Stoller committed
33
use GeniRegistry;
Leigh B. Stoller's avatar
Leigh B. Stoller committed
34
use libtestbed;
35
use emutil;
Leigh B. Stoller's avatar
Leigh B. Stoller committed
36
# Hate to import all this crap; need a utility library.
37
use libdb qw(TBGetSiteVar);
Leigh B. Stoller's avatar
Leigh B. Stoller committed
38
use User;
Leigh B. Stoller's avatar
Leigh B. Stoller committed
39
use Node;
Leigh B. Stoller's avatar
Leigh B. Stoller committed
40
use libadminctrl;
41
use Interface;
Leigh B. Stoller's avatar
Leigh B. Stoller committed
42
43
use English;
use Data::Dumper;
Leigh B. Stoller's avatar
Leigh B. Stoller committed
44
use XML::Simple;
Leigh B. Stoller's avatar
Leigh B. Stoller committed
45
46
47
use Date::Parse;
use POSIX qw(strftime);
use Time::Local;
Leigh B. Stoller's avatar
Leigh B. Stoller committed
48
use Experiment;
49
use Firewall;
Leigh B. Stoller's avatar
Leigh B. Stoller committed
50
51
52
53
54
55
56
57

# Configure variables
my $TB		   = "@prefix@";
my $TBOPS          = "@TBOPSEMAIL@";
my $TBAPPROVAL     = "@TBAPPROVALEMAIL@";
my $TBAUDIT   	   = "@TBAUDITEMAIL@";
my $BOSSNODE       = "@BOSSNODE@";
my $OURDOMAIN      = "@OURDOMAIN@";
58
my $PGENIDOMAIN    = "@PROTOGENI_DOMAIN@";
Leigh B. Stoller's avatar
Leigh B. Stoller committed
59
my $CREATEEXPT     = "$TB/bin/batchexp";
Leigh B. Stoller's avatar
Leigh B. Stoller committed
60
my $ENDEXPT        = "$TB/bin/endexp";
Leigh B. Stoller's avatar
Leigh B. Stoller committed
61
my $NALLOC	   = "$TB/bin/nalloc";
62
my $NFREE	   = "$TB/bin/nfree";
Leigh B. Stoller's avatar
Leigh B. Stoller committed
63
my $AVAIL	   = "$TB/sbin/avail";
64
my $PTOPGEN	   = "$TB/libexec/ptopgen";
Leigh B. Stoller's avatar
Leigh B. Stoller committed
65
66
my $TBSWAP	   = "$TB/bin/tbswap";
my $SWAPEXP	   = "$TB/bin/swapexp";
Leigh B. Stoller's avatar
Leigh B. Stoller committed
67
68
69
70
my $PLABSLICE	   = "$TB/sbin/plabslicewrapper";
my $NAMEDSETUP     = "$TB/sbin/named_setup";
my $VNODESETUP     = "$TB/sbin/vnode_setup";
my $GENTOPOFILE    = "$TB/libexec/gentopofile";
Leigh B. Stoller's avatar
Leigh B. Stoller committed
71
72

#
Leigh B. Stoller's avatar
Leigh B. Stoller committed
73
# Respond to a Resolve request. 
Leigh B. Stoller's avatar
Leigh B. Stoller committed
74
75
76
77
78
79
80
#
sub Resolve($)
{
    my ($argref) = @_;
    my $uuid       = $argref->{'uuid'};
    my $cred       = $argref->{'credential'};
    my $type       = $argref->{'type'};
Leigh B. Stoller's avatar
Leigh B. Stoller committed
81
    my $hrn;
Leigh B. Stoller's avatar
Leigh B. Stoller committed
82
83
84
85
86
87
88
89

    if (! defined($cred)) {
	return GeniResponse->MalformedArgsResponse();
    }
    if (! (defined($type) && ($type =~ /^(Node)$/))) {
	return GeniResponse->MalformedArgsResponse();
    }
    # Allow lookup by uuid or hrn.
Leigh B. Stoller's avatar
Leigh B. Stoller committed
90
    if (! defined($uuid)) {
Leigh B. Stoller's avatar
Leigh B. Stoller committed
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
	return GeniResponse->MalformedArgsResponse();
    }
    if (defined($uuid) && !($uuid =~ /^[-\w]*$/)) {
	return GeniResponse->MalformedArgsResponse();
    }

    my $credential = GeniCredential->CreateFromSigned($cred);
    if (!defined($credential)) {
	return GeniResponse->Create(GENIRESPONSE_ERROR, undef,
				    "Could not create GeniCredential object");
    }
    
    #
    # Make sure the credential was issued to the caller, but no special
    # permission required to resolve component resources.
    #
    if ($credential->owner_uuid() ne $ENV{'GENIUUID'}) {
	return GeniResponse->Create(GENIRESPONSE_ERROR, undef,
				    "This is not your credential!");
    }
    if ($type eq "Node") {
	my $node;
	
	if (defined($uuid)) {
	    $node= Node->Lookup($uuid);
	}
	else {
	    #
	    # We only want the last token for node lookup.
	    #
	    if ($hrn =~ /\./) {
		($hrn) = ($hrn =~ /\.(\w*)$/);
	    }
	    $node= Node->Lookup($hrn);
	}
	if (!defined($node)) {
	    return GeniResponse->Create(GENIRESPONSE_SEARCHFAILED,
					undef, "Nothing here by that name");
	}
	
	# Return a blob.
132
	my $blob = { "hrn"          => "${PGENIDOMAIN}." . $node->node_id(),
Leigh B. Stoller's avatar
Leigh B. Stoller committed
133
		     "uuid"         => $node->uuid(),
134
		     "role"	    => $node->role(),
135
		     "hostname"     => $node->node_id() . ".${OURDOMAIN}",
Leigh B. Stoller's avatar
Leigh B. Stoller committed
136
137
138
139
140
141
142
143
144
145
146
147
148
		   };

	#
	# Get the list of interfaces for the node.
	#
	my @interfaces;
	if ($node->AllInterfaces(\@interfaces) != 0) {
	    return GeniResponse->Create(GENIRESPONSE_ERROR, undef,
					"Could not get interfaces for $uuid");
	}

	my @iblobs = ();
	foreach my $interface (@interfaces) {
149
150
151
	    next
		if (!defined($interface->switch_id()));
		
Leigh B. Stoller's avatar
Leigh B. Stoller committed
152
153
154
155
156
157
	    my $iblob = { "uuid"	=> $interface->uuid(),
			  "iface"	=> $interface->iface(),
			  "type"	=> $interface->type(),
			  "card"	=> $interface->card(),
			  "port"	=> $interface->port(),
			  "role"	=> $interface->role(),
158
159
			  "IP"		=> $interface->IP() || "",
			  "mask"	=> $interface->mask() || "",
Leigh B. Stoller's avatar
Leigh B. Stoller committed
160
			  "MAC"		=> $interface->mac(),
161
162
163
164
165
			  "switch_id"   => "${OURDOMAIN}." . 
			      $interface->switch_id(),
			  "switch_card"	=> $interface->switch_card(),
			  "switch_port"	=> $interface->switch_port(),
			  "wire_type"	=> $interface->wire_type(),
Leigh B. Stoller's avatar
Leigh B. Stoller committed
166
167
168
169
170
171
172
173
174
175
176
177
		      };

	    push(@iblobs, $iblob);
	}
	$blob->{'interfaces'} = \@iblobs
	    if (@iblobs);
	
	return GeniResponse->Create(GENIRESPONSE_SUCCESS, $blob);
    }
    return GeniResponse->Create(GENIRESPONSE_UNSUPPORTED);
}

Leigh B. Stoller's avatar
Leigh B. Stoller committed
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
#
# Discover resources on this component, returning a resource availablity spec
#
sub DiscoverResources($)
{
    my ($argref) = @_;
    my $credential = $argref->{'credential'};
    my $user_uuid  = $ENV{'GENIUSER'};

    $credential = GeniCredential->CreateFromSigned($credential);
    if (!defined($credential)) {
	return GeniResponse->Create(GENIRESPONSE_ERROR, undef,
				    "Could not create GeniCredential object");
    }
    # The credential owner/slice has to match what was provided.
193
    if ($user_uuid ne $credential->owner_uuid()) {
Leigh B. Stoller's avatar
Leigh B. Stoller committed
194
195
196
197
	return GeniResponse->Create(GENIRESPONSE_FORBIDDEN, undef,
				    "Invalid credentials for operation");
    }

Leigh B. Stoller's avatar
Leigh B. Stoller committed
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
    #
    # A sitevar controls whether external users can get any nodes.
    #
    my $allow_externalusers = 0;
    if (!TBGetSiteVar('protogeni/allow_externalusers', \$allow_externalusers)){
	# Cannot get the value, say no.
	$allow_externalusers = 0;
    }
    if (!$allow_externalusers) {
	my $user = GeniUser->Lookup($user_uuid, 1);
	# No record means the user is remote.
	if (!defined($user) || !$user->IsLocal()) {
	    return GeniResponse->Create(GENIRESPONSE_UNAVAILABLE, undef,
					"External users temporarily denied");
	}
    }

Leigh B. Stoller's avatar
Leigh B. Stoller committed
215
    #
216
    # Use ptopgen in xml mode to spit back an xml file. 
Leigh B. Stoller's avatar
Leigh B. Stoller committed
217
    #
218
    if (! open(AVAIL, "$PTOPGEN -x -g -r -p GeniSlices |")) {
Leigh B. Stoller's avatar
Leigh B. Stoller committed
219
220
221
	return GeniResponse->Create(GENIRESPONSE_ERROR, undef,
				    "Could not start avail");
    }
222
    my $xml = "";
Leigh B. Stoller's avatar
Leigh B. Stoller committed
223
    while (<AVAIL>) {
224
	$xml .= $_;
Leigh B. Stoller's avatar
Leigh B. Stoller committed
225
226
227
228
229
    }
    close(AVAIL);

    return GeniResponse->Create(GENIRESPONSE_SUCCESS, $xml);
}
Leigh B. Stoller's avatar
Leigh B. Stoller committed
230

Leigh B. Stoller's avatar
Leigh B. Stoller committed
231
#
Leigh B. Stoller's avatar
Leigh B. Stoller committed
232
# Respond to a GetTicket request. 
Leigh B. Stoller's avatar
Leigh B. Stoller committed
233
234
235
236
237
#
sub GetTicket($)
{
    my ($argref) = @_;
    my $rspec      = $argref->{'rspec'};
Leigh B. Stoller's avatar
Leigh B. Stoller committed
238
    my $impotent   = $argref->{'impotent'};
239
    my $cred       = $argref->{'credential'};
240
    my $vtopo      = $argref->{'virtual_topology'};
Leigh B. Stoller's avatar
Leigh B. Stoller committed
241
    my $owner_uuid = $ENV{'GENIUSER'};
Leigh B. Stoller's avatar
Leigh B. Stoller committed
242
    my $response   = undef;
Leigh B. Stoller's avatar
Leigh B. Stoller committed
243

244
245
    if (! defined($cred)) {
	return GeniResponse->MalformedArgsResponse();
Leigh B. Stoller's avatar
Leigh B. Stoller committed
246
    }
Leigh B. Stoller's avatar
Leigh B. Stoller committed
247
248
249
    if (! (defined($rspec) && ($rspec =~ /^[-\w]+$/))) {
	GeniResponse->Create(GENIRESPONSE_BADARGS, undef,
			     "Improper rspec");	
Leigh B. Stoller's avatar
Leigh B. Stoller committed
250
    }
251
    $rspec = XMLin($rspec, ForceArray => ["node", "link", "linkendpoints"]);
Leigh B. Stoller's avatar
Leigh B. Stoller committed
252

Leigh B. Stoller's avatar
Leigh B. Stoller committed
253
254
255
    $impotent = 0
	if (!defined($impotent));

256
    my $credential = GeniCredential->CreateFromSigned($cred);
Leigh B. Stoller's avatar
Leigh B. Stoller committed
257
258
259
260
    if (!defined($credential)) {
	return GeniResponse->Create(GENIRESPONSE_ERROR, undef,
				    "Could not create GeniCredential object");
    }
261
    my $slice_uuid = $credential->target_uuid();
262
263
    my $user_uuid  = $credential->owner_uuid();
    
264

265
266
267
268
    #
    # Make sure the credential was issued to the caller.
    #
    if ($credential->owner_uuid() ne $ENV{'GENIUUID'}) {
Leigh B. Stoller's avatar
Leigh B. Stoller committed
269
	return GeniResponse->Create(GENIRESPONSE_ERROR, undef,
270
				    "This is not your credential!");
Leigh B. Stoller's avatar
Leigh B. Stoller committed
271
    }
Leigh B. Stoller's avatar
Leigh B. Stoller committed
272

273
274
275
276
277
278
    $credential->HasPrivilege( "pi" ) or
	$credential->HasPrivilege( "instantiate" ) or
	$credential->HasPrivilege( "bind" ) or
	return GeniResponse->Create( GENIRESPONSE_FORBIDDEN, undef,
				     "Insufficient privilege" );

Leigh B. Stoller's avatar
Leigh B. Stoller committed
279
    #
Leigh B. Stoller's avatar
Leigh B. Stoller committed
280
    # Create slice form the certificate.
Leigh B. Stoller's avatar
Leigh B. Stoller committed
281
282
283
    #
    my $slice = GeniSlice->Lookup($slice_uuid);
    if (!defined($slice)) {
284
	$slice = CreateSliceFromCertificate($credential);
Leigh B. Stoller's avatar
Leigh B. Stoller committed
285
	if (!defined($slice)) {
286
	    print STDERR "Could not create $slice_uuid\n";
Leigh B. Stoller's avatar
Leigh B. Stoller committed
287
	    return GeniResponse->Create(GENIRESPONSE_ERROR, undef,
288
					"Could not create slice");
Leigh B. Stoller's avatar
Leigh B. Stoller committed
289
	}
Leigh B. Stoller's avatar
Leigh B. Stoller committed
290
291
    }

Leigh B. Stoller's avatar
Leigh B. Stoller committed
292
    #
Leigh B. Stoller's avatar
Leigh B. Stoller committed
293
294
    # Ditto the user.
    #
295
    my $user = GeniUser->Lookup($user_uuid);
Leigh B. Stoller's avatar
Leigh B. Stoller committed
296
    if (!defined($user)) {
297
	$user = CreateUserFromCertificate($credential->owner_cert());
Leigh B. Stoller's avatar
Leigh B. Stoller committed
298
	if (!defined($user)) {
299
	    print STDERR "No user $user_uuid in the ClearingHouse\n";
Leigh B. Stoller's avatar
Leigh B. Stoller committed
300
301
302
303
304
	    return GeniResponse->Create(GENIRESPONSE_ERROR, undef,
			    "Could not get user info from ClearingHouse");
	}
    }

Leigh B. Stoller's avatar
Leigh B. Stoller committed
305
306
307
308
309
310
311
312
313
314
315
316
317
318
    #
    # A sitevar controls whether external users can get any nodes.
    #
    my $allow_externalusers = 0;
    if (!TBGetSiteVar('protogeni/allow_externalusers', \$allow_externalusers)){
	# Cannot get the value, say no.
	$allow_externalusers = 0;
    }
    if (!$allow_externalusers && !$user->IsLocal()) {
	return GeniResponse->Create(GENIRESPONSE_UNAVAILABLE, undef,
				    "External users temporarily denied");
    }
    
    #
319
    # For now all tickets expire very quickly (minutes), but once the
Leigh B. Stoller's avatar
Leigh B. Stoller committed
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
    # ticket is redeemed, it will expire according to the rspec request.
    #
    if (exists($rspec->{'valid_until'})) {
	my $expires = $rspec->{'valid_until'};

	if (! ($expires =~ /^[-\w:.\/]+/)) {
	    return GeniResponse->Create(GENIRESPONSE_BADARGS, undef,
					"Illegal valid_until in rspec");
	}
	# Convert to a localtime.
	my $when = timegm(strptime($expires));
	if (!defined($when)) {
	    return GeniResponse->Create(GENIRESPONSE_BADARGS, undef,
					"Could not parse valid_until");
	}
	
	#
	# No more then 24 hours out ... Needs to be a sitevar?
	#
	my $diff = $when - time();
	if ($diff < (60 * 15) || $diff > (3600 * 24)) {
	    return GeniResponse->Create(GENIRESPONSE_BADARGS, undef,
					"valid_until out of range");
	}
    }
    else {
	# Give it a reasonable default for later when the ticket is redeemed.
	$rspec->{'valid_until'} =
	    POSIX::strftime("20%y-%m-%dT%H:%M:%S", gmtime(time() + (3600*1)));
    }
    
    #
    #
    # Lock the slice from further access.
    #
    if ($slice->Lock() != 0) {
	return GeniResponse->BusyResponse();
    }
358
359
360
361
362
363
    # Shutdown slices get nothing.
    if ($slice->shutdown()) {
	$slice->UnLock();
	return GeniResponse->Create(GENIRESPONSE_FORBIDDEN, undef,
				    "Slice has been shutdown");
    }
Leigh B. Stoller's avatar
Leigh B. Stoller committed
364

365
    #
Leigh B. Stoller's avatar
Leigh B. Stoller committed
366
    # For now, there can be only a single toplevel aggregate per slice.
367
    # The existence of an aggregate means the slice is active here. 
Leigh B. Stoller's avatar
Leigh B. Stoller committed
368
369
370
371
372
373
374
    #
    my $aggregate = GeniAggregate->SliceAggregate($slice);
    if (defined($aggregate)) {
	$slice->UnLock();
	return GeniResponse->Create(GENIRESPONSE_BADARGS, undef,
				    "Already have an aggregate for slice");
    }
375
376
377
378
379
380
381
382
383
384
385

    #
    # Say a ticket already exists in the DB? Lets throw that ticket
    # away and generate a new one. This is partly a debugging
    # mechanism.  To really do this correctly, would want to merge in
    # the existing resources with the new rspec request. Do not
    # want to go there yet.
    #
    my $existing_ticket = GeniTicket->LookupForSlice($slice);
    if (defined($existing_ticket)) {
	print STDERR "Releasing existing ticket $existing_ticket\n";
386
	if ($existing_ticket->Release(TICKET_EXPIRED) != 0) {
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
	    print STDERR "Error releasing existing ticket $existing_ticket\n";
	    $slice->UnLock();
	    return GeniResponse->Create(GENIRESPONSE_ERROR);
	}
    }

    #
    # Firewall hack; just a flag in the rspec for now.
    #
    if (exists($rspec->{'needsfirewall'}) && $rspec->{'needsfirewall'}) {
	if ($slice->SetFirewallFlag($rspec->{'needsfirewall'}) != 0) {
	    $slice->UnLock();
	    return GeniResponse->Create(GENIRESPONSE_ERROR);
	}
    }
    
    my $experiment = GeniExperiment($slice);
Leigh B. Stoller's avatar
Leigh B. Stoller committed
404
    if (!defined($experiment)) {
Leigh B. Stoller's avatar
Leigh B. Stoller committed
405
406
407
	$slice->UnLock();
	return GeniResponse->Create(GENIRESPONSE_ERROR,
				    undef, "Internal Error");
Leigh B. Stoller's avatar
Leigh B. Stoller committed
408
409
    }

Leigh B. Stoller's avatar
Leigh B. Stoller committed
410
    #
Leigh B. Stoller's avatar
Leigh B. Stoller committed
411
412
    # An rspec is a structure that requests specific nodes. If those
    # nodes are available, then reserve it. Otherwise the ticket
Leigh B. Stoller's avatar
Leigh B. Stoller committed
413
414
    # cannot be granted.
    #
415
    # XXX Simpleminded.
Leigh B. Stoller's avatar
Leigh B. Stoller committed
416
    #
417
    my %namemap = ();
418
419
    my %physmap = ();
    my %virtmap = ();
Leigh B. Stoller's avatar
Leigh B. Stoller committed
420
    my @nodeids = ();
421
    my @dealloc;
Leigh B. Stoller's avatar
Leigh B. Stoller committed
422
423
424
    my $pid     = $experiment->pid();
    my $eid     = $experiment->eid();

425
426
    foreach my $ref (@{$rspec->{'node'}}) {
	my $resource_uuid = $ref->{'uuid'};
427
	my $node_nickname = $ref->{'nickname'};
428
	my $phys_nickname = $ref->{'phys_nickname'};
Leigh B. Stoller's avatar
Leigh B. Stoller committed
429
	my $virtualization_type = $ref->{'virtualization_type'};
430
	my $sliver_uuid   = NewUUID();
Leigh B. Stoller's avatar
Leigh B. Stoller committed
431
432
433
434
435
436
	my $node;

	#
	# Mostly for debugging right now, allow a wildcard.
	#
	if ($resource_uuid eq "*") {
437
438
439
440
441
442
	    if (defined($phys_nickname) && exists($physmap{$phys_nickname})) {
		$node = $physmap{$phys_nickname};
	    }
	    else {
		$node = FindFreeNode($virtualization_type, @nodeids);
	    }
Leigh B. Stoller's avatar
Leigh B. Stoller committed
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
	    
	    if (!defined($node)) {
		$response = GeniResponse->Create(GENIRESPONSE_UNAVAILABLE,
						 undef,
						 "No free nodes for wildcard");
		goto bad;
	    }
	    $resource_uuid = $node->uuid();
	    $ref->{'uuid'} = $node->uuid();
	}
	else {
	    $node = Node->Lookup($resource_uuid);

	    if (!defined($node)) {
		$response =
		    GeniResponse->Create(GENIRESPONSE_BADARGS, undef,
					 "Bad resource $resource_uuid");
		goto bad;
	    }
Leigh B. Stoller's avatar
Leigh B. Stoller committed
462
	}
463
464
465
466
	# We assign the sliver uuids here so that user can associate
	# slivers with parts of the rspec later.
	$ref->{'sliver_uuid'} = $sliver_uuid;
	
467
468
469
470
471
472
	#
	# Widearea nodes do not need to be allocated, but for now all
	# I allow is a plabdslice node.
	#
	if ($node->isremotenode()) {
	    if (! $node->isplabphysnode()) {
Leigh B. Stoller's avatar
Leigh B. Stoller committed
473
474
475
476
		$response =
		    GeniResponse->Create(GENIRESPONSE_BADARGS, undef,
					 "Only plab widearea nodes");
		goto bad;
477
	    }
478
	    goto skipalloc;
479
	}
Leigh B. Stoller's avatar
Leigh B. Stoller committed
480
481

	#
482
	# See if the node is already reserved. 
Leigh B. Stoller's avatar
Leigh B. Stoller committed
483
484
485
	#
	my $reservation = $node->Reservation();
	if (defined($reservation)) {
Leigh B. Stoller's avatar
Leigh B. Stoller committed
486
487
488
489
	    $response =
		GeniResponse->Create(GENIRESPONSE_UNAVAILABLE, undef,
				     "$resource_uuid ($node) not available");
	    goto bad;
Leigh B. Stoller's avatar
Leigh B. Stoller committed
490
	}
491
492
493
494
495
496
	# watch for duplicates, as for multiple vnodes on a pnode.
	push(@nodeids, $node->node_id())
	    if (! grep {$_ eq $node->node_id()} @nodeids);

      skipalloc:
	$virtmap{$sliver_uuid}   = $node;
497
	# For wildcarded nodes in links.
498
	$namemap{$node_nickname} = $sliver_uuid
499
	    if (defined($node_nickname));
500
501
	$physmap{$phys_nickname} = $node
	    if (defined($phys_nickname));
Leigh B. Stoller's avatar
Leigh B. Stoller committed
502
    }
Leigh B. Stoller's avatar
Leigh B. Stoller committed
503

Leigh B. Stoller's avatar
Leigh B. Stoller committed
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
    #
    # A sitevar controls how many total nodes external users can allocate.
    #
    # XXX All this policy stuff is a whack job for the initial release. 
    #
    my $max_externalnodes = 0;
    if (!TBGetSiteVar('protogeni/max_externalnodes', \$max_externalnodes)){
	# Cannot get the value, say none.
	$max_externalnodes = 0;
    }
    if (scalar(@nodeids) > $max_externalnodes) {
	$slice->UnLock();
	return GeniResponse->Create(GENIRESPONSE_UNAVAILABLE, undef,
			   "Too many nodes; limited to $max_externalnodes");
    }
    # Check current usage by dipping into the libadminctrl library.
    my $curusage = libadminctrl::LoadCurrent($experiment->creator(),
					     $experiment->pid(),
					     $experiment->gid());
    if (!defined($curusage)) {
	$slice->UnLock();
	print STDERR "Could not get current usage from adminctl library\n";
	return GeniResponse->Create(GENIRESPONSE_UNAVAILABLE, undef,
				    "Temporarily unavailable");
    }
    if ($curusage->{"nodes"}->{'project'} + scalar(@nodeids) >=
	$max_externalnodes) {
	$slice->UnLock();
	my $nodesleft = $max_externalnodes - $curusage->{"nodes"}->{'project'};
	return GeniResponse->Create(GENIRESPONSE_UNAVAILABLE, undef,
				    "Too many nodes; limited to $nodesleft");
    }

Leigh B. Stoller's avatar
Leigh B. Stoller committed
537
    # Nalloc might fail if the node gets picked up by someone else.
538
    if (@nodeids && !$impotent) {
Leigh B. Stoller's avatar
Leigh B. Stoller committed
539
	system("$NALLOC $pid $eid @nodeids");
Leigh B. Stoller's avatar
Leigh B. Stoller committed
540
	if (($? >> 8) < 0) {
Leigh B. Stoller's avatar
Leigh B. Stoller committed
541
542
543
544
	    $response =
		GeniResponse->Create(GENIRESPONSE_ERROR, undef,
				     "Allocation failure");
	    goto bad;
Leigh B. Stoller's avatar
Leigh B. Stoller committed
545
546
	}
	elsif (($? >> 8) > 0) {
Leigh B. Stoller's avatar
Leigh B. Stoller committed
547
548
549
550
	    $response =
		GeniResponse->Create(GENIRESPONSE_UNAVAILABLE, undef,
				     "Could not allocate node");
	    goto bad;
Leigh B. Stoller's avatar
Leigh B. Stoller committed
551
	}
552
553
554
555
556
557
558
559
560
561
562
563
564
565
	# In case the code below fails, before ticket is created.
	@dealloc = @nodeids;
    }
    #
    # Now deal with links for wildcarded nodes. We need to fill in the
    # node_uuid.
    #
    foreach my $linkname (keys(%{$rspec->{'link'}})) {
	my $linkref = $rspec->{'link'}->{$linkname};

	foreach my $ref (@{$linkref->{'linkendpoints'}}) {
	    my $node_uuid     = $ref->{'node_uuid'};
	    my $node_nickname = $ref->{'node_nickname'};
	    my $iface_name    = $ref->{'iface_name'};
566
567
	    my $istunnel      = (exists($linkref->{'link_type'}) &&
				 $linkref->{'link_type'} eq "tunnel");
568

569
	    if (!defined($node_nickname)) {
570
		$response = GeniResponse->Create(GENIRESPONSE_ERROR, undef,
571
						 "Need nickname for links");
572
573
574
		goto bad;
	    }

575
576
577
	    # XXX No wildcarding for tunnels unless its a node from above.
	    if ($istunnel) {
		if ($node_uuid eq "*" && !exists($namemap{$node_nickname})) {
578
579
580
581
		    $response = GeniResponse->Create(GENIRESPONSE_ERROR, undef,
					 "Tunnels cannot be wildcarded");
		    goto bad;
		}
582
583
584
		# Not a local node, so skip.
		next
		    if (!exists($namemap{$node_nickname}));
585
	    }
586

587
588
589
590
	    # Map the nickname to the actual sliver (node) request.
	    my $sliver_uuid = $namemap{$node_nickname};
	    my $node = $virtmap{$sliver_uuid};

591
	    #
592
	    # Fill in the physnode if its wildcarded.
593
594
595
596
 	    #
	    if ($node_uuid eq "*") {
		$ref->{'node_uuid'} = $node->uuid();
	    }
597
598
	    # and the sliver_uuid we assigned above.
	    $ref->{'sliver_uuid'} = $sliver_uuid;
599
600
601

	    next
		if ($istunnel);
602
	    
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
	    #
	    # Now do wildcarded interfaces.
	    #
	    if ($iface_name eq "*") {
		my @interfaces;
		if ($node->AllInterfaces(\@interfaces) != 0) {
		    $response = GeniResponse->Create(GENIRESPONSE_ERROR, undef,
				     "Could not get interfaces for $node");
		    goto bad;
		}
		foreach my $interface (@interfaces) {
		    next
			if (!defined($interface->switch_id()));
		    next
			if ($interface->role() ne "expt");

		    $ref->{'iface_name'} = $interface->iface();
		    last;
		}
	    }
	}
    }
    
    #
    # Create the ticket. 
    #
    my $ticket = GeniTicket->Create($slice, $user, $rspec);
    if (!defined($ticket)) {
	$response =
	    GeniResponse->Create(GENIRESPONSE_ERROR, undef,
				 "Could not create GeniTicket object");
	goto bad;
Leigh B. Stoller's avatar
Leigh B. Stoller committed
635
    }
Leigh B. Stoller's avatar
Leigh B. Stoller committed
636
    if ($ticket->Sign() != 0) {
Leigh B. Stoller's avatar
Leigh B. Stoller committed
637
638
639
	$response = GeniResponse->Create(GENIRESPONSE_ERROR, undef,
					 "Could not sign Ticket");
	goto bad;
Leigh B. Stoller's avatar
Leigh B. Stoller committed
640
    }
Leigh B. Stoller's avatar
Leigh B. Stoller committed
641
    $slice->UnLock();
642
    return GeniResponse->Create(GENIRESPONSE_SUCCESS, $ticket->asString());
Leigh B. Stoller's avatar
Leigh B. Stoller committed
643
  bad:
644
645
    # Release will free the nodes.
    if (defined($ticket)) {
646
	$ticket->Release(TICKET_PURGED);
647
648
649
650
    }
    elsif (@dealloc) {
	system("export NORELOAD=1; $NFREE -x -q $pid $eid @dealloc");
    }
Leigh B. Stoller's avatar
Leigh B. Stoller committed
651
652
653
    $slice->UnLock()
	if (defined($slice));
    return $response;
Leigh B. Stoller's avatar
Leigh B. Stoller committed
654
655
656
657
658
}

#
# Create a sliver.
#
659
sub RedeemTicket($)
Leigh B. Stoller's avatar
Leigh B. Stoller committed
660
661
{
    my ($argref) = @_;
Leigh B. Stoller's avatar
Leigh B. Stoller committed
662
    my $ticket     = $argref->{'ticket'};
663
    my $impotent   = $argref->{'impotent'};
Leigh B. Stoller's avatar
Leigh B. Stoller committed
664
    my $keys       = $argref->{'keys'};
Leigh B. Stoller's avatar
Leigh B. Stoller committed
665
    my $extraargs  = $argref->{'extraargs'};
666
667
668

    $impotent = 0
	if (!defined($impotent));
Leigh B. Stoller's avatar
Leigh B. Stoller committed
669
670
671
672
673
674
675
676
677
678
679
680

    if (! (defined($ticket) &&
	   !TBcheck_dbslot($ticket, "default", "text",
			   TBDB_CHECKDBSLOT_ERROR))) {
	return GeniResponse->Create(GENIRESPONSE_ERROR, undef,
				    "ticket: ". TBFieldErrorString());
    }
    $ticket = GeniTicket->CreateFromSignedTicket($ticket);
    if (!defined($ticket)) {
	return GeniResponse->Create(GENIRESPONSE_ERROR, undef,
				    "Could not create GeniTicket object");
    }
681
682
683
684
685
686
687
    
    #
    # Make sure the credential was issued to the caller.
    #
    if ($ticket->owner_uuid() ne $ENV{'GENIUUID'}) {
	return GeniResponse->Create(GENIRESPONSE_ERROR, undef,
				    "This is not your credential!");
Leigh B. Stoller's avatar
Leigh B. Stoller committed
688
    }
Leigh B. Stoller's avatar
Leigh B. Stoller committed
689
690
691
692
693
694
695
696
697
698
699
700
701

    my $slice = GeniSlice->Lookup($ticket->slice_uuid());
    if (!defined($slice)) {
	return GeniResponse->Create(GENIRESPONSE_ERROR, undef,
				    "No slice record for slice");
    }
    if ($slice->Lock() != 0) {
	return GeniResponse->BusyResponse();
    }
    #
    # Do not redeem an expired ticket, kill it now.
    #
    if ($ticket->Expired()) {
702
	$ticket->Release(TICKET_EXPIRED);
Leigh B. Stoller's avatar
Leigh B. Stoller committed
703
704
705
706
	$slice->UnLock();
	return GeniResponse->Create(GENIRESPONSE_EXPIRED, undef,
				    "Ticket has expired");
    }
707
708
709
710
711
712
    # Shutdown slices get nothing.
    if ($slice->shutdown()) {
	$slice->UnLock();
	return GeniResponse->Create(GENIRESPONSE_FORBIDDEN, undef,
				    "Slice has been shutdown");
    }
Leigh B. Stoller's avatar
Leigh B. Stoller committed
713
714
715
716
717
718

    #
    # For now, ther can be only a single toplevel aggregate per slice.
    #
    my $aggregate = GeniAggregate->SliceAggregate($slice);
    if (defined($aggregate)) {
719
	$ticket->Release(TICKET_EXPIRED);
Leigh B. Stoller's avatar
Leigh B. Stoller committed
720
721
722
723
724
725
726
727
	$slice->UnLock();
	return GeniResponse->Create(GENIRESPONSE_BADARGS, undef,
				    "Already have an aggregate for slice");
    }
    my $response = ModifySliver(undef, $slice, $ticket,
				$ticket->rspec(), $impotent, $keys);
    $slice->UnLock();
    return $response;
728
}
Leigh B. Stoller's avatar
Leigh B. Stoller committed
729

730
731
732
733
734
735
736
737
738
#
# Update a sliver with a different resource set.
#
sub UpdateSliver($)
{
    my ($argref) = @_;
    my $cred        = $argref->{'credential'};
    my $rspec       = $argref->{'rspec'};
    my $impotent    = $argref->{'impotent'};
Leigh B. Stoller's avatar
Leigh B. Stoller committed
739
740
    my $keys        = $argref->{'keys'};
    my $extraargs   = $argref->{'extraargs'};
741
742
743
744
745
746
747
748
749
750

    $impotent = 0
	if (!defined($impotent));

    if (!defined($cred)) {
	return GeniResponse->Create(GENIRESPONSE_BADARGS);
    }
    if (! (defined($rspec) && ($rspec =~ /^[-\w]+$/))) {
	GeniResponse->Create(GENIRESPONSE_BADARGS, undef, "Improper rspec");
    }
751
    $rspec = XMLin($rspec, ForceArray => ["node", "link", "linkendpoints"]);
752
753
754

    my $credential = GeniCredential->CreateFromSigned($cred);
    if (!defined($credential)) {
Leigh B. Stoller's avatar
Leigh B. Stoller committed
755
	return GeniResponse->Create(GENIRESPONSE_ERROR, undef,
756
757
				    "Could not create GeniCredential object");
    }
758
    my $sliver_uuid = $credential->target_uuid();
759
    my $user_uuid   = $credential->owner_uuid();
Leigh B. Stoller's avatar
Leigh B. Stoller committed
760

761
762
763
764
765
766
767
    #
    # Make sure the credential was issued to the caller.
    #
    if ($credential->owner_uuid() ne $ENV{'GENIUUID'}) {
	return GeniResponse->Create(GENIRESPONSE_ERROR, undef,
				    "This is not your credential!");
    }
768
769
770
771
772
773
    $credential->HasPrivilege( "pi" ) or
	$credential->HasPrivilege( "instantiate" ) or
	$credential->HasPrivilege( "control" ) or
	return GeniResponse->Create( GENIRESPONSE_FORBIDDEN, undef,
				     "Insufficient privilege" );

774
775
776
777
    my $sliver = GeniSliver->Lookup($sliver_uuid);
    if (defined($sliver)) {
	return GeniResponse->Create(GENIRESPONSE_BADARGS, undef,
				    "Only aggregates for now");
Leigh B. Stoller's avatar
Leigh B. Stoller committed
778
    }
779
780
781
782
783
    my $aggregate = GeniAggregate->Lookup($sliver_uuid);
    if (!defined($aggregate)) {
	return GeniResponse->Create(GENIRESPONSE_BADARGS, undef,
				    "No such aggregate $sliver_uuid");
    }
Leigh B. Stoller's avatar
Leigh B. Stoller committed
784
785
786
787
788
789
790
791
    my $slice = GeniSlice->Lookup($aggregate->slice_uuid());
    if (!defined($slice)) {
	return GeniResponse->Create(GENIRESPONSE_ERROR, undef,
				    "No slice record for slice");
    }
    if ($slice->Lock() != 0) {
	return GeniResponse->BusyResponse();
    }
792
793
794
795
796
797
    # Shutdown slices get nothing.
    if ($slice->shutdown()) {
	$slice->UnLock();
	return GeniResponse->Create(GENIRESPONSE_FORBIDDEN, undef,
				    "Slice has been shutdown");
    }
Leigh B. Stoller's avatar
Leigh B. Stoller committed
798
799
800
801
802

    my $response = ModifySliver($aggregate, $slice,
				$credential, $rspec, $impotent, $keys);
    $slice->UnLock();
    return $response;
803
}
Leigh B. Stoller's avatar
Leigh B. Stoller committed
804

805
806
807
#
# Utility function for above routines.
#
Leigh B. Stoller's avatar
Leigh B. Stoller committed
808
sub ModifySliver($$$$$$)
809
{
Leigh B. Stoller's avatar
Leigh B. Stoller committed
810
    my ($object, $slice, $credential, $rspec, $impotent, $keys) = @_;
811
812
813
814
815

    my $owner_uuid = $credential->owner_uuid();
    my $message    = "Error creating sliver/aggregate";
    my $aggregate;
    
816
    #
Leigh B. Stoller's avatar
Leigh B. Stoller committed
817
    # Create the user.
818
819
820
    #
    my $owner = GeniUser->Lookup($owner_uuid);
    if (!defined($owner)) {
821
	$owner = CreateUserFromCertificate($credential->owner_cert());
822
823
824
825
826
	if (!defined($owner)) {
	    print STDERR "No user $owner_uuid in the ClearingHouse\n";
	    return GeniResponse->Create(GENIRESPONSE_ERROR, undef,
					"No user record for $owner_uuid");
	}
827
    }
Leigh B. Stoller's avatar
Leigh B. Stoller committed
828
829
830
    if (!$owner->IsLocal() && defined($keys)) {
	$owner->Modify(undef, undef, $keys);
    }
831

832
    my $experiment = GeniExperiment($slice);
833
834
835
836
    if (!defined($experiment)) {
	return GeniResponse->Create(GENIRESPONSE_ERROR, undef,
				    "No local experiment for slice");
    }
837
    print STDERR Dumper($rspec);
838
839
840
841
842
843
844

    #
    # Figure out what nodes to allocate or free. 
    #
    my %nodelist = ();
    my %linklist = ();
    my %toalloc  = ();
845
    my @allocated= ();
846
847
848
    my @tofree   = ();
    my $pid      = $experiment->pid();
    my $eid      = $experiment->eid();
849
    my $needplabslice = 0;
850
    my $didfwsetup = 0;
851
852
853
854
855

    #
    # Find current nodes and record their uuids. 
    #
    if (defined($object)) {
Leigh B. Stoller's avatar
Leigh B. Stoller committed
856
	if ($object->type() ne "Aggregate") {
857
858
859
860
861
862
863
864
865
	    return GeniResponse->Create(GENIRESPONSE_UNSUPPORTED, undef,
					"Only node aggregates allowed");
	}
	my @slivers;
	if ($object->SliverList(\@slivers) != 0) {
	    return GeniResponse->Create(GENIRESPONSE_ERROR, undef);
	}
	foreach my $s (@slivers) {
	    if (ref($s) eq "GeniSliver::Node") {
866
		$nodelist{$s->uuid()} = $s;
867
	    }
Leigh B. Stoller's avatar
Leigh B. Stoller committed
868
869
	    elsif (ref($s) eq "GeniAggregate::Link" ||
		   ref($s) eq "GeniAggregate::Tunnel") {
870
871
872
873
874
875
876
877
878
		$linklist{$s->uuid()} = $s;
	    }
	    else {
		return GeniResponse->Create(GENIRESPONSE_UNSUPPORTED, undef,
					    "Only nodes or links allowed");
	    }
	}
    }

Leigh B. Stoller's avatar
Leigh B. Stoller committed
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
    #
    # Figure out new expiration time; this is the time at which we can
    # idleswap the slice out. 
    #
    if (exists($rspec->{'valid_until'})) {
	my $expires = $rspec->{'valid_until'};

	if (! ($expires =~ /^[-\w:.\/]+/)) {
	    return GeniResponse->Create(GENIRESPONSE_BADARGS, undef,
					"Illegal valid_until in rspec");
	}
	# Convert to a localtime.
	my $when = timegm(strptime($expires));
	if (!defined($when)) {
	    return GeniResponse->Create(GENIRESPONSE_BADARGS, undef,
					"Could not parse valid_until");
	}
	#
	# No more then 24 hours out ... Needs to be a sitevar?
	#
	my $diff = $when - time();
	if ($diff < (60 * 15) || $diff > (3600 * 24)) {
	    return GeniResponse->Create(GENIRESPONSE_BADARGS, undef,
					"valid_until out of range");
	}
	if ($slice->SetExpiration($when) != 0) {
	    return GeniResponse->Create(GENIRESPONSE_ERROR, undef,
					"Could not set expiration time");
	}
    }

910
911
912
913
914
915
916
917
918
919
920
    #
    # Figure out what nodes need to be allocated.
    #
    foreach my $ref (@{$rspec->{'node'}}) {
	my $resource_uuid = $ref->{'uuid'};
	my $node = Node->Lookup($resource_uuid);
	if (!defined($node)) {
	    return GeniResponse->Create(GENIRESPONSE_BADARGS, undef,
					"Bad resource_uuid $resource_uuid");
	}

921
922
923
924
925
926
927
928
929
930
931
932
933
	#
	# Widearea nodes do not need to be allocated, but for now all
	# I allow is a plabdslice node.
	#
	if ($node->isremotenode()) {
	    if (! $node->isplabphysnode()) {
		return GeniResponse->Create(GENIRESPONSE_BADARGS, undef,
					    "Only plab widearea nodes");
	    }
	    $needplabslice = 1;
	    next;
	}

934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
	#
	# See if the node is already reserved. 
	#
	my $reservation = $node->Reservation();
	if (defined($reservation)) {
	    # Reserved during previous operation on the sliver.
	    next
		if ($reservation->SameExperiment($experiment));
	    
	    return GeniResponse->Create(GENIRESPONSE_UNAVAILABLE, undef,
				"$resource_uuid ($node) is not available");
	}
	#
	# Sanity check on the list of already allocated nodes.
	#
	foreach my $s (values(%nodelist)) {
	    if ($resource_uuid eq $s->resource_uuid()) {
		print STDERR
		    "$resource_uuid is not supposed to be allocated\n";
		return GeniResponse->Create(GENIRESPONSE_ERROR, undef);
	    }
	}
	$toalloc{$resource_uuid} = $node->node_id();
    }

    #
    # What nodes need to be released?
    #
    foreach my $s (values(%nodelist)) {
	my $node_uuid = $s->resource_uuid();
	my $node      = Node->Lookup($node_uuid);
	my $needfree  = 1;
	
	foreach my $ref (@{$rspec->{'node'}}) {
	    my $resource_uuid = $ref->{'uuid'};
	    if ($node_uuid eq $resource_uuid) {
		$needfree = 0;
		last;
	    }
	}
	if ($needfree) {
	    #
	    # Not yet.
	    #
	    my @dlist;
	    if ($s->DependentSlivers(\@dlist) != 0) {
		return GeniResponse->Create(GENIRESPONSE_ERROR, undef,
					    "Could not get DependentSlivers");
	    }
	    if (@dlist) {
		return GeniResponse->Create(GENIRESPONSE_REFUSED, undef,
985
				    "Must tear down dependent slivers first");
986
987
988
989
990
	    }
	    push(@tofree, $s);
	}
    }

Leigh B. Stoller's avatar
Leigh B. Stoller committed
991
992
993
994
995
996
    #
    # Create an emulab nonlocal user for tmcd.
    #
    $owner->BindToSlice($slice) == 0
	or return GeniResponse->Create(GENIRESPONSE_ERROR, undef,
				       "Error binding user to slice");
997

998

Leigh B. Stoller's avatar
Leigh B. Stoller committed
999
    # Bind the other users too.
Leigh B. Stoller's avatar
Leigh B. Stoller committed
1000
1001
1002
    # XXX Need to figure out where these come from.
    my @userbindings = ();

Leigh B. Stoller's avatar
Leigh B. Stoller committed
1003
1004
    foreach my $otheruuid (@userbindings) {
	my $otheruser = GeniUser->Lookup($otheruuid);
1005
	if (!defined($otheruser)) {
1006
	    $otheruser = CreateUserFromCertificate($otheruuid);
1007
1008
1009
1010
1011
	    if (!defined($otheruser)) {
		print STDERR "No user $otheruser, cannot bind to slice\n";
		next;
	    }
	}
Leigh B. Stoller's avatar
Leigh B. Stoller committed
1012
	if ($otheruser->BindToSlice($slice) != 0) {
Leigh B. Stoller's avatar
Leigh B. Stoller committed
1013
1014
1015
1016
	    print STDERR "Could not bind $otheruser to $slice\n";
	}
    }

Leigh B. Stoller's avatar
Leigh B. Stoller committed
1017
    #
Leigh B. Stoller's avatar
Leigh B. Stoller committed
1018
    # We are actually an Aggregate, so return an aggregate of slivers,
1019
    # even if there is just one node. This makes sliceupdate easier.
Leigh B. Stoller's avatar
Leigh B. Stoller committed
1020
    #
1021
1022
1023
1024
    if (defined($object)) {
	$aggregate = $object;
    }
    else {
1025
1026
1027
1028
1029
1030
1031
	#
	# Form the hrn from the slicename.
	#
	my $hrn = "${OURDOMAIN}." . $slice->slicename();
	
	$aggregate = GeniAggregate->Create($slice, $owner, "Aggregate",
					   $hrn, $slice->hrn());
1032
1033
	if (!defined($aggregate)) {
	    return GeniResponse->Create(GENIRESPONSE_ERROR, undef,
1034
1035
1036
1037
1038
1039
1040
1041
1042
1043
1044
1045
1046
				"Could not create GeniAggregate object");
	}
    }

    # Nalloc might fail if the node gets picked up by someone else.
    if (values(%toalloc) && !$impotent) {
	my @list = values(%toalloc);
	system("$NALLOC $pid $eid @list");
	if ($?) {
	    # Nothing to deallocate if this fails.
	    %toalloc = undef;
	    $message = "Allocation failure";
	    goto bad;
1047
	}
Leigh B. Stoller's avatar
Leigh B. Stoller committed
1048
    }
Leigh B. Stoller's avatar
Leigh B. Stoller committed
1049

1050
1051
1052
1053
1054
1055
1056
    #
    # We need to tear down links that are no longer in the rspec or
    # have changed.
    #
    foreach my $s (values(%linklist)) {
	if (! exists($rspec->{'link'}->{$s->hrn()})) {
	    $s->UnProvision();
1057
	    $s->Delete(0);
1058
1059
	    next;
	}
1060

1061
1062
1063
1064
1065
1066
1067
1068
1069
1070
1071
	my $delete     = 0;
	my @interfaces = ();
	if ($s->SliverList(\@interfaces) != 0) {
	    $message = "Failed to get sliverlist for $s";
	    goto bad;
	}
	foreach my $i (@interfaces) {
	    my $node_uuid   = $i->resource_uuid();
	    my $iface_name  = $i->rspec()->{'iface_name'};

	    my $linkendpoints =
Leigh B. Stoller's avatar
Leigh B. Stoller committed
1072
		$rspec->{'link'}->{$s->hrn()}->{'linkendpoints'};
1073
1074
1075
	}
    }
    
Leigh B. Stoller's avatar
Leigh B. Stoller committed
1076
    #
Leigh B. Stoller's avatar
Leigh B. Stoller committed
1077
1078
    # Now for each resource (okay, node) in the ticket create a sliver and
    # add it to the aggregate.
Leigh B. Stoller's avatar
Leigh B. Stoller committed
1079
    #
Leigh B. Stoller's avatar
Leigh B. Stoller committed
1080
1081
    my %slivers   = ();
    my @plabnodes = ();
1082
    foreach my $ref (@{$rspec->{'node'}}) {
1083
	my $resource_uuid = $ref->{'uuid'};
1084
1085
	my $sliver_uuid   = $ref->{'sliver_uuid'};
	
1086
1087
	# Already in the aggregate?
	next
1088
	    if (grep {$_ eq $sliver_uuid} keys(%nodelist));
1089
	
1090
1091
1092
	my $node = Node->Lookup($resource_uuid);
	if (!defined($node)) {
	    $message = "Unknown resource_uuid in ticket: $resource_uuid";
Leigh B. Stoller's avatar
Leigh B. Stoller committed
1093
1094
	    goto bad;
	}
Leigh B. Stoller's avatar
Leigh B. Stoller committed
1095
	my $sliver = GeniSliver::Node->Create($slice,
1096
					      $owner,
Leigh B. Stoller's avatar
Leigh B. Stoller committed
1097
					      $resource_uuid,
1098
					      $sliver_uuid,
Leigh B. Stoller's avatar
Leigh B. Stoller committed
1099
					      $ref);
Leigh B. Stoller's avatar
Leigh B. Stoller committed
1100
1101
1102
1103
	if (!defined($sliver)) {
	    $message = "Could not create GeniSliver object for $resource_uuid";
	    goto bad;
	}
1104
	$slivers{$sliver_uuid} = $sliver;
1105
1106
1107
1108
1109
1110
1111

	#
	# Remove this from %toalloc; if there is an error, the slivers are
	# deleted and the node released there. We only delete nodes that
	# have not turned into slivers yet. Ick.
	#
	delete($toalloc{$resource_uuid});
Leigh B. Stoller's avatar
Leigh B. Stoller committed
1112

1113
	# Used below.
1114
1115
1116
1117
1118
1119
1120
1121
	push(@allocated, $node)
	    if (! grep {$_->node_id() eq $node->node_id()} @allocated);

	# Add to the aggregate.
	if ($sliver->SetAggregate($aggregate) != 0) {
	    $message = "Could not set aggregate for $sliver to $aggregate";
	    goto bad;
	}
1122

Leigh B. Stoller's avatar
Leigh B. Stoller committed
1123
1124
1125
1126
1127
1128
1129
1130
1131
	# See below; setup all pnodes at once.
	if ($node->isremotenode()) {
	    my $vnode = Node->Lookup($sliver->uuid());
	    if (!defined($vnode)) {
		print STDERR "Could not locate vnode $sliver\n";
		goto bad;
	    }
	    push(@plabnodes, $vnode);
	}
Leigh B. Stoller's avatar
Leigh B. Stoller committed
1132
    }
Leigh B. Stoller's avatar
Leigh B. Stoller committed
1133

1134
1135
1136
1137
1138
    #
    # Now do the links. For each link, we have to add a sliver for the
    # interfaces, and then combine those two interfaces into an aggregate,
    # and then that aggregate goes into the aggregate for toplevel sliver.
    #
1139
1140
1141
    goto skiplinks
	if (!exists($rspec->{'link'}));
    
1142
    foreach my $linkname (keys(%{$rspec->{'link'}})) {
1143
1144
1145
1146
1147
	my @linkslivers  = ();
	if (! ($linkname =~ /^[-\w]*$/)) {
	    $message = "Bad name for link: $linkname";
	    goto bad;
	}
Leigh B. Stoller's avatar
Leigh B. Stoller committed
1148
1149
1150
1151
1152
1153
1154
1155
1156
1157
	my $linkref = $rspec->{'link'}->{$linkname};

	#
	# XXX Tunnels are a total kludge right now ...
	#
	if (exists($linkref->{'link_type'}) &&
	    $linkref->{'link_type'} eq "tunnel") {

	    my $node1ref = (@{$linkref->{'linkendpoints'}})[0];
	    my $node2ref = (@{$linkref->{'linkendpoints'}})[1];
1158
1159
1160
1161
1162
1163
1164
1165
1166
1167
1168
1169
1170
	    my $node1sliver_uuid = $node1ref->{'sliver_uuid'};
	    my $node2sliver_uuid = $node2ref->{'sliver_uuid'};
	    my $node1sliver;
	    my $node2sliver;

	    if (defined($node1sliver_uuid)) {
		$node1sliver = $slivers{$node1sliver_uuid} ||
		    $nodelist{$node1sliver_uuid};
	    }
	    if (defined($node2sliver_uuid)) {
		$node2sliver = $slivers{$node2sliver_uuid} ||
		    $nodelist{$node2sliver_uuid};
	    }
Leigh B. Stoller's avatar
Leigh B. Stoller committed
1171
1172
1173
1174
1175
1176
1177
1178
1179
1180
1181
1182
	    
	    my $tunnel = GeniAggregate::Tunnel->Create($slice,
						       $owner,
						       $node1sliver,
						       $node2sliver,
						       $linkref);

	    if (!defined($tunnel)) {
		$message = "Could not create tunnel aggregate for $linkname";
		goto bad;
	    }
	    $slivers{$tunnel->uuid()} = $tunnel;
1183
1184
1185
1186
1187
1188

	    # Add to the aggregate.
	    if ($tunnel->SetAggregate($aggregate) != 0) {
		$message = "Could not set aggregate for $tunnel to $aggregate";
		goto bad;
	    }
Leigh B. Stoller's avatar
Leigh B. Stoller committed
1189
1190
	    next;
	}
1191

1192
1193
	my $linkaggregate = GeniAggregate::Link->Create($slice, $owner,
							$linkname);
1194
1195
1196
1197
1198
1199
	if (!defined($linkaggregate)) {
	    $message = "Could not create link aggregate for $linkname";
	    goto bad;
	}
	$slivers{$linkaggregate->uuid()} = $linkaggregate;

1200
1201
1202
1203
1204
1205
1206
	# Add to the aggregate.
	if ($linkaggregate->SetAggregate($aggregate) != 0) {
	    $message = "Could not set aggregate for $linkaggregate ".
		"to $aggregate";
	    goto bad;
	}

Leigh B. Stoller's avatar
Leigh B. Stoller committed
1207
	foreach my $ref (@{$rspec->{'link'}->{$linkname}->{'linkendpoints'}}) {
1208
1209
1210
1211
1212
	    my $sliver_uuid  = $ref->{'sliver_uuid'};
	    my $iface_name   = $ref->{'iface_name'};
	    my $nodesliver   = $slivers{$sliver_uuid} ||
		$nodelist{$sliver_uuid};
	    
1213
1214
1215
1216
	    if (!defined($nodesliver)) {
		$message = "Link $linkname specifies a non-existent node";
		goto bad;
	    }
1217
	    my $nodeobject