GeniCM.pm.in 70.4 KB
Newer Older
Leigh B. Stoller's avatar
Leigh B. Stoller committed
1 2
#!/usr/bin/perl -wT
#
3
# GENIPUBLIC-COPYRIGHT
4
# Copyright (c) 2008-2009 University of Utah and the Flux Group.
Leigh B. Stoller's avatar
Leigh B. Stoller committed
5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23
# All rights reserved.
#
package GeniCM;

#
# The server side of the CM interface on remote sites. Also communicates
# with the GMC interface at Geni Central as a client.
#
use strict;
use Exporter;
use vars qw(@ISA @EXPORT);

@ISA    = "Exporter";
@EXPORT = qw ( );

# Must come after package declaration!
use lib '@prefix@/lib';
use GeniDB;
use Genixmlrpc;
Leigh B. Stoller's avatar
Leigh B. Stoller committed
24 25
use GeniResponse;
use GeniTicket;
Leigh B. Stoller's avatar
Leigh B. Stoller committed
26
use GeniCredential;
27
use GeniCertificate;
Leigh B. Stoller's avatar
Leigh B. Stoller committed
28
use GeniSlice;
Leigh B. Stoller's avatar
Leigh B. Stoller committed
29
use GeniAggregate;
30
use GeniAuthority;
Leigh B. Stoller's avatar
Leigh B. Stoller committed
31
use GeniSliver;
Leigh B. Stoller's avatar
Leigh B. Stoller committed
32
use GeniUser;
Leigh B. Stoller's avatar
Leigh B. Stoller committed
33
use GeniRegistry;
Leigh B. Stoller's avatar
Leigh B. Stoller committed
34
use libtestbed;
35
use emutil;
Leigh B. Stoller's avatar
Leigh B. Stoller committed
36
# Hate to import all this crap; need a utility library.
37
use libdb qw(TBGetSiteVar);
Leigh B. Stoller's avatar
Leigh B. Stoller committed
38
use User;
Leigh B. Stoller's avatar
Leigh B. Stoller committed
39
use Node;
Leigh B. Stoller's avatar
Leigh B. Stoller committed
40
use libadminctrl;
41
use Interface;
Leigh B. Stoller's avatar
Leigh B. Stoller committed
42 43
use English;
use Data::Dumper;
Leigh B. Stoller's avatar
Leigh B. Stoller committed
44
use XML::Simple;
Leigh B. Stoller's avatar
Leigh B. Stoller committed
45 46 47
use Date::Parse;
use POSIX qw(strftime);
use Time::Local;
Leigh B. Stoller's avatar
Leigh B. Stoller committed
48
use Experiment;
49
use Firewall;
Leigh B. Stoller's avatar
Leigh B. Stoller committed
50 51 52 53 54 55 56 57

# Configure variables
my $TB		   = "@prefix@";
my $TBOPS          = "@TBOPSEMAIL@";
my $TBAPPROVAL     = "@TBAPPROVALEMAIL@";
my $TBAUDIT   	   = "@TBAUDITEMAIL@";
my $BOSSNODE       = "@BOSSNODE@";
my $OURDOMAIN      = "@OURDOMAIN@";
58
my $PGENIDOMAIN    = "@PROTOGENI_DOMAIN@";
Leigh B. Stoller's avatar
Leigh B. Stoller committed
59
my $CREATEEXPT     = "$TB/bin/batchexp";
Leigh B. Stoller's avatar
Leigh B. Stoller committed
60
my $ENDEXPT        = "$TB/bin/endexp";
Leigh B. Stoller's avatar
Leigh B. Stoller committed
61
my $NALLOC	   = "$TB/bin/nalloc";
62
my $NFREE	   = "$TB/bin/nfree";
Leigh B. Stoller's avatar
Leigh B. Stoller committed
63
my $AVAIL	   = "$TB/sbin/avail";
64
my $PTOPGEN	   = "$TB/libexec/ptopgen";
Leigh B. Stoller's avatar
Leigh B. Stoller committed
65 66
my $TBSWAP	   = "$TB/bin/tbswap";
my $SWAPEXP	   = "$TB/bin/swapexp";
Leigh B. Stoller's avatar
Leigh B. Stoller committed
67 68 69 70
my $PLABSLICE	   = "$TB/sbin/plabslicewrapper";
my $NAMEDSETUP     = "$TB/sbin/named_setup";
my $VNODESETUP     = "$TB/sbin/vnode_setup";
my $GENTOPOFILE    = "$TB/libexec/gentopofile";
Leigh B. Stoller's avatar
Leigh B. Stoller committed
71 72

#
Leigh B. Stoller's avatar
Leigh B. Stoller committed
73
# Respond to a Resolve request. 
Leigh B. Stoller's avatar
Leigh B. Stoller committed
74 75 76 77 78 79 80
#
sub Resolve($)
{
    my ($argref) = @_;
    my $uuid       = $argref->{'uuid'};
    my $cred       = $argref->{'credential'};
    my $type       = $argref->{'type'};
Leigh B. Stoller's avatar
Leigh B. Stoller committed
81
    my $hrn;
Leigh B. Stoller's avatar
Leigh B. Stoller committed
82 83 84 85 86 87 88 89

    if (! defined($cred)) {
	return GeniResponse->MalformedArgsResponse();
    }
    if (! (defined($type) && ($type =~ /^(Node)$/))) {
	return GeniResponse->MalformedArgsResponse();
    }
    # Allow lookup by uuid or hrn.
Leigh B. Stoller's avatar
Leigh B. Stoller committed
90
    if (! defined($uuid)) {
Leigh B. Stoller's avatar
Leigh B. Stoller committed
91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131
	return GeniResponse->MalformedArgsResponse();
    }
    if (defined($uuid) && !($uuid =~ /^[-\w]*$/)) {
	return GeniResponse->MalformedArgsResponse();
    }

    my $credential = GeniCredential->CreateFromSigned($cred);
    if (!defined($credential)) {
	return GeniResponse->Create(GENIRESPONSE_ERROR, undef,
				    "Could not create GeniCredential object");
    }
    
    #
    # Make sure the credential was issued to the caller, but no special
    # permission required to resolve component resources.
    #
    if ($credential->owner_uuid() ne $ENV{'GENIUUID'}) {
	return GeniResponse->Create(GENIRESPONSE_ERROR, undef,
				    "This is not your credential!");
    }
    if ($type eq "Node") {
	my $node;
	
	if (defined($uuid)) {
	    $node= Node->Lookup($uuid);
	}
	else {
	    #
	    # We only want the last token for node lookup.
	    #
	    if ($hrn =~ /\./) {
		($hrn) = ($hrn =~ /\.(\w*)$/);
	    }
	    $node= Node->Lookup($hrn);
	}
	if (!defined($node)) {
	    return GeniResponse->Create(GENIRESPONSE_SEARCHFAILED,
					undef, "Nothing here by that name");
	}
	
	# Return a blob.
132
	my $blob = { "hrn"          => "${PGENIDOMAIN}." . $node->node_id(),
Leigh B. Stoller's avatar
Leigh B. Stoller committed
133
		     "uuid"         => $node->uuid(),
134
		     "role"	    => $node->role(),
135
		     "hostname"     => $node->node_id() . ".${OURDOMAIN}",
Leigh B. Stoller's avatar
Leigh B. Stoller committed
136 137 138 139 140 141 142 143 144 145 146 147 148
		   };

	#
	# Get the list of interfaces for the node.
	#
	my @interfaces;
	if ($node->AllInterfaces(\@interfaces) != 0) {
	    return GeniResponse->Create(GENIRESPONSE_ERROR, undef,
					"Could not get interfaces for $uuid");
	}

	my @iblobs = ();
	foreach my $interface (@interfaces) {
149 150 151
	    next
		if (!defined($interface->switch_id()));
		
Leigh B. Stoller's avatar
Leigh B. Stoller committed
152 153 154 155 156 157
	    my $iblob = { "uuid"	=> $interface->uuid(),
			  "iface"	=> $interface->iface(),
			  "type"	=> $interface->type(),
			  "card"	=> $interface->card(),
			  "port"	=> $interface->port(),
			  "role"	=> $interface->role(),
158 159
			  "IP"		=> $interface->IP() || "",
			  "mask"	=> $interface->mask() || "",
Leigh B. Stoller's avatar
Leigh B. Stoller committed
160
			  "MAC"		=> $interface->mac(),
161 162 163 164 165
			  "switch_id"   => "${OURDOMAIN}." . 
			      $interface->switch_id(),
			  "switch_card"	=> $interface->switch_card(),
			  "switch_port"	=> $interface->switch_port(),
			  "wire_type"	=> $interface->wire_type(),
Leigh B. Stoller's avatar
Leigh B. Stoller committed
166 167 168 169 170 171 172 173 174 175 176 177
		      };

	    push(@iblobs, $iblob);
	}
	$blob->{'interfaces'} = \@iblobs
	    if (@iblobs);
	
	return GeniResponse->Create(GENIRESPONSE_SUCCESS, $blob);
    }
    return GeniResponse->Create(GENIRESPONSE_UNSUPPORTED);
}

Leigh B. Stoller's avatar
Leigh B. Stoller committed
178 179 180 181 182 183 184 185 186 187 188 189 190 191 192
#
# Discover resources on this component, returning a resource availablity spec
#
sub DiscoverResources($)
{
    my ($argref) = @_;
    my $credential = $argref->{'credential'};
    my $user_uuid  = $ENV{'GENIUSER'};

    $credential = GeniCredential->CreateFromSigned($credential);
    if (!defined($credential)) {
	return GeniResponse->Create(GENIRESPONSE_ERROR, undef,
				    "Could not create GeniCredential object");
    }
    # The credential owner/slice has to match what was provided.
193
    if ($user_uuid ne $credential->owner_uuid()) {
Leigh B. Stoller's avatar
Leigh B. Stoller committed
194 195 196 197
	return GeniResponse->Create(GENIRESPONSE_FORBIDDEN, undef,
				    "Invalid credentials for operation");
    }

Leigh B. Stoller's avatar
Leigh B. Stoller committed
198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214
    #
    # A sitevar controls whether external users can get any nodes.
    #
    my $allow_externalusers = 0;
    if (!TBGetSiteVar('protogeni/allow_externalusers', \$allow_externalusers)){
	# Cannot get the value, say no.
	$allow_externalusers = 0;
    }
    if (!$allow_externalusers) {
	my $user = GeniUser->Lookup($user_uuid, 1);
	# No record means the user is remote.
	if (!defined($user) || !$user->IsLocal()) {
	    return GeniResponse->Create(GENIRESPONSE_UNAVAILABLE, undef,
					"External users temporarily denied");
	}
    }

Leigh B. Stoller's avatar
Leigh B. Stoller committed
215
    #
216
    # Use ptopgen in xml mode to spit back an xml file. 
Leigh B. Stoller's avatar
Leigh B. Stoller committed
217
    #
218
    if (! open(AVAIL, "$PTOPGEN -x -g -r -p GeniSlices |")) {
Leigh B. Stoller's avatar
Leigh B. Stoller committed
219 220 221
	return GeniResponse->Create(GENIRESPONSE_ERROR, undef,
				    "Could not start avail");
    }
222
    my $xml = "";
Leigh B. Stoller's avatar
Leigh B. Stoller committed
223
    while (<AVAIL>) {
224
	$xml .= $_;
Leigh B. Stoller's avatar
Leigh B. Stoller committed
225 226 227 228 229
    }
    close(AVAIL);

    return GeniResponse->Create(GENIRESPONSE_SUCCESS, $xml);
}
Leigh B. Stoller's avatar
Leigh B. Stoller committed
230

Leigh B. Stoller's avatar
Leigh B. Stoller committed
231
#
Leigh B. Stoller's avatar
Leigh B. Stoller committed
232
# Respond to a GetTicket request. 
Leigh B. Stoller's avatar
Leigh B. Stoller committed
233 234 235 236 237
#
sub GetTicket($)
{
    my ($argref) = @_;
    my $rspec      = $argref->{'rspec'};
Leigh B. Stoller's avatar
Leigh B. Stoller committed
238
    my $impotent   = $argref->{'impotent'};
239
    my $cred       = $argref->{'credential'};
240
    my $vtopo      = $argref->{'virtual_topology'};
Leigh B. Stoller's avatar
Leigh B. Stoller committed
241
    my $owner_uuid = $ENV{'GENIUSER'};
Leigh B. Stoller's avatar
Leigh B. Stoller committed
242
    my $response   = undef;
Leigh B. Stoller's avatar
Leigh B. Stoller committed
243

244 245
    if (! defined($cred)) {
	return GeniResponse->MalformedArgsResponse();
Leigh B. Stoller's avatar
Leigh B. Stoller committed
246
    }
Leigh B. Stoller's avatar
Leigh B. Stoller committed
247 248 249
    if (! (defined($rspec) && ($rspec =~ /^[-\w]+$/))) {
	GeniResponse->Create(GENIRESPONSE_BADARGS, undef,
			     "Improper rspec");	
Leigh B. Stoller's avatar
Leigh B. Stoller committed
250
    }
251
    $rspec = XMLin($rspec, ForceArray => ["node", "link", "linkendpoints"]);
Leigh B. Stoller's avatar
Leigh B. Stoller committed
252

Leigh B. Stoller's avatar
Leigh B. Stoller committed
253 254 255
    $impotent = 0
	if (!defined($impotent));

256
    my $credential = GeniCredential->CreateFromSigned($cred);
Leigh B. Stoller's avatar
Leigh B. Stoller committed
257 258 259 260
    if (!defined($credential)) {
	return GeniResponse->Create(GENIRESPONSE_ERROR, undef,
				    "Could not create GeniCredential object");
    }
261
    my $slice_uuid = $credential->target_uuid();
262 263
    my $user_uuid  = $credential->owner_uuid();
    
264

265 266 267 268
    #
    # Make sure the credential was issued to the caller.
    #
    if ($credential->owner_uuid() ne $ENV{'GENIUUID'}) {
Leigh B. Stoller's avatar
Leigh B. Stoller committed
269
	return GeniResponse->Create(GENIRESPONSE_ERROR, undef,
270
				    "This is not your credential!");
Leigh B. Stoller's avatar
Leigh B. Stoller committed
271
    }
Leigh B. Stoller's avatar
Leigh B. Stoller committed
272

273 274 275 276 277 278
    $credential->HasPrivilege( "pi" ) or
	$credential->HasPrivilege( "instantiate" ) or
	$credential->HasPrivilege( "bind" ) or
	return GeniResponse->Create( GENIRESPONSE_FORBIDDEN, undef,
				     "Insufficient privilege" );

Leigh B. Stoller's avatar
Leigh B. Stoller committed
279
    #
Leigh B. Stoller's avatar
Leigh B. Stoller committed
280
    # Create slice form the certificate.
Leigh B. Stoller's avatar
Leigh B. Stoller committed
281 282 283
    #
    my $slice = GeniSlice->Lookup($slice_uuid);
    if (!defined($slice)) {
284
	$slice = CreateSliceFromCertificate($credential);
Leigh B. Stoller's avatar
Leigh B. Stoller committed
285
	if (!defined($slice)) {
286
	    print STDERR "Could not create $slice_uuid\n";
Leigh B. Stoller's avatar
Leigh B. Stoller committed
287
	    return GeniResponse->Create(GENIRESPONSE_ERROR, undef,
288
					"Could not create slice");
Leigh B. Stoller's avatar
Leigh B. Stoller committed
289
	}
Leigh B. Stoller's avatar
Leigh B. Stoller committed
290 291
    }

Leigh B. Stoller's avatar
Leigh B. Stoller committed
292
    #
Leigh B. Stoller's avatar
Leigh B. Stoller committed
293 294
    # Ditto the user.
    #
295
    my $user = GeniUser->Lookup($user_uuid);
Leigh B. Stoller's avatar
Leigh B. Stoller committed
296
    if (!defined($user)) {
297
	$user = CreateUserFromCertificate($credential->owner_cert());
Leigh B. Stoller's avatar
Leigh B. Stoller committed
298
	if (!defined($user)) {
299
	    print STDERR "No user $user_uuid in the ClearingHouse\n";
Leigh B. Stoller's avatar
Leigh B. Stoller committed
300 301 302 303 304
	    return GeniResponse->Create(GENIRESPONSE_ERROR, undef,
			    "Could not get user info from ClearingHouse");
	}
    }

Leigh B. Stoller's avatar
Leigh B. Stoller committed
305 306 307 308 309 310 311 312 313 314 315 316 317 318
    #
    # A sitevar controls whether external users can get any nodes.
    #
    my $allow_externalusers = 0;
    if (!TBGetSiteVar('protogeni/allow_externalusers', \$allow_externalusers)){
	# Cannot get the value, say no.
	$allow_externalusers = 0;
    }
    if (!$allow_externalusers && !$user->IsLocal()) {
	return GeniResponse->Create(GENIRESPONSE_UNAVAILABLE, undef,
				    "External users temporarily denied");
    }
    
    #
319
    # For now all tickets expire very quickly (minutes), but once the
Leigh B. Stoller's avatar
Leigh B. Stoller committed
320 321 322 323 324 325 326 327 328 329 330 331 332 333 334 335 336 337 338 339 340 341 342 343 344 345 346 347 348 349 350 351 352 353 354 355 356 357
    # ticket is redeemed, it will expire according to the rspec request.
    #
    if (exists($rspec->{'valid_until'})) {
	my $expires = $rspec->{'valid_until'};

	if (! ($expires =~ /^[-\w:.\/]+/)) {
	    return GeniResponse->Create(GENIRESPONSE_BADARGS, undef,
					"Illegal valid_until in rspec");
	}
	# Convert to a localtime.
	my $when = timegm(strptime($expires));
	if (!defined($when)) {
	    return GeniResponse->Create(GENIRESPONSE_BADARGS, undef,
					"Could not parse valid_until");
	}
	
	#
	# No more then 24 hours out ... Needs to be a sitevar?
	#
	my $diff = $when - time();
	if ($diff < (60 * 15) || $diff > (3600 * 24)) {
	    return GeniResponse->Create(GENIRESPONSE_BADARGS, undef,
					"valid_until out of range");
	}
    }
    else {
	# Give it a reasonable default for later when the ticket is redeemed.
	$rspec->{'valid_until'} =
	    POSIX::strftime("20%y-%m-%dT%H:%M:%S", gmtime(time() + (3600*1)));
    }
    
    #
    #
    # Lock the slice from further access.
    #
    if ($slice->Lock() != 0) {
	return GeniResponse->BusyResponse();
    }
358 359 360 361 362 363
    # Shutdown slices get nothing.
    if ($slice->shutdown()) {
	$slice->UnLock();
	return GeniResponse->Create(GENIRESPONSE_FORBIDDEN, undef,
				    "Slice has been shutdown");
    }
Leigh B. Stoller's avatar
Leigh B. Stoller committed
364

365
    #
Leigh B. Stoller's avatar
Leigh B. Stoller committed
366
    # For now, there can be only a single toplevel aggregate per slice.
367
    # The existence of an aggregate means the slice is active here. 
Leigh B. Stoller's avatar
Leigh B. Stoller committed
368 369 370 371 372 373 374
    #
    my $aggregate = GeniAggregate->SliceAggregate($slice);
    if (defined($aggregate)) {
	$slice->UnLock();
	return GeniResponse->Create(GENIRESPONSE_BADARGS, undef,
				    "Already have an aggregate for slice");
    }
375 376 377 378 379 380 381 382 383 384 385

    #
    # Say a ticket already exists in the DB? Lets throw that ticket
    # away and generate a new one. This is partly a debugging
    # mechanism.  To really do this correctly, would want to merge in
    # the existing resources with the new rspec request. Do not
    # want to go there yet.
    #
    my $existing_ticket = GeniTicket->LookupForSlice($slice);
    if (defined($existing_ticket)) {
	print STDERR "Releasing existing ticket $existing_ticket\n";
386
	if ($existing_ticket->Release(TICKET_EXPIRED) != 0) {
387 388 389 390 391 392 393 394 395 396 397 398 399 400 401 402 403
	    print STDERR "Error releasing existing ticket $existing_ticket\n";
	    $slice->UnLock();
	    return GeniResponse->Create(GENIRESPONSE_ERROR);
	}
    }

    #
    # Firewall hack; just a flag in the rspec for now.
    #
    if (exists($rspec->{'needsfirewall'}) && $rspec->{'needsfirewall'}) {
	if ($slice->SetFirewallFlag($rspec->{'needsfirewall'}) != 0) {
	    $slice->UnLock();
	    return GeniResponse->Create(GENIRESPONSE_ERROR);
	}
    }
    
    my $experiment = GeniExperiment($slice);
Leigh B. Stoller's avatar
Leigh B. Stoller committed
404
    if (!defined($experiment)) {
Leigh B. Stoller's avatar
Leigh B. Stoller committed
405 406 407
	$slice->UnLock();
	return GeniResponse->Create(GENIRESPONSE_ERROR,
				    undef, "Internal Error");
Leigh B. Stoller's avatar
Leigh B. Stoller committed
408 409
    }

Leigh B. Stoller's avatar
Leigh B. Stoller committed
410
    #
Leigh B. Stoller's avatar
Leigh B. Stoller committed
411 412
    # An rspec is a structure that requests specific nodes. If those
    # nodes are available, then reserve it. Otherwise the ticket
Leigh B. Stoller's avatar
Leigh B. Stoller committed
413 414
    # cannot be granted.
    #
415
    # XXX Simpleminded.
Leigh B. Stoller's avatar
Leigh B. Stoller committed
416
    #
417
    my %namemap = ();
418 419
    my %physmap = ();
    my %virtmap = ();
Leigh B. Stoller's avatar
Leigh B. Stoller committed
420
    my @nodeids = ();
421
    my @dealloc;
Leigh B. Stoller's avatar
Leigh B. Stoller committed
422 423 424
    my $pid     = $experiment->pid();
    my $eid     = $experiment->eid();

425 426
    foreach my $ref (@{$rspec->{'node'}}) {
	my $resource_uuid = $ref->{'uuid'};
427
	my $node_nickname = $ref->{'nickname'};
428
	my $phys_nickname = $ref->{'phys_nickname'};
Leigh B. Stoller's avatar
Leigh B. Stoller committed
429
	my $virtualization_type = $ref->{'virtualization_type'};
430
	my $sliver_uuid   = NewUUID();
Leigh B. Stoller's avatar
Leigh B. Stoller committed
431 432 433 434 435 436
	my $node;

	#
	# Mostly for debugging right now, allow a wildcard.
	#
	if ($resource_uuid eq "*") {
437 438 439 440 441 442
	    if (defined($phys_nickname) && exists($physmap{$phys_nickname})) {
		$node = $physmap{$phys_nickname};
	    }
	    else {
		$node = FindFreeNode($virtualization_type, @nodeids);
	    }
Leigh B. Stoller's avatar
Leigh B. Stoller committed
443 444 445 446 447 448 449 450 451 452 453 454 455 456 457 458 459 460 461
	    
	    if (!defined($node)) {
		$response = GeniResponse->Create(GENIRESPONSE_UNAVAILABLE,
						 undef,
						 "No free nodes for wildcard");
		goto bad;
	    }
	    $resource_uuid = $node->uuid();
	    $ref->{'uuid'} = $node->uuid();
	}
	else {
	    $node = Node->Lookup($resource_uuid);

	    if (!defined($node)) {
		$response =
		    GeniResponse->Create(GENIRESPONSE_BADARGS, undef,
					 "Bad resource $resource_uuid");
		goto bad;
	    }
Leigh B. Stoller's avatar
Leigh B. Stoller committed
462
	}
463 464 465 466
	# We assign the sliver uuids here so that user can associate
	# slivers with parts of the rspec later.
	$ref->{'sliver_uuid'} = $sliver_uuid;
	
467 468 469 470 471 472
	#
	# Widearea nodes do not need to be allocated, but for now all
	# I allow is a plabdslice node.
	#
	if ($node->isremotenode()) {
	    if (! $node->isplabphysnode()) {
Leigh B. Stoller's avatar
Leigh B. Stoller committed
473 474 475 476
		$response =
		    GeniResponse->Create(GENIRESPONSE_BADARGS, undef,
					 "Only plab widearea nodes");
		goto bad;
477
	    }
478
	    goto skipalloc;
479
	}
Leigh B. Stoller's avatar
Leigh B. Stoller committed
480 481

	#
482
	# See if the node is already reserved. 
Leigh B. Stoller's avatar
Leigh B. Stoller committed
483 484 485
	#
	my $reservation = $node->Reservation();
	if (defined($reservation)) {
Leigh B. Stoller's avatar
Leigh B. Stoller committed
486 487 488 489
	    $response =
		GeniResponse->Create(GENIRESPONSE_UNAVAILABLE, undef,
				     "$resource_uuid ($node) not available");
	    goto bad;
Leigh B. Stoller's avatar
Leigh B. Stoller committed
490
	}
491 492 493 494 495 496
	# watch for duplicates, as for multiple vnodes on a pnode.
	push(@nodeids, $node->node_id())
	    if (! grep {$_ eq $node->node_id()} @nodeids);

      skipalloc:
	$virtmap{$sliver_uuid}   = $node;
497
	# For wildcarded nodes in links.
498
	$namemap{$node_nickname} = $sliver_uuid
499
	    if (defined($node_nickname));
500 501
	$physmap{$phys_nickname} = $node
	    if (defined($phys_nickname));
Leigh B. Stoller's avatar
Leigh B. Stoller committed
502
    }
Leigh B. Stoller's avatar
Leigh B. Stoller committed
503

Leigh B. Stoller's avatar
Leigh B. Stoller committed
504 505 506 507 508 509 510 511 512 513 514 515 516 517 518 519 520 521 522 523 524 525 526 527 528 529 530 531 532 533 534 535 536
    #
    # A sitevar controls how many total nodes external users can allocate.
    #
    # XXX All this policy stuff is a whack job for the initial release. 
    #
    my $max_externalnodes = 0;
    if (!TBGetSiteVar('protogeni/max_externalnodes', \$max_externalnodes)){
	# Cannot get the value, say none.
	$max_externalnodes = 0;
    }
    if (scalar(@nodeids) > $max_externalnodes) {
	$slice->UnLock();
	return GeniResponse->Create(GENIRESPONSE_UNAVAILABLE, undef,
			   "Too many nodes; limited to $max_externalnodes");
    }
    # Check current usage by dipping into the libadminctrl library.
    my $curusage = libadminctrl::LoadCurrent($experiment->creator(),
					     $experiment->pid(),
					     $experiment->gid());
    if (!defined($curusage)) {
	$slice->UnLock();
	print STDERR "Could not get current usage from adminctl library\n";
	return GeniResponse->Create(GENIRESPONSE_UNAVAILABLE, undef,
				    "Temporarily unavailable");
    }
    if ($curusage->{"nodes"}->{'project'} + scalar(@nodeids) >=
	$max_externalnodes) {
	$slice->UnLock();
	my $nodesleft = $max_externalnodes - $curusage->{"nodes"}->{'project'};
	return GeniResponse->Create(GENIRESPONSE_UNAVAILABLE, undef,
				    "Too many nodes; limited to $nodesleft");
    }

Leigh B. Stoller's avatar
Leigh B. Stoller committed
537
    # Nalloc might fail if the node gets picked up by someone else.
538
    if (@nodeids && !$impotent) {
Leigh B. Stoller's avatar
Leigh B. Stoller committed
539
	system("$NALLOC $pid $eid @nodeids");
Leigh B. Stoller's avatar
Leigh B. Stoller committed
540
	if (($? >> 8) < 0) {
Leigh B. Stoller's avatar
Leigh B. Stoller committed
541 542 543 544
	    $response =
		GeniResponse->Create(GENIRESPONSE_ERROR, undef,
				     "Allocation failure");
	    goto bad;
Leigh B. Stoller's avatar
Leigh B. Stoller committed
545 546
	}
	elsif (($? >> 8) > 0) {
Leigh B. Stoller's avatar
Leigh B. Stoller committed
547 548 549 550
	    $response =
		GeniResponse->Create(GENIRESPONSE_UNAVAILABLE, undef,
				     "Could not allocate node");
	    goto bad;
Leigh B. Stoller's avatar
Leigh B. Stoller committed
551
	}
552 553 554 555 556 557 558 559 560 561 562 563 564 565
	# In case the code below fails, before ticket is created.
	@dealloc = @nodeids;
    }
    #
    # Now deal with links for wildcarded nodes. We need to fill in the
    # node_uuid.
    #
    foreach my $linkname (keys(%{$rspec->{'link'}})) {
	my $linkref = $rspec->{'link'}->{$linkname};

	foreach my $ref (@{$linkref->{'linkendpoints'}}) {
	    my $node_uuid     = $ref->{'node_uuid'};
	    my $node_nickname = $ref->{'node_nickname'};
	    my $iface_name    = $ref->{'iface_name'};
566 567
	    my $istunnel      = (exists($linkref->{'link_type'}) &&
				 $linkref->{'link_type'} eq "tunnel");
568

569
	    if (!defined($node_nickname)) {
570
		$response = GeniResponse->Create(GENIRESPONSE_ERROR, undef,
571
						 "Need nickname for links");
572 573 574
		goto bad;
	    }

575 576 577
	    # XXX No wildcarding for tunnels unless its a node from above.
	    if ($istunnel) {
		if ($node_uuid eq "*" && !exists($namemap{$node_nickname})) {
578 579 580 581
		    $response = GeniResponse->Create(GENIRESPONSE_ERROR, undef,
					 "Tunnels cannot be wildcarded");
		    goto bad;
		}
582 583 584
		# Not a local node, so skip.
		next
		    if (!exists($namemap{$node_nickname}));
585
	    }
586

587 588 589 590
	    # Map the nickname to the actual sliver (node) request.
	    my $sliver_uuid = $namemap{$node_nickname};
	    my $node = $virtmap{$sliver_uuid};

591
	    #
592
	    # Fill in the physnode if its wildcarded.
593 594 595 596
 	    #
	    if ($node_uuid eq "*") {
		$ref->{'node_uuid'} = $node->uuid();
	    }
597 598
	    # and the sliver_uuid we assigned above.
	    $ref->{'sliver_uuid'} = $sliver_uuid;
599 600 601

	    next
		if ($istunnel);
602
	    
603 604 605 606 607 608 609 610 611 612 613 614 615 616 617 618 619 620 621 622 623 624 625 626 627 628 629 630 631 632 633 634
	    #
	    # Now do wildcarded interfaces.
	    #
	    if ($iface_name eq "*") {
		my @interfaces;
		if ($node->AllInterfaces(\@interfaces) != 0) {
		    $response = GeniResponse->Create(GENIRESPONSE_ERROR, undef,
				     "Could not get interfaces for $node");
		    goto bad;
		}
		foreach my $interface (@interfaces) {
		    next
			if (!defined($interface->switch_id()));
		    next
			if ($interface->role() ne "expt");

		    $ref->{'iface_name'} = $interface->iface();
		    last;
		}
	    }
	}
    }
    
    #
    # Create the ticket. 
    #
    my $ticket = GeniTicket->Create($slice, $user, $rspec);
    if (!defined($ticket)) {
	$response =
	    GeniResponse->Create(GENIRESPONSE_ERROR, undef,
				 "Could not create GeniTicket object");
	goto bad;
Leigh B. Stoller's avatar
Leigh B. Stoller committed
635
    }
Leigh B. Stoller's avatar
Leigh B. Stoller committed
636
    if ($ticket->Sign() != 0) {
Leigh B. Stoller's avatar
Leigh B. Stoller committed
637 638 639
	$response = GeniResponse->Create(GENIRESPONSE_ERROR, undef,
					 "Could not sign Ticket");
	goto bad;
Leigh B. Stoller's avatar
Leigh B. Stoller committed
640
    }
Leigh B. Stoller's avatar
Leigh B. Stoller committed
641
    $slice->UnLock();
642
    return GeniResponse->Create(GENIRESPONSE_SUCCESS, $ticket->asString());
Leigh B. Stoller's avatar
Leigh B. Stoller committed
643
  bad:
644 645
    # Release will free the nodes.
    if (defined($ticket)) {
646
	$ticket->Release(TICKET_PURGED);
647 648 649 650
    }
    elsif (@dealloc) {
	system("export NORELOAD=1; $NFREE -x -q $pid $eid @dealloc");
    }
Leigh B. Stoller's avatar
Leigh B. Stoller committed
651 652 653
    $slice->UnLock()
	if (defined($slice));
    return $response;
Leigh B. Stoller's avatar
Leigh B. Stoller committed
654 655 656 657 658
}

#
# Create a sliver.
#
659
sub RedeemTicket($)
Leigh B. Stoller's avatar
Leigh B. Stoller committed
660 661
{
    my ($argref) = @_;
Leigh B. Stoller's avatar
Leigh B. Stoller committed
662
    my $ticket     = $argref->{'ticket'};
663
    my $impotent   = $argref->{'impotent'};
Leigh B. Stoller's avatar
Leigh B. Stoller committed
664
    my $keys       = $argref->{'keys'};
Leigh B. Stoller's avatar
Leigh B. Stoller committed
665
    my $extraargs  = $argref->{'extraargs'};
666 667 668

    $impotent = 0
	if (!defined($impotent));
Leigh B. Stoller's avatar
Leigh B. Stoller committed
669 670 671 672 673 674 675 676 677 678 679 680

    if (! (defined($ticket) &&
	   !TBcheck_dbslot($ticket, "default", "text",
			   TBDB_CHECKDBSLOT_ERROR))) {
	return GeniResponse->Create(GENIRESPONSE_ERROR, undef,
				    "ticket: ". TBFieldErrorString());
    }
    $ticket = GeniTicket->CreateFromSignedTicket($ticket);
    if (!defined($ticket)) {
	return GeniResponse->Create(GENIRESPONSE_ERROR, undef,
				    "Could not create GeniTicket object");
    }
681 682 683 684 685 686 687
    
    #
    # Make sure the credential was issued to the caller.
    #
    if ($ticket->owner_uuid() ne $ENV{'GENIUUID'}) {
	return GeniResponse->Create(GENIRESPONSE_ERROR, undef,
				    "This is not your credential!");
Leigh B. Stoller's avatar
Leigh B. Stoller committed
688
    }
Leigh B. Stoller's avatar
Leigh B. Stoller committed
689 690 691 692 693 694 695 696 697 698 699 700 701

    my $slice = GeniSlice->Lookup($ticket->slice_uuid());
    if (!defined($slice)) {
	return GeniResponse->Create(GENIRESPONSE_ERROR, undef,
				    "No slice record for slice");
    }
    if ($slice->Lock() != 0) {
	return GeniResponse->BusyResponse();
    }
    #
    # Do not redeem an expired ticket, kill it now.
    #
    if ($ticket->Expired()) {
702
	$ticket->Release(TICKET_EXPIRED);
Leigh B. Stoller's avatar
Leigh B. Stoller committed
703 704 705 706
	$slice->UnLock();
	return GeniResponse->Create(GENIRESPONSE_EXPIRED, undef,
				    "Ticket has expired");
    }
707 708 709 710 711 712
    # Shutdown slices get nothing.
    if ($slice->shutdown()) {
	$slice->UnLock();
	return GeniResponse->Create(GENIRESPONSE_FORBIDDEN, undef,
				    "Slice has been shutdown");
    }
Leigh B. Stoller's avatar
Leigh B. Stoller committed
713 714 715 716 717 718

    #
    # For now, ther can be only a single toplevel aggregate per slice.
    #
    my $aggregate = GeniAggregate->SliceAggregate($slice);
    if (defined($aggregate)) {
719
	$ticket->Release(TICKET_EXPIRED);
Leigh B. Stoller's avatar
Leigh B. Stoller committed
720 721 722 723 724 725 726 727
	$slice->UnLock();
	return GeniResponse->Create(GENIRESPONSE_BADARGS, undef,
				    "Already have an aggregate for slice");
    }
    my $response = ModifySliver(undef, $slice, $ticket,
				$ticket->rspec(), $impotent, $keys);
    $slice->UnLock();
    return $response;
728
}
Leigh B. Stoller's avatar
Leigh B. Stoller committed
729

730 731 732 733 734 735 736 737 738
#
# Update a sliver with a different resource set.
#
sub UpdateSliver($)
{
    my ($argref) = @_;
    my $cred        = $argref->{'credential'};
    my $rspec       = $argref->{'rspec'};
    my $impotent    = $argref->{'impotent'};
Leigh B. Stoller's avatar
Leigh B. Stoller committed
739 740
    my $keys        = $argref->{'keys'};
    my $extraargs   = $argref->{'extraargs'};
741 742 743 744 745 746 747 748 749 750

    $impotent = 0
	if (!defined($impotent));

    if (!defined($cred)) {
	return GeniResponse->Create(GENIRESPONSE_BADARGS);
    }
    if (! (defined($rspec) && ($rspec =~ /^[-\w]+$/))) {
	GeniResponse->Create(GENIRESPONSE_BADARGS, undef, "Improper rspec");
    }
751
    $rspec = XMLin($rspec, ForceArray => ["node", "link", "linkendpoints"]);
752 753 754

    my $credential = GeniCredential->CreateFromSigned($cred);
    if (!defined($credential)) {
Leigh B. Stoller's avatar
Leigh B. Stoller committed
755
	return GeniResponse->Create(GENIRESPONSE_ERROR, undef,
756 757
				    "Could not create GeniCredential object");
    }
758
    my $sliver_uuid = $credential->target_uuid();
759
    my $user_uuid   = $credential->owner_uuid();
Leigh B. Stoller's avatar
Leigh B. Stoller committed
760

761 762 763 764 765 766 767
    #
    # Make sure the credential was issued to the caller.
    #
    if ($credential->owner_uuid() ne $ENV{'GENIUUID'}) {
	return GeniResponse->Create(GENIRESPONSE_ERROR, undef,
				    "This is not your credential!");
    }
768 769 770 771 772 773
    $credential->HasPrivilege( "pi" ) or
	$credential->HasPrivilege( "instantiate" ) or
	$credential->HasPrivilege( "control" ) or
	return GeniResponse->Create( GENIRESPONSE_FORBIDDEN, undef,
				     "Insufficient privilege" );

774 775 776 777
    my $sliver = GeniSliver->Lookup($sliver_uuid);
    if (defined($sliver)) {
	return GeniResponse->Create(GENIRESPONSE_BADARGS, undef,
				    "Only aggregates for now");
Leigh B. Stoller's avatar
Leigh B. Stoller committed
778
    }
779 780 781 782 783
    my $aggregate = GeniAggregate->Lookup($sliver_uuid);
    if (!defined($aggregate)) {
	return GeniResponse->Create(GENIRESPONSE_BADARGS, undef,
				    "No such aggregate $sliver_uuid");
    }
Leigh B. Stoller's avatar
Leigh B. Stoller committed
784 785 786 787 788 789 790 791
    my $slice = GeniSlice->Lookup($aggregate->slice_uuid());
    if (!defined($slice)) {
	return GeniResponse->Create(GENIRESPONSE_ERROR, undef,
				    "No slice record for slice");
    }
    if ($slice->Lock() != 0) {
	return GeniResponse->BusyResponse();
    }
792 793 794 795 796 797
    # Shutdown slices get nothing.
    if ($slice->shutdown()) {
	$slice->UnLock();
	return GeniResponse->Create(GENIRESPONSE_FORBIDDEN, undef,
				    "Slice has been shutdown");
    }
Leigh B. Stoller's avatar
Leigh B. Stoller committed
798 799 800 801 802

    my $response = ModifySliver($aggregate, $slice,
				$credential, $rspec, $impotent, $keys);
    $slice->UnLock();
    return $response;
803
}
Leigh B. Stoller's avatar
Leigh B. Stoller committed
804

805 806 807
#
# Utility function for above routines.
#
Leigh B. Stoller's avatar
Leigh B. Stoller committed
808
sub ModifySliver($$$$$$)
809
{
Leigh B. Stoller's avatar
Leigh B. Stoller committed
810
    my ($object, $slice, $credential, $rspec, $impotent, $keys) = @_;
811 812 813 814 815

    my $owner_uuid = $credential->owner_uuid();
    my $message    = "Error creating sliver/aggregate";
    my $aggregate;
    
816
    #
Leigh B. Stoller's avatar
Leigh B. Stoller committed
817
    # Create the user.
818 819 820
    #
    my $owner = GeniUser->Lookup($owner_uuid);
    if (!defined($owner)) {
821
	$owner = CreateUserFromCertificate($credential->owner_cert());
822 823 824 825 826
	if (!defined($owner)) {
	    print STDERR "No user $owner_uuid in the ClearingHouse\n";
	    return GeniResponse->Create(GENIRESPONSE_ERROR, undef,
					"No user record for $owner_uuid");
	}
827
    }
Leigh B. Stoller's avatar
Leigh B. Stoller committed
828 829 830
    if (!$owner->IsLocal() && defined($keys)) {
	$owner->Modify(undef, undef, $keys);
    }
831

832
    my $experiment = GeniExperiment($slice);
833 834 835 836
    if (!defined($experiment)) {
	return GeniResponse->Create(GENIRESPONSE_ERROR, undef,
				    "No local experiment for slice");
    }
837
    print STDERR Dumper($rspec);
838 839 840 841 842 843 844

    #
    # Figure out what nodes to allocate or free. 
    #
    my %nodelist = ();
    my %linklist = ();
    my %toalloc  = ();
845
    my @allocated= ();
846 847 848
    my @tofree   = ();
    my $pid      = $experiment->pid();
    my $eid      = $experiment->eid();
849
    my $needplabslice = 0;
850
    my $didfwsetup = 0;
851 852 853 854 855

    #
    # Find current nodes and record their uuids. 
    #
    if (defined($object)) {
Leigh B. Stoller's avatar
Leigh B. Stoller committed
856
	if ($object->type() ne "Aggregate") {
857 858 859 860 861 862 863 864 865
	    return GeniResponse->Create(GENIRESPONSE_UNSUPPORTED, undef,
					"Only node aggregates allowed");
	}
	my @slivers;
	if ($object->SliverList(\@slivers) != 0) {
	    return GeniResponse->Create(GENIRESPONSE_ERROR, undef);
	}
	foreach my $s (@slivers) {
	    if (ref($s) eq "GeniSliver::Node") {
866
		$nodelist{$s->uuid()} = $s;
867
	    }
Leigh B. Stoller's avatar
Leigh B. Stoller committed
868 869
	    elsif (ref($s) eq "GeniAggregate::Link" ||
		   ref($s) eq "GeniAggregate::Tunnel") {
870 871 872 873 874 875 876 877 878
		$linklist{$s->uuid()} = $s;
	    }
	    else {
		return GeniResponse->Create(GENIRESPONSE_UNSUPPORTED, undef,
					    "Only nodes or links allowed");
	    }
	}
    }

Leigh B. Stoller's avatar
Leigh B. Stoller committed
879 880 881 882 883 884 885 886 887 888 889 890 891 892 893 894 895 896 897 898 899 900 901 902 903 904 905 906 907 908 909
    #
    # Figure out new expiration time; this is the time at which we can
    # idleswap the slice out. 
    #
    if (exists($rspec->{'valid_until'})) {
	my $expires = $rspec->{'valid_until'};

	if (! ($expires =~ /^[-\w:.\/]+/)) {
	    return GeniResponse->Create(GENIRESPONSE_BADARGS, undef,
					"Illegal valid_until in rspec");
	}
	# Convert to a localtime.
	my $when = timegm(strptime($expires));
	if (!defined($when)) {
	    return GeniResponse->Create(GENIRESPONSE_BADARGS, undef,
					"Could not parse valid_until");
	}
	#
	# No more then 24 hours out ... Needs to be a sitevar?
	#
	my $diff = $when - time();
	if ($diff < (60 * 15) || $diff > (3600 * 24)) {
	    return GeniResponse->Create(GENIRESPONSE_BADARGS, undef,
					"valid_until out of range");
	}
	if ($slice->SetExpiration($when) != 0) {
	    return GeniResponse->Create(GENIRESPONSE_ERROR, undef,
					"Could not set expiration time");
	}
    }

910 911 912 913 914 915 916 917 918 919 920
    #
    # Figure out what nodes need to be allocated.
    #
    foreach my $ref (@{$rspec->{'node'}}) {
	my $resource_uuid = $ref->{'uuid'};
	my $node = Node->Lookup($resource_uuid);
	if (!defined($node)) {
	    return GeniResponse->Create(GENIRESPONSE_BADARGS, undef,
					"Bad resource_uuid $resource_uuid");
	}

921 922 923 924 925 926 927 928 929 930 931 932 933
	#
	# Widearea nodes do not need to be allocated, but for now all
	# I allow is a plabdslice node.
	#
	if ($node->isremotenode()) {
	    if (! $node->isplabphysnode()) {
		return GeniResponse->Create(GENIRESPONSE_BADARGS, undef,
					    "Only plab widearea nodes");
	    }
	    $needplabslice = 1;
	    next;
	}

934 935 936 937 938 939 940 941 942 943 944 945 946 947 948 949 950 951 952 953 954 955 956 957 958 959 960 961 962 963 964 965 966 967 968 969 970 971 972 973 974 975 976 977 978 979 980 981 982 983 984
	#
	# See if the node is already reserved. 
	#
	my $reservation = $node->Reservation();
	if (defined($reservation)) {
	    # Reserved during previous operation on the sliver.
	    next
		if ($reservation->SameExperiment($experiment));
	    
	    return GeniResponse->Create(GENIRESPONSE_UNAVAILABLE, undef,
				"$resource_uuid ($node) is not available");
	}
	#
	# Sanity check on the list of already allocated nodes.
	#
	foreach my $s (values(%nodelist)) {
	    if ($resource_uuid eq $s->resource_uuid()) {
		print STDERR
		    "$resource_uuid is not supposed to be allocated\n";
		return GeniResponse->Create(GENIRESPONSE_ERROR, undef);
	    }
	}
	$toalloc{$resource_uuid} = $node->node_id();
    }

    #
    # What nodes need to be released?
    #
    foreach my $s (values(%nodelist)) {
	my $node_uuid = $s->resource_uuid();
	my $node      = Node->Lookup($node_uuid);
	my $needfree  = 1;
	
	foreach my $ref (@{$rspec->{'node'}}) {
	    my $resource_uuid = $ref->{'uuid'};
	    if ($node_uuid eq $resource_uuid) {
		$needfree = 0;
		last;
	    }
	}
	if ($needfree) {
	    #
	    # Not yet.
	    #
	    my @dlist;
	    if ($s->DependentSlivers(\@dlist) != 0) {
		return GeniResponse->Create(GENIRESPONSE_ERROR, undef,
					    "Could not get DependentSlivers");
	    }
	    if (@dlist) {
		return GeniResponse->Create(GENIRESPONSE_REFUSED, undef,
985
				    "Must tear down dependent slivers first");
986 987 988 989 990
	    }
	    push(@tofree, $s);
	}
    }

Leigh B. Stoller's avatar
Leigh B. Stoller committed
991 992 993 994 995 996
    #
    # Create an emulab nonlocal user for tmcd.
    #
    $owner->BindToSlice($slice) == 0
	or return GeniResponse->Create(GENIRESPONSE_ERROR, undef,
				       "Error binding user to slice");
997

998

Leigh B. Stoller's avatar
Leigh B. Stoller committed
999
    # Bind the other users too.
Leigh B. Stoller's avatar
Leigh B. Stoller committed
1000 1001 1002
    # XXX Need to figure out where these come from.
    my @userbindings = ();

Leigh B. Stoller's avatar
Leigh B. Stoller committed
1003 1004
    foreach my $otheruuid (@userbindings) {
	my $otheruser = GeniUser->Lookup($otheruuid);
1005
	if (!defined($otheruser)) {
1006
	    $otheruser = CreateUserFromCertificate($otheruuid);
1007 1008 1009 1010 1011
	    if (!defined($otheruser)) {
		print STDERR "No user $otheruser, cannot bind to slice\n";
		next;
	    }
	}
Leigh B. Stoller's avatar
Leigh B. Stoller committed
1012
	if ($otheruser->BindToSlice($slice) != 0) {
Leigh B. Stoller's avatar
Leigh B. Stoller committed
1013 1014 1015 1016
	    print STDERR "Could not bind $otheruser to $slice\n";
	}
    }

Leigh B. Stoller's avatar
Leigh B. Stoller committed
1017
    #
Leigh B. Stoller's avatar
Leigh B. Stoller committed
1018
    # We are actually an Aggregate, so return an aggregate of slivers,
1019
    # even if there is just one node. This makes sliceupdate easier.
Leigh B. Stoller's avatar
Leigh B. Stoller committed
1020
    #
1021 1022 1023 1024
    if (defined($object)) {
	$aggregate = $object;
    }
    else {
1025 1026 1027 1028 1029 1030 1031
	#
	# Form the hrn from the slicename.
	#
	my $hrn = "${OURDOMAIN}." . $slice->slicename();
	
	$aggregate = GeniAggregate->Create($slice, $owner, "Aggregate",
					   $hrn, $slice->hrn());
1032 1033
	if (!defined($aggregate)) {
	    return GeniResponse->Create(GENIRESPONSE_ERROR, undef,
1034 1035 1036 1037 1038 1039 1040 1041 1042 1043 1044 1045 1046
				"Could not create GeniAggregate object");
	}
    }

    # Nalloc might fail if the node gets picked up by someone else.
    if (values(%toalloc) && !$impotent) {
	my @list = values(%toalloc);
	system("$NALLOC $pid $eid @list");
	if ($?) {
	    # Nothing to deallocate if this fails.
	    %toalloc = undef;
	    $message = "Allocation failure";
	    goto bad;
1047
	}
Leigh B. Stoller's avatar
Leigh B. Stoller committed
1048
    }
Leigh B. Stoller's avatar
Leigh B. Stoller committed
1049

1050 1051 1052 1053 1054 1055 1056
    #
    # We need to tear down links that are no longer in the rspec or
    # have changed.
    #
    foreach my $s (values(%linklist)) {
	if (! exists($rspec->{'link'}->{$s->hrn()})) {
	    $s->UnProvision();
1057
	    $s->Delete(0);
1058 1059
	    next;
	}
1060

1061 1062 1063 1064 1065 1066 1067 1068 1069 1070 1071
	my $delete     = 0;
	my @interfaces = ();
	if ($s->SliverList(\@interfaces) != 0) {
	    $message = "Failed to get sliverlist for $s";
	    goto bad;
	}
	foreach my $i (@interfaces) {
	    my $node_uuid   = $i->resource_uuid();
	    my $iface_name  = $i->rspec()->{'iface_name'};

	    my $linkendpoints =
Leigh B. Stoller's avatar
Leigh B. Stoller committed
1072
		$rspec->{'link'}->{$s->hrn()}->{'linkendpoints'};
1073 1074 1075
	}
    }
    
Leigh B. Stoller's avatar
Leigh B. Stoller committed
1076
    #
Leigh B. Stoller's avatar
Leigh B. Stoller committed
1077 1078
    # Now for each resource (okay, node) in the ticket create a sliver and
    # add it to the aggregate.
Leigh B. Stoller's avatar
Leigh B. Stoller committed
1079
    #
Leigh B. Stoller's avatar
Leigh B. Stoller committed
1080 1081
    my %slivers   = ();
    my @plabnodes = ();
1082
    foreach my $ref (@{$rspec->{'node'}}) {
1083
	my $resource_uuid = $ref->{'uuid'};
1084 1085
	my $sliver_uuid   = $ref->{'sliver_uuid'};
	
1086 1087
	# Already in the aggregate?
	next
1088
	    if (grep {$_ eq $sliver_uuid} keys(%nodelist));
1089
	
1090 1091 1092
	my $node = Node->Lookup($resource_uuid);
	if (!defined($node)) {
	    $message = "Unknown resource_uuid in ticket: $resource_uuid";
Leigh B. Stoller's avatar
Leigh B. Stoller committed
1093 1094
	    goto bad;
	}
Leigh B. Stoller's avatar
Leigh B. Stoller committed
1095
	my $sliver = GeniSliver::Node->Create($slice,
1096
					      $owner,
Leigh B. Stoller's avatar
Leigh B. Stoller committed
1097
					      $resource_uuid,
1098
					      $sliver_uuid,
Leigh B. Stoller's avatar
Leigh B. Stoller committed
1099
					      $ref);
Leigh B. Stoller's avatar
Leigh B. Stoller committed
1100 1101 1102 1103
	if (!defined($sliver)) {
	    $message = "Could not create GeniSliver object for $resource_uuid";
	    goto bad;
	}
1104
	$slivers{$sliver_uuid} = $sliver;
1105 1106 1107 1108 1109 1110 1111

	#
	# Remove this from %toalloc; if there is an error, the slivers are
	# deleted and the node released there. We only delete nodes that
	# have not turned into slivers yet. Ick.
	#
	delete($toalloc{$resource_uuid});
Leigh B. Stoller's avatar
Leigh B. Stoller committed
1112

1113
	# Used below.
1114 1115 1116 1117 1118 1119 1120 1121
	push(@allocated, $node)
	    if (! grep {$_->node_id() eq $node->node_id()} @allocated);

	# Add to the aggregate.
	if ($sliver->SetAggregate($aggregate) != 0) {
	    $message = "Could not set aggregate for $sliver to $aggregate";
	    goto bad;
	}
1122

Leigh B. Stoller's avatar
Leigh B. Stoller committed
1123 1124 1125 1126 1127 1128 1129 1130 1131
	# See below; setup all pnodes at once.
	if ($node->isremotenode()) {
	    my $vnode = Node->Lookup($sliver->uuid());
	    if (!defined($vnode)) {
		print STDERR "Could not locate vnode $sliver\n";
		goto bad;
	    }
	    push(@plabnodes, $vnode);
	}
Leigh B. Stoller's avatar
Leigh B. Stoller committed
1132
    }
Leigh B. Stoller's avatar
Leigh B. Stoller committed
1133

1134 1135 1136 1137 1138
    #
    # Now do the links. For each link, we have to add a sliver for the
    # interfaces, and then combine those two interfaces into an aggregate,
    # and then that aggregate goes into the aggregate for toplevel sliver.
    #
1139 1140 1141
    goto skiplinks
	if (!exists($rspec->{'link'}));
    
1142
    foreach my $linkname (keys(%{$rspec->{'link'}})) {
1143 1144 1145 1146 1147
	my @linkslivers  = ();
	if (! ($linkname =~ /^[-\w]*$/)) {
	    $message = "Bad name for link: $linkname";
	    goto bad;
	}
Leigh B. Stoller's avatar
Leigh B. Stoller committed
1148 1149 1150 1151 1152 1153 1154 1155 1156 1157
	my $linkref = $rspec->{'link'}->{$linkname};

	#
	# XXX Tunnels are a total kludge right now ...
	#
	if (exists($linkref