createdataset.in 17.1 KB
Newer Older
1
2
#!/usr/bin/perl -w
#
3
# Copyright (c) 2013-2016 University of Utah and the Flux Group.
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
# 
# {{{EMULAB-LICENSE
# 
# This file is part of the Emulab network testbed software.
# 
# This file is free software: you can redistribute it and/or modify it
# under the terms of the GNU Affero General Public License as published by
# the Free Software Foundation, either version 3 of the License, or (at
# your option) any later version.
# 
# This file is distributed in the hope that it will be useful, but WITHOUT
# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
# FITNESS FOR A PARTICULAR PURPOSE.  See the GNU Affero General Public
# License for more details.
# 
# You should have received a copy of the GNU Affero General Public License
# along with this file.  If not, see <http://www.gnu.org/licenses/>.
# 
# }}}
#
use strict;
use English;
use Getopt::Std;
use Date::Parse;
28
29
use File::Temp qw(tempfile);
use CGI;
30
31
32
33
34
35

#
# Create a new dataset.
#
sub usage()
{
36
    print STDERR "Usage: createdataset [-hdU] [-o uid] [-a attrs] [-t type] [-f fstype] [-e expiration] -s size name\n";
37
    print STDERR "Create a persistent dataset. Options:\n";
38
39
40
    print STDERR "   -h        This message\n";
    print STDERR "   -d        Print additional debug info\n";
    print STDERR "   -U        Create but do not approve; admin will need to approve later\n";
41
    print STDERR "   -C        Always create, approve when there is no reason not to\n";
42
43
44
45
46
47
    print STDERR "   -s size   Size in MiB\n";
    print STDERR "   -t type   Type ('stdataset' or 'ltdataset')\n";
    print STDERR "   -f fstype Type of filesystem to create on dataset (default is none)\n";
    print STDERR "   -o uid    Owner (defaults to caller)\n";
    print STDERR "   -e date   Expiration date (or 'never')\n";
    print STDERR "   -a attrs  comma-seperated string of key=value attributes\n";
48
    print STDERR "   -b        Allocate resources in the background\n";
49
50
51
52
53
54
    print STDERR "   name      Name (in the form <pid>/<id> or <pid>/<gid>/<id>)\n";
    print STDERR "\n";
    print STDERR "Usage: createdataset -t imdataset [-I node,bsname] name\n";
    print STDERR "Create a dataset image. Options:\n";
    print STDERR "   -I node,bsname Take an immediate snapshot of a local blockstore on a node to populate the image.\n";
    print STDERR "   name           Name (in the form <pid>/<id> or <pid>/<gid>/<id>)\n";
55
56
    exit(-1);
}
57
my $optlist  = "dhUo:s:t:e:a:f:bCR:W:I:";
58
my $debug = 0;
59
my $background = 0;
60
my $pid;
61
my $gid;
62
63
my $uid;
my $expire;
64
my $dstype = "stdataset";
65
66
my $lname;
my $size;
67
my $fstype = "";
68
my $approveme = 1;
69
my $alwayscreate = 0;
70
71
my $attrstr = "";
my %attrs = ();
72
73
my $read_access;
my $write_access;
74

75
my $qprefix = "global_";
76
77
78
79
80
my $quota;

# Valid dataset types
my %descrip = (
    "stdataset" => "short-term dataset",
81
82
    "ltdataset" => "long-term dataset",
    "imdataset" => "Image backed dataset",
83
84
85
86
);

# Protos
sub fatal($);
87
sub HandleIMDataset();
88
89
90
91
92

#
# Configure variables
#
my $TB		 = "@prefix@";
93
94
my $TBOPS        = "@TBOPSEMAIL@";
my $TBBASE  	 = "@TBBASE@";
95
96
97
98
my $TBGROUP_DIR  = "@GROUPSROOT_DIR@";
my $TBPROJ_DIR	 = "@PROJROOT_DIR@";
my $NEWIMAGEEZ   = "$TB/bin/newimageid_ez";
my $CREATEIMAGE  = "$TB/bin/create_image";
99
100
101
102
103

#
# Testbed Support libraries
#
use lib "@prefix@/lib";
104
use EmulabConstants;
105
use libtestbed;
106
use emutil;
107
108
109
110
use libdb;
use Quota;
use Lease;
use Project;
111
use Group;
112
use User;
113
114
use Image;
use Node;
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139

#
# Turn off line buffering on output
#
$| = 1;

#
# Untaint the path
# 
$ENV{'PATH'} = "/bin:/sbin:/usr/bin:";

#
# Parse command arguments. Once we return from getopts, all that should be
# left are the required arguments.
#
my %options = ();
if (! getopts($optlist, \%options)) {
    usage();
}
if (defined($options{h})) {
    usage();
}
if (defined($options{d})) {
    $debug++;
}
140
141
142
if (defined($options{b})) {
    $background++;
}
143
144
145
if (defined($options{C})) {
    $alwayscreate = 1;
}
146
147
148
149
150
151
152
153
154
if (defined($options{U})) {
    $approveme = 0;
}
if (defined($options{o})) {
    $uid = $options{o};
}
if (defined($options{s})) {
    if ($options{s} =~ /^(\d+)$/) {
	$size = $1;
155
156
157
158
159
160
161
162
    }
    elsif ($options{s} =~ /^(\d+)(\w+)$/) {
	$size = Blockstore::ConvertToMebi($options{s});
	if ($size < 0) {
	    fatal("Could not parse size.");
	}
    }
    else {
163
164
165
166
167
168
	fatal("Could not parse size.");
    }
}
if (defined($options{t})) {
    $dstype = $options{t};
}
169
170
if (defined($options{f})) {
    $fstype = $options{f};
171
172
    if ($fstype !~ /^(ext2|ext3|ext4|ufs|ufs2)$/) {
	fatal("FS type must be one of ext2, ext3, ext4, ufs, or ufs2");
173
    }
174
175
176
    # XXX ufs means ufs2, but we use ufs as the canonical token
    $fstype = "ufs"
	if ($fstype eq "ufs2");
177
}
178
if (defined($options{e})) {
179
180
181
182
183
184
185
    if ($options{e} eq "never") {
	$expire = 0;
    } else {
	$expire = str2time($options{e});
	if (!defined($expire)) {
	    fatal("Could not parse expiration date.");
	}
186
187
188
189
190
    }
}
if (defined($options{a})) {
    $attrstr = $options{a};
}
191
192
193
194
195
196
197
198
199
200
201
202
203
204
if (defined($options{"R"})) {
    $read_access = $options{"R"};
    if (! ($read_access eq "project" || $read_access eq "global")) {
	print STDERR "Illegal read access setting\n";
	usage();
    }
}
if (defined($options{"W"})) {
    $write_access = $options{"W"};
    if (! ($write_access eq "creator" || $write_access eq "project")) {
	print STDERR "Illegal write access setting\n";
	usage();
    }
}
205

206
207
208
209
210
211
if (@ARGV != 1) {
    print STDERR "Must specify dataset name\n";
    usage();
}
if ($dstype ne "imdataset" && !$size) {
    print STDERR "Must specify dataset size\n";
212
213
214
215
216
217
    usage();
}

# name must include a project
$lname = $ARGV[0];
if ($lname =~ /^([-\w]+)\/([-\w]+)$/) {
218
    $pid   = $gid = $1;
219
    $lname = $2;
220
221
222
223
224
225
226
}
elsif ($lname =~ /^([-\w]+)\/([-\w]+)\/([-\w]+)$/) {
    $pid   = $1;
    $gid   = $2;
    $lname = $3;
}
else {
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
    fatal("Dataset name $lname not in the form <pid>/<lname>.");
}

my $this_user = User->ThisUser();
if (! defined($this_user)) {
    fatal("You ($UID) do not exist!");
}

#
# Check owner: caller must be admin or be the specified user.
#
my $user;
if ($uid) {
    $user = User->Lookup($uid);
    if (TBAdmin()) {
	if (!defined($user)) {
Mike Hibler's avatar
Mike Hibler committed
243
	    fatal("No such user $uid");
244
245
246
247
248
249
250
251
252
253
254
255
256
257
	}
    } else {
	if (!$user || !$user->SameUser($this_user)) {
	    fatal("Must be admin to act on behalf of uid $uid");
	}
    }
} else {
    $user = $this_user;
    $uid = $this_user->uid();
}

#
# Check project: caller must be admin or have local_root access in the project.
#
258
259
260
my $group = Group->Lookup($pid, $gid);
if (!defined($group)) {
    fatal("No such group $pid/$gid");
261
}
262
my $project = $group->GetProject();
263
if (!TBAdmin() &&
Mike Hibler's avatar
Mike Hibler committed
264
    !$project->AccessCheck($this_user, TB_PROJECT_CREATELEASE())) {
265
    fatal("Must have local_root privileges in $pid");
266
267
268
269
270
271
272
273
274
275
276
277
278
}

#
# Check type: currently only two defined.
#
if (!exists($descrip{$dstype})) {
    print STDERR "Invalid dataset type $dstype, should be one of:\n";
    foreach my $l (keys %descrip) {
	print STDERR "'$l': ", $descrip{$l}, "\n";
    }
    exit(1);
}

279
280
281
282
283
284
285
#
# IM dataset handled differently
#
if ($dstype eq "imdataset") {
    exit(HandleIMDataset());
}

286
#
287
288
289
290
291
292
293
294
295
296
297
298
299
# Fetch default values for the lease type. We use:
#
# maxsize	Max size (MiB) of a dataset
#		(0 == unlimited)
# maxlease	Max time (days) from creation before lease is marked expired
#		(0 == unlimited)
# usequotas	If non-zero, enforce per-project dataset quotas
#
my $vars = Lease->SiteVars($dstype);

#
# Check size: size must be > 0 and the size must be less than site limit
# (if there is one).
300
301
302
303
#
if ($size <= 0) {
    fatal("Size must be greater than zero.");
}
304
if ($approveme && $vars->{"maxsize"} > 0 && $size > $vars->{"maxsize"}) {
305
306
    print STDERR
	"Requested size ($size) is larger than allowed by default (" .
307
	$vars->{"maxsize"} . ").\n";
308
    print STDERR
309
310
	"Try again with '-U' option and request special approval by testbed-ops.\n"
	if (!$alwayscreate);
311
312
313
314
315
    exit(1);
}

#
# Check expiration: must be in the future and within the site-specific
316
317
# max lengths. Note that an expire value of zero means "unlimited".
# If the user did not specify a value, we use the system max value.
318
319
#
my $now = time();
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
my $needapproval = 0;
if (!defined($expire)) {
    # no user specified expiration, use default max (which may be unlimited)
    if ($vars->{"maxlease"} > 0) {
	$expire = $now + $vars->{"maxlease"};
    } else {
	$expire = 0;
    }
} elsif ($expire == 0) {
    # user specified unlimited, requires approval unless max is also unlimited
    if ($vars->{"maxlease"} > 0) {
	if ($approveme) {
	    print STDERR "Unlimited expiration not allowed by default.\n";
	    $needapproval = 1;
	}
    }
} else {
    # user specified a date
    if ($expire < $now) {
	fatal("Expiration date is in the past!");
    }
    if ($approveme && ($expire - $now) > $vars->{"maxlease"}) {
	my $mdate = localtime($now + $vars->{"maxlease"});
	my $rdate = localtime($expire);
	print STDERR "Expiration is beyond the maximum allowed by default ".
	    "($rdate > $mdate).\n";
	$needapproval = 1;
    }
348
}
349
if ($needapproval && !$alwayscreate) {
350
    print STDERR
351
	"Try again with '-U' to request special approval by testbed-ops.\n";
352
353
354
355
356
357
358
359
    exit(1);
}

#
# Check attributes: right now, must just be a well-formed string.
#
foreach my $kv (split(',', $attrstr)) {
    if ($kv =~ /^([-\w]+)=([-\w\.\+\/:]+)$/) {
360
361
362
	# XXX filter out any attributes with explicit options,
	# we will re-add those at the end.
	if ($1 eq "size" || $1 eq "fstype") {
363
364
365
366
367
368
369
370
	    next;
	}
	$attrs{$1} = $2;
    } else {
	fatal("Malformed attribute string '$attrstr'.");
    }
}
$attrs{'size'} = $size;
371
372
373
if ($fstype) {
    $attrs{'fstype'} = $fstype;
}
374
375
376
377

#
# Check name: lease with this name must not already exist.
#
378
379
if (Lease->Lookup($pid, $gid, $lname)) {
    fatal("Lease $pid/$gid/$lname already exists.");
380
381
382
}

#
383
384
# Check quota: if we are enforcing one, size + all existing leases
# must be below the project limit.
385
#
386
if ($vars->{"usequotas"}) {
387
    my $qname = $qprefix . $dstype;
388
389
    $quota = Quota->Lookup($pid, $qname);
    if (!defined($quota)) {
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
	#
	# XXX Quota does not exist. See if there is a system-wide
	# default and use that if so (also, create a quota entry).
	#
	my $qval = $vars->{"default_quota"};
	if ($qval) {
	    my $qargs = {
		"quota_id" => $qname,
		"pid" => $pid,
		"type" => $dstype,
		"size" => 0,
		"notes" => "SystemDefault"
	    };
	    $quota = Quota->Create($qargs);

	    # XXX set size explicitly because of special "unlimited" value
	    if (defined($quota)) {
		my $rv;
		if ($qval == -1) {
		    $rv = $quota->SetUnlimited();
		} else {
		    $rv = $quota->SetSize($qval);
		}
		if ($rv) {
		    print STDERR "*** could not set quota size $qval\n";
		}
	    }
	}
	if (!defined($quota)) {
	    fatal("No $qname quota associated with $pid.");
	}
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
    }

    #
    # Lock the quota object while we are performing the check.
    #
    # This is the convention we used to atomically access quotas.
    # Blockstores that count against the quota should not come or go
    # while the lock is held, nor should the quota change.
    #
    if ($quota->Lock()) {
	fatal("Could not lock $pid quota object, try later.");
    }

    #
    # Unless they have an unlimited quota, add up all the existing
    # ltdataset datasets to see if the new one will put them over quota.
    #
    if (!$quota->IsUnlimited()) {
	my $qsize = $quota->size();
	my $allocated = 0;

	my @datasets = Lease->AllProjectLeases($pid, $dstype);
	foreach my $dataset (@datasets) {
	    my $lsize = $dataset->GetAttribute("size");
	    fatal("ltdataset dataset $dataset has no size!?")
		if (!defined($lsize));
	    $allocated += $lsize;
	}
	if ($allocated + $size > $qsize) {
	    fatal("Allocation of $size would put $pid over quota ($qsize).");
	}
    }
}

my $args = {
    "lease_id" => $lname,
457
458
    "pid" => $pid,
    "gid" => $gid,
459
460
461
462
463
464
465
    "uid" => $user,
    "type" => $dstype,
    "lease_end" => $expire,
    "state" => "unapproved"
};
my $lease = Lease->Create($args, \%attrs);
if (!$lease) {
466
    fatal("Could not create dataset lease $lname in $pid/$gid.");
467
}
468
469
my $lease_idx  = $lease->lease_idx();
my $lease_uuid = $lease->uuid();
470
471
472
473
474
475
476

# No longer need to hold the quota lock
if (defined($quota)) {
    $quota->Unlock();
    $quota = undef;
}

477
478
479
480
481
482
483
484
485
486
487
488
# Deal with permissions that come in from the Geni interface.
if (defined($read_access)) {
    if ($read_access eq "global") {
	$lease->GrantAccess(GLOBAL_PERM_ANON_RO(), 0);
    }
}
if (defined($write_access)) {
    if ($write_access eq "project") {
	$lease->GrantAccess($project, 1);
    }
}

Mike Hibler's avatar
Mike Hibler committed
489
490
491
492
#
# Approve the lease unless otherwise told not to.
# This can take a long time so we lock it to avoid races with others.
#
493
if ($approveme) {
494
    my $logname;
495
496
497
498
499
500
501
502
503

    # We want to have the lock before going into the background, so that
    # the caller knows right away.
    if ($lease->Lock()) {
	print STDERR
	    "WARNING: could not lock new lease, contact testbed-ops.\n";
	$approveme = 0;
	goto noapprove;
    }
504
505
506
507
508
509
510
511
    
    if ($background) {
	print "Resource allocation proceeding the background ...\n";
	
	$logname = TBMakeLogname("createdataset");
	if (my $childpid = TBBackGround($logname)) {
	    exit(0);
	}
512
513
	# We want the lock in the child.
	$lease->TakeLock();
514
515
516
	# Let parent exit;
	sleep(2);
    }
517
518
    if ($lease->AllocResources("valid")) {
	print STDERR "WARNING: could not allocate resources, contact testbed-ops.\n";
Mike Hibler's avatar
Mike Hibler committed
519
	$approveme = 0;
520
521
522
523
524
525

	#
	# Need to notify on error, if ran in the background.
	#
	if ($background) {
	    SENDMAIL($TBOPS, "Lease allocation failed!",
526
527
528
	     "Background resource allocation for Lease '$pid/$gid/$lname' ".
	     "failed!\n\n",
	     $TBOPS, undef, $logname);
529
	}
530
    }
531
    $lease->Unlock();
532

533
534
535
536
537
538
539
540
    if ($background) {
	$project->SendEmail($user->email(),
			"Your dataset is now ready to use",
			"Dataset '$lname' is now allocated and ready to use.\n",
			$project->OpsEmailAddress());
	exit(0);
    }
  noapprove:
541
}
542
    
543
print "Created lease '$pid/$gid/$lname' for " . $descrip{$dstype};
544
545
546
547
548
if ($expire == 0) {
    print ", never expires.\n";
} else {
    print ", expires on " . localtime($expire) . ".\n";
}
549
if (!$approveme) {
550
551
552
    # Note that the lease daemon sends out periodic email about
    # unapproved leases.
    SENDMAIL($TBOPS, "Lease approval required",
553
554
	     "Lease '$pid/$gid/$lname' requires approval. You can view it at\n".
	     "$TBBASE/show-dataset.php?uuid=$lease_uuid\n\n");
555
556
557
558
559
    print "NOTE: lease must still be approved before it can be used\n";
}

exit(0);

560
561
562
563
564
565
566
567
#
# Image backed datasets. Basically create an image and optionally take
# a snapshot from the BSname.
#
sub HandleIMDataset()
{
    my $global = (defined($read_access) && $read_access eq "global" ? 1 : 0);
    my $path   = ($pid eq $gid || $global ?
Leigh B Stoller's avatar
Leigh B Stoller committed
568
		  "$TBPROJ_DIR/$pid/images/${lname}/" :
Mike Hibler's avatar
Mike Hibler committed
569
		  "$TBGROUP_DIR/$pid/$gid/images/${lname}/");
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647

    #
    # See if we are going to take a snapshot right away, and verify the
    # node and bsname.
    #
    my ($nodeid,$bsname);
    if (defined($options{"I"})) {
	($nodeid,$bsname) = split(",", $options{"I"});
	if (!defined($bsname)) {
	    fatal("Improper -I option");
	}
	my $node = Node->Lookup($nodeid);
	if (!defined($node)) {
	    fatal("No such node: $nodeid");
	}
	my $experiment = $node->Reservation();
	if (!defined($experiment) ||
	    $experiment->pid() ne $pid) {
	    fatal("Node not reserved to an experiment in the same ".
		  "project as the dataset");
	}
	if (!$node->AccessCheck($user, TB_NODEACCESS_LOADIMAGE())) {
	    fatal("Not enough permission to create dataset from $nodeid");
	}
	my $blockstore = $experiment->LookupBlockstore($bsname);
	if (!defined($blockstore)) {
	    fatal("No such blockstore: $bsname");
	}
	if ($node->vname() ne $blockstore->fixed()) {
	    fatal("Blockstore $bsname is not on node $nodeid");
	}
    }
	
    my %xmlfields = (
	"pid"          => $pid,
	"gid"          => $gid,
	"imagename"    => $lname,
	"description"  => "This is a dataset, DO NOT DELETE!",
	"isdataset"    => 1,
	"path"         => $path,
	"global"       => $global,
	);
    #
    # Create the XML file to pass to newimageid_ez.
    #
    my ($fh, $filename) = tempfile(UNLINK => 1);
    fatal("Could not create temporary file")
	if (!defined($fh));

    print $fh "<image>\n";
    foreach my $key (keys(%xmlfields)) {
	my $value = $xmlfields{$key};

	print $fh "<attribute name=\"$key\">";
	print $fh "<value>" . CGI::escapeHTML($value) . "</value>";
	print $fh "</attribute>\n";
    }
    print $fh "</image>\n";
    close($fh);

    my $output = emutil::ExecQuiet("$NEWIMAGEEZ -s -v $filename");
    if ($?) {
	print STDERR $output;
	my $foo = `cat $filename`;
	print STDERR $foo;
	fatal("Failed to verify image descriptor from $filename");
    }
    $output = emutil::ExecQuiet("$NEWIMAGEEZ -s $filename");
    if ($?) {
	print STDERR $output;
	my $foo = `cat $filename`;
	print STDERR $foo;
	fatal("Failed to create image descriptor");
    }
    my $image = Image->Lookup($pid, $lname);
    if (!defined($image)) {
	fatal("Cannot lookup newly created image for $lname");
    }
648
649
    # No versioning of datasets for now.
    $image->SetNoVersioning(1);
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
    if (defined($write_access)) {
	if ($write_access eq "creator") {
	    $image->GrantAccess($project, 0);
	}
    }
    if (defined($nodeid)) {
	my $output = emutil::ExecQuiet("$CREATEIMAGE ".
				       "-b $bsname -p $pid $lname $nodeid");
	if ($?) {
	    $image->Delete(1); # Delete with purge.
	    print STDERR $output;
	    fatal("Failed to create image");
	}
	print "Image is being created. This can take 15-30 minutes.\n";
    }
    return 0;
}

668
669
670
671
672
673
674
675
676
sub fatal($)
{
    my ($mesg) = $_[0];

    $quota->Unlock()
	if (defined($quota));
    die("*** $0:\n".
	"    $mesg\n");
}