Commit 0cea3c39 authored by Leigh B. Stoller's avatar Leigh B. Stoller

Checkpoint fixes made while getting initialization scripts to work

parent 359bc3a4
......@@ -36,6 +36,7 @@ my $TBAPPROVAL = "@TBAPPROVALEMAIL@";
my $TBAUDIT = "@TBAUDITEMAIL@";
my $BOSSNODE = "@BOSSNODE@";
my $OURDOMAIN = "@OURDOMAIN@";
my $PGENIDOMAIN = "@PROTOGENI_DOMAIN@";
my $SIGNCRED = "$TB/sbin/signgenicred";
my $VERIFYCRED = "$TB/sbin/verifygenicred";
......@@ -237,7 +238,7 @@ sub hrn($)
if (defined($hrn) && $hrn ne "") {
return $hrn;
}
return "emulab.aggregate_" . $self->idx();
return "${PGENIDOMAIN}.aggregate_" . $self->idx();
}
#
......@@ -596,7 +597,7 @@ sub Create($$$)
#
# Form an hrn using the slicename and linkname
#
my $hrn = "emulab." . $slice->slicename() . "." . $linkname;
my $hrn = "${PGENIDOMAIN}." . $slice->slicename() . "." . $linkname;
return GeniAggregate->Create($slice, $owner, "Link", $hrn, $linkname);
}
......@@ -755,7 +756,7 @@ sub Create($$$$$$)
#
# Form an hrn using the slicename and linkname
#
my $hrn = "emulab." . $slice->slicename() . "." . $linkname;
my $hrn = "${PGENIDOMAIN}." . $slice->slicename() . "." . $linkname;
my $aggregate = GeniAggregate->Create($slice, $owner, "Tunnel",
$hrn, $linkname);
......
......@@ -35,6 +35,7 @@ use Data::Dumper;
# Configure variables
my $TB = "@prefix@";
my $OURDOMAIN = "@OURDOMAIN@";
my $PGENIDOMAIN = "@PROTOGENI_DOMAIN@";
#
# Get a credential for an object. Ignoring the type for now. If no credential
......@@ -48,10 +49,6 @@ sub GetCredential($)
my $cred = $argref->{'credential'};
my $type = $argref->{'type'};
if (! (defined($uuid) && ($uuid =~ /^[-\w]*$/))) {
return GeniResponse->MalformedArgsResponse();
}
#
# No credential, then return a generic credential giving user permission
# to do other things.
......@@ -89,6 +86,9 @@ sub GetCredential($)
return GeniResponse->Create(GENIRESPONSE_SUCCESS,
$credential->asString());
}
if (! (defined($uuid) && ($uuid =~ /^[-\w]*$/))) {
return GeniResponse->MalformedArgsResponse();
}
my $credential = GeniCredential->CreateFromSigned($cred);
if (!defined($credential)) {
......@@ -231,7 +231,7 @@ sub Resolve($)
# XXX Form hrn from the uid and domain. This is backwards.
#
if (! ($hrn =~ /\./)) {
$hrn = "emulab.${hrn}";
$hrn = "${PGENIDOMAIN}.${hrn}";
}
$geniuser = GeniUser->Lookup($hrn, 1);
}
......@@ -269,7 +269,7 @@ sub Resolve($)
# XXX Form hrn from the uid and domain. This is backwards.
#
if (! ($hrn =~ /\./)) {
$hrn = "emulab.${hrn}";
$hrn = "${PGENIDOMAIN}.${hrn}";
}
$slice = GeniSlice->Lookup($hrn);
}
......@@ -394,7 +394,7 @@ sub Register($)
#
# XXX Form hrn from the uid and domain. This is backwards.
#
my $hrn = "emulab.${hrn}";
my $hrn = "${PGENIDOMAIN}.${hrn}";
#
# Generate a certificate (and uuid) for this new slice.
......@@ -543,7 +543,7 @@ sub Remove($)
# XXX Form hrn from the uid and domain. This is backwards.
#
if (! ($hrn =~ /\./)) {
$hrn = "emulab.${hrn}";
$hrn = "${PGENIDOMAIN}.${hrn}";
}
$slice = GeniSlice->Lookup($hrn);
}
......
......@@ -40,6 +40,7 @@ my $TBAPPROVAL = "@TBAPPROVALEMAIL@";
my $TBAUDIT = "@TBAUDITEMAIL@";
my $BOSSNODE = "@BOSSNODE@";
my $OURDOMAIN = "@OURDOMAIN@";
my $PGENIDOMAIN = "@PROTOGENI_DOMAIN@";
my $SIGNCRED = "$TB/sbin/signgenicred";
my $AVAIL = "$TB/sbin/avail";
my $NALLOC = "$TB/bin/nalloc";
......@@ -707,7 +708,7 @@ sub Create($$$$$)
return undef;
}
}
my $hrn = "emulab." . $node->node_id();
my $hrn = "${PGENIDOMAIN}." . $node->node_id();
my $nickname = $rspec->{'nickname'};
#
......@@ -743,7 +744,7 @@ sub Create($$$$$)
}
my $vnode = Node->Lookup($vnodes[0]);
$uuid = $vnode->uuid();
$hrn = "emulab." . $vnode->node_id()
$hrn = "${PGENIDOMAIN}." . $vnode->node_id()
}
return GeniSliver->Create($slice, $user_uuid, $uuid, $resource_uuid,
"Node", $hrn, $nickname, $rspec);
......@@ -1009,7 +1010,8 @@ sub Create()
$interface_uuid, $node, $rspec) = @_;
my $nickname = $rspec->{'nickname'};
my $hrn = "emulab." . $node->node_id() . "." . $rspec->{'iface_name'};
my $hrn = "${PGENIDOMAIN}." .
$node->node_id() . "." . $rspec->{'iface_name'};
return GeniSliver->Create($slice, $user_uuid, $interface_uuid,
$node->uuid(), "Interface",
......
......@@ -498,6 +498,8 @@ use GeniUser;
use GeniCertificate;
use overload ('""' => 'Stringify');
my $PGENIDOMAIN = "@PROTOGENI_DOMAIN@";
#
# Create a wrapper, with the same access names.
#
......@@ -529,7 +531,7 @@ sub email($) { return $_[0]->{'USER'}->email(); }
sub GetSSHKeys($$) { return $_[0]->{'USER'}->GetSSHKeys($_[1]); }
# Need to construct this since not in User structure.
sub hrn($) { return "emulab." . $_[0]->uid(); }
sub hrn($) { return "${PGENIDOMAIN}." . $_[0]->uid(); }
# And this is in another structure.
sub cert($) { return $_[0]->{'CERT'}->cert(); }
......
......@@ -41,6 +41,7 @@ my $MKCERTS = "$TB/sbin/protogeni/createcerts";
my $ADDAUTHORITY = "$TB/sbin/protogeni/addauthority";
my $GETCACERTS = "$TB/sbin/protogeni/getcacerts";
my $MKSYSCERT = "$TB/sbin/mksyscert";
my $MKUSERCERT = "$TB/sbin/mkusercert";
my $WAP = "$TB/sbin/withadminprivs";
my $SACERT = "$TB/etc/genisa.pem";
my $CMCERT = "$TB/etc/genicm.pem";
......@@ -67,6 +68,7 @@ $| = 1;
# Load the Testbed support stuff.
use lib "@prefix@/lib";
use libtestbed;
use User;
use Project;
......@@ -176,6 +178,7 @@ if (!defined($geniuser)) {
fatal("Need to do an install")
if (! -e "$TB/etc/protogeni/geniuser.xml");
print "Creating Geni pseudo user ...\n";
system("$SUDO -u $PROTOUSER $WAP $NEWUSER $TB/etc/protogeni/geniuser.xml");
fatal("Could not create geni user")
if ($?);
......@@ -184,6 +187,12 @@ if (!defined($geniuser)) {
fatal("Could not verify geni user")
if ($?);
# Create an encrypted certificate for the test scripts.
my $passwd = substr(TBGenSecretKey(), 0, 10);
system("$SUDO -u $PROTOUSER $WAP $MKUSERCERT -p '$passwd' $geniuserid");
fatal("Could not create encrypted certificate for geni user")
if ($?);
$geniuser = User->Lookup($geniuserid);
fatal("Could not lookup $geniuserid")
if (!defined($geniuser));
......@@ -193,6 +202,7 @@ if (!defined($geniproj)) {
fatal("Need to do an install")
if (! -e "$TB/etc/protogeni/geniproj.xml");
print "Creating Geni slices project ...\n";
system("$SUDO -u $PROTOUSER $WAP $NEWPROJ $TB/etc/protogeni/geniproj.xml");
fatal("Could not create geni project")
if ($?);
......@@ -211,6 +221,7 @@ $geniproj->Refresh();
#
# Databases.
#
print "Creating Databases ...\n";
foreach my $dbname ("geni", "geni-ch", "geni-cm") {
if (system("$MYSQLSHOW $dbname >/dev/null 2>/dev/null")) {
system("$MYSQLADMIN create $dbname") == 0
......@@ -238,17 +249,20 @@ if (! -e "$TB/lib/ssl/syscert.cnf") {
exit(1);
}
if (! -e $CMCERT) {
print "Creating CM certificate ...\n";
system("$SUDO -u $PROTOUSER $MKSYSCERT -o $CMCERT ".
" -u $TBBASE/protogeni/xmlrpc/cm $PGENIDOMAIN.cm") == 0
or fatal("Could not generate $CMCERT");
}
if (! -e $SACERT) {
print "Creating SA certificate ...\n";
system("$SUDO -u $PROTOUSER $MKSYSCERT -o $SACERT ".
" -u $TBBASE/protogeni/xmlrpc/sa $PGENIDOMAIN.sa") == 0
or fatal("Could not generate $SACERT");
}
if ($asch) {
if (! -e $CHCERT) {
print "Creating CH certificate ...\n";
system("$SUDO -u $PROTOUSER $MKSYSCERT -o $CHCERT ".
" -u $TBBASE/protogeni/xmlrpc/ch $PGENIDOMAIN.ch") == 0
or fatal("Could not generate $CHCERT");
......@@ -277,6 +291,7 @@ else {
#
# Grab the CH certificate from Utah. Only one for now.
#
print "Fetching clearinghouse certificate from Utah ...\n";
system("$FETCH -q -o $CHCERT http://boss.emulab.net/genich.pem") == 0
or fatal("Could not fetch clearinghouse certificate from Utah");
}
......@@ -297,6 +312,7 @@ if (!defined($context)) {
# Note that we had to send the clearinghouse $TB/etc/emulab.pem so they
# know about this new site. That is sent out of band (email).
#
print "Getting credential to talk to clearinghouse ...\n";
my $credential = GeniRegistry::ClearingHouse->GetCredential($context);
if (!defined($credential)) {
fatal("Could not get credential to talk to clearinghouse");
......@@ -308,7 +324,15 @@ if (!defined($clearinghouse)) {
}
#
# Register our certs.
# Add certs to the local SA database.
#
system("$ADDAUTHORITY $SACERT sa") == 0
or fatal("Could not add SA certificate");
system("$ADDAUTHORITY $CMCERT cm") == 0
or fatal("Could not add CM certificate");
#
# Register our certs at the clearinghouse.
#
print "Registering SA cert at the clearinghouse.\n";
if ($clearinghouse->Register("SA", $certificate->cert())) {
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment