Commit 39956369 authored by Leigh B Stoller's avatar Leigh B Stoller

Checkpoint SFA support. Not fully working. Also some cleanup

to the GeniRegistry file; move the slice part back into GeniSlice
where it belongs.
parent 5b9b03a7
This diff is collapsed.
...@@ -66,9 +66,8 @@ sub Lookup($$) ...@@ -66,9 +66,8 @@ sub Lookup($$)
$uuid = $token; $uuid = $token;
} }
elsif ($token =~ /^P([\w]+)$/) { elsif ($token =~ /^P([\w]+)$/) {
# Only SAs are looked up this way. print STDERR "Deprecated authority lookup by prefix\n";
# This will be flushed after URNs are fully pushed out. return undef;
return GeniAuthority->LookupByPrefix($1);
} }
elsif ($token =~ /^[\w\.]*$/) { elsif ($token =~ /^[\w\.]*$/) {
$query_result = $query_result =
...@@ -94,9 +93,7 @@ sub Lookup($$) ...@@ -94,9 +93,7 @@ sub Lookup($$)
my $self = {}; my $self = {};
$self->{'AUTHORITY'} = $query_result->fetchrow_hashref(); $self->{'AUTHORITY'} = $query_result->fetchrow_hashref();
$self->{'version'} = undef; $self->{'_version_info'} = undef;
$self->{'apilevel'} = undef;
$self->{'api'} = undef;
bless($self, $class); bless($self, $class);
# #
...@@ -180,9 +177,12 @@ sub url($) { return field($_[0], "url"); } ...@@ -180,9 +177,12 @@ sub url($) { return field($_[0], "url"); }
sub hrn($) { return field($_[0], "hrn"); } sub hrn($) { return field($_[0], "hrn"); }
sub type($) { return field($_[0], "type"); } sub type($) { return field($_[0], "type"); }
sub disabled($) { return field($_[0], "disabled"); } sub disabled($) { return field($_[0], "disabled"); }
sub version($) { return $_[0]->{"version"}; } sub _version_info($) { return $_[0]->{"_version_info"}; }
sub apilevel($) { return $_[0]->{"apilevel"}; } sub version($) { return $_[0]->VersionInfo()->{"version"}; }
sub api($) { return $_[0]->{"api"}; } sub apilevel($) { return $_[0]->VersionInfo()->{"apilevel"}; }
sub api($) { return $_[0]->VersionInfo()->{"api"}; }
sub issfa($) { return $_[0]->VersionInfo()->{"issfa"}; }
sub versiondata($) { return $_[0]->VersionInfo()->{"versiondata"}; }
sub cert($) { return $_[0]->{'CERT'}->cert(); } sub cert($) { return $_[0]->{'CERT'}->cert(); }
sub GetCertificate($) { return $_[0]->{'CERT'}; } sub GetCertificate($) { return $_[0]->{'CERT'}; }
...@@ -266,6 +266,8 @@ sub CheckExisting($$) ...@@ -266,6 +266,8 @@ sub CheckExisting($$)
# #
# Create authority from the ClearingHouse, by looking up the info. # Create authority from the ClearingHouse, by looking up the info.
# All authorities are currently stored in the Utah Emulab ClearingHouse,
# at least until we can deal with multiple clearinghouses/registries.
# #
sub CreateFromRegistry($$$) sub CreateFromRegistry($$$)
{ {
...@@ -310,12 +312,12 @@ sub CreateFromRegistry($$$) ...@@ -310,12 +312,12 @@ sub CreateFromRegistry($$$)
# #
# Get Version. Ask the Authority what version it is running. # Get Version. Ask the Authority what version it is running.
# #
sub Version($) sub VersionInfo($)
{ {
my ($self) = @_; my ($self) = @_;
return $self->version() return $self->_version_info()
if (defined($self->version())); if (defined($self->_version_info()));
# #
# The caller had to set up the xmlrpc context. # The caller had to set up the xmlrpc context.
...@@ -332,38 +334,49 @@ sub Version($) ...@@ -332,38 +334,49 @@ sub Version($)
print STDERR " " . $response->output() . "\n"; print STDERR " " . $response->output() . "\n";
return undef; return undef;
} }
my $ref = {"versiondata" => $response->value() };
if (ref($response->value())) { if (ref($response->value())) {
# Look for the AM interface. # Look for the AM interface.
if (exists($response->value()->{'geni_api'})) { if (exists($response->value()->{'geni_api'})) {
$self->{'version'} = $response->value()->{'geni_api'}; $ref->{'version'} = $response->value()->{'geni_api'};
# This was wrong; it should be 2.0 not 1.0 # This was wrong; it should be 2.0 not 1.0
$self->{'version'} = 2.0 if ($self->{'version'} == 1.0); $ref->{'version'} = 2.0 if ($ref->{'version'} == 1.0);
$self->{'apilevel'} = 0; $ref->{'apilevel'} = 0;
$self->{'api'} = "AM"; $ref->{'api'} = "AM";
$ref->{'issfa'} = exists($response->value()->{'sfa'});
} }
else { else {
$self->{'version'} = $response->value()->{'api'}; $ref->{'version'} = $response->value()->{'api'};
$self->{'apilevel'} = $response->value()->{'level'}; $ref->{'apilevel'} = $response->value()->{'level'};
$self->{'api'} = "CM"; $ref->{'api'} = "CM";
$ref->{'issfa'} = 0;
} }
} }
else { else {
$self->{'version'} = $response->value(); $ref->{'version'} = $response->value();
$self->{'apilevel'} = 1; $ref->{'apilevel'} = 1;
$self->{'api'} = "CM"; $ref->{'api'} = "CM";
$ref->{'issfa'} = 0;
} }
return $self->{'version'}; $self->{'_version_info'} = $ref;
return $ref;
} }
# Ditto for the API level sub Version($)
sub ApiLevel($)
{ {
my ($self) = @_; my ($self) = @_;
return $self->apilevel() return undef
if (defined($self->apilevel())); if (!defined($self->VersionInfo()));
return $self->version();
}
sub ApiLevel($)
{
my ($self) = @_;
return undef return undef
if (!defined($self->Version())); if (!defined($self->VersionInfo()));
return $self->apilevel(); return $self->apilevel();
} }
...@@ -371,14 +384,20 @@ sub Api($) ...@@ -371,14 +384,20 @@ sub Api($)
{ {
my ($self) = @_; my ($self) = @_;
return $self->api()
if (defined($self->api()));
return undef return undef
if (!defined($self->Version())); if (!defined($self->VersionInfo()));
return $self->api(); return $self->api();
} }
sub IsSFA($)
{
my ($self) = @_;
return undef
if (!defined($self->VersionInfo()));
return $self->issfa();
}
# #
# Check that the authority is the issuer of the given certificate. # Check that the authority is the issuer of the given certificate.
...@@ -460,6 +479,21 @@ sub LookupByPrefix($$) ...@@ -460,6 +479,21 @@ sub LookupByPrefix($$)
return GeniAuthority->Lookup($uuid); return GeniAuthority->Lookup($uuid);
} }
#
# Set the disabled bit.
#
sub Disable($)
{
my ($self) = @_;
my $urn = $self->urn();
DBQueryWarn("update geni_authorities set disabled=1 ".
"where urn='$urn'")
or return -1;
return 0;
}
# _Always_ make sure that this 1 is at the end of the file... # _Always_ make sure that this 1 is at the end of the file...
1; 1;
...@@ -19,7 +19,7 @@ use vars qw(@ISA @EXPORT); ...@@ -19,7 +19,7 @@ use vars qw(@ISA @EXPORT);
#use Devel::TraceUse; #use Devel::TraceUse;
use GeniDB; use GeniDB;
use Genixmlrpc; use Genixmlrpc;
use GeniRegistry; use GeniSlice;
use GeniResponse; use GeniResponse;
use GeniUser; use GeniUser;
use GeniComponent; use GeniComponent;
...@@ -268,21 +268,7 @@ sub Resolve($) ...@@ -268,21 +268,7 @@ sub Resolve($)
return GeniResponse->Create(GENIRESPONSE_SUCCESS, $blob); return GeniResponse->Create(GENIRESPONSE_SUCCESS, $blob);
} }
if ($type eq "sa") { if ($type eq "cm" || $type eq "am" || $type eq "sa") {
my $authority = GeniAuthority->Lookup($lookup_token);
if (!defined($authority)) {
return GeniResponse->Create(GENIRESPONSE_SEARCHFAILED, undef,
"No such authority $lookup_token");
}
# Return a blob.
my $blob = { "gid" => $authority->cert(),
"url" => $authority->url(),
"urn" => $authority->urn(),
"type" => $authority->type(),
};
return GeniResponse->Create(GENIRESPONSE_SUCCESS, $blob);
}
if ($type eq "cm" || $type eq "am") {
my $manager = GeniAuthority->Lookup($lookup_token); my $manager = GeniAuthority->Lookup($lookup_token);
if (!defined($manager)) { if (!defined($manager)) {
return GeniResponse->Create(GENIRESPONSE_SEARCHFAILED, undef, return GeniResponse->Create(GENIRESPONSE_SEARCHFAILED, undef,
...@@ -309,7 +295,7 @@ sub Resolve($) ...@@ -309,7 +295,7 @@ sub Resolve($)
return GeniResponse->Create(GENIRESPONSE_SUCCESS, $blob); return GeniResponse->Create(GENIRESPONSE_SUCCESS, $blob);
} }
if ($type eq "slice") { if ($type eq "slice") {
my $slice = GeniRegistry::GeniSlice->Lookup($lookup_token); my $slice = GeniSlice->Lookup($lookup_token);
if (!defined($slice)) { if (!defined($slice)) {
return GeniResponse->Create(GENIRESPONSE_SEARCHFAILED, undef, return GeniResponse->Create(GENIRESPONSE_SEARCHFAILED, undef,
"No such slice $lookup_token"); "No such slice $lookup_token");
...@@ -702,7 +688,7 @@ sub Remove($) ...@@ -702,7 +688,7 @@ sub Remove($)
"$token has been unregistered"); "$token has been unregistered");
} }
if ($type eq "Slice") { if ($type eq "Slice") {
my $slice = GeniRegistry::GeniSlice->Lookup($token); my $slice = GeniSlice->Lookup($token);
if (!defined($slice)) { if (!defined($slice)) {
return GeniResponse->Create(GENIRESPONSE_SUCCESS, undef, return GeniResponse->Create(GENIRESPONSE_SUCCESS, undef,
"No such slice $token"); "No such slice $token");
...@@ -762,7 +748,7 @@ sub Shutdown($) ...@@ -762,7 +748,7 @@ sub Shutdown($)
return GeniResponse->Create( GENIRESPONSE_FORBIDDEN, undef, return GeniResponse->Create( GENIRESPONSE_FORBIDDEN, undef,
"Insufficient privilege" ); "Insufficient privilege" );
my $slice = GeniRegistry::GeniSlice->Lookup($uuid || $urn); my $slice = GeniSlice->Lookup($uuid || $urn);
if (!defined($slice)) { if (!defined($slice)) {
if (!defined($urn)) { if (!defined($urn)) {
return GeniResponse->Create(GENIRESPONSE_SEARCHFAILED, undef, return GeniResponse->Create(GENIRESPONSE_SEARCHFAILED, undef,
...@@ -925,7 +911,7 @@ sub List($) ...@@ -925,7 +911,7 @@ sub List($)
if ($type eq "slices") { if ($type eq "slices") {
my @slices; my @slices;
if (GeniRegistry::GeniSlice->ListAll(\@slices) != 0) { if (GeniSlice->ListAll(\@slices) != 0) {
return GeniResponse->Create(GENIRESPONSE_ERROR); return GeniResponse->Create(GENIRESPONSE_ERROR);
} }
foreach my $slice (@slices) { foreach my $slice (@slices) {
......
...@@ -184,6 +184,7 @@ sub DiscoverResources($) ...@@ -184,6 +184,7 @@ sub DiscoverResources($)
my $credstr = $argref->{'credential'}; my $credstr = $argref->{'credential'};
my $available = $argref->{'available'} || 0; my $available = $argref->{'available'} || 0;
my $compress = $argref->{'compress'} || 0; my $compress = $argref->{'compress'} || 0;
my $version = $argref->{'rspec_version'} || undef;
my $credential = CheckCredential($credstr); my $credential = CheckCredential($credstr);
return $credential return $credential
...@@ -192,10 +193,18 @@ sub DiscoverResources($) ...@@ -192,10 +193,18 @@ sub DiscoverResources($)
return DiscoverResourcesAux($available, $compress, [$credential]); return DiscoverResourcesAux($available, $compress, [$credential]);
} }
# Helper function for V2. # Helper function for V2.
sub DiscoverResourcesAux($$$) sub DiscoverResourcesAux($$$;$)
{ {
my ($available, $compress, $credentials) = @_; my ($available, $compress, $credentials, $version) = @_;
my $user_urn = $ENV{'GENIRN'}; my $user_urn = $ENV{'GENIRN'};
$version = "0.2"
if (!defined($version));
# Sanity check since this can come from client.
if (! ($version eq "0.1" || $version eq "0.2" ||$version eq "2.0")) {
return GeniResponse->Create(GENIRESPONSE_BADARGS, undef,
"Improper version request");
}
# Oh, for $*%(s sake. Frontier::RPC2 insists on representing a # Oh, for $*%(s sake. Frontier::RPC2 insists on representing a
# Boolean as its own object type -- which Perl always interprets as # Boolean as its own object type -- which Perl always interprets as
...@@ -259,7 +268,7 @@ sub DiscoverResourcesAux($$$) ...@@ -259,7 +268,7 @@ sub DiscoverResourcesAux($$$)
# #
# Acquire the advertisement from ptopgen and compress it if requested. # Acquire the advertisement from ptopgen and compress it if requested.
# #
my $xml = GetAdvertisement($available, undef, "0.2", $experiment); my $xml = GetAdvertisement($available, undef, $version, $experiment);
if (! defined($xml)) { if (! defined($xml)) {
return GeniResponse->Create(GENIRESPONSE_ERROR, undef, return GeniResponse->Create(GENIRESPONSE_ERROR, undef,
"Could not start avail"); "Could not start avail");
......
...@@ -24,6 +24,7 @@ use GeniResponse; ...@@ -24,6 +24,7 @@ use GeniResponse;
use GeniTicket; use GeniTicket;
use GeniCredential; use GeniCredential;
use GeniCertificate; use GeniCertificate;
use GeniComponent;
use GeniSlice; use GeniSlice;
use GeniAggregate; use GeniAggregate;
use GeniSliver; use GeniSliver;
...@@ -127,21 +128,58 @@ sub Resolve($) ...@@ -127,21 +128,58 @@ sub Resolve($)
my $node = $object; my $node = $object;
my $rspec = GeniCM::GetAdvertisement(0, $node->node_id(), "0.1", undef); my $rspec = GeniCM::GetAdvertisement(0, $node->node_id(), "0.1", undef);
if (! defined($rspec)) { if (! defined($rspec)) {
print STDERR "Could not get advertisement for $node!\n";
return GeniResponse->Create(GENIRESPONSE_ERROR, undef, return GeniResponse->Create(GENIRESPONSE_ERROR, undef,
"Error getting advertisement"); "Error getting advertisement");
} }
my $me = GeniAuthority->Lookup($ENV{'MYURN'});
if (!defined($me)) {
print STDERR
"Could not find local authority object for $ENV{'MYURN'}\n";
return GeniResponse->Create(GENIRESPONSE_ERROR, undef,
"Error getting advertisement");
}
my $myurn = GeniHRN::Generate($OURDOMAIN, "node", $node->node_id());
my $myhrn = "${PGENIDOMAIN}." . $node->node_id();
#
# See if the component object exists; if not create it.
#
my $component = GeniComponent->Lookup($node->uuid());
if (!defined($component)) {
my $certificate = GeniCertificate->Lookup($node->uuid());
if (!defined($certificate)) {
$certificate =
GeniCertificate->Create({'urn' => $myurn,
'hrn' => $myhrn,
'email'=> $TBOPS,
'uuid' => $node->uuid(),
'url' => $me->url()});
if (!defined($certificate)) {
print STDERR "Could not generate certificate for $node\n";
return GeniResponse->Create(GENIRESPONSE_ERROR, undef,
"Error getting advertisement");
}
}
$component = GeniComponent->Create($certificate, $me);
if (!defined($component)) {
print STDERR "Could not create component for $node\n";
return GeniResponse->Create(GENIRESPONSE_ERROR, undef,
"Error getting advertisement");
}
}
# Return a blob. # Return a blob.
my $blob = { "hrn" => "${PGENIDOMAIN}." . $node->node_id(), my $blob = { "hrn" => $myhrn,
"uuid" => $node->uuid(), "uuid" => $node->uuid(),
"role" => $node->role(), "role" => $node->role(),
"hostname" => "hostname" =>
GeniUtil::FindHostname($node->node_id()), GeniUtil::FindHostname($node->node_id()),
"physctrl" => "physctrl" =>
Interface->LookupControl($node->phys_nodeid())->IP(), Interface->LookupControl($node->phys_nodeid())->IP(),
"urn" => GeniHRN::Generate($OURDOMAIN, "urn" => $myurn,
"node", "rspec" => $rspec,
$node->node_id()), "url" => $me->url(),
"rspec" => $rspec "gid" => $component->cert(),
}; };
return GeniResponse->Create(GENIRESPONSE_SUCCESS, $blob); return GeniResponse->Create(GENIRESPONSE_SUCCESS, $blob);
...@@ -228,6 +266,7 @@ sub DiscoverResources($) ...@@ -228,6 +266,7 @@ sub DiscoverResources($)
my $credentials = $argref->{'credentials'}; my $credentials = $argref->{'credentials'};
my $available = $argref->{'available'} || 0; my $available = $argref->{'available'} || 0;
my $compress = $argref->{'compress'} || 0; my $compress = $argref->{'compress'} || 0;
my $version = $argref->{'rspec_version'} || undef;
if (! (defined($credentials))) { if (! (defined($credentials))) {
return GeniResponse->MalformedArgsResponse("Missing arguments"); return GeniResponse->MalformedArgsResponse("Missing arguments");
......
#!/usr/bin/perl -wT #!/usr/bin/perl -wT
# #
# GENIPUBLIC-COPYRIGHT # GENIPUBLIC-COPYRIGHT
# Copyright (c) 2008-2010 University of Utah and the Flux Group. # Copyright (c) 2008-2011 University of Utah and the Flux Group.
# All rights reserved. # All rights reserved.
# #
package GeniComponent; package GeniComponent;
...@@ -146,7 +146,21 @@ sub Create($$;$) ...@@ -146,7 +146,21 @@ sub Create($$;$)
my $safe_hrn = DBQuoteSpecial($certificate->hrn()); my $safe_hrn = DBQuoteSpecial($certificate->hrn());
my $safe_uuid = DBQuoteSpecial($certificate->uuid()); my $safe_uuid = DBQuoteSpecial($certificate->uuid());
my $safe_url = DBQuoteSpecial($certificate->URL()); my $safe_url = "NULL";
# If there is a URL in the certificate, use that. If not, there had
# better be a manager supplied or else we will not be able to talk
# to it.
if (defined($certificate->URL())) {
$safe_url = DBQuoteSpecial($certificate->URL());
}
elsif (defined($manager)) {
$safe_url = DBQuoteSpecial($manager->url());
}
else {
print STDERR "GeniComponent::Create: No URL or authority supplied.\n";
return undef;
}
# Now tack on other stuff we need. # Now tack on other stuff we need.
push(@insert_data, "created=now()"); push(@insert_data, "created=now()");
...@@ -305,24 +319,21 @@ sub CreateFromRegistry($$) ...@@ -305,24 +319,21 @@ sub CreateFromRegistry($$)
if (defined($component) && if (defined($component) &&
$component->urn() && $component->manager_uuid()); $component->urn() && $component->manager_uuid());
my $clearinghouse = GeniRegistry::ClearingHouse->Create(); my $registry = GeniRegistry->Create($token);
return undef return undef
if (!defined($clearinghouse)); if (!defined($registry));
my $blob; my $blob;
return undef return undef
if ($clearinghouse->Resolve($token, "Component", \$blob) != 0); if ($registry->Resolve($token, "Component", \$blob) != 0);
# Why does PLC Resolve return an array of length one?
$blob = $blob->[0];
my $certificate = GeniCertificate->LoadFromString($blob->{'gid'}); my $certificate = GeniCertificate->LoadFromString($blob->{'gid'});
return undef return undef
if (!defined($certificate)); if (!defined($certificate));
my $manager_certificate =
GeniCertificate->LoadFromString($blob->{'manager_gid'});
if (!defined($certificate)) {
goto bad;
}
# #
# At this point, we do not support non-urn sites. They must re-register. # At this point, we do not support non-urn sites. They must re-register.
# #
...@@ -336,16 +347,48 @@ sub CreateFromRegistry($$) ...@@ -336,16 +347,48 @@ sub CreateFromRegistry($$)
# #
# Create the manager authority as well. # Create the manager authority as well.
# #
my $manager_urn = $manager_certificate->urn(); my $manager_urn;
if (!defined($manager_urn)) {
print STDERR "GeniComponent::CreateFromRegistry: ". if (exists($blob->{'manager_gid'})) {
"$manager_certificate does not have a urn.\n"; my $manager_certificate =
goto bad; GeniCertificate->LoadFromString($blob->{'manager_gid'});
if (!defined($certificate)) {
goto bad;
}
$manager_urn = $manager_certificate->urn();
$manager_certificate->Delete();
if (!defined($manager_urn)) {
print STDERR "GeniComponent::CreateFromRegistry: ".
"$manager_certificate does not have a urn.\n";
goto bad;
}
} }
else {
#
# Only able to deal with PLC for now. The blob says that the "site"
# is the authority, but that is not true since we have to go all
# the way up to plc.sa to do anything.
#
my ($auth,$type,$id) = GeniHRN::Parse($urn);
return undef
if (!defined($auth));
if ($auth =~ /^plc:/) {
$manager_urn = GeniHRN::Generate("plc", "authority", "sa");
}
else {
print STDERR "Unsupported PLC component: $urn\n";
goto bad;
}
}
my $manager = GeniAuthority->CreateFromRegistry("CM", $manager_urn); my $manager = GeniAuthority->CreateFromRegistry("CM", $manager_urn);
if (!defined($manager)) { if (!defined($manager)) {
print STDERR "GeniComponent::CreateFromRegistry: ". print STDERR "GeniComponent::CreateFromRegistry: ".
"could not create authority $manager_urn\n"; "could not create authority $manager_urn\n";
goto bad;
} }
$component = GeniComponent->Create($certificate, $manager); $component = GeniComponent->Create($certificate, $manager);
...@@ -359,8 +402,6 @@ sub CreateFromRegistry($$) ...@@ -359,8 +402,6 @@ sub CreateFromRegistry($$)
bad: bad:
$certificate->Delete() $certificate->Delete()