All new accounts created on Gitlab now require administrator approval. If you invite any collaborators, please let Flux staff know so they can approve the accounts.

Commit 6a175dae authored by Leigh B Stoller's avatar Leigh B Stoller

Generate an admin extension credential to allow bypass of the aggregate

limit of 5 days. Pass that along in the list of credentials.
parent 547e685a
......@@ -31,7 +31,7 @@ use strict;
use English;
use Getopt::Std;
use XML::Simple;
use File::Temp qw(tempfile);
use File::Temp qw(tempfile :POSIX );
use Data::Dumper;
use Cwd qw(realpath);
......@@ -89,6 +89,7 @@ my $SSHKEYGEN = "/usr/bin/ssh-keygen";
my $SSHSETUP = "$TB/sbin/aptssh-setup";
my $ADDPUBKEY = "$TB/sbin/addpubkey";
my $UPDATEGENIUSER= "$TB/sbin/protogeni/updategeniuser";
my $GENEXTENDCRED = "$TB/sbin/protogeni/genextendcred";
my $VERSIONING = @PROFILEVERSIONS@;
# un-taint path
......@@ -803,10 +804,7 @@ sub Terminate($)
}
my $slice = GeniSlice->Lookup($instance->slice_uuid());
if (!defined($slice)) {
if ($instance->status() eq "failed") {
goto done;
}
fatal("No slice for quick VM: $uuid");
goto killit;
}
#
# Generate credentials we need.
......@@ -887,6 +885,7 @@ sub Terminate($)
$slice->Delete();
done:
$instance->RecordHistory();
killit:
$instance->Delete();
exit(0);
}
......@@ -921,10 +920,31 @@ sub Extend($$)
my $slice = GeniSlice->Lookup($instance->slice_uuid());
if (!defined($slice)) {
if ($instance->status() eq "failed") {
goto done;
fatal("Cannot extend failed instance!");
}
fatal("No slice for quick VM: $uuid");
}
my $slice_urn = $slice->urn();
my $user_urn = $geniuser->urn();
my $oldexpires = $slice->expires();
#
# We need a special credentential in case the aggregate is enforcing
# limits (as do Utah aggregates).
#
my $extcred = "";
my $credname = tmpnam();
system("$GENEXTENDCRED -a -o $credname -s $slice_urn -u $user_urn -t 90");
if ($?) {
fatal("Could not create extended credential");
}
open(EXT, $credname) or fatal("Could not open ext credfile $credname");
while (<EXT>) {
$extcred .= $_;
}
close(EXT);
unlink($credname);
chomp($extcred);
# Need to update slice before creating new credential.
$slice->AddToExpiration($extend);
......@@ -937,6 +957,7 @@ sub Extend($$)
GenCredentials($slice, $geniuser, $sa_authority, $speaker_signer);
if (! (defined($speaksfor_credential) &&
defined($slice_credential))) {
$slice->SetExpiration($oldexpires);
fatal("Could not generate credentials");
}
my $response =
......@@ -946,16 +967,17 @@ sub Extend($$)
"expiration" => $new_expires,
"credentials" =>
[$slice_credential->asString(),
$speaksfor_credential->asString()]});
$speaksfor_credential->asString(),
$extcred]});
if (!defined($response) || $response->code() != GENIRESPONSE_SUCCESS) {
$slice->SetExpiration($oldexpires);
if ($response->code() == GENIRESPONSE_REFUSED) {
UserError($response->output());
}
fatal("RenewSlice failed: ".
(defined($response) ? $response->output() : "") . "\n");
}
$slice->SetExpiration($new_expires);
exit(0);
}
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment