All new accounts created on Gitlab now require administrator approval. If you invite any collaborators, please let Flux staff know so they can approve the accounts.

Commit 81a2a88a authored by Mike Hibler's avatar Mike Hibler

Merge branch 'master' into newports

parents 480fdc70 aea8a3a1
......@@ -1648,12 +1648,22 @@ sub Lockdown($$)
my $authority = $self->GetGeniAuthority();
my $slice = $self->instance()->GetGeniSlice();
my $context = APT_Geni::GeniContext();
my $oldexpires;
return undef
if (! (defined($authority) &&
defined($slice) && defined($context)));
#
# If the slice is expired, then the credential we generate will
# not be valid. So extend the slice so we can clear the lockdown.
#
if ($clear && $slice->IsExpired()) {
$oldexpires = $slice->expires();
$slice->SetExpiration(time() + 3600);
}
my $slice_credential = APT_Geni::GenAuthCredential($slice);
return undef
goto bad
if (! defined($slice_credential));
my $args = {
......@@ -1665,7 +1675,14 @@ sub Lockdown($$)
my $cmurl = $authority->url();
$cmurl =~ s/protogeni/protogeni\/stoller/ if ($usemydevtree);
return Genixmlrpc::CallMethod($cmurl, $context, "Lockdown", $args);
my $response = Genixmlrpc::CallMethod($cmurl, $context, "Lockdown", $args);
$slice->SetExpiration($oldexpires)
if (defined($oldexpires));
return $response;
bad:
$slice->SetExpiration($oldexpires)
if (defined($oldexpires));
return undef;
}
#
......
......@@ -824,7 +824,8 @@ sub CheckNodeConstraints($$$)
}
if (defined($image_urn)) {
if ($image_urn =~ /UBUNTU14\-10\-64\-OS/) {
if ($image_urn =~ /UBUNTU14\-10\-64\-OS/ ||
$image_urn =~ /UBUNTU15\-04\-64\-OS/) {
return 0;
}
elsif ($iscloudlab &&
......@@ -1025,7 +1026,8 @@ sub SetSites($$$$)
if (!exists($interface_map{$client_id}));
my $site_mid = $interface_map{$client_id};
GeniXML::AddManagerToLink($ref, $sitemap->{$site_mid});
GeniXML::AddManagerToLink($ref, $sitemap->{$site_mid})
if (!exists($linksites{$sitemap->{$site_mid}}));
$linksites{$sitemap->{$site_mid}} = 1;
}
# if more then one site for a link, must use the stitcher.
......
......@@ -253,6 +253,16 @@ sub DoSnapshot()
$imagename = $profile->name();
}
}
#
# Make sure a valid imagename. This a local test of course, but this
# only works on IG aggregates anyway.
#
if (! TBcheck_dbslot($imagename, "images",
"imagename", TBDB_CHECKDBSLOT_ERROR)) {
$imagename = $profile->profileid();
$imagename .= "." . $node_id
if (defined($node_id));
}
#
# Sanity checks.
......@@ -789,6 +799,7 @@ sub DoTerminate()
sub DoExtend()
{
my $force = 0;
my $lockdown = 0;
usage()
if (!@ARGV);
......@@ -830,6 +841,12 @@ sub DoExtend()
# Save in case of error.
my $oldexpires = $slice->expires();
# Lockdown on admin extensions longer then XX days.
if (defined($this_user) && $this_user->IsAdmin() &&
($seconds / (24 * 60 * 60)) > 10) {
$lockdown = 1
}
# Need to update slice before creating new credential.
$slice->AddToExpiration($seconds);
my $new_expires = $slice->ExpirationGMT();
......@@ -888,8 +905,7 @@ sub DoExtend()
}
}
# Lockdown.
if (defined($this_user) && $this_user->IsAdmin() &&
($seconds / (24 * 60 * 60)) > 10) {
if ($lockdown) {
if (DoLockdownInternal("set", "admin")) {
SENDMAIL($TBOPS,
"Failed to lock down APT Instance",
......@@ -1046,6 +1062,7 @@ sub DoRebootOrReload($)
}
my %sliver_urns = ();
my %node_ids = ();
my @slivers = ();
foreach my $obj ($instance->AggregateList()) {
my $manifest = GeniXML::Parse($obj->manifest());
......@@ -1070,6 +1087,7 @@ sub DoRebootOrReload($)
push(@slivers, $obj);
}
push(@{ $sliver_urns{$obj->aggregate_urn()} }, $sliver_urn);
$node_ids{$sliver_urn} = $client_id;
}
}
}
......@@ -1099,9 +1117,6 @@ sub DoRebootOrReload($)
my @urns = @{ $sliver_urns{$sliver->aggregate_urn()} };
my $errmsg;
# Clear this so that web interface will not update it.
$webtask->sliverstatus({});
my $response = $sliver->SliverAction(\$errmsg, $which, @urns);
if (!defined($response)) {
$errmsg = "RPC Error calling SliverAction";
......@@ -1119,6 +1134,16 @@ sub DoRebootOrReload($)
$errmsg = $response->output();
goto bad;
}
# Tell the web interface something is different. Real status will
# come later when the monitor starts up.
if ($webtask->sliverstatus()) {
my $blob = $webtask->sliverstatus();
foreach my $urn (@urns) {
my $node_id = $node_ids{$urn};
$blob->{$node_id}->{'status'} = "changing";
}
$webtask->sliverstatus($blob);
}
return 0;
bad:
print STDERR "$errmsg\n";
......
......@@ -7005,18 +7005,6 @@ outfiles="$outfiles Makeconf GNUmakefile \
install/libinstall.pm install/update-install install/update-testbed \
mote/GNUmakefile mote/tbuisp mote/tbsgmotepower mote/newmote \
mote/sgtools/GNUmakefile \
robots/GNUmakefile robots/tbsetdest/GNUmakefile \
robots/mtp/GNUmakefile robots/emc/GNUmakefile \
robots/emc/test_emcd.sh robots/emc/loclistener \
robots/vmcd/GNUmakefile robots/vmcd/test_vmc-client.sh \
robots/rmcd/GNUmakefile robots/primotion/GNUmakefile \
robots/primotion/test_gorobot.sh robots/primotion/dgrobot/GNUmakefile \
robots/mezzanine/GNUmakefile robots/mezzanine/rtk2/GNUmakefile \
robots/mezzanine/libfg/GNUmakefile \
robots/mezzanine/libmezz/GNUmakefile \
robots/mezzanine/mezzanine/GNUmakefile \
robots/tracker/GNUmakefile \
robots/mezzanine/mezzcal/GNUmakefile robots/robomonitord \
wiki/GNUmakefile wiki/addwikiuser wiki/wikiproxy \
wiki/usertemplate wiki/webhometemplate wiki/LocalSite.cfg \
wiki/delwikiuser wiki/setwikigroups wiki/addwikiproj \
......
......@@ -1374,18 +1374,6 @@ outfiles="$outfiles Makeconf GNUmakefile \
install/libinstall.pm install/update-install install/update-testbed \
mote/GNUmakefile mote/tbuisp mote/tbsgmotepower mote/newmote \
mote/sgtools/GNUmakefile \
robots/GNUmakefile robots/tbsetdest/GNUmakefile \
robots/mtp/GNUmakefile robots/emc/GNUmakefile \
robots/emc/test_emcd.sh robots/emc/loclistener \
robots/vmcd/GNUmakefile robots/vmcd/test_vmc-client.sh \
robots/rmcd/GNUmakefile robots/primotion/GNUmakefile \
robots/primotion/test_gorobot.sh robots/primotion/dgrobot/GNUmakefile \
robots/mezzanine/GNUmakefile robots/mezzanine/rtk2/GNUmakefile \
robots/mezzanine/libfg/GNUmakefile \
robots/mezzanine/libmezz/GNUmakefile \
robots/mezzanine/mezzanine/GNUmakefile \
robots/tracker/GNUmakefile \
robots/mezzanine/mezzcal/GNUmakefile robots/robomonitord \
protogeni/GNUmakefile protogeni/security/GNUmakefile \
protogeni/xmlrpc/GNUmakefile protogeni/lib/GNUmakefile \
protogeni/scripts/GNUmakefile protogeni/etc/GNUmakefile \
......
......@@ -2293,7 +2293,7 @@ sub TempImageFile($)
my $name = $self->imagename();
if ($self->IsDirPath()) {
return $path . $name . ".ddz" . ($vers ? ":$vers" : "") . ".tmp";
return $path . $name . ".ndz" . ($vers ? ":$vers" : "") . ".tmp";
}
return $path . ".tmp";
}
......
......@@ -808,6 +808,7 @@ sub GetTicketAuxAux($$$$$$$$$$)
my %external_nodemap = ();
my %external_linkmap = ();
my %external_vportmap = ();
my %external_lanrefs = ();
# Always do this to avoid buildup.
$slice_experiment->ClearBackupState();
......@@ -2032,7 +2033,6 @@ sub GetTicketAuxAux($$$$$$$$$$)
}
my $edgecount = 0;
my $irefcount = 0;
foreach my $ref (@interfaces) {
my $node_nickname = GeniXML::GetInterfaceNodeId($ref);
......@@ -2042,7 +2042,6 @@ sub GetTicketAuxAux($$$$$$$$$$)
if (! GeniXML::IsVersion0($ref) && defined($iface_id)) {
$node_nickname = $iface2node{$iface_id};
}
$irefcount++;
#
# Look for links that are really lans; one of the interfaces
......@@ -2067,10 +2066,17 @@ sub GetTicketAuxAux($$$$$$$$$$)
# the user has specified something impossible.
#
if (exists($external_nodemap{$node_nickname})) {
next
if ($irefcount > 2);
my $external_noderef = $external_nodemap{$node_nickname};
my $manager_id = GeniXML::GetManagerId($external_noderef);
#
# There might be multiple external interfaces for the same
# lan in the case of "stitch to lan". We only care about the
# first one we see for each external stitch point.
#
next
if (exists($external_lanrefs{"${lanname}:${manager_id}"}));
my $stitchpath = GeniStitch->Lookup($lanname, $rspec);
if (! defined($stitchpath)) {
$response =
......@@ -2152,7 +2158,7 @@ sub GetTicketAuxAux($$$$$$$$$$)
$iface_vport = $external_vportmap{$node_nickname};
$external_vportmap{$node_nickname} += 1;
$external_linkmap{$lanname} = $linkref;
$external_lanrefs{"${lanname}:${manager_id}"} = $external_noderef;
# Allow rspec to provide IP for other side.
$ip = GeniXML::GetIp($ref, $external_noderef);
}
......
......@@ -190,6 +190,8 @@ CREATE TABLE `apt_instances` (
`servername` tinytext,
`monitor_pid` int(11) default '0',
`logfileid` varchar(40) default NULL,
`cert` mediumtext,
`privkey` mediumtext,
`rspec` mediumtext,
`params` mediumtext,
`manifest` mediumtext,
......
#
# APT stuff
#
use strict;
use libdb;
sub DoUpdate($$$)
{
my ($dbhandle, $dbname, $version) = @_;
if (!DBSlotExists("apt_instances", "cert")) {
DBQueryFatal("alter table apt_instances add ".
" `cert` mediumtext after logfileid");
}
if (!DBSlotExists("apt_instances", "privkey")) {
DBQueryFatal("alter table apt_instances add ".
" `privkey` mediumtext after cert");
}
return 0;
}
1;
# Local Variables:
# mode:perl
# End:
......@@ -46,6 +46,7 @@ use OSinfo;
use English;
use event;
use Data::Dumper;
use File::stat;
use IO::Handle;
use overload ('""' => 'Stringify');
......@@ -57,6 +58,7 @@ my $ELABINELAB = @ELABINELAB@;
my $PROJROOT = "@PROJROOT_DIR@";
my $WITHPROVENANCE= @IMAGEPROVENANCE@;
my $WITHDELTAS = @IMAGEDELTAS@;
my $IMAGEINFO = "$TB/sbin/imageinfo";
# Paths to binaries
my $TBUISP = "$TB/bin/tbuisp";
......@@ -1185,7 +1187,60 @@ sub WaitTillReloadDone($$$$$@)
return @failed;
}
#
# Grab the size and update the database.
#
sub GetImageSize($$$)
{
my ($self, $image, $node) = @_;
my $imagesize = 0;
my $imagepath = $image->FullImageFile();
#
# Perform a few validity checks: imageid should have a file name
# and that file should exist.
#
if (!defined($imagepath)) {
tberror "No filename associated with $image!";
return -1;
}
if (! -R $imagepath) {
#
# There are two reasons why a legit image might not be readable.
# One is that we are in an elabinelab and the image has just not
# been downloaded yet. The other is that we are attempting to
# access a shared (via the grantimage mechanism) image which the
# caller cannot directly access.
#
# For either case, making a proxy query request via frisbee will
# tell us whether the image is accessible and, if so, its size.
# "imageinfo" makes that call for us.
#
my $frisimageid = $image->pid() . "/" . $image->imagename();
my $sizestr = `$IMAGEINFO -qs -N $node $frisimageid`;
if ($sizestr =~ /^(\d+)$/) {
$imagesize = $1;
} else {
tberror "$image: access not allowed or image does not exist.";
return -1;
}
} else {
$imagesize = stat($imagepath)->size;
}
#
# A zero-length image cannot be right and will result in much confusion
# if allowed to pass: the image load will succeed, but the disk will be
# unchanged, making it appear that os_load loaded the default image.
#
if ($imagesize == 0) {
tberror "$imagepath is empty!";
return -1;
}
$image->SetFullSize($imagesize);
return 0;
}
#
# Return two array references (possbily empty) of:
......@@ -1730,8 +1785,14 @@ sub _CheckImages($$)
# always prefer the full image if we have it.
#
if (! ($image->HaveFullImage() || $image->HaveDeltaImage())) {
tberror "$image: no full or delta image file!";
return -1;
#
# This should be an error, but until we run imagevalidate
# over all images, we want to do it here.
#
if ($self->GetImageSize($image, $nodeobject)) {
tberror "$nodeobject: no full or delta image file!";
goto failednode;
}
}
if (! ($image->size() || $image->deltasize())) {
tberror "$image: no size info!";
......@@ -1994,8 +2055,8 @@ sub UpdatePartitions($$)
my $partname = "part${i}_osid";
my $partvers = "part${i}_vers";
my $osid = $rowref->{$partname};
my $vers = $rowref->{$partvers};
my $osid = $image->DBData()->{$partname};
my $vers = $image->DBData()->{$partvers};
if (defined($osid)) {
my $osinfo = OSinfo->Lookup($osid, $vers);
if (!defined($osinfo)) {
......@@ -2479,12 +2540,11 @@ sub SetupReload($$)
}
my $imageid = $images[0]->imageid();
my $osid = $image->default_osid();
my $osid = $images[0]->default_osid();
#
# Get the path to the image
#
my $path = $image->path();
my $path = $images[0]->path();
#
# Tell stated that we're about to start reloading
......@@ -2521,12 +2581,12 @@ sub Reload($$)
my @images = @{$self->GetImages($nodeobject)};
my $imageid = $images[0]->imageid();
my $osid = $image->default_osid();
my $osid = $images[0]->default_osid();
#
# Get the path to the image
#
my $path = $image->path();
my $path = $images[0]->path();
TBSetNodeEventState($node_id,TBDB_NODESTATE_RELOADING);
......
......@@ -318,7 +318,7 @@ sub SetupReload($$)
my @images = @{$self->GetImages($nodeobject)};
my $newimageid = $images[0]->imageid();
my $newpart = $images[0]->loadpart();
my $newosid = $image->default_osid();
my $newosid = $images[0]->default_osid();
if (@images > 1) {
tbwarn "$self ($node_id): switches can load only one image; using first!";
......
......@@ -628,6 +628,10 @@ my $isglobal = $image->global();
my $usepath = 0;
my $isdataset = $image->isdataset();
my $hackprefix= $PROJROOT . "/" . $image->pid() . "/images/";
if ($image->IsDirPath()) {
# Add in the directory.
$hackprefix .= basename($image->path()) . "/";
}
#
# If we are creating a signature file for this image, get the
......@@ -1340,17 +1344,23 @@ if ($delta && $deltapct > 0 && defined($logfile)) {
#
# The upload completed okay, so move the files into place so that
# imagevalidate finds them in the correct place.
#
if (system("/bin/mv -f $filename " .
($delta ?
$image->DeltaImageFile() : $image->FullImageFile()))) {
# imagevalidate finds them in the correct place. We have to watch for
# the case that usepath=1 (target is in /usr/testbed); we do not want
# to rename them to the target (will not work anyway), they have to
# stay in /proj. More succintly, we always move the new files to the
# hackprefix location.
#
if (system("/bin/mv -f $filename $hackprefix" .
basename(($delta ?
$image->DeltaImageFile() :
$image->FullImageFile())))) {
fatal("Could not move new image file into place");
}
if ($dstsigfile &&
system("/bin/mv -f $dstsigfile " .
($delta ?
$image->FullImageSigFile() : $image->FullImageSigFile()))) {
system("/bin/mv -f $dstsigfile $hackprefix" .
basename(($delta ?
$image->FullImageSigFile() :
$image->FullImageSigFile())))) {
fatal("Could not move new signature file into place");
}
......@@ -1366,15 +1376,12 @@ my $cname = "$imagepid/$imagename";
$cname .= ":$version"
if ($doprovenance);
my $tbopsmsg = "";
if ($isglobal && $usepath) {
if ($isglobal && ($usepath || $doprovenance)) {
$tbopsmsg =
"Did not update DB state for global image $cname\n".
"since image was written to '$filename' instead of $TB/images.\n".
($doprovenance ?
"Please run imagerelease when ready for release:\n".
" imagerelease -q $cname\n" :
"Move image into place and run:\n".
" $imagevalidate -u $cname\n");
"since image was written to '$filename' instead of $TB/images.\n\n".
"Please run imagerelease when ready for release:\n".
" imagerelease -q $cname\n";
}
elsif (system("$imagevalidate -u $cname") != 0) {
$tbopsmsg =
......
......@@ -179,7 +179,7 @@ if ($version0->path() =~ /^\/usr\/testbed/) {
my $vers0src = "$PROJROOT/" . $image->pid() . "/images/";
if ($version0->IsDirPath()) {
# Add in the directory.
$vers0src .= basename($version0->path());
$vers0src .= basename($version0->path()) . "/";
}
#
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment