Commit b177bbac authored by Leigh Stoller's avatar Leigh Stoller

Fixes to quarantine mode:

1) Admins can terminate a quarantined experiment without having to clear
   the quarantine first (Terminate button on the status page is enabled,
   the panic is cleared at the cluster before terminating).

2) Do not throw up if the experiment creator is frozen (operate as
   project leader instead).
parent 80d942c2
......@@ -2925,9 +2925,9 @@ sub CredentialError()
#
# Ask aggregate to terminate a sliver.
#
sub Terminate($)
sub Terminate($;$)
{
my ($self) = @_;
my ($self, $withprivs) = @_;
my $method;
my @params;
my $authority = $self->GetGeniAuthority();
......@@ -2956,14 +2956,24 @@ sub Terminate($)
}
else {
my $credentials;
my ($slice_credential, $speaksfor_credential) =
APT_Geni::GenCredentials($slice, $geniuser, undef, 1);
return CredentialError()
if (!defined($slice_credential));
$credentials = [$slice_credential->asString()];
if (defined($speaksfor_credential)) {
$credentials = [@$credentials, $speaksfor_credential->asString()];
if ($withprivs) {
my $slice_credential = APT_Geni::GenAuthCredential($slice);
return CredentialError()
if (!defined($slice_credential));
$credentials = [$slice_credential->asString()];
}
else {
my ($slice_credential, $speaksfor_credential) =
APT_Geni::GenCredentials($slice, $geniuser, undef, 1);
return CredentialError()
if (!defined($slice_credential));
$credentials = [$slice_credential->asString()];
if (defined($speaksfor_credential)) {
$credentials = [@$credentials,
$speaksfor_credential->asString()];
}
}
$method = "DeleteSliver";
@params = ($slice->urn(), $credentials,
......
......@@ -1336,6 +1336,14 @@ sub DoTerminate()
if (defined($options{"L"})) {
$takelock = 1;
}
#
# Admins can terminate a paniced experiment, we will pass along an
# admin credential to tell the CM its okay.
#
if ($instance->paniced() && !$this_user->IsAdmin()) {
fatal("Only administrators can terminate a paniced experiment")
}
my $slice = $instance->GetGeniSlice();
if (!defined($slice)) {
......@@ -1426,7 +1434,16 @@ sub DoTerminate()
}
my $response;
$errcode = CallMethodOnAggregates("Terminate", 10, \$response, @agglist);
#
# Helper callback to send the proper arguments.
#
my $coderef = sub {
my ($sliver) = @_;
# Flag that we want to clear the panic, so send an auth credential.
return $sliver->Terminate($instance->paniced() ? 1 : undef);
};
$errcode = CallMethodOnAggregates($coderef, 10, \$response, @agglist);
if ($errcode) {
$exitcode = -1;
......
......@@ -8089,6 +8089,12 @@ sub FlipToUser($$)
$project = $experiment->GetProject();
$group = $experiment->GetGroup();
$creator = $experiment->GetCreator();
#
# If creator is frozen we need to use the project leader instead.
#
if ($creator->frozen()) {
$creator = $project->GetLeader();
}
}
elsif (ref($object) eq "OSImage" || ref($object) eq "Image") {
$image = $object;
......
......@@ -909,7 +909,7 @@ sub DeleteSlice($)
}
if (!defined($aggregate)) {
# Easy. Force blocking off and cleanup.
$blocking = 1;
$blocking = 0;
goto cleanit;
}
my $slice_experiment = $slice->GetExperiment();
......@@ -921,10 +921,41 @@ sub DeleteSlice($)
if (defined($slice_experiment) &&
($slice_experiment->state() eq EXPTSTATE_PANICED() ||
$slice_experiment->paniced())) {
print STDERR "Refusing to terminate a paniced experiment\n";
$slice->UnLock();
return GeniResponse->Create(GENIRESPONSE_REFUSED(), undef,
"Refusing to terminate a paniced experiment");
#
# We are going to let the slice's SA clear the panic so it
# can terminate. We know that it is in level 1 or 3, so we
# can just clear it without rebooting, the nodes are going to
# go into reloading anyway.
#
my $caller = GeniHRN->new($credential->owner_urn());
if (! ($caller->IsSA() &&
$caller->domain() eq $slice->urn()->domain())) {
print STDERR "Refusing to terminate a paniced experiment\n";
$slice->UnLock();
return GeniResponse->Create(GENIRESPONSE_REFUSED(), undef,
"Refusing to terminate a paniced experiment");
}
if (! ($slice_experiment->paniced() == 1 ||
$slice_experiment->paniced() == 3)) {
return GeniResponse->Create(GENIRESPONSE_REFUSED(), undef,
"Paniced experiment is not at correct level");
}
#
# This operation has to be done as an admin person.
#
my $pid = $slice_experiment->pid();
my $eid = $slice_experiment->eid();
my $command = "$WAP $PANIC -c $pid $eid";
print STDERR "Clearing panic before termination\n";
GeniUtil::FlipToElabMan();
system($command);
if ($?) {
$slice->UnLock();
return GeniResponse->Create(GENIRESPONSE_ERROR, undef,
"Could not clear panic before termination");
}
$slice->ClearShutdown();
GeniUtil::FlipToGeniUser();
}
#
......
......@@ -702,6 +702,7 @@ $(function ()
break;
case 'provisioned':
case 'scheduled':
case 'deferred':
case 'pending':
refresh = reloadtopo = extend = snapshot = destroy = 0;
......@@ -714,9 +715,12 @@ $(function ()
break;
case 'quarantined':
terminate = refresh = reloadtopo = extend = snapshot = 0;
destroy = 0;
refresh = reloadtopo = extend = snapshot = destroy = 0;
release = 1;
// We let admins terminate/refresh a quarantined experiment.
if (isadmin) {
terminate = refresh = 1;
}
break;
case 'failed':
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment