Checkpoint fixes made while getting initialization scripts to work

0cea3c39 · Leigh B. Stoller · 359bc3a4 · 0cea3c39 · 0cea3c39 · 0cea3c39
Commit 0cea3c39 authored Nov 04, 2008 by Leigh B. Stoller
--- a/protogeni/lib/GeniAggregate.pm.in
+++ b/protogeni/lib/GeniAggregate.pm.in
@@ -36,6 +36,7 @@ my $TBAPPROVAL     = "@TBAPPROVALEMAIL@";
 my $TBAUDIT   	   = "@TBAUDITEMAIL@";
 my $BOSSNODE       = "@BOSSNODE@";
 my $OURDOMAIN      = "@OURDOMAIN@";
+my $PGENIDOMAIN    = "@PROTOGENI_DOMAIN@";
 my $SIGNCRED	   = "$TB/sbin/signgenicred";
 my $VERIFYCRED	   = "$TB/sbin/verifygenicred";

@@ -237,7 +238,7 @@ sub hrn($)
    if (defined($hrn) && $hrn ne "") {
 	return $hrn;
    }
-    return "emulab.aggregate_" . $self->idx();
+    return "${PGENIDOMAIN}.aggregate_" . $self->idx();
 }

 #
@@ -596,7 +597,7 @@ sub Create($$$)
    #
    # Form an hrn using the slicename and linkname
    #
-    my $hrn = "emulab." . $slice->slicename() . "." . $linkname;
+    my $hrn = "${PGENIDOMAIN}." . $slice->slicename() . "." . $linkname;

    return GeniAggregate->Create($slice, $owner, "Link", $hrn, $linkname);
 }
@@ -755,7 +756,7 @@ sub Create($$$$$$)
    #
    # Form an hrn using the slicename and linkname
    #
-    my $hrn = "emulab." . $slice->slicename() . "." . $linkname;
+    my $hrn = "${PGENIDOMAIN}." . $slice->slicename() . "." . $linkname;

    my $aggregate = GeniAggregate->Create($slice, $owner, "Tunnel",
 					  $hrn, $linkname);

--- a/protogeni/lib/GeniSA.pm.in
+++ b/protogeni/lib/GeniSA.pm.in
@@ -35,6 +35,7 @@ use Data::Dumper;
 # Configure variables
 my $TB		   = "@prefix@";
 my $OURDOMAIN      = "@OURDOMAIN@";
+my $PGENIDOMAIN    = "@PROTOGENI_DOMAIN@";

 #
 # Get a credential for an object. Ignoring the type for now. If no credential
@@ -48,10 +49,6 @@ sub GetCredential($)
    my $cred = $argref->{'credential'};
    my $type = $argref->{'type'};
    
-    if (! (defined($uuid) && ($uuid =~ /^[-\w]*$/))) {
-	return GeniResponse->MalformedArgsResponse();
-    }
-
    #
    # No credential, then return a generic credential giving user permission
    # to do other things.
@@ -89,6 +86,9 @@ sub GetCredential($)
 	return GeniResponse->Create(GENIRESPONSE_SUCCESS,
 				    $credential->asString());
    }
+    if (! (defined($uuid) && ($uuid =~ /^[-\w]*$/))) {
+	return GeniResponse->MalformedArgsResponse();
+    }

    my $credential = GeniCredential->CreateFromSigned($cred);
    if (!defined($credential)) {
@@ -231,7 +231,7 @@ sub Resolve($)
 	    # XXX Form hrn from the uid and domain. This is backwards.
 	    #
 	    if (! ($hrn =~ /\./)) {
-		$hrn = "emulab.${hrn}";
+		$hrn = "${PGENIDOMAIN}.${hrn}";
 	    }
 	    $geniuser = GeniUser->Lookup($hrn, 1);
 	}
@@ -269,7 +269,7 @@ sub Resolve($)
 	    # XXX Form hrn from the uid and domain. This is backwards.
 	    #
 	    if (! ($hrn =~ /\./)) {
-		$hrn = "emulab.${hrn}";
+		$hrn = "${PGENIDOMAIN}.${hrn}";
 	    }
 	    $slice = GeniSlice->Lookup($hrn);
 	}
@@ -394,7 +394,7 @@ sub Register($)
 	#
 	# XXX Form hrn from the uid and domain. This is backwards.
 	#
-	my $hrn = "emulab.${hrn}";
+	my $hrn = "${PGENIDOMAIN}.${hrn}";

 	#
 	# Generate a certificate (and uuid) for this new slice.
@@ -543,7 +543,7 @@ sub Remove($)
 	    # XXX Form hrn from the uid and domain. This is backwards.
 	    #
 	    if (! ($hrn =~ /\./)) {
-		$hrn = "emulab.${hrn}";
+		$hrn = "${PGENIDOMAIN}.${hrn}";
 	    }
 	    $slice = GeniSlice->Lookup($hrn);
 	}

--- a/protogeni/lib/GeniSliver.pm.in
+++ b/protogeni/lib/GeniSliver.pm.in
@@ -40,6 +40,7 @@ my $TBAPPROVAL     = "@TBAPPROVALEMAIL@";
 my $TBAUDIT   	   = "@TBAUDITEMAIL@";
 my $BOSSNODE       = "@BOSSNODE@";
 my $OURDOMAIN      = "@OURDOMAIN@";
+my $PGENIDOMAIN    = "@PROTOGENI_DOMAIN@";
 my $SIGNCRED	   = "$TB/sbin/signgenicred";
 my $AVAIL	   = "$TB/sbin/avail";
 my $NALLOC	   = "$TB/bin/nalloc";
@@ -707,7 +708,7 @@ sub Create($$$$$)
 	    return undef;
 	}
    }
-    my $hrn = "emulab." . $node->node_id();
+    my $hrn = "${PGENIDOMAIN}." . $node->node_id();
    my $nickname = $rspec->{'nickname'};
    
    #
@@ -743,7 +744,7 @@ sub Create($$$$$)
 	}
 	my $vnode = Node->Lookup($vnodes[0]);
 	$uuid = $vnode->uuid();
-	$hrn = "emulab." . $vnode->node_id()
+	$hrn = "${PGENIDOMAIN}." . $vnode->node_id()
    }
    return GeniSliver->Create($slice, $user_uuid, $uuid, $resource_uuid,
 			      "Node", $hrn, $nickname, $rspec);
@@ -1009,7 +1010,8 @@ sub Create()
 	$interface_uuid, $node, $rspec) = @_;

    my $nickname = $rspec->{'nickname'};
-    my $hrn = "emulab." . $node->node_id() . "." . $rspec->{'iface_name'};
+    my $hrn = "${PGENIDOMAIN}." .
+	$node->node_id() . "." . $rspec->{'iface_name'};

    return GeniSliver->Create($slice, $user_uuid, $interface_uuid,
 			      $node->uuid(), "Interface",

--- a/protogeni/lib/GeniUser.pm.in
+++ b/protogeni/lib/GeniUser.pm.in
@@ -498,6 +498,8 @@ use GeniUser;
 use GeniCertificate;
 use overload ('""' => 'Stringify');

+my $PGENIDOMAIN   = "@PROTOGENI_DOMAIN@";
+
 #
 # Create a wrapper, with the same access names.
 #
@@ -529,7 +531,7 @@ sub email($)		{ return $_[0]->{'USER'}->email(); }
 sub GetSSHKeys($$)      { return $_[0]->{'USER'}->GetSSHKeys($_[1]); }

 # Need to construct this since not in User structure.
-sub hrn($)		{ return "emulab." . $_[0]->uid(); }
+sub hrn($)		{ return "${PGENIDOMAIN}." . $_[0]->uid(); }

 # And this is in another structure.
 sub cert($)             { return $_[0]->{'CERT'}->cert(); }

--- a/protogeni/scripts/initsite.in
+++ b/protogeni/scripts/initsite.in
@@ -41,6 +41,7 @@ my $MKCERTS	  = "$TB/sbin/protogeni/createcerts";
 my $ADDAUTHORITY  = "$TB/sbin/protogeni/addauthority";
 my $GETCACERTS    = "$TB/sbin/protogeni/getcacerts";
 my $MKSYSCERT	  = "$TB/sbin/mksyscert";
+my $MKUSERCERT	  = "$TB/sbin/mkusercert";
 my $WAP           = "$TB/sbin/withadminprivs";
 my $SACERT	  = "$TB/etc/genisa.pem";
 my $CMCERT	  = "$TB/etc/genicm.pem";
@@ -67,6 +68,7 @@ $| = 1;

 # Load the Testbed support stuff.
 use lib "@prefix@/lib";
+use libtestbed;
 use User;
 use Project;

@@ -176,6 +178,7 @@ if (!defined($geniuser)) {
    fatal("Need to do an install")
 	if (! -e "$TB/etc/protogeni/geniuser.xml");

+    print "Creating Geni pseudo user ...\n";
    system("$SUDO -u $PROTOUSER $WAP $NEWUSER $TB/etc/protogeni/geniuser.xml");
    fatal("Could not create geni user")
 	if ($?);
@@ -184,6 +187,12 @@ if (!defined($geniuser)) {
    fatal("Could not verify geni user")
 	if ($?);

+    # Create an encrypted certificate for the test scripts.
+    my $passwd = substr(TBGenSecretKey(), 0, 10);
+    system("$SUDO -u $PROTOUSER $WAP $MKUSERCERT -p '$passwd' $geniuserid");
+    fatal("Could not create encrypted certificate for geni user")
+	if ($?);
+
    $geniuser = User->Lookup($geniuserid);    
    fatal("Could not lookup $geniuserid")
 	if (!defined($geniuser));
@@ -193,6 +202,7 @@ if (!defined($geniproj)) {
    fatal("Need to do an install")
 	if (! -e "$TB/etc/protogeni/geniproj.xml");

+    print "Creating Geni slices project ...\n";
    system("$SUDO -u $PROTOUSER $WAP $NEWPROJ $TB/etc/protogeni/geniproj.xml");
    fatal("Could not create geni project")
 	if ($?);
@@ -211,6 +221,7 @@ $geniproj->Refresh();
 #
 # Databases.
 #
+print "Creating Databases ...\n";
 foreach my $dbname ("geni", "geni-ch", "geni-cm") {
    if (system("$MYSQLSHOW $dbname >/dev/null 2>/dev/null")) {
 	system("$MYSQLADMIN create $dbname") == 0
@@ -238,17 +249,20 @@ if (! -e "$TB/lib/ssl/syscert.cnf") {
    exit(1);
 }
 if (! -e $CMCERT) {
+    print "Creating CM certificate ...\n";
    system("$SUDO -u $PROTOUSER $MKSYSCERT -o $CMCERT ".
 	   "  -u $TBBASE/protogeni/xmlrpc/cm $PGENIDOMAIN.cm") == 0
 	   or fatal("Could not generate $CMCERT");
 }
 if (! -e $SACERT) {
+    print "Creating SA certificate ...\n";
    system("$SUDO -u $PROTOUSER $MKSYSCERT -o $SACERT ".
 	   "  -u $TBBASE/protogeni/xmlrpc/sa $PGENIDOMAIN.sa") == 0
 	   or fatal("Could not generate $SACERT");
 }
 if ($asch) {
    if (! -e $CHCERT) {
+	print "Creating CH certificate ...\n";
 	system("$SUDO -u $PROTOUSER $MKSYSCERT -o $CHCERT ".
 	       "  -u $TBBASE/protogeni/xmlrpc/ch $PGENIDOMAIN.ch") == 0
 	       or fatal("Could not generate $CHCERT");
@@ -277,6 +291,7 @@ else {
    #
    # Grab the CH certificate from Utah. Only one for now.
    #
+    print "Fetching clearinghouse certificate from Utah ...\n";
    system("$FETCH -q -o $CHCERT http://boss.emulab.net/genich.pem") == 0
 	or fatal("Could not fetch clearinghouse certificate from Utah");
 }
@@ -297,6 +312,7 @@ if (!defined($context)) {
 # Note that we had to send the clearinghouse $TB/etc/emulab.pem so they
 # know about this new site. That is sent out of band (email).
 #
+print "Getting credential to talk to clearinghouse ...\n";
 my $credential = GeniRegistry::ClearingHouse->GetCredential($context);
 if (!defined($credential)) {
    fatal("Could not get credential to talk to clearinghouse");
@@ -308,7 +324,15 @@ if (!defined($clearinghouse)) {
 }

 #
-# Register our certs.
+# Add certs to the local SA database.
+#
+system("$ADDAUTHORITY $SACERT sa") == 0
+    or fatal("Could not add SA certificate");
+system("$ADDAUTHORITY $CMCERT cm") == 0
+    or fatal("Could not add CM certificate");
+
+#
+# Register our certs at the clearinghouse.
 #
 print "Registering SA cert at the clearinghouse.\n";
 if ($clearinghouse->Register("SA", $certificate->cert())) {