osp.py 68 KB
Newer Older
1 2 3 4 5
#!/usr/bin/env python

import geni.portal as portal
import geni.rspec.pg as RSpec
import geni.rspec.igext as IG
6 7
# Emulab specific extensions.
import geni.rspec.emulab as emulab
8 9 10
from lxml import etree as ET
import crypt
import random
11 12
import os.path
import sys
13

14
TBURL = "http://www.emulab.net/downloads/openstack-setup-v33.tar.gz"
15
TBCMD = "sudo mkdir -p /root/setup && (if [ -d /local/repository ]; then sudo -H /local/repository/setup-driver.sh 2>&1 | sudo tee /root/setup/setup-driver.log; else sudo -H /tmp/setup/setup-driver.sh 2>&1 | sudo tee /root/setup/setup-driver.log; fi)"
16

17 18 19 20 21 22
#
# For now, disable the testbed's root ssh key service until we can remove ours.
# It seems to race (rarely) with our startup scripts.
#
disableTestbedRootKeys = True

23 24 25 26 27 28 29 30 31 32 33 34 35 36 37
#
# Create our in-memory model of the RSpec -- the resources we're going to request
# in our experiment, and their configuration.
#
rspec = RSpec.Request()

#
# This geni-lib script is designed to run in the CloudLab Portal.
#
pc = portal.Context()

#
# Define *many* parameters; see the help docs in geni-lib to learn how to modify.
#
pc.defineParameter("release","OpenStack Release",
David Johnson's avatar
David Johnson committed
38 39
                   portal.ParameterType.STRING,"queens",[("queens","Queens"),("pike","Pike"),("ocata","Ocata"),("newton","Newton"),("mitaka","Mitaka"),("liberty","Liberty (deprecated)"),("kilo","Kilo (deprecated)"),("juno","Juno (deprecated)")],
                   longDescription="We provide OpenStack Queens (Ubuntu 18.04), Pike, Ocata, Newton, Mitaka (Ubuntu 16.04); Liberty (Ubuntu 15.10); Kilo (Ubuntu 15.04); or Juno (Ubuntu 14.10).  OpenStack is installed from packages available on these distributions.")
40 41
pc.defineParameter("computeNodeCount", "Number of compute nodes (at Site 1)",
                   portal.ParameterType.INTEGER, 1)
42
pc.defineParameter("osNodeType", "Hardware Type",
43
                   portal.ParameterType.NODETYPE, "",
44
                   longDescription="A specific hardware type to use for each node.  Cloudlab clusters all have machines of specific types.  When you set this field to a value that is a specific hardware type, you will only be able to instantiate this profile on clusters with machines of that type.  If unset, when you instantiate the profile, the resulting experiment may have machines of any available type allocated.")
45
pc.defineParameter("osLinkSpeed", "Experiment Link Speed",
46 47 48
                   portal.ParameterType.INTEGER, 0,
                   [(0,"Any"),(1000000,"1Gb/s"),(10000000,"10Gb/s")],
                   longDescription="A specific link speed to use for each node.  All experiment network interfaces will request this speed.")
49 50 51 52 53
pc.defineParameter("ml2plugin","ML2 Plugin",
                   portal.ParameterType.STRING,"openvswitch",
                   [("openvswitch","OpenVSwitch"),
                    ("linuxbridge","Linux Bridge")],
                   longDescription="Starting in Liberty and onwards, we support both the OpenVSwitch and LinuxBridge ML2 plugins to create virtual networks in Neutron.  OpenVSwitch remains our default and best-supported option.  Note: you cannot use GRE tunnels with the LinuxBridge driver; you'll need to use VXLAN tunnels instead.  And by default, the profile allocates 1 GRE tunnel -- so you must change that immediately, or you will see an error.")
54 55 56
pc.defineParameter("extraImageURLs","Extra VM Image URLs",
                   portal.ParameterType.STRING,"",
                   longDescription="This parameter allows you to specify a space-separated list of URLs, each of which points to an OpenStack VM image, which we will download and slighty tweak before uploading to Glance in your OpenStack experiment.")
57 58 59
pc.defineParameter("firewall","Experiment Firewall",
                   portal.ParameterType.BOOLEAN,False,
                   longDescription="Optionally add a CloudLab infrastructure firewall between the public IP addresses of your nodes (and your floating IPs) and the Internet (and rest of CloudLab).")
60 61 62 63 64

pc.defineParameter("ubuntuMirrorHost","Ubuntu Package Mirror Hostname",
                   portal.ParameterType.STRING,"",advanced=True,
                   longDescription="A specific Ubuntu package mirror host to use instead of us.archive.ubuntu.com (mirror must have Ubuntu in top-level dir, or you must also edit the mirror path parameter below)")
pc.defineParameter("ubuntuMirrorPath","Ubuntu Package Mirror Path",
65
                   portal.ParameterType.STRING,"",advanced=True,
66
                   longDescription="A specific Ubuntu package mirror path to use instead of /ubuntu/ (you must also set a value for the package mirror parameter)")
67 68 69
pc.defineParameter("doAptUpgrade","Upgrade OpenStack packages and dependencies to the latest versions",
                   portal.ParameterType.BOOLEAN, False,advanced=True,
                   longDescription="The default images this profile uses have OpenStack and dependent packages preloaded.  To guarantee that these scripts always work, we no longer upgrade to the latest packages by default, to avoid changes.  If you want to ensure you have the latest packages, you should enable this option -- but if there are setup failures, we can't guarantee support.  NOTE: selecting this option requires that you also select the option to update the Apt package cache!")
70 71 72
pc.defineParameter("doAptDistUpgrade","Upgrade all packages to their latest versions",
                   portal.ParameterType.BOOLEAN, False,advanced=True,
                   longDescription="Sometimes, if you install using the fromScratch option, you'll need to update some of the base distro packages via apt-get dist-upgrade; this option handles that.  NOTE: selecting this option requires that you also select the option to update the Apt package cache!")
73 74 75
pc.defineParameter("doCloudArchiveStaging","Enable Ubuntu Cloud Archive staging repo",
                   portal.ParameterType.BOOLEAN, False,advanced=True,
                   longDescription="If the base Ubuntu version is an LTS release, we enable package installation from the Ubuntu Cloud Archive.  If you want the latest packages, you must enable the staging repository.  This option does that.  Of course, it only matters if you have selected either a fromScratch install, or if you have selected the option to upgrade installed packages.")
76 77 78 79 80 81 82 83 84
pc.defineParameter("doAptInstall","Install required OpenStack packages and dependencies",
                   portal.ParameterType.BOOLEAN, True,advanced=True,
                   longDescription="This option allows you to tell the setup scripts not to install or upgrade any packages (other than the absolute dependencies without which the scripts cannot run).  If you start from bare images, or select a profile option that may trigger a package to be installed, we may need to install packages for you; and if you have disabled it, we might not be able to configure these features.  This option is really only for people who want to configure only the openstack packages that are already installed on their disk images, and not be surprised by package or database schema upgrades.  NOTE: this option requires that you also select the option to update the Apt package cache!")
pc.defineParameter("doAptUpdate","Update the Apt package cache before installing any packages",
                   portal.ParameterType.BOOLEAN, True,advanced=True,
                   longDescription="This parameter is a bit dangerous.  We update the Apt package cache by default in case we need to install any packages (i.e., if your base image doesn't have OpenStack packages preinstalled, or is missing some package that the scripts must have).  If the cache is outdated, and Apt tries to download a package, that package version may no longer exist on the mirrors.  Only disable this option if you want to minimize the risk that currently-installed pacakges will be upgraded due to dependency pull-in.  Of course, by not updating the package cache, you may not be able to install any packages (and if these scripts need to install packages for you, they may fail!), so be careful with this option.")
pc.defineParameter("fromScratch","Install OpenStack packages on a bare image",
                   portal.ParameterType.BOOLEAN,False,advanced=True,
                   longDescription="If you do not mind waiting awhile for your experiment and OpenStack instance to be available, you can select this option to start from one of our standard Ubuntu disk images; the profile setup scripts will then install all necessary packages.  NOTE: this option may only be used at x86 cluster (i.e., not the \"Utah Cluster\") for now!  NOTE: this option requires that you select both the Apt update and install package options above!")
85 86 87
pc.defineParameter("publicIPCount", "Number of public IP addresses",
                   portal.ParameterType.INTEGER, 4,advanced=True,
                   longDescription="Make sure to include both the number of floating IP addresses you plan to need for instances; and also for OpenVSwitch interface IP addresses.  Each OpenStack network this profile creates for you is bridged to the external, public network, so you also need a public IP address for each of those switch interfaces.  So, if you ask for one GRE tunnel network, and one flat data network (the default configuration), you would need two public IPs for switch interfaces, and then you request two additional public IPs that can be bound to instances as floating IPs.  If you ask for more networks, make sure to increase this number appropriately.")
88 89 90 91 92 93 94 95 96 97 98 99 100
pc.defineParameter("flatDataLanCount","Number of Flat Data Networks",
                   portal.ParameterType.INTEGER,1,advanced=True,
                   longDescription="Create a number of flat OpenStack networks.  If you do not select the Multiplex Flat Networks option below, each of these networks requires a physical network interface.  If you attempt to instantiate this profile on nodes with only 1 experiment interface, and ask for more than one flat network, your profile will not instantiate correctly.  Many CloudLab nodes have only a single experiment interface.")
pc.defineParameter("greDataLanCount","Number of GRE Tunnel Data Networks",
                   portal.ParameterType.INTEGER,1,advanced=True,
                   longDescription="To use GRE tunnels, you must have at least one flat data network; all tunnels are implemented using the first flat network!")
pc.defineParameter("vlanDataLanCount","Number of VLAN Data Networks",
                   portal.ParameterType.INTEGER,0,advanced=True,
                   longDescription="If you want to play with OpenStack networks that are implemented using real VLAN tags, create VLAN-backed networks with this parameter.  Currently, however, you cannot combine it with Flat nor Tunnel data networks.")
pc.defineParameter("vxlanDataLanCount","Number of VXLAN Data Networks",
                   portal.ParameterType.INTEGER,0,
                   longDescription="To use VXLAN networks, you must have at least one flat data network; all tunnels are implemented using the first flat network!",
                   advanced=True)
101 102 103 104 105
pc.defineParameter("useDesignateAsResolver",
                   "Use Designate as physical host nameserver",
                   portal.ParameterType.BOOLEAN,True,
                   longDescription="If using OpenStack Newton or greater, use the Designate nameserver as the primary nameserver for each physical machine.  This will allow you to resolve virtual IPs for instances from the physical machines.",
                   advanced=True)
106 107 108 109 110 111 112 113
pc.defineParameter("managementLanType","Management Network Type",
                   portal.ParameterType.STRING,"vpn",[("vpn","VPN"),("flat","Flat")],
                   advanced=True,longDescription="This profile creates a classic OpenStack setup, where services communicate not over the public network, but over an isolated private management network.  By default, that management network is implemented as a VPN hosted on the public network; this allows us to not use up a physical experiment network interface just to host the management network, and leaves that unused interface available for OpenStack data networks.  However, if you are using multiplexed Flat networks, you can also make this a Flat network, and it will be multiplexed along with your other flat networks---isolated by VLAN tags.  These VLAN tags are internal to CloudLab, and are invisible to OpenStack.")

pc.defineParameter("multiplexFlatLans", "Multiplex Flat Networks",
                   portal.ParameterType.BOOLEAN, False,
                   longDescription="Multiplex any flat networks (i.e., management and all of the flat data networks) over physical interfaces, using VLANs.  These VLANs are invisible to OpenStack, unlike the NUmber of VLAN Data Networks option, where OpenStack assigns the real VLAN tags to create its networks.  On CloudLab, many physical machines have only a single experiment network interface, so if you want multiple flat networks, you have to multiplex.  Currently, if you select this option, you *must* specify 0 for VLAN Data Networks; we cannot support both simultaneously yet.",
                   advanced=True)
114
pc.defineParameter("connectSharedVlan","Connect Shared VLAN",
115 116 117
                   portal.ParameterType.STRING,"",
                   longDescription="Connect the controller node to a shared VLAN.  This allows your OpenStack experiment to connect to one more separate experiments.  This requires a non-multiplexed physical network interface, so you can only use this parameter on node types that provide two or more physical network interfaces!  If the shared VLAN does not yet exist (e.g. was not manually created for you by an administrator, or created in another experiment), enable the next option to create it.",
                   advanced=True)
118
pc.defineParameter("createSharedVlan","Create Shared VLAN",
119 120 121
                   portal.ParameterType.BOOLEAN,False,
                   longDescription="Create a new shared VLAN with the name above, and connect the controller node to it.  This requires a non-multiplexed physical network interface, so you can only use this parameter on node types that provide two or more physical network interfaces!",
                   advanced=True)
122 123 124 125
pc.defineParameter("sharedVlanAddress","Shared VLAN IP Address",
                   portal.ParameterType.STRING,"10.10.10.1/255.255.255.0",
                   longDescription="Set the IP address and subnet mask for the shared VLAN interface.  Make sure you choose an unused address within the subnet of an existing shared vlan!  Also ensure that you specify the subnet mask as a dotted quad.",
                   advanced=True)
126 127 128 129
pc.defineParameter("computeNodeCountSite2", "Number of compute nodes at Site 2",
                   portal.ParameterType.INTEGER, 0,advanced=True,
                   longDescription="You can add additional compute nodes from other CloudLab clusters, allowing you to experiment with remote VMs controlled from the central controller at the first site.")

130 131 132 133
pc.defineParameter("swiftLVSize", "Swift Logical Volume Size",
                   portal.ParameterType.INTEGER,4,advanced=True,
                   longDescription="The necessary space in GB to reserve for each of two Swift backing store volumes, when it is possible to use logical volumes.  Nearly all Cloudlab machines do support logical volumes.  Ensure that the total disk space requested (20GB root + 2x Swift LV size + 1x Glance LV size) is less than the total disk space available on the node type you want to run on.")
pc.defineParameter("glanceLVSize", "Glance Logical Volume Size",
134
                   portal.ParameterType.INTEGER,32,advanced=True,
135
                   longDescription="The necessary space in GB to reserve for a Glance backing store for disk images, when it is possible to use logical volumes.  Nearly all Cloudlab machines do support logical volumes.  Ensure that the total disk space requested (20GB root + 2x Swift LV size + 1x Glance LV size) is less than the total disk space available on the node type you want to run on.")
136 137 138 139 140 141 142 143 144 145 146
pc.defineParameter("tempBlockstoreMountPoint", "Temporary Filesystem Mount Point",
                   portal.ParameterType.STRING,"",advanced=True,
                   longDescription="Mounts an ephemeral, temporary filesystem at this mount point, on the nodes which you specify below.  If you specify no nodes, and specify a mount point here, all nodes will get a temp filesystem.  Be careful where you mount it -- something might already be there (i.e., /storage is already taken).")
pc.defineParameter("tempBlockstoreSize", "Temporary Filesystem Size",
                   portal.ParameterType.INTEGER, 0,advanced=True,
                   longDescription="The necessary space in GB to reserve for your temporary filesystem.")
pc.defineParameter("tempBlockstoreMountNodes", "Temporary Filesystem Mount Node(s)",
                   portal.ParameterType.STRING,"",advanced=True,
                   longDescription="The node(s) on which you want a temporary filesystem created; space-separated for more than one.  Leave blank if you want all nodes to have a temp filesystem.")

pc.defineParameter("blockstoreURN", "Remote Dataset URN",
147
                   portal.ParameterType.STRING, "",advanced=True,
148 149
                   longDescription="The URN of an *existing* remote dataset (a remote block store) that you want attached to the node you specified (defaults to the ctl node).  The block store must exist at the cluster at which you instantiate the profile!")
pc.defineParameter("blockstoreMountNode", "Remote Dataset Mount Node",
150 151
                   portal.ParameterType.STRING, "ctl",advanced=True,
                   longDescription="The node on which you want your remote block store mounted; defaults to the controller node.")
152
pc.defineParameter("blockstoreMountPoint", "Remote Dataset Mount Point",
153
                   portal.ParameterType.STRING, "/dataset",advanced=True,
154 155
                   longDescription="The mount point at which you want your remote dataset mounted.  Be careful where you mount it -- something might already be there (i.e., /storage is already taken).  Note also that this option requires a network interface, because it creates a link between the dataset and the node where the dataset is available.  Thus, just as for creating extra LANs, you might need to select the Multiplex Flat Networks option, which will also multiplex the blockstore link here.")
pc.defineParameter("blockstoreReadOnly", "Mount Remote Dataset Read-only",
156
                   portal.ParameterType.BOOLEAN, True,advanced=True,
157
                   longDescription="Mount the remote dataset in read-only mode.")
158

159
pc.defineParameter("localBlockstoreURN", "Image-backed Dataset URN",
160 161
                   portal.ParameterType.STRING, "",advanced=True,
                   longDescription="The URN of an image-backed dataset that already exists that you want loaded into the node you specified (defaults to the ctl node).  The block store must exist at the cluster at which you instantiate the profile!")
162
pc.defineParameter("localBlockstoreMountNode", "Image-backed Dataset Mount Node",
163
                   portal.ParameterType.STRING, "ctl",advanced=True,
164 165
                   longDescription="The node on which you want your image-backed dataset mounted; defaults to the controller node.")
pc.defineParameter("localBlockstoreMountPoint", "Image-Backed Dataset Mount Point",
166
                   portal.ParameterType.STRING, "/image-dataset",advanced=True,
167 168
                   longDescription="The mount point at which you want your image-backed dataset mounted.  Be careful where you mount it -- something might already be there (i.e., /storage is already taken).")
pc.defineParameter("localBlockstoreSize", "Image-Backed Dataset Size",
169
                   portal.ParameterType.INTEGER, 0,advanced=True,
170 171
                   longDescription="The necessary space to reserve for your image-backed dataset (you should set this to at least the minimum amount of space your image-backed dataset will require).")
pc.defineParameter("localBlockstoreReadOnly", "Mount Image-Backed Dataset Read-only",
172
                   portal.ParameterType.BOOLEAN, True,advanced=True,
173
                   longDescription="Mount the image-backed dataset in read-only mode.")
174

175 176 177 178 179
pc.defineParameter("ipAllocationStrategy","IP Addressing",
                   portal.ParameterType.STRING,"script",[("cloudlab","CloudLab"),("script","This Script")],
                   longDescription="Either let CloudLab auto-generate IP addresses for the nodes in your OpenStack networks, or let this script generate them.  If you include nodes at multiple sites, you must choose this script!  The default is this script, because the subnets CloudLab generates for flat networks are sized according to the number of physical nodes in your topology.  However, when the profile sets up your flat OpenStack networks, it tries to enable your VMs and physical nodes to talk to each other---so they all must be on the same subnet.  Thus, you may not have many IPs left for VMs.  However, if the script IP address generation is buggy or otherwise insufficient, you can fall back to CloudLab and see if that improves things.",
                   advanced=True)

180 181 182 183 184 185 186 187 188 189
pc.defineParameter("tokenTimeout","Keystone Token Expiration in Seconds",
                   portal.ParameterType.INTEGER,14400,advanced=True,
                   longDescription="Keystone token expiration in seconds.")

pc.defineParameter("sessionTimeout","Horizon Session Timeout in Seconds",
                   portal.ParameterType.INTEGER,14400,advanced=True,
                   longDescription="Horizon session timeout in seconds.")

pc.defineParameter("keystoneVersion","Keystone API Version",
                   portal.ParameterType.INTEGER,
190
                   0, [ (0,"(default)"),(2,"v2.0"),(3,"v3") ],advanced=True,
191
                   longDescription="Keystone API Version.  Defaults to v2.0 on Juno and Kilo; defaults to v3 on Liberty and onwards.  You can try to force v2.0 on Liberty and onwards, but we cannot guarantee support for this configuration.")
192
pc.defineParameter("keystoneUseMemcache","Keystone Uses Memcache",
193
                   portal.ParameterType.BOOLEAN,False,advanced=True,
194
                   longDescription="Specify whether or not Keystone should use Memcache as its token backend.  In our testing, this has seemed to exacerbate intermittent Keystone internal errors, so it is off by default, and by default, the SQL token backend is used instead.")
195 196
pc.defineParameter("keystoneUseWSGI","Keystone Uses WSGI",
                   portal.ParameterType.INTEGER,
197
                   2, [ (2,"(default)"),(1,"Yes"),(0,"No") ],advanced=True,
198
                   longDescription="Specify whether or not Keystone should use Apache/WSGI instead of its own server.  This is the default from Kilo onwards.  In our testing, this has seemed to slow down Keystone.")
199
pc.defineParameter("quotasOff","Unlimit Default Quotas",
200
                   portal.ParameterType.BOOLEAN,True,advanced=True,
201
                   longDescription="Set the default Nova and Cinder quotas to unlimited, at least those that can be set via CLI utils (some cannot be set, but the significant ones can be set).")
202

203 204 205 206
pc.defineParameter("disableSecurityGroups","Disable Security Group Enforcement",
                   portal.ParameterType.BOOLEAN,False,advanced=True,
                   longDescription="Sometimes it can be easier to play with OpenStack if you do not have to mess around with security groups at all.  This option selects a null security group driver, if set.  This means security groups are enabled, but are not enforced (we set the firewall_driver neutron option to neutron.agent.firewall.NoopFirewallDriver to accomplish this).")

207 208 209 210
pc.defineParameter("enableHostPassthrough","Enable Host Passthrough",
                    portal.ParameterType.BOOLEAN,True,advanced=True,
                    longDescription="Signals KVM to pass through the host CPU with no modifications. The difference to host-model, instead of just matching feature flags, every last detail of the host CPU is matched. This gives the best performance but comes at a cost with respect to migration. The guest can only be migrated to a matching host CPU.")

211 212 213 214
pc.defineParameter("enableInboundSshAndIcmp","Enable Inbound SSH and ICMP",
                   portal.ParameterType.BOOLEAN,True,advanced=True,
                   longDescription="Enable inbound SSH and ICMP into your instances in the default security group, if you have security groups enabled.")

215
pc.defineParameter("enableNeutronLoadBalancing","Enable Neutron LBaaS",
216
                   portal.ParameterType.BOOLEAN,True,advanced=True,
217 218
                   longDescription="Enable Neutron LBaas for releases >= Newton.")

219 220 221 222 223 224
pc.defineParameter("enableNewSerialSupport","Enable new Juno serial consoles",
                   portal.ParameterType.BOOLEAN,False,advanced=True,
                   longDescription="Enable new serial console support added in Juno.  This means you can access serial consoles via web sockets from a CLI tool (not in the dashboard yet), but the serial console log will no longer be available for viewing!  Until it supports both interactivity and logging, you will have to choose.  We download software for you and create a simple frontend script on your controller node, /root/setup/novaconsole.sh , that when given the name of an instance as its sole argument, will connect you to its serial console.  The escape sequence is ~. (tilde,period), but make sure to use multiple tildes to escape through your ssh connection(s), so that those are not disconnected along with your console session.")

pc.defineParameter("ceilometerUseMongoDB","Use MongoDB in Ceilometer",
                   portal.ParameterType.BOOLEAN,False,advanced=True,
225
                   longDescription="Use MongoDB for Ceilometer instead of MySQL (with Ubuntu 14 and Juno, we have observed crashy behavior with MongoDB, so the default is MySQL; YMMV.  Also, this option only applies to OpenStack releases < Ocata.")
226 227 228 229 230 231 232 233 234 235 236 237

pc.defineParameter("enableVerboseLogging","Enable Verbose Logging",
                   portal.ParameterType.BOOLEAN,False,advanced=True,
                   longDescription="Enable verbose logging for OpenStack components.")
pc.defineParameter("enableDebugLogging","Enable Debug Logging",
                   portal.ParameterType.BOOLEAN,False,advanced=True,
                   longDescription="Enable debug logging for OpenStack components.")

pc.defineParameter("controllerHost", "Name of controller node",
                   portal.ParameterType.STRING, "ctl", advanced=True,
                   longDescription="The short name of the controller node.  You shold leave this alone unless you really want the hostname to change.")
pc.defineParameter("networkManagerHost", "Name of network manager node",
238 239
                   portal.ParameterType.STRING, "ctl",advanced=True,
                   longDescription="The short name of the network manager (neutron) node.  If you specify the same name here as you did for the controller, then your controller and network manager will be unified into a single node.  You shold leave this alone unless you really want the hostname to change.")
240 241 242
pc.defineParameter("computeHostBaseName", "Base name of compute node(s)",
                   portal.ParameterType.STRING, "cp", advanced=True,
                   longDescription="The base string of the short name of the compute nodes (node names will look like cp-1, cp-2, ... or cp-s2-1, cp-s2-2, ... (for nodes at Site 2, if you request those)).  You shold leave this alone unless you really want the hostname to change.")
243 244 245 246 247
pc.defineParameter("firewallStyle","Firewall Style",
                   portal.ParameterType.STRING,"none",
                   [("none","None"),("basic","Basic"),("closed","Closed")],
                   advanced=True,
                   longDescription="Optionally add a CloudLab infrastructure firewall between the public IP addresses of your nodes (and your floating IPs) and the Internet (and rest of CloudLab).  The choice you make for this parameter controls the firewall ruleset, if not None.  None means no firewall; Basic implies a simple firewall that allows inbound SSH and outbound HTTP/HTTPS traffic; Closed implies a firewall ruleset that allows *no* communication with the outside world or other experiments within CloudLab.  If you are unsure, the Basic style is the one that will work best for you.")
248 249 250 251 252 253 254 255 256
pc.defineParameter("controllerDiskImage","Controller Node Disk Image",
                   portal.ParameterType.IMAGE,"",advanced=True,
                   longDescription="An image URN or URL that the controller node will run.")
pc.defineParameter("computeDiskImage","Compute Node Disk Image",
                   portal.ParameterType.IMAGE,"",advanced=True,
                   longDescription="An image URN or URL that the compute node will run.")
pc.defineParameter("networkManagerDiskImage","Network Manager Node Disk Image",
                   portal.ParameterType.IMAGE,"",advanced=True,
                   longDescription="An image URN or URL that the network manager node will run.")
257 258 259 260 261 262 263 264 265 266 267 268 269 270 271 272 273 274 275 276 277 278 279 280 281 282 283 284 285 286 287 288 289 290 291 292 293 294 295 296 297 298 299 300 301 302 303 304 305 306 307 308 309 310 311 312 313 314 315 316 317 318 319 320 321 322 323 324 325 326 327 328 329
#pc.defineParameter("blockStorageHost", "Name of block storage server node",
#                   portal.ParameterType.STRING, "ctl")
#pc.defineParameter("objectStorageHost", "Name of object storage server node",
#                   portal.ParameterType.STRING, "ctl")
#pc.defineParameter("blockStorageNodeCount", "Number of block storage nodes",
#                   portal.ParameterType.INTEGER, 0)
#pc.defineParameter("objectStorageNodeCount", "Number of object storage nodes",
#                   portal.ParameterType.STRING, 0)
###pc.defineParameter("adminPass","The OpenStack admin password",
###                   portal.ParameterType.STRING,"",advanced=True,
###                   longDescription="You should choose a unique password at least 8 characters long, with uppercase and lowercase characters, numbers, and special characters.  CAREFULLY NOTE this password; but if you forget, you can find it later on the experiment status page.  If you don't provide a password, it will be randomly generated, and you can find it on your experiment status page after you instantiate the profile.")

#
# Get any input parameter values that will override our defaults.
#
params = pc.bindParameters()

#
# Verify our parameters and throw errors.
#
###
### XXX: get rid of custom root password support for now
###
###if len(params.adminPass) > 0:
###    pwel = []
###    up = low = num = none = total = 0
###    for ch in params.adminPass:
###        if ch.isupper(): up += 1
###        if ch.islower(): low += 1
###        if ch.isdigit(): num += 1
###        if not ch.isalpha(): none += 1
###        total += 1
###        pass
###    if total < 8:
###        pwel.append("Your password should be at least 8 characters in length!")
###    if up == 0 or low == 0 or num == 0 or none == 0:
###        pwel.append("Your password should contain a mix of lowercase, uppercase, digits, and non-alphanumeric characters!")
###    if params.adminPass == "N!ceD3m0":
###        pwel.append("This password cannot be used.")
###    for err in pwel:
###        pc.reportError(portal.ParameterError(err,['adminPass']))
###        pass
###    pass
###elif False:
####    pc.reportError(portal.ParameterError("You cannot set a null password!",
####                                         ['adminPass']))
###    # Generate a random password that conforms to the above requirements.
###    # We only generate passwds with easy nonalpha chars, but we accept any
###    # nonalpha char to satisfy the requirements...
###    nonalphaChars = [33,35,36,37,38,40,41,42,43,64,94]
###    upperChars = range(65,90)
###    lowerChars = range(97,122)
###    decChars = range(48,57)
###    random.shuffle(nonalphaChars)
###    random.shuffle(upperChars)
###    random.shuffle(lowerChars)
###    random.shuffle(decChars)
    
###    passwdList = [nonalphaChars[0],nonalphaChars[1],upperChars[0],upperChars[1],
###                  lowerChars[0],lowerChars[1],decChars[0],decChars[1]]
###    random.shuffle(passwdList)
###    params.adminPass = ''
###    for i in passwdList:
###        params.adminPass += chr(i)
###        pass
###    pass
###else:
###    #
###    # For now, let Cloudlab generate the random password for us; this will
###    # eventually change to the above code.
###    #
###    pass

330 331 332 333
# Just set the firewall style to something sane if they want a firewall.
if params.firewall == True and params.firewallStyle == 'none':
    params.firewallStyle = 'basic'

334 335 336 337 338
if params.controllerHost == params.networkManagerHost \
  and params.release in [ 'juno','kilo' ]:
    perr = portal.ParameterWarning("We do not support use of the same physical node as both controller and networkmanager for older Juno and Kilo releases of this profile.  You can try it, but it may not work.  To revert to the old behavior, open the Advanced Parameters and change the networkManagerHost parameter to nm .",['release','controllerHost','networkManagerHost'])
    pc.reportWarning(perr)
    pass
339
if params.release in [ 'juno','kilo','liberty' ] \
David Johnson's avatar
David Johnson committed
340
  and (not params.firewall or params.firewallStyle == 'none'):
341
    perr = portal.ParameterError("To use deprecated OpenStack releases, you *must* place your nodes behind an infrastructure firewall, by enabling the Firewall parameter.  These releases rely on insecure, out-of-date software.",['release','firewall'])
342 343
    pc.reportError(perr)
    pass
344 345 346 347 348 349 350 351 352
if params.ml2plugin == 'linuxbridge' \
  and params.release in [ 'juno','kilo' ]:
    perr = portal.ParameterError("Kilo and Juno do not support the linuxbridge Neutron ML2 driver!",['release','ml2plugin'])
    pc.reportError(perr)
    pass
if params.ml2plugin == 'linuxbridge' and params.greDataLanCount > 0:
    perr = portal.ParameterError("The Neutron ML2 linuxbridge driver does not support GRE tunnel networks.  You should add VXLAN tunnels instead.",['greDataLanCount','ml2plugin','vxlanDataLanCount'])
    pc.reportError(perr)
    pass
353 354 355 356
if params.release in [ 'juno','kilo' ]:
    perr = portal.ParameterWarning("The %s release is deprecated in this profile; you can use it for now, but it will be removed or refactored in the next version of this profile!",['release'])
    pc.reportWarning(perr)
    pass
357 358 359 360 361 362 363 364 365 366 367 368 369 370 371 372 373 374 375 376 377
if params.computeNodeCount > 8:
    perr = portal.ParameterWarning("Are you creating a real cloud?  Otherwise, do you really need more than 8 compute nodes?  Think of your fellow users scrambling to get nodes :).",['computeNodeCount'])
    pc.reportWarning(perr)
    pass
if params.computeNodeCountSite2 > 8:
    perr = portal.ParameterWarning("Are you creating a real cloud?  Otherwise, do you really need more than 8 compute nodes?  Think of your fellow users scrambling to get nodes :).",['computeNodeCountSite2'])
    pc.reportWarning(perr)
    pass
if params.computeNodeCountSite2 > 0 and not params.multiplexFlatLans:
    perr = portal.ParameterError("If you request nodes at Site 2, you must enable multiplexing for flat lans!",['computeNodeCountSite2','multiplexFlatLans'])
    pc.reportError(perr)
    pass

if params.fromScratch and not params.doAptInstall:
    perr = portal.ParameterError("You cannot start from a bare image and choose not to install any OpenStack packages!",['fromScratch','doAptInstall'])
    pc.reportError(perr)
    pass
if params.doAptUpgrade and not params.doAptInstall:
    perr = portal.ParameterWarning("If you disable package installation, and request package upgrades, nothing will happen; you'll have to comb through the setup script logfiles to see what packages would have been upgraded.",['doAptUpgrade','doAptInstall'])
    pc.reportWarning(perr)
    pass
378 379 380 381
if params.doAptDistUpgrade and not params.doAptInstall:
    perr = portal.ParameterWarning("If you disable package installation, and request all packages to be upgraded, nothing will happen; so you need to change your parameter values.",['doAptDistUpgrade','doAptInstall'])
    pc.reportWarning(perr)
    pass
382 383

if params.publicIPCount > 16:
384 385
    perr = portal.ParameterWarning("You cannot request more than 16 public IP addresses, at least not without creating your own modified version of this profile!",['publicIPCount'])
    pc.reportWarning(perr)
386 387 388 389 390 391 392 393
    pass
if (params.vlanDataLanCount + params.vxlanDataLanCount \
    + params.greDataLanCount + params.flatDataLanCount) \
    > (params.publicIPCount - 1):
    perr = portal.ParameterWarning("You did not request enough public IPs to cover all your data networks and still leave you at least one floating IP; you may want to read this parameter's help documentation and change your parameters!",['publicIPCount'])
    pc.reportWarning(perr)
    pass

394 395 396 397 398 399
if params.vlanDataLanCount > 0 and params.flatDataLanCount > 0:
    perr = portal.ParameterError("You cannot specify vlanDataLanCount > 0 and flatDataLanCount > 0",['vlanDataLanCount','flatDataLanCount'])
    pc.reportError(perr)
    pass
if params.vlanDataLanCount > 0 and params.greDataLanCount > 0:
    perr = portal.ParameterError("You cannot specify vlanDataLanCount > 0 and greDataLanCount > 0",['vlanDataLanCount','greDataLanCount'])
400 401 402 403 404 405 406 407 408 409 410 411 412 413 414 415 416 417 418 419 420 421 422 423 424 425 426 427 428 429 430 431 432 433 434 435 436 437 438 439 440 441 442 443 444 445 446 447 448 449 450
    pc.reportError(perr)
    pass

if params.greDataLanCount > 0 and params.flatDataLanCount < 1:
    perr = portal.ParameterError("You must specifiy at least one flat data network to request one or more GRE data networks!",['greDataLanCount','flatDataLanCount'])
    pc.reportError(perr)
    pass
if params.vxlanDataLanCount > 0 and params.flatDataLanCount < 1:
    perr = portal.ParameterError("You must specifiy at least one flat data network to request one or more VXLAN data networks!",['vxlanDataLanCount','flatDataLanCount'])
    pc.reportError(perr)
    pass

if params.computeNodeCountSite2 > 0 and params.ipAllocationStrategy != "script":
    # or params.computeNodeCountSite3 > 0)
    badpl = ['ipAllocationStrategy']
    if params.computeNodeCountSite2 > 0:
        badpl.append('computeNodeCountSite2')
#    if params.computeNodeCountSite3 > 0:
#        badpl.append('computeNodeCountSite3')
    perr = portal.ParameterError("You must choose an ipAllocationStrategy of 'script' when including compute nodes at multiple sites!",
                                   badpl)
    pc.reportError(perr)
    params.ipAllocationStrategy = "script"
    pass

if params.ipAllocationStrategy == 'script':
    generateIPs = True
else:
    generateIPs = False
    pass

#
# Give the library a chance to return nice JSON-formatted exception(s) and/or
# warnings; this might sys.exit().
#
pc.verifyParameters()

detailedParamAutoDocs = ''
for param in pc._parameterOrder:
    if not pc._parameters.has_key(param):
        continue
    detailedParamAutoDocs += \
      """
  - *%s*

    %s
    (default value: *%s*)
      """ % (pc._parameters[param]['description'],pc._parameters[param]['longDescription'],pc._parameters[param]['defaultValue'])
    pass

tourDescription = \
451
  "This profile provides a highly-configurable OpenStack instance with a controller and one or more compute nodes (potentially at multiple Cloudlab sites) (and optionally a network manager node, in a split configuration). This profile runs x86, arm64, and POWER8 (Queens and up) nodes. It sets up OpenStack Queens (Ubuntu 18.04), Pike, Ocata, Newton, or Mitaka (Ubuntu 16.04) (Liberty on 15.10, Kilo on 15.04, and Juno on 14.10 are *deprecated*) according to your choice, and configures all OpenStack services, pulls in some VM disk images, and creates basic networks accessible via floating IPs.  You'll be able to create instances and access them over the Internet in just a few minutes. When you click the Instantiate button, you'll be presented with a list of parameters that you can change to control what your OpenStack instance will look like; **carefully** read the parameter documentation on that page (or in the Instructions) to understand the various features available to you."
452 453 454 455 456 457

###if not params.adminPass or len(params.adminPass) == 0:
passwdHelp = "Your OpenStack admin and instance VM password is randomly-generated by Cloudlab, and it is: `{password-adminPass}` ."
###else:
###    passwdHelp = "Your OpenStack dashboard and instance VM password is `the one you specified in parameter selection`; hopefully you memorized or memoized it!"
###    pass
458
passwdHelp += "  When logging in to the Dashboard, use the `admin` user; when logging into instance VMs, use the `ubuntu` user.  If you have selected Mitaka or newer, use 'default' as the Domain at the login prompt."
459 460 461 462

tourInstructions = \
  """
### Basic Instructions
463
Once your experiment nodes have booted, and this profile's configuration scripts have finished configuring OpenStack inside your experiment, you'll be able to visit [the OpenStack Dashboard WWW interface](http://{host-%s}/horizon/auth/login/?next=/horizon/project/instances/) (approx. 5-15 minutes).  If you've selected the Pike release (or newer), you can also login to [your experiment's Grafana WWW interface](http://{host-%s}:3000/dashboard/db/openstack-instance-statistics?orgId=1) and view OpenStack instance VM statistics once you've created some VMs.  %s
464 465 466 467 468 469 470 471 472 473

Please wait to login to the OpenStack dashboard until the setup scripts have completed (we've seen Dashboard issues with content not appearing if you login before configuration is complete).  There are multiple ways to determine if the scripts have finished:
  - First, you can watch the experiment status page: the overall State will say \"booted (startup services are still running)\" to indicate that the nodes have booted up, but the setup scripts are still running.
  - Second, the Topology View will show you, for each node, the status of the startup command on each node (the startup command kicks off the setup scripts on each node).  Once the startup command has finished on each node, the overall State field will change to \"ready\".  If any of the startup scripts fail, you can mouse over the failed node in the topology viewer for the status code.
  - Finally, the profile configuration scripts also send you two emails: once to notify you that controller setup has started, and a second to notify you that setup has completed.  Once you receive the second email, you can login to the Openstack Dashboard and begin your work.

**NOTE:** If the web interface rejects your password or gives another error, the scripts might simply need more time to set up the backend. Wait a few minutes and try again.  If you don't receive any email notifications, you can SSH to the 'ctl' node, become root, and check the primary setup script's logfile (/root/setup/setup-controller.log).  If near the bottom there's a line that includes 'Your OpenStack instance has completed setup'), the scripts have finished, and it's safe to login to the Dashboard.

If you need to run the OpenStack CLI tools, or your own scripts that use the OpenStack APIs, you'll find authentication credentials in /root/setup/admin-openrc.sh .  Be aware that the username in this file is `adminapi`, not `admin`; this is an artifact of the days when the profile used to allow you to customize the admin password (it was necessary because the nodes did not have the plaintext password, but only the hash).

474 475
*Do not* add any VMs on the `ext-net` network; instead, give them floating IP addresses from the pool this profile requests on your behalf (and increase the size of that pool when you instantiate by changing the `Number of public IP addresses` parameter).  If you try to use any public IP addresses on the `ext-net` network that are not part of your experiment (i.e., any that are not either the control network public IPs for the physical machines, or the public IPs used as floating IPs), those packets will be blocked, and you will be confused.

476 477 478 479 480
The profile's setup scripts are automatically installed on each node in `/tmp/setup` .  They execute as `root`, and keep state and downloaded files in `/root/setup/`.  More importantly, they write copious logfiles in that directory; so if you think there's a problem with the configuration, you could take a quick look through these logs --- especially `setup-controller.log` on the `ctl` node.


### Detailed Parameter Documentation
%s
481
""" % (params.controllerHost,params.controllerHost,passwdHelp,detailedParamAutoDocs)
482 483 484 485 486 487 488 489 490 491 492 493 494 495 496 497 498 499 500

#
# Setup the Tour info with the above description and instructions.
#  
tour = IG.Tour()
tour.Description(IG.Tour.TEXT,tourDescription)
tour.Instructions(IG.Tour.MARKDOWN,tourInstructions)
rspec.addTour(tour)

#
# Ok, get down to business -- we are going to create CloudLab LANs to be used as
# (openstack networks), based on user's parameters.  We might also generate IP
# addresses for the nodes, so set up some quick, brutally stupid IP address
# generation for each LAN.
#
flatlanstrs = {}
vlanstrs = {}
ipdb = {}
if params.managementLanType == 'flat':
501
    ipdb['mgmt-lan'] = { 'base':'192.168','netmask':'255.255.0.0','values':[-1,-1,0,0] }
502
    pass
503 504 505 506 507
#
# Note that some things below the dataOffset of 10, we use for other
# things; for instance, shared vlan addresses should be allocated in the
# 10.10/16 or 10.10.10/24 subnets.
#
508 509 510 511 512 513 514 515 516 517
dataOffset = 10
ipSubnetsUsed = 0
for i in range(1,params.flatDataLanCount + 1):
    dlanstr = "%s-%d" % ('flat-lan',i)
    ipdb[dlanstr] = { 'base' : '10.%d' % (i + dataOffset + ipSubnetsUsed,),'netmask' : '255.255.0.0',
                      'values' : [-1,-1,10,0] }
    flatlanstrs[i] = dlanstr
    ipSubnetsUsed += 1
    pass
for i in range(1,params.vlanDataLanCount + 1):
518
    dlanstr = "%s-%d" % ('vlan-lan',i)
519 520 521 522 523 524 525 526 527 528 529 530 531 532 533 534 535 536 537 538 539 540 541 542 543 544 545 546 547 548 549 550 551 552 553 554 555 556 557 558 559 560 561 562 563 564 565 566 567 568 569
    ipdb[dlanstr] = { 'base' : '10.%d' % (i + dataOffset + ipSubnetsUsed,),'netmask' : '255.255.0.0',
                      'values' : [-1,-1,10,0] }
    vlanstrs[i] = dlanstr
    ipSubnetsUsed += 1
    pass
for i in range(1,params.vxlanDataLanCount + 1):
    dlanstr = "%s-%d" % ('vxlan-lan',i)
    ipdb[dlanstr] = { 'base' : '10.%d' % (i + dataOffset + ipSubnetsUsed,),'netmask' : '255.255.0.0',
                      'values' : [-1,-1,10,0] }
    ipSubnetsUsed += 1
    pass

# Assume a /16 for every network
def get_next_ipaddr(lan):
    ipaddr = ipdb[lan]['base']
    backpart = ''

    idxlist = range(1,4)
    idxlist.reverse()
    didinc = False
    for i in idxlist:
        if ipdb[lan]['values'][i] is -1:
            break
        if not didinc:
            didinc = True
            ipdb[lan]['values'][i] += 1
            if ipdb[lan]['values'][i] > 254:
                if ipdb[lan]['values'][i-1] is -1:
                    return ''
                else:
                    ipdb[lan]['values'][i-1] += 1
                    pass
                pass
            pass
        backpart = '.' + str(ipdb[lan]['values'][i]) + backpart
        pass

    return ipaddr + backpart

def get_netmask(lan):
    return ipdb[lan]['netmask']

#
# Ok, actually build the data LANs now...
#
flatlans = {}
vlans = {}
alllans = []

for i in range(1,params.flatDataLanCount + 1):
    datalan = RSpec.LAN(flatlanstrs[i])
570 571 572
    if params.osLinkSpeed > 0:
        datalan.bandwidth = int(params.osLinkSpeed)
        pass
573 574 575 576 577 578 579 580 581 582 583
    if params.multiplexFlatLans:
        datalan.link_multiplexing = True
        datalan.best_effort = True
        # Need this cause LAN() sets the link type to lan, not sure why.
        datalan.type = "vlan"
        pass
    flatlans[i] = datalan
    alllans.append(datalan)
    pass
for i in range(1,params.vlanDataLanCount + 1):
    datalan = RSpec.LAN("vlan-lan-%d" % (i,))
584 585 586
    if params.osLinkSpeed > 0:
        datalan.bandwidth = int(params.osLinkSpeed)
        pass
587 588 589 590 591 592 593 594 595 596 597 598 599 600 601 602 603 604 605 606 607 608 609 610 611 612 613 614
    datalan.link_multiplexing = True
    datalan.best_effort = True
    # Need this cause LAN() sets the link type to lan, not sure why.
    datalan.type = "vlan"
    vlans[i] = datalan
    alllans.append(datalan)
    pass

#
# Ok, also build a management LAN if requested.  If we build one, it runs over
# a dedicated experiment interface, not the Cloudlab public control network.
#
if params.managementLanType == 'flat':
    mgmtlan = RSpec.LAN('mgmt-lan')
    if params.multiplexFlatLans:
        mgmtlan.link_multiplexing = True
        mgmtlan.best_effort = True
        # Need this cause LAN() sets the link type to lan, not sure why.
        mgmtlan.type = "vlan"
        pass
    pass
else:
    mgmtlan = None
    pass

#
# Construct the disk image URNs we're going to set the various nodes to load.
#
615
image_project = 'emulab-ops'
616
image_urn = 'emulab.net'
617
image_tag_rel = ''
618 619
if params.release == "juno":
    image_os = 'UBUNTU14-10-64'
620 621
    # Use the old "wildcard" image URN behavior up to Mitaka.
    image_urn = 'utah.cloudlab.us'
622
elif params.release == "kilo":
623
    image_os = 'UBUNTU15-04-64'
624
    image_urn = 'utah.cloudlab.us'
625
elif params.release == 'liberty':
626
    image_os = 'UBUNTU15-10-64'
627
    image_urn = 'utah.cloudlab.us'
628 629
elif params.release == 'mitaka':
    image_os = 'UBUNTU16-64'
630 631 632 633 634 635 636 637 638
elif params.release == 'newton':
    image_os = 'UBUNTU16-64'
    image_tag_rel = '-N'
elif params.release == 'ocata':
    image_os = 'UBUNTU16-64'
    image_tag_rel = '-O'
elif params.release == 'pike':
    image_os = 'UBUNTU16-64'
    image_tag_rel = '-P'
639 640 641
elif params.release == 'queens':
    image_os = 'UBUNTU18-64'
    image_tag_rel = '-Q'
642 643
else:
    image_os = 'UBUNTU16-64'
644
    params.fromScratch = True
645 646
    params.doAptDistUpgrade = True
    params.doAptUpdate = True
647
    pass
648

649
if params.fromScratch:
650 651 652
    image_tag_cn = '-STD'
    image_tag_nm = '-STD'
    image_tag_cp = '-STD'
653
    image_tag_rel = ''
654
else:
655 656 657
    image_tag_cn = '-OSCN'
    image_tag_nm = '-OSNM'
    image_tag_cp = '-OSCP'
658 659
    pass

660 661 662 663 664 665 666 667 668 669 670 671 672 673 674 675 676 677 678
#
# XXX: special handling for ppc64le at Clemson because of special disk
# image names, and because only >= Queens is available for them.
#
if params.osNodeType == 'ibm8335':
    image_urn = 'clemson.cloudlab.us'
    if params.fromScratch:
        image_os = 'UBUNTU18-PPC64LE'
        image_tag_cn = image_tag_nm = image_tag_cp = ''
    else:
        image_os = 'UBUNTU18-PPC'

    if params.release not in [ 'queens' ]:
        perr = portal.ParameterError(
            "You can only run the Queens release (or greater) on `ibm8335` (POWER8) hardware!",
            ['release','osNodeType'])
        pc.reportError(perr)
        pc.verifyParameters()

679 680 681 682 683 684 685
    if params.ml2plugin != 'linuxbridge':
        perr = portal.ParameterWarning(
            "The openvswitch plugin may not work correct on POWER8; you might consider changing to the linuxbridge plugin, which works fine.  If you do change, make sure to specify VXLANs instead of GRE tunnels.",
            ['greDataLanCount','ml2plugin','vxlanDataLanCount'])
        pc.reportWarning(perr)
        pc.verifyParameters()

686 687
nodes = dict({})

688
fwrules = [
689
    # Protogeni xmlrpc
690 691
    "iptables -A INSIDE -p tcp --dport 12369 -j ACCEPT",
    "iptables -A INSIDE -p tcp --dport 12370 -j ACCEPT",
692
    # Inbound http to the controller node.
693
    "iptables -A OUTSIDE -p tcp -d ctl.EMULAB_EXPDOMAIN --dport 80 -j ACCEPT",
694 695 696
    # Inbound VNC to any host (only need for compute hosts, but hard to
    # specify that).
    "iptables -A OUTSIDE -p tcp --dport 6080 -j ACCEPT",
697 698
]

699
# Firewall node, Site 1.
700
firewalling = False
701
setfwdesire = True
702
if params.firewallStyle in ('open','closed','basic'):
703
    firewalling = True
704 705
    fw = rspec.ExperimentFirewall('fw',params.firewallStyle)
    fw.disk_image = 'urn:publicid:IDN+emulab.net+image+emulab-ops//UBUNTU16-64-STD'
706
    fw.Site("1")
707 708
    if params.osNodeType:
        fw.hardware_type = params.osNodeType
709 710
    for rule in fwrules:
        fw.addRule(rule)
711 712 713 714 715
if params.computeNodeCountSite2 > 0:
    # Firewall node, Site 2.
    if params.firewallStyle in ('open','closed','basic'):
        fw2 = rspec.ExperimentFirewall('fw-s2',params.firewallStyle)
        fw2.disk_image = 'urn:publicid:IDN+emulab.net+image+emulab-ops//UBUNTU16-64-STD'
716 717 718
        fw2.Site("2")
        for rule in fwrules:
            fw2.addRule(rule)
719
    pass
720

721 722 723 724 725 726 727 728
#
# Handle temp blockstore param.  Note that we do not generate errors for
# non-existent nodes!
#
tempBSNodes = []
if params.tempBlockstoreMountPoint != "":
    if params.tempBlockstoreMountNodes:
        tempBSNodes = params.tempBlockstoreMountNodes.split()
729 730 731 732 733
    if params.tempBlockstoreSize <= 0:
        perr = portal.ParameterError("Your temporary filesystems must have size > 0!",
                                     ['tempBlockstoreSize'])
        pc.reportError(perr)
        pc.verifyParameters()
734 735
    pass

736 737 738 739 740 741 742 743 744 745 746 747 748 749 750 751
#
# Handle shared vlan address param.
#
(sharedVlanAddress,sharedVlanNetmask) = (None,None)
if params.sharedVlanAddress:
    aa = params.sharedVlanAddress.split('/')
    if len(aa) != 2:
        perr = portal.ParameterError(
            "Invalid shared VLAN address!",
            ['sharedVlanAddress'])
        pc.reportError(perr)
        pc.verifyParameters()
    else:
        (sharedVlanAddress,sharedVlanNetmask) = (aa[0],aa[1])
    pass

752 753 754 755
#
# Add the controller node.
#
controller = RSpec.RawPC(params.controllerHost)
756
nodes[params.controllerHost] = controller
757 758 759
if params.osNodeType:
    controller.hardware_type = params.osNodeType
    pass
760
controller.Site("1")
761 762 763
if params.controllerDiskImage:
    controller.disk_image = params.controllerDiskImage
else:
764
    controller.disk_image = "urn:publicid:IDN+%s+image+%s//%s%s%s" % (image_urn,image_project,image_os,image_tag_cn,image_tag_rel)
765
if firewalling and setfwdesire:
766
    controller.Desire('firewallable','1.0')
767 768 769 770 771 772 773 774 775 776 777 778 779 780 781 782 783 784
i = 0
for datalan in alllans:
    iface = controller.addInterface("if%d" % (i,))
    datalan.addInterface(iface)
    if generateIPs:
        iface.addAddress(RSpec.IPv4Address(get_next_ipaddr(datalan.client_id),
                                           get_netmask(datalan.client_id)))
        pass
    i += 1
    pass
if mgmtlan:
    iface = controller.addInterface("ifM")
    mgmtlan.addInterface(iface)
    if generateIPs:
        iface.addAddress(RSpec.IPv4Address(get_next_ipaddr(mgmtlan.client_id),
                                           get_netmask(mgmtlan.client_id)))
        pass
    pass
785 786
if TBURL is not None:
    controller.addService(RSpec.Install(url=TBURL, path="/tmp"))
787
controller.addService(RSpec.Execute(shell="sh",command=TBCMD))
788 789
if disableTestbedRootKeys:
    controller.installRootKeys(False, False)
790 791 792 793 794 795
if params.tempBlockstoreMountPoint \
    and (len(tempBSNodes) == 0 or params.controllerHost in tempBSNodes):
    bs = controller.Blockstore(
        params.controllerHost+"-temp-bs",params.tempBlockstoreMountPoint)
    bs.size = str(params.tempBlockstoreSize) + "GB"
    bs.placement = "any"
796 797 798
sharedvlan = None
if params.connectSharedVlan:
    iface = controller.addInterface("ifSharedVlan")
799 800 801
    if sharedVlanAddress:
        iface.addAddress(
            RSpec.IPv4Address(sharedVlanAddress,sharedVlanNetmask))
802 803 804 805 806 807
    sharedvlan = RSpec.LAN('shared-vlan')
    sharedvlan.addInterface(iface)
    if params.createSharedVlan:
        sharedvlan.createSharedVlan(params.connectSharedVlan)
    else:
        sharedvlan.connectSharedVlan(params.connectSharedVlan)
808

809 810 811 812 813 814 815 816
if params.controllerHost != params.networkManagerHost:
    #
    # Add the network manager (neutron) node.
    #
    networkManager = RSpec.RawPC(params.networkManagerHost)
    nodes[params.networkManagerHost] = networkManager
    if params.osNodeType:
        networkManager.hardware_type = params.osNodeType
817
        pass
818
    networkManager.Site("1")
819 820 821
    if params.networkManagerDiskImage:
        networkManager.disk_image = params.networkManagerDiskImage
    else:
822
        networkManager.disk_image = "urn:publicid:IDN+%s+image+%s//%s%s%s" % (image_urn,image_project,image_os,image_tag_nm,image_tag_rel)
823
    if firewalling and setfwdesire:
824
        networkManager.Desire('firewallable','1.0')
825 826 827 828 829 830 831 832 833 834 835 836 837 838 839 840 841 842 843
    i = 0
    for datalan in alllans:
        iface = networkManager.addInterface("if%d" % (i,))
        datalan.addInterface(iface)
        if generateIPs:
            iface.addAddress(
                RSpec.IPv4Address(get_next_ipaddr(datalan.client_id),
                                  get_netmask(datalan.client_id)))
            pass
        i += 1
        pass
    if mgmtlan:
        iface = networkManager.addInterface("ifM")
        mgmtlan.addInterface(iface)
        if generateIPs:
            iface.addAddress(
                RSpec.IPv4Address(get_next_ipaddr(mgmtlan.client_id),
                                  get_netmask(mgmtlan.client_id)))
            pass
844
        pass
845 846
    if TBURL is not None:
        networkManager.addService(RSpec.Install(url=TBURL, path="/tmp"))
847
    networkManager.addService(RSpec.Execute(shell="sh",command=TBCMD))
848 849
    if disableTestbedRootKeys:
        networkManager.installRootKeys(False, False)
850 851 852 853 854 855
    if params.tempBlockstoreMountPoint \
        and (len(tempBSNodes) == 0 or params.networkManagerHost in tempBSNodes):
        bs = networkManager.Blockstore(
            params.networkManagerHost+"-temp-bs",params.tempBlockstoreMountPoint)
        bs.size = str(params.tempBlockstoreSize) + "GB"
        bs.placement = "any"
856 857 858 859 860 861 862 863 864 865 866 867 868 869 870 871 872 873 874 875 876 877 878 879 880 881
    pass

#
# Add the compute nodes.  First we generate names for each node at each site;
# then we create those nodes at each site.
#
computeNodeNamesBySite = {}
computeNodeList = ""
for i in range(1,params.computeNodeCount + 1):
    cpname = "%s-%d" % (params.computeHostBaseName,i)
    if not computeNodeNamesBySite.has_key(1):
        computeNodeNamesBySite[1] = []
        pass
    computeNodeNamesBySite[1].append(cpname)
    pass
for i in range(1,params.computeNodeCountSite2 + 1):
    cpname = "%s-s2-%d" % (params.computeHostBaseName,i)
    if not computeNodeNamesBySite.has_key(2):
        computeNodeNamesBySite[2] = []
        pass
    computeNodeNamesBySite[2].append(cpname)
    pass

for (siteNumber,cpnameList) in computeNodeNamesBySite.iteritems():
    for cpname in cpnameList:
        cpnode = RSpec.RawPC(cpname)
882
        nodes[cpname] = cpnode
883 884 885
        if params.osNodeType:
            cpnode.hardware_type = params.osNodeType
        pass
886
        cpnode.Site(str(siteNumber))
887 888 889
        if params.computeDiskImage:
            cpnode.disk_image = params.computeDiskImage
        else:
890
            cpnode.disk_image = "urn:publicid:IDN+%s+image+%s//%s%s%s" % (image_urn,image_project,image_os,image_tag_cp,image_tag_rel)
891
        if firewalling and setfwdesire:
892
            cpnode.Desire('firewallable','1.0')
893 894 895 896 897 898 899 900 901 902 903 904 905 906 907 908 909 910
        i = 0
        for datalan in alllans:
            iface = cpnode.addInterface("if%d" % (i,))
            datalan.addInterface(iface)
            if generateIPs:
                iface.addAddress(RSpec.IPv4Address(get_next_ipaddr(datalan.client_id),
                                                   get_netmask(datalan.client_id)))
                pass
            i += 1
            pass
        if mgmtlan:
            iface = cpnode.addInterface("ifM")
            mgmtlan.addInterface(iface)
            if generateIPs:
                iface.addAddress(RSpec.IPv4Address(get_next_ipaddr(mgmtlan.client_id),
                                                   get_netmask(mgmtlan.client_id)))
                pass
            pass
911 912
        if TBURL is not None:
            cpnode.addService(RSpec.Install(url=TBURL, path="/tmp"))
913
        cpnode.addService(RSpec.Execute(shell="sh",command=TBCMD))
914 915
        if disableTestbedRootKeys:
            cpnode.installRootKeys(False, False)
916 917 918 919 920 921
        if params.tempBlockstoreMountPoint \
          and (len(tempBSNodes) == 0 or cpname in tempBSNodes):
            bs = cpnode.Blockstore(
                cpname+"-temp-bs",params.tempBlockstoreMountPoint)
            bs.size = str(params.tempBlockstoreSize) + "GB"
            bs.placement = "any"
922 923 924 925
        computeNodeList += cpname + ' '
        pass
    pass

926 927 928 929 930 931 932 933 934 935
#
# Add the blockstore, if requested.
#
bsnode = None
bslink = None
if params.blockstoreURN != "":
    if not nodes.has_key(params.blockstoreMountNode):
        #
        # This is a very late time to generate a warning, but that's ok!
        #
936
        perr = portal.ParameterError("The node on which you mount your remote dataset must exist, and does not!",
937 938 939 940 941 942 943 944 945 946
                                     ['blockstoreMountNode'])
        pc.reportError(perr)
        pc.verifyParameters()
        pass
    
    rbsn = nodes[params.blockstoreMountNode]
    myintf = rbsn.addInterface("ifbs0")
    
    bsnode = IG.RemoteBlockstore("bsnode",params.blockstoreMountPoint)
    bsnode.Site("1")
947
    if firewalling and setfwdesire:
948
        bsnode.Desire('firewallable','1.0')
949 950 951
    bsintf = bsnode.interface
    bsnode.dataset = params.blockstoreURN
    #bsnode.size = params.N
952
    bsnode.readonly = params.blockstoreReadOnly
953 954 955 956 957 958 959 960 961
    
    bslink = RSpec.Link("bslink")
    bslink.addInterface(myintf)
    bslink.addInterface(bsintf)
    # Special blockstore attributes for this link.
    bslink.best_effort = True
    bslink.vlan_tagging = True
    pass

962 963 964 965 966 967 968 969 970
#
# Add the local blockstore, if requested.
#
lbsnode = None
if params.localBlockstoreURN != "":
    if not nodes.has_key(params.localBlockstoreMountNode):
        #
        # This is a very late time to generate a warning, but that's ok!
        #
971
        perr = portal.ParameterError("The node on which you mount your image-backed dataset must exist, and does not!",
972 973 974 975 976 977 978 979 980
                                     ['localBlockstoreMountNode'])
        pc.reportError(perr)
        pc.verifyParameters()
        pass
    if params.localBlockstoreSize is None or params.localBlockstoreSize <= 0 \
      or str(params.localBlockstoreSize) == "":
        #
        # This is a very late time to generate a warning, but that's ok!
        #
981
        perr = portal.ParameterError("You must specify a size (> 0) for your image-backed dataset!",
982 983 984 985 986 987 988 989 990 991 992 993
                                     ['localBlockstoreSize'])
        pc.reportError(perr)
        pc.verifyParameters()
        pass

    lbsn = nodes[params.localBlockstoreMountNode]
    lbsnode = lbsn.Blockstore("lbsnode",params.localBlockstoreMountPoint)
    lbsnode.dataset = params.localBlockstoreURN
    lbsnode.size = str(params.localBlockstoreSize)
    lbsnode.readonly = params.localBlockstoreReadOnly
    pass

994 995 996 997
for nname in nodes.keys():
    rspec.addResource(nodes[nname])
if bsnode:
    rspec.addResource(bsnode)
998 999 1000 1001
for datalan in alllans:
    rspec.addResource(datalan)
if mgmtlan:
    rspec.addResource(mgmtlan)
1002 1003
if bslink:
    rspec.addResource(bslink)
1004
    pass
1005 1006
if sharedvlan:
    rspec.addResource(sharedvlan)
1007 1008 1009 1010

#
# Grab a few public IP addresses.
#
1011
apool = IG.AddressPool(params.networkManagerHost,params.publicIPCount)
1012 1013 1014 1015
try:
    apool.Site("1")
except:
    pass
1016 1017 1018 1019 1020 1021 1022 1023 1024 1025 1026 1027 1028 1029 1030 1031 1032 1033 1034 1035 1036 1037 1038 1039 1040 1041 1042 1043 1044 1045 1046 1047 1048 1049 1050 1051 1052 1053 1054 1055 1056 1057 1058 1059 1060 1061 1062 1063 1064 1065 1066 1067 1068 1069 1070 1071 1072
rspec.addResource(apool)

class EmulabEncrypt(RSpec.Resource):
    def _write(self, root):
        ns = "{http://www.protogeni.net/resources/rspec/ext/emulab/1}"

#        el = ET.SubElement(root,"%sencrypt" % (ns,),attrib={'name':'adminPass'})
#        el.text = params.adminPass
        el = ET.SubElement(root,"%spassword" % (ns,),attrib={'name':'adminPass'})
        pass
    pass

#
# Add our parameters to the request so we can get their values to our nodes.
# The nodes download the manifest(s), and the setup scripts read the parameter
# values when they run.
#
class Parameters(RSpec.Resource):
    def _write(self, root):
        ns = "{http://www.protogeni.net/resources/rspec/ext/johnsond/1}"
        paramXML = "%sparameter" % (ns,)
        
        el = ET.SubElement(root,"%sprofile_parameters" % (ns,))

        param = ET.SubElement(el,paramXML)
        param.text = 'CONTROLLER="%s"' % (params.controllerHost,)
        param = ET.SubElement(el,paramXML)
        param.text = 'NETWORKMANAGER="%s"' % (params.networkManagerHost,)
        param = ET.SubElement(el,paramXML)
        param.text = 'COMPUTENODES="%s"' % (computeNodeList,)
#        param = ET.SubElement(el,paramXML)
#        param.text = 'STORAGEHOST="%s"' % (params.blockStorageHost,)
#        param = ET.SubElement(el,paramXML)
#        param.text = 'OBJECTHOST="%s"' % (params.objectStorageHost,)
        param = ET.SubElement(el,paramXML)
        param.text = 'DATALANS="%s"' % (' '.join(map(lambda(lan): lan.client_id,alllans)))
        param = ET.SubElement(el,paramXML)
        param.text = 'DATAFLATLANS="%s"' % (' '.join(map(lambda(i): flatlans[i].client_id,range(1,params.flatDataLanCount + 1))))
        param = ET.SubElement(el,paramXML)
        param.text = 'DATAVLANS="%s"' % (' '.join(map(lambda(i): vlans[i].client_id,range(1,params.vlanDataLanCount + 1))))
        param = ET.SubElement(el,paramXML)
        param.text = 'DATAVXLANS="%d"' % (params.vxlanDataLanCount,)
        param = ET.SubElement(el,paramXML)
        param.text = 'DATATUNNELS=%d' % (params.greDataLanCount,)
        param = ET.SubElement(el,paramXML)
        if mgmtlan:
            param.text = 'MGMTLAN="%s"' % (mgmtlan.client_id,)
        else:
            param.text = 'MGMTLAN=""'
            pass
#        param = ET.SubElement(el,paramXML)
#        param.text = 'STORAGEHOST="%s"' % (params.blockStorageHost,)
        param = ET.SubElement(el,paramXML)
        param.text = 'DO_APT_INSTALL=%d' % (int(params.doAptInstall),)
        param = ET.SubElement(el,paramXML)
        param.text = 'DO_APT_UPGRADE=%d' % (int(params.doAptUpgrade),)
        param = ET.SubElement(el,paramXML)
1073 1074
        param.text = 'DO_APT_DIST_UPGRADE=%d' % (int(params.doAptDistUpgrade),)
        param = ET.SubElement(el,paramXML)
1075 1076
        param.text = 'DO_UBUNTU_CLOUDARCHIVE_STAGING=%d' % (int(params.doCloudArchiveStaging),)
        param = ET.SubElement(el,paramXML)
1077 1078 1079 1080 1081 1082 1083 1084 1085 1086 1087 1088 1089 1090 1091 1092 1093 1094 1095 1096
        param.text = 'DO_APT_UPDATE=%d' % (int(params.doAptUpdate),)

###        if params.adminPass and len(params.adminPass) > 0:
###            random.seed()
###            salt = ""
###            schars = [46,47]
###            schars.extend(range(48,58))
###            schars.extend(range(97,123))
###            schars.extend(range(65,91))
###            for i in random.sample(schars,16):
###                salt += chr(i)
###                pass
###            hpass = crypt.crypt(params.adminPass,'$6$%s' % (salt,))
###            param = ET.SubElement(el,paramXML)
###            param.text = "ADMIN_PASS_HASH='%s'" % (hpass,)
###            pass
###        else:
        param = ET.SubElement(el,paramXML)
        param.text = "ADMIN_PASS_HASH=''"
###            pass
1097 1098 1099 1100

        param = ET.SubElement(el,paramXML)
        param.text = "ENABLE_HOST_PASSTHROUGH=%d" % (int(params.enableHostPassthrough))

1101 1102 1103 1104 1105 1106 1107 1108 1109
        param = ET.SubElement(el,paramXML)
        param.text = "ENABLE_NEW_SERIAL_SUPPORT=%d" % (int(params.enableNewSerialSupport))
        
        param = ET.SubElement(el,paramXML)
        param.text = "DISABLE_SECURITY_GROUPS=%d" % (int(params.disableSecurityGroups))
        
        param = ET.SubElement(el,paramXML)
        param.text = "DEFAULT_SECGROUP_ENABLE_SSH_ICMP=%d" % (int(params.enableInboundSshAndIcmp))
        
1110 1111 1112
        param = ET.SubElement(el,paramXML)
        param.text = "USE_NEUTRON_LBAAS=%d" % (int(params.enableNeutronLoadBalancing))
        
1113 1114 1115 1116 1117 1118 1119
        param = ET.SubElement(el,paramXML)
        param.text = "CEILOMETER_USE_MONGODB=%d" % (int(params.ceilometerUseMongoDB))
        
        param = ET.SubElement(el,paramXML)
        param.text = "VERBOSE_LOGGING=\"%s\"" % (str(bool(params.enableVerboseLogging)))
        param = ET.SubElement(el,paramXML)
        param.text = "DEBUG_LOGGING=\"%s\"" % (str(bool(params.enableDebugLogging)))
1120 1121 1122 1123 1124 1125 1126 1127 1128 1129
        
        param = ET.SubElement(el,paramXML)
        param.text = "TOKENTIMEOUT=%d" % (int(params.tokenTimeout))
        param = ET.SubElement(el,paramXML)
        param.text = "SESSIONTIMEOUT=%d" % (int(params.sessionTimeout))
        
        if params.keystoneVersion > 0:
            param = ET.SubElement(el,paramXML)
            param.text = "KEYSTONEAPIVERSION=%d" % (int(params.keystoneVersion))
            pass
1130 1131 1132 1133
        
        param = ET.SubElement(el,paramXML)
        param.text = "KEYSTONEUSEMEMCACHE=%d" % (int(bool(params.keystoneUseMemcache)))
        
1134 1135 1136
        if params.keystoneUseWSGI == 0:
            param = ET.SubElement(el,paramXML)
            param.text = "KEYSTONEUSEWSGI=0"
1137
        elif params.keystoneUseWSGI == 1:
1138 1139 1140 1141 1142
            param = ET.SubElement(el,paramXML)
            param.text = "KEYSTONEUSEWSGI=1"
        else:
            pass
        
1143 1144
        param = ET.SubElement(el,paramXML)
        param.text = "QUOTASOFF=%d" % (int(bool(params.quotasOff)))
1145 1146 1147 1148 1149 1150 1151 1152 1153 1154 1155
        
        if params.ubuntuMirrorHost != "":
            param = ET.SubElement(el,paramXML)
            param.text = "UBUNTUMIRRORHOST=\"%s\"" % (params.ubuntuMirrorHost,)
        if params.ubuntuMirrorPath != "":
            param = ET.SubElement(el,paramXML)
            param.text = "UBUNTUMIRRORPATH=\"%s\"" % (params.ubuntuMirrorPath,)
            pass

        param = ET.SubElement(el,paramXML)
        param.text = "ML2PLUGIN=%s" % (str(params.ml2plugin))
1156

1157 1158 1159
        param = ET.SubElement(el,paramXML)
        param.text = "USE_DESIGNATE_AS_RESOLVER=%d" % (int(bool(params.useDesignateAsResolver)))

1160 1161 1162
        param = ET.SubElement(el,paramXML)
        param.text = "EXTRAIMAGEURLS='%s'" % (str(params.extraImageURLs))

David Johnson's avatar
David Johnson committed
1163 1164 1165
        param = ET.SubElement(el,paramXML)
        param.text = "OSRELEASE='%s'" % (str(params.release))

1166 1167 1168 1169 1170 1171
        param = ET.SubElement(el,paramXML)
        param.text = "SWIFT_LV_SIZE=%d" % (int(params.swiftLVSize))

        param = ET.SubElement(el,paramXML)
        param.text = "GLANCE_LV_SIZE=%d" % (int(params.glanceLVSize))

1172 1173 1174 1175 1176 1177 1178 1179 1180 1181 1182 1183 1184
        return el
    pass

parameters = Parameters()
rspec.addResource(parameters)

###if not params.adminPass or len(params.adminPass) == 0:
if True:
    stuffToEncrypt = EmulabEncrypt()
    rspec.addResource(stuffToEncrypt)
    pass

pc.printRequestRSpec(rspec)