def register_user(self, sfa_record, hrn, pub_key):
# add person roles, projects and keys
email = sfa_record.get('email', None)
xrn = Xrn(hrn)
name = xrn.get_leaf()
auth_hrn = xrn.get_authority_hrn()
tenant_name = OSXrn(xrn=auth_hrn, type='authority').get_tenant_name()
tenant = self.shell.auth_manager.tenants.find(name=tenant_name)
self.shell.auth_manager.users.create(name,
email=email,
tenant_id=tenant.id)
user = self.shell.auth_manager.users.find(name=name)
slices = sfa_records.get('slices', [])
for slice in projects:
slice_tenant_name = OSXrn(xrn=slice,
type='slice').get_tenant_name()
slice_tenant = self.shell.auth_manager.tenants.find(
name=slice_tenant_name)
self.shell.auth_manager.roles.add_user_role(
user, slice_tenant, 'user')
keys = sfa_records.get('keys', [])
for key in keys:
keyname = OSXrn(xrn=hrn, type='user').get_slicename()
self.shell.nova_client.keypairs.create(keyname, key)
return user
def register_slice(self, sfa_record, hrn):
# add slice description, name, researchers, PI
name = hrn_to_os_tenant_name(hrn)
description = sfa_record.get('description', None)
self.shell.auth_manager.tenants.create(name, description)
tenant = self.shell.auth_manager.tenants.find(name=name)
auth_hrn = OSXrn(xrn=hrn, type='slice').get_authority_hrn()
parent_tenant_name = OSXrn(xrn=auth_hrn,
type='slice').get_tenant_name()
parent_tenant = self.shell.auth_manager.tenants.find(
name=parent_tenant_name)
researchers = sfa_record.get('researchers', [])
for researcher in researchers:
name = Xrn(researcher).get_leaf()
user = self.shell.auth_manager.users.find(name=name)
self.shell.auth_manager.roles.add_user_role(user, 'Member', tenant)
self.shell.auth_manager.roles.add_user_role(user, 'user', tenant)
pis = sfa_record.get('pis', [])
for pi in pis:
name = Xrn(pi).get_leaf()
user = self.shell.auth_manager.users.find(name=name)
self.shell.auth_manager.roles.add_user_role(user, 'pi', tenant)
self.shell.auth_manager.roles.add_user_role(
user, 'pi', parent_tenant)
return tenant
def shutdown(self, xrn, options={}):
xrn = OSXrn(xrn=xrn, type='slice')
tenant_name = xrn.get_tenant_name()
name = xrn.get_slicename()
self.driver.shell.nova_manager.connect(tenant=tenant_name)
instances = self.driver.shell.nova_manager.servers.findall(name=name)
for instance in instances:
self.driver.shell.nova_manager.servers.shutdown(instance)
return True
def import_users(self, existing_hrns, existing_records):
# Get all users
users = self.shell.auth_manager.users.list()
users_dict = {}
keys_filename = self.config.config_path + os.sep + 'person_keys.py'
old_user_keys = load_keys(keys_filename)
user_keys = {}
for user in users:
auth_hrn = self.config.SFA_INTERFACE_HRN
if user.tenantId is not None:
tenant = self.shell.auth_manager.tenants.find(id=user.tenantId)
auth_hrn = OSXrn(name=tenant.name,
auth=self.config.SFA_INTERFACE_HRN,
type='authority').get_hrn()
hrn = OSXrn(name=user.name, auth=auth_hrn, type='user').get_hrn()
users_dict[hrn] = user
old_keys = old_user_keys.get(hrn, [])
keyname = OSXrn(xrn=hrn, type='user').get_slicename()
keys = [
k.public_key
for k in self.shell.nova_manager.keypairs.findall(name=keyname)
]
user_keys[hrn] = keys
update_record = False
if old_keys != keys:
update_record = True
if hrn not in existing_hrns or \
(hrn, 'user') not in existing_records or update_record:
urn = OSXrn(xrn=hrn, type='user').get_urn()
if keys:
try:
pkey = convert_public_key(keys[0])
except:
self.logger.log_exc(
'unable to convert public key for %s' % hrn)
pkey = Keypair(create=True)
else:
self.logger.warn(
"OpenstackImporter: person %s does not have a PL public key"
% hrn)
pkey = Keypair(create=True)
user_gid = self.auth_hierarchy.create_gid(urn,
create_uuid(),
pkey,
email=user.email)
user_record = RegUser()
user_record.type = 'user'
user_record.hrn = hrn
user_record.gid = user_gid
user_record.authority = get_authority(hrn)
global_dbsession.add(user_record)
global_dbsession.commit()
self.logger.info("OpenstackImporter: imported person %s" %
user_record)
return users_dict, user_keys
def shutdown(self, xrn, options={}):
xrn = OSXrn(xrn=xrn, type='slice')
tenant_name = xrn.get_tenant_name()
name = xrn.get_slicename()
self.driver.shell.nova_manager.connect(tenant=tenant_name)
instances = self.driver.shell.nova_manager.servers.findall(name=name)
for instance in instances:
self.driver.shell.nova_manager.servers.shutdown(instance)
return True
def shutdown(self, urn, options=None):
if options is None: options={}
# Update connection for the current client
xrn = Xrn(urn)
osxrn = OSXrn(xrn=urn, type='slice')
user_name = xrn.get_authority_hrn() + '.' + xrn.leaf.split('-')[0]
tenant_name = osxrn.get_hrn()
self.shell.compute_manager.connect(username=user_name, tenant=tenant_name, password=user_name)
instances = self.shell.compute_manager.servers.findall(name=osxrn.get_slicename())
for instance in instances:
self.shell.compute_manager.servers.shutdown(instance.id)
return True
def import_tenants(self, existing_hrns, existing_records):
# Get all tenants
# A tenant can represent an organizational group (site) or a
# slice. If a tenant's authorty/parent matches the root authority it is
# considered a group/site. All other tenants are considered slices.
tenants = self.shell.auth_manager.tenants.list()
tenants_dict = {}
for tenant in tenants:
hrn = self.config.SFA_INTERFACE_HRN + '.' + tenant.name
tenants_dict[hrn] = tenant
authority_hrn = OSXrn(xrn=hrn,
type='authority').get_authority_hrn()
if hrn in existing_hrns:
continue
if authority_hrn == self.config.SFA_INTERFACE_HRN:
# import group/site
record = RegAuthority()
urn = OSXrn(xrn=hrn, type='authority').get_urn()
if not self.auth_hierarchy.auth_exists(urn):
self.auth_hierarchy.create_auth(urn)
auth_info = self.auth_hierarchy.get_auth_info(urn)
gid = auth_info.get_gid_object()
record.type = 'authority'
record.hrn = hrn
record.gid = gid
record.authority = get_authority(hrn)
global_dbsession.add(record)
global_dbsession.commit()
self.logger.info("OpenstackImporter: imported authority: %s" %
record)
else:
record = RegSlice()
urn = OSXrn(xrn=hrn, type='slice').get_urn()
pkey = Keypair(create=True)
gid = self.auth_hierarchy.create_gid(urn, create_uuid(), pkey)
record.type = 'slice'
record.hrn = hrn
record.gid = gid
record.authority = get_authority(hrn)
global_dbsession.add(record)
global_dbsession.commit()
self.logger.info("OpenstackImporter: imported slice: %s" %
record)
return tenants_dict
def check_sliver_credentials(self, creds, urns):
# build list of cred object hrns
slice_cred_names = []
for cred in creds:
slice_cred_hrn = Credential(cred=cred).get_gid_object().get_hrn()
slice_cred_names.append(OSXrn(xrn=slice_cred_hrn).get_slicename())
# look up slice name of slivers listed in urns arg
slice_ids = []
for urn in urns:
sliver_id_parts = Xrn(xrn=urn).get_sliver_id_parts()
slice_ids.append(sliver_id_parts[0])
if not slice_ids:
raise Forbidden("sliver urn not provided")
sliver_names = []
for slice_id in slice_ids:
slice = self.shell.auth_manager.tenants.find(slice_id)
sliver_names.append(slice['name'])
# make sure we have a credential for every specified sliver ierd
for sliver_name in sliver_names:
if sliver_name not in slice_cred_names:
msg = "Valid credential not found for target: %s" % sliver_name
raise Forbidden(msg)
def allocate(self, urn, rspec_string, expiration, options={}):
xrn = Xrn(urn)
aggregate = OSAggregate(self)
# assume first user is the caller and use their context
# for the ec2/euca api connection. Also, use the first users
# key as the project key.
key_name = None
if len(users) > 1:
key_name = aggregate.create_instance_key(xrn.get_hrn(), users[0])
# collect public keys
users = options.get('geni_users', [])
pubkeys = []
for user in users:
pubkeys.extend(user['keys'])
rspec = RSpec(rspec_string)
instance_name = hrn_to_os_slicename(slice_hrn)
tenant_name = OSXrn(xrn=slice_hrn, type='slice').get_tenant_name()
slivers = aggregate.run_instances(instance_name, tenant_name, \
rspec_string, key_name, pubkeys)
# update all sliver allocation states setting then to geni_allocated
sliver_ids = [sliver.id for sliver in slivers]
dbsession = self.api.dbsession()
SliverAllocation.set_allocations(sliver_ids, 'geni_provisioned',
dbsession)
return aggregate.describe(urns=[urn], version=rspec.version)
def describe(self, urns, version=None, options={}):
# update nova connection
tenant_name = OSXrn(xrn=urns[0], type='slice').get_tenant_name()
self.driver.shell.nova_manager.connect(tenant=tenant_name)
instances = self.get_instances(urns)
# lookup the sliver allocations
sliver_ids = [sliver['sliver_id'] for sliver in slivers]
constraint = SliverAllocation.sliver_id.in_(sliver_ids)
sliver_allocations = self.driver.api.dbsession().query(SliverAllocation).filter(constraint)
sliver_allocation_dict = {}
for sliver_allocation in sliver_allocations:
sliver_allocation_dict[sliver_allocation.sliver_id] = sliver_allocation
geni_slivers = []
rspec_nodes = []
for instance in instances:
rspec_nodes.append(self.instance_to_rspec_node(instance))
geni_sliver = self.instance_to_geni_sliver(instance, sliver_sllocation_dict)
geni_slivers.append(geni_sliver)
version_manager = VersionManager()
version = version_manager.get_version(version)
rspec_version = version_manager._get_version(version.type, version.version, 'manifest')
rspec = RSpec(version=rspec_version, user_options=options)
rspec.xml.set('expires', datetime_to_string(utcparse(time.time())))
rspec.version.add_nodes(rspec_nodes)
result = {'geni_urn': Xrn(urns[0]).get_urn(),
'geni_rspec': rspec.toxml(),
'geni_slivers': geni_slivers}
return result
def get_aggregate_nodes(self):
zones = self.get_availability_zones()
# available sliver/instance/vm types
instances = self.driver.shell.nova_manager.flavors.list()
if isinstance(instances, dict):
instances = instances.values()
# available images
images = self.driver.shell.image_manager.get_images_detailed()
disk_images = [image_to_rspec_disk_image(img) for img in images if img['container_format'] in ['ami', 'ovf']]
rspec_nodes = []
for zone in zones:
rspec_node = Node()
xrn = OSXrn(zone, type='node')
rspec_node['component_id'] = xrn.urn
rspec_node['component_name'] = xrn.name
rspec_node['component_manager_id'] = Xrn(self.driver.hrn, 'authority+cm').get_urn()
rspec_node['exclusive'] = 'false'
rspec_node['hardware_types'] = [HardwareType({'name': 'plos-pc'}),
HardwareType({'name': 'pc'})]
slivers = []
for instance in instances:
sliver = self.instance_to_sliver(instance)
sliver['disk_image'] = disk_images
slivers.append(sliver)
rspec_node['available'] = 'true'
rspec_node['slivers'] = slivers
rspec_nodes.append(rspec_node)
return rspec_nodes
def sliver_to_slice_xrn(self, xrn):
sliver_id_parts = Xrn(xrn).get_sliver_id_parts()
slice = self.shell.auth_manager.tenants.find(id=sliver_id_parts[0])
if not slice:
raise Forbidden("Unable to locate slice record for sliver: %s" %
xrn)
slice_xrn = OSXrn(name=slice.name, type='slice')
return slice_xrn
def get_instances(self, urns):
# parse slice names and sliver ids
names = set()
ids = set()
for urn in urns:
xrn = OSXrn(xrn=urn)
if xrn.type == 'slice':
names.add(xrn.get_slice_name())
elif xrn.type == 'sliver':
ids.add(xrn.leaf)
# look up instances
instances = []
filter = {}
if names:
filter['name'] = names
if ids:
filter['id'] = ids
servers = self.driver.shell.nova_manager.servers.findall(**filter)
instances.extend(servers)
return instances
def fill_slice_record_info(self, record):
tenant_name = hrn_to_os_tenant_name(record['hrn'])
tenant = self.shell.auth_manager.tenants.find(name=tenant_name)
parent_tenant_name = OSXrn(xrn=tenant_name).get_authority_hrn()
parent_tenant = self.shell.auth_manager.tenants.find(
name=parent_tenant_name)
researchers = []
pis = []
# look for users and pis in slice tenant
for user in tenant.list_users():
for role in self.shell.auth_manager.roles.roles_for_user(
user, tenant):
if role.name.lower() == 'pi':
user_tenant = self.shell.auth_manager.tenants.find(
id=user.tenantId)
hrn = ".".join([self.hrn, user_tenant.name, user.name])
pis.append(hrn)
elif role.name.lower() in ['user', 'member']:
user_tenant = self.shell.auth_manager.tenants.find(
id=user.tenantId)
hrn = ".".join([self.hrn, user_tenant.name, user.name])
researchers.append(hrn)
# look for pis in the slice's parent (site/organization) tenant
for user in parent_tenant.list_users():
for role in self.shell.auth_manager.roles.roles_for_user(
user, parent_tenant):
if role.name.lower() == 'pi':
user_tenant = self.shell.auth_manager.tenants.find(
id=user.tenantId)
hrn = ".".join([self.hrn, user_tenant.name, user.name])
pis.append(hrn)
record['name'] = tenant_name
record['description'] = tenant.description
record['PI'] = pis
if pis:
record['geni_creator'] = pis[0]
else:
record['geni_creator'] = None
record['researcher'] = researchers
return record
def register_authority(self, sfa_record, hrn):
name = OSXrn(xrn=hrn, type='authority').get_tenant_name()
self.shell.auth_manager.tenants.create(
name, sfa_record.get('description', ''))
tenant = self.shell.auth_manager.tenants.find(name=name)
return tenant
def instance_to_rspec_node(self, instance):
# determine node urn
node_xrn = instance.metadata.get('component_id')
if not node_xrn:
node_xrn = OSXrn('cloud', type='node')
else:
node_xrn = OSXrn(xrn=node_xrn, type='node')
rspec_node = Node()
rspec_node['component_id'] = node_xrn.urn
rspec_node['component_name'] = node_xrn.name
rspec_node['component_manager_id'] = Xrn(self.driver.hrn, 'authority+cm').get_urn()
rspec_node['sliver_id'] = OSXrn(name=instance.name, type='slice', id=instance.id).get_urn()
if instance.metadata.get('client_id'):
rspec_node['client_id'] = instance.metadata.get('client_id')
# get sliver details
flavor = self.driver.shell.nova_manager.flavors.find(id=instance.flavor['id'])
sliver = self.instance_to_sliver(flavor)
# get firewall rules
fw_rules = []
group_name = instance.metadata.get('security_groups')
if group_name:
group = self.driver.shell.nova_manager.security_groups.find(name=group_name)
for rule in group.rules:
port_range ="%s:%s" % (rule['from_port'], rule['to_port'])
fw_rule = FWRule({'protocol': rule['ip_protocol'],
'port_range': port_range,
'cidr_ip': rule['ip_range']['cidr']})
fw_rules.append(fw_rule)
sliver['fw_rules'] = fw_rules
rspec_node['slivers'] = [sliver]
# get disk image
image = self.driver.shell.image_manager.get_images(id=instance.image['id'])
if isinstance(image, list) and len(image) > 0:
image = image[0]
disk_image = image_to_rspec_disk_image(image)
sliver['disk_image'] = [disk_image]
# get interfaces
rspec_node['services'] = []
rspec_node['interfaces'] = []
addresses = instance.addresses
# HACK: public ips are stored in the list of private, but
# this seems wrong. Assume pub ip is the last in the list of
# private ips until openstack bug is fixed.
if addresses.get('private'):
login = Login({'authentication': 'ssh-keys',
'hostname': addresses.get('private')[-1]['addr'],
'port':'22', 'username': '******'})
service = Services({'login': login})
rspec_node['services'].append(service)
for private_ip in addresses.get('private', []):
if_xrn = PlXrn(auth=self.driver.hrn,
interface='node%s' % (instance.hostId))
if_client_id = Xrn(if_xrn.urn, type='interface', id="eth%s" %if_index).urn
if_sliver_id = Xrn(rspec_node['sliver_id'], type='slice', id="eth%s" %if_index).urn
interface = Interface({'component_id': if_xrn.urn,
'client_id': if_client_id,
'sliver_id': if_sliver_id})
interface['ips'] = [{'address': private_ip['addr'],
#'netmask': private_ip['network'],
'type': private_ip['version']}]
rspec_node['interfaces'].append(interface)
# slivers always provide the ssh service
for public_ip in addresses.get('public', []):
login = Login({'authentication': 'ssh-keys',
'hostname': public_ip['addr'],
'port':'22', 'username': '******'})
service = Services({'login': login})
rspec_node['services'].append(service)
return rspec_node
def instance_to_rspec_node(self, slice_xrn, instance):
# determine node urn
node_xrn = instance.metadata.get('component_id')
if not node_xrn:
node_xrn = OSXrn('cloud', type='node')
else:
node_xrn = OSXrn(xrn=node_xrn, type='node')
rspec_node = Node()
rspec_node['component_id'] = node_xrn.urn
rspec_node['component_name'] = node_xrn.name
rspec_node['component_manager_id'] = Xrn(self.driver.hrn, 'authority+cm').get_urn()
if instance.metadata.get('client_id'):
rspec_node['client_id'] = instance.metadata.get('client_id')
# get sliver details
sliver_xrn = OSXrn(xrn=slice_xrn, type='slice', id=instance.id)
rspec_node['sliver_id'] = sliver_xrn.get_urn()
flavor = self.driver.shell.nova_manager.flavors.find(id=instance.flavor['id'])
sliver = instance_to_sliver(flavor)
# get firewall rules
fw_rules = []
group_name = instance.metadata.get('security_groups')
if group_name:
group = self.driver.shell.nova_manager.security_groups.find(name=group_name)
for rule in group.rules:
port_range ="%s:%s" % (rule['from_port'], rule['to_port'])
fw_rule = FWRule({'protocol': rule['ip_protocol'],
'port_range': port_range,
'cidr_ip': rule['ip_range']['cidr']})
fw_rules.append(fw_rule)
sliver['fw_rules'] = fw_rules
rspec_node['slivers']= [sliver]
# get disk image
image = self.driver.shell.image_manager.get_images(id=instance.image['id'])
if isinstance(image, list) and len(image) > 0:
image = image[0]
disk_image = image_to_rspec_disk_image(image)
sliver['disk_image'] = [disk_image]
# get interfaces
rspec_node['services'] = []
rspec_node['interfaces'] = []
addresses = instance.addresses
# HACK: public ips are stored in the list of private, but
# this seems wrong. Assume pub ip is the last in the list of
# private ips until openstack bug is fixed.
if addresses.get('private'):
login = Login({'authentication': 'ssh-keys',
'hostname': addresses.get('private')[-1]['addr'],
'port':'22', 'username': '******'})
service = Services({'login': login})
rspec_node['services'].append(service)
if_index = 0
for private_ip in addresses.get('private', []):
if_xrn = PlXrn(auth=self.driver.hrn,
interface='node%s' % (instance.hostId))
if_client_id = Xrn(if_xrn.urn, type='interface', id="eth%s" %if_index).urn
if_sliver_id = Xrn(rspec_node['sliver_id'], type='slice', id="eth%s" %if_index).urn
interface = Interface({'component_id': if_xrn.urn,
'client_id': if_client_id,
'sliver_id': if_sliver_id})
interface['ips'] = [{'address': private_ip['addr'],
#'netmask': private_ip['network'],
'type': 'ipv%s' % str(private_ip['version'])}]
rspec_node['interfaces'].append(interface)
if_index += 1
# slivers always provide the ssh service
for public_ip in addresses.get('public', []):
login = Login({'authentication': 'ssh-keys',
'hostname': public_ip['addr'],
'port':'22', 'username': '******'})
service = Services({'login': login})
rspec_node['services'].append(service)
return rspec_node
