class NovaDriver(Driver): # the cache instance is a class member so it survives across incoming requests cache = None def __init__ (self, config): Driver.__init__(self, config) self.shell = Shell(config=config) self.cache=None if config.SFA_AGGREGATE_CACHING: if NovaDriver.cache is None: NovaDriver.cache = Cache() self.cache = NovaDriver.cache ######################################## ########## registry oriented ######################################## ########## disabled users def is_enabled (self, record): # all records are enabled return True def augment_records_with_testbed_info (self, sfa_records): return self.fill_record_info (sfa_records) ########## def register (self, sfa_record, hrn, pub_key): if sfa_record['type'] == 'slice': record = self.register_slice(sfa_record, hrn) elif sfa_record['type'] == 'user': record = self.register_user(sfa_record, hrn, pub_key) elif sfa_record['type'].startswith('authority'): record = self.register_authority(sfa_record, hrn) # We should be returning the records id as a pointer but # this is a string and the records table expects this to be an # int. #return record.id return -1 def register_slice(self, sfa_record, hrn): # add slice description, name, researchers, PI name = hrn_to_os_tenant_name(hrn) description = sfa_record.get('description', None) self.shell.auth_manager.tenants.create(name, description) tenant = self.shell.auth_manager.tenants.find(name=name) auth_hrn = OSXrn(xrn=hrn, type='slice').get_authority_hrn() parent_tenant_name = OSXrn(xrn=auth_hrn, type='slice').get_tenant_name() parent_tenant = self.shell.auth_manager.tenants.find(name=parent_tenant_name) researchers = sfa_record.get('researchers', []) for researcher in researchers: name = Xrn(researcher).get_leaf() user = self.shell.auth_manager.users.find(name=name) self.shell.auth_manager.roles.add_user_role(user, 'Member', tenant) self.shell.auth_manager.roles.add_user_role(user, 'user', tenant) pis = sfa_record.get('pis', []) for pi in pis: name = Xrn(pi).get_leaf() user = self.shell.auth_manager.users.find(name=name) self.shell.auth_manager.roles.add_user_role(user, 'pi', tenant) self.shell.auth_manager.roles.add_user_role(user, 'pi', parent_tenant) return tenant def register_user(self, sfa_record, hrn, pub_key): # add person roles, projects and keys email = sfa_record.get('email', None) xrn = Xrn(hrn) name = xrn.get_leaf() auth_hrn = xrn.get_authority_hrn() tenant_name = OSXrn(xrn=auth_hrn, type='authority').get_tenant_name() tenant = self.shell.auth_manager.tenants.find(name=tenant_name) self.shell.auth_manager.users.create(name, email=email, tenant_id=tenant.id) user = self.shell.auth_manager.users.find(name=name) slices = sfa_records.get('slices', []) for slice in projects: slice_tenant_name = OSXrn(xrn=slice, type='slice').get_tenant_name() slice_tenant = self.shell.auth_manager.tenants.find(name=slice_tenant_name) self.shell.auth_manager.roles.add_user_role(user, slice_tenant, 'user') keys = sfa_records.get('keys', []) for key in keys: keyname = OSXrn(xrn=hrn, type='user').get_slicename() self.shell.nova_client.keypairs.create(keyname, key) return user def register_authority(self, sfa_record, hrn): name = OSXrn(xrn=hrn, type='authority').get_tenant_name() self.shell.auth_manager.tenants.create(name, sfa_record.get('description', '')) tenant = self.shell.auth_manager.tenants.find(name=name) return tenant ########## # xxx actually old_sfa_record comes filled with plc stuff as well in the original code def update (self, old_sfa_record, new_sfa_record, hrn, new_key): type = new_sfa_record['type'] # new_key implemented for users only if new_key and type not in [ 'user' ]: raise UnknownSfaType(type) elif type == "slice": # can update project manager and description name = hrn_to_os_slicename(hrn) researchers = sfa_record.get('researchers', []) pis = sfa_record.get('pis', []) project_manager = None description = sfa_record.get('description', None) if pis: project_manager = Xrn(pis[0], 'user').get_leaf() elif researchers: project_manager = Xrn(researchers[0], 'user').get_leaf() self.shell.auth_manager.modify_project(name, project_manager, description) elif type == "user": # can techinally update access_key and secret_key, # but that is not in our scope, so we do nothing. pass return True ########## def remove (self, sfa_record): type=sfa_record['type'] if type == 'user': name = Xrn(sfa_record['hrn']).get_leaf() if self.shell.auth_manager.get_user(name): self.shell.auth_manager.delete_user(name) elif type == 'slice': name = hrn_to_os_slicename(sfa_record['hrn']) if self.shell.auth_manager.get_project(name): self.shell.auth_manager.delete_project(name) return True #################### def fill_record_info(self, records): """ Given a (list of) SFA record, fill in the PLC specific and SFA specific fields in the record. """ if not isinstance(records, list): records = [records] for record in records: if record['type'] == 'user': record = self.fill_user_record_info(record) elif record['type'] == 'slice': record = self.fill_slice_record_info(record) elif record['type'].startswith('authority'): record = self.fill_auth_record_info(record) else: continue record['geni_urn'] = hrn_to_urn(record['hrn'], record['type']) record['geni_certificate'] = record['gid'] #if os_record.created_at is not None: # record['date_created'] = datetime_to_string(utcparse(os_record.created_at)) #if os_record.updated_at is not None: # record['last_updated'] = datetime_to_string(utcparse(os_record.updated_at)) return records def fill_user_record_info(self, record): xrn = Xrn(record['hrn']) name = xrn.get_leaf() record['name'] = name user = self.shell.auth_manager.users.find(name=name) record['email'] = user.email tenant = self.shell.auth_manager.tenants.find(id=user.tenantId) slices = [] all_tenants = self.shell.auth_manager.tenants.list() for tmp_tenant in all_tenants: if tmp_tenant.name.startswith(tenant.name +"."): for tmp_user in tmp_tenant.list_users(): if tmp_user.name == user.name: slice_hrn = ".".join([self.hrn, tmp_tenant.name]) slices.append(slice_hrn) record['slices'] = slices roles = self.shell.auth_manager.roles.roles_for_user(user, tenant) record['roles'] = [role.name for role in roles] keys = self.shell.nova_manager.keypairs.findall(name=record['hrn']) record['keys'] = [key.public_key for key in keys] return record def fill_slice_record_info(self, record): tenant_name = hrn_to_os_tenant_name(record['hrn']) tenant = self.shell.auth_manager.tenants.find(name=tenant_name) parent_tenant_name = OSXrn(xrn=tenant_name).get_authority_hrn() parent_tenant = self.shell.auth_manager.tenants.find(name=parent_tenant_name) researchers = [] pis = [] # look for users and pis in slice tenant for user in tenant.list_users(): for role in self.shell.auth_manager.roles.roles_for_user(user, tenant): if role.name.lower() == 'pi': user_tenant = self.shell.auth_manager.tenants.find(id=user.tenantId) hrn = ".".join([self.hrn, user_tenant.name, user.name]) pis.append(hrn) elif role.name.lower() in ['user', 'member']: user_tenant = self.shell.auth_manager.tenants.find(id=user.tenantId) hrn = ".".join([self.hrn, user_tenant.name, user.name]) researchers.append(hrn) # look for pis in the slice's parent (site/organization) tenant for user in parent_tenant.list_users(): for role in self.shell.auth_manager.roles.roles_for_user(user, parent_tenant): if role.name.lower() == 'pi': user_tenant = self.shell.auth_manager.tenants.find(id=user.tenantId) hrn = ".".join([self.hrn, user_tenant.name, user.name]) pis.append(hrn) record['name'] = tenant_name record['description'] = tenant.description record['PI'] = pis if pis: record['geni_creator'] = pis[0] else: record['geni_creator'] = None record['researcher'] = researchers return record def fill_auth_record_info(self, record): tenant_name = hrn_to_os_tenant_name(record['hrn']) tenant = self.shell.auth_manager.tenants.find(name=tenant_name) researchers = [] pis = [] # look for users and pis in slice tenant for user in tenant.list_users(): for role in self.shell.auth_manager.roles.roles_for_user(user, tenant): hrn = ".".join([self.hrn, tenant.name, user.name]) if role.name.lower() == 'pi': pis.append(hrn) elif role.name.lower() in ['user', 'member']: researchers.append(hrn) # look for slices slices = [] all_tenants = self.shell.auth_manager.tenants.list() for tmp_tenant in all_tenants: if tmp_tenant.name.startswith(tenant.name+"."): slices.append(".".join([self.hrn, tmp_tenant.name])) record['name'] = tenant_name record['description'] = tenant.description record['PI'] = pis record['enabled'] = tenant.enabled record['researchers'] = researchers record['slices'] = slices return record #################### # plcapi works by changes, compute what needs to be added/deleted def update_relation (self, subject_type, target_type, subject_id, target_ids): # hard-wire the code for slice/user for now, could be smarter if needed if subject_type =='slice' and target_type == 'user': subject=self.shell.project_get(subject_id)[0] current_target_ids = [user.name for user in subject.members] add_target_ids = list ( set (target_ids).difference(current_target_ids)) del_target_ids = list ( set (current_target_ids).difference(target_ids)) logger.debug ("subject_id = %s (type=%s)"%(subject_id,type(subject_id))) for target_id in add_target_ids: self.shell.project_add_member(target_id,subject_id) logger.debug ("add_target_id = %s (type=%s)"%(target_id,type(target_id))) for target_id in del_target_ids: logger.debug ("del_target_id = %s (type=%s)"%(target_id,type(target_id))) self.shell.project_remove_member(target_id, subject_id) else: logger.info('unexpected relation to maintain, %s -> %s'%(subject_type,target_type)) ######################################## ########## aggregate oriented ######################################## def testbed_name (self): return "openstack" # 'geni_request_rspec_versions' and 'geni_ad_rspec_versions' are mandatory def aggregate_version (self): version_manager = VersionManager() ad_rspec_versions = [] request_rspec_versions = [] for rspec_version in version_manager.versions: if rspec_version.content_type in ['*', 'ad']: ad_rspec_versions.append(rspec_version.to_dict()) if rspec_version.content_type in ['*', 'request']: request_rspec_versions.append(rspec_version.to_dict()) return { 'testbed':self.testbed_name(), 'geni_request_rspec_versions': request_rspec_versions, 'geni_ad_rspec_versions': ad_rspec_versions, } def list_slices (self, creds, options): # look in cache first if self.cache: slices = self.cache.get('slices') if slices: logger.debug("OpenStackDriver.list_slices returns from cache") return slices # get data from db instance_urns = [] instances = self.shell.nova_manager.servers.findall() for instance in instances: if instance.name not in instance_urns: instance_urns.append(OSXrn(instance.name, type='slice').urn) # cache the result if self.cache: logger.debug ("OpenStackDriver.list_slices stores value in cache") self.cache.add('slices', instance_urns) return instance_urns # first 2 args are None in case of resource discovery def list_resources (self, slice_urn, slice_hrn, creds, options): cached_requested = options.get('cached', True) version_manager = VersionManager() # get the rspec's return format from options rspec_version = version_manager.get_version(options.get('geni_rspec_version')) version_string = "rspec_%s" % (rspec_version) #panos adding the info option to the caching key (can be improved) if options.get('info'): version_string = version_string + "_"+options.get('info', 'default') # look in cache first if cached_requested and self.cache and not slice_hrn: rspec = self.cache.get(version_string) if rspec: logger.debug("OpenStackDriver.ListResources: returning cached advertisement") return rspec #panos: passing user-defined options #print "manager options = ",options aggregate = OSAggregate(self) rspec = aggregate.get_rspec(slice_xrn=slice_urn, version=rspec_version, options=options) # cache the result if self.cache and not slice_hrn: logger.debug("OpenStackDriver.ListResources: stores advertisement in cache") self.cache.add(version_string, rspec) return rspec def sliver_status (self, slice_urn, slice_hrn): # update nova connection tenant_name = OSXrn(xrn=slice_hrn, type='slice').get_tenant_name() self.shell.nova_manager.connect(tenant=tenant_name) # find out where this slice is currently running project_name = hrn_to_os_slicename(slice_hrn) instances = self.shell.nova_manager.servers.findall(name=project_name) if len(instances) == 0: raise SliverDoesNotExist("You have not allocated any slivers here") result = {} top_level_status = 'ready' result['geni_urn'] = slice_urn result['plos_login'] = '******' # do we need real dates here? result['plos_expires'] = None result['geni_expires'] = None resources = [] for instance in instances: res = {} # instances are accessed by ip, not hostname. We need to report the ip # somewhere so users know where to ssh to. res['geni_expires'] = None #res['plos_hostname'] = instance.hostname res['plos_created_at'] = datetime_to_string(utcparse(instance.created)) res['plos_boot_state'] = instance.status res['plos_sliver_type'] = self.shell.nova_manager.flavors.find(id=instance.flavor['id']).name res['geni_urn'] = Xrn(slice_urn, type='slice', id=instance.id).get_urn() if instance.status.lower() == 'active': res['boot_state'] = 'ready' res['geni_status'] = 'ready' elif instance.status.lower() == 'error': res['boot_state'] = 'failed' res['geni_status'] = 'failed' top_level_status = 'failed' else: res['boot_state'] = 'notready' res['geni_status'] = 'notready' top_level_status = 'notready' resources.append(res) result['geni_status'] = top_level_status result['geni_resources'] = resources return result def create_sliver (self, slice_urn, slice_hrn, creds, rspec_string, users, options): aggregate = OSAggregate(self) # assume first user is the caller and use their context # for the ec2/euca api connection. Also, use the first users # key as the project key. key_name = None if len(users) > 1: key_name = aggregate.create_instance_key(slice_hrn, users[0]) # collect public keys pubkeys = [] for user in users: pubkeys.extend(user['keys']) rspec = RSpec(rspec_string) instance_name = hrn_to_os_slicename(slice_hrn) tenant_name = OSXrn(xrn=slice_hrn, type='slice').get_tenant_name() instances = aggregate.run_instances(instance_name, tenant_name, rspec_string, key_name, pubkeys) rspec_nodes = [] for instance in instances: rspec_nodes.append(aggregate.instance_to_rspec_node(slice_urn, instance)) version_manager = VersionManager() manifest_version = version_manager._get_version(rspec.version.type, rspec.version.version, 'manifest') manifest_rspec = RSpec(version=manifest_version, user_options=options) manifest_rspec.version.add_nodes(rspec_nodes) return manifest_rspec.toxml() def delete_sliver (self, slice_urn, slice_hrn, creds, options): aggregate = OSAggregate(self) tenant_name = OSXrn(xrn=slice_hrn, type='slice').get_tenant_name() project_name = hrn_to_os_slicename(slice_hrn) return aggregate.delete_instances(project_name, tenant_name) def update_sliver(self, slice_urn, slice_hrn, rspec, creds, options): name = hrn_to_os_slicename(slice_hrn) tenant_name = OSXrn(xrn=slice_hrn, type='slice').get_tenant_name() aggregate = OSAggregate(self) return aggregate.update_instances(name) def renew_sliver (self, slice_urn, slice_hrn, creds, expiration_time, options): return True def start_slice (self, slice_urn, slice_hrn, creds): return 1 def stop_slice (self, slice_urn, slice_hrn, creds): tenant_name = OSXrn(xrn=slice_hrn, type='slice').get_tenant_name() name = OSXrn(xrn=slice_urn).name aggregate = OSAggregate(self) return aggregate.stop_instances(name, tenant_name) def reset_slice (self, slice_urn, slice_hrn, creds): raise SfaNotImplemented ("reset_slice not available at this interface") # xxx this code is quite old and has not run for ages # it is obviously totally broken and needs a rewrite def get_ticket (self, slice_urn, slice_hrn, creds, rspec_string, options): raise SfaNotImplemented,"OpenStackDriver.get_ticket needs a rewrite"
class NovaDriver(Driver): # the cache instance is a class member so it survives across incoming requests cache = None def __init__(self, api): Driver.__init__(self, api) config = api.config self.shell = Shell(config=config) self.cache = None if config.SFA_AGGREGATE_CACHING: if NovaDriver.cache is None: NovaDriver.cache = Cache() self.cache = NovaDriver.cache def sliver_to_slice_xrn(self, xrn): sliver_id_parts = Xrn(xrn).get_sliver_id_parts() slice = self.shell.auth_manager.tenants.find(id=sliver_id_parts[0]) if not slice: raise Forbidden("Unable to locate slice record for sliver: %s" % xrn) slice_xrn = OSXrn(name=slice.name, type='slice') return slice_xrn def check_sliver_credentials(self, creds, urns): # build list of cred object hrns slice_cred_names = [] for cred in creds: slice_cred_hrn = Credential(cred=cred).get_gid_object().get_hrn() slice_cred_names.append(OSXrn(xrn=slice_cred_hrn).get_slicename()) # look up slice name of slivers listed in urns arg slice_ids = [] for urn in urns: sliver_id_parts = Xrn(xrn=urn).get_sliver_id_parts() slice_ids.append(sliver_id_parts[0]) if not slice_ids: raise Forbidden("sliver urn not provided") sliver_names = [] for slice_id in slice_ids: slice = self.shell.auth_manager.tenants.find(slice_id) sliver_names.append(slice['name']) # make sure we have a credential for every specified sliver ierd for sliver_name in sliver_names: if sliver_name not in slice_cred_names: msg = "Valid credential not found for target: %s" % sliver_name raise Forbidden(msg) ######################################## ########## registry oriented ######################################## ########## disabled users def is_enabled(self, record): # all records are enabled return True def augment_records_with_testbed_info(self, sfa_records): return self.fill_record_info(sfa_records) ########## def register(self, sfa_record, hrn, pub_key): if sfa_record['type'] == 'slice': record = self.register_slice(sfa_record, hrn) elif sfa_record['type'] == 'user': record = self.register_user(sfa_record, hrn, pub_key) elif sfa_record['type'].startswith('authority'): record = self.register_authority(sfa_record, hrn) # We should be returning the records id as a pointer but # this is a string and the records table expects this to be an # int. #return record.id return -1 def register_slice(self, sfa_record, hrn): # add slice description, name, researchers, PI name = hrn_to_os_tenant_name(hrn) description = sfa_record.get('description', None) self.shell.auth_manager.tenants.create(name, description) tenant = self.shell.auth_manager.tenants.find(name=name) auth_hrn = OSXrn(xrn=hrn, type='slice').get_authority_hrn() parent_tenant_name = OSXrn(xrn=auth_hrn, type='slice').get_tenant_name() parent_tenant = self.shell.auth_manager.tenants.find( name=parent_tenant_name) researchers = sfa_record.get('researchers', []) for researcher in researchers: name = Xrn(researcher).get_leaf() user = self.shell.auth_manager.users.find(name=name) self.shell.auth_manager.roles.add_user_role(user, 'Member', tenant) self.shell.auth_manager.roles.add_user_role(user, 'user', tenant) pis = sfa_record.get('pis', []) for pi in pis: name = Xrn(pi).get_leaf() user = self.shell.auth_manager.users.find(name=name) self.shell.auth_manager.roles.add_user_role(user, 'pi', tenant) self.shell.auth_manager.roles.add_user_role( user, 'pi', parent_tenant) return tenant def register_user(self, sfa_record, hrn, pub_key): # add person roles, projects and keys email = sfa_record.get('email', None) xrn = Xrn(hrn) name = xrn.get_leaf() auth_hrn = xrn.get_authority_hrn() tenant_name = OSXrn(xrn=auth_hrn, type='authority').get_tenant_name() tenant = self.shell.auth_manager.tenants.find(name=tenant_name) self.shell.auth_manager.users.create(name, email=email, tenant_id=tenant.id) user = self.shell.auth_manager.users.find(name=name) slices = sfa_records.get('slices', []) for slice in projects: slice_tenant_name = OSXrn(xrn=slice, type='slice').get_tenant_name() slice_tenant = self.shell.auth_manager.tenants.find( name=slice_tenant_name) self.shell.auth_manager.roles.add_user_role( user, slice_tenant, 'user') keys = sfa_records.get('keys', []) for key in keys: keyname = OSXrn(xrn=hrn, type='user').get_slicename() self.shell.nova_client.keypairs.create(keyname, key) return user def register_authority(self, sfa_record, hrn): name = OSXrn(xrn=hrn, type='authority').get_tenant_name() self.shell.auth_manager.tenants.create( name, sfa_record.get('description', '')) tenant = self.shell.auth_manager.tenants.find(name=name) return tenant ########## # xxx actually old_sfa_record comes filled with plc stuff as well in the original code def update(self, old_sfa_record, new_sfa_record, hrn, new_key): type = new_sfa_record['type'] # new_key implemented for users only if new_key and type not in ['user']: raise UnknownSfaType(type) elif type == "slice": # can update project manager and description name = hrn_to_os_slicename(hrn) researchers = sfa_record.get('researchers', []) pis = sfa_record.get('pis', []) project_manager = None description = sfa_record.get('description', None) if pis: project_manager = Xrn(pis[0], 'user').get_leaf() elif researchers: project_manager = Xrn(researchers[0], 'user').get_leaf() self.shell.auth_manager.modify_project(name, project_manager, description) elif type == "user": # can techinally update access_key and secret_key, # but that is not in our scope, so we do nothing. pass return True ########## def remove(self, sfa_record): type = sfa_record['type'] if type == 'user': name = Xrn(sfa_record['hrn']).get_leaf() if self.shell.auth_manager.get_user(name): self.shell.auth_manager.delete_user(name) elif type == 'slice': name = hrn_to_os_slicename(sfa_record['hrn']) if self.shell.auth_manager.get_project(name): self.shell.auth_manager.delete_project(name) return True #################### def fill_record_info(self, records): """ Given a (list of) SFA record, fill in the PLC specific and SFA specific fields in the record. """ if not isinstance(records, list): records = [records] for record in records: if record['type'] == 'user': record = self.fill_user_record_info(record) elif record['type'] == 'slice': record = self.fill_slice_record_info(record) elif record['type'].startswith('authority'): record = self.fill_auth_record_info(record) else: continue record['geni_urn'] = hrn_to_urn(record['hrn'], record['type']) record['geni_certificate'] = record['gid'] #if os_record.created_at is not None: # record['date_created'] = datetime_to_string(utcparse(os_record.created_at)) #if os_record.updated_at is not None: # record['last_updated'] = datetime_to_string(utcparse(os_record.updated_at)) return records def fill_user_record_info(self, record): xrn = Xrn(record['hrn']) name = xrn.get_leaf() record['name'] = name user = self.shell.auth_manager.users.find(name=name) record['email'] = user.email tenant = self.shell.auth_manager.tenants.find(id=user.tenantId) slices = [] all_tenants = self.shell.auth_manager.tenants.list() for tmp_tenant in all_tenants: if tmp_tenant.name.startswith(tenant.name + "."): for tmp_user in tmp_tenant.list_users(): if tmp_user.name == user.name: slice_hrn = ".".join([self.hrn, tmp_tenant.name]) slices.append(slice_hrn) record['slices'] = slices roles = self.shell.auth_manager.roles.roles_for_user(user, tenant) record['roles'] = [role.name for role in roles] keys = self.shell.nova_manager.keypairs.findall(name=record['hrn']) record['keys'] = [key.public_key for key in keys] return record def fill_slice_record_info(self, record): tenant_name = hrn_to_os_tenant_name(record['hrn']) tenant = self.shell.auth_manager.tenants.find(name=tenant_name) parent_tenant_name = OSXrn(xrn=tenant_name).get_authority_hrn() parent_tenant = self.shell.auth_manager.tenants.find( name=parent_tenant_name) researchers = [] pis = [] # look for users and pis in slice tenant for user in tenant.list_users(): for role in self.shell.auth_manager.roles.roles_for_user( user, tenant): if role.name.lower() == 'pi': user_tenant = self.shell.auth_manager.tenants.find( id=user.tenantId) hrn = ".".join([self.hrn, user_tenant.name, user.name]) pis.append(hrn) elif role.name.lower() in ['user', 'member']: user_tenant = self.shell.auth_manager.tenants.find( id=user.tenantId) hrn = ".".join([self.hrn, user_tenant.name, user.name]) researchers.append(hrn) # look for pis in the slice's parent (site/organization) tenant for user in parent_tenant.list_users(): for role in self.shell.auth_manager.roles.roles_for_user( user, parent_tenant): if role.name.lower() == 'pi': user_tenant = self.shell.auth_manager.tenants.find( id=user.tenantId) hrn = ".".join([self.hrn, user_tenant.name, user.name]) pis.append(hrn) record['name'] = tenant_name record['description'] = tenant.description record['PI'] = pis if pis: record['geni_creator'] = pis[0] else: record['geni_creator'] = None record['researcher'] = researchers return record def fill_auth_record_info(self, record): tenant_name = hrn_to_os_tenant_name(record['hrn']) tenant = self.shell.auth_manager.tenants.find(name=tenant_name) researchers = [] pis = [] # look for users and pis in slice tenant for user in tenant.list_users(): for role in self.shell.auth_manager.roles.roles_for_user( user, tenant): hrn = ".".join([self.hrn, tenant.name, user.name]) if role.name.lower() == 'pi': pis.append(hrn) elif role.name.lower() in ['user', 'member']: researchers.append(hrn) # look for slices slices = [] all_tenants = self.shell.auth_manager.tenants.list() for tmp_tenant in all_tenants: if tmp_tenant.name.startswith(tenant.name + "."): slices.append(".".join([self.hrn, tmp_tenant.name])) record['name'] = tenant_name record['description'] = tenant.description record['PI'] = pis record['enabled'] = tenant.enabled record['researchers'] = researchers record['slices'] = slices return record #################### # plcapi works by changes, compute what needs to be added/deleted def update_relation(self, subject_type, target_type, subject_id, target_ids): # hard-wire the code for slice/user for now, could be smarter if needed if subject_type == 'slice' and target_type == 'user': subject = self.shell.project_get(subject_id)[0] current_target_ids = [user.name for user in subject.members] add_target_ids = list( set(target_ids).difference(current_target_ids)) del_target_ids = list( set(current_target_ids).difference(target_ids)) logger.debug("subject_id = %s (type=%s)" % (subject_id, type(subject_id))) for target_id in add_target_ids: self.shell.project_add_member(target_id, subject_id) logger.debug("add_target_id = %s (type=%s)" % (target_id, type(target_id))) for target_id in del_target_ids: logger.debug("del_target_id = %s (type=%s)" % (target_id, type(target_id))) self.shell.project_remove_member(target_id, subject_id) else: logger.info('unexpected relation to maintain, %s -> %s' % (subject_type, target_type)) ######################################## ########## aggregate oriented ######################################## def testbed_name(self): return "openstack" def aggregate_version(self): return {} # first 2 args are None in case of resource discovery def list_resources(self, version=None, options={}): aggregate = OSAggregate(self) rspec = aggregate.list_resources(version=version, options=options) return rspec def describe(self, urns, version=None, options={}): aggregate = OSAggregate(self) return aggregate.describe(urns, version=version, options=options) def status(self, urns, options={}): aggregate = OSAggregate(self) desc = aggregate.describe(urns) status = { 'geni_urn': desc['geni_urn'], 'geni_slivers': desc['geni_slivers'] } return status def allocate(self, urn, rspec_string, expiration, options={}): xrn = Xrn(urn) aggregate = OSAggregate(self) # assume first user is the caller and use their context # for the ec2/euca api connection. Also, use the first users # key as the project key. key_name = None if len(users) > 1: key_name = aggregate.create_instance_key(xrn.get_hrn(), users[0]) # collect public keys users = options.get('geni_users', []) pubkeys = [] for user in users: pubkeys.extend(user['keys']) rspec = RSpec(rspec_string) instance_name = hrn_to_os_slicename(slice_hrn) tenant_name = OSXrn(xrn=slice_hrn, type='slice').get_tenant_name() slivers = aggregate.run_instances(instance_name, tenant_name, \ rspec_string, key_name, pubkeys) # update all sliver allocation states setting then to geni_allocated sliver_ids = [sliver.id for sliver in slivers] dbsession = self.api.dbsession() SliverAllocation.set_allocations(sliver_ids, 'geni_provisioned', dbsession) return aggregate.describe(urns=[urn], version=rspec.version) def provision(self, urns, options={}): # update sliver allocation states and set them to geni_provisioned aggregate = OSAggregate(self) instances = aggregate.get_instances(urns) sliver_ids = [] for instance in instances: sliver_hrn = "%s.%s" % (self.driver.hrn, instance.id) sliver_ids.append(Xrn(sliver_hrn, type='sliver').urn) dbsession = self.api.dbsession() SliverAllocation.set_allocations(sliver_ids, 'geni_provisioned', dbsession) version_manager = VersionManager() rspec_version = version_manager.get_version( options['geni_rspec_version']) return self.describe(urns, rspec_version, options=options) def delete(self, urns, options={}): # collect sliver ids so we can update sliver allocation states after # we remove the slivers. aggregate = OSAggregate(self) instances = aggregate.get_instances(urns) sliver_ids = [] for instance in instances: sliver_hrn = "%s.%s" % (self.driver.hrn, instance.id) sliver_ids.append(Xrn(sliver_hrn, type='sliver').urn) # delete the instance aggregate.delete_instance(instance) # delete sliver allocation states dbsession = self.api.dbsession() SliverAllocation.delete_allocations(sliver_ids, dbsession) # return geni_slivers geni_slivers = [] for sliver_id in sliver_ids: geni_slivers.append({ 'geni_sliver_urn': sliver['sliver_id'], 'geni_allocation_status': 'geni_unallocated', 'geni_expires': None }) return geni_slivers def renew(self, urns, expiration_time, options={}): description = self.describe(urns, None, options) return description['geni_slivers'] def perform_operational_action(self, urns, action, options={}): aggregate = OSAggregate(self) action = action.lower() if action == 'geni_start': action_method = aggregate.start_instances elif action == 'geni_stop': action_method = aggregate.stop_instances elif action == 'geni_restart': action_method = aggreate.restart_instances else: raise UnsupportedOperation(action) # fault if sliver is not full allocated (operational status is geni_pending_allocation) description = self.describe(urns, None, options) for sliver in description['geni_slivers']: if sliver['geni_operational_status'] == 'geni_pending_allocation': raise UnsupportedOperation( action, "Sliver must be fully allocated (operational status is not geni_pending_allocation)" ) # # Perform Operational Action Here # instances = aggregate.get_instances(urns) for instance in instances: tenant_name = self.driver.shell.auth_manager.client.tenant_name action_method(tenant_name, instance.name, instance.id) description = self.describe(urns) geni_slivers = self.describe(urns, None, options)['geni_slivers'] return geni_slivers def shutdown(self, xrn, options={}): xrn = OSXrn(xrn=xrn, type='slice') tenant_name = xrn.get_tenant_name() name = xrn.get_slicename() self.driver.shell.nova_manager.connect(tenant=tenant_name) instances = self.driver.shell.nova_manager.servers.findall(name=name) for instance in instances: self.driver.shell.nova_manager.servers.shutdown(instance) return True
class NovaDriver(Driver): # the cache instance is a class member so it survives across incoming requests cache = None def __init__ (self, api): Driver.__init__(self, api) config = api.config self.shell = Shell(config=config) self.cache=None if config.SFA_AGGREGATE_CACHING: if NovaDriver.cache is None: NovaDriver.cache = Cache() self.cache = NovaDriver.cache def sliver_to_slice_xrn(self, xrn): sliver_id_parts = Xrn(xrn).get_sliver_id_parts() slice = self.shell.auth_manager.tenants.find(id=sliver_id_parts[0]) if not slice: raise Forbidden("Unable to locate slice record for sliver: %s" % xrn) slice_xrn = OSXrn(name=slice.name, type='slice') return slice_xrn def check_sliver_credentials(self, creds, urns): # build list of cred object hrns slice_cred_names = [] for cred in creds: slice_cred_hrn = Credential(cred=cred).get_gid_object().get_hrn() slice_cred_names.append(OSXrn(xrn=slice_cred_hrn).get_slicename()) # look up slice name of slivers listed in urns arg slice_ids = [] for urn in urns: sliver_id_parts = Xrn(xrn=urn).get_sliver_id_parts() slice_ids.append(sliver_id_parts[0]) if not slice_ids: raise Forbidden("sliver urn not provided") sliver_names = [] for slice_id in slice_ids: slice = self.shell.auth_manager.tenants.find(slice_id) sliver_names.append(slice['name']) # make sure we have a credential for every specified sliver ierd for sliver_name in sliver_names: if sliver_name not in slice_cred_names: msg = "Valid credential not found for target: %s" % sliver_name raise Forbidden(msg) ######################################## ########## registry oriented ######################################## ########## disabled users def is_enabled (self, record): # all records are enabled return True def augment_records_with_testbed_info (self, sfa_records): return self.fill_record_info (sfa_records) ########## def register (self, sfa_record, hrn, pub_key): if sfa_record['type'] == 'slice': record = self.register_slice(sfa_record, hrn) elif sfa_record['type'] == 'user': record = self.register_user(sfa_record, hrn, pub_key) elif sfa_record['type'].startswith('authority'): record = self.register_authority(sfa_record, hrn) # We should be returning the records id as a pointer but # this is a string and the records table expects this to be an # int. #return record.id return -1 def register_slice(self, sfa_record, hrn): # add slice description, name, researchers, PI name = hrn_to_os_tenant_name(hrn) description = sfa_record.get('description', None) self.shell.auth_manager.tenants.create(name, description) tenant = self.shell.auth_manager.tenants.find(name=name) auth_hrn = OSXrn(xrn=hrn, type='slice').get_authority_hrn() parent_tenant_name = OSXrn(xrn=auth_hrn, type='slice').get_tenant_name() parent_tenant = self.shell.auth_manager.tenants.find(name=parent_tenant_name) researchers = sfa_record.get('researchers', []) for researcher in researchers: name = Xrn(researcher).get_leaf() user = self.shell.auth_manager.users.find(name=name) self.shell.auth_manager.roles.add_user_role(user, 'Member', tenant) self.shell.auth_manager.roles.add_user_role(user, 'user', tenant) pis = sfa_record.get('pis', []) for pi in pis: name = Xrn(pi).get_leaf() user = self.shell.auth_manager.users.find(name=name) self.shell.auth_manager.roles.add_user_role(user, 'pi', tenant) self.shell.auth_manager.roles.add_user_role(user, 'pi', parent_tenant) return tenant def register_user(self, sfa_record, hrn, pub_key): # add person roles, projects and keys email = sfa_record.get('email', None) xrn = Xrn(hrn) name = xrn.get_leaf() auth_hrn = xrn.get_authority_hrn() tenant_name = OSXrn(xrn=auth_hrn, type='authority').get_tenant_name() tenant = self.shell.auth_manager.tenants.find(name=tenant_name) self.shell.auth_manager.users.create(name, email=email, tenant_id=tenant.id) user = self.shell.auth_manager.users.find(name=name) slices = sfa_records.get('slices', []) for slice in projects: slice_tenant_name = OSXrn(xrn=slice, type='slice').get_tenant_name() slice_tenant = self.shell.auth_manager.tenants.find(name=slice_tenant_name) self.shell.auth_manager.roles.add_user_role(user, slice_tenant, 'user') keys = sfa_records.get('keys', []) for key in keys: keyname = OSXrn(xrn=hrn, type='user').get_slicename() self.shell.nova_client.keypairs.create(keyname, key) return user def register_authority(self, sfa_record, hrn): name = OSXrn(xrn=hrn, type='authority').get_tenant_name() self.shell.auth_manager.tenants.create(name, sfa_record.get('description', '')) tenant = self.shell.auth_manager.tenants.find(name=name) return tenant ########## # xxx actually old_sfa_record comes filled with plc stuff as well in the original code def update (self, old_sfa_record, new_sfa_record, hrn, new_key): type = new_sfa_record['type'] # new_key implemented for users only if new_key and type not in [ 'user' ]: raise UnknownSfaType(type) elif type == "slice": # can update project manager and description name = hrn_to_os_slicename(hrn) researchers = sfa_record.get('researchers', []) pis = sfa_record.get('pis', []) project_manager = None description = sfa_record.get('description', None) if pis: project_manager = Xrn(pis[0], 'user').get_leaf() elif researchers: project_manager = Xrn(researchers[0], 'user').get_leaf() self.shell.auth_manager.modify_project(name, project_manager, description) elif type == "user": # can techinally update access_key and secret_key, # but that is not in our scope, so we do nothing. pass return True ########## def remove (self, sfa_record): type=sfa_record['type'] if type == 'user': name = Xrn(sfa_record['hrn']).get_leaf() if self.shell.auth_manager.get_user(name): self.shell.auth_manager.delete_user(name) elif type == 'slice': name = hrn_to_os_slicename(sfa_record['hrn']) if self.shell.auth_manager.get_project(name): self.shell.auth_manager.delete_project(name) return True #################### def fill_record_info(self, records): """ Given a (list of) SFA record, fill in the PLC specific and SFA specific fields in the record. """ if not isinstance(records, list): records = [records] for record in records: if record['type'] == 'user': record = self.fill_user_record_info(record) elif record['type'] == 'slice': record = self.fill_slice_record_info(record) elif record['type'].startswith('authority'): record = self.fill_auth_record_info(record) else: continue record['geni_urn'] = hrn_to_urn(record['hrn'], record['type']) record['geni_certificate'] = record['gid'] #if os_record.created_at is not None: # record['date_created'] = datetime_to_string(utcparse(os_record.created_at)) #if os_record.updated_at is not None: # record['last_updated'] = datetime_to_string(utcparse(os_record.updated_at)) return records def fill_user_record_info(self, record): xrn = Xrn(record['hrn']) name = xrn.get_leaf() record['name'] = name user = self.shell.auth_manager.users.find(name=name) record['email'] = user.email tenant = self.shell.auth_manager.tenants.find(id=user.tenantId) slices = [] all_tenants = self.shell.auth_manager.tenants.list() for tmp_tenant in all_tenants: if tmp_tenant.name.startswith(tenant.name +"."): for tmp_user in tmp_tenant.list_users(): if tmp_user.name == user.name: slice_hrn = ".".join([self.hrn, tmp_tenant.name]) slices.append(slice_hrn) record['slices'] = slices roles = self.shell.auth_manager.roles.roles_for_user(user, tenant) record['roles'] = [role.name for role in roles] keys = self.shell.nova_manager.keypairs.findall(name=record['hrn']) record['keys'] = [key.public_key for key in keys] return record def fill_slice_record_info(self, record): tenant_name = hrn_to_os_tenant_name(record['hrn']) tenant = self.shell.auth_manager.tenants.find(name=tenant_name) parent_tenant_name = OSXrn(xrn=tenant_name).get_authority_hrn() parent_tenant = self.shell.auth_manager.tenants.find(name=parent_tenant_name) researchers = [] pis = [] # look for users and pis in slice tenant for user in tenant.list_users(): for role in self.shell.auth_manager.roles.roles_for_user(user, tenant): if role.name.lower() == 'pi': user_tenant = self.shell.auth_manager.tenants.find(id=user.tenantId) hrn = ".".join([self.hrn, user_tenant.name, user.name]) pis.append(hrn) elif role.name.lower() in ['user', 'member']: user_tenant = self.shell.auth_manager.tenants.find(id=user.tenantId) hrn = ".".join([self.hrn, user_tenant.name, user.name]) researchers.append(hrn) # look for pis in the slice's parent (site/organization) tenant for user in parent_tenant.list_users(): for role in self.shell.auth_manager.roles.roles_for_user(user, parent_tenant): if role.name.lower() == 'pi': user_tenant = self.shell.auth_manager.tenants.find(id=user.tenantId) hrn = ".".join([self.hrn, user_tenant.name, user.name]) pis.append(hrn) record['name'] = tenant_name record['description'] = tenant.description record['PI'] = pis if pis: record['geni_creator'] = pis[0] else: record['geni_creator'] = None record['researcher'] = researchers return record def fill_auth_record_info(self, record): tenant_name = hrn_to_os_tenant_name(record['hrn']) tenant = self.shell.auth_manager.tenants.find(name=tenant_name) researchers = [] pis = [] # look for users and pis in slice tenant for user in tenant.list_users(): for role in self.shell.auth_manager.roles.roles_for_user(user, tenant): hrn = ".".join([self.hrn, tenant.name, user.name]) if role.name.lower() == 'pi': pis.append(hrn) elif role.name.lower() in ['user', 'member']: researchers.append(hrn) # look for slices slices = [] all_tenants = self.shell.auth_manager.tenants.list() for tmp_tenant in all_tenants: if tmp_tenant.name.startswith(tenant.name+"."): slices.append(".".join([self.hrn, tmp_tenant.name])) record['name'] = tenant_name record['description'] = tenant.description record['PI'] = pis record['enabled'] = tenant.enabled record['researchers'] = researchers record['slices'] = slices return record #################### # plcapi works by changes, compute what needs to be added/deleted def update_relation (self, subject_type, target_type, subject_id, target_ids): # hard-wire the code for slice/user for now, could be smarter if needed if subject_type =='slice' and target_type == 'user': subject=self.shell.project_get(subject_id)[0] current_target_ids = [user.name for user in subject.members] add_target_ids = list ( set (target_ids).difference(current_target_ids)) del_target_ids = list ( set (current_target_ids).difference(target_ids)) logger.debug ("subject_id = %s (type=%s)"%(subject_id,type(subject_id))) for target_id in add_target_ids: self.shell.project_add_member(target_id,subject_id) logger.debug ("add_target_id = %s (type=%s)"%(target_id,type(target_id))) for target_id in del_target_ids: logger.debug ("del_target_id = %s (type=%s)"%(target_id,type(target_id))) self.shell.project_remove_member(target_id, subject_id) else: logger.info('unexpected relation to maintain, %s -> %s'%(subject_type,target_type)) ######################################## ########## aggregate oriented ######################################## def testbed_name (self): return "openstack" def aggregate_version (self): return {} # first 2 args are None in case of resource discovery def list_resources (self, version=None, options=None): if options is None: options={} aggregate = OSAggregate(self) rspec = aggregate.list_resources(version=version, options=options) return rspec def describe(self, urns, version=None, options=None): if options is None: options={} aggregate = OSAggregate(self) return aggregate.describe(urns, version=version, options=options) def status (self, urns, options=None): if options is None: options={} aggregate = OSAggregate(self) desc = aggregate.describe(urns) status = {'geni_urn': desc['geni_urn'], 'geni_slivers': desc['geni_slivers']} return status def allocate (self, urn, rspec_string, expiration, options=None): if options is None: options={} xrn = Xrn(urn) aggregate = OSAggregate(self) # assume first user is the caller and use their context # for the ec2/euca api connection. Also, use the first users # key as the project key. key_name = None if len(users) > 1: key_name = aggregate.create_instance_key(xrn.get_hrn(), users[0]) # collect public keys users = options.get('geni_users', []) pubkeys = [] for user in users: pubkeys.extend(user['keys']) rspec = RSpec(rspec_string) instance_name = hrn_to_os_slicename(slice_hrn) tenant_name = OSXrn(xrn=slice_hrn, type='slice').get_tenant_name() slivers = aggregate.run_instances(instance_name, tenant_name, \ rspec_string, key_name, pubkeys) # update all sliver allocation states setting then to geni_allocated sliver_ids = [sliver.id for sliver in slivers] dbsession=self.api.dbsession() SliverAllocation.set_allocations(sliver_ids, 'geni_provisioned',dbsession) return aggregate.describe(urns=[urn], version=rspec.version) def provision(self, urns, options=None): if options is None: options={} # update sliver allocation states and set them to geni_provisioned aggregate = OSAggregate(self) instances = aggregate.get_instances(urns) sliver_ids = [] for instance in instances: sliver_hrn = "%s.%s" % (self.driver.hrn, instance.id) sliver_ids.append(Xrn(sliver_hrn, type='sliver').urn) dbsession=self.api.dbsession() SliverAllocation.set_allocations(sliver_ids, 'geni_provisioned',dbsession) version_manager = VersionManager() rspec_version = version_manager.get_version(options['geni_rspec_version']) return self.describe(urns, rspec_version, options=options) def delete (self, urns, options=None): if options is None: options={} # collect sliver ids so we can update sliver allocation states after # we remove the slivers. aggregate = OSAggregate(self) instances = aggregate.get_instances(urns) sliver_ids = [] for instance in instances: sliver_hrn = "%s.%s" % (self.driver.hrn, instance.id) sliver_ids.append(Xrn(sliver_hrn, type='sliver').urn) # delete the instance aggregate.delete_instance(instance) # delete sliver allocation states dbsession=self.api.dbsession() SliverAllocation.delete_allocations(sliver_ids, dbsession) # return geni_slivers geni_slivers = [] for sliver_id in sliver_ids: geni_slivers.append( {'geni_sliver_urn': sliver['sliver_id'], 'geni_allocation_status': 'geni_unallocated', 'geni_expires': None}) return geni_slivers def renew (self, urns, expiration_time, options=None): if options is None: options={} description = self.describe(urns, None, options) return description['geni_slivers'] def perform_operational_action (self, urns, action, options=None): if options is None: options={} aggregate = OSAggregate(self) action = action.lower() if action == 'geni_start': action_method = aggregate.start_instances elif action == 'geni_stop': action_method = aggregate.stop_instances elif action == 'geni_restart': action_method = aggreate.restart_instances else: raise UnsupportedOperation(action) # fault if sliver is not full allocated (operational status is geni_pending_allocation) description = self.describe(urns, None, options) for sliver in description['geni_slivers']: if sliver['geni_operational_status'] == 'geni_pending_allocation': raise UnsupportedOperation(action, "Sliver must be fully allocated (operational status is not geni_pending_allocation)") # # Perform Operational Action Here # instances = aggregate.get_instances(urns) for instance in instances: tenant_name = self.driver.shell.auth_manager.client.tenant_name action_method(tenant_name, instance.name, instance.id) description = self.describe(urns) geni_slivers = self.describe(urns, None, options)['geni_slivers'] return geni_slivers def shutdown(self, xrn, options=None): if options is None: options={} xrn = OSXrn(xrn=xrn, type='slice') tenant_name = xrn.get_tenant_name() name = xrn.get_slicename() self.driver.shell.nova_manager.connect(tenant=tenant_name) instances = self.driver.shell.nova_manager.servers.findall(name=name) for instance in instances: self.driver.shell.nova_manager.servers.shutdown(instance) return True