def register_user(self, sfa_record, hrn, pub_key): # add person roles, projects and keys email = sfa_record.get('email', None) xrn = Xrn(hrn) name = xrn.get_leaf() auth_hrn = xrn.get_authority_hrn() tenant_name = OSXrn(xrn=auth_hrn, type='authority').get_tenant_name() tenant = self.shell.auth_manager.tenants.find(name=tenant_name) self.shell.auth_manager.users.create(name, email=email, tenant_id=tenant.id) user = self.shell.auth_manager.users.find(name=name) slices = sfa_records.get('slices', []) for slice in projects: slice_tenant_name = OSXrn(xrn=slice, type='slice').get_tenant_name() slice_tenant = self.shell.auth_manager.tenants.find( name=slice_tenant_name) self.shell.auth_manager.roles.add_user_role( user, slice_tenant, 'user') keys = sfa_records.get('keys', []) for key in keys: keyname = OSXrn(xrn=hrn, type='user').get_slicename() self.shell.nova_client.keypairs.create(keyname, key) return user
def register_slice(self, sfa_record, hrn): # add slice description, name, researchers, PI name = hrn_to_os_tenant_name(hrn) description = sfa_record.get('description', None) self.shell.auth_manager.tenants.create(name, description) tenant = self.shell.auth_manager.tenants.find(name=name) auth_hrn = OSXrn(xrn=hrn, type='slice').get_authority_hrn() parent_tenant_name = OSXrn(xrn=auth_hrn, type='slice').get_tenant_name() parent_tenant = self.shell.auth_manager.tenants.find( name=parent_tenant_name) researchers = sfa_record.get('researchers', []) for researcher in researchers: name = Xrn(researcher).get_leaf() user = self.shell.auth_manager.users.find(name=name) self.shell.auth_manager.roles.add_user_role(user, 'Member', tenant) self.shell.auth_manager.roles.add_user_role(user, 'user', tenant) pis = sfa_record.get('pis', []) for pi in pis: name = Xrn(pi).get_leaf() user = self.shell.auth_manager.users.find(name=name) self.shell.auth_manager.roles.add_user_role(user, 'pi', tenant) self.shell.auth_manager.roles.add_user_role( user, 'pi', parent_tenant) return tenant
def import_users(self, existing_hrns, existing_records): # Get all users users = self.shell.auth_manager.users.list() users_dict = {} keys_filename = self.config.config_path + os.sep + 'person_keys.py' old_user_keys = load_keys(keys_filename) user_keys = {} for user in users: auth_hrn = self.config.SFA_INTERFACE_HRN if user.tenantId is not None: tenant = self.shell.auth_manager.tenants.find(id=user.tenantId) auth_hrn = OSXrn(name=tenant.name, auth=self.config.SFA_INTERFACE_HRN, type='authority').get_hrn() hrn = OSXrn(name=user.name, auth=auth_hrn, type='user').get_hrn() users_dict[hrn] = user old_keys = old_user_keys.get(hrn, []) keyname = OSXrn(xrn=hrn, type='user').get_slicename() keys = [ k.public_key for k in self.shell.nova_manager.keypairs.findall(name=keyname) ] user_keys[hrn] = keys update_record = False if old_keys != keys: update_record = True if hrn not in existing_hrns or \ (hrn, 'user') not in existing_records or update_record: urn = OSXrn(xrn=hrn, type='user').get_urn() if keys: try: pkey = convert_public_key(keys[0]) except: self.logger.log_exc( 'unable to convert public key for %s' % hrn) pkey = Keypair(create=True) else: self.logger.warn( "OpenstackImporter: person %s does not have a PL public key" % hrn) pkey = Keypair(create=True) user_gid = self.auth_hierarchy.create_gid(urn, create_uuid(), pkey, email=user.email) user_record = RegUser() user_record.type = 'user' user_record.hrn = hrn user_record.gid = user_gid user_record.authority = get_authority(hrn) global_dbsession.add(user_record) global_dbsession.commit() self.logger.info("OpenstackImporter: imported person %s" % user_record) return users_dict, user_keys
def import_tenants(self, existing_hrns, existing_records): # Get all tenants # A tenant can represent an organizational group (site) or a # slice. If a tenant's authorty/parent matches the root authority it is # considered a group/site. All other tenants are considered slices. tenants = self.shell.auth_manager.tenants.list() tenants_dict = {} for tenant in tenants: hrn = self.config.SFA_INTERFACE_HRN + '.' + tenant.name tenants_dict[hrn] = tenant authority_hrn = OSXrn(xrn=hrn, type='authority').get_authority_hrn() if hrn in existing_hrns: continue if authority_hrn == self.config.SFA_INTERFACE_HRN: # import group/site record = RegAuthority() urn = OSXrn(xrn=hrn, type='authority').get_urn() if not self.auth_hierarchy.auth_exists(urn): self.auth_hierarchy.create_auth(urn) auth_info = self.auth_hierarchy.get_auth_info(urn) gid = auth_info.get_gid_object() record.type = 'authority' record.hrn = hrn record.gid = gid record.authority = get_authority(hrn) global_dbsession.add(record) global_dbsession.commit() self.logger.info("OpenstackImporter: imported authority: %s" % record) else: record = RegSlice() urn = OSXrn(xrn=hrn, type='slice').get_urn() pkey = Keypair(create=True) gid = self.auth_hierarchy.create_gid(urn, create_uuid(), pkey) record.type = 'slice' record.hrn = hrn record.gid = gid record.authority = get_authority(hrn) global_dbsession.add(record) global_dbsession.commit() self.logger.info("OpenstackImporter: imported slice: %s" % record) return tenants_dict
def check_sliver_credentials(self, creds, urns): # build list of cred object hrns slice_cred_names = [] for cred in creds: slice_cred_hrn = Credential(cred=cred).get_gid_object().get_hrn() slice_cred_names.append(OSXrn(xrn=slice_cred_hrn).get_slicename()) # look up slice name of slivers listed in urns arg slice_ids = [] for urn in urns: sliver_id_parts = Xrn(xrn=urn).get_sliver_id_parts() slice_ids.append(sliver_id_parts[0]) if not slice_ids: raise Forbidden("sliver urn not provided") sliver_names = [] for slice_id in slice_ids: slice = self.shell.auth_manager.tenants.find(slice_id) sliver_names.append(slice['name']) # make sure we have a credential for every specified sliver ierd for sliver_name in sliver_names: if sliver_name not in slice_cred_names: msg = "Valid credential not found for target: %s" % sliver_name raise Forbidden(msg)
def allocate(self, urn, rspec_string, expiration, options={}): xrn = Xrn(urn) aggregate = OSAggregate(self) # assume first user is the caller and use their context # for the ec2/euca api connection. Also, use the first users # key as the project key. key_name = None if len(users) > 1: key_name = aggregate.create_instance_key(xrn.get_hrn(), users[0]) # collect public keys users = options.get('geni_users', []) pubkeys = [] for user in users: pubkeys.extend(user['keys']) rspec = RSpec(rspec_string) instance_name = hrn_to_os_slicename(slice_hrn) tenant_name = OSXrn(xrn=slice_hrn, type='slice').get_tenant_name() slivers = aggregate.run_instances(instance_name, tenant_name, \ rspec_string, key_name, pubkeys) # update all sliver allocation states setting then to geni_allocated sliver_ids = [sliver.id for sliver in slivers] dbsession = self.api.dbsession() SliverAllocation.set_allocations(sliver_ids, 'geni_provisioned', dbsession) return aggregate.describe(urns=[urn], version=rspec.version)
def describe(self, urns, version=None, options={}): # update nova connection tenant_name = OSXrn(xrn=urns[0], type='slice').get_tenant_name() self.driver.shell.nova_manager.connect(tenant=tenant_name) instances = self.get_instances(urns) # lookup the sliver allocations sliver_ids = [sliver['sliver_id'] for sliver in slivers] constraint = SliverAllocation.sliver_id.in_(sliver_ids) sliver_allocations = self.driver.api.dbsession().query(SliverAllocation).filter(constraint) sliver_allocation_dict = {} for sliver_allocation in sliver_allocations: sliver_allocation_dict[sliver_allocation.sliver_id] = sliver_allocation geni_slivers = [] rspec_nodes = [] for instance in instances: rspec_nodes.append(self.instance_to_rspec_node(instance)) geni_sliver = self.instance_to_geni_sliver(instance, sliver_sllocation_dict) geni_slivers.append(geni_sliver) version_manager = VersionManager() version = version_manager.get_version(version) rspec_version = version_manager._get_version(version.type, version.version, 'manifest') rspec = RSpec(version=rspec_version, user_options=options) rspec.xml.set('expires', datetime_to_string(utcparse(time.time()))) rspec.version.add_nodes(rspec_nodes) result = {'geni_urn': Xrn(urns[0]).get_urn(), 'geni_rspec': rspec.toxml(), 'geni_slivers': geni_slivers} return result
def get_aggregate_nodes(self): zones = self.get_availability_zones() # available sliver/instance/vm types instances = self.driver.shell.nova_manager.flavors.list() if isinstance(instances, dict): instances = instances.values() # available images images = self.driver.shell.image_manager.get_images_detailed() disk_images = [image_to_rspec_disk_image(img) for img in images if img['container_format'] in ['ami', 'ovf']] rspec_nodes = [] for zone in zones: rspec_node = Node() xrn = OSXrn(zone, type='node') rspec_node['component_id'] = xrn.urn rspec_node['component_name'] = xrn.name rspec_node['component_manager_id'] = Xrn(self.driver.hrn, 'authority+cm').get_urn() rspec_node['exclusive'] = 'false' rspec_node['hardware_types'] = [HardwareType({'name': 'plos-pc'}), HardwareType({'name': 'pc'})] slivers = [] for instance in instances: sliver = self.instance_to_sliver(instance) sliver['disk_image'] = disk_images slivers.append(sliver) rspec_node['available'] = 'true' rspec_node['slivers'] = slivers rspec_nodes.append(rspec_node) return rspec_nodes
def sliver_to_slice_xrn(self, xrn): sliver_id_parts = Xrn(xrn).get_sliver_id_parts() slice = self.shell.auth_manager.tenants.find(id=sliver_id_parts[0]) if not slice: raise Forbidden("Unable to locate slice record for sliver: %s" % xrn) slice_xrn = OSXrn(name=slice.name, type='slice') return slice_xrn
def shutdown(self, xrn, options={}): xrn = OSXrn(xrn=xrn, type='slice') tenant_name = xrn.get_tenant_name() name = xrn.get_slicename() self.driver.shell.nova_manager.connect(tenant=tenant_name) instances = self.driver.shell.nova_manager.servers.findall(name=name) for instance in instances: self.driver.shell.nova_manager.servers.shutdown(instance) return True
def fill_slice_record_info(self, record): tenant_name = hrn_to_os_tenant_name(record['hrn']) tenant = self.shell.auth_manager.tenants.find(name=tenant_name) parent_tenant_name = OSXrn(xrn=tenant_name).get_authority_hrn() parent_tenant = self.shell.auth_manager.tenants.find( name=parent_tenant_name) researchers = [] pis = [] # look for users and pis in slice tenant for user in tenant.list_users(): for role in self.shell.auth_manager.roles.roles_for_user( user, tenant): if role.name.lower() == 'pi': user_tenant = self.shell.auth_manager.tenants.find( id=user.tenantId) hrn = ".".join([self.hrn, user_tenant.name, user.name]) pis.append(hrn) elif role.name.lower() in ['user', 'member']: user_tenant = self.shell.auth_manager.tenants.find( id=user.tenantId) hrn = ".".join([self.hrn, user_tenant.name, user.name]) researchers.append(hrn) # look for pis in the slice's parent (site/organization) tenant for user in parent_tenant.list_users(): for role in self.shell.auth_manager.roles.roles_for_user( user, parent_tenant): if role.name.lower() == 'pi': user_tenant = self.shell.auth_manager.tenants.find( id=user.tenantId) hrn = ".".join([self.hrn, user_tenant.name, user.name]) pis.append(hrn) record['name'] = tenant_name record['description'] = tenant.description record['PI'] = pis if pis: record['geni_creator'] = pis[0] else: record['geni_creator'] = None record['researcher'] = researchers return record
def get_instances(self, urns): # parse slice names and sliver ids names = set() ids = set() for urn in urns: xrn = OSXrn(xrn=urn) if xrn.type == 'slice': names.add(xrn.get_slice_name()) elif xrn.type == 'sliver': ids.add(xrn.leaf) # look up instances instances = [] filter = {} if names: filter['name'] = names if ids: filter['id'] = ids servers = self.driver.shell.nova_manager.servers.findall(**filter) instances.extend(servers) return instances
def register_authority(self, sfa_record, hrn): name = OSXrn(xrn=hrn, type='authority').get_tenant_name() self.shell.auth_manager.tenants.create( name, sfa_record.get('description', '')) tenant = self.shell.auth_manager.tenants.find(name=name) return tenant
def instance_to_rspec_node(self, instance): # determine node urn node_xrn = instance.metadata.get('component_id') if not node_xrn: node_xrn = OSXrn('cloud', type='node') else: node_xrn = OSXrn(xrn=node_xrn, type='node') rspec_node = Node() rspec_node['component_id'] = node_xrn.urn rspec_node['component_name'] = node_xrn.name rspec_node['component_manager_id'] = Xrn(self.driver.hrn, 'authority+cm').get_urn() rspec_node['sliver_id'] = OSXrn(name=instance.name, type='slice', id=instance.id).get_urn() if instance.metadata.get('client_id'): rspec_node['client_id'] = instance.metadata.get('client_id') # get sliver details flavor = self.driver.shell.nova_manager.flavors.find(id=instance.flavor['id']) sliver = self.instance_to_sliver(flavor) # get firewall rules fw_rules = [] group_name = instance.metadata.get('security_groups') if group_name: group = self.driver.shell.nova_manager.security_groups.find(name=group_name) for rule in group.rules: port_range ="%s:%s" % (rule['from_port'], rule['to_port']) fw_rule = FWRule({'protocol': rule['ip_protocol'], 'port_range': port_range, 'cidr_ip': rule['ip_range']['cidr']}) fw_rules.append(fw_rule) sliver['fw_rules'] = fw_rules rspec_node['slivers'] = [sliver] # get disk image image = self.driver.shell.image_manager.get_images(id=instance.image['id']) if isinstance(image, list) and len(image) > 0: image = image[0] disk_image = image_to_rspec_disk_image(image) sliver['disk_image'] = [disk_image] # get interfaces rspec_node['services'] = [] rspec_node['interfaces'] = [] addresses = instance.addresses # HACK: public ips are stored in the list of private, but # this seems wrong. Assume pub ip is the last in the list of # private ips until openstack bug is fixed. if addresses.get('private'): login = Login({'authentication': 'ssh-keys', 'hostname': addresses.get('private')[-1]['addr'], 'port':'22', 'username': '******'}) service = Services({'login': login}) rspec_node['services'].append(service) for private_ip in addresses.get('private', []): if_xrn = PlXrn(auth=self.driver.hrn, interface='node%s' % (instance.hostId)) if_client_id = Xrn(if_xrn.urn, type='interface', id="eth%s" %if_index).urn if_sliver_id = Xrn(rspec_node['sliver_id'], type='slice', id="eth%s" %if_index).urn interface = Interface({'component_id': if_xrn.urn, 'client_id': if_client_id, 'sliver_id': if_sliver_id}) interface['ips'] = [{'address': private_ip['addr'], #'netmask': private_ip['network'], 'type': private_ip['version']}] rspec_node['interfaces'].append(interface) # slivers always provide the ssh service for public_ip in addresses.get('public', []): login = Login({'authentication': 'ssh-keys', 'hostname': public_ip['addr'], 'port':'22', 'username': '******'}) service = Services({'login': login}) rspec_node['services'].append(service) return rspec_node