def create(name, rec=None): ''' Create dirs, copy fs image, lxc_create ''' logger.verbose('sliver_lxc: {} create'.format(name)) conn = Sliver_Libvirt.getConnection(Sliver_LXC.TYPE) vref = rec['vref'] if vref is None: vref = "lxc-f24-x86_64" logger.log("sliver_libvirt: {}: WARNING - no vref attached, using hard-wired default {}" .format(name, vref)) # compute guest arch from vref # essentially we want x86_64 (default) or i686 here for libvirt try: (x, y, arch) = vref.split('-') arch = "x86_64" if arch.find("64") >= 0 else "i686" except: arch = 'x86_64' # Get the type of image from vref myplc tags specified as: # pldistro = lxc # fcdistro = squeeze # arch x86_64 arch = 'x86_64' tags = rec['rspec']['tags'] if 'arch' in tags: arch = tags['arch'] if arch == 'i386': arch = 'i686' refImgDir = os.path.join(Sliver_LXC.REF_IMG_BASE_DIR, vref) containerDir = os.path.join(Sliver_LXC.CON_BASE_DIR, name) # check the template exists -- there's probably a better way.. if not os.path.isdir(refImgDir): logger.log('sliver_lxc: {}: ERROR Could not create sliver - reference image {} not found' .format(name, vref)) logger.log('sliver_lxc: {}: ERROR Expected reference image in {}'.format(name, refImgDir)) return # during some time this fragment had been commented out # but we're seeing cases where this code might actually be useful, so.. # this hopefully should be fixed now # # in fedora20 we have some difficulty in properly cleaning up /vservers/<slicename> # # also note that running e.g. btrfs subvolume create /vservers/.lvref/image /vservers/foo # # behaves differently, whether /vservers/foo exists or not: # # if /vservers/foo does not exist, it creates /vservers/foo # # but if it does exist, then it creates /vservers/foo/image !! # # so we need to check the expected container rootfs does not exist yet # # this hopefully could be removed in a future release if os.path.exists (containerDir): logger.log("sliver_lxc: {}: WARNING cleaning up pre-existing {}".format(name, containerDir)) command = ['btrfs', 'subvolume', 'delete', containerDir] logger.log_call(command, BTRFS_TIMEOUT) # re-check if os.path.exists (containerDir): logger.log('sliver_lxc: {}: ERROR Could not create sliver - could not clean up empty {}' .format(name, containerDir)) return # Snapshot the reference image fs # this assumes the reference image is in its own subvolume command = ['btrfs', 'subvolume', 'snapshot', refImgDir, containerDir] if not logger.log_call(command, timeout=BTRFS_TIMEOUT): logger.log('sliver_lxc: ERROR Could not create BTRFS snapshot at {}' .format(containerDir)) return command = ['chmod', '755', containerDir] logger.log_call(command) # TODO: set quotas... # Set hostname. A valid hostname cannot have '_' #with open(os.path.join(containerDir, 'etc/hostname'), 'w') as f: # print >>f, name.replace('_', '-') # Add slices group if not already present try: group = grp.getgrnam('slices') except: command = ['/usr/sbin/groupadd', 'slices'] logger.log_call(command) # Add unix account (TYPE is specified in the subclass) command = ['/usr/sbin/useradd', '-g', 'slices', '-s', Sliver_LXC.SHELL, name, '-p', '*'] logger.log_call(command) command = ['mkdir', '/home/{}/.ssh'.format(name)] logger.log_call(command) # Create PK pair keys to connect from the host to the guest without # password... maybe remove the need for authentication inside the # guest? command = ['su', '-s', '/bin/bash', '-c', 'ssh-keygen -t rsa -N "" -f /home/{}/.ssh/id_rsa'.format(name)] logger.log_call(command) command = ['chown', '-R', '{}:slices'.format(name), '/home/{}/.ssh'.format(name)] logger.log_call(command) command = ['mkdir', '{}/root/.ssh'.format(containerDir)] logger.log_call(command) command = ['cp', '/home/{}/.ssh/id_rsa.pub'.format(name), '{}/root/.ssh/authorized_keys'.format(containerDir)] logger.log_call(command) logger.log("creating /etc/slicename file in {}".format(os.path.join(containerDir, 'etc/slicename'))) try: with open(os.path.join(containerDir, 'etc/slicename'), 'w') as f: f.write(name) except: logger.log_exc("exception while creating /etc/slicename") try: with open(os.path.join(containerDir, 'etc/slicefamily'), 'w') as f: f.write(vref) except: logger.log_exc("exception while creating /etc/slicefamily") uid = None try: uid = getpwnam(name).pw_uid except KeyError: # keyerror will happen if user id was not created successfully logger.log_exc("exception while getting user id") if uid is not None: logger.log("uid is {}".format(uid)) command = ['mkdir', '{}/home/{}'.format(containerDir, name)] logger.log_call(command) command = ['chown', name, '{}/home/{}'.format(containerDir, name)] logger.log_call(command) etcpasswd = os.path.join(containerDir, 'etc/passwd') etcgroup = os.path.join(containerDir, 'etc/group') if os.path.exists(etcpasswd): # create all accounts with gid=1001 - i.e. 'slices' like it is in the root context slices_gid = 1001 logger.log("adding user {name} id {uid} gid {slices_gid} to {etcpasswd}" .format(**(locals()))) try: with open(etcpasswd, 'a') as passwdfile: passwdfile.write("{name}:x:{uid}:{slices_gid}::/home/{name}:/bin/bash\n" .format(**locals())) except: logger.log_exc("exception while updating {}".format(etcpasswd)) logger.log("adding group slices with gid {slices_gid} to {etcgroup}" .format(**locals())) try: with open(etcgroup, 'a') as groupfile: groupfile.write("slices:x:{slices_gid}\n" .format(**locals())) except: logger.log_exc("exception while updating {}".format(etcgroup)) sudoers = os.path.join(containerDir, 'etc/sudoers') if os.path.exists(sudoers): try: with open(sudoers, 'a') as f: f.write("{} ALL=(ALL) NOPASSWD: ALL\n".format(name)) except: logger.log_exc("exception while updating /etc/sudoers") # customizations for the user environment - root or slice uid # we save the whole business in /etc/planetlab.profile # and source this file for both root and the slice uid's .profile # prompt for slice owner, + LD_PRELOAD for transparently wrap bind pl_profile = os.path.join(containerDir, "etc/planetlab.profile") ld_preload_text = """# by default, we define this setting so that calls to bind(2), # when invoked on 0.0.0.0, get transparently redirected to the public interface of this node # see https://svn.planet-lab.org/wiki/LxcPortForwarding""" usrmove_path_text = """# VM's before Features/UsrMove need /bin and /sbin in their PATH""" usrmove_path_code = """ pathmunge () { if ! echo $PATH | /bin/egrep -q "(^|:)$1($|:)" ; then if [ "$2" = "after" ] ; then PATH=$PATH:$1 else PATH=$1:$PATH fi fi } pathmunge /bin after pathmunge /sbin after unset pathmunge """ with open(pl_profile, 'w') as f: f.write("export PS1='{}@\H \$ '\n".format(name)) f.write("{}\n".format(ld_preload_text)) f.write("if [ -e /etc/planetlab/lib/bind_public.so ] ; then # Only preload bind_public if it exists.\n") f.write(" export LD_PRELOAD=/etc/planetlab/lib/bind_public.so\n") f.write("fi\n") f.write("{}\n".format(usrmove_path_text)) f.write("{}\n".format(usrmove_path_code)) # make sure this file is sourced from both root's and slice's .profile enforced_line = "[ -f /etc/planetlab.profile ] && source /etc/planetlab.profile\n" for path in [ 'root/.profile', 'home/{}/.profile'.format(name) ]: from_root = os.path.join(containerDir, path) # if dir is not yet existing let's forget it for now if not os.path.isdir(os.path.dirname(from_root)): continue found = False try: with open(from_root) as f: contents = f.readlines() for content in contents: if content == enforced_line: found = True except IOError: pass if not found: with open(from_root, "a") as user_profile: user_profile.write(enforced_line) # in case we create the slice's .profile when writing if from_root.find("/home") >= 0: command = ['chown', '{}:slices'.format(name), from_root] logger.log_call(command) # Lookup for xid and create template after the user is created so we # can get the correct xid based on the name of the slice xid = bwlimit.get_xid(name) # Template for libvirt sliver configuration template_filename_sliceimage = os.path.join(Sliver_LXC.REF_IMG_BASE_DIR, 'lxc_template.xml') if os.path.isfile(template_filename_sliceimage): logger.verbose("Using XML template {}".format(template_filename_sliceimage)) template_filename = template_filename_sliceimage else: logger.log("Cannot find XML template {}".format(template_filename_sliceimage)) return interfaces = Sliver_Libvirt.get_interfaces_xml(rec) try: with open(template_filename) as f: template = Template(f.read()) xml = template.substitute(name=name, xid=xid, interfaces=interfaces, arch=arch) except IOError: logger.log('Failed to parse or use XML template file {}'.format(template_filename)) return # Lookup for the sliver before actually # defining it, just in case it was already defined. try: dom = conn.lookupByName(name) except: dom = conn.defineXML(xml) logger.verbose('lxc_create: {} -> {}'.format(name, Sliver_Libvirt.dom_details(dom)))
def create(name, rec=None): ''' Create dirs, copy fs image, lxc_create ''' logger.verbose('sliver_lxc: %s create' % (name)) conn = Sliver_Libvirt.getConnection(Sliver_LXC.TYPE) # Get the type of image from vref myplc tags specified as: # pldistro = lxc # fcdistro = squeeze # arch x86_64 arch = 'x86_64' tags = rec['rspec']['tags'] if 'arch' in tags: arch = tags['arch'] if arch == 'i386': arch = 'i686' vref = rec['vref'] if vref is None: vref = "lxc-f14-x86_64" logger.log( "sliver_libvirt: %s: WARNING - no vref attached, using hard-wired default %s" % (name, vref)) refImgDir = os.path.join(Sliver_LXC.REF_IMG_BASE_DIR, vref) containerDir = os.path.join(Sliver_LXC.CON_BASE_DIR, name) # check the template exists -- there's probably a better way.. if not os.path.isdir(refImgDir): logger.log( 'sliver_lxc: %s: ERROR Could not create sliver - reference image %s not found' % (name, vref)) logger.log('sliver_lxc: %s: ERROR Expected reference image in %s' % (name, refImgDir)) return # Snapshot the reference image fs (assume the reference image is in its own # subvolume) command = ['btrfs', 'subvolume', 'snapshot', refImgDir, containerDir] if not logger.log_call(command, timeout=15 * 60): logger.log('sliver_lxc: ERROR Could not create BTRFS snapshot at', containerDir) return command = ['chmod', '755', containerDir] logger.log_call(command, timeout=15 * 60) # TODO: set quotas... # Set hostname. A valid hostname cannot have '_' #with open(os.path.join(containerDir, 'etc/hostname'), 'w') as f: # print >>f, name.replace('_', '-') # Add slices group if not already present try: group = grp.getgrnam('slices') except: command = ['/usr/sbin/groupadd', 'slices'] logger.log_call(command, timeout=15 * 60) # Add unix account (TYPE is specified in the subclass) command = [ '/usr/sbin/useradd', '-g', 'slices', '-s', Sliver_LXC.SHELL, name, '-p', '*' ] logger.log_call(command, timeout=15 * 60) command = ['mkdir', '/home/%s/.ssh' % name] logger.log_call(command, timeout=15 * 60) # Create PK pair keys to connect from the host to the guest without # password... maybe remove the need for authentication inside the # guest? command = [ 'su', '-s', '/bin/bash', '-c', 'ssh-keygen -t rsa -N "" -f /home/%s/.ssh/id_rsa' % (name) ] logger.log_call(command, timeout=60) command = ['chown', '-R', '%s.slices' % name, '/home/%s/.ssh' % name] logger.log_call(command, timeout=30) command = ['mkdir', '%s/root/.ssh' % containerDir] logger.log_call(command, timeout=10) command = [ 'cp', '/home/%s/.ssh/id_rsa.pub' % name, '%s/root/.ssh/authorized_keys' % containerDir ] logger.log_call(command, timeout=30) logger.log("creating /etc/slicename file in %s" % os.path.join(containerDir, 'etc/slicename')) try: file(os.path.join(containerDir, 'etc/slicename'), 'w').write(name) except: logger.log_exc("exception while creating /etc/slicename") try: file(os.path.join(containerDir, 'etc/slicefamily'), 'w').write(vref) except: logger.log_exc("exception while creating /etc/slicefamily") uid = None try: uid = getpwnam(name).pw_uid except KeyError: # keyerror will happen if user id was not created successfully logger.log_exc("exception while getting user id") if uid is not None: logger.log("uid is %d" % uid) command = ['mkdir', '%s/home/%s' % (containerDir, name)] logger.log_call(command, timeout=10) command = ['chown', name, '%s/home/%s' % (containerDir, name)] logger.log_call(command, timeout=10) etcpasswd = os.path.join(containerDir, 'etc/passwd') etcgroup = os.path.join(containerDir, 'etc/group') if os.path.exists(etcpasswd): # create all accounts with gid=1001 - i.e. 'slices' like it is in the root context slices_gid = 1001 logger.log( "adding user %(name)s id %(uid)d gid %(slices_gid)d to %(etcpasswd)s" % (locals())) try: file(etcpasswd, 'a').write( "%(name)s:x:%(uid)d:%(slices_gid)d::/home/%(name)s:/bin/bash\n" % locals()) except: logger.log_exc("exception while updating %s" % etcpasswd) logger.log( "adding group slices with gid %(slices_gid)d to %(etcgroup)s" % locals()) try: file(etcgroup, 'a').write("slices:x:%(slices_gid)d\n" % locals()) except: logger.log_exc("exception while updating %s" % etcgroup) sudoers = os.path.join(containerDir, 'etc/sudoers') if os.path.exists(sudoers): try: file(sudoers, 'a').write("%s ALL=(ALL) NOPASSWD: ALL\n" % name) except: logger.log_exc("exception while updating /etc/sudoers") # customizations for the user environment - root or slice uid # we save the whole business in /etc/planetlab.profile # and source this file for both root and the slice uid's .profile # prompt for slice owner, + LD_PRELOAD for transparently wrap bind pl_profile = os.path.join(containerDir, "etc/planetlab.profile") ld_preload_text = """# by default, we define this setting so that calls to bind(2), # when invoked on 0.0.0.0, get transparently redirected to the public interface of this node # see https://svn.planet-lab.org/wiki/LxcPortForwarding""" usrmove_path_text = """# VM's before Features/UsrMove need /bin and /sbin in their PATH""" usrmove_path_code = """ pathmunge () { if ! echo $PATH | /bin/egrep -q "(^|:)$1($|:)" ; then if [ "$2" = "after" ] ; then PATH=$PATH:$1 else PATH=$1:$PATH fi fi } pathmunge /bin after pathmunge /sbin after unset pathmunge """ with open(pl_profile, 'w') as f: f.write("export PS1='%s@\H \$ '\n" % (name)) f.write("%s\n" % ld_preload_text) f.write("export LD_PRELOAD=/etc/planetlab/lib/bind_public.so\n") f.write("%s\n" % usrmove_path_text) f.write("%s\n" % usrmove_path_code) # make sure this file is sourced from both root's and slice's .profile enforced_line = "[ -f /etc/planetlab.profile ] && source /etc/planetlab.profile\n" for path in ['root/.profile', 'home/%s/.profile' % name]: from_root = os.path.join(containerDir, path) # if dir is not yet existing let's forget it for now if not os.path.isdir(os.path.dirname(from_root)): continue found = False try: contents = file(from_root).readlines() for content in contents: if content == enforced_line: found = True except IOError: pass if not found: with open(from_root, "a") as user_profile: user_profile.write(enforced_line) # in case we create the slice's .profile when writing if from_root.find("/home") >= 0: command = ['chown', '%s:slices' % name, from_root] logger.log_call(command, timeout=5) # Lookup for xid and create template after the user is created so we # can get the correct xid based on the name of the slice xid = bwlimit.get_xid(name) # Template for libvirt sliver configuration template_filename_sliceimage = os.path.join( Sliver_LXC.REF_IMG_BASE_DIR, 'lxc_template.xml') if os.path.isfile(template_filename_sliceimage): logger.log("WARNING: using compat template %s" % template_filename_sliceimage) template_filename = template_filename_sliceimage else: logger.log("Cannot find XML template %s" % template_filename_sliceimage) return interfaces = Sliver_Libvirt.get_interfaces_xml(rec) try: with open(template_filename) as f: template = Template(f.read()) xml = template.substitute(name=name, xid=xid, interfaces=interfaces, arch=arch) except IOError: logger.log('Failed to parse or use XML template file %s' % template_filename) return # Lookup for the sliver before actually # defining it, just in case it was already defined. try: dom = conn.lookupByName(name) except: dom = conn.defineXML(xml) logger.verbose('lxc_create: %s -> %s' % (name, Sliver_Libvirt.debuginfo(dom)))
def create(name, rec=None): ''' Create dirs, copy fs image, lxc_create ''' logger.verbose ('sliver_lxc: %s create'%(name)) conn = Sliver_Libvirt.getConnection(Sliver_LXC.TYPE) # Get the type of image from vref myplc tags specified as: # pldistro = lxc # fcdistro = squeeze # arch x86_64 arch = 'x86_64' tags = rec['rspec']['tags'] if 'arch' in tags: arch = tags['arch'] if arch == 'i386': arch = 'i686' vref = rec['vref'] if vref is None: vref = "lxc-f14-x86_64" logger.log("sliver_libvirt: %s: WARNING - no vref attached, using hard-wired default %s" % (name,vref)) refImgDir = os.path.join(Sliver_LXC.REF_IMG_BASE_DIR, vref) containerDir = os.path.join(Sliver_LXC.CON_BASE_DIR, name) # check the template exists -- there's probably a better way.. if not os.path.isdir(refImgDir): logger.log('sliver_lxc: %s: ERROR Could not create sliver - reference image %s not found' % (name,vref)) logger.log('sliver_lxc: %s: ERROR Expected reference image in %s'%(name,refImgDir)) return # Snapshot the reference image fs (assume the reference image is in its own # subvolume) command = ['btrfs', 'subvolume', 'snapshot', refImgDir, containerDir] if not logger.log_call(command, timeout=15*60): logger.log('sliver_lxc: ERROR Could not create BTRFS snapshot at', containerDir) return command = ['chmod', '755', containerDir] logger.log_call(command, timeout=15*60) # TODO: set quotas... # Set hostname. A valid hostname cannot have '_' #with open(os.path.join(containerDir, 'etc/hostname'), 'w') as f: # print >>f, name.replace('_', '-') # Add slices group if not already present try: group = grp.getgrnam('slices') except: command = ['/usr/sbin/groupadd', 'slices'] logger.log_call(command, timeout=15*60) # Add unix account (TYPE is specified in the subclass) command = ['/usr/sbin/useradd', '-g', 'slices', '-s', Sliver_LXC.SHELL, name, '-p', '*'] logger.log_call(command, timeout=15*60) command = ['mkdir', '/home/%s/.ssh'%name] logger.log_call(command, timeout=15*60) # Create PK pair keys to connect from the host to the guest without # password... maybe remove the need for authentication inside the # guest? command = ['su', '-s', '/bin/bash', '-c', 'ssh-keygen -t rsa -N "" -f /home/%s/.ssh/id_rsa'%(name)] logger.log_call(command, timeout=60) command = ['chown', '-R', '%s.slices'%name, '/home/%s/.ssh'%name] logger.log_call(command, timeout=30) command = ['mkdir', '%s/root/.ssh'%containerDir] logger.log_call(command, timeout=10) command = ['cp', '/home/%s/.ssh/id_rsa.pub'%name, '%s/root/.ssh/authorized_keys'%containerDir] logger.log_call(command, timeout=30) logger.log("creating /etc/slicename file in %s" % os.path.join(containerDir,'etc/slicename')) try: file(os.path.join(containerDir,'etc/slicename'), 'w').write(name) except: logger.log_exc("exception while creating /etc/slicename") try: file(os.path.join(containerDir,'etc/slicefamily'), 'w').write(vref) except: logger.log_exc("exception while creating /etc/slicefamily") uid = None try: uid = getpwnam(name).pw_uid except KeyError: # keyerror will happen if user id was not created successfully logger.log_exc("exception while getting user id") if uid is not None: logger.log("uid is %d" % uid) command = ['mkdir', '%s/home/%s' % (containerDir, name)] logger.log_call(command, timeout=10) command = ['chown', name, '%s/home/%s' % (containerDir, name)] logger.log_call(command, timeout=10) etcpasswd = os.path.join(containerDir, 'etc/passwd') etcgroup = os.path.join(containerDir, 'etc/group') if os.path.exists(etcpasswd): # create all accounts with gid=1001 - i.e. 'slices' like it is in the root context slices_gid=1001 logger.log("adding user %(name)s id %(uid)d gid %(slices_gid)d to %(etcpasswd)s" % (locals())) try: file(etcpasswd,'a').write("%(name)s:x:%(uid)d:%(slices_gid)d::/home/%(name)s:/bin/bash\n" % locals()) except: logger.log_exc("exception while updating %s"%etcpasswd) logger.log("adding group slices with gid %(slices_gid)d to %(etcgroup)s"%locals()) try: file(etcgroup,'a').write("slices:x:%(slices_gid)d\n"%locals()) except: logger.log_exc("exception while updating %s"%etcgroup) sudoers = os.path.join(containerDir, 'etc/sudoers') if os.path.exists(sudoers): try: file(sudoers,'a').write("%s ALL=(ALL) NOPASSWD: ALL\n" % name) except: logger.log_exc("exception while updating /etc/sudoers") # customizations for the user environment - root or slice uid # we save the whole business in /etc/planetlab.profile # and source this file for both root and the slice uid's .profile # prompt for slice owner, + LD_PRELOAD for transparently wrap bind pl_profile=os.path.join(containerDir,"etc/planetlab.profile") ld_preload_text="""# by default, we define this setting so that calls to bind(2), # when invoked on 0.0.0.0, get transparently redirected to the public interface of this node # see https://svn.planet-lab.org/wiki/LxcPortForwarding""" usrmove_path_text="""# VM's before Features/UsrMove need /bin and /sbin in their PATH""" usrmove_path_code=""" pathmunge () { if ! echo $PATH | /bin/egrep -q "(^|:)$1($|:)" ; then if [ "$2" = "after" ] ; then PATH=$PATH:$1 else PATH=$1:$PATH fi fi } pathmunge /bin after pathmunge /sbin after unset pathmunge """ with open(pl_profile,'w') as f: f.write("export PS1='%s@\H \$ '\n"%(name)) f.write("%s\n"%ld_preload_text) f.write("export LD_PRELOAD=/etc/planetlab/lib/bind_public.so\n") f.write("%s\n"%usrmove_path_text) f.write("%s\n"%usrmove_path_code) # make sure this file is sourced from both root's and slice's .profile enforced_line = "[ -f /etc/planetlab.profile ] && source /etc/planetlab.profile\n" for path in [ 'root/.profile', 'home/%s/.profile'%name ]: from_root=os.path.join(containerDir,path) # if dir is not yet existing let's forget it for now if not os.path.isdir(os.path.dirname(from_root)): continue found=False try: contents=file(from_root).readlines() for content in contents: if content==enforced_line: found=True except IOError: pass if not found: with open(from_root,"a") as user_profile: user_profile.write(enforced_line) # in case we create the slice's .profile when writing if from_root.find("/home")>=0: command=['chown','%s:slices'%name,from_root] logger.log_call(command,timeout=5) # Lookup for xid and create template after the user is created so we # can get the correct xid based on the name of the slice xid = bwlimit.get_xid(name) # Template for libvirt sliver configuration template_filename_sliceimage = os.path.join(Sliver_LXC.REF_IMG_BASE_DIR,'lxc_template.xml') if os.path.isfile (template_filename_sliceimage): logger.log("WARNING: using compat template %s"%template_filename_sliceimage) template_filename=template_filename_sliceimage else: logger.log("Cannot find XML template %s"%template_filename_sliceimage) return interfaces = Sliver_Libvirt.get_interfaces_xml(rec) try: with open(template_filename) as f: template = Template(f.read()) xml = template.substitute(name=name, xid=xid, interfaces=interfaces, arch=arch) except IOError: logger.log('Failed to parse or use XML template file %s'%template_filename) return # Lookup for the sliver before actually # defining it, just in case it was already defined. try: dom = conn.lookupByName(name) except: dom = conn.defineXML(xml) logger.verbose('lxc_create: %s -> %s'%(name, Sliver_Libvirt.debuginfo(dom)))