Changeset b6a6206 for fedd

Timestamp:

Oct 6, 2011 3:58:02 PM (13 years ago)

Author:

Ted Faber <faber@…>

Branches:

compt_changes, info-ops, master

Children:

3df9b33

Parents:

2933343 (diff), f3898f7 (diff)
Note: this is a merge changeset, the changes displayed below correspond to the merge itself.
Use the (diff) links above to see all the changes relative to each parent.

Message:

Merge branch 'master' of ​git://fedd.deterlab.net/fedd

Location:

fedd

Files:

• access_to_abac.py (modified) (2 diffs)
• exp_access_db.py (modified) (2 diffs)
• fedd_to_abac.py (modified) (3 diffs)
• federation/emulab_access.py (modified) (8 diffs)
• federation/emulab_segment.py (modified) (2 diffs)
• federation/local_emulab_segment.py (modified) (3 diffs)
• federation/proxy_emulab_segment.py (modified) (6 diffs)

fedd/access_to_abac.py

@@ -82 +82 @@
     '''
     right_side_str = '\s*,\s*\(\s*%s\s*,\s*%s\s*,\s*%s\s*\)' % \
-            (id_same_str, id_same_str,id_same_str)
+            (proj_same_str, id_same_str,id_same_str)
 
     m = re.match(right_side_str, l)
@@ -319 +319 @@
 fedid_str = 'fedid:([0-9a-fA-F]{40})'
 id_str = '[a-zA-Z][\w_-]*'
+proj_str = '[a-zA-Z][\w_/-]*'
 path_str = '[a-zA-Z_/\.-]+'
 id_any_str = '(%s|<any>)' % id_str
+proj_any_str = '(%s|<any>)' % proj_str
 id_same_str = '(%s|<same>)' % id_str
+proj_same_str = '(%s|<same>)' % proj_str
 left_side_str = '\(\s*%s\s*,\s*%s\s*,\s*%s\s*\)' % \
-        (fedid_str, id_any_str, id_any_str)
+        (fedid_str, proj_any_str, id_any_str)
 right_side_str = '(%s)(\s*,\s*\(.*\))?' % (id_str)
 line_re = re.compile('%s\s*->\s*%s' % (left_side_str, right_side_str))

fedd/exp_access_db.py

@@ -52 +52 @@
 q_start = """
 SELECT
-    g.uid, g.pid,
+    g.uid, 
+    CASE g.gid
+        WHEN g.pid THEN g.pid
+        ELSE CONCAT(g.pid, '/', g.gid)
+    END,
     CONCAT('-----BEGIN CERTIFICATE-----\\n',
         s.cert,
@@ -59 +63 @@
 FROM group_membership g INNER JOIN user_sslcerts s
     ON g.uid = s.uid
-WHERE revoked is NULL AND g.pid = g.gid
+WHERE revoked is NULL
 """
 q_end ="""

fedd/fedd_to_abac.py

@@ -65 +65 @@
     comment_re = re.compile('^\s*#|^$')
     fedid_str = 'fedid:([0-9a-fA-F]{40})'
-    id_str = '[a-zA-Z][\w_-]*'
+    id_str = '[a-zA-Z][\w/_-]*'
     single_re = re.compile('\s*%s\s*->\s*(%s)' % (fedid_str, id_str))
     double_re = re.compile('\s*%s\s*->\s*\((%s)\s*,\s*(%s)\)' % \
@@ -109 +109 @@
                     (creds_dir or 'new_cert_dir', id.name, i)
 
-            cid = Creddy.ID(cert)
-            cid.load_privkey(key)
-            cattr = Creddy.Attribute(cid, r, 3600 * 24 * 365 * 10)
-            cattr.principal(k)
 
             if debug:
@@ -118 +114 @@
                         (cert, key, r, k, cf)
             else:
+                cid = Creddy.ID(cert)
+                cid.load_privkey(key)
+                cattr = Creddy.Attribute(cid, r, 3600 * 24 * 365 * 10)
+                cattr.principal(k)
                 cattr.bake()
                 cattr.write_name(cf)

fedd/federation/emulab_access.py

@@ -934 +934 @@
         vchars_re = '[^' + string.ascii_letters + string.digits  + '-]'
 
+        self.state_lock.acquire()
+        if aid in self.allocation:
+            proj = self.allocation[aid].get('project', None)
+            if not proj: 
+                proj = self.allocation[aid].get('sproject', None)
+        self.state_lock.release()
+
+        if not proj:
+            raise service_error(service_error.internal, 
+                    "Can't find project for %s" %aid)
+
         for a in attrs:
             if a['attribute'] in configs:
@@ -951 +962 @@
                 ename = a['value']
 
-        # Names longer than the emulab max are discarder
-        if ename and len(ename) <= self.max_name_len:
+        # Names longer than the emulab max are discarded
+        # Projects with a group require nonce experiment names as well
+        if ename and len(ename) <= self.max_name_len and '/' not in proj:
             # Clean up the experiment name so that emulab will accept it.
             ename = re.sub(vchars_re, '-', ename)
@@ -973 +985 @@
         self.state_lock.acquire()
         if aid in self.allocation:
-            proj = self.allocation[aid].get('project', None)
-            if not proj: 
-                proj = self.allocation[aid].get('sproject', None)
             user = self.allocation[aid].get('user', None)
             self.allocation[aid]['experiment'] = ename
@@ -992 +1001 @@
             self.write_state()
         self.state_lock.release()
-
-        if not proj:
-            raise service_error(service_error.internal, 
-                    "Can't find project for %s" %aid)
 
         if not user:
@@ -1092 +1097 @@
                             certfile, tmpdir)
 
+            if '/' in proj: proj, gid = proj.split('/')
+            else: gid = None
+
+
             # Set up userconf and seer if needed
             self.configure_userconf(services, tmpdir)
@@ -1109 +1118 @@
                     debug=self.create_debug, log=alloc_log, boss=self.boss,
                     cert=self.xmlrpc_cert)
-            rv = starter(self, ename, proj, user, expfile, tmpdir)
+            rv = starter(self, ename, proj, user, expfile, tmpdir, gid=gid)
         except service_error, e:
             err = e
@@ -1161 +1170 @@
             raise service_error(service_error.internal, 
                     "Can't find project for %s" % aid)
+        else:
+            if '/' in proj: proj, gid = proj.split('/')
+            else: gid = None
 
         if not user:
@@ -1170 +1182 @@
         stopper = self.stop_segment(keyfile=self.ssh_privkey_file,
                 debug=self.create_debug, boss=self.boss, cert=self.xmlrpc_cert)
-        stopper(self, user, proj, ename)
+        stopper(self, user, proj, ename, gid)
         return { 'allocID': req['allocID'], 'proof': proof.to_dict() }

fedd/federation/emulab_segment.py

@@ -93 +93 @@
         return state
 
-    def make_null_experiment(self, pid, eid, tmpdir):
+    def make_null_experiment(self, pid, eid, tmpdir, gid=None):
         """
         Create a null copy of the experiment so that we capture any logs there
@@ -115 +115 @@
                     'wait': True
                     }
+            if gid is not None:
+                params['group'] = gid
             if self.log:
                 self.log.info("[make_null_experiment]: Creating experiment")

fedd/federation/local_emulab_segment.py

@@ -58 +58 @@
         return True
 
-    def __call__(self, parent, eid, pid, user, tclfile, tmpdir, timeout=0):
+    def __call__(self, parent, eid, pid, user, tclfile, tmpdir, timeout=0, 
+            gid=None):
         """
         Start a sub-experiment on a federant.
@@ -70 +71 @@
 
         if state == 'none':
-            if not self.make_null_experiment(pid, eid, tmpdir):
+            if not self.make_null_experiment(pid, eid, tmpdir, gid):
                 return False
 
@@ -102 +103 @@
         emulab_segment.__init__(self, boss=boss, cert=cert)
 
-    def __call__(self, parent, user, pid, eid):
+    def __call__(self, parent, user, pid, eid, gid=None):
         """
         Stop a sub experiment by calling swapexp on the federant
         """
+
         self.log.info("[stop_segment]: Stopping %s" % eid)
         rv = False

fedd/federation/proxy_emulab_segment.py

@@ -158 +158 @@
 
 
-    def make_null_experiment(self, user, host, pid, eid, tmpdir):
+    def make_null_experiment(self, user, host, pid, eid, tmpdir, gid=None):
         """
         Create a null copy of the experiment so that we capture any logs there
@@ -164 +164 @@
         startexp
         """
+
+        if gid is not None: gparam = '-g %s' % gid
+        else: gparam = ''
+
         try:
             f = open("%s/null.tcl" % tmpdir, "w")
@@ -179 +183 @@
             if not self.ssh_cmd(user, host,
                     ("/usr/testbed/bin/startexp -i -f -w -p %s " + 
-                    "-e %s null.tcl") % (pid, eid), "startexp",
+                    "-e %s %s null.tcl") % (pid, eid, gparam), "startexp",
                     timeout=60 * 10):
                 return False
@@ -276 +280 @@
 
 
-    def __call__(self, parent, eid, pid, user, tclfile, tmpdir, timeout=0):
+    def __call__(self, parent, eid, pid, user, tclfile, tmpdir, timeout=0,
+            gid=None):
         """
         Start a sub-experiment on a federant.
@@ -294 +299 @@
             # Put a dummy in place to capture logs, and establish an experiment
             # directory.
-            if not self.make_null_experiment(user, host, pid, eid, tmpdir):
+            if not self.make_null_experiment(user, host, pid, eid, tmpdir, gid):
                 return False
 
@@ -325 +330 @@
         proxy_segment.__init__(self, log=log, keyfile=keyfile, debug=debug)
 
-    def __call__(self, parent, user, pid, eid):
+    def __call__(self, parent, user, pid, eid, gid=None):
         """
         Stop a sub experiment by calling swapexp on the federant