import StringIO
import getafsgroups
-sys.stderr = StringIO.StringIO()
+errio = StringIO.StringIO()
+sys.stderr = errio
sys.path.append('/home/ecprice/.local/lib/python2.5/site-packages')
from Cheetah.Template import Template
MAX_VMS_TOTAL = 10
MAX_VMS_ACTIVE = 4
-def getMachinesByOwner(owner):
- """Return the machines owned by a given owner."""
+def getMachinesByOwner(user, machine=None):
+ """Return the machines owned by the same as a machine.
+
+ If the machine is None, return the machines owned by the same
+ user.
+ """
+ if machine:
+ owner = machine.owner
+ else:
+ owner = user.username
return Machine.select_by(owner=owner)
def maxMemory(user, machine=None, on=True):
"""
if not on:
return MAX_MEMORY_SINGLE
- machines = getMachinesByOwner(user.username)
+ machines = getMachinesByOwner(user, machine)
active_machines = [x for x in machines if g.uptimes[x]]
mem_usage = sum([x.memory for x in active_machines if x != machine])
return min(MAX_MEMORY_SINGLE, MAX_MEMORY_TOTAL-mem_usage)
def maxDisk(user, machine=None):
- machines = getMachinesByOwner(user.username)
+ machines = getMachinesByOwner(user, machine)
disk_usage = sum([sum([y.size for y in x.disks])
for x in machines if x != machine])
return min(MAX_DISK_SINGLE, MAX_DISK_TOTAL-disk_usage/1024.)
def canAddVm(user):
- machines = getMachinesByOwner(user.username)
+ machines = getMachinesByOwner(user)
active_machines = [x for x in machines if g.uptimes[x]]
return (len(machines) < MAX_VMS_TOTAL and
len(active_machines) < MAX_VMS_ACTIVE)
def haveAccess(user, machine):
- """Return whether a user has access to a machine"""
+ """Return whether a user has adminstrative access to a machine"""
+ if user.username == 'moo':
+ return True
+ if user.username in (machine.administrator, machine.owner):
+ return True
+ if getafsgroups.checkAfsGroup(user.username, machine.administrator, 'athena.mit.edu'): #XXX Cell?
+ return True
+ if getafsgroups.checkLockerOwner(user.username, machine.owner):
+ return True
+ return owns(user, machine)
+
+def owns(user, machine):
+ """Return whether a user owns a machine"""
if user.username == 'moo':
return True
return getafsgroups.checkLockerOwner(user.username, machine.owner)
p.wait()
return p.stdout.read(), p.stderr.read()
if p.wait():
- print >> sys.stderr, 'Error on remctl %s:' % args
+ print >> sys.stderr, 'Error on remctl', args, ':'
print >> sys.stderr, p.stderr.read()
raise CodeError('ERROR on remctl')
return p.stdout.read()
id of the CD (e.g. 'gutsy_i386')
"""
if cdtype is not None:
- remctl('web', 'vmboot', machine.name,
+ remctl('control', machine.name, 'create',
cdtype)
else:
- remctl('web', 'vmboot', machine.name)
+ remctl('control', machine.name, 'create')
def registerMachine(machine):
"""Register a machine to be controlled by the web interface"""
Gets and parses xm list --long
"""
- value_string, err_string = remctl('list-long', machine.name, err=True)
+ value_string, err_string = remctl('control', machine.name, 'list-long', err=True)
if 'Unknown command' in err_string:
raise CodeError("ERROR in remctl list-long %s is not registered" % (machine.name,))
elif 'does not exist' in err_string:
machine.name = name
machine.memory = memory
machine.owner = user.username
+ machine.administrator = user.username
machine.contact = user.email
machine.uuid = uuidToString(randomUUID())
machine.boot_off_cd = True
def deleteVM(machine):
"""Delete a VM."""
- remctl('destroy', machine.name, err=True)
+ remctl('control', machine.name, 'destroy', err=True)
transaction = ctx.current.create_transaction()
delete_disk_pairs = [(machine.name, d.guest_device_name) for d in machine.disks]
try:
raise CodeError("Invalid action '%s'" % action)
if action == 'Reboot':
if cdrom is not None:
- remctl('reboot', machine.name, cdrom)
+ remctl('control', machine.name, 'reboot', cdrom)
else:
- remctl('reboot', machine.name)
+ remctl('control', machine.name, 'reboot')
elif action == 'Power on':
if maxMemory(user) < machine.memory:
raise InvalidInput('action', 'Power on',
"You don't have enough free RAM quota to turn on this machine")
bootMachine(machine, cdrom)
elif action == 'Power off':
- remctl('destroy', machine.name)
+ remctl('control', machine.name, 'destroy')
elif action == 'Shutdown':
- remctl('shutdown', machine.name)
+ remctl('control', machine.name, 'shutdown')
elif action == 'Delete VM':
deleteVM(machine)
print >> sys.stderr, time.time()-start_time
machine=machine)
return Template(file="command.tmpl", searchList=[d, global_dict])
-def testOwner(user, owner, machine=None):
- if owner == machine.owner: #XXX What do we do when you lose access to the locker?
- return owner
+def testAdmin(user, admin, machine):
+ if admin in (None, machine.administrator):
+ return None
+ if admin == user.username:
+ return admin
+ if getafsgroups.checkAfsGroup(user.username, admin, 'athena.mit.edu'):
+ return admin
+ if getafsgroups.checkAfsGroup(user.username, 'system:'+admin, 'athena.mit.edu'):
+ return 'system:'+admin
+ raise InvalidInput('admin', admin,
+ 'You must control the group you move it to')
+
+def testOwner(user, owner, machine):
+ if owner in (None, machine.owner):
+ return None
+ #XXX should you be able to transfer ownership if you don't already own it?
+ #if not owns(user, machine):
+ # raise InvalidInput('owner', owner, "You don't own this machine, so you can't transfer ownership")
value = getafsgroups.checkLockerOwner(user.username, owner, verbose=True)
if value == True:
return owner
raise InvalidInput('owner', owner, value)
def testContact(user, contact, machine=None):
+ if contact in (None, machine.contact):
+ return None
if not re.match("^[A-Z0-9._%+-]+@[A-Z0-9.-]+\.[A-Z]{2,4}$", contact, re.I):
raise InvalidInput('contact', contact, "Not a valid email")
return contact
return disksize
def testName(user, name, machine=None):
- if name is None:
+ if name in (None, machine.name):
return None
if not Machine.select_by(name=name):
return name
- if name == machine.name:
- return name
raise InvalidInput('name', name, "Already taken")
def testHostname(user, hostname, machine):
try:
machine = testMachineId(user, fields.getfirst('machine_id'))
owner = testOwner(user, fields.getfirst('owner'), machine)
- contact = testContact(user, fields.getfirst('contact'))
- hostname = testHostname(owner, fields.getfirst('hostname'),
- machine)
+ admin = testAdmin(user, fields.getfirst('administrator'), machine)
+ contact = testContact(user, fields.getfirst('contact'), machine)
+ hostname = testHostname(owner, fields.getfirst('hostname'), machine)
name = testName(user, fields.getfirst('name'), machine)
oldname = machine.name
command="modify"
nic.hostname = hostname
ctx.current.save(nic)
- if owner is not None and owner != machine.owner:
+ if owner is not None:
machine.owner = owner
- if name is not None and name != machine.name:
+ if name is not None:
machine.name = name
+ if admin is not None:
+ machine.administrator = admin
+ if contact is not None:
+ machine.contact = contact
ctx.current.save(machine)
transaction.commit()
raise
for diskname in olddisk:
remctl("web", "lvresize", oldname, diskname, str(olddisk[diskname]))
- if name is not None and name != oldname:
+ if name is not None:
for disk in machine.disks:
- if oldname != name:
- remctl("web", "lvrename", oldname, disk.guest_device_name, name)
+ remctl("web", "lvrename", oldname, disk.guest_device_name, name)
remctl("web", "moveregister", oldname, name)
d = dict(user=user,
command=command,
ParaVM machines use Xen's emulation of virtualization features. You
want an HVM virtualized machine.""",
cpu_weight="""Don't ask us! We're as mystified as you are.""",
- owner="""The Owner must be the name of a locker that you are an AFS
-administrator of. In particular, you or an AFS group you are a member
-of must have AFS rlidwka bits on the locker. You can check see who
-administers the LOCKER locker using the command 'fs la /mit/LOCKER' on
-Athena.)""")
+ owner="""The owner field is used to determine <a href="help?subject=quotas">quotas</a>. It must be the name
+of a locker that you are an AFS administrator of. In particular, you
+or an AFS group you are a member of must have AFS rlidwka bits on the
+locker. You can check see who administers the LOCKER locker using the
+command 'fs la /mit/LOCKER' on Athena.) See also <a href="help?subject=administrator">administrator</a>.""",
+ administrator="""The administrator field determines who can access the console and power on and off the machine. This can be either a user or a moira group.""",
+ quotas="""Quotas are determined on a per-locker basis. Each
+quota may have a maximum of 512 megabytes of active ram, 50 gigabytes of disk, and 4 active machines."""
+
+ )
+ if not subjects:
+ subjects = sorted(mapping.keys())
+
d = dict(user=user,
simple=simple,
subjects=subjects,
on_poweroff on_crash on_xend_start on_xend_stop bootloader""".split()
display_fields = [('name', 'Name'),
('owner', 'Owner'),
+ ('administrator', 'Administrator'),
('contact', 'Contact'),
('type', 'Type'),
'NIC_INFO',
machine_info['name'] = machine.name
machine_info['type'] = machine.type.hvm and 'HVM' or 'ParaVM'
machine_info['owner'] = machine.owner
+ machine_info['administrator'] = machine.administrator
machine_info['contact'] = machine.contact
nic_fields = getNicInfo(machine_info, machine)
u.email = 'nobody'
connect('postgres://sipb-xen@sipb-xen-dev/sipb_xen')
operation = os.environ.get('PATH_INFO', '')
-# print 'Content-Type: text/plain\n'
-# print operation
if not operation:
print "Status: 301 Moved Permanently"
print 'Location: ' + os.environ['SCRIPT_NAME']+'/\n'
try:
output = fun(u, fields)
print 'Content-Type: text/html\n'
- sys.stderr.seek(0)
- e = sys.stderr.read()
sys.stderr=sys.stdout
+ errio.seek(0)
+ e = errio.read()
if e:
output = str(output)
output = output.replace('<body>', '<body><p>STDERR:</p><pre>'+e+'</pre>')
print output
except CodeError, err:
print 'Content-Type: text/html\n'
- sys.stderr.seek(0)
- e = sys.stderr.read()
sys.stderr=sys.stdout
+ errio.seek(0)
+ e = errio.read()
print error(operation, u, fields, err, e)
except InvalidInput, err:
print 'Content-Type: text/html\n'
- sys.stderr.seek(0)
- e = sys.stderr.read()
sys.stderr=sys.stdout
+ errio.seek(0)
+ e = errio.read()
print invalidInput(operation, u, fields, err, e)
except:
print 'Content-Type: text/plain\n'
- sys.stderr.seek(0)
- e = sys.stderr.read()
+ sys.stderr=sys.stdout
+ errio.seek(0)
+ e = errio.read()
print e
print '----'
- sys.stderr = sys.stdout
raise