From c069a24e2587bf7be8ebbb418c7e987dd8dc4930 Mon Sep 17 00:00:00 2001 From: Dimitri Staessens Date: Fri, 9 Jul 2021 19:06:28 +0200 Subject: testbeds: Fix jfed support for recent CLI This updates jfed support for some recent changes in the CLI. Since the new CLI requires writing the jfed password to a text file, I added an option to set it in the experiment description too. It will still prompt if not set. There is also an option to enable/disable the bastion server, as there has been some changes to its login. --- rumba/prototypes/ouroboros.py | 3 +- rumba/ssh_support.py | 8 +++-- rumba/testbeds/jfed.py | 70 ++++++++++++++++++++++++++++++------------- 3 files changed, 56 insertions(+), 25 deletions(-) (limited to 'rumba') diff --git a/rumba/prototypes/ouroboros.py b/rumba/prototypes/ouroboros.py index 58c8ac2..727a05c 100644 --- a/rumba/prototypes/ouroboros.py +++ b/rumba/prototypes/ouroboros.py @@ -170,7 +170,7 @@ class Experiment(mod.Experiment): fs_loc = '/tmp/prototype' - cmds = ["sudo apt-get install libprotobuf-c-dev --yes || true", + cmds = ["sudo DEBIAN_FRONTEND=noninteractive apt-get install libprotobuf-c-dev --yes || true", "sudo rm -r " + fs_loc + " || true", "git clone -b " + self.git_branch + " " + self.git_repo + \ " " + fs_loc, @@ -362,7 +362,6 @@ class Experiment(mod.Experiment): return d - def export_dif_bandwidth(self, filename, dif): f = open(filename, 'w') diff --git a/rumba/ssh_support.py b/rumba/ssh_support.py index 7b3a163..e23a18e 100644 --- a/rumba/ssh_support.py +++ b/rumba/ssh_support.py @@ -89,6 +89,10 @@ def ssh_connect(hostname, port, username, password, time_out, proxy_server): try: proxy_client = None if proxy_server is not None: + logger.debug('Using proxy server %s' % proxy_server) + # bastion changed to this username policy + if 'bastion' in proxy_server: + username = 'fff' + username proxy_client = get_ssh_client() # Assume port 22 for the proxy server for now proxy_client.connect(proxy_server, 22, username, password, @@ -402,9 +406,9 @@ def aptitude_install(testbed, node, packages): return s else: def sudo(s): - return 'sudo ' + s + return 'sudo' + s - package_install = "apt-get install " + package_install = " DEBIAN_FRONTEND=noninteractive apt-get install " for package in packages: package_install += package + " " package_install += "--yes" diff --git a/rumba/testbeds/jfed.py b/rumba/testbeds/jfed.py index 8affa1d..cf8f556 100644 --- a/rumba/testbeds/jfed.py +++ b/rumba/testbeds/jfed.py @@ -53,7 +53,7 @@ class Testbed(mod.Testbed): def __init__(self, exp_name, username, cert_file, exp_hours="2", proj_name="rumba", authority="wall2.ilabt.iminds.be", image=None, image_custom=False, image_owner=None, - use_physical_machines=None): + use_physical_machines=None, passwd=None, enable_wall_proxy=False): """ Initializes the testbed class. @@ -67,11 +67,14 @@ class Testbed(mod.Testbed): :param image_custom: Is the image a custom one? :param image_owner: Creator of the image. :param use_physical_machines: Try to allocate physical machines. + :param passwd: jFed password .. note:: Supported authorities are wall1.ilabt.iminds.be, wall2.ilabt.iminds.be, exogeni.net, exogeni.net:umassvmsite. """ - passwd = getpass.getpass(prompt="Password for certificate file: ") + if passwd is None: + passwd = getpass.getpass(prompt="Password for certificate file: ") + mod.Testbed.__init__(self, exp_name, username, @@ -81,8 +84,11 @@ class Testbed(mod.Testbed): self.cert_file = cert_file self.exp_hours = exp_hours self.if_id = dict() + self.enable_wall_proxy = enable_wall_proxy self.rspec = os.path.join(mod.tmp_dir, self.exp_name + ".rspec") self.manifest = os.path.join(mod.tmp_dir, self.exp_name + ".rrspec") + self.prop_file = os.path.join(mod.tmp_dir, self.exp_name + ".prop") + self.pwd_file = os.path.join(mod.tmp_dir, self.exp_name + ".pwd") self.jfed_jar = os.path.join(mod.cache_dir, 'jfed_cli/experimenter-cli.jar') self.executor = SSHExecutor(self) @@ -171,7 +177,7 @@ class Testbed(mod.Testbed): el.setAttribute("client_id", node.name) if node.machine_type is None: - if (self.use_physical_machines): + if self.use_physical_machines: el.setAttribute("exclusive", "true") else: el.setAttribute("exclusive", "false") @@ -185,7 +191,7 @@ class Testbed(mod.Testbed): el2 = doc.createElement("sliver_type") el.appendChild(el2) - if (el.getAttribute("exclusive") == "true"): + if el.getAttribute("exclusive"): el2.setAttribute("name", "raw-pc") else: el2.setAttribute("name", "default-vm") @@ -230,9 +236,11 @@ class Testbed(mod.Testbed): :param experiment: The experiment. """ try: - subprocess.check_call(["java", "-jar", self.jfed_jar, "delete", - "-S", self.proj_name, "-s", self.exp_name, - "-p", self.cert_file, "-P", self.password]) + subprocess.check_call(["java", "-jar", + self.jfed_jar, "delete", + "-c", self.prop_file, + "-S", self.proj_name, + "-s", self.exp_name]) except subprocess.CalledProcessError as e: logger.error("jFed returned with error " + str(e.returncode)) raise @@ -245,35 +253,55 @@ class Testbed(mod.Testbed): """ self._create_rspec(experiment) - auth_name_r = self.auth_name.replace(".", "-") - for node in experiment.nodes: node.ssh_config.username = self.username node.ssh_config.password = self.password + logger.info("Writing jFed properties files") + try: + with open(self.pwd_file, "w") as _file: + _file.writelines([self.password + '\n']) + _file.close() + + with open(self.prop_file, "w") as _file: + _file.writelines(["username = " + self.username + '\n', + "passwordFilename = " + self.pwd_file + '\n', + "pemKeyAndCertFilename = " + self.cert_file + '\n']) + _file.close() + + except IOError as ex: + logger.error("Failed to write passwsord/properties file %s" % ex) + logger.info("Launching jFed...") try: - subprocess.check_call(["java", "-jar", self.jfed_jar, "create", - "-S", self.proj_name, "--rspec", - self.rspec, "-s", self.exp_name, "-p", - self.cert_file, "-k", - "usercert,userkeys,shareduserallkeys", - "--create-slice", "--manifest", - self.manifest, "-P", self.password, - "-e", self.exp_hours]) + cmd = ["java", "-jar", self.jfed_jar, + "create", + "-c", self.prop_file, + "-S", self.proj_name, + "--rspec", self.rspec, + "-s", self.exp_name, + "-k", "usercert,userkeys,shareduserallkeys", + "--create-slice", + "--manifest", self.manifest, + "-e", self.exp_hours] + + logger.debug("jFed command: %s" % " ".join(cmd)) + + subprocess.check_call(cmd) except subprocess.CalledProcessError as e: logger.error("jFed returned with error " + str(e.returncode)) + logger.warning("Note: jFed server requires clients to allow TLS 1.0") + logger.warning("Check your /etc//security/java.security file.") raise if "exogeni" in self.auth_name: try: subprocess.check_call(["java", "-jar", self.jfed_jar, + "-c", self.prop_file, "manifest", "-S", self.proj_name, "-s", self.exp_name, - "-p", self.cert_file, - "--manifest", self.manifest, - "-P", self.password]) + "--manifest", self.manifest]) except subprocess.CalledProcessError as e: logger.error("jFed returned with error " + str(e.returncode)) raise @@ -293,7 +321,7 @@ class Testbed(mod.Testbed): if node_n is None: logger.error("Didn't find node %s", n_name) - if "wall" in self.auth_name: + if self.enable_wall_proxy and "wall" in self.auth_name: node_n.ssh_config.proxy_server = "bastion.test.iminds.be" s_node = xml_node.getElementsByTagName("services")[0] -- cgit v1.2.3