Permalink
Browse files

Merge branch 'rest' of git://github.com/nimbusproject/nimbus into nim…

…bus-upstream-rest
  • Loading branch information...
2 parents 4e7dfc2 + bc80a3e commit 38114d181266d97f496ec2b1f62b951460896407 @clemesha-ooi clemesha-ooi committed Feb 8, 2010
Showing with 2,155 additions and 230 deletions.
  1. +3 −1 .gitignore
  2. +82 −0 autocommon/src/org/nimbustools/auto_common/ezpz_ca/CertDN.java
  3. +0 −5 autoconfiguration/share/lib/common-env.sh
  4. +102 −0 bin/create-nimbus-home.sh
  5. +64 −0 bin/install.sh
  6. +19 −18 control/libexec/workspace-control/kvm-ebtables-config.sh
  7. +1 −1 docs/src/doc/cloud.html
  8. +1 −1 docs/src/elclients.html
  9. +49 −0 home/bin/nimbus-configure
  10. +18 −0 home/bin/nimbusctl
  11. +52 −0 home/sbin/nimbusctl.py
  12. +14 −0 home/sbin/run-services.sh
  13. +8 −0 home/sbin/run-web.sh
  14. +389 −0 home/sbin/setup.py
  15. +5 −0 home/var/gridmap.example
  16. +1 −1 messaging/gt4.0-elastic/java/msgbridge/etc/elastic/other/main.xml
  17. +2 −93 messaging/gt4.0/java/gar-builder/deployment/default-jndi-config.xml
  18. +14 −3 messaging/gt4.0/java/gar-builder/etc/post-deploy.xml
  19. +0 −1 messaging/query/java/source/etc/query/other/main.xml
  20. +4 −4 messaging/query/java/source/etc/query/query.conf
  21. BIN messaging/query/java/source/lib/org.springframework.beans-3.0.0.RC1.jar
  22. BIN messaging/query/java/source/lib/org.springframework.expression-3.0.0.RC1.jar
  23. BIN messaging/query/java/source/lib/spring-security-config-3.0.0.RC1.jar
  24. BIN messaging/query/java/source/lib/spring-security-config-3.0.0.RELEASE.jar
  25. BIN ...ery/java/source/lib/{spring-security-core-3.0.0.RC1.jar → spring-security-core-3.0.0.RELEASE.jar}
  26. BIN ...query/java/source/lib/{spring-security-web-3.0.0.RC1.jar → spring-security-web-3.0.0.RELEASE.jar}
  27. +44 −0 monitoring/nagios/mdsVirtReg.xml
  28. +11 −0 monitoring/nagios/monitoring_config.cfg
  29. +5 −4 monitoring/nagios/nimbus_nagios_data_processing.py
  30. +47 −8 monitoring/nagios/nimbus_query_mds.py
  31. +59 −21 monitoring/nagios/nimbus_register_mds.py
  32. +81 −28 monitoring/nagios/nimbus_server_script.py
  33. +11 −9 monitoring/nagios/nimbus_worker_script.py
  34. +1 −1 {bin → scripts}/all-build-and-install.sh
  35. +1 −1 {bin → scripts}/all-build.sh
  36. +1 −1 {bin → scripts}/all-clean.sh
  37. +1 −1 {bin → scripts}/all-install.sh
  38. +1 −1 {bin → scripts}/all-uninstall.sh
  39. +1 −1 {bin → scripts}/broker-build-and-install.sh
  40. +1 −1 {bin → scripts}/broker-build.sh
  41. +1 −1 {bin → scripts}/broker-install.sh
  42. +1 −1 {bin → scripts}/clients-only-build-and-install.sh
  43. +1 −1 {bin → scripts}/clients-only-build.sh
  44. +1 −1 {bin → scripts}/clients-only-install.sh
  45. +1 −1 {bin → scripts}/delete-persistence-directory.sh
  46. 0 {bin → scripts}/lib/gt4.0/build/build.properties
  47. 0 {bin → scripts}/lib/gt4.0/build/build.xml
  48. 0 {bin → scripts}/lib/gt4.0/build/run.sh
  49. +1 −1 {bin → scripts}/lib/gt4.0/dist/build.properties
  50. 0 {bin → scripts}/lib/gt4.0/dist/build.xml
  51. 0 {bin → scripts}/lib/gt4.0/dist/scripts/deploy-client-gars.sh
  52. 0 {bin → scripts}/lib/gt4.0/dist/topdocs/LICENSE.txt
  53. 0 {bin → scripts}/lib/gt4.0/dist/topdocs/README.txt
  54. 0 {bin → scripts}/lib/notes.txt
  55. BIN ...amework.aop-3.0.0.RC1.jar → service-api/java/source/lib/org.springframework.aop-3.0.0.RELEASE.jar
  56. BIN ...amework.asm-3.0.0.RC1.jar → service-api/java/source/lib/org.springframework.asm-3.0.0.RELEASE.jar
  57. BIN service-api/java/source/lib/org.springframework.beans-3.0.0.RELEASE.jar
  58. BIN ...context-3.0.0.RC1.jar → service-api/java/source/lib/org.springframework.context-3.0.0.RELEASE.jar
  59. BIN service-api/java/source/lib/org.springframework.context.support-3.0.0.RELEASE.jar
  60. BIN ...ework.core-3.0.0.RC1.jar → service-api/java/source/lib/org.springframework.core-3.0.0.RELEASE.jar
  61. BIN service-api/java/source/lib/org.springframework.expression-3.0.0.RELEASE.jar
  62. BIN ...ion-3.0.0.RC1.jar → service-api/java/source/lib/org.springframework.transaction-3.0.0.RELEASE.jar
  63. BIN ...amework.web-3.0.0.RC1.jar → service-api/java/source/lib/org.springframework.web-3.0.0.RELEASE.jar
  64. +201 −0 service-api/java/source/lib/spring.LICENCE
  65. BIN service-api/java/source/lib/spring.jar
  66. BIN service/service/java/source/lib/jetty-6.1.21.jar
  67. BIN service/service/java/source/lib/jetty-6.1.7.jar
  68. BIN service/service/java/source/lib/jetty-util-6.1.21.jar
  69. BIN service/service/java/source/lib/jetty-util-6.1.7.jar
  70. +1 −1 web/bin/run-standalone-ssl.sh
  71. +42 −2 web/lib/libnotes.txt
  72. BIN web/lib/nimbus-autocommon.tar.gz
  73. +605 −0 web/lib/python/ProcessManager.py
  74. +25 −7 web/src/python/nimbusweb/setup/autoca.py
  75. +10 −8 web/src/python/nimbusweb/setup/checkssl.py
  76. +72 −0 web/src/python/nimbusweb/setup/ezpz_ca.py
  77. +99 −0 web/src/python/nimbusweb/setup/gtcontainer.py
  78. +1 −1 web/src/python/nimbusweb/setup/javautil.py
View
@@ -6,11 +6,13 @@ build/
dist/
autocontainer/downloads/
autocontainer/gt/
-web/lib/python/
+web/lib/python/cherrypy/
+web/lib/python/django/
web/lib/java/
web/src/env.sh
web/src/python/nimbusweb/portal/generated_secrets.py
web/src/python/nimbusweb/portal/generated_settings.py
web/var/
control/var/workspace-control/logs/wclog*
derby.log
+bin/tmp/
@@ -0,0 +1,82 @@
+/*
+ * Copyright 1999-2009 University of Chicago
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may not
+ * use this file except in compliance with the License. You may obtain a copy
+ * of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+ * License for the specific language governing permissions and limitations
+ * under the License.
+ */
+package org.nimbustools.auto_common.ezpz_ca;
+
+import java.io.File;
+import java.io.IOException;
+import java.io.FileReader;
+import java.security.cert.X509Certificate;
+import java.security.Security;
+
+import org.bouncycastle.openssl.PEMReader;
+import org.bouncycastle.jce.provider.BouncyCastleProvider;
+import org.globus.gsi.CertUtil;
+
+import javax.security.auth.x500.X500Principal;
+
+public class CertDN {
+
+
+ static {
+ Security.addProvider(new BouncyCastleProvider());
+ }
+
+ public static String dnFromPath(String path) throws IOException {
+
+ final File certFile = new File(path);
+ if (!certFile.canRead()) {
+ final String msg = "File '" + path + "' can not be read.";
+ throw new IOException(msg);
+ }
+
+ final FileReader fr = new FileReader(certFile);
+ try {
+ final PEMReader reader =
+ new PEMReader(fr, null, BouncyCastleProvider.PROVIDER_NAME);
+ try {
+ final X509Certificate cert = (X509Certificate) reader.readObject();
+ final X500Principal principal = cert.getSubjectX500Principal();
+ final String DN = principal.getName(X500Principal.RFC2253);
+
+ return CertUtil.toGlobusID(DN, false);
+
+ } finally {
+ reader.close();
+ }
+ } finally {
+ fr.close();
+ }
+ }
+
+
+ public static void main(String[] args) {
+
+ if (args == null || args.length != 1) {
+ System.err.println("Needs these arguments:\n" +
+ "1 - the certificate file");
+ System.exit(1);
+ }
+
+ try {
+ final String dn = dnFromPath(args[0]);
+ System.out.println(dn);
+ } catch (Throwable t) {
+ System.err.println("Problem: " + t.getMessage());
+ t.printStackTrace();
+ System.exit(1);
+ }
+ }
+}
@@ -43,11 +43,6 @@ export NIMWIZ_SCP_BATCH_OPTIONS
NIMWIZ_NO_NETWORK_CONFIGS="(( not configuring ))"
export NIMWIZ_NO_NETWORK_CONFIGS
-CONTROL_TARBALL_SHORT="nimbus-controls-2.3RC1.tar.gz"
-CONTROL_TARBALL_DIR="nimbus-controls-2.3RC1"
-CONTROL_TARBALL="http://www.nimbusproject.org/downloads/$CONTROL_TARBALL_SHORT"
-export CONTROL_TARBALL_DIR CONTROL_TARBALL_SHORT CONTROL_TARBALL
-
WORKSPACE_CONTROL_DOC_LINK="http://www.nimbusproject.org/docs/?doc=2.3/admin/quickstart.html#part-III"
export WORKSPACE_CONTROL_DOC_LINK
View
@@ -0,0 +1,102 @@
+#!/bin/sh
+
+CONTAINER_URL="http://www-unix.globus.org/ftppub/gt4/4.0/4.0.8/ws-core/bin/ws-core-4.0.8-bin.tar.gz"
+CONTAINER_TARNAME="ws-core-4.0.8-bin.tar.gz"
+CONTAINER_UNTARREDNAME="ws-core-4.0.8"
+
+# destination directory inside $NIMBUS_HOME
+CONTAINER_DIRNAME="services"
+
+NIMBUS_SRC_REL="`dirname $0`/.."
+NIMBUS_SRC=`cd $NIMBUS_SRC_REL; pwd`
+
+TMPDIR="$NIMBUS_SRC/bin/tmp"
+
+if [ ! -d $TMPDIR ]; then
+ mkdir $TMPDIR
+ if [ $? -ne 0 ]; then
+ echo "Failed to create temp directory: $TMPDIR"
+ exit 1
+ fi
+fi
+
+if [ "X$1" == "X" ]; then
+ echo "\nUsage: $0 destination_dir"
+ echo "\tYou must specify the destination directory.\n"
+ exit 1
+fi
+
+NIMBUS_HOME=$1
+
+if [ ! -d $NIMBUS_HOME ]; then
+ PARENT_DIR=`dirname $NIMBUS_HOME`
+
+ if [ -d $PARENT_DIR ]; then
+
+ echo "Creating destination directory: $NIMBUS_HOME"
+ mkdir $NIMBUS_HOME
+
+ if [ $? -ne 0 ]; then
+ echo "Failed to create destination directory!"
+ exit 1
+ fi
+ else
+ echo "Parent dir of destination does not exist: $PARENT_DIR"
+ exit 1
+ fi
+fi
+
+echo "Deploying skeleton directory structure.."
+cp -fr $NIMBUS_SRC/home/* $NIMBUS_HOME/
+if [ $? -ne 0 ]; then
+ echo "Failed to copy Nimbus home directory"
+ exit 1
+fi
+
+echo "Deploying web application.."
+cp -r $NIMBUS_SRC/web $NIMBUS_HOME/
+if [ $? -ne 0 ]; then
+ echo "Failed to copy Nimbus web directory"
+ exit 1
+fi
+
+CONTAINER_DIR="$NIMBUS_HOME/$CONTAINER_DIRNAME"
+if [ ! -d $CONTAINER_DIR ]; then
+
+ echo "Downloading and installing service container.."
+
+ # fetch GT container if it doesn't already exist
+ if [ ! -f $TMPDIR/$CONTAINER_TARNAME ]; then
+ wget -c -O $TMPDIR/$CONTAINER_TARNAME $CONTAINER_URL
+
+ if [ $? -ne 0 ]; then
+ echo "Failed to download container tarball"
+ exit 1
+ fi
+ fi
+
+ tar xzf $TMPDIR/$CONTAINER_TARNAME -C $TMPDIR
+ if [ $? -ne 0 ]; then
+ echo "Failed to expand Nimbus tarball"
+ exit 1
+ fi
+
+ mv $TMPDIR/$CONTAINER_UNTARREDNAME $CONTAINER_DIR
+ if [ $? -ne 0 ]; then
+ echo "Failed to move container directory to $CONTAINER_DIR"
+ exit 1
+ fi
+else
+ echo "Service container already exists at $CONTAINER_DIR"
+fi
+
+echo "Building and installing Nimbus to service container.."
+
+GLOBUS_LOCATION=$CONTAINER_DIR
+export GLOBUS_LOCATION
+
+$NIMBUS_SRC/scripts/all-build-and-install.sh
+if [ $? -ne 0 ]; then
+ echo "Build and install FAILED!"
+ exit 1
+fi
View
@@ -0,0 +1,64 @@
+#!/bin/sh
+
+FORCE_FRESH_INSTALL="yes"
+
+NIMBUS_SRC_REL="`dirname $0`/.."
+NIMBUS_SRC=`cd $NIMBUS_SRC_REL; pwd`
+
+if [ "X$1" == "X" ]; then
+ echo "\nUsage: $0 destination_dir"
+ echo "\tYou must specify the destination directory.\n"
+ exit 1
+fi
+
+NIMBUS_HOME=$1
+
+if [ -d $NIMBUS_HOME ] && [ "$(ls -A $NIMBUS_HOME)" ]; then
+ if [ $FORCE_FRESH_INSTALL == "yes" ]; then
+ echo ""
+ echo "The destination directory '$NIMBUS_HOME' exists and is not empty."
+ echo "It is not recommended to reinstall Nimbus into an existing install."
+ echo ""
+ echo "If you are making changes to the services, you can build and install those directly:"
+ echo "\texport GLOBUS_LOCATION=$NIMBUS_HOME/services"
+ echo "\tscripts/all-build-and-install.sh"
+ echo ""
+ echo "If you know what you are doing and want to reinstall, edit this script:"
+ echo "\t$0"
+ echo "and change FORCE_FRESH_INSTALL to \"no\""
+ echo ""
+
+ exit 1
+ fi
+fi
+
+$NIMBUS_SRC/bin/create-nimbus-home.sh $NIMBUS_HOME
+
+if [ $? -ne 0 ]; then
+ echo "Nimbus home creation failed!"
+ exit 1
+fi
+
+CONFIG_SCRIPT="$NIMBUS_HOME/bin/nimbus-configure"
+
+if [ ! -f $CONFIG_SCRIPT ]; then
+ echo "Configuration script could not be found: $CONFIG_SCRIPT"
+ exit 1
+fi
+
+$CONFIG_SCRIPT
+
+if [ $? -ne 0 ]; then
+ echo "Nimbus configuration script failed! You may try running it manually:"
+ echo "\t$CONFIG_SCRIPT"
+ exit 1
+fi
+
+echo ""
+echo "Nimbus installation succeeded!"
+echo "However, additional configuration may be necessary."
+echo "Refer to the Administrator Guide for details.\n"
+echo "You can now start/stop Nimbus services with the nimbusctl command. e.g:"
+echo "\t$NIMBUS_HOME/bin/nimbusctl start\n"
+
+exit 0
@@ -21,15 +21,16 @@
# ABOUT #
#########
-# This script adjusts ebtables rules to packets coming from a bridged interface
+# This script adjusts ebtables rules to prevent MAC and IP spoofing.
# Unlike the 'main' ebtables-config script used with Xen, this will NOT allow
-# you to host multiple VMs on the same host and still get proper spoofing
-# protection.
-
-# 1. Is the MAC address incorrect? Drop the packet.
-# 2. Is this is a DHCP packet?
-# 3. If so, allow it to be bridged.
-# 4. If not a DHCP packet, it must have the correct source IP address,
+# you to stop DHCP packets from workspaces escaping to the site network.
+
+# 1. Is the packet coming from a workspace virtual interface?
+# 2. If not, proceed without further processing.
+# 3. If so, is the MAC address incorrect? Drop the packet.
+# 4. Is this is a DHCP packet?
+# 5. If so, allow it to be bridged.
+# 6. If not a DHCP packet, it must have the correct source IP address,
# otherwise the packet is dropped.
@@ -143,13 +144,13 @@ function delete_vifname_chain() {
return $?
}
-function add_forward_rule() {
- $EBTABLES -A INPUT -j $VIFNAME
+function add_input_rule() {
+ $EBTABLES -A INPUT -i $VIFNAME -j $VIFNAME
return $?
}
-function rem_forward_rule() {
- $EBTABLES -D INPUT -j $VIFNAME
+function rem_input_rule() {
+ $EBTABLES -D INPUT -i $VIFNAME -j $VIFNAME
return $?
}
@@ -161,12 +162,12 @@ function rem_forward_rule() {
if [ "$ADDREM" = "rem" ]; then
SUCCESS="y"
- rem_forward_rule
+ rem_input_rule
if [ $? -ne 0 ]; then
- echo "ERROR: Failed to remove $VIFNAME FORWARD rule"
+ echo "ERROR: Failed to remove $VIFNAME INPUT rule"
SUCCESS="n"
else
- echo "Removed $VIFNAME FORWARD rule"
+ echo "Removed $VIFNAME INPUT rule"
fi
delete_vifname_chain
@@ -193,12 +194,12 @@ if [ "$ADDREM" = "add" ]; then
echo "Created $VIFNAME chain"
fi
- add_forward_rule
+ add_input_rule
if [ $? -ne 0 ]; then
- echo "ERROR: Failed to add $VIFNAME FORWARD rule"
+ echo "ERROR: Failed to add $VIFNAME INPUT rule"
exit 1
else
- echo "Added $VIFNAME FORWARD rule"
+ echo "Added $VIFNAME INPUT rule"
exit 0
fi
fi
View
@@ -21,7 +21,7 @@
</p>
<p class="indent">
- <img src="../../../img/warning.gif" alt="warning!" class="floatleft" />
+ <img src="../img/warning.gif" alt="warning!" class="floatleft" />
<i>This page is for <b>deployers</b> of the cloud configuration to
learn about it and configure the workspace service for it. This is
<b>not necessary for cloud users</b> to read and understand.</i> If you
View
@@ -49,7 +49,7 @@
So <a href="http://s3.amazonaws.com/ec2-downloads/ec2-api-tools.zip">the
default client</a> may not always be the one to use. See a specific cloud's
documentation for the definitive tools URL (for example, the
- <a href="_clouds/nimbus.html">Nimbus cloud</a>).
+ <a href="/nimbus_cloud">Nimbus cloud</a>).
And see
<a href="http://bugzilla.globus.org/globus/show_bug.cgi?id=6558">enhancement 6558</a>.
</li>
Oops, something went wrong.

0 comments on commit 38114d1

Please sign in to comment.