-
Notifications
You must be signed in to change notification settings - Fork 15
/
CHANGES
1685 lines (1592 loc) · 91.8 KB
/
CHANGES
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
991
992
993
994
995
996
997
998
999
1000
# Note: keep this file in wiki format for easy pasting to the gcf wiki
gcf 2.11
* Support for newer openssl options in python2. Deprecate older versions
gcf 2.10:
* Changed references to trac.gpolab.bbn.com to point to Github.
Although those pages mostly still reference trac, that is the future home.
These changes include changing where the `agg_nick_cache` lives. (#814)
* Add some omni design notes (work in progress). (#883)
* Document how to create a release. (#871)
* Add Debian and RPM packaging configuration (#849)
* Update CentOS installation instructions (#853)
* Add hawaii-ig, utdallas-ig, ullafayette-ig, and uvm-ig to nick cache. (#906)
* Add ucsd-ig, psc-eg, uaf-eg, gwu-eg, umass-eg, and wsu-eg to nick cache. (#912)
* Add vt-ig to nick cache. (#919)
* Omni
* Continue anyway if no aggregate nickname cache can be loaded. (#822)
* Sliver info reporting and operations on AMs by nickname will likely fail.
* For connections to servers, use TLSv1 if possible (falling back to SSLv3
in the usual OpenSSL way), plus a restricted set of ciphers
(`HIGH:MEDIUM:!ADH:!SSLv2:!MD5:!RC4:@STRENGTH`) when using python2.7.
This avoids some security issues, and allows Omni on older clients
to connect to some updated servers. (#745)
* Use `False` instead of `'f'` for `SLICE_EXPIRED` and `PROJECT_EXPIRED` when
using Common Federation API clearinghouses. (#856)
* Thanks to Umar Toseef for the bug report.
* Do not assume `PROJECT_MEMBER_UID` is returned when listing project members,
but allow it. (#857)
* Thanks to Umar Toseef for the bug report.
* Calling `getslicecred` while specifying a `slicecredfile` that exists
no longer means just return that file. Instead, that file will be
ignored and, if you specify `-o`, replaced. (#868, #869)
* Moved canonical `agg_nick_cache` location to Github. (#814, #882)
* Use `urllib2.urlopen` instead of `urllib.urlretrieve` to avoid bad
interaction with M2Crypto. (#881)
* Stitcher
* Catch expiration too great errors from PG AMs and quit. (#828)
* Bug fix combining manifests involving a fixed endpoint. (#833)
* Fix up combining manifests using ExoGENI, to ensure the stitching
hops list the actual reserved VLAN tags. (#873, #876)
* Support detecting OESS AM using `geni_am_type`. (#835)
* Do not insist on 2 reciprocal properties on links, allowing more
flexibility perhaps. (#838)
* Allow links with more than 1 interface per AM, and start supporting
multiple AMs per link.
* Add option `--noSCS` to force skipping the SCS, for use when stitcher
calls the SCS but the SCS fails the request, and the request is
complete already. Or use this on the expanded request from a stitcher
call with `--noReservation`. Lack of a workflow may be a problem
in some cases. (#839)
* AL2S supports speaks for. Don't exit if using speaksfor and AL2S. (#834)
* Treat new generic ProtoGENI mapper error code (28) as fatal. (#861)
* Fix combining manifests where link is multi AM but not stitched. (#879)
* Thanks to Hussam Nasir
* omni-configure
* Modify omni-configure to support multi-user systems (#843, #877)
* gcf
* Add new parameters to decode_urns so that derived delegates can
decode urns using the credentials and options available in other
calls (#858)
* Add utility function to derive the effective user's client cert, after
accounting for speaks-for. This allows an AM to know the "real" user's URN
and email, for example (#831)
* Speaks for attempts to validate the tool cert by taking the issuer from the user
GID (signer of the speaks for credential), in cases where the tool cert didn't
validate on its own and has the same issuer as the user cert. This helps where
tool certs and user certs are issued by the same intermediate CA (as with those
from the GENI Clearinghosue), when used on webservers that don't pass the full
client certificate chain (like nginx). (#832)
* For connections to servers, use TLSv1 if possible (falling back to SSLv3
in the usual OpenSSL way), plus a restricted set of ciphers
(`HIGH:MEDIUM:!ADH:!SSLv2:!MD5:!RC4:@STRENGTH`) when using python2.7.
This avoids some security issues, and allows older clients
to connect to some updated servers. (#745)
* Rework the code in `am3.py` that calls the cred verifier to reduce code duplication and make
implementations deriving from the !ReferenceAggregateManager easier to write. (#836)
* Allow aggregate deployments to specify the delegate to use in the
`gcf_config` file or on the command line, so as to be able to
write delegates without touching the main gcf code, thereby easing maintenance (#837).
* When delegates raise an `ApiErrorException`, catch it to send back
a proper return value indicating an error occured. (#841)
* Log the HTTP request line when `--debug`. (#842)
* Fix some typos in `Provision()` in `am3.py`. (#846)
* Fix am2 not keeping resources' state updated when creating or deleting Slivers (#848, #850)
* Update generated certificate key size and signature algorithm to more
modern values (#851, #852)
* Point people to [email protected] instead of old list.
* In AM3, fix exception on expire_slivers. Aggregate stores resources, not slivers. (#863)
gcf 2.9:
* Add Markdown style README, CONTRIBUTING and CONTRIBUTORS files. (#551)
* Source code is now available from Github: https://github.com/GENI-NSF/geni-tools.
All issues are now reported on geni-tools as well. (#814)
Issues after #820 are ''only'' on Github.
* Remove references to the omni-users mailing list. (#813)
* Use the [https://groups.google.com/forum/#!forum/geni-users GENI Users mailing list].
* Add autoconf/automake support
* Add `utah-stitch` AM and `clemson-clab` and `wisconsin-clab` for new Cloudlab sites. (#817)
* Omni
* If `sliverstatus` fails in a way that indicates there are no local resources,
and the caller specified `--raise-error-on-v2-amapi-error`, still delete any
sliver info records at the clearinghouse (as necessary). (#778)
* If `deletesliver` or `delete` fail indicating there are no local resources,
delete any sliver info records at the clearinghouse (as necessary). (#782)
* Add 11 aggregates to the nickname cache. (#783)
* Trim fractional seconds from user input datetimes before passing to servers. (#795)
* Avoids errors in ProtoGENI based code.
* Allow getting Ad RSpecs (calling `ListResources` not in slice context)
without a user credential. (#793)
* Implements AM API Change Proposal AD.
* If the return from `POA` is a `geni_credential`, or per sliver has a
`geni_credential`, then save that cred in a separate file. (#803)
* Also when saving output, JSON that has XML content shouldn't get
the header inserted within the XML content.
* Fix `delete` when called on multiple AMs. (#808)
* Stitcher
* Better support for AM API version 3 (#261)
* When saving the slice credential renames the file (`.json` extension), save that.
* Set the API version for an AM to the command line request version, or the most recent
lower version number.
* When picking the requested expiration time for an AM, limit it to 3 hours when doing Allocate.
* Set the AM URL to the v3 URL if using v3
* Tune the pause before redoing a request to be shorter if only dealing with v3 AMs
* Warn when done if any reservations are only allocations.
* Always use APIv2 when calling `getversion`
* Support partial requests with two new options:
* `--noDeleteAtEnd`: When specified, do not delete any successful reservations when the overall
request has failed, or when the user has interrupted stitcher with Ctrl-C.
* `--noTransitAMs`: When specified, stop when the only aggregates ready to reserve are those
added by the SCS (which we assume are transit or intermediate aggregates).
* In both these cases, finish by printing out how many reservations you have, and saving a
combined manifest RSpec for your reservations, and a combined request RSpec for the reservations
that you still need to make. The experimenter must manually edit this request to fill in the proper
`suggestedVLANRange` and `vlanRangeAvailability` in the proper hops in the request's stitching extension.
See the comments at the top of the RSpec: `get_vlantag_from` indicates what other `hop` the given `hop`
should take its VLAN tag from. `Have Reservation?` indicates if you have a reservation here. And
`AM Depends on` indicates which other AMs must be reserved first before you make a reservation here.
* Clean up the log messages in these cases to not look so scary. (#812)
* Support `delete` and `deletesliver` locally, calling APIv2 or v3 as appropriate. (#807)
* Defer to Omni if there is only a single aggregate.
* Each AM is a separate Omni call.
* Results from all calls are combined into a single return message and structure.
* APIv2 results will be keyed by AM URL and have the value of True or False usually, but sometimes a struct.
* This is useful when a circuit was reserved using `-V3` and some AMs spoke APIv2 only.
* Fix handling of return when tried to delete at an AM with no resources. (#823)
* scs.py now honors `--timeout` to set the SSL connection timeout. (#785)
* For `--fixedEndpoint` calls, avoid adding the fake interface to links
with no stitching path, such as for a LAN within a single AM. (#790)
* If SCS gave same suggested VLAN tag to 2 paths (same hop), then retry
at the SCS. (#802)
* The SCS does not deconflict suggestions across paths, so this can happen.
* When a request fails due to VLAN unavailable someplace along a path where the VLAN
was a choice from 'any', no need to go back to the SCS; delete the intermediate reservations
and mark the failed tag unavailable, and let that first AM pick the tag again.
This should mean fewer un-necessary deletes and fewer calls to the SCS. (#648)
* Also fix this block to count this as a local VLAN retry.
* When merging manifests, handle a request for component_manager of the ExoSM,
where the manifest component_manager will be more specific. (#780)
* If there isn't an exact match and the specific component_manager doesn't belong
to an aggregate we are using, then try to match without the sub-authority.
* When redoing a request from the SCS, be sure to copy any existing state
from an AM not in the SCS workflow. (#781)
* When checking if an EG URN belongs to this AM, compare them exactly,
not using `startswith`, so an EG rack doesn't claim a URN for the ExoSM. (#779)
* In debug when printing raw return from SCS, print the name of the path for each hop. (#800)
* Clarify error message when request 'any' VLAN and get VLAN_UNAVAILABLE. (#801)
* Fix finding a hop when parsing EG manifests to consider the path ID, thus
supporting 2 links across the same interface. (#805)
* Fixes for merging manifests, particularly those including ExoGENI AMs on links. (#806)
* Fill in missing properties and interface_refs on links when the template was a real manifest.
* Slightly prefer PG AMs as the template AM.
* Ensure we have all component_managers, interfaces, and comments on links.
* Skip adding a comment for an AM with no information to add.
* Support starting with an EG AM and adding in missing hops in the stitching extension, albeit
out of order and without the proper nextHop values.
* Bug fix for merging comments when template has a comment child and other does not. (#815)
* Quiet down errors deleting a failed reservation from EG AMs (harmless). (#811)
* Remove reference to ION as a real aggregate in the README. ION has been decommissioned. (#797)
* Gracefully handle error when 2 stitcher instances are running in the same directory
at once on Windows. (#824)
* Define default initial sliver expirations for other Utah/PG AMs (Apt, Cloudlab, stitch). (#826)
* Allow defining new such AMs in the omni config `omni_defaults` -> `utah_am_urns` (CSV).
* When calculating `expires` time to request, don't exceed the slice expiration,
and don't request less than some # of hours - 6 for APIv2, 3 for v3+. (#827)
* Scripts
* Initial commit of `examples/renewSliceAndSlivers.py`. (#798)
* `readyToLogin --ansible-inventory` will now specify the ansible
username in the inventory file if the GENI username and the
username on the local system are different. Alternatively, you
can use `--ansible-username` to specify the username or you can use
`--no-ansible-username` to ensure no username is specified in the
inventory file. (#794)
* Changed usage message for `readyToLogin` to encourage use of `--useSliceAggregates`. (#816)
* Fix error message on `readyToLogin` when no aggregates specified. (#821)
* gcf
* Make the user credential optional to `ListResources`. (#792)
* Implement AM API Draft proposal "AD".
* `CredentialVerify` now requires a valid credential over the given `target_urn`
if supplied, but returns `True` if no credentials are supplied AND no `target_urn`.
* Print AM version when logging that GENI AM is listening. (#804)
* Thanks to David Margery
gcf 2.8.1:
* Give `omni-configure` the ability to find PKCS#8 private keys,
not just PKCS#1. With openssl v1.0.0 PKCS#8 is the default, so new
keys from the GENI Portal are in the new format, and omni-configure
doesn't find them and complains that you have no private key. (#799)
gcf 2.8:
* Omni
* Allow configuring how many times Omni retries on a busy error from
an AM or CH. Use `--maxBusyRetries`. Default remains 4. (#749)
* Support `Update()` and `Cancel()` from AM APIv4 in any v3+ implementation. Support
is only known at ProtoGENI, and is limited. (#589)
* New option `--noCacheFiles` completely disables reading or writing the !GetVersion and
Aggregate nickname cache files. (#772)
* New config that sets the current release number and a release message,
so Omni can alert you if a new release is available. (#698)
* Better control of Omni logging configuration. (#458)
* Allow a Python logging configuration dictionary, and configure
logging from that if possible.
* New option `--noLoggingConfiguration` completely disables
configuring Python loggers from Omni. A script might use this to
allow it to configure logging later in its own way.
* Fix error message on expired user cert. (#756)
* Remove ticket #722 workaround (bug fixed at ION AM). (#724)
* Mac installer: remove old aliases before adding new ones. (#556)
* Clean up `listresources` summary string and include sliver expiration if known. (#704)
* Add support for `--start-time` option to specify a `geni_start_time` option
for any aggregates that support such a value. (#660)
* Update copyrights to 2015 (#764)
* Add nicknames for !CloudLab and Apt. (#767)
* Avoid exception on empty aggregate in `-a` argument. (#771)
* Support python 2.7.9+ where we must request not verifying server certificates
for the SSL connection. Thanks to Ezra Kissel. (#776)
* Stitcher
* Catch keyboard interrupts to warn if you interrupt your run and have
left over reservations. (#754)
* Added `--timeout` option to specify that stitcher runs time out
(default is no timeout as before), deleting any partial reservations. (#730)
* SCS requires a valid client certificate and uses SSL. (#757)
* As a result, the SSL timeout on calls to the SCS should work. (#346)
* When calling `scs.py` directly, you must now provide the `--key` and `--cert`
arguments to reach the default SCS or any SCS that uses https.
* Check current VLAN tag availability at AMs before trying reservations, where it
works and will help. Disable this with new option `--noAvailCheck`. (#566,#545)
* Better support for requests using multiple ExoGENI sites. (#738)
* Use ExoGENI stitching between ExoGENI sites by default (as before).
* Allow reserving resources from multiple individual ExoGENI sites,
not through the ExoSM. This is a change.
* Allow using GENI stitching between ExoGENI sites by going through individual
ExoGENI sites and not the ExoSM. This is a change.
* A request with no link among ExoGENI sites will not use the ExoSM, unless
you specify `--useExoSM`. This is a change - previously, you would get the ExoSM.
* A request that does include a link among ExoGENI sites will by default continue to
use the ExoSM and ExoGENI stitching. But you can choose to use GENI stitching:
supply `--noExoSM` or `--noEGStitching` or `--noEGStitchingOnLink`.
* Note however that passing options `--noExoSM` or `--noEGStitching` means that any links between ExoGENI
sites will attempt to use a GENI stitched link, which may not be possible. Using
`--noEGStitchingOnLink` means that only the named links between ExoGENI sites will attempt
to use a GENI stitched link.
* See README-stitching.txt for more on `--noEGStitching` and `--noEGStitchingOnLink`.
* Allow recreating the combined manifest RSpec. (#284)
* Call `stitcher listresources <slice>` or `stitcher describe <slice>`.
* If you specify `--useSliceAggregates`, any local stitcher file listing AMs in the slice
will be ignored.
* Return matches that for Omni, with the combined manifest returned under the key
`combined` for `describe`, and `('combined','combined')` for `listresources`.
* Add new production AL2S server to nickname cache and support identifying the OESS AM
using the new URL. (#775)
* Use the SCS instance maintained by Internet2 by default. (#761)
* Limit available range on a hop that doesn't import to tags available at hops that
import from it. (#747)
* Support only generating and saving the expanded request. (#763)
* Supply new option `--genRequest`.
* No reservation is done, and no slice credential check is done.
* Includes SCS expansion and checking current availability.
* Handle PG AMs taking longer to delete a previous reservation. (#769)
* Better handle delete errors that really mean there was nothing here to delete.
* Before allocating, if stitcher did a previous delete at this aggregate in this run,
check `sliverstatus` to ensure that delete completed.
* `Invalid slice urn` is fatal at ExoGENI. (#746)
* Remove note about capacity at ExoGENI, now that it is in kbps. (#678)
* Error and exit if the request uses Speaks For and requires AL2S
(since AL2S does not support Speaks For yet). (#753)
* Accept `--scsURL` in `scs.py` to specify the SCS URL. (#755)
* Add logic to print status when deleting reservations. (#750)
* Factor out determining if AM type supports requesting 'any' VLAN tag. (#758)
* Allow `--verbosessl` to `scs.py` to turn on debug SSL logging. (#770)
* Allow re-setting default sliver expiration times by aggregate type with a new
`omni_defaults` value (like from the agg_nick_cache). (#694)
* readyToLogin
* Add `--ansible-inventory` option which creates a host file to use with Ansible. Works
with `-o` and `--prefix`. (#759)
* remote-execute
* Add `-A`/`--forwardAgent` option to enable SSH agent forward (like using `-A` with SSH). (#774)
* gcf
* Add support for policy-based authorizer to interpose between authentication
and delegate invocation. (#660)
* Allow ABAC-like per aggregate authorization policies. See README-authorization.txt
* Support scheduled reservations. See README-scheduling.txt
* Refactored the AM base class to use a Method Context to handle most per method
processing and error handling.
* Instead of wrapping calls to the delegate in a try/except block, we use a
`with AMMethodContext` call to check and authorize arguments before making the call
to the delegate.
* Add a getter for fetching the PEM certificate from the server, to support safely fetching
that certificate in a multithreaded environment.
gcf 2.7:
* Omni
* Calls to `status` and `sliverstatus` will also call the CH
to try to sync up the CH records of slivers with truth
as reported by the AM. (#634)
* Make `useSliceMembers` True by default and deprecate the option. (#667)
* By default, Omni will create accounts and install SSH keys for members of your slice,
if you are using a CHAPI style framework / Clearinghouse
which allows defining slice members (as the GENI Clearinghouse does).
* This is not a change for Omni users who configured Omni using the `omni-configure` script,
which already forced that setting to true.
* The old `--useSliceMembers` option is deprecated and will be
removed in a future release.
* Added new option `--noSliceMembers` to over-ride that default and tell Omni
to ignore any slice members defined at the Clearinghouse.
* You may also set `useslicemembers=False` in the `omni` section of
your `omni_config` to over-ride the `useSliceMembers` default of True.
* Honor the `useslicemembers` and `ignoreconfigusers` options in the `omni_config` (#671)
* Fix `get_member_email` e.g. from `listprojectmembers` for speaks-for. (#676)
* Fix nickname cache updating when temp and home directories are on
different disks - use `shutil.move`. (#646)
* Look for fallback `agg_nick_cache` in correct location (#662)
* Use relative imports in `speaksfor_util` if possible. (#657)
* Fix URL to URN lookups to better handle names that differ by a prefix. (#683)
* Increase the sleep between busy SSL call retries from 15 to 20 seconds. (#697)
* Rename `addAliases.sh` to `addAliases.command` for Mac install. (#647)
* Add new section `omni_defaults` to the Omni config file. (#713)
* This should set system defaults. Where these overlap in meaning with other
omni_config or commandline options, let those take precedence.
* Allow these `omni_defaults` to be specified in the `agg_nick_cache`. These
are read before those in the per-user omni config. If a default is set
in the `agg_nick_cache`, that takes precedence over any value in
the user's `omni_config`: if a user should be able to over-ride the
default, use a different omni config setting (not in `omni_defaults`), or
use a command line option.
* Stitcher uses this for the SCS URL.
* Allow FOAM/AL2S AMs to submit sliver URNs that are the slice URN with an ID
appended.
* This works around known bug http://groups.geni.net/geni/ticket/1294. (#719)
* Work around malformed ION sliver URNs: (#722)
* Allow submitting URNs that use the slice authority as the sliver authority.
* If the sliver urn reported by sliverstatus is malformed, replace it
with the proper URN as the manifest returns, so sliver_info reporting
works without even deleting the existing entry.
* See http://groups.geni.net/geni/ticket/1292
* Quiet down some debug logs when printing SSH keys and when talking to CHAPI. (#727)
* Stitcher
* Stitcher can now process any multi aggregate bound request. Any request
with multiple nodes bound to multiple aggregates can be handled directly by stitcher,
with stitcher calling `createsliver` on each aggregate. Only bound requests
can be handled though. (#670)
* Combined manifest is now named: `<slicename>-manifest-rspec-multiam-combined.xml`
* Added new option `--useSCSSugg` to always use VLAN tags picked
by the SCS, not letting the AM pick. (#675)
* Refactor the picking 'any' VLAN tag code into another method,
and print the INFO message only once. (#705)
* Add new option `--includehoponpath <hop> <path>` for requiring
a particular hop only on a particular path, not all paths. (#654)
* If you have multiple ExoGENI AMs in your request, you must submit
the request to the ExoSM. Automatically do this. (#689)
* If multiple aggregates claim to be the ExoSM (due to `--useExoSM` or the above
work), then merge these together so we only call the ExoSM once. (#688)
* When doing so, merge `dependsOn` and `isDependencyFor`. (#734)
* If a link only includes aggregates whose name contains 'exogeni',
then don't mark the RSpec as needing the SCS. We can use ExoGENI stitching.
However, if you supply the new option `--noEGStitching` then call the
SCS anyhow to try to use GENI stitching (which may cause stitcher to fail
if the SCS does not know of a GENI stitching path between the aggregates).
Mixing links between ExoGENI AMs and stitched links involving non-ExoGENI AMs
remains problematic therefore, as the SCS will fail if it can't find
every path requested. (#692)
* Help experimenters avoid links that unexpectedly expire, and avoid
links that continue past the expiration of compute nodes. (#577)
* Improved reporting of actual sliver expirations when the run is complete.
* Set the desired sliver expiration in the request RSpec based on
current (September, 2014) aggregate policies. InstaGENI and ION/MAX
aggregates (at least) honor this request. In practice this means
that many requests will all expire at the same time.
* Note that some Utah aggregates' policy limits new slivers to 5 days, so
many circuits will all expire in 5 days. Renew your reservation if needed.
* New aggregate types or new local aggregate policies will require changes
to the code.
* "`Insufficient rights`" error is fatal at SFA AMs. (#677)
* "`Malformed arguments: *** verifygenicred`" is fatal at PG AMs.
Perhaps the slice needs to be renewed? (#691)
* "`Malformed rspec`" error is fatal at SFA AMs. (#693)
* `Duplicate node`" is fatal at PG/IG (2 nodes same `client_id`). (#701)
* Avoid requesting VLAN tag 'any' at OESS and DCN AMs. (#644)
* Be sure to avoid requesting 'any' from AMs that do not support it.
Copy the `isOESS` attribute across SCS calls. (#681)
* In `devmode`, keep going if request RSpec is of wrong schema. (#673)
* Always allow a request RSpec of either PGv2 or GENIv3. (#673)
* Use relative imports in `scs` if possible. (#658)
* Loop over all links when adding `component_manager` and `property`
elements, rather than exit on first. (#680)
* If a DCN AM reports insufficent bandwidth in sliverstatus, fail. (#653)
* Handle an OESS VLAN unavailable error. (#696)
* Check the `-a` arguments for RSpecs bound to a single AM (as
above, determined by `component_manager_id` on nodes). (#687)
* Fill it in if missing.
* Warn if it is more than one AM or differs from what the RSpec specifies.
* Fix up combining manifests: (#612)
* Fix bug in finding links to avoid adding stitching links as regular links.
* Combine all top-level attributes so all namespaces are declared.
* Handle odd namespace for `schemaLocation`. (#703)
* Basic support for 2 rspecs with the same node client_id on different AMs. (#700)
* Merge in any non node/link/stitching top level elements in the combined manifest. (#699)
* Fix up detection of error codes, specifically when looking at
`value` in return triple. (#702)
* If a VLAN was unavailable and another AM picked the tag and full negotiation
is required, for now fail to the SCS to handle it - even for user requested
aggregates. (#708)
* Catch errors XMLifying RSpecs - errors can happen from malformed requests. (#709)
* When printing errors, print `nodeName` of the element, not `name`. (#723)
* "`No stitching path`" is fatal at PG. (#710)
* Avoid treating `value` as a string - it is usually an int. (#711)
* Set SCS URL from the omni_config entry under `omni_defaults` named `scs_url`
if present, but over-ride that with any commandline value for `--scsURL`.
This allows changing the default SCS location without updating Omni. (#713)
* "`such a short life for a sliver`" is fatal at PG. (#714)
* "`Error encountered converting RSpec to NDL`" is fatal at EG. (#715)
* "`Embedding workflow ERROR` is fatal at EG. (#716)
* Fix copying attributes for later tries when the URN changed,
like switching from an EG rack to the ExoSM. (#718)
* This bug causes requesting VLAN `any` from EG AMs.
* For OESS/AL2S AM: Force a call to `sliverstatus` after reservations,
so slivers are reported to the Clearinghouse. Works around
known AL2S issue http://groups.geni.net/geni/ticket/1295. (#717)
* Re-calculate ready aggregates when launcher catches an error. (#720)
* ProtoGENI needs the available ranges to all exclude any failed tags
at all hops at the AM or that face the AM. In particular when a DCN aggregate
gives a VLAN PCE error. Work around this shortcoming. (#721)
* Generic `Exception` from OESS is fatal. (#728)
* If an upstream AM picked a tag that is unavailable locally: (#725)
* Mark local unavailable tags as unavailable upstream.
* Check all hops to make such corrections, and then retry at the SCS.
* Exclude local unavailable tags from the upstream request range, bail to the SCS,
* Before doing allocations, check hops that do not import VLANs for errors:
* Range requested must exclude unavailable tags.
* Hops that import from this hop must have their tags marked unavailable here,
and the tag range here must exclude tags marked unavailable there.
* Bug fix in this logic to handle hops at AMs that don't support 'any'. (#732)
* Fix regular expression for finding circuit IDs in sliver URNs to handle more variety.
* Rework logic for when a hop that imports vlans means we cannot
redo the request locally (#726)
* Logic comparing the hop to failedHop was buggy, causing the code
to try to handle locally cases that cannot be handled locally.
(Like a VLAN unavailable at AL2S.)
* Make sure the local hop's unavailable tags includes any failed tag.
* Make sure the hop this imports from's unavailable tags includes the failed
tag.
* AL2S style failure where no specific hop failed and hops import is still a case we
cannot redo locally.
* The tag selected on such hops should be marked unavailable where we
import from.
* Handle new VLAN unavailable error message from OESS. (#729)
* And properly parse it. (#737)
* Handle malformed status from ION where 1 circuit failed but overall status is ready. (#731)
* When editing down the available range, exit if the range is now empty. (#733)
* Exit from launcher if 0 ready aggregates but not done - that's a bug. (#735)
* Ensure `inProcess` is false when we retry. (#736)
* Clarify some error messages: (#741)
* `Topology too complex` means we need to go to the SCS to find a VLAN, but will retry.
* ExoGENI `Embedding workflow ERROR` can mean no more VLAN tags.
* When reading an alternate URL using the agg_nick_cache, use the proper URL not the
version without the http/https prefix used for matching. (#740)
* Exit if an EG AM is in maintenance (#742)
* readyToLogin
* Handle when omni switches AM API version number (#643)
* Remove defunct code (#666)
* Remove reliance on 'pg_manifest' field of !SliverStatus return. Leave fallback code for now. (#665)
* Replace `--noFallbackToStatusForPG` with `--fallbackToStatusForPG` with the opposite meaning (#393)
* Handle the same client_ids at different aggregates (#669)
* Handle errors from AMs getting the manifest using APIv3. (#707)
* Better error detection.
* Also, use cached !GetVersion information if available.
* remote-execute
* Allow `--host` to be specified multiple times (#668)
* clear-passphrases
* Use SFA libraries to remove passphrases, removing reliance on OpenSSL binary.
Better error handling and cleaner log messages.
Use `oscript` for config file loading. (#664)
* gcf
* Return `geni-expires` from the AM API v2 AM. (#679)
gcf 2.6:
* Omni
* New function `removeslicemember <slice> <username>`:
Remove the user with the given username from the named slice. (#515)
* Add functions `listprojects` to list your projects, and `listprojectmembers`
to list the members of a project and their role in the project and
email address. (#495)
* Include `addMemberToSliceAndSlivers` in Windows and Mac binaries (#585)
* Include `remote-execute` in Mac binaries (#601)
* Record FOAM reservations at the clearinghouse when using the
`chapi` framework, by using fake sliver URNs. (#574)
* `listslicemembers` honors the `-o` option to save results to a
file, and `--tostdout` to instead go to STDOUT. (#489)
* `listslivers` honors the `-o` option to save results to a file,
and `--tostdout` to instead go to STDOUT. (#488)
* `get_ch_version`, `listaggregates`, `listslices`, `listmyslices`,
`listkeys`, `listmykeys`, `listimages`, and `nicknames`
honor the `-o` option to save results to a file,
and `--tostdout` to instead go to STDOUT. (#371)
* `listkeys` return is a list of structs of ('`public_key`',
'`private_key`'), where `private_key` is omitted for most
frameworks and most cases where not available. (#600)
* Added `print_sliver_expirations` to print the expirations of your
slivers at requested aggregates. Also print sliver expirations from
`sliverstatus`, `listresources` and `createsliver` calls. (#465, #564, #571)
* Added new utilities in `handler_utils` to extract sliver
expiration from the manifest and sliverstatus.
* Clean up console log messages. (#623)
* Retry on AM busy message two more times, sleeping 15 seconds instead
of 10. (#624,#635)
* Restore printing of non-standard options used in command summary. (#625)
* Help specifies defaults for more options. (#626)
* Mac install clears old `omni.py` and similar aliases (#556)
* Fix `get_cert_keyid` to get the key id from the certificate (#573)
* `renewslice` properly warns if your new expiration is not what you
requested (#575)
* rspec_util utility takes optional logger (#612)
* Add support for talking to SA/MA that speak Federation API v2.
To use the v2 APIs, add to your `omni_config`: `speakv2=true`. (#613)
* Ensure manifest from `createsliver` is printed prettily.
`getPrettyRSpec` takes a flag on whether it does pretty
printing, default True. Do not do pretty printing on most
Ads, and some manifests. Uses less memory. (#610)
* Clean up error getting slice credential for unknown slice from
`chapi` clearinghouses. (#538)
* Clarify error messages in `delegateSliceCred`. (#619)
* Harden update of `agg_nick_cache` to avoid replacing a good cache
with one that was empty or incomplete on download. (#631)
* Document creating an alias for `addMemberToSliceAndSlivers`
in `INSTALL.txt`. (#632)
* Avoid error doing `listprojects` when user has none. (#637)
* More use of `os.path.join`, `os.sep`, `os.normpath` for Windows support (#639)
* Ensure SFA libraries look for the temp dir in `TMP` as well as `TEMPDIR`, and try to create
the directory if it doesn't exist. (#560)
* stitcher
* Where possible, request that the AM pick the VLAN tag,
by requesting 'any'. Therefore, many fewer VLAN unavailable
errors. This only works at AMs that are VLAN producers or
per the SCS do not depend on other AMs. This does not currently work at
ExoGENI or GRAM-based AMs. (#576,#604)
* Put the list of AMs used by the stitched slice in `~/.gcf`, not
the current directory. So you can be in a different directory later
to find it. (#462)
* Added new option `--fileDir`. If provided, all stitcher files go in this directory,
and not the `/tmp` and `~/.gcf`
and current working directory otherwise used. This prefix also modifies
the value from `--prefix`, so other output files are written to this directory.
Therefore 2 stitcher instances can run in parallel. (#588)
* Be sure to manipulate directories as absolute paths, so '.' works. (#629)
* Test to ensure fileDir is a writable directory. (#633)
* Support GRE links (instead of or in addition to stitched links). (#562)
* Clean up logging: console log messages are cleaner and fewer.
Stitcher produces a debug-level log file named `stitcher.log`
suitable for use in reporting problems. (#450)
* Ensure log config file is found when running from other directories. (#628)
* When the logging.conf file cannot be read (e.g. in Windows and Mac
binary archives), try `pkg_utils`. Else, read a default configuration
from a python constant. (#641)
* Remove the MTU bug as a known issue, since it is fixed. (#555)
* On an `INSUFFICIENT_BANDWIDTH` error, try excluding this AM, and
advise the user to try less bandwidth. (#579)
* Fix handling of ProtoGENI error messages and codes to reflect new
use of VLAN_UNAVAILABLE and other error codes. (#602)
* Add support for stitching schema v2: change schema versions to
make AM happy as needed, find VLAN tags in the openflowl2sc
capabilityDescriptor OR the l2sc descriptor (not both). Also added
new option `--savedSCSResults` for running from saved SCS
results. (#578)
* At run end, print sliver expiration times for each AM, and warn if there are
differences across AMs. (#572)
* Exit if any nodes are unbound in the request. (#614)
* Pass the usual `verbosessl` option to create the SCS client,
allowing verbose logging of SSL connections to the SCS. (#557)
* New range to pick a tag from must be limited by the available
tags on other hops on the same path if they don't translate.
Avoid picking a tag on one hop and copying it to another
where it is illegal. (#558)
* Make "Adding aggregate option" messages debug level (#584)
* At PG/IG, `Need node id for links` is fatal (#583)
* Request from the SCS the merged paths workflow, although we
do not use it, as this forces SCS to detect workflow loops. (#580)
* Clearer error messages when there are no more VLANs for stitcher
to try. (#561)
* Global IDs are per DCN AM, so record them on the hop not the path,
to avoid misleading warnings on paths that cross 2 DCN AMs (like
MAX and ION). (#582)
* Support producing integrated manifest RSpec when using a GRAM-based AM. (#605)
* `no edge hop` message at ProtoGENI AMs is fatal. (#611)
* `--noReservation` exits with code `0`. (#609)
* `Error in building the dependency tree, probably not available
vlan path` at EG means the VLAN is unavailable. (#606)
* `Edge iface mismatch when stitching` is fatal at PG AMs. (#615)
* Turn down some ExoGENI only harmless messages. (#321)
* Honor `--tostdout`, `--prefix`, and `--outputfile` in
controlling where expanded request RSpecs are written
when using `--noReservation`. (#608)
* Pause between calls to the SCS the full 600 seconds only if we tried
a reservation at a DCN AM - not just if any AM in the topology is a DCN AM. (#351)
* On `VLAN PCE` error from a DCN AM, if we had asked for 'any' from the endpoints,
then re-request asking for a different tag. Note that this still fails
due to an IG bug. (#622)
* Exit if the request RSpec requires an aggregate for which the URL
is unknown. (#630)
* When reserving at a DCN AM, if the expiration is after the slice expiration
(a bug - ggw#1258), renew at the AM back to the slice expiration. (#638)
* More use of `os.path.join`, `os.sep`, `os.normpath` for Windows support (#639)
* If CWD is not writable and `fileDir` isn't already set, set `fileDir` to
a writable temporary directory to hold stitcher output. (#642)
* omni-configure
* Support iMinds PG instance, and fix error message on unsupported
PG SA (#597)
* readyToLogin
* Handle malformed sliver status (#599)
* Be robust to malformed EG manifest missing 'state' attribute. (#636)
* gcf
* Support for `geni_extend_alap` option in renew on GCF AMv2 and AMv3 (#414)
* Support for `geni_am_type` and `geni_am_code` in GCF AMv3 (#568)
* Fix gcf-test to work with AM API v3 again. (#616)
* acceptance
* Use your GENI Clearinghouse and Portal account for acceptance testing, not pgeni.
And use resources from utahddc, not the GPO PL nodes. (#617)
* Document scripts `am_api_accept_scaling.py` and `am_api_accept_nagios.py`. (#618)
gcf 2.5.3:
* omni-configure:
* Clean up output and function of `omni-configure` (#436)
* Made `omni-configure` easier to use in cases where you are
recreating an omni_config.
To reconfigure an existing config and overwrite any relevant
files try:
`omni-configure --replace-all`
* Refactored code for easier maintenance
* `omni-configure` now records files that it writes in a new
section of the omni_config
* New option `--clean` will delete many files generated by
`omni-configure`
* New option `--replace-all` will act as if the user answered
"yes" when asked whether to replace an existing file with a
new one
* Look for a portal omni bundle file named `omni.bundle` first
before looking for `omni-bundle.zip`
* omni
* Can now parse omni-configure sections of omni_config. (#436)
gcf 2.5.2:
* Update the OpenSSL version used in the Windows package to 1.0.1g,
avoiding the heartbleed vulnerability. (#594)
* Update various packages in Windows and Mac binaries to be
consistent versions. (#595)
gcf 2.5.1:
* Update licenses file for Windows and Mac Omni packages (#552)
gcf 2.5:
* Released Windows and Mac OS X packages of the Omni experimenter
utilities. (Developer gcf components are not included.)
* Omni adds the ability to contact clearinghouses that speak the
Uniform Federation API using framework type `chapi`
* When using the new `chapi` framework allow a `--useSliceAggregates`
option to specify that the aggregate action should be taken at all
aggregates at which you have resources in this slice. (#507)
* Added new options to allow installing SSH keys of all slice members
when using the new `chapi` framework. (#491, #278)
* Refactored the source code to make it easier to import Omni in
other tools. Look in `src/gcf` for directories that were
previously directly under `src`. (#388) Thanks to Nick Bastin.
* Added utilities for creating and processing 'Speaks For'
credentials (which Omni can pass along to aggregates and to Uniform
Federation API clearinghouses).
* Timeout Omni calls to servers after 6 minutes (controlled by `--ssltimeout`)
* Stitcher adds an option to force use of the ExoSM for EG resources.
* Stitcher saves the manifest RSpec to a file by default.
* Stitcher fills in capacity on your links where it is missing
(amount is configurable)
* Stitcher adds the ability to query the Stitching Service for a list of
stitchable aggregates.
* omni
- Add a new framework type `chapi` for talking the Uniform Federation API
(http://groups.geni.net/geni/wiki/UniformClearinghouseAPI)
to compliant clearinghouses (e.g. GENI Clearinghouse). (#345, #440)
- See `omni_config.sample` for config options required
- To upgrade a `pgch` config for `ch.geni.net` to a `chapi` config:
- Change `type = pgch` to `type = chapi`
- Change `ch = https://ch.geni.net...` to:
{{{
ch=https://ch.geni.net:8444/CH
ma=https://ch.geni.net/MA
sa=https://ch.geni.net/SA
}}}
Included in this change:
- When creating or renewing or deleting slivers, tell the Slice Authority.
This allows the SA to know (non-authoritatively) where your slice
has resources. (#439)
- New function `listslivers <slice>`: lists the slivers reported to
the slice authority in the given slice, by aggregate (with
the sliver expirations). Note that this information is not
authoritative - contact the aggregates if you want to be sure
not to miss any reservations.
- New function `listslicemembers <slice>`: lists the members of
the given slice, with their email and registered SSH public
keys (if any) and role in the slice. (#421, #431, #278)
- New function `addslicemember <slice> <username> [optional: role]`:
Adds the user with the given username to the named slice,
with the given role (or `MEMBER` by default). Note this
does not change what SSH keys are installed on any existing
slivers. (#422, #513)
- Support `geni_extend_alap` with new `--alap` option, allowing you to
request that slivers be renewed as long as possible, if your
requested time is not permitted by local AM policy. (#415)
- When using the new `chapi` framework allow a `--useSliceAggregates`
option to specify that the aggregate action should be taken at all
aggregates at which you have resources in this slice. (#507)
- Any `-a` aggregates are extra.
- At other frameworks, this is ignored.
- This option is ignored for commands like `createsliver`,
`allocate`, `provision`, and `getversion`.
- Added new option `--noExtraCHCalls` to disable calls to the
clearinghouse to report slivers, query for slivers, or query
a list of aggregates; explicit CH calls and retrieving credentials
is not effected. (#514)
- Added new options controlling what SSH keys are installed on
compute resources. Default behavior is unchanged. These options
control what users are created and SSH keys installed in new
slivers from `createsliver` or `provision`, or when you update
the installed users and keys using
`performoperationalaction <slice> geni_update_users`.
If you supply the new option `--useSliceMembers` and your
clearinghouse supports listing slice members (i.e. the new `chapi`
type), then Omni will fetch the members of your slice from the
clearinghouse and their public SSH keys, and send those to the
aggregate to install on new compute resources. (#278, #441)
By default, Omni will ''also'' read the users and SSH keys
configured in your `omni_config` as usual, ''adding'' those users
and keys to the set downloaded from the clearinghouse, if any.
You can skip reading the `omni_config` keys by supplying the new option
`--ignoreConfigUsers`.
As before, `performoperationalaction` allows you to specify a file
containing options with the `--optionsfile` option. If that file
specifies the `geni_users` option, then that is the only set of
users and keys that is supplied with `performoperationalaction`.
However, if you do not supply the `geni_users` option from a file,
Omni uses the same logic as for `createsliver`, optionally
querying your clearinghouse for slice members, and by default
reading users and keys configured in your `omni_config`. (#491)
- If set, `GENI_FRAMEWORK` environment variable is the default for
the `--framework` option (#315). Thanks to Nick Bastin.
- If set, `GENI_USERCRED` and `GENI_SLICECRED` environment variables
set the default path to your saved user and slice credentials
(#434) Thanks to Nick Bastin.
- Handle `~` in `usercredfile` and `slicecredfile` (#455) Thanks to
Nick Bastin.
- Support querying for other users' SSH keys where the CH supports it (#472)
- Allow nicknames or URLs in the aggregates list in `omni_config` (#476)
- Allow `PerformOperationalAction` on v2 AMs (#412)
- Renew Slice returns actual new expiration (checks the SA, not just
assuming success means you got what you asked for) (#428, #447)
- Add a 360 second timeout on AM and CH calls. Option `--ssltimeout`
allows changing this. (#407)
- If Omni hangs talking to a server you believe is up, try
specifying `--ssltimeout 0` to disable the timeout. Some servers
cannot handle the timeout request. (See ticket #506)
- Note this timeout does not work on old versions of python2.6 due
to a known python bug: http://bugs.python.org/issue5103
- Speed up `listaggregates` in `pgch` framework (don't test AM API
compliance) (#482)
- Refactored the source code to make it easier to import Omni in
other tools. Look in `src/gcf` for directories that were
previously directly under `src`. (#388) Thanks to Nick Bastin.
- Your Omni based tool no longer needs to include any of the top
level scripts that Omni/GCF includes, nor to provide the existing
Omni `main`.
- Most of the code in `omni.py` has now been moved to
`gcf/oscript.py`
- To update your script that uses omni as a library:
- Change `import omni` to `import gcf.oscript as omni`
- Avoid sending options to `getversion` if there are none, to support querying v1 AMs (#375)
- Fix passing speaksfor and other options to `createsliver`, `renewsliver` (#377)
- `renewslice` when given a slice credential replaces the saved
slice credential in place, rather than in a new filename. (#386)
- Create any directories needed in the path to the `agg_nick_cache` (#383)
- If using `--AggNickCacheName` and can't read/write to the specified
file, omni should fall back to reading `agg_nick_cache.base` (#384)
- Look up AM URN by URL in the defined aggregate nicknames (#404)
- Support named timezones when renewing, etc (#503)
- Eliminated a repetitive log message (#384, #385)
- Fix bug in APIv3 calling status with slivers with different
expiration times (#408)
- Fit Omni result summaries in 80 character wide terminals (#409)
- `ForceUseAggNickCache` avoids fetching new cache even if the agg
nick cache is old (#391)
- SFA slice and user records changed: keys and slices moved (#429)
- Fix bug in handling errors in `listimages` and `deleteimage` (#437)
- Support unicode urns (#448)
- Return any error message from a CH on `getusercred` (#452)
- Return error on SA error in `listslices` (#456)
- Omni `cred_util.py` uses an omni logger (#460)
- URN testing requires 4 `+` separated pieces (#483)
- Log at debug when downloading the aggregate nickname cache fails (#485)
- `chapi` framework looks up the MA and SA at the clearinghouse,
though you can configure where they run. (#490)
- Warn when acting at all AMs in the clearinghouse - slow (#461)
- Speaks for option that Omni passes to aggregates has been renamed
`geni_speaking_for` (#466)
- Show the AM nickname instead of URL in output (#424, #504)
- Properly parse the verbose config option and let the commandline
`--verbosessl` over-ride it talking to clearinghouses. (#509)
- Ensure `geni_version` on credential structs is a string.
Fix bug in `get_cred_type` and correct for a chapi bug. (#516)
- Notice invalid slice and member names earlier and suppress ugly
tracebacks on most `chapi` framework errors. (#517)
- Support AM API draft proposal O1 and allow '.' and '_' in sliver
names, and do not complain or stop needlessly on illegal sliver
names. (#518)
- Catch parse errors when determining credential type (#521)
- Using `chapi` framework, expired slice expirations are printed (#523)
- When doing `renewsliver --alap`, if the real expiration is not in
the `output` slot, call `sliverstatus` to get it. (#527)
- Bail early from `createsliver` or `createimage` if the user
didn't specify exactly one aggregate. (#395)
- Update copyrights to 2014 (#463, #426)
- Handle non string rspec when printing RSpec (#445)
- Allow `--optionsfile` with `createimage`, `deleteimage`, and
`listimages`. (#532)
- Allow underscore in generated clean filenames (#533)
- Handle `createslice` errors at the GENI Clearinghouse that might
be due to having the wrong case, now the project and slice names
are case sensitive. (#535)
- Trim trailing newlines before installing SSH keys (#537)
- Explicitly import framework files in `oscript.py` to support
Windows and Mac binaries. (#542)
- Fix wording and licenses for Windows and Mac binaries (#541)
* stitcher
- Completely parse workflows 3+ hops deep (#432)
- Retry if SFA AM gives error indicating a new project (#433)
- scs.py supports monitoring style invocation. Invoke scs.py directly.
`--monitoring` suppresses some output, and `--scs_url` changes the SCS URL.
Return 0 if SCS is up, 1 on error. (#394)
- Fix call to delete reservation at an EG AM on allocate error (#406)
- Handle empty range of VLANs in VLANRange (#471)
- Report per sliver errors at DCN AMs (#481)
- Fix circular imports in `RSpecParser` and `objects` (#459)
- Add option `--useExoSM` to force use of the ExoSM for EG racks,
where possible. Use this if you are reserving bare metal nodes. (#496)
- Change filenames to not use bad characters to support Windows (#497)
- `Could not verify topo` is fatal at PG AMs (#470)
- `Hostname > 63 characters` is fatal at PG AMs (#475)
- `Inconsistent ifacemap` is fatal at PG AMs (#477)
- `Duplicate link` is fatal at PG AMs (#479)
- `Must delete existing` is fatal at PG AMs (#438)
- Ensure we have an error message when a DCN reservation failed to
become ready and we have no circuitIDs. (#480)
- Save the result manifest RSpec to a file always (not to log)
unless the user specified `--tostdout` explicitly (#498)
- Show the AM nickname in addition to URL in output (#424)
- Suppress some useless log messages (#499)
- New option to the SCS main `--listaggregates` to list the
aggregates known to the SCS. (#501)
- Treat another PG error message as meaning the VLAN is
unavailable. (#285)
- `CreateSliver: Existing record` is fatal at DCN aggregates (#438)
- Note known issues in README-stitching (#469)
- Added option `--defaultCapacity` to specify the default capacity
to fill in on stitchable links that do not specify a capacity.
At some aggregates, you must explicitly specify a capacity for
stitching to work. Stitcher now ensures that all your stitchable
links have an explicit capacity. (#464)
- Works around issues http://groups.geni.net/geni/ticket/1039 and
http://groups.geni.net/geni/ticket/1101
- Only add fake interface to a link for `--fixedEndpoint` option if
there is only 1 interface on the link. (#392)
- New option `--noReservation` to just get the expanded request
RSpec, and not actually talk to the aggregates. (#505)
- Be robust to SCS workflow having a fake all_paths path (#511)
- When adding a fake node, only do so if there are only interfaces
from a single AM - multiple interfaces at one AM counts as needing
the fake one. Similarly, when adding capacity on property elements,
set the destination based on an interface at a different aggregate. (#512)
- Stop changing AM URL based on getversion Ad (breaks if AM lists wrong
URL, as was happening). (#528)
- Error from DCN AM is fatal: 'Login base must be specified'. (#529)
- Avoid duplicating ExoSM in list of AMs when using `--useExoSM` (#530)
- Major rewrite of code to handle an unavailable VLAN tag (#486)
- Do not allow picking a tag already picked by same interface
on a different path
- Complain and bail if we run out of tags to pick from
- Distinguish between tags that are available and tags to pick from
- Cleaner error messages
- For PG AMs (if we can tell), avoid using the same tag anywhere at
the AM (except on the same path). (#355)
- Allow underscore in project names to generate different saved slice
credential files, so 2 slices aren't confused. (#533)
- A `Malformed keys` error is fatal, so stop. (#537)
- "Signer certificate does not have a URL" is a fatal error. (#539)
- Clarify error logs to be clear if it was a VLAN unavailable error,
aggregate error, or stitcher error, and if there is something
specific the experimenter should do to fix it. (#540)
- Internal API errors at DCN AMs are fatal (#546)
- Avoid DCN AMs as the basis for the combined manifest,
to avoid namespace problems in DCN manifests. (#549)
- Try to handle a failed status that means vlan unavail in OSCARS (#547)
* gcf
- AM API v2 GCF AM now has a local policy limiting renewals to
MAXLEASE days, set to 365. If `geni_extend_alap` is supplied, then
renew any slivers as long as possible, reporting the new expiration. (#414)
- Ensure that manifests include `client_id`, `component_id`,
`component_manager_id`, and `sliver_id`. Also ensure that the sliver
IDs are consistent with `sliverstatus` and between calls. Also clean
up manifest formatting. (#484)
- AM API v3 GCF AM must respect the `gcf_config` name of the AM authority (#487)
- Add support for ABAC speaks for credentials to libraries,
aggregates (#413)
- Support named timezones when renewing, etc (#503)
* acceptance tests
- `get_ch_version` should return an `int` for `api`, not a `float` (#449)
* omni-configure
- Added Kentucky as a CH/SA authority (#453)
- Add support for speaking the common Clearinghouse API (CH API) to
the GENI Clearinghouse/Portal. Use `--not-use-chapi` to get the old behavior. (#519)
* readyToLogin.py
- Add support for v2 GRAM (#444)
- Fix error with called immediately after `createsliver` (#399)
- Make work with `--useSliceAggregates` (#534)
- Avoid errors when reservations include SFA AMs with no nodes. (#536)
* Added new script `examples/addMemberToSliceAndSlivers` (#508)
- Given a slice and a username, add the user to the slice and then
add their Clearinghouse registered SSH keys to all existing slivers.
gcf 2.4.2:
v2.4.2 contains changes to support running omni on Windows.
* omni
- On Windows, fix bug in construction of urls from
`default_rspec_location` (#401)
* readyToLogin.py
- Better handle whitespaces between users' keys specified in the
omni_config (#396)
* omni-configure.py
- Remove dependences on outside call to `ssh-keygen` (#400)
- Set the default location of the `omni-bundle.zip` specified with the
`-z` option on Windows XP (#402)
- Fix bug that caused `.gcf` directory to not get created on Windows
(#403)
* acceptance tests
- Use crossplatform `getpass` module instead of UNIX-only `pwd`
modules in omni_unittest.py (#397)
gcf 2.4.1:
* Modify readyToLogin.py to work with new login info in InstaGENI
manifests (#389)
gcf 2.4:
* omni
- Add nicknames for RSpecs; includes ability to specify a default
location. See the sample omni_config for details. (#265,#360,#361)
- Make `allocate` accept rspecs loaded from a url (#287)
- New command `nicknames` lists the known aggregate and rspec nicknames (#146)