2 from __future__ import with_statement
4 # sfi -- slice-based facility interface
9 from optparse import OptionParser
10 from geni.util.cert import Keypair, Certificate
11 from geni.util.credential import Credential
12 from geni.util.geniclient import GeniClient, ServerException
13 from geni.util.gid import create_uuid
14 from geni.util.record import GeniRecord
15 from geni.util.rspec import Rspec
16 from types import StringTypes, ListType
18 sfi_dir = os.path.expanduser("~/.sfi/")
26 # Establish Connection to SliceMgr and Registry Servers
28 def set_servers(options):
35 if (options.sm is not None):
37 elif ("SFI_SM" in os.environ):
38 sm_url = os.environ["SFI_SM"]
40 print "No Known Slice Manager"
44 if (options.registry is not None):
45 reg_url = options.registry
46 elif ("SFI_REGISTRY" in os.environ):
47 reg_url = os.environ["SFI_REGISTRY"]
49 print "No Known Registry Server"
53 print "Contacting Slice Manager at:", sm_url
54 print "Contacting Registry at:", reg_url
57 if (options.user is not None):
59 elif ("SFI_USER" in os.environ):
60 user = os.environ["SFI_USER"]
62 print "No Known User Name"
66 if (options.auth is not None):
67 authority = options.auth
68 elif ("SFI_AUTH" in os.environ):
69 authority = os.environ["SFI_AUTH"]
73 # Get key and certificate
74 key_file = get_key_file()
75 cert_file = get_cert_file(key_file)
77 # Establish connection to server(s)
78 slicemgr = GeniClient(sm_url, key_file, cert_file)
79 registry = GeniClient(reg_url, key_file, cert_file)
83 # Get various credential and spec files
85 # Establishes limiting conventions
86 # - conflates MAs and SAs
87 # - assumes last token in slice name is unique
89 # Bootstraps credentials
90 # - bootstrap user credential from self-signed certificate
91 # - bootstrap authority credential from user credential
92 # - bootstrap slice credential from user credential
96 parts = name.split(".")
100 file = os.path.join(sfi_dir, get_leaf(user) + ".pkey")
101 if (os.path.isfile(file)):
104 print "Key file", file, "does not exist"
108 def get_cert_file(key_file):
111 file = os.path.join(sfi_dir, get_leaf(user) + ".cert")
112 if (os.path.isfile(file)):
115 k = Keypair(filename = key_file)
116 cert = Certificate(subject=user)
118 cert.set_issuer(k, user)
121 print "Writing self-signed certificate to", file
122 cert.save_to_file(file)
128 file = os.path.join(sfi_dir, get_leaf(user) + ".cred")
129 if (os.path.isfile(file)):
130 user_cred = Credential(filename=file)
133 # bootstrap user credential
134 user_cred = registry.get_credential(None, "user", user)
136 user_cred.save_to_file(file, save_parents=True)
138 print "Writing user credential to", file
141 print "Failed to get user credential"
148 print "no authority specified. Use -a or set SF_AUTH"
151 file = os.path.join(sfi_dir, get_leaf("authority") +".cred")
152 if (os.path.isfile(file)):
153 auth_cred = Credential(filename=file)
156 # bootstrap authority credential from user credential
157 user_cred = get_user_cred()
158 auth_cred = registry.get_credential(user_cred, "sa", authority)
160 auth_cred.save_to_file(file, save_parents=True)
162 print "Writing authority credential to", file
165 print "Failed to get authority credential"
168 def get_slice_cred(name):
169 file = os.path.join(sfi_dir, "slice_" + get_leaf(name) + ".cred")
170 if (os.path.isfile(file)):
171 slice_cred = Credential(filename=file)
174 # bootstrap slice credential from user credential
175 user_cred = get_user_cred()
176 slice_cred = registry.get_credential(user_cred, "slice", name)
178 slice_cred.save_to_file(file, save_parents=True)
180 print "Writing slice credential to", file
183 print "Failed to get slice credential"
186 def get_rspec_file(rspec):
187 if (os.path.isabs(rspec)):
190 file = os.path.join(sfi_dir, rspec)
191 if (os.path.isfile(file)):
194 print "No such rspec file", rspec
197 def get_record_file(record):
198 if (os.path.isabs(record)):
201 file = os.path.join(sfi_dir, record)
202 if (os.path.isfile(file)):
205 print "No such registry record file", record
208 def load_publickey_string(fn):
210 key_string = f.read()
212 # if the filename is a private key file, then extract the public key
213 if "PRIVATE KEY" in key_string:
214 outfn = tempfile.mktemp()
215 cmd = "openssl rsa -in " + fn + " -pubout -outform PEM -out " + outfn
218 key_string = f.read()
224 # Generate sub-command parser
226 def create_cmd_parser(command, additional_cmdargs = None):
227 cmdargs = {"list": "name",
233 "resources": "[name]",
234 "create": "name rspec",
242 if additional_cmdargs:
243 cmdargs.update(additional_cmdargs)
245 if command not in cmdargs:
246 print "Invalid command\n"
248 for key in cmdargs.keys():
253 parser = OptionParser(usage="sfi [sfi_options] %s [options] %s" \
254 % (command, cmdargs[command]))
255 if command in ("resources"):
256 parser.add_option("-f", "--format", dest="format",type="choice",
257 help="display format (dns|ip|rspec)",default="rspec",
258 choices=("dns","ip","rspec"))
259 if command in ("list", "show", "remove"):
260 parser.add_option("-t", "--type", dest="type",type="choice",
261 help="type filter (user|slice|sa|ma|node|aggregate)",
262 choices=("user","slice","sa","ma","node","aggregate", "all"),
264 if command in ("show", "list", "resources"):
265 parser.add_option("-o", "--output", dest="file",
266 help="output XML to file", metavar="FILE", default=None)
267 if command in ("delegate"):
268 parser.add_option("-u", "--user",
269 action="store_true", dest="delegate_user", default=False,
270 help="delegate user credential")
271 parser.add_option("-s", "--slice", dest="delegate_slice",
272 help="delegate slice credential", metavar="HRN", default=None)
276 # Generate command line parser
277 parser = OptionParser(usage="sfi [options] command [command_options] [command_args]",
278 description="Commands: list,show,remove,add,update,nodes,slices,resources,create,delete,start,stop,reset")
279 parser.add_option("-r", "--registry", dest="registry",
280 help="root registry", metavar="URL", default=None)
281 parser.add_option("-s", "--slicemgr", dest="sm",
282 help="slice manager", metavar="URL", default=None)
283 parser.add_option("-d", "--dir", dest="dir",
284 help="working directory", metavar="PATH", default = sfi_dir)
285 parser.add_option("-u", "--user", dest="user",
286 help="user name", metavar="HRN", default=None)
287 parser.add_option("-a", "--auth", dest="auth",
288 help="authority name", metavar="HRN", default=None)
289 parser.add_option("-v", "--verbose",
290 action="store_true", dest="verbose", default=False,
292 parser.disable_interspersed_args()
296 def dispatch(command, cmd_opts, cmd_args):
297 globals()[command](cmd_opts, cmd_args)
300 # Main: parse arguments and dispatch to command
305 parser = create_parser()
306 (options, args) = parser.parse_args()
309 print "No command given. Use -h for help."
313 (cmd_opts, cmd_args) = create_cmd_parser(command).parse_args(args[1:])
314 verbose = options.verbose
316 print "Resgistry %s, sm %s, dir %s, user %s, auth %s" % (options.registry,
321 print "Command %s" %command
322 if command in ("resources"):
323 print "resources cmd_opts %s" %cmd_opts.format
324 elif command in ("list","show","remove"):
325 print "cmd_opts.type %s" %cmd_opts.type
326 print "cmd_args %s" %cmd_args
331 dispatch(command, cmd_opts, cmd_args)
333 print "Command not found:", command
339 # Following functions implement the commands
341 # Registry-related commands
344 # list entires in named authority registry
345 def list(opts, args):
347 user_cred = get_user_cred()
348 list = registry.list(user_cred, args[0])
349 # filter on person, slice, site, node, etc.
350 # THis really should be in the filter_records funct def comment...
351 list = filter_records(opts.type, list)
352 display_records(list)
354 save_records_to_file(opts.file, list)
357 # show named registry record
358 def show(opts, args):
360 user_cred = get_user_cred()
361 records = registry.resolve(user_cred, args[0])
362 records = filter_records(opts.type, records)
364 print "No record of type", opts.type
365 display_records(records, True)
367 save_records_to_file(opts.file, records)
370 def delegate(opts, args):
372 user_cred = get_user_cred()
373 if opts.delegate_user:
374 object_cred = user_cred
375 elif opts.delegate_slice:
376 object_cred = get_slice_cred(opts.delegate_slice)
378 print "Must specify either --user or --slice <hrn>"
381 # the gid and hrn of the object we are delegating
382 object_gid = object_cred.get_gid_object()
383 object_hrn = object_gid.get_hrn()
385 if not object_cred.get_delegate():
386 print "Error: Object credential", object_hrn, "does not have delegate bit set"
389 records = registry.resolve(user_cred, args[0])
390 records = filter_records("user", records)
393 print "Error: Didn't find a user record for", delegee_name
396 # the gid of the user who will be delegated too
397 delegee_gid = records[0].get_gid_object()
398 delegee_hrn = delegee_gid.get_hrn()
400 # the key and hrn of the user who will be delegating
401 user_key = Keypair(filename = get_key_file())
402 user_hrn = user_cred.get_gid_caller().get_hrn()
404 dcred = Credential(subject=object_hrn + " delegated to " + delegee_hrn)
405 dcred.set_gid_caller(delegee_gid)
406 dcred.set_gid_object(object_gid)
407 dcred.set_privileges(object_cred.get_privileges())
408 dcred.set_delegate(True)
409 dcred.set_pubkey(object_gid.get_pubkey())
410 dcred.set_issuer(user_key, user_hrn)
411 dcred.set_parent(object_cred)
415 if opts.delegate_user:
416 dest_fn = os.path.join(sfi_dir, get_leaf(delegee_hrn) + "_" + get_leaf(object_hrn) + ".cred")
417 elif opts.delegate_slice:
418 dest_fn = os.path_join(sfi_dir, get_leaf(delegee_hrn) + "_slice_" + get_leaf(object_hrn) + ".cred")
420 dcred.save_to_file(dest_fn, save_parents = True)
422 print "delegated credential for", object_hrn, "to", delegee_hrn, "and wrote to", dest_fn
424 # removed named registry record
425 # - have to first retrieve the record to be removed
426 def remove(opts, args):
428 auth_cred = get_auth_cred()
429 return registry.remove(auth_cred, opts.type, args[0])
431 # add named registry record
434 auth_cred = get_auth_cred()
435 rec_file = get_record_file(args[0])
436 record = load_record_from_file(rec_file)
438 # check and see if we need to create a gid for this record. The creator
439 # of the record signals this by filling in the create_gid, create_gid_hrn,
440 # and create_gid_key members.
441 # (note: we'd use an unsigned GID in the record instead, but pyOpenSSL is
442 # broken and has no way for us to get the key back out of the gid)
443 geni_info = record.get_geni_info()
444 if "create_gid" in geni_info:
445 key_string = geni_info["create_gid_key"].replace("|","\n") # XXX smbaker: the rspec kills newlines
446 gid = registry.create_gid(auth_cred, geni_info["create_gid_hrn"], create_uuid(), key_string)
449 del geni_info["create_gid"]
450 del geni_info["create_gid_hrn"]
451 del geni_info["create_gid_key"]
453 return registry.register(auth_cred, record)
455 # update named registry entry
456 def update(opts, args):
458 user_cred = get_user_cred()
459 rec_file = get_record_file(args[0])
460 record = load_record_from_file(rec_file)
461 if record.get_type() == "user":
462 if record.get_name() == user_cred.get_gid_object().get_hrn():
465 create = get_auth_cred()
466 elif record.get_type() in ["slice"]:
468 cred = get_slice_cred(record.get_name())
469 except ServerException, e:
470 if "PermissionError" in e.args[0]:
471 cred = get_auth_cred()
474 elif record.get_type() in ["sa", "ma", "node"]:
475 cred = get_auth_cred()
477 raise "unknown record type" + record.get_type()
478 return registry.update(cred, record)
481 # Slice-related commands
484 # list available nodes -- now use 'resources' w/ no argument instead
485 #def nodes(opts, args):
487 # user_cred = get_user_cred()
488 # if not opts.format:
491 # context = opts.format
492 # results = slicemgr.list_nodes(user_cred)
493 # if opts.format in ['rspec']:
494 # display_rspec(results)
496 # display_list(results)
497 # if (opts.file is not None):
498 # rspec = slicemgr.list_nodes(user_cred)
499 # save_rspec_to_file(rspec, opts.file)
502 # list instantiated slices
503 def slices(opts, args):
505 user_cred = get_user_cred()
506 results = slicemgr.get_slices(user_cred)
507 display_list(results)
510 # show rspec for named slice
511 def resources(opts, args):
514 slice_cred = get_slice_cred(args[0])
515 result = slicemgr.get_resources(slice_cred, args[0])
517 user_cred = get_user_cred()
518 result = slicemgr.get_resources(user_cred)
520 display_rspec(result, format)
521 if (opts.file is not None):
522 save_rspec_to_file(opts.file, result)
525 # created named slice with given rspec
526 def create(opts, args):
529 slice_cred = get_slice_cred(slice_hrn)
530 rspec_file = get_rspec_file(args[1])
531 with open(rspec_file) as f:
533 return slicemgr.create_slice(slice_cred, slice_hrn, rspec)
536 def delete(opts, args):
539 slice_cred = get_slice_cred(slice_hrn)
541 return slicemgr.delete_slice(slice_cred, slice_hrn)
544 def start(opts, args):
546 slice_cred = get_slice_cred(args[0])
547 return slicemgr.start_slice(slice_cred)
550 def stop(opts, args):
552 slice_cred = get_slice_cred(args[0])
553 return slicemgr.stop_slice(slice_cred)
556 def reset(opts, args):
558 slice_cred = get_slice_cred(args[0])
559 return slicemgr.reset_slice(slice_cred)
563 # Display, Save, and Filter RSpecs and Records
564 # - to be replace by EMF-generated routines
568 def display_rspec(rspec, format = 'rspec'):
569 if format in ['dns']:
571 spec.parseString(rspec)
573 nodespecs = spec.getDictsByTagName('NodeSpec')
574 for nodespec in nodespecs:
575 if nodespec.has_key('name') and nodespec['name']:
576 if isinstance(nodespec['name'], ListType):
577 hostnames.extend(nodespec['name'])
578 elif isinstance(nodespec['name'], StringTypes):
579 hostnames.append(nodespec['name'])
581 elif format in ['ip']:
583 spec.parseString(rspec)
585 ifspecs = spec.getDictsByTagName('IfSpec')
586 for ifspec in ifspecs:
587 if ifspec.has_key('addr') and ifspec['addr']:
588 ips.append(ifspec['addr'])
596 def display_list(results):
597 for result in results:
600 def save_rspec_to_file(rspec, filename):
601 if not filename.startswith(os.sep):
602 filename = sfi_dir + filename
603 if not filename.endswith(".rspec"):
604 filename = filename + ".rspec"
606 f = open(filename, 'w')
611 def display_records(recordList, dump = False):
612 ''' Print all fields in the record'''
613 for record in recordList:
614 display_record(record, dump)
616 def display_record(record, dump = False):
620 info = record.getdict()
621 print "%s (%s)" % (info['hrn'], info['type'])
624 def filter_records(type, records):
625 filtered_records = []
626 for record in records:
627 if (record.get_type() == type) or (type == "all"):
628 filtered_records.append(record)
629 return filtered_records
631 def save_records_to_file(filename, recordList):
633 for record in recordList:
635 save_record_to_file(filename + "." + str(index), record)
637 save_record_to_file(filename, record)
640 def save_record_to_file(filename, record):
641 if not filename.startswith(os.sep):
642 filename = sfi_dir + filename
643 str = record.save_to_string()
644 file(filename, "w").write(str)
647 def load_record_from_file(filename):
648 str = file(filename, "r").read()
649 record = GeniRecord(string=str)
652 if __name__=="__main__":