2 from __future__ import with_statement
4 # sfi -- slice-based facility interface
9 from optparse import OptionParser
10 from geni.util.cert import Keypair, Certificate
11 from geni.util.credential import Credential
12 from geni.util.geniclient import GeniClient, ServerException
13 from geni.util.gid import create_uuid
14 from geni.util.record import GeniRecord
15 from geni.util.rspec import Rspec
16 from types import StringTypes, ListType
18 sfi_dir = os.path.expanduser("~/.sfi/")
26 # Establish Connection to SliceMgr and Registry Servers
28 def set_servers(options):
35 if (options.sm is not None):
37 elif ("SFI_SM" in os.environ):
38 sm_url = os.environ["SFI_SM"]
40 print "No Known Slice Manager"
44 if (options.registry is not None):
45 reg_url = options.registry
46 elif ("SFI_REGISTRY" in os.environ):
47 reg_url = os.environ["SFI_REGISTRY"]
49 print "No Known Registry Server"
53 print "Contacting Slice Manager at:", sm_url
54 print "Contacting Registry at:", reg_url
57 if (options.user is not None):
59 elif ("SFI_USER" in os.environ):
60 user = os.environ["SFI_USER"]
62 print "No Known User Name"
66 if (options.auth is not None):
67 authority = options.auth
68 elif ("SFI_AUTH" in os.environ):
69 authority = os.environ["SFI_AUTH"]
73 # Get key and certificate
74 key_file = get_key_file()
75 cert_file = get_cert_file(key_file)
77 # Establish connection to server(s)
78 slicemgr = GeniClient(sm_url, key_file, cert_file)
79 registry = GeniClient(reg_url, key_file, cert_file)
83 # Get various credential and spec files
85 # Establishes limiting conventions
86 # - conflates MAs and SAs
87 # - assumes last token in slice name is unique
89 # Bootstraps credentials
90 # - bootstrap user credential from self-signed certificate
91 # - bootstrap authority credential from user credential
92 # - bootstrap slice credential from user credential
96 parts = name.split(".")
100 file = os.path.join(sfi_dir, get_leaf(user) + ".pkey")
101 if (os.path.isfile(file)):
104 print "Key file", file, "does not exist"
108 def get_cert_file(key_file):
111 file = os.path.join(sfi_dir, get_leaf(user) + ".cert")
112 if (os.path.isfile(file)):
115 k = Keypair(filename = key_file)
116 cert = Certificate(subject=user)
118 cert.set_issuer(k, user)
121 print "Writing self-signed certificate to", file
122 cert.save_to_file(file)
128 file = os.path.join(sfi_dir, get_leaf(user) + ".cred")
129 if (os.path.isfile(file)):
130 user_cred = Credential(filename=file)
133 # bootstrap user credential
134 user_cred = registry.get_credential(None, "user", user)
136 user_cred.save_to_file(file, save_parents=True)
138 print "Writing user credential to", file
141 print "Failed to get user credential"
148 print "no authority specified. Use -a or set SF_AUTH"
151 file = os.path.join(sfi_dir, get_leaf("authority") +".cred")
152 if (os.path.isfile(file)):
153 auth_cred = Credential(filename=file)
156 # bootstrap authority credential from user credential
157 user_cred = get_user_cred()
158 auth_cred = registry.get_credential(user_cred, "sa", authority)
160 auth_cred.save_to_file(file, save_parents=True)
162 print "Writing authority credential to", file
165 print "Failed to get authority credential"
168 def get_slice_cred(name):
169 file = os.path.join(sfi_dir, "slice_" + get_leaf(name) + ".cred")
170 if (os.path.isfile(file)):
171 slice_cred = Credential(filename=file)
174 # bootstrap slice credential from user credential
175 user_cred = get_user_cred()
176 slice_cred = registry.get_credential(user_cred, "slice", name)
178 slice_cred.save_to_file(file, save_parents=True)
180 print "Writing slice credential to", file
183 print "Failed to get slice credential"
186 def get_rspec_file(rspec):
187 if (os.path.isabs(rspec)):
190 file = os.path.join(sfi_dir, rspec)
191 if (os.path.isfile(file)):
194 print "No such rspec file", rspec
197 def get_record_file(record):
198 if (os.path.isabs(record)):
201 file = os.path.join(sfi_dir, record)
202 if (os.path.isfile(file)):
205 print "No such registry record file", record
208 def load_publickey_string(fn):
210 key_string = f.read()
212 # if the filename is a private key file, then extract the public key
213 if "PRIVATE KEY" in key_string:
214 outfn = tempfile.mktemp()
215 cmd = "openssl rsa -in " + fn + " -pubout -outform PEM -out " + outfn
218 key_string = f.read()
224 # Generate sub-command parser
226 def create_cmd_parser(command, additional_cmdargs = None):
227 cmdargs = {"list": "name",
233 "resources": "[name]",
234 "create": "name rspec",
242 if additional_cmdargs:
243 cmdargs.update(additional_cmdargs)
245 if command not in cmdargs:
246 print "Invalid command\n"
248 for key in cmdargs.keys():
253 parser = OptionParser(usage="sfi [sfi_options] %s [options] %s" \
254 % (command, cmdargs[command]))
255 if command in ("resources"):
256 parser.add_option("-f", "--format", dest="format",type="choice",
257 help="display format (dns|ip|rspec)",default="rspec",
258 choices=("dns","ip","rspec"))
259 if command in ("list", "show", "remove"):
260 parser.add_option("-t", "--type", dest="type",type="choice",
261 help="type filter (user|slice|sa|ma|node|aggregate)",
262 choices=("user","slice","sa","ma","node","aggregate", "all"),
264 if command in ("show", "list", "resources"):
265 parser.add_option("-o", "--output", dest="file",
266 help="output XML to file", metavar="FILE", default=None)
267 if command in ("delegate"):
268 parser.add_option("-u", "--user",
269 action="store_true", dest="delegate_user", default=False,
270 help="delegate user credential")
271 parser.add_option("-s", "--slice", dest="delegate_slice",
272 help="delegate slice credential", metavar="HRN", default=None)
276 # Generate command line parser
277 parser = OptionParser(usage="sfi [options] command [command_options] [command_args]",
278 description="Commands: list,show,remove,add,update,nodes,slices,resources,create,delete,start,stop,reset")
279 parser.add_option("-r", "--registry", dest="registry",
280 help="root registry", metavar="URL", default=None)
281 parser.add_option("-s", "--slicemgr", dest="sm",
282 help="slice manager", metavar="URL", default=None)
283 parser.add_option("-d", "--dir", dest="dir",
284 help="working directory", metavar="PATH", default = sfi_dir)
285 parser.add_option("-u", "--user", dest="user",
286 help="user name", metavar="HRN", default=None)
287 parser.add_option("-a", "--auth", dest="auth",
288 help="authority name", metavar="HRN", default=None)
289 parser.add_option("-v", "--verbose",
290 action="store_true", dest="verbose", default=False,
292 parser.disable_interspersed_args()
296 def dispatch(command, cmd_opts, cmd_args):
297 globals()[command](cmd_opts, cmd_args)
300 # Main: parse arguments and dispatch to command
305 parser = create_parser()
306 (options, args) = parser.parse_args()
309 print "No command given. Use -h for help."
313 (cmd_opts, cmd_args) = create_cmd_parser(command).parse_args(args[1:])
314 verbose = options.verbose
316 print "Resgistry %s, sm %s, dir %s, user %s, auth %s" % (options.registry,
321 print "Command %s" %command
322 if command in ("resources"):
323 print "resources cmd_opts %s" %cmd_opts.format
324 elif command in ("list","show","remove"):
325 print "cmd_opts.type %s" %cmd_opts.type
326 print "cmd_args %s" %cmd_args
331 dispatch(command, cmd_opts, cmd_args)
333 print "Command not found:", command
339 # Following functions implement the commands
341 # Registry-related commands
344 # list entires in named authority registry
345 def list(opts, args):
347 user_cred = get_user_cred()
348 list = registry.list(user_cred, args[0])
349 # filter on person, slice, site, node, etc.
350 # THis really should be in the filter_records funct def comment...
351 list = filter_records(opts.type, list)
352 display_records(list)
354 save_records_to_file(opts.file, list)
357 # show named registry record
358 def show(opts, args):
360 user_cred = get_user_cred()
361 records = registry.resolve(user_cred, args[0])
362 records = filter_records(opts.type, records)
364 print "No record of type", opts.type
365 display_records(records, True)
367 save_records_to_file(opts.file, records)
370 def delegate(opts, args):
372 user_cred = get_user_cred()
373 if opts.delegate_user:
374 object_cred = user_cred
375 elif opts.delegate_slice:
376 object_cred = get_slice_cred(opts.delegate_slice)
378 print "Must specify either --user or --slice <hrn>"
381 # the gid and hrn of the object we are delegating
382 object_gid = object_cred.get_gid_object()
383 object_hrn = object_gid.get_hrn()
385 if not object_cred.get_delegate():
386 print "Error: Object credential", object_hrn, "does not have delegate bit set"
389 records = registry.resolve(user_cred, args[0])
390 records = filter_records("user", records)
393 print "Error: Didn't find a user record for", args[0]
396 # the gid of the user who will be delegated too
397 delegee_gid = records[0].get_gid_object()
398 delegee_hrn = delegee_gid.get_hrn()
400 # the key and hrn of the user who will be delegating
401 user_key = Keypair(filename = get_key_file())
402 user_hrn = user_cred.get_gid_caller().get_hrn()
404 dcred = Credential(subject=object_hrn + " delegated to " + delegee_hrn)
405 dcred.set_gid_caller(delegee_gid)
406 dcred.set_gid_object(object_gid)
407 dcred.set_privileges(object_cred.get_privileges())
408 dcred.set_delegate(True)
409 dcred.set_pubkey(object_gid.get_pubkey())
410 dcred.set_issuer(user_key, user_hrn)
411 dcred.set_parent(object_cred)
415 if opts.delegate_user:
416 dest_fn = os.path.join(sfi_dir, get_leaf(delegee_hrn) + "_" + get_leaf(object_hrn) + ".cred")
417 elif opts.delegate_slice:
418 dest_fn = os.path_join(sfi_dir, get_leaf(delegee_hrn) + "_slice_" + get_leaf(object_hrn) + ".cred")
420 dcred.save_to_file(dest_fn, save_parents = True)
422 print "delegated credential for", object_hrn, "to", delegee_hrn, "and wrote to", dest_fn
424 # removed named registry record
425 # - have to first retrieve the record to be removed
426 def remove(opts, args):
428 auth_cred = get_auth_cred()
429 return registry.remove(auth_cred, opts.type, args[0])
431 # add named registry record
434 auth_cred = get_auth_cred()
435 rec_file = get_record_file(args[0])
436 record = load_record_from_file(rec_file)
438 # check and see if we need to create a gid for this record. The creator
439 # of the record signals this by filling in the create_gid, create_gid_hrn,
440 # and create_gid_key members.
441 # (note: we'd use an unsigned GID in the record instead, but pyOpenSSL is
442 # broken and has no way for us to get the key back out of the gid)
443 geni_info = record.get_geni_info()
444 if "create_gid" in geni_info:
445 key_string = geni_info["create_gid_key"].replace("|","\n") # XXX smbaker: the rspec kills newlines
446 gid = registry.create_gid(auth_cred, geni_info["create_gid_hrn"], create_uuid(), key_string)
449 del geni_info["create_gid"]
450 del geni_info["create_gid_hrn"]
451 del geni_info["create_gid_key"]
453 return registry.register(auth_cred, record)
455 # update named registry entry
456 def update(opts, args):
458 user_cred = get_user_cred()
459 rec_file = get_record_file(args[0])
460 record = load_record_from_file(rec_file)
461 if record.get_type() == "user":
462 if record.get_name() == user_cred.get_gid_object().get_hrn():
465 create = get_auth_cred()
466 elif record.get_type() in ["slice"]:
468 cred = get_slice_cred(record.get_name())
469 except ServerException, e:
470 # XXX smbaker -- once we have better error return codes, update this
471 # to do something better than a string compare
472 if "Permission error" in e.args[0]:
473 cred = get_auth_cred()
476 elif record.get_type() in ["authority"]:
477 cred = get_auth_cred()
479 raise "unknown record type" + record.get_type()
480 return registry.update(cred, record)
483 # Slice-related commands
486 # list available nodes -- now use 'resources' w/ no argument instead
487 #def nodes(opts, args):
489 # user_cred = get_user_cred()
490 # if not opts.format:
493 # context = opts.format
494 # results = slicemgr.list_nodes(user_cred)
495 # if opts.format in ['rspec']:
496 # display_rspec(results)
498 # display_list(results)
499 # if (opts.file is not None):
500 # rspec = slicemgr.list_nodes(user_cred)
501 # save_rspec_to_file(rspec, opts.file)
504 # list instantiated slices
505 def slices(opts, args):
507 user_cred = get_user_cred()
508 results = slicemgr.get_slices(user_cred)
509 display_list(results)
512 # show rspec for named slice
513 def resources(opts, args):
516 slice_cred = get_slice_cred(args[0])
517 result = slicemgr.get_resources(slice_cred, args[0])
519 user_cred = get_user_cred()
520 result = slicemgr.get_resources(user_cred)
522 display_rspec(result, format)
523 if (opts.file is not None):
524 save_rspec_to_file(opts.file, result)
527 # created named slice with given rspec
528 def create(opts, args):
531 slice_cred = get_slice_cred(slice_hrn)
532 rspec_file = get_rspec_file(args[1])
533 with open(rspec_file) as f:
535 return slicemgr.create_slice(slice_cred, slice_hrn, rspec)
538 def delete(opts, args):
541 slice_cred = get_slice_cred(slice_hrn)
543 return slicemgr.delete_slice(slice_cred, slice_hrn)
546 def start(opts, args):
548 slice_cred = get_slice_cred(args[0])
549 return slicemgr.start_slice(slice_cred)
552 def stop(opts, args):
554 slice_cred = get_slice_cred(args[0])
555 return slicemgr.stop_slice(slice_cred)
558 def reset(opts, args):
560 slice_cred = get_slice_cred(args[0])
561 return slicemgr.reset_slice(slice_cred)
565 # Display, Save, and Filter RSpecs and Records
566 # - to be replace by EMF-generated routines
570 def display_rspec(rspec, format = 'rspec'):
571 if format in ['dns']:
573 spec.parseString(rspec)
575 nodespecs = spec.getDictsByTagName('NodeSpec')
576 for nodespec in nodespecs:
577 if nodespec.has_key('name') and nodespec['name']:
578 if isinstance(nodespec['name'], ListType):
579 hostnames.extend(nodespec['name'])
580 elif isinstance(nodespec['name'], StringTypes):
581 hostnames.append(nodespec['name'])
583 elif format in ['ip']:
585 spec.parseString(rspec)
587 ifspecs = spec.getDictsByTagName('IfSpec')
588 for ifspec in ifspecs:
589 if ifspec.has_key('addr') and ifspec['addr']:
590 ips.append(ifspec['addr'])
598 def display_list(results):
599 for result in results:
602 def save_rspec_to_file(rspec, filename):
603 if not filename.startswith(os.sep):
604 filename = sfi_dir + filename
605 if not filename.endswith(".rspec"):
606 filename = filename + ".rspec"
608 f = open(filename, 'w')
613 def display_records(recordList, dump = False):
614 ''' Print all fields in the record'''
615 for record in recordList:
616 display_record(record, dump)
618 def display_record(record, dump = False):
622 info = record.getdict()
623 print "%s (%s)" % (info['hrn'], info['type'])
626 def filter_records(type, records):
627 filtered_records = []
628 for record in records:
629 if (record.get_type() == type) or (type == "all"):
630 filtered_records.append(record)
631 return filtered_records
633 def save_records_to_file(filename, recordList):
635 for record in recordList:
637 save_record_to_file(filename + "." + str(index), record)
639 save_record_to_file(filename, record)
642 def save_record_to_file(filename, record):
643 if not filename.startswith(os.sep):
644 filename = sfi_dir + filename
645 str = record.save_to_string()
646 file(filename, "w").write(str)
649 def load_record_from_file(filename):
650 str = file(filename, "r").read()
651 record = GeniRecord(string=str)
654 if __name__=="__main__":