2 # vim:set ts=4 sw=4 expandtab:
7 # NodeManager plugin for installing SFA GID's in slivers
12 sys.path.append('/usr/share/NodeManager')
17 from sfa.util.namespace import *
18 from sfa.util.config import Config as SfaConfig
19 import sfa.util.xmlrpcprotocol as xmlrpcprotocol
20 from sfa.trust.certificate import Keypair, Certificate
21 from sfa.trust.credential import Credential
22 from sfa.trust.gid import GID
23 from sfa.trust.hierarchy import Hierarchy
24 from sfa.plc.api import ComponentAPI
30 logger.log("sfagid: plugin starting up ...")
34 keyfile, certfile = get_keypair(None)
35 api = ComponentAPI(key_file=keyfile, cert_file=certfile)
40 def GetSlivers(data, config=None, plc=None):
44 keyfile, certfile = get_keypair(config)
45 api = ComponentAPI(key_file=keyfile, cert_file=certfile)
46 slivers = [sliver['name'] for sliver in data['slivers']]
47 install_gids(api, slivers)
48 install_trusted_certs(api)
50 def install_gids(api, slivers):
52 node_gid_file = api.config.config_path + os.sep + "node.gid"
53 node_gid = GID(filename=node_gid_file)
54 node_gid_str = node_gid.save_to_string(save_parents=True)
55 node_hrn = node_gid.get_hrn()
57 # get currently installed slice and node gids
58 interface_hrn = api.config.SFA_INTERFACE_HRN
61 for slicename in slivers:
62 slice_gid_filename = "/vservers/%s/etc/slice.gid" % slicename
63 node_gid_filename = "/vservers/%s/etc/node.gid" % slicename
64 if os.path.isfile(slice_gid_filename):
65 gid_file = open(slice_gid_filename, 'r')
66 slice_gids[sliver] = gid_file.read()
68 if os.path.isfile(node_gid_filename):
69 gid_file = open(node_gid_filename, 'r')
70 node_gids[sliver] = gid_file.read()
73 # convert slicenames to hrns
74 hrns = [slicename_to_hrn(interface_hrn, slicename) \
75 for slicename in slivers]
77 # get current gids from registry
78 cred = api.getCredential()
79 registry = api.get_registry()
80 #records = registry.GetGids(cred, hrns)
81 records = registry.get_gids(cred, hrns)
82 for record in records:
83 # skip if this isnt a slice record
84 if not record['type'] == 'slice':
86 vserver_path = "/vservers/%(slicename)s" % locals()
87 # skip if the slice isnt instantiated
88 if not os.path.exists(vserver_path):
91 # install slice gid if it doesnt already exist or has changed
92 slice_gid_str = record['gid']
93 slicename = hrn_to_pl_slicename(record['hrn'])
94 if slicename not in slice_gids or slice_gids[slicename] != slice_gid_str:
95 gid_filename = os.sep.join([vserver_path, "etc", "slice.gid"])
96 GID(string=slice_gid_str).save_to_file(gid_filename, save_parents=True)
98 # install slice gid if it doesnt already exist or has changed
99 if slicename not in node_gids or node_gids[slicename] != node_gid_str:
100 gid_filename = os.sep.join([vserver_path, "etc", "node.gid"])
101 GID(string=node_gid_str).save_to_file(gid_filename, save_parents=True)
103 def install_trusted_certs(api):
104 cred = api.getCredential()
105 registry = api.get_registry()
106 trusted_certs = registry.get_trusted_certs(cred)
107 trusted_gid_names = []
108 for gid_str in trusted_certs:
109 gid = GID(string=gid_str)
111 relative_filename = gid.get_hrn() + ".gid"
112 trusted_gid_names.append(relative_filename)
113 gid_filename = trusted_certs_dir + os.sep + relative_filename
115 print "Writing GID for %s as %s" % (gid.get_hrn(), gid_filename)
116 gid.save_to_file(gid_filename, save_parents=True)
119 all_gids_names = os.listdir(trusted_certs_dir)
120 for gid_name in all_gids_names:
121 if gid_name not in trusted_gid_names:
123 print "Removing old gid ", gid_name
124 os.unlink(trusted_certs_dir + os.sep + gid_name)
129 def get_keypair(config = None):
132 hierarchy = Hierarchy()
133 key_dir= hierarchy.basedir
134 data_dir = config.data_path
135 keyfile =data_dir + os.sep + "server.key"
136 certfile = data_dir + os.sep + "server.cert"
138 # check if files already exist
139 if os.path.exists(keyfile) and os.path.exists(certfile):
140 return (keyfile, certfile)
142 # create temp keypair server key and certificate
143 (_, tmp_keyfile) = tempfile.mkstemp(suffix='.pkey', prefix='tmpkey', dir='/tmp')
144 (_, tmp_certfile) = tempfile.mkstemp(suffix='.cert', prefix='tmpcert', dir='/tmp')
145 tmp_key = Keypair(create=True)
146 tmp_key.save_to_file(tmp_keyfile)
147 tmp_cert = Certificate(subject='subject')
148 tmp_cert.set_issuer(key=tmp_key, subject='subject')
149 tmp_cert.set_pubkey(tmp_key)
150 tmp_cert.save_to_file(tmp_certfile, save_parents=True)
152 # request real pkey from registry
153 api = ComponentAPI(key_file=tmp_keyfile, cert_file=tmp_certfile)
154 registry = api.get_registry()
156 key = Keypair(filename=keyfile)
157 cert = Certificate(subject=hrn)
158 cert.set_issuer(key=key, subject=hrn)
161 cert.save_to_file(certfile, save_parents=True)
162 return (keyfile, certfile)
165 if __name__ == '__main__':
166 test_slivers = {'slivers': [
167 {'name': 'tmacktestslice', 'attributes': []}
170 GetSlivers(test_slivers)