2 # vim:set ts=4 sw=4 expandtab:
7 # NodeManager plugin for installing SFA GID's in slivers
12 sys.path.append('/usr/share/NodeManager')
17 from sfa.util.namespace import *
18 from sfa.util.config import Config
19 import sfa.util.xmlrpcprotocol as xmlrpcprotocol
20 from sfa.trust.certificate import Keypair, Certificate
21 from sfa.trust.credential import Credential
22 from sfa.trust.gid import GID
23 from sfa.trust.hierarchy import Hierarchy
24 from sfa.plc.api import ComponentAPI
30 #FIXME: disabled by caglar
32 logger.log("sfagid: plugin starting up ...")
35 keyfile, certfile = get_keypair(None)
36 api = ComponentAPI(key_file=keyfile, cert_file=certfile)
39 def GetSlivers(data, config=None, plc=None):
43 keyfile, certfile = get_keypair(config)
44 api = ComponentAPI(key_file=keyfile, cert_file=certfile)
45 slivers = [sliver['name'] for sliver in data['slivers']]
46 install_gids(api, slivers)
47 install_trusted_certs(api)
49 def install_gids(api, slivers):
51 node_gid_file = api.config.config_path + os.sep + "node.gid"
52 node_gid = GID(filename=node_gid_file)
53 node_gid_str = node_gid.save_to_string(save_parents=True)
54 node_hrn = node_gid.get_hrn()
56 # get currently installed slice and node gids
57 interface_hrn = api.config.SFA_INTERFACE_HRN
60 for slicename in slivers:
61 slice_gid_filename = "/vservers/%s/etc/slice.gid" % slicename
62 node_gid_filename = "/vservers/%s/etc/node.gid" % slicename
63 if os.path.isfile(slice_gid_filename):
64 gid_file = open(slice_gid_filename, 'r')
65 slice_gids[sliver] = gid_file.read()
67 if os.path.isfile(node_gid_filename):
68 gid_file = open(node_gid_filename, 'r')
69 node_gids[sliver] = gid_file.read()
72 # convert slicenames to hrns
73 hrns = [slicename_to_hrn(interface_hrn, slicename) \
74 for slicename in slivers]
76 # get current gids from registry
77 cred = api.getCredential()
78 registry = api.get_registry()
79 #records = registry.GetGids(cred, hrns)
80 records = registry.get_gids(cred, hrns)
81 for record in records:
82 # skip if this isnt a slice record
83 if not record['type'] == 'slice':
85 vserver_path = "/vservers/%(slicename)s" % locals()
86 # skip if the slice isnt instantiated
87 if not os.path.exists(vserver_path):
90 # install slice gid if it doesnt already exist or has changed
91 slice_gid_str = record['gid']
92 slicename = hrn_to_pl_slicename(record['hrn'])
93 if slicename not in slice_gids or slice_gids[slicename] != slice_gid_str:
94 gid_filename = os.sep.join([vserver_path, "etc", "slice.gid"])
95 GID(string=slice_gid_str).save_to_file(gid_filename, save_parents=True)
97 # install slice gid if it doesnt already exist or has changed
98 if slicename not in node_gids or node_gids[slicename] != node_gid_str:
99 gid_filename = os.sep.join([vserver_path, "etc", "node.gid"])
100 GID(string=node_gid_str).save_to_file(gid_filename, save_parents=True)
102 def install_trusted_certs(api):
103 cred = api.getCredential()
104 registry = api.get_registry()
105 trusted_certs = registry.get_trusted_certs(cred)
106 trusted_gid_names = []
107 for gid_str in trusted_certs:
108 gid = GID(string=gid_str)
110 relative_filename = gid.get_hrn() + ".gid"
111 trusted_gid_names.append(relative_filename)
112 gid_filename = trusted_certs_dir + os.sep + relative_filename
114 print "Writing GID for %s as %s" % (gid.get_hrn(), gid_filename)
115 gid.save_to_file(gid_filename, save_parents=True)
118 all_gids_names = os.listdir(trusted_certs_dir)
119 for gid_name in all_gids_names:
120 if gid_name not in trusted_gid_names:
122 print "Removing old gid ", gid_name
123 os.unlink(trusted_certs_dir + os.sep + gid_name)
128 def get_keypair(config = None):
131 hierarchy = Hierarchy()
132 key_dir= hierarchy.basedir
133 data_dir = config.data_path
134 keyfile =data_dir + os.sep + "server.key"
135 certfile = data_dir + os.sep + "server.cert"
137 # check if files already exist
138 if os.path.exists(keyfile) and os.path.exists(certfile):
139 return (keyfile, certfile)
141 # create temp keypair server key and certificate
142 (_, tmp_keyfile) = tempfile.mkstemp(suffix='.pkey', prefix='tmpkey', dir='/tmp')
143 (_, tmp_certfile) = tempfile.mkstemp(suffix='.cert', prefix='tmpcert', dir='/tmp')
144 tmp_key = Keypair(create=True)
145 tmp_key.save_to_file(tmp_keyfile)
146 tmp_cert = Certificate(subject='subject')
147 tmp_cert.set_issuer(key=tmp_key, subject='subject')
148 tmp_cert.set_pubkey(tmp_key)
149 tmp_cert.save_to_file(tmp_certfile, save_parents=True)
151 # request real pkey from registry
152 api = ComponentAPI(key_file=tmp_keyfile, cert_file=tmp_certfile)
153 registry = api.get_registry()
155 key = Keypair(filename=keyfile)
156 cert = Certificate(subject=hrn)
157 cert.set_issuer(key=key, subject=hrn)
160 cert.save_to_file(certfile, save_parents=True)
161 return (keyfile, certfile)
164 if __name__ == '__main__':
165 test_slivers = {'slivers': [
166 {'name': 'tmacktestslice', 'attributes': []}
169 GetSlivers(test_slivers)