2 # vim:set ts=4 sw=4 expandtab:
4 # NodeManager plugin for installing SFA GID's in slivers
9 sys.path.append('/usr/share/NodeManager')
14 from sfa.util.namespace import *
15 from sfa.util.config import Config as SfaConfig
16 import sfa.util.xmlrpcprotocol as xmlrpcprotocol
17 from sfa.trust.certificate import Keypair, Certificate
18 from sfa.trust.credential import Credential
19 from sfa.trust.gid import GID
20 from sfa.trust.hierarchy import Hierarchy
21 from sfa.plc.api import ComponentAPI
27 logger.log("sfagid: plugin starting up ...")
31 keyfile, certfile = get_keypair(None)
32 api = ComponentAPI(key_file=keyfile, cert_file=certfile)
37 def GetSlivers(data, config=None, plc=None):
41 keyfile, certfile = get_keypair(config)
42 api = ComponentAPI(key_file=keyfile, cert_file=certfile)
43 slivers = [sliver['name'] for sliver in data['slivers']]
44 install_gids(api, slivers)
45 install_trusted_certs(api)
47 def install_gids(api, slivers):
49 node_gid_file = api.config.config_path + os.sep + "node.gid"
50 node_gid = GID(filename=node_gid_file)
51 node_gid_str = node_gid.save_to_string(save_parents=True)
52 node_hrn = node_gid.get_hrn()
54 # get currently installed slice and node gids
55 interface_hrn = api.config.SFA_INTERFACE_HRN
58 for slicename in slivers:
59 slice_gid_filename = "/vservers/%s/etc/slice.gid" % slicename
60 node_gid_filename = "/vservers/%s/etc/node.gid" % slicename
61 if os.path.isfile(slice_gid_filename):
62 gid_file = open(slice_gid_filename, 'r')
63 slice_gids[sliver] = gid_file.read()
65 if os.path.isfile(node_gid_filename):
66 gid_file = open(node_gid_filename, 'r')
67 node_gids[sliver] = gid_file.read()
70 # convert slicenames to hrns
71 hrns = [slicename_to_hrn(interface_hrn, slicename) \
72 for slicename in slivers]
74 # get current gids from registry
75 cred = api.getCredential()
76 registry = api.get_registry()
77 #records = registry.GetGids(cred, hrns)
78 records = registry.get_gids(cred, hrns)
79 for record in records:
80 # skip if this isnt a slice record
81 if not record['type'] == 'slice':
83 vserver_path = "/vservers/%(slicename)s" % locals()
84 # skip if the slice isnt instantiated
85 if not os.path.exists(vserver_path):
88 # install slice gid if it doesnt already exist or has changed
89 slice_gid_str = record['gid']
90 slicename = hrn_to_pl_slicename(record['hrn'])
91 if slicename not in slice_gids or slice_gids[slicename] != slice_gid_str:
92 gid_filename = os.sep.join([vserver_path, "etc", "slice.gid"])
93 GID(string=slice_gid_str).save_to_file(gid_filename, save_parents=True)
95 # install slice gid if it doesnt already exist or has changed
96 if slicename not in node_gids or node_gids[slicename] != node_gid_str:
97 gid_filename = os.sep.join([vserver_path, "etc", "node.gid"])
98 GID(string=node_gid_str).save_to_file(gid_filename, save_parents=True)
100 def install_trusted_certs(api):
101 cred = api.getCredential()
102 registry = api.get_registry()
103 trusted_certs = registry.get_trusted_certs(cred)
104 trusted_gid_names = []
105 for gid_str in trusted_certs:
106 gid = GID(string=gid_str)
108 relative_filename = gid.get_hrn() + ".gid"
109 trusted_gid_names.append(relative_filename)
110 gid_filename = trusted_certs_dir + os.sep + relative_filename
112 print("Writing GID for %s as %s" % (gid.get_hrn(), gid_filename))
113 gid.save_to_file(gid_filename, save_parents=True)
116 all_gids_names = os.listdir(trusted_certs_dir)
117 for gid_name in all_gids_names:
118 if gid_name not in trusted_gid_names:
120 print("Removing old gid ", gid_name)
121 os.unlink(trusted_certs_dir + os.sep + gid_name)
126 def get_keypair(config = None):
129 hierarchy = Hierarchy()
130 key_dir= hierarchy.basedir
131 data_dir = config.data_path
132 keyfile =data_dir + os.sep + "server.key"
133 certfile = data_dir + os.sep + "server.cert"
135 # check if files already exist
136 if os.path.exists(keyfile) and os.path.exists(certfile):
137 return (keyfile, certfile)
139 # create temp keypair server key and certificate
140 (_, tmp_keyfile) = tempfile.mkstemp(suffix='.pkey', prefix='tmpkey', dir='/tmp')
141 (_, tmp_certfile) = tempfile.mkstemp(suffix='.cert', prefix='tmpcert', dir='/tmp')
142 tmp_key = Keypair(create=True)
143 tmp_key.save_to_file(tmp_keyfile)
144 tmp_cert = Certificate(subject='subject')
145 tmp_cert.set_issuer(key=tmp_key, subject='subject')
146 tmp_cert.set_pubkey(tmp_key)
147 tmp_cert.save_to_file(tmp_certfile, save_parents=True)
149 # request real pkey from registry
150 api = ComponentAPI(key_file=tmp_keyfile, cert_file=tmp_certfile)
151 registry = api.get_registry()
153 key = Keypair(filename=keyfile)
154 cert = Certificate(subject=hrn)
155 cert.set_issuer(key=key, subject=hrn)
158 cert.save_to_file(certfile, save_parents=True)
159 return (keyfile, certfile)
162 if __name__ == '__main__':
163 test_slivers = {'slivers': [
164 {'name': 'tmacktestslice', 'attributes': []}
167 GetSlivers(test_slivers)