8 # This wrapper implements the Geni Registry and Slice Interfaces on PLC.
9 # Depending on command line options, it starts some combination of a
10 # Registry, an Aggregate Manager, and a Slice Manager.
12 # There are several items that need to be done before starting the wrapper
15 # NOTE: Many configuration settings, including the PLC maintenance account
16 # credentials, URI of the PLCAPI, and PLC DB URI and admin credentials are initialized
17 # from your MyPLC configuration (/etc/planetlab/plc_config*). Please make sure this information
18 # is up to date and accurate.
20 # 1) Import the existing planetlab database, creating the
21 # appropriate geni records. This is done by running the "sfa-import-plc.py" tool.
23 # 2) Create a "trusted_roots" directory and place the certificate of the root
24 # authority in that directory. Given the defaults in sfa-import-plc.py, this
25 # certificate would be named "planetlab.gid". For example,
27 # mkdir trusted_roots; cp authorities/planetlab.gid trusted_roots/
29 # TODO: Can all three servers use the same "registry" certificate?
32 # TCP ports for the three servers
40 from optparse import OptionParser
42 from sfa.trust.trustedroot import TrustedRootList
43 from sfa.trust.certificate import Keypair, Certificate
45 from sfa.server.registry import Registry
46 from sfa.server.aggregate import Aggregate
47 from sfa.server.slicemgr import SliceMgr
48 from sfa.server.component import Component
49 from sfa.trust.hierarchy import Hierarchy
50 from sfa.util.config import Config
51 from sfa.util.report import trace
53 # after http://www.erlenstar.demon.co.uk/unix/faq_2.html
55 """Daemonize the current process."""
56 if os.fork() != 0: os._exit(0)
58 if os.fork() != 0: os._exit(0)
60 devnull = os.open(os.devnull, os.O_RDWR)
62 # xxx fixme - this is just to make sure that nothing gets stupidly lost - should use devnull
63 crashlog = os.open('/var/log/sfa.daemon', os.O_RDWR | os.O_APPEND | os.O_CREAT, 0644)
67 def init_server_key(server_key_file, server_cert_file, config, hierarchy):
69 subject = config.SFA_INTERFACE_HRN
70 # check if the server's private key exists. If it doesnt,
71 # get the right one from the authorities directory. If it cant be
72 # found in the authorities directory, generate a random one
73 if not os.path.exists(server_key_file):
74 hrn = config.SFA_INTERFACE_HRN.lower()
75 hrn_parts = hrn.split(".")
77 pkey_filename = hrn+".pkey"
79 # sub authority's have "." in their hrn. This must
80 # be converted to os.path separator
81 if len(hrn_parts) > 0:
82 rel_key_path = hrn.replace(".", os.sep)
83 pkey_filename= hrn_parts[-1]+".pkey"
85 key_file = os.sep.join([hierarchy.basedir, rel_key_path, pkey_filename])
86 if not os.path.exists(key_file):
87 # if it doesnt exist then this is probably a fresh interface
88 # with no records. Generate a random keypair for now
89 trace("server's public key not found in %s" % key_file)
90 trace("generating a random server key pair")
91 key = Keypair(create=True)
92 key.save_to_file(server_key_file)
93 cert = Certificate(subject=subject)
94 cert.set_issuer(key=key, subject=subject)
97 cert.save_to_file(server_cert_file, save_parents=True)
100 # the pkey was found in the authorites directory. lets
101 # copy it to where the server key should be and generate
103 key = Keypair(filename=key_file)
104 key.save_to_file(server_key_file)
105 cert = Certificate(subject=subject)
106 cert.set_issuer(key=key, subject=subject)
109 cert.save_to_file(server_cert_file, save_parents=True)
112 # If private key exists and cert doesnt, recreate cert
113 if (os.path.exists(server_key_file)) and (not os.path.exists(server_cert_file)):
114 key = Keypair(filename=server_key_file)
115 cert = Certificate(subject=subject)
116 cert.set_issuer(key=key, subject=subject)
119 cert.save_to_file(server_cert_file)
122 # xxx get rid of globals - name consistently CamelCase or under_score
126 global aggregate_port
129 # Generate command line parser
130 parser = OptionParser(usage="sfa-server [options]")
131 parser.add_option("-r", "--registry", dest="registry", action="store_true",
132 help="run registry server", default=False)
133 parser.add_option("-s", "--slicemgr", dest="sm", action="store_true",
134 help="run slice manager", default=False)
135 parser.add_option("-a", "--aggregate", dest="am", action="store_true",
136 help="run aggregate manager", default=False)
137 parser.add_option("-c", "--component", dest="cm", action="store_true",
138 help="run component server", default=False)
139 parser.add_option("-v", "--verbose", dest="verbose", action="store_true",
140 help="verbose mode", default=False)
141 parser.add_option("-d", "--daemon", dest="daemon", action="store_true",
142 help="Run as daemon.", default=False)
143 (options, args) = parser.parse_args()
145 if (options.daemon): daemon()
148 hierarchy = Hierarchy()
149 trusted_roots = TrustedRootList(config.get_trustedroots_dir())
150 server_key_file = os.path.join(hierarchy.basedir, "server.key")
151 server_cert_file = os.path.join(hierarchy.basedir, "server.cert")
153 init_server_key(server_key_file, server_cert_file, config, hierarchy)
155 # start registry server
156 if (options.registry):
157 r = Registry("", registry_port, server_key_file, server_cert_file)
160 # start aggregate manager
162 a = Aggregate("", aggregate_port, server_key_file, server_cert_file)
165 # start slice manager
167 s = SliceMgr("", slicemgr_port, server_key_file, server_cert_file)
171 c = Component("", component_port, server_key_file, server_cert_file)
174 if __name__ == "__main__":