5 from optparse import OptionParser
6 from sfa.util.config import Config
7 import sfa.util.xmlrpcprotocol as xmlrpcprotocol
8 from sfa.util.namespace import *
9 from sfa.trust.certificate import Keypair, Certificate
10 from sfa.trust.credential import Credential
11 from sfa.trust.gid import GID
12 from sfa.trust.hierarchy import Hierarchy
14 def get_server(url=None, port=None, keyfile=None, certfile=None,verbose=False):
16 returns an xmlrpc connection to the service a the specified
20 url_parts = url.split(":")
24 url = "http://%(url)s:%(port)s" % locals()
26 # connect to registry by default
28 addr, port = config.SFA_REGISTRY_HOST, config.SFA_REGISTRY_PORT
29 url = "http://%(addr)s:%(port)s" % locals()
32 print "Contacting registry at: %(url)s" % locals()
34 server = xmlrpcprotocol.get_server(url, keyfile, certfile)
38 def create_default_dirs():
40 hierarchy = Hierarchy()
41 config_dir = config.config_path
42 trusted_certs_dir = config.get_trustedroots_dir()
43 authorities_dir = hierarchy.basedir
44 all_dirs = [config_dir, trusted_certs_dir, authorities_dir]
46 if not os.path.exists(dir):
49 def get_node_key(registry=None, verbose=False):
50 # this call requires no authentication,
51 # so we can generate a random keypair here
53 (kfd, keyfile) = tempfile.mkstemp()
54 (cfd, certfile) = tempfile.mkstemp()
55 key = Keypair(create=True)
56 key.save_to_file(keyfile)
57 cert = Certificate(subject=subject)
58 cert.set_issuer(key=key, subject=subject)
61 cert.save_to_file(certfile)
63 registry = get_server(url = registry, keyfile=keyfile, certfile=certfile)
66 def create_server_keypair(keyfile=None, certfile=None, hrn="component", verbose=False):
68 create the server key/cert pair in the right place
70 key = Keypair(filename=keyfile)
71 key.save_to_file(keyfile)
72 cert = Certificate(subject=hrn)
73 cert.set_issuer(key=key, subject=hrn)
76 cert.save_to_file(certfile, save_parents=True)
78 def get_credential(registry=None, force=False, verbose=False):
80 hierarchy = Hierarchy()
81 key_dir= hierarchy.basedir
82 data_dir = config.data_path
83 config_dir = config.config_path
84 credfile = data_dir + os.sep + 'node.cred'
85 # check for existing credential
86 if not force and os.path.exists(credfile):
88 print "Loading Credential from %(credfile)s " % locals()
89 cred = Credential(filename=credfile).save_to_string(save_parents=True)
92 print "Getting credential from registry"
93 # make sure node private key exists
94 node_pkey_file = config_dir + os.sep + "node.key"
95 node_gid_file = config_dir + os.sep + "node.gid"
96 if not os.path.exists(node_pkey_file) or \
97 not os.path.exists(node_gid_file):
98 get_node_key(registry=registry, verbose=verbose)
100 gid = GID(filename=node_gid_file)
102 # create server key and certificate
103 keyfile =data_dir + os.sep + "server.key"
104 certfile = data_dir + os.sep + "server.cert"
105 key = Keypair(filename=node_pkey_file)
106 key.save_to_file(keyfile)
107 create_server_keypair(keyfile, certfile, hrn, verbose)
109 # get credential from registry
110 registry = get_server(url=registry, keyfile=keyfile, certfile=certfile)
111 cert = Certificate(filename=certfile)
112 cert_str = cert.save_to_string(save_parents=True)
113 cred = registry.get_self_credential(cert_str, 'node', hrn)
114 Credential(string=cred).save_to_file(credfile, save_parents=True)
118 def get_trusted_certs(registry=None, verbose=False):
120 refresh our list of trusted certs.
122 # define useful variables
124 data_dir = config.SFA_DATA_DIR
125 config_dir = config.SFA_CONFIG_DIR
126 trusted_certs_dir = config.get_trustedroots_dir()
127 keyfile = data_dir + os.sep + "server.key"
128 certfile = data_dir + os.sep + "server.cert"
129 node_gid_file = config_dir + os.sep + "node.gid"
130 node_gid = GID(filename=node_gid_file)
131 hrn = node_gid.get_hrn()
133 cred = get_credential(registry=registry, verbose=verbose)
134 # make sure server key cert pair exists
135 create_server_keypair(keyfile=keyfile, certfile=certfile, hrn=hrn, verbose=verbose)
136 registry = get_server(url=registry, keyfile=keyfile, certfile=certfile)
137 # get the trusted certs and save them in the right place
139 print "Getting trusted certs from registry"
140 trusted_certs = registry.get_trusted_certs(cred)
141 trusted_gid_names = []
142 for gid_str in trusted_certs:
143 gid = GID(string=gid_str)
145 relative_filename = gid.get_hrn() + ".gid"
146 trusted_gid_names.append(relative_filename)
147 gid_filename = trusted_certs_dir + os.sep + relative_filename
149 print "Writing GID for %s as %s" % (gid.get_hrn(), gid_filename)
150 gid.save_to_file(gid_filename, save_parents=True)
153 all_gids_names = os.listdir(trusted_certs_dir)
154 for gid_name in all_gids_names:
155 if gid_name not in trusted_gid_names:
157 print "Removing old gid ", gid_name
158 os.unlink(trusted_certs_dir + os.sep + gid_name)
160 def get_gids(registry=None, verbose=False):
162 Get the gid for all instantiated slices on this node and store it
163 in /etc/sfa/slice.gid in the slice's filesystem
165 # define useful variables
167 data_dir = config.data_path
168 config_dir = config.SFA_CONFIG_DIR
169 trusted_certs_dir = config.get_trustedroots_dir()
170 keyfile = data_dir + os.sep + "server.key"
171 certfile = data_dir + os.sep + "server.cert"
172 node_gid_file = config_dir + os.sep + "node.gid"
173 node_gid = GID(filename=node_gid_file)
174 hrn = node_gid.get_hrn()
175 interface_hrn = config.SFA_INTERFACE_HRN
177 cred = get_credential(registry=registry, verbose=verbose)
178 # make sure server key cert pair exists
179 create_server_keypair(keyfile=keyfile, certfile=certfile, hrn=hrn, verbose=verbose)
180 registry = get_server(url=registry, keyfile=keyfile, certfile=certfile)
183 print "Getting current slices on this node"
184 # get a list of slices on this node
185 from sfa.plc.api import ComponentAPI
187 slicenames = api.nodemanager.GetXIDs().keys()
188 hrns = [slicename_to_hrn(interface_hrn, slicename) for slicename in slicenames]
192 print "Getting gids for slices on this node from registry"
194 # and save them in the right palce
195 records = registry.get_gids(cred, hrns)
196 for record in records:
197 # if this isnt a slice record skip it
198 if not record['type'] == 'slice':
200 slicename = hrn_to_pl_slicename(record['hrn'])
201 # if this slice isnt really instatiated skip it
202 if not os.path.exists("/vservers/%(slicename)s" % locals()):
205 # save the slice gid in /etc/sfa/ in the vservers filesystem
206 vserver_path = "/vservers/%(slicename)s" % locals()
208 slice_gid_filename = os.sep.join([vserver_path, "etc", "slice.gid"])
210 print "Saving GID for %(slicename)s as %(slice_gid_filename)s" % locals()
211 GID(string=gid).save_to_file(slice_gid_filename, save_parents=True)
212 # save the node gid in /etc/sfa
213 node_gid_filename = os.sep.join([vserver_path, "etc", "node.gid"])
215 print "Saving node GID for %(slicename)s as %(node_gid_filename)s" % locals()
216 node_gid.save_to_file(node_gid_filename, save_parents=True)
219 def dispatch(options, args):
221 create_default_dirs()
224 print "Getting the component's pkey"
225 get_node_key(registry=options.registry, verbose=options.verbose)
228 print "Getting the component's trusted certs"
229 get_trusted_certs(verbose=options.verbose)
232 print "Geting the component's GIDs"
233 get_gids(verbose=options.verbose)
238 parser = OptionParser(usage="%(prog_name)s [options]" % locals())
239 parser.add_option("-v", "--verbose", dest="verbose", action="store_true",
240 default=False, help="Be verbose")
241 parser.add_option("-r", "--registry", dest="registry", default=None,
242 help="Url of registry to contact")
243 parser.add_option("-k", "--key", dest="key", action="store_true",
245 help="Get the node's pkey from the registry")
246 parser.add_option("-c", "--certs", dest="certs", action="store_true",
248 help="Get the trusted certs from the registry")
249 parser.add_option("-g", "--gids", dest="gids", action="store_true",
251 help="Get gids for all the slices on the component")
253 (options, args) = parser.parse_args()
255 dispatch(options, args)
257 if __name__ == '__main__':