git://git.onelab.eu
/
nodemanager.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
blind and brutal 2to3
[nodemanager.git]
/
plugins
/
sliverauth.py
diff --git
a/plugins/sliverauth.py
b/plugins/sliverauth.py
index
69de1d9
..
503afa1
100644
(file)
--- a/
plugins/sliverauth.py
+++ b/
plugins/sliverauth.py
@@
-40,37
+40,44
@@
def GetSlivers(data, config, plc):
path = '/vservers/%s' % sliver['name']
if not os.path.exists(path):
# ignore all non-plc-instantiated slivers
path = '/vservers/%s' % sliver['name']
if not os.path.exists(path):
# ignore all non-plc-instantiated slivers
- instantiation = sliver.get('instantiation','')
+ instantiation = sliver.get('instantiation',
'')
if instantiation == 'plc-instantiated':
logger.log("sliverauth: plc-instantiated slice %s does not yet exist. IGNORING!" % sliver['name'])
continue
if instantiation == 'plc-instantiated':
logger.log("sliverauth: plc-instantiated slice %s does not yet exist. IGNORING!" % sliver['name'])
continue
+ system_slice = False
for chunk in sliver['attributes']:
for chunk in sliver['attributes']:
- if chunk['tagname']=='enable_hmac':
+ if chunk['tagname'] == "system":
+ if chunk['value'] in (True, 1, '1') or chunk['value'].lower() == "true":
+ system_slice = True
+
+ for chunk in sliver['attributes']:
+ if chunk['tagname']=='enable_hmac' and not system_slice:
manage_hmac (plc, sliver)
manage_hmac (plc, sliver)
- elif chunk['tagname']=='omf_control':
+
+ if chunk['tagname']=='omf_control':
manage_sshkey (plc, sliver)
def SetSliverTag(plc, slice, tagname, value):
node_id = tools.node_id()
manage_sshkey (plc, sliver)
def SetSliverTag(plc, slice, tagname, value):
node_id = tools.node_id()
- slivertags=plc.GetSliceTags({"name":slice,
"node_id":node_id,
"tagname":tagname})
+ slivertags=plc.GetSliceTags({"name":slice,
"node_id":node_id,
"tagname":tagname})
if len(slivertags)==0:
# looks like GetSlivers reports about delegated/nm-controller slices that do *not* belong to this node
# and this is something that AddSliceTag does not like
try:
if len(slivertags)==0:
# looks like GetSlivers reports about delegated/nm-controller slices that do *not* belong to this node
# and this is something that AddSliceTag does not like
try:
- slivertag_id=plc.AddSliceTag(slice,
tagname,value,
node_id)
+ slivertag_id=plc.AddSliceTag(slice,
tagname, value,
node_id)
except:
logger.log_exc ("sliverauth.SetSliverTag (probably delegated) slice=%(slice)s tag=%(tagname)s node_id=%(node_id)d"%locals())
pass
else:
slivertag_id=slivertags[0]['slice_tag_id']
except:
logger.log_exc ("sliverauth.SetSliverTag (probably delegated) slice=%(slice)s tag=%(tagname)s node_id=%(node_id)d"%locals())
pass
else:
slivertag_id=slivertags[0]['slice_tag_id']
- plc.UpdateSliceTag(slivertag_id,value)
+ plc.UpdateSliceTag(slivertag_id,
value)
def find_tag (sliver, tagname):
for attribute in sliver['attributes']:
# for legacy, try the old-fashioned 'name' as well
def find_tag (sliver, tagname):
for attribute in sliver['attributes']:
# for legacy, try the old-fashioned 'name' as well
- name = attribute.get('tagname',
attribute.get('name',
''))
+ name = attribute.get('tagname',
attribute.get('name',
''))
if name == tagname:
return attribute['value']
return None
if name == tagname:
return attribute['value']
return None
@@
-81,21
+88,21
@@
def manage_hmac (plc, sliver):
if not hmac:
# let python do its thing
random.seed()
if not hmac:
# let python do its thing
random.seed()
- d = [random.choice(string.letters) for x in
x
range(32)]
+ d = [random.choice(string.letters) for x in range(32)]
hmac = "".join(d)
hmac = "".join(d)
- SetSliverTag(plc,
sliver['name'],'hmac',
hmac)
+ SetSliverTag(plc,
sliver['name'], 'hmac',
hmac)
logger.log("sliverauth: %s: setting hmac" % sliver['name'])
path = '/vservers/%s/etc/planetlab' % sliver['name']
if os.path.exists(path):
keyfile = '%s/key' % path
logger.log("sliverauth: %s: setting hmac" % sliver['name'])
path = '/vservers/%s/etc/planetlab' % sliver['name']
if os.path.exists(path):
keyfile = '%s/key' % path
- if (tools.replace_file_with_string(keyfile,
hmac,chmod=0
400)):
+ if (tools.replace_file_with_string(keyfile,
hmac, chmod=0o
400)):
logger.log ("sliverauth: (over)wrote hmac into %s " % keyfile)
# create the key if needed and returns the key contents
def generate_sshkey (sliver):
# initial version was storing stuff in the sliver directly
logger.log ("sliverauth: (over)wrote hmac into %s " % keyfile)
# create the key if needed and returns the key contents
def generate_sshkey (sliver):
# initial version was storing stuff in the sliver directly
-# keyfile="/vservers/%s/home/%s/.ssh/id_rsa"%(sliver['name'],sliver['name'])
+# keyfile="/vservers/%s/home/%s/.ssh/id_rsa"%(sliver['name'],
sliver['name'])
# we're now storing this in the same place as the authorized_keys, which in turn
# gets mounted to the user's home directory in the sliver
keyfile="/home/%s/.ssh/id_rsa"%(sliver['name'])
# we're now storing this in the same place as the authorized_keys, which in turn
# gets mounted to the user's home directory in the sliver
keyfile="/home/%s/.ssh/id_rsa"%(sliver['name'])
@@
-103,14
+110,15
@@
def generate_sshkey (sliver):
dotssh=os.path.dirname(keyfile)
# create dir if needed
if not os.path.isdir (dotssh):
dotssh=os.path.dirname(keyfile)
# create dir if needed
if not os.path.isdir (dotssh):
- os.mkdir (dotssh, 0700)
+ os.mkdir (dotssh, 0
o
700)
logger.log_call ( [ 'chown', "%s:slices"%(sliver['name']), dotssh ] )
logger.log_call ( [ 'chown', "%s:slices"%(sliver['name']), dotssh ] )
- if not os.path.isfile
(pubfile):
- comment="%s@%s"%(sliver['name'],socket.gethostname())
+ if not os.path.isfile(pubfile):
+ comment="%s@%s"%(sliver['name'],
socket.gethostname())
logger.log_call( [ 'ssh-keygen', '-t', 'rsa', '-N', '', '-f', keyfile , '-C', comment] )
logger.log_call( [ 'ssh-keygen', '-t', 'rsa', '-N', '', '-f', keyfile , '-C', comment] )
- os.chmod (keyfile, 0400)
+ os.chmod (keyfile, 0
o
400)
logger.log_call ( [ 'chown', "%s:slices"%(sliver['name']), keyfile, pubfile ] )
logger.log_call ( [ 'chown', "%s:slices"%(sliver['name']), keyfile, pubfile ] )
- return file(pubfile).read().strip()
+ with open(pubfile) as f:
+ return f.read().strip()
# a sliver can get created, deleted and re-created
# the slice having the tag is not sufficient to skip key geneneration
# a sliver can get created, deleted and re-created
# the slice having the tag is not sufficient to skip key geneneration
@@
-119,6
+127,6
@@
def manage_sshkey (plc, sliver):
# if it's lost b/c e.g. the sliver was destroyed we cannot save the tags content
ssh_key = generate_sshkey(sliver)
old_tag = find_tag (sliver, 'ssh_key')
# if it's lost b/c e.g. the sliver was destroyed we cannot save the tags content
ssh_key = generate_sshkey(sliver)
old_tag = find_tag (sliver, 'ssh_key')
- if ssh_key
<>
old_tag:
+ if ssh_key
!=
old_tag:
SetSliverTag(plc, sliver['name'], 'ssh_key', ssh_key)
logger.log ("sliverauth: %s: setting ssh_key" % sliver['name'])
SetSliverTag(plc, sliver['name'], 'ssh_key', ssh_key)
logger.log ("sliverauth: %s: setting ssh_key" % sliver['name'])