+def init_server(options, config):
+ """
+ Locate the manager based on config.*TYPE
+ Execute the init_server method (well in fact function, sigh) if defined in that module
+ In order to migrate to a more generic approach:
+ * search for <>_manager_<type>.py
+ * if not found, try <>_manager.py (and issue a warning if <type>!='pl')
+ """
+ if options.registry:
+ manager=import_manager ("registry", config.SFA_REGISTRY_TYPE)
+ if manager and hasattr(manager, 'init_server'): manager.init_server()
+ if options.am:
+ manager=import_manager ("aggregate", config.SFA_AGGREGATE_TYPE)
+ if manager and hasattr(manager, 'init_server'): manager.init_server()
+ if options.sm:
+ manager=import_manager ("slice", config.SFA_SM_TYPE)
+ if manager and hasattr(manager, 'init_server'): manager.init_server()
+ if options.cm:
+ manager=import_manager ("component", config.SFA_CM_TYPE)
+ if manager and hasattr(manager, 'init_server'): manager.init_server()
+
+
+def install_peer_certs(server_key_file, server_cert_file):
+ """
+ Attempt to install missing trusted gids and db records for
+ our federated interfaces
+ """
+ # Attempt to get any missing peer gids
+ # There should be a gid file in /etc/sfa/trusted_roots for every
+ # peer registry found in in the registries.xml config file. If there
+ # are any missing gids, request a new one from the peer registry.
+ api = SfaAPI(key_file = server_key_file, cert_file = server_cert_file)
+ registries = Registries()
+ aggregates = Aggregates()
+ interfaces = dict(registries.items() + aggregates.items())
+ gids_current = api.auth.trusted_cert_list
+ hrns_current = [gid.get_hrn() for gid in gids_current]
+ hrns_expected = set([hrn for hrn in interfaces])
+ new_hrns = set(hrns_expected).difference(hrns_current)
+ #gids = self.get_peer_gids(new_hrns) + gids_current
+ peer_gids = []
+ if not new_hrns:
+ return
+
+ trusted_certs_dir = api.config.get_trustedroots_dir()
+ for new_hrn in new_hrns:
+ if not new_hrn: continue
+ # the gid for this interface should already be installed
+ if new_hrn == api.config.SFA_INTERFACE_HRN: continue
+ try:
+ # get gid from the registry
+ url = interfaces[new_hrn].get_url()
+ interface = interfaces[new_hrn].get_server(server_key_file, server_cert_file, timeout=30)
+ # skip non sfa aggregates
+ server_version = api.get_cached_server_version(interface)
+ if 'sfa' not in server_version:
+ logger.info("get_trusted_certs: skipping non sfa aggregate: %s" % new_hrn)
+ continue
+
+ trusted_gids = interface.get_trusted_certs()
+ if trusted_gids:
+ # the gid we want should be the first one in the list,
+ # but lets make sure
+ for trusted_gid in trusted_gids:
+ # default message
+ message = "interface: %s\t" % (api.interface)
+ message += "unable to install trusted gid for %s" % \
+ (new_hrn)
+ gid = GID(string=trusted_gids[0])
+ peer_gids.append(gid)
+ if gid.get_hrn() == new_hrn:
+ gid_filename = os.path.join(trusted_certs_dir, '%s.gid' % new_hrn)
+ gid.save_to_file(gid_filename, save_parents=True)
+ message = "installed trusted cert for %s" % new_hrn
+ # log the message
+ api.logger.info(message)
+ except:
+ message = "interface: %s\tunable to install trusted gid for %s" % \
+ (api.interface, new_hrn)
+ api.logger.log_exc(message)
+ # doesnt matter witch one
+ update_cert_records(peer_gids)
+
+def update_cert_records(gids):
+ """
+ Make sure there is a record in the registry for the specified gids.
+ Removes old records from the db.
+ """
+ # import SfaTable here so this module can be loaded by ComponentAPI
+ from sfa.util.table import SfaTable
+ from sfa.util.record import SfaRecord
+ if not gids:
+ return
+ table = SfaTable()
+ # get records that actually exist in the db
+ gid_urns = [gid.get_urn() for gid in gids]
+ hrns_expected = [gid.get_hrn() for gid in gids]
+ records_found = table.find({'hrn': hrns_expected, 'pointer': -1})
+
+ # remove old records
+ for record in records_found:
+ if record['hrn'] not in hrns_expected and \
+ record['hrn'] != self.api.config.SFA_INTERFACE_HRN:
+ table.remove(record)
+
+ # TODO: store urn in the db so we do this in 1 query
+ for gid in gids:
+ hrn, type = gid.get_hrn(), gid.get_type()
+ record = table.find({'hrn': hrn, 'type': type, 'pointer': -1})
+ if not record:
+ record = {
+ 'hrn': hrn, 'type': type, 'pointer': -1,
+ 'authority': get_authority(hrn),
+ 'gid': gid.save_to_string(save_parents=True),
+ }
+ record = SfaRecord(dict=record)
+ table.insert(record)
+
+def main():