+ if verbose:
+ print("Getting credential from registry")
+ # make sure node private key exists
+ node_pkey_file = config_dir + os.sep + "node.key"
+ node_gid_file = config_dir + os.sep + "node.gid"
+ if not os.path.exists(node_pkey_file) or \
+ not os.path.exists(node_gid_file):
+ get_node_key(registry=registry, verbose=verbose)
+
+ gid = GID(filename=node_gid_file)
+ hrn = gid.get_hrn()
+ # create server key and certificate
+ keyfile = data_dir + os.sep + "server.key"
+ certfile = data_dir + os.sep + "server.cert"
+ key = Keypair(filename=node_pkey_file)
+ key.save_to_file(keyfile)
+ create_server_keypair(keyfile, certfile, hrn, verbose)
+
+ # get credential from registry
+ registry = server_proxy(
+ url=registry, keyfile=keyfile, certfile=certfile)
+ cert = Certificate(filename=certfile)
+ cert_str = cert.save_to_string(save_parents=True)
+ cred = registry.GetSelfCredential(cert_str, 'node', hrn)
+ Credential(string=cred).save_to_file(credfile, save_parents=True)
+
+ return cred
+
+
+@handle_gid_mismatch_exception
+def get_trusted_certs(registry=None, verbose=False):
+ """
+ refresh our list of trusted certs.
+ """
+ # define useful variables
+ config = Config()
+ data_dir = config.SFA_DATA_DIR
+ config_dir = config.SFA_CONFIG_DIR
+ trusted_certs_dir = config.get_trustedroots_dir()
+ keyfile = data_dir + os.sep + "server.key"
+ certfile = data_dir + os.sep + "server.cert"
+ node_gid_file = config_dir + os.sep + "node.gid"
+ node_gid = GID(filename=node_gid_file)
+ hrn = node_gid.get_hrn()
+ # get credential
+ cred = GetCredential(registry=registry, verbose=verbose)
+ # make sure server key cert pair exists
+ create_server_keypair(
+ keyfile=keyfile, certfile=certfile, hrn=hrn, verbose=verbose)
+ registry = server_proxy(url=registry, keyfile=keyfile, certfile=certfile)
+ # get the trusted certs and save them in the right place
+ if verbose:
+ print("Getting trusted certs from registry")
+ trusted_certs = registry.get_trusted_certs(cred)
+ trusted_gid_names = []
+ for gid_str in trusted_certs:
+ gid = GID(string=gid_str)
+ gid.decode()
+ relative_filename = gid.get_hrn() + ".gid"
+ trusted_gid_names.append(relative_filename)
+ gid_filename = trusted_certs_dir + os.sep + relative_filename
+ if verbose:
+ print("Writing GID for %s as %s" % (gid.get_hrn(), gid_filename))
+ gid.save_to_file(gid_filename, save_parents=True)
+
+ # remove old certs
+ all_gids_names = os.listdir(trusted_certs_dir)
+ for gid_name in all_gids_names:
+ if gid_name not in trusted_gid_names:
+ if verbose:
+ print("Removing old gid ", gid_name)
+ os.unlink(trusted_certs_dir + os.sep + gid_name)
+
+
+@handle_gid_mismatch_exception
+def get_gids(registry=None, verbose=False):
+ """
+ Get the gid for all instantiated slices on this node and store it
+ in /etc/sfa/slice.gid in the slice's filesystem
+ """
+ # define useful variables
+ config = Config()
+ data_dir = config.data_path
+ config_dir = config.SFA_CONFIG_DIR
+ trusted_certs_dir = config.get_trustedroots_dir()
+ keyfile = data_dir + os.sep + "server.key"
+ certfile = data_dir + os.sep + "server.cert"
+ node_gid_file = config_dir + os.sep + "node.gid"
+ node_gid = GID(filename=node_gid_file)
+ hrn = node_gid.get_hrn()
+ interface_hrn = config.SFA_INTERFACE_HRN
+ # get credential
+ cred = GetCredential(registry=registry, verbose=verbose)
+ # make sure server key cert pair exists
+ create_server_keypair(
+ keyfile=keyfile, certfile=certfile, hrn=hrn, verbose=verbose)
+ registry = server_proxy(url=registry, keyfile=keyfile, certfile=certfile)
+
+ if verbose:
+ print("Getting current slices on this node")
+ # get a list of slices on this node
+ from sfa.generic import Generic
+ generic = Generic.the_flavour()
+ api = generic.make_api(interface='component')
+ xids_tuple = api.driver.nodemanager.GetXIDs()
+ slices = eval(xids_tuple[1])
+ slicenames = slices.keys()
+
+ # generate a list of slices that dont have gids installed
+ slices_without_gids = []
+ for slicename in slicenames:
+ if not os.path.isfile("/vservers/%s/etc/slice.gid" % slicename) \
+ or not os.path.isfile("/vservers/%s/etc/node.gid" % slicename):
+ slices_without_gids.append(slicename)
+
+ # convert slicenames to hrns
+ hrns = [slicename_to_hrn(interface_hrn, slicename)
+ for slicename in slices_without_gids]
+
+ # exit if there are no gids to install
+ if not hrns:
+ return
+
+ if verbose:
+ print("Getting gids for slices on this node from registry")
+ # get the gids
+ # and save them in the right palce
+ records = registry.GetGids(hrns, cred)
+ for record in records:
+ # if this isnt a slice record skip it
+ if not record['type'] == 'slice':
+ continue
+ slicename = hrn_to_pl_slicename(record['hrn'])
+ # if this slice isnt really instatiated skip it
+ if not os.path.exists("/vservers/%(slicename)s" % locals()):
+ continue
+
+ # save the slice gid in /etc/sfa/ in the vservers filesystem
+ vserver_path = "/vservers/%(slicename)s" % locals()
+ gid = record['gid']
+ slice_gid_filename = os.sep.join([vserver_path, "etc", "slice.gid"])
+ if verbose:
+ print("Saving GID for %(slicename)s as %(slice_gid_filename)s" % locals())
+ GID(string=gid).save_to_file(slice_gid_filename, save_parents=True)
+ # save the node gid in /etc/sfa
+ node_gid_filename = os.sep.join([vserver_path, "etc", "node.gid"])
+ if verbose:
+ print("Saving node GID for %(slicename)s as %(node_gid_filename)s" % locals())
+ node_gid.save_to_file(node_gid_filename, save_parents=True)
+
+
+def dispatch(options, args):
+
+ create_default_dirs()
+ if options.key:
+ if options.verbose:
+ print("Getting the component's pkey")
+ get_node_key(registry=options.registry, verbose=options.verbose)
+ if options.certs:
+ if options.verbose:
+ print("Getting the component's trusted certs")
+ get_trusted_certs(verbose=options.verbose)
+ if options.gids:
+ if options.verbose:
+ print("Geting the component's GIDs")
+ get_gids(verbose=options.verbose)
+