from geni.util.cert import Keypair, Certificate
from geni.util.gid import GID, create_uuid
from geni.util.geniserver import GeniServer
+from geni.util.geniclient import GeniClient
from geni.util.record import GeniRecord
from geni.util.rights import RightList
from geni.util.genitable import GeniTable
from geni.util.excep import *
from geni.util.misc import *
from geni.util.config import *
+from geni.util.storage import *
##
# Convert geni fields to PLC fields for use when registering up updating
# @param key_file private key filename of registry
# @param cert_file certificate filename containing public key (could be a GID file)
- def __init__(self, ip, port, key_file, cert_file):
+ def __init__(self, ip, port, key_file, cert_file, config = '/usr/share/geniwrapper/geni/util/geni_config'):
GeniServer.__init__(self, ip, port, key_file, cert_file)
# get PL account settings from config module
else:
self.connect_local_shell()
+ self.key_file = key_file
+ self.cert_file = cert_file
+ self.config = Config(config)
+ self.basedir = self.config.GENI_BASE_DIR + os.sep
+ self.server_basedir = self.basedir + os.sep + "geni" + os.sep
+ self.hrn = self.config.GENI_INTERFACE_HRN
+
+ # get peer registry information
+ registries_file = self.server_basedir + os.sep + 'registries.xml'
+ connection_dict = {'hrn': '', 'addr': '', 'port': ''}
+ self.registry_info = XmlStorage(registries_file, {'registries': {'registry': [connection_dict]}})
+ self.registry_info.load()
+ self.connectRegistry()
+ self.connectRegistries()
+
+
##
# Connect to a remote shell via XMLRPC
self.server.register_function(self.list)
self.server.register_function(self.resolve)
+
+ def loadCredential(self):
+ """
+ Attempt to load credential from file if it exists. If it doesnt get
+ credential from registry.
+ """
+
+ # see if this file exists
+ # XX This is really the aggregate's credential. Using this is easier than getting
+ # the registry's credential from iteslf (ssl errors).
+ ma_cred_filename = self.server_basedir + os.sep + "agg." + self.hrn + ".ma.cred"
+ try:
+ self.credential = Credential(filename = ma_cred_filename)
+ except IOError:
+ self.credential = self.getCredentialFromRegistry()
+
+ def getCredentialFromRegistry(self):
+ """
+ Get our current credential from the registry.
+ """
+ # get self credential
+ self_cred_filename = self.server_basedir + os.sep + "smgr." + self.hrn + ".cred"
+ self_cred = self.registry.get_credential(None, 'ma', self.hrn)
+ self_cred.save_to_file(self_cred_filename, save_parents=True)
+
+ # get ma credential
+ ma_cred_filename = self.server_basedir + os.sep + "smgr." + self.hrn + ".sa.cred"
+ ma_cred = self.registry.get_credential(self_cred, 'sa', self.hrn)
+ ma_cred.save_to_file(ma_cred_filename, save_parents=True)
+ return ma_cred
+
+ def connectRegistry(self):
+ """
+ Connect to the registry
+ """
+ # connect to registry using GeniClient
+ address = self.config.GENI_REGISTRY_HOSTNAME
+ port = self.config.GENI_REGISTRY_PORT
+ url = 'http://%(address)s:%(port)s' % locals()
+ self.registry = GeniClient(url, self.key_file, self.cert_file)
+
+ def connectRegistries(self):
+ """
+ Get connection details for the trusted peer registries from file and
+ create an GeniClient connection to each.
+ """
+ self.registries= {}
+ required_fields = ['hrn', 'addr', 'port']
+ registries = self.registry_info['registries']['registry']
+ if isinstance(registries, dict):
+ registries = [registries]
+ if isinstance(registries, list):
+ for registry in registries:
+ # create xmlrpc connection using GeniClient
+ if not set(required_fields).issubset(registry.keys()):
+ continue
+ hrn, address, port = registry['hrn'], registry['addr'], registry['port']
+ if not hrn or not address or not port:
+ continue
+ url = 'http://%(address)s:%(port)s' % locals()
+ self.registries[hrn] = GeniClient(url, self.key_file, self.cert_file)
+
##
# Given an authority name, return the information for that authority. This
# is basically a stub that calls the hierarchy module.
pl_res = self.shell.GetSlices(self.pl_auth, [pointer])
elif (type == "user"):
pl_res = self.shell.GetPersons(self.pl_auth, [pointer])
+ key_ids = pl_res[0]['key_ids']
+ keys = self.shell.GetKeys(self.pl_auth, key_ids)
+ pubkeys = []
+ if keys:
+ pubkeys = [key['key'] for key in keys]
+ pl_res[0]['keys'] = pubkeys
elif (type == "node"):
pl_res = self.shell.GetNodes(self.pl_auth, [pointer])
else:
records = table.list()
- good_records = []
- for record in records:
- try:
- self.fill_record_info(record)
- good_records.append(record)
- except PlanetLabRecordDoesNotExist:
- # silently drop the ones that are missing in PL.
- # is this the right thing to do?
- print "ignoring geni record ", record.get_name(), " because pl record does not exist"
- table.remove(record)
-
- dicts = []
- for record in good_records:
- dicts.append(record.as_dict())
-
- return dicts
-
- return dict_list
+ return records
##
# Resolve a record. This is an internal version of the Resolve API call
def resolve(self, cred, name):
self.decode_authentication(cred, "resolve")
+
+ try:
+ records = self.resolve_raw("*", name)
+ except:
+ records = []
+ for registry in self.registries:
+ if name.startswith(registry):
+ records = self.registries[registry].resolve(self.credential, name)
+
- records = self.resolve_raw("*", name)
dicts = []
for record in records:
dicts.append(record.as_dict())
records = self.resolve_raw("*", name)
gid_string_list = []
for record in records:
- gid = record.get_gid()
+ gid = record.get_gid_object()
gid_string_list.append(gid.save_to_string(save_parents=True))
return gid_string_list
def get_credential(self, cred, type, name):
if not cred:
- return get_self_credential(self, type, name)
+ return self.get_self_credential(type, name)
self.decode_authentication(cred, "getcredential")