#!/usr/bin/python -tt
# vim:set ts=4 sw=4 expandtab:
#
-# $Id$
-# $URL$
-#
# NodeManager plugin for creating credentials in slivers
# (*) empower slivers to make API calls throught hmac
# (*) also create a ssh key - used by the OMF resource controller
# for authenticating itself with its Experiment Controller
-# xxx todo : a config option for turning these 2 things on or off ?
+# in order to avoid spamming the DB with huge amounts of such tags,
+# (*) slices need to have the 'enable_hmac' tag set
+# (*) or the 'omf_control' tag set, respectively
"""
Sliver authentication support for NodeManager.
logger.log("sliverauth: plc-instantiated slice %s does not yet exist. IGNORING!" % sliver['name'])
continue
+ system_slice = False
+ for chunk in sliver['attributes']:
+ if chunk['tagname'] == "system":
+ if chunk['value'] in (True, 1, '1') or chunk['value'].lower() == "true":
+ system_slice = True
+
for chunk in sliver['attributes']:
- if chunk['tagname']=='enable_hmac':
+ if chunk['tagname']=='enable_hmac' and not system_slice:
manage_hmac (plc, sliver)
- elif chunk['tagname']=='omf_control':
+
+ if chunk['tagname']=='omf_control':
manage_sshkey (plc, sliver)
if not os.path.isdir (dotssh):
os.mkdir (dotssh, 0700)
logger.log_call ( [ 'chown', "%s:slices"%(sliver['name']), dotssh ] )
- if not os.path.isfile (pubfile):
+ if not os.path.isfile(pubfile):
comment="%s@%s"%(sliver['name'],socket.gethostname())
logger.log_call( [ 'ssh-keygen', '-t', 'rsa', '-N', '', '-f', keyfile , '-C', comment] )
os.chmod (keyfile, 0400)
logger.log_call ( [ 'chown', "%s:slices"%(sliver['name']), keyfile, pubfile ] )
- return file(pubfile).read().strip()
+ with open(pubfile) as f:
+ return f.read().strip()
# a sliver can get created, deleted and re-created
# the slice having the tag is not sufficient to skip key geneneration
git://git.onelab.eu / nodemanager.git / blobdiff