default="all")
# display formats
if command in ("resources"):
+ parser.add_option("-r", "--rspec-version", dest="rspec_version", default="SFA 1",
+ help="schema type and version of resulting RSpec")
parser.add_option("-f", "--format", dest="format", type="choice",
help="display format ([xml]|dns|ip)", default="xml",
choices=("xml", "dns", "ip"))
help="delegate slice credential", metavar="HRN", default=None)
if command in ("version"):
+ parser.add_option("-a", "--aggregate", dest="aggregate",
+ default=None, help="aggregate host")
+ parser.add_option("-p", "--port", dest="port",
+ default=AGGREGATE_PORT, help="aggregate port")
parser.add_option("-R","--registry-version",
action="store_true", dest="version_registry", default=False,
help="probe registry version instead of slicemgr")
self.key = Keypair(filename=key_file)
self.key_file = key_file
self.cert_file = cert_file
- self.cert = Certificate(filename=cert_file)
+ self.cert = GID(filename=cert_file)
# Establish connection to server(s)
self.logger.info("Contacting Registry at: %s"%self.reg_url)
self.registry = xmlrpcprotocol.get_server(self.reg_url, key_file, cert_file, self.options)
def get_cert_file(self, key_file):
- file = os.path.join(self.options.sfi_dir, self.user.replace(self.authority + '.', '') + ".cert")
- if (os.path.isfile(file)):
- # use existing cert if it exists
- return file
- else:
- try:
- # attempt to use gid as the cert.
- gid = self._get_gid()
- self.logger.info("Writing certificate to %s"%file)
- gid.save_to_file(file)
- except:
- # generate self signed certificate
- k = Keypair(filename=key_file)
- cert = Certificate(subject=self.user)
- cert.set_pubkey(k)
- cert.set_issuer(k, self.user)
- cert.sign()
- self.logger.info("Writing self-signed certificate to %s"%file)
- cert.save_to_file(file)
-
- return file
+ cert_file = os.path.join(self.options.sfi_dir, self.user.replace(self.authority + '.', '') + ".cert")
+ if (os.path.isfile(cert_file)):
+ # we'd perfer to use Registry issued certs instead of self signed certs.
+ # if this is a Registry cert (GID) then we are done
+ gid = GID(filename=cert_file)
+ if gid.get_urn():
+ return cert_file
+
+ # generate self signed certificate
+ k = Keypair(filename=key_file)
+ cert = Certificate(subject=self.user)
+ cert.set_pubkey(k)
+ cert.set_issuer(k, self.user)
+ cert.sign()
+ self.logger.info("Writing self-signed certificate to %s"%cert_file)
+ cert.save_to_file(cert_file)
+ # try to get registry issued cert
+ try:
+ self.logger.info("Getting Registry issued cert")
+ self.read_config()
+ # *hack. need to set registyr before _get_gid() is called
+ self.registry = xmlrpcprotocol.get_server(self.reg_url, key_file, cert_file, self.options)
+ gid = self._get_gid(type='user')
+ self.registry = None
+ self.logger.info("Writing certificate to %s"%cert_file)
+ gid.save_to_file(cert_file)
+ except:
+ self.logger.info("Failed to download Registry issued cert")
+
+ return cert_file
def get_cached_gid(self, file):
"""
self.logger.debug("Sfi.get_gid-> %s",gid.save_to_string(save_parents=True))
return gid
- def _get_gid(self, hrn=None):
+ def _get_gid(self, hrn=None, type=None):
"""
git_gid helper. Retrive the gid from the registry and save it to file.
"""
if not gid:
user_cred = self.get_user_cred()
records = self.registry.Resolve(hrn, user_cred.save_to_string(save_parents=True))
- if not records:
+ record = None
+ if type:
+ for rec in records:
+ if type == record['type']:
+ record = rec
+ if not record:
raise RecordNotFound(args[0])
gid = GID(string=records[0]['gid'])
self.logger.info("Writing gid to %s"%gidfile)
if (os.path.isfile(file)):
return file
else:
- self.logger.critical("No such rspec file"%rspec)
+ self.logger.critical("No such rspec file %s"%rspec)
sys.exit(1)
def get_record_file(self, record):
delegated_cred = self.delegate_cred(user_cred, get_authority(self.authority))
creds.append(delegated_cred)
server = self.get_server_from_opts(opts)
- results = server.ListSlices(creds, unique_call_id())
+ #results = server.ListSlices(creds, unique_call_id())
+ results = server.ListSlices(creds)
display_list(results)
return
creds = [cred]
if opts.delegate:
delegated_cred = self.delegate_cred(cred, get_authority(self.authority))
- creds.append(delegated_cred)
+ creds.append(delegated_cred)
+ if opts.rspec_version:
+ call_options['rspec_version'] = opts.rspec_version
result = server.ListResources(creds, call_options,unique_call_id())
format = opts.format
if opts.file is None:
creds.append(delegated_cred)
rspec_file = self.get_rspec_file(args[1])
rspec = open(rspec_file).read()
+
+ # users = [
+ # { urn: urn:publicid:IDN+emulab.net+user+alice
+ # keys: [<ssh key A>, <ssh key B>]
+ # }]
+ users = []
server = self.get_server_from_opts(opts)
- result = server.CreateSliver(slice_urn, creds, rspec, [], unique_call_id())
+ version = server.GetVersion()
+ if 'sfa' not in version:
+ # need to pass along user keys if this request is going to a ProtoGENI aggregate
+ # ProtoGeni Aggregates will only install the keys of the user that is issuing the
+ # request. So we will only pass in one user that contains the keys for all
+ # users of the slice
+ user = {'urn': user_cred.get_gid_caller().get_urn(),
+ 'keys': []}
+ slice_record = self.registry.Resolve(slice_urn, creds)
+ if slice_record and 'researchers' in slice_record:
+ user_hrns = slice_record['researchers']
+ user_urns = [hrn_to_urn(hrn, 'user') for hrn in user_hrns]
+ user_records = self.registry.Resolve(user_urns, creds)
+ for user_record in user_records:
+ if 'keys' in user_record:
+ user['keys'].extend(user_record['keys'])
+ users.append(user)
+ result = server.CreateSliver(slice_urn, creds, rspec, users, unique_call_id())
print result
return result
delegated_cred = self.delegate_cred(slice_cred, get_authority(self.authority))
creds.append(delegated_cred)
server = self.get_server_from_opts(opts)
- print server.SliverStatus(slice_urn, creds)
+ print server.SliverStatus(slice_urn, creds, unique_call_id())
def shutdown(self, opts, args):
git://git.onelab.eu / sfa.git / blobdiff