### xxx todo not in the config yet
component_port=12346
import os, os.path
+import traceback
import sys
from optparse import OptionParser
-import logging
from sfa.util.sfalogging import sfa_logger
from sfa.trust.trustedroot import TrustedRootList
from sfa.trust.certificate import Keypair, Certificate
from sfa.trust.hierarchy import Hierarchy
+from sfa.trust.gid import GID
from sfa.util.config import Config
from sfa.plc.api import SfaAPI
from sfa.server.registry import Registries
def init_server_key(server_key_file, server_cert_file, config, hierarchy):
- subject = config.SFA_INTERFACE_HRN
+ hrn = config.SFA_INTERFACE_HRN.lower()
# check if the server's private key exists. If it doesnt,
# get the right one from the authorities directory. If it cant be
# found in the authorities directory, generate a random one
if not os.path.exists(key_file):
# if it doesnt exist then this is probably a fresh interface
# with no records. Generate a random keypair for now
- sfa_logger.debug("server's public key not found in %s" % key_file)
- sfa_logger.debug("generating a random server key pair")
+ sfa_logger().debug("server's public key not found in %s" % key_file)
+ sfa_logger().debug("generating a random server key pair")
key = Keypair(create=True)
key.save_to_file(server_key_file)
- cert = Certificate(subject=subject)
- cert.set_issuer(key=key, subject=subject)
- cert.set_pubkey(key)
- cert.sign()
- cert.save_to_file(server_cert_file, save_parents=True)
+ init_server_cert(hrn, key, server_cert_file, self_signed=True)
else:
# the pkey was found in the authorites directory. lets
# the cert
key = Keypair(filename=key_file)
key.save_to_file(server_key_file)
- cert = Certificate(subject=subject)
- cert.set_issuer(key=key, subject=subject)
- cert.set_pubkey(key)
- cert.sign()
- cert.save_to_file(server_cert_file, save_parents=True)
-
+ init_server_cert(hrn, key, server_cert_file)
# If private key exists and cert doesnt, recreate cert
if (os.path.exists(server_key_file)) and (not os.path.exists(server_cert_file)):
key = Keypair(filename=server_key_file)
- cert = Certificate(subject=subject)
- cert.set_issuer(key=key, subject=subject)
- cert.set_pubkey(key)
- cert.sign()
- cert.save_to_file(server_cert_file)
+ init_server_cert(hrn, key, server_cert_file)
+
+
+def init_server_cert(hrn, key, server_cert_file, self_signed=False):
+ """
+ Setup the certificate for this server. Attempt to use gid before
+ creating a self signed cert
+ """
+ if self_signed:
+ init_self_signed_cert(hrn, key, server_cert_file)
+ else:
+ try:
+ # look for gid file
+ sfa_logger().debug("generating server cert from gid: %s"% hrn)
+ hierarchy = Hierarchy()
+ auth_info = hierarchy.get_auth_info(hrn)
+ gid = GID(filename=auth_info.gid_filename)
+ gid.save_to_file(filename=server_cert_file)
+ except:
+ # fall back to self signed cert
+ sfa_logger().debug("gid for %s not found" % hrn)
+ init_self_signed_cert(hrn, key, server_cert_file)
+
+def init_self_signed_cert(hrn, key, server_cert_file):
+ sfa_logger().debug("generating self signed cert")
+ # generate self signed certificate
+ cert = Certificate(subject=hrn)
+ cert.set_issuer(key=key, subject=hrn)
+ cert.set_pubkey(key)
+ cert.sign()
+ cert.save_to_file(server_cert_file)
def init_server(options, config):
"""
Execute the init method defined in the manager file
"""
+ def init_manager(manager_module, manager_base):
+ try: manager = __import__(manager_module, fromlist=[manager_base])
+ except: manager = None
+ if manager and hasattr(manager, 'init_server'):
+ manager.init_server()
+
manager_base = 'sfa.managers'
if options.registry:
mgr_type = config.SFA_REGISTRY_TYPE
manager_module = manager_base + ".registry_manager_%s" % mgr_type
- try: manager = __import__(manager_module, fromlist=[manager_base])
- except: manager = None
- if manager and hasattr(manager, 'init_server'):
- manager.init_server()
+ init_manager(manager_module, manager_base)
if options.am:
mgr_type = config.SFA_AGGREGATE_TYPE
manager_module = manager_base + ".aggregate_manager_%s" % mgr_type
- try: manager = __import__(manager_module, fromlist=[manager_base])
- except: manager = None
- if manager and hasattr(manager, 'init_server'):
- manager.init_server()
+ init_manager(manager_module, manager_base)
if options.sm:
mgr_type = config.SFA_SM_TYPE
manager_module = manager_base + ".slice_manager_%s" % mgr_type
- try: manager = __import__(manager_module, fromlist=[manager_base])
- except: manager = None
- if manager and hasattr(manager, 'init_server'):
- manager.init_server()
+ init_manager(manager_module, manager_base)
if options.cm:
mgr_type = config.SFA_CM_TYPE
manager_module = manager_base + ".component_manager_%s" % mgr_type
- try: manager = __import__(manager_module, fromlist=[manager_base])
- except: manager = None
- if manager and hasattr(manager, 'init_server'):
- manager.init_server()
+ init_manager(manager_module, manager_base)
def sync_interfaces(server_key_file, server_cert_file):
"""
help="run aggregate manager", default=False)
parser.add_option("-c", "--component", dest="cm", action="store_true",
help="run component server", default=False)
- parser.add_option("-v", "--verbose", dest="verbose", action="store_true",
- help="verbose mode", default=False)
+ parser.add_option("-v", "--verbose", action="count", dest="verbose", default=0,
+ help="verbose mode - cumulative")
parser.add_option("-d", "--daemon", dest="daemon", action="store_true",
help="Run as daemon.", default=False)
(options, args) = parser.parse_args()
- if options.verbose: sfa_logger.setLevel(logging.DEBUG)
+ sfa_logger().setLevelFromOptVerbose(options.verbose)
config = Config()
- if config.SFA_API_DEBUG: sfa_logger.setLevel(logging.DEBUG)
+ if config.SFA_API_DEBUG: sfa_logger().setLevelDebug()
hierarchy = Hierarchy()
server_key_file = os.path.join(hierarchy.basedir, "server.key")
server_cert_file = os.path.join(hierarchy.basedir, "server.cert")
r = Registry("", config.SFA_REGISTRY_PORT, server_key_file, server_cert_file)
r.start()
- # start aggregate manager
if (options.am):
from sfa.server.aggregate import Aggregate
a = Aggregate("", config.SFA_AGGREGATE_PORT, server_key_file, server_cert_file)
try:
main()
except:
- sfa_logger.log_exc_critical("SFA server is exiting")
+ sfa_logger().log_exc_critical("SFA server is exiting")