# TODO: Can all three servers use the same "registry" certificate?
##
-# TCP ports for the three servers
-#registry_port=12345
-#aggregate_port=12346
-#slicemgr_port=12347
### xxx todo not in the config yet
component_port=12346
import os, os.path
from sfa.util.sfalogging import logger
from sfa.util.xrn import get_authority, hrn_to_urn
from sfa.util.config import Config
-import sfa.client.xmlrpcprotocol as xmlrpcprotocol
-
+from sfa.trust.gid import GID
+from sfa.trust.trustedroots import TrustedRoots
from sfa.trust.certificate import Keypair, Certificate
from sfa.trust.hierarchy import Hierarchy
from sfa.trust.gid import GID
from sfa.server.sfaapi import SfaApi
-
from sfa.server.registry import Registries
from sfa.server.aggregate import Aggregates
devnull = os.open(os.devnull, os.O_RDWR)
os.dup2(devnull, 0)
# xxx fixme - this is just to make sure that nothing gets stupidly lost - should use devnull
- crashlog = os.open('/var/log/httpd/sfa_access_log', os.O_RDWR | os.O_APPEND | os.O_CREAT, 0644)
+ logdir='/var/log/httpd'
+ # when installed in standalone we might not have httpd installed
+ if not os.path.isdir(logdir): os.mkdir('/var/log/httpd')
+ crashlog = os.open('%s/sfa_access_log'%logdir, os.O_RDWR | os.O_APPEND | os.O_CREAT, 0644)
os.dup2(crashlog, 1)
os.dup2(crashlog, 2)
Removes old records from the db.
"""
# import SfaTable here so this module can be loaded by PlcComponentApi
- from sfa.util.table import SfaTable
- from sfa.util.record import SfaRecord
+ from sfa.storage.table import SfaTable
+ from sfa.storage.record import SfaRecord
if not gids:
return
table = SfaTable()
# ge the server's key and cert
hierarchy = Hierarchy()
- auth_info = hierarchy.get_interface_auth_info()
+ auth_info = hierarchy.get_interface_auth_info()
server_key_file = auth_info.get_privkey_filename()
server_cert_file = auth_info.get_gid_filename()
+ # ensure interface cert is present in trusted roots dir
+ trusted_roots = TrustedRoots(config.get_trustedroots_dir())
+ trusted_roots.add_gid(GID(filename=server_cert_file))
if (options.daemon): daemon()
if options.trusted_certs: