X-Git-Url: http://git.onelab.eu/?a=blobdiff_plain;ds=sidebyside;f=sfa%2Fclient%2Fsfi.py;h=57cb37ee9aeedbb5e4d120e478be14689e4e935e;hb=ad6e6a07af006740c39cfbf091f7514dc7f8e507;hp=a8a012c01f2eb019f0bacdcf9c049ad520f34ff7;hpb=c1f88dae411caf4375fc9f465b1a8231c9df88a5;p=sfa.git diff --git a/sfa/client/sfi.py b/sfa/client/sfi.py index a8a012c0..57cb37ee 100644 --- a/sfa/client/sfi.py +++ b/sfa/client/sfi.py @@ -13,10 +13,12 @@ import datetime import codecs import pickle import json +import shutil from lxml import etree from StringIO import StringIO from optparse import OptionParser from pprint import PrettyPrinter +from tempfile import mkstemp from sfa.trust.certificate import Keypair, Certificate from sfa.trust.gid import GID @@ -40,6 +42,7 @@ from sfa.client.sfaclientlib import SfaClientBootstrap from sfa.client.sfaserverproxy import SfaServerProxy, ServerException from sfa.client.client_helper import pg_users_arg, sfa_users_arg from sfa.client.return_value import ReturnValue +from sfa.client.candidates import Candidates CM_PORT=12346 @@ -112,6 +115,22 @@ def filter_records(type, records): return filtered_records +def credential_printable (cred): + credential=Credential(cred=cred) + result="" + result += credential.get_summary_tostring() + result += "\n" + rights = credential.get_privileges() + result += "type=%s\n" % credential.type + result += "version=%s\n" % credential.version + result += "rights=%s\n"%rights + return result + +def show_credentials (cred_s): + if not isinstance (cred_s,list): cred_s = [cred_s] + for cred in cred_s: + print "Using Credential %s"%credential_printable(cred) + # save methods def save_raw_to_file(var, filename, format="text", banner=None): if filename == "-": @@ -265,21 +284,21 @@ class Sfi: ("add", "record"), ("update", "record"), ("remove", "name"), - ("slices", ""), - ("resources", "[slice_hrn]"), + ("resources", ""), + ("describe", "slice_hrn"), ("create", "slice_hrn rspec"), + ("allocate", "slice_hrn rspec"), + ("provision", "slice_hrn"), + ("action", "slice_hrn action"), ("delete", "slice_hrn"), ("status", "slice_hrn"), - ("start", "slice_hrn"), - ("stop", "slice_hrn"), - ("reset", "slice_hrn"), ("renew", "slice_hrn time"), ("shutdown", "slice_hrn"), ("get_ticket", "slice_hrn rspec"), ("redeem_ticket", "ticket"), ("delegate", "name"), - ("create_gid", "[name]"), - ("get_trusted_certs", "cred"), + ("gid", "[name]"), + ("trusted", "cred"), ("config", ""), ] @@ -343,13 +362,17 @@ class Sfi: help="set extra/testbed-dependent flags, e.g. --extra enabled=true") # user specifies remote aggregate/sm/component - if command in ("resources", "slices", "create", "delete", "start", "stop", - "restart", "shutdown", "get_ticket", "renew", "status"): + if command in ("resources", "describe", "allocate", "provision", "create", "delete", "allocate", "provision", + "action", "shutdown", "get_ticket", "renew", "status"): parser.add_option("-d", "--delegate", dest="delegate", default=None, action="store_true", help="Include a credential delegated to the user's root"+\ "authority in set of credentials for this call") + # show_credential option + if command in ("list","resources", "describe", "provision", "allocate", "create","add","update","remove","slices","delete","status","renew"): + parser.add_option("-C","--credential",dest='show_credential',action='store_true',default=False, + help="show credential(s) used in human-readable form") # registy filter option if command in ("list", "show", "remove"): parser.add_option("-t", "--type", dest="type", type="choice", @@ -359,7 +382,7 @@ class Sfi: if command in ("show"): parser.add_option("-k","--key",dest="keys",action="append",default=[], help="specify specific keys to be displayed from record") - if command in ("resources"): + if command in ("resources", "describe"): # rspec version parser.add_option("-r", "--rspec-version", dest="rspec_version", default="SFA 1", help="schema type and version of resulting RSpec") @@ -381,7 +404,7 @@ class Sfi: # 'create' does return the new rspec, makes sense to save that too - if command in ("resources", "show", "list", "create_gid", 'create'): + if command in ("resources", "describe", "allocate", "provision", "show", "list", "gid", 'create'): parser.add_option("-o", "--output", dest="file", help="output XML to file", metavar="FILE", default=None) @@ -483,14 +506,21 @@ class Sfi: self.print_command_help(options) return -1 - command = args[0] + # complete / find unique match with command set + command_candidates = Candidates (self.available_names) + input = args[0] + command = command_candidates.only_match(input) + if not command: + self.print_command_help(options) + sys.exit(1) + # second pass options parsing self.command_parser = self.create_command_parser(command) (command_options, command_args) = self.command_parser.parse_args(args[1:]) self.command_options = command_options self.read_config () self.bootstrap () - self.logger.info("Command=%s" % command) + self.logger.debug("Command=%s" % command) try: self.dispatch(command, command_options, command_args) @@ -503,16 +533,32 @@ class Sfi: #################### def read_config(self): config_file = os.path.join(self.options.sfi_dir,"sfi_config") + shell_config_file = os.path.join(self.options.sfi_dir,"sfi_config.sh") try: - config = Config (config_file) + if Config.is_ini(config_file): + config = Config (config_file) + else: + # try upgrading from shell config format + fp, fn = mkstemp(suffix='sfi_config', text=True) + config = Config(fn) + # we need to preload the sections we want parsed + # from the shell config + config.add_section('sfi') + config.add_section('sface') + config.load(config_file) + # back up old config + shutil.move(config_file, shell_config_file) + # write new config + config.save(config_file) + except: - self.logger.critical("Failed to read configuration file %s"%config_file) - self.logger.info("Make sure to remove the export clauses and to add quotes") - if self.options.verbose==0: - self.logger.info("Re-run with -v for more details") - else: - self.logger.log_exc("Could not read config file %s"%config_file) - sys.exit(1) + self.logger.critical("Failed to read configuration file %s"%config_file) + self.logger.info("Make sure to remove the export clauses and to add quotes") + if self.options.verbose==0: + self.logger.info("Re-run with -v for more details") + else: + self.logger.log_exc("Could not read config file %s"%config_file) + sys.exit(1) errors = 0 # Set SliceMgr URL @@ -530,7 +576,7 @@ class Sfi: elif hasattr(config, "SFI_REGISTRY"): self.reg_url = config.SFI_REGISTRY else: - self.logger.errors("You need to set e.g. SFI_REGISTRY='http://your.registry.url:12345/' in %s" % config_file) + self.logger.error("You need to set e.g. SFI_REGISTRY='http://your.registry.url:12345/' in %s" % config_file) errors += 1 # Set user HRN @@ -539,7 +585,7 @@ class Sfi: elif hasattr(config, "SFI_USER"): self.user = config.SFI_USER else: - self.logger.errors("You need to set e.g. SFI_USER='plc.princeton.username' in %s" % config_file) + self.logger.error("You need to set e.g. SFI_USER='plc.princeton.username' in %s" % config_file) errors += 1 # Set authority HRN @@ -581,7 +627,8 @@ class Sfi: # init self-signed cert, user credentials and gid def bootstrap (self): - client_bootstrap = SfaClientBootstrap (self.user, self.reg_url, self.options.sfi_dir) + client_bootstrap = SfaClientBootstrap (self.user, self.reg_url, self.options.sfi_dir, + logger=self.logger) # if -k is provided, use this to initialize private key if self.options.user_private_key: client_bootstrap.init_private_key_if_missing (self.options.user_private_key) @@ -591,7 +638,7 @@ class Sfi: if not os.path.isfile(client_bootstrap.private_key_filename()): self.logger.info ("private key not found, trying legacy name") try: - legacy_private_key = os.path.join (self.options.sfi_dir, "%s.pkey"%get_leaf(self.user)) + legacy_private_key = os.path.join (self.options.sfi_dir, "%s.pkey"%Xrn.unescape(get_leaf(self.user))) self.logger.debug("legacy_private_key=%s"%legacy_private_key) client_bootstrap.init_private_key_if_missing (legacy_private_key) self.logger.info("Copied private key from legacy location %s"%legacy_private_key) @@ -604,6 +651,9 @@ class Sfi: # extract what's needed self.private_key = client_bootstrap.private_key() self.my_credential_string = client_bootstrap.my_credential_string () + self.my_credential = {'geni_type': 'geni_sfa', + 'geni_version': '3.0', + 'geni_value': self.my_credential_string} self.my_gid = client_bootstrap.my_gid () self.client_bootstrap = client_bootstrap @@ -617,6 +667,11 @@ class Sfi: def slice_credential_string(self, name): return self.client_bootstrap.slice_credential_string (name) + def slice_credential(self, name): + return {'geni_type': 'geni_sfa', + 'geni_version': '3.0', + 'geni_value': self.slice_credential_string(name)} + # xxx should be supported by sfaclientbootstrap as well def delegate_cred(self, object_cred, hrn, type='authority'): # the gid and hrn of the object we are delegating @@ -802,6 +857,8 @@ or version information about sfi itself if options.recursive: opts['recursive'] = options.recursive + if options.show_credential: + show_credentials(self.my_credential_string) try: list = self.registry().List(hrn, self.my_credential_string, options) except IndexError: @@ -849,6 +906,8 @@ or version information about sfi itself def add(self, options, args): "add record into registry from xml file (Register)" auth_cred = self.my_authority_credential_string() + if options.show_credential: + show_credentials(auth_cred) record_dict = {} if len(args) > 0: record_filepath = args[0] @@ -906,6 +965,8 @@ or version information about sfi itself cred = self.my_authority_credential_string() else: raise "unknown record type" + record_dict['type'] + if options.show_credential: + show_credentials(cred) return self.registry().Update(record_dict, cred) def remove(self, options, args): @@ -918,6 +979,8 @@ or version information about sfi itself type = options.type if type in ['all']: type = '*' + if options.show_credential: + show_credentials(auth_cred) return self.registry().Remove(hrn, auth_cred, type) # ================================================================== @@ -934,7 +997,9 @@ or version information about sfi itself creds.append(delegated_cred) # options and call_id when supported api_options = {} - api_options['call_id']=unique_call_id() + api_options['call_id']=unique_call_id() + if options.show_credential: + show_credentials(creds) result = server.ListSlices(creds, *self.ois(server,api_options)) value = ReturnValue.get_value(result) if self.options.raw: @@ -946,19 +1011,17 @@ or version information about sfi itself # show rspec for named slice def resources(self, options, args): """ - with no arg, discover available resources, (ListResources) + discover available resources or with an slice hrn, shows currently provisioned resources """ server = self.sliceapi() # set creds - creds = [] - if args: - creds.append(self.slice_credential_string(args[0])) - else: - creds.append(self.my_credential_string) + creds = [self.my_credential] if options.delegate: creds.append(self.delegate_cred(cred, get_authority(self.authority))) + if options.show_credential: + show_credentials(creds) # no need to check if server accepts the options argument since the options has # been a required argument since v1 API @@ -967,9 +1030,6 @@ or with an slice hrn, shows currently provisioned resources api_options ['call_id'] = unique_call_id() # ask for cached value if available api_options ['cached'] = True - if args: - hrn = args[0] - api_options['geni_slice_urn'] = hrn_to_urn(hrn, 'slice') if options.info: api_options['info'] = options.info if options.list_leases: @@ -1000,6 +1060,45 @@ or with an slice hrn, shows currently provisioned resources return + def describe(self, options, args): + """ + Shows currently provisioned resources. + """ + server = self.sliceapi() + + # set creds + creds = [self.slice_credential(args[0])] + if options.delegate: + creds.append(self.delegate_cred(cred, get_authority(self.authority))) + if options.show_credential: + show_credentials(creds) + + api_options = {'call_id': unique_call_id(), + 'cached': True, + 'info': options.info, + 'list_leases': options.list_leases, + 'geni_rspec_version': {'type': 'geni', 'version': '3.0'}, + } + if options.rspec_version: + version_manager = VersionManager() + server_version = self.get_cached_server_version(server) + if 'sfa' in server_version: + # just request the version the client wants + api_options['geni_rspec_version'] = version_manager.get_version(options.rspec_version).to_dict() + else: + api_options['geni_rspec_version'] = {'type': 'geni', 'version': '3.0'} + urn = Xrn(args[0], type='slice').get_urn() + result = server.Describe([urn], creds, api_options) + value = ReturnValue.get_value(result) + if self.options.raw: + save_raw_to_file(result, self.options.raw, self.options.rawformat, self.options.rawbanner) + if options.file is not None: + save_rspec_to_file(value, options.file) + if (self.options.raw is None) and (options.file is None): + display_rspec(value, options.format) + + return + def create(self, options, args): """ create or update named slice with given rspec @@ -1013,6 +1112,7 @@ or with an slice hrn, shows currently provisioned resources # credentials creds = [self.slice_credential_string(slice_hrn)] + delegated_cred = None server_version = self.get_cached_server_version(server) if server_version.get('interface') == 'slicemgr': @@ -1024,6 +1124,9 @@ or with an slice hrn, shows currently provisioned resources #elif server_version.get('urn'): # delegated_cred = self.delegate_cred(slice_cred, urn_to_hrn(server_version['urn'])) + if options.show_credential: + show_credentials(creds) + # rspec rspec_file = self.get_rspec_file(args[1]) rspec = open(rspec_file).read() @@ -1053,8 +1156,6 @@ or with an slice hrn, shows currently provisioned resources # do not append users, keys, or slice tags. Anything # not contained in this request will be removed from the slice - # CreateSliver has supported the options argument for a while now so it should - # be safe to assume this server support it api_options = {} api_options ['append'] = False api_options ['call_id'] = unique_call_id() @@ -1080,7 +1181,7 @@ or with an slice hrn, shows currently provisioned resources slice_urn = hrn_to_urn(slice_hrn, 'slice') # creds - slice_cred = self.slice_credential_string(slice_hrn) + slice_cred = self.slice_credential(slice_hrn) creds = [slice_cred] if options.delegate: delegated_cred = self.delegate_cred(slice_cred, get_authority(self.authority)) @@ -1089,14 +1190,110 @@ or with an slice hrn, shows currently provisioned resources # options and call_id when supported api_options = {} api_options ['call_id'] = unique_call_id() - result = server.DeleteSliver(slice_urn, creds, *self.ois(server, api_options ) ) + if options.show_credential: + show_credentials(creds) + result = server.Delete([slice_urn], creds, *self.ois(server, api_options ) ) value = ReturnValue.get_value(result) if self.options.raw: save_raw_to_file(result, self.options.raw, self.options.rawformat, self.options.rawbanner) else: print value - return value - + return value + + def allocate(self, options, args): + server = self.sliceapi() + server_version = self.get_cached_server_version(server) + slice_hrn = args[0] + slice_urn = Xrn(slice_hrn, type='slice').get_urn() + + # credentials + creds = [self.slice_credential(slice_hrn)] + + delegated_cred = None + if server_version.get('interface') == 'slicemgr': + # delegate our cred to the slice manager + # do not delegate cred to slicemgr...not working at the moment + pass + #if server_version.get('hrn'): + # delegated_cred = self.delegate_cred(slice_cred, server_version['hrn']) + #elif server_version.get('urn'): + # delegated_cred = self.delegate_cred(slice_cred, urn_to_hrn(server_version['urn'])) + + if options.show_credential: + show_credentials(creds) + + # rspec + rspec_file = self.get_rspec_file(args[1]) + rspec = open(rspec_file).read() + api_options = {} + api_options ['call_id'] = unique_call_id() + result = server.Allocate(slice_urn, creds, rspec, api_options) + value = ReturnValue.get_value(result) + if self.options.raw: + save_raw_to_file(result, self.options.raw, self.options.rawformat, self.options.rawbanner) + if options.file is not None: + save_rspec_to_file (value, options.file) + if (self.options.raw is None) and (options.file is None): + print value + + return value + + + def provision(self, options, args): + server = self.sliceapi() + server_version = self.get_cached_server_version(server) + slice_hrn = args[0] + slice_urn = Xrn(slice_hrn, type='slice').get_urn() + + # credentials + creds = [self.slice_credential(slice_hrn)] + delegated_cred = None + if server_version.get('interface') == 'slicemgr': + # delegate our cred to the slice manager + # do not delegate cred to slicemgr...not working at the moment + pass + #if server_version.get('hrn'): + # delegated_cred = self.delegate_cred(slice_cred, server_version['hrn']) + #elif server_version.get('urn'): + # delegated_cred = self.delegate_cred(slice_cred, urn_to_hrn(server_version['urn'])) + + if options.show_credential: + show_credentials(creds) + + api_options = {} + api_options ['call_id'] = unique_call_id() + + # set the requtested rspec version + version_manager = VersionManager() + rspec_version = version_manager._get_version('geni', '3.0').to_dict() + api_options['geni_rspec_version'] = rspec_version + + # users + # need to pass along user keys to the aggregate. + # users = [ + # { urn: urn:publicid:IDN+emulab.net+user+alice + # keys: [, ] + # }] + users = [] + slice_records = self.registry().Resolve(slice_urn, [self.my_credential_string]) + if slice_records and 'researcher' in slice_records[0] and slice_records[0]['researcher']!=[]: + slice_record = slice_records[0] + user_hrns = slice_record['researcher'] + user_urns = [hrn_to_urn(hrn, 'user') for hrn in user_hrns] + user_records = self.registry().Resolve(user_urns, [self.my_credential_string]) + users = pg_users_arg(user_records) + + api_options['geni_users'] = users + result = server.Provision([slice_urn], creds, api_options) + value = ReturnValue.get_value(result) + if self.options.raw: + save_raw_to_file(result, self.options.raw, self.options.rawformat, self.options.rawbanner) + if options.file is not None: + save_rspec_to_file (value, options.file) + if (self.options.raw is None) and (options.file is None): + print value + return value + def status(self, options, args): """ retrieve slice status (SliverStatus) @@ -1108,7 +1305,7 @@ or with an slice hrn, shows currently provisioned resources slice_urn = hrn_to_urn(slice_hrn, 'slice') # creds - slice_cred = self.slice_credential_string(slice_hrn) + slice_cred = self.slice_credential(slice_hrn) creds = [slice_cred] if options.delegate: delegated_cred = self.delegate_cred(slice_cred, get_authority(self.authority)) @@ -1117,7 +1314,9 @@ or with an slice hrn, shows currently provisioned resources # options and call_id when supported api_options = {} api_options['call_id']=unique_call_id() - result = server.SliverStatus(slice_urn, creds, *self.ois(server,api_options)) + if options.show_credential: + show_credentials(creds) + result = server.Status([slice_urn], creds, *self.ois(server,api_options)) value = ReturnValue.get_value(result) if self.options.raw: save_raw_to_file(result, self.options.raw, self.options.rawformat, self.options.rawbanner) @@ -1172,21 +1371,24 @@ or with an slice hrn, shows currently provisioned resources return value # reset named slice - def reset(self, options, args): + def action(self, options, args): """ - reset named slice (reset_slice) + Perform the named operational action on the named slivers """ server = self.sliceapi() + api_options = {} # slice urn slice_hrn = args[0] - slice_urn = hrn_to_urn(slice_hrn, 'slice') + action = args[1] + slice_urn = Xrn(slice_hrn, type='slice').get_urn() # cred - slice_cred = self.slice_credential_string(args[0]) + slice_cred = self.slice_credential(args[0]) creds = [slice_cred] if options.delegate: delegated_cred = self.delegate_cred(slice_cred, get_authority(self.authority)) creds.append(delegated_cred) - result = server.reset_slice(creds, slice_urn) + + result = server.PerformOperationalAction([slice_urn], creds, action , api_options) value = ReturnValue.get_value(result) if self.options.raw: save_raw_to_file(result, self.options.raw, self.options.rawformat, self.options.rawbanner) @@ -1207,15 +1409,17 @@ or with an slice hrn, shows currently provisioned resources slice_urn = hrn_to_urn(slice_hrn, 'slice') # time: don't try to be smart on the time format, server-side will # creds - slice_cred = self.slice_credential_string(args[0]) + slice_cred = self.slice_credential(args[0]) creds = [slice_cred] if options.delegate: delegated_cred = self.delegate_cred(slice_cred, get_authority(self.authority)) creds.append(delegated_cred) # options and call_id when supported api_options = {} - api_options['call_id']=unique_call_id() - result = server.RenewSliver(slice_urn, creds, input_time, *self.ois(server,api_options)) + api_options['call_id']=unique_call_id() + if options.show_credential: + show_credentials(creds) + result = server.Renew([slice_urn], creds, input_time, *self.ois(server,api_options)) value = ReturnValue.get_value(result) if self.options.raw: save_raw_to_file(result, self.options.raw, self.options.rawformat, self.options.rawbanner) @@ -1233,7 +1437,7 @@ or with an slice hrn, shows currently provisioned resources slice_hrn = args[0] slice_urn = hrn_to_urn(slice_hrn, 'slice') # creds - slice_cred = self.slice_credential_string(slice_hrn) + slice_cred = self.slice_credential(slice_hrn) creds = [slice_cred] if options.delegate: delegated_cred = self.delegate_cred(slice_cred, get_authority(self.authority)) @@ -1266,7 +1470,7 @@ or with an slice hrn, shows currently provisioned resources rspec = open(rspec_file).read() # options and call_id when supported api_options = {} - api_options['call_id']=unique_call_id() + api_options['call_id']=unique_call_id() # get ticket at the server ticket_string = server.GetTicket(slice_urn, creds, rspec, *self.ois(server,api_options)) # save @@ -1316,7 +1520,7 @@ or with an slice hrn, shows currently provisioned resources self.logger.log_exc(e.message) return - def create_gid(self, options, args): + def gid(self, options, args): """ Create a GID (CreateGid) """ @@ -1359,7 +1563,7 @@ or with an slice hrn, shows currently provisioned resources self.logger.info("delegated credential for %s to %s and wrote to %s"%(object_hrn, delegee_hrn,dest_fn)) - def get_trusted_certs(self, options, args): + def trusted(self, options, args): """ return uhe trusted certs at this interface (get_trusted_certs) """ @@ -1368,7 +1572,7 @@ or with an slice hrn, shows currently provisioned resources gid = GID(string=trusted_cert) gid.dump() cert = Certificate(string=trusted_cert) - self.logger.debug('Sfi.get_trusted_certs -> %r'%cert.get_subject()) + self.logger.debug('Sfi.trusted -> %r'%cert.get_subject()) return def config (self, options, args):