X-Git-Url: http://git.onelab.eu/?a=blobdiff_plain;f=plugins%2Fsfagids.py;h=a3e1813824369f7991f261def7731a45462f88ff;hb=48a73b18fd7daed13c645c1adeddb57b560e7a2d;hp=fc16c56f7cebaf5827e2249b2c99bea2148cc2bc;hpb=a1b8649eb48bec7cddb692f115cdc806eddc9baf;p=nodemanager.git diff --git a/plugins/sfagids.py b/plugins/sfagids.py index fc16c56..a3e1813 100644 --- a/plugins/sfagids.py +++ b/plugins/sfagids.py @@ -1,9 +1,6 @@ #!/usr/bin/python -tt # vim:set ts=4 sw=4 expandtab: # -# $Id$ -# $URL$ -# # NodeManager plugin for installing SFA GID's in slivers # @@ -12,9 +9,10 @@ import sys sys.path.append('/usr/share/NodeManager') import logger import traceback +import tempfile try: from sfa.util.namespace import * - from sfa.util.config import Config + from sfa.util.config import Config as SfaConfig import sfa.util.xmlrpcprotocol as xmlrpcprotocol from sfa.trust.certificate import Keypair, Certificate from sfa.trust.credential import Credential @@ -29,9 +27,12 @@ def start(): logger.log("sfagid: plugin starting up ...") if not sfa: return - keyfile, certfile = get_keypair(None) - api = ComponentAPI(key_file=keyfile, cert_file=certfile) - api.get_node_key() + try: + keyfile, certfile = get_keypair(None) + api = ComponentAPI(key_file=keyfile, cert_file=certfile) + api.get_node_key() + except: + return def GetSlivers(data, config=None, plc=None): if not sfa: @@ -73,7 +74,8 @@ def install_gids(api, slivers): # get current gids from registry cred = api.getCredential() registry = api.get_registry() - records = registry.GetGids(cred, hrns) + #records = registry.GetGids(cred, hrns) + records = registry.get_gids(cred, hrns) for record in records: # skip if this isnt a slice record if not record['type'] == 'slice': @@ -107,7 +109,7 @@ def install_trusted_certs(api): trusted_gid_names.append(relative_filename) gid_filename = trusted_certs_dir + os.sep + relative_filename if verbose: - print "Writing GID for %s as %s" % (gid.get_hrn(), gid_filename) + print("Writing GID for %s as %s" % (gid.get_hrn(), gid_filename)) gid.save_to_file(gid_filename, save_parents=True) # remove old certs @@ -115,13 +117,15 @@ def install_trusted_certs(api): for gid_name in all_gids_names: if gid_name not in trusted_gid_names: if verbose: - print "Removing old gid ", gid_name + print("Removing old gid ", gid_name) os.unlink(trusted_certs_dir + os.sep + gid_name) + + def get_keypair(config = None): if not config: - config = Config() + config = SfaConfig() hierarchy = Hierarchy() key_dir= hierarchy.basedir data_dir = config.data_path @@ -132,8 +136,21 @@ def get_keypair(config = None): if os.path.exists(keyfile) and os.path.exists(certfile): return (keyfile, certfile) - # create server key and certificate - key = Keypair(filename=node_pkey_file) + # create temp keypair server key and certificate + (_, tmp_keyfile) = tempfile.mkstemp(suffix='.pkey', prefix='tmpkey', dir='/tmp') + (_, tmp_certfile) = tempfile.mkstemp(suffix='.cert', prefix='tmpcert', dir='/tmp') + tmp_key = Keypair(create=True) + tmp_key.save_to_file(tmp_keyfile) + tmp_cert = Certificate(subject='subject') + tmp_cert.set_issuer(key=tmp_key, subject='subject') + tmp_cert.set_pubkey(tmp_key) + tmp_cert.save_to_file(tmp_certfile, save_parents=True) + + # request real pkey from registry + api = ComponentAPI(key_file=tmp_keyfile, cert_file=tmp_certfile) + registry = api.get_registry() + registry.get_key() + key = Keypair(filename=keyfile) cert = Certificate(subject=hrn) cert.set_issuer(key=key, subject=hrn) cert.set_pubkey(key)