X-Git-Url: http://git.onelab.eu/?a=blobdiff_plain;f=sfa%2Fclient%2Fsfi.py;h=750d873be6c34cd382587db282117eba8d20bc2c;hb=3eea82897aba845da0d12c1ba56012e599f58853;hp=87579c3fa3dead541eec0b576876dc72541208a6;hpb=b84dc3470f262aa36e93efec4dba99d561002c6d;p=sfa.git diff --git a/sfa/client/sfi.py b/sfa/client/sfi.py index 87579c3f..750d873b 100755 --- a/sfa/client/sfi.py +++ b/sfa/client/sfi.py @@ -10,22 +10,22 @@ import traceback import socket import random import datetime +import zlib from lxml import etree from StringIO import StringIO from types import StringTypes, ListType from optparse import OptionParser -import zlib - -from sfa.util.sfalogging import sfa_logger,sfa_logger_goes_to_console +from sfa.util.sfalogging import info_logger from sfa.trust.certificate import Keypair, Certificate from sfa.trust.gid import GID from sfa.trust.credential import Credential from sfa.util.sfaticket import SfaTicket from sfa.util.record import SfaRecord, UserRecord, SliceRecord, NodeRecord, AuthorityRecord from sfa.util.xrn import Xrn, get_leaf, get_authority, hrn_to_urn -from sfa.util.xmlrpcprotocol import ServerException import sfa.util.xmlrpcprotocol as xmlrpcprotocol from sfa.util.config import Config +from sfa.util.version import version_core +from sfa.util.cache import Cache AGGREGATE_PORT=12346 CM_PORT=12346 @@ -117,18 +117,31 @@ def load_record_from_file(filename): return record +import uuid +def unique_call_id(): return uuid.uuid4().urn class Sfi: + + required_options=['verbose', 'debug', 'registry', 'sm', 'auth', 'user'] + + # dummy to meet Sfi's expectations for its 'options' field + # i.e. s/t we can do setattr on + class DummyOptions: + pass - def __init__ (self): + def __init__ (self,options=None): + if options is None: options=Sfi.DummyOptions() + for opt in Sfi.required_options: + if not hasattr(options,opt): setattr(options,opt,None) + if not hasattr(options,'sfi_dir'): options.sfi_dir=os.path.expanduser("~/.sfi/") + self.sfi_dir = options.sfi_dir + self.options = options self.slicemgr = None self.registry = None self.user = None self.authority = None - self.options = None self.hashrequest = False - sfa_logger_goes_to_console() - self.logger=sfa_logger() + self.logger = info_logger def create_cmd_parser(self, command, additional_cmdargs=None): cmdargs = {"list": "authority", @@ -191,9 +204,15 @@ class Sfi: default="all") # display formats if command in ("resources"): + parser.add_option("-r", "--rspec-version", dest="rspec_version", default="SFA 1", + help="schema type and version of resulting RSpec") parser.add_option("-f", "--format", dest="format", type="choice", help="display format ([xml]|dns|ip)", default="xml", choices=("xml", "dns", "ip")) + #panos: a new option to define the type of information about resources a user is interested in + parser.add_option("-i", "--info", dest="info", + help="optional component information", default=None) + if command in ("resources", "show", "list"): parser.add_option("-o", "--output", dest="file", @@ -211,6 +230,18 @@ class Sfi: parser.add_option("-s", "--slice", dest="delegate_slice", help="delegate slice credential", metavar="HRN", default=None) + if command in ("version"): + parser.add_option("-a", "--aggregate", dest="aggregate", + default=None, help="aggregate host") + parser.add_option("-p", "--port", dest="port", + default=AGGREGATE_PORT, help="aggregate port") + parser.add_option("-R","--registry-version", + action="store_true", dest="version_registry", default=False, + help="probe registry version instead of slicemgr") + parser.add_option("-l","--local", + action="store_true", dest="version_local", default=False, + help="display version of the local client") + return parser @@ -245,11 +276,8 @@ class Sfi: return parser - - # - # Establish Connection to SliceMgr and Registry Servers - # - def set_servers(self): + + def read_config(self): config_file = self.options.sfi_dir + os.sep + "sfi_config" try: config = Config (config_file) @@ -265,18 +293,18 @@ class Sfi: errors = 0 # Set SliceMgr URL if (self.options.sm is not None): - sm_url = self.options.sm + self.sm_url = self.options.sm elif hasattr(config, "SFI_SM"): - sm_url = config.SFI_SM + self.sm_url = config.SFI_SM else: self.logger.error("You need to set e.g. SFI_SM='http://your.slicemanager.url:12347/' in %s" % config_file) errors += 1 # Set Registry URL if (self.options.registry is not None): - reg_url = self.options.registry + self.reg_url = self.options.registry elif hasattr(config, "SFI_REGISTRY"): - reg_url = config.SFI_REGISTRY + self.reg_url = config.SFI_REGISTRY else: self.logger.errors("You need to set e.g. SFI_REGISTRY='http://your.registry.url:12345/' in %s" % config_file) errors += 1 @@ -302,23 +330,68 @@ class Sfi: if errors: sys.exit(1) - - + + + # + # Establish Connection to SliceMgr and Registry Servers + # + def set_servers(self): + + self.read_config() # Get key and certificate key_file = self.get_key_file() cert_file = self.get_cert_file(key_file) self.key = Keypair(filename=key_file) self.key_file = key_file self.cert_file = cert_file - self.cert = Certificate(filename=cert_file) - # Establish connection to server(s) - self.logger.info("Contacting Registry at: %s"%reg_url) - self.registry = xmlrpcprotocol.get_server(reg_url, key_file, cert_file, self.options) - self.logger.info("Contacting Slice Manager at: %s"%sm_url) - self.slicemgr = xmlrpcprotocol.get_server(sm_url, key_file, cert_file, self.options) - + self.cert = GID(filename=cert_file) + self.logger.info("Contacting Registry at: %s"%self.reg_url) + self.registry = xmlrpcprotocol.get_server(self.reg_url, key_file, cert_file, self.options) + self.logger.info("Contacting Slice Manager at: %s"%self.sm_url) + self.slicemgr = xmlrpcprotocol.get_server(self.sm_url, key_file, cert_file, self.options) return - + + def get_cached_server_version(self, server): + # check local cache first + cache = None + version = None + cache_file = self.sfi_dir + os.path.sep + 'sfi_cache.dat' + cache_key = server.url + "-version" + try: + cache = Cache(cache_file) + except IOError: + cache = Cache() + self.logger.info("Local cache not found at: %s" % cache_file) + + if cache: + version = cache.get(cache_key) + + if not version: + version = server.GetVersion() + # cache version for 24 hours + cache.add(cache_key, version, ttl= 60*60*24) + + + return version + + + def server_supports_call_id_arg(self, server): + """ + Returns true if server support the optional call_id arg, false otherwise. + """ + server_version = self.get_cached_server_version(server) + if 'sfa' in server_version: + code_tag = server_version['code_tag'] + code_tag_parts = code_tag.split("-") + + version_parts = code_tag_parts[0].split(".") + major, minor = version_parts[0], version_parts[1] + rev = code_tag_parts[1] + if int(major) > 1: + if int(minor) > 0 or int(rev) > 20: + return True + return False + # # Get various credential and spec files # @@ -344,27 +417,37 @@ class Sfi: def get_cert_file(self, key_file): - file = os.path.join(self.options.sfi_dir, self.user.replace(self.authority + '.', '') + ".cert") - if (os.path.isfile(file)): - # use existing cert if it exists - return file - else: - try: - # attempt to use gid as the cert. - gid = self._get_gid() - self.logger.info("Writing certificate to %s"%file) - gid.save_to_file(file) - except: - # generate self signed certificate - k = Keypair(filename=key_file) - cert = Certificate(subject=self.user) - cert.set_pubkey(k) - cert.set_issuer(k, self.user) - cert.sign() - self.logger.info("Writing self-signed certificate to %s"%file) - cert.save_to_file(file) - - return file + cert_file = os.path.join(self.options.sfi_dir, self.user.replace(self.authority + '.', '') + ".cert") + if (os.path.isfile(cert_file)): + # we'd perfer to use Registry issued certs instead of self signed certs. + # if this is a Registry cert (GID) then we are done + gid = GID(filename=cert_file) + if gid.get_urn(): + return cert_file + + # generate self signed certificate + k = Keypair(filename=key_file) + cert = Certificate(subject=self.user) + cert.set_pubkey(k) + cert.set_issuer(k, self.user) + cert.sign() + self.logger.info("Writing self-signed certificate to %s"%cert_file) + cert.save_to_file(cert_file) + self.cert = cert + # try to get registry issued cert + try: + self.logger.info("Getting Registry issued cert") + self.read_config() + # *hack. need to set registyr before _get_gid() is called + self.registry = xmlrpcprotocol.get_server(self.reg_url, key_file, cert_file, self.options) + gid = self._get_gid(type='user') + self.registry = None + self.logger.info("Writing certificate to %s"%cert_file) + gid.save_to_file(cert_file) + except: + self.logger.info("Failed to download Registry issued cert") + + return cert_file def get_cached_gid(self, file): """ @@ -375,6 +458,7 @@ class Sfi: gid = GID(filename=file) return gid + # xxx opts unused def get_gid(self, opts, args): """ Get the specify gid and save it to file @@ -386,7 +470,7 @@ class Sfi: self.logger.debug("Sfi.get_gid-> %s",gid.save_to_string(save_parents=True)) return gid - def _get_gid(self, hrn=None): + def _get_gid(self, hrn=None, type=None): """ git_gid helper. Retrive the gid from the registry and save it to file. """ @@ -395,13 +479,23 @@ class Sfi: hrn = self.user gidfile = os.path.join(self.options.sfi_dir, hrn + ".gid") + print gidfile gid = self.get_cached_gid(gidfile) if not gid: user_cred = self.get_user_cred() records = self.registry.Resolve(hrn, user_cred.save_to_string(save_parents=True)) if not records: raise RecordNotFound(args[0]) - gid = GID(string=records[0]['gid']) + record = records[0] + if type: + record=None + for rec in records: + if type == rec['type']: + record = rec + if not record: + raise RecordNotFound(args[0]) + + gid = GID(string=record['gid']) self.logger.info("Writing gid to %s"%gidfile) gid.save_to_file(filename=gidfile) return gid @@ -469,7 +563,7 @@ class Sfi: if (os.path.isfile(file)): return file else: - self.logger.critical("No such rspec file"%rspec) + self.logger.critical("No such rspec file %s"%rspec) sys.exit(1) def get_record_file(self, record): @@ -498,6 +592,7 @@ class Sfi: return key_string + # xxx opts undefined def get_component_server_from_hrn(self, hrn): # direct connection to the nodes component manager interface user_cred = self.get_user_cred().save_to_string(save_parents=True) @@ -507,16 +602,20 @@ class Sfi: self.logger.warning("No such component:%r"% opts.component) record = records[0] - return self.get_server(record['hostname'], CM_PORT, self.key_file, \ - self.cert_file, self.options) + return self.get_server(record['hostname'], CM_PORT, self.key_file, self.cert_file) def get_server(self, host, port, keyfile, certfile): """ - Return an instnace of an xmlrpc server connection + Return an instance of an xmlrpc server connection """ - url = "http://%s:%s" % (host, port) + # port is appended onto the domain, before the path. Should look like: + # http://domain:port/path + host_parts = host.split('/') + host_parts[0] = host_parts[0] + ":" + str(port) + url = "http://%s" % "/".join(host_parts) return xmlrpcprotocol.get_server(url, keyfile, certfile, self.options) + # xxx opts could be retrieved in self.options def get_server_from_opts(self, opts): """ Return instance of an xmlrpc connection to a slice manager, aggregate @@ -543,7 +642,7 @@ class Sfi: # list entires in named authority registry def list(self, opts, args): if len(args)!= 1: - self.parser.print_help() + self.print_help() sys.exit(1) hrn = args[0] user_cred = self.get_user_cred().save_to_string(save_parents=True) @@ -567,7 +666,7 @@ class Sfi: # show named registry record def show(self, opts, args): if len(args)!= 1: - self.parser.print_help() + self.print_help() sys.exit(1) hrn = args[0] user_cred = self.get_user_cred().save_to_string(save_parents=True) @@ -582,7 +681,7 @@ class Sfi: record = SliceRecord(dict=record) elif record['type'] in ['node']: record = NodeRecord(dict=record) - elif record['type'] in ['authority', 'ma', 'sa']: + elif record['type'].startswith('authority'): record = AuthorityRecord(dict=record) else: record = SfaRecord(dict=record) @@ -590,7 +689,7 @@ class Sfi: record.dump() else: print record.save_to_string() - + if opts.file: file = opts.file if not file.startswith(os.sep): @@ -651,7 +750,7 @@ class Sfi: def remove(self, opts, args): auth_cred = self.get_auth_cred().save_to_string(save_parents=True) if len(args)!=1: - self.parser.print_help() + self.print_help() sys.exit(1) hrn = args[0] type = opts.type @@ -663,7 +762,7 @@ class Sfi: def add(self, opts, args): auth_cred = self.get_auth_cred().save_to_string(save_parents=True) if len(args)!=1: - self.parser.print_help() + self.print_help() sys.exit(1) record_filepath = args[0] rec_file = self.get_record_file(record_filepath) @@ -674,7 +773,7 @@ class Sfi: def update(self, opts, args): user_cred = self.get_user_cred() if len(args)!=1: - self.parser.print_help() + self.print_help() sys.exit(1) rec_file = self.get_record_file(args[0]) record = load_record_from_file(rec_file) @@ -686,7 +785,7 @@ class Sfi: elif record['type'] in ["slice"]: try: cred = self.get_slice_cred(record.get_name()).save_to_string(save_parents=True) - except ServerException, e: + except xmlrpcprotocol.ServerException, e: # XXX smbaker -- once we have better error return codes, update this # to do something better than a string compare if "Permission error" in e.args[0]: @@ -708,6 +807,8 @@ class Sfi: """ trusted_certs = self.registry.get_trusted_certs() for trusted_cert in trusted_certs: + gid = GID(string=trusted_cert) + gid.dump() cert = Certificate(string=trusted_cert) self.logger.debug('Sfi.get_trusted_certs -> %r'%cert.get_subject()) return @@ -741,12 +842,18 @@ class Sfi: # ================================================================== # Slice-related commands # ================================================================== - def version(self, opts, args): - server = self.get_server_from_opts(opts) - - print server.GetVersion() + if opts.version_local: + version=version_core() + else: + if opts.version_registry: + server=self.registry + else: + server = self.get_server_from_opts(opts) + version=server.GetVersion() + for (k,v) in version.iteritems(): + print "%-20s: %s"%(k,v) # list instantiated slices def slices(self, opts, args): @@ -759,6 +866,7 @@ class Sfi: delegated_cred = self.delegate_cred(user_cred, get_authority(self.authority)) creds.append(delegated_cred) server = self.get_server_from_opts(opts) + #results = server.ListSlices(creds, unique_call_id()) results = server.ListSlices(creds) display_list(results) return @@ -773,7 +881,7 @@ class Sfi: if args: cred = self.get_slice_cred(args[0]).save_to_string(save_parents=True) hrn = args[0] - call_options = {'geni_slice_urn': hrn_to_urn(hrn, 'slice')} + call_options = {'geni_slice_urn': hrn_to_urn(hrn, 'slice')} else: cred = user_cred hrn = None @@ -781,11 +889,21 @@ class Sfi: creds = [cred] if opts.delegate: delegated_cred = self.delegate_cred(cred, get_authority(self.authority)) - creds.append(delegated_cred) - result = server.ListResources(creds, call_options) + creds.append(delegated_cred) + if opts.rspec_version: + call_options['rspec_version'] = opts.rspec_version + #panos add info options + if opts.info: + call_options['info'] = opts.info + + call_args = [creds, call_options] + if self.server_supports_call_id_arg(server): + call_args.append(unique_call_id()) + result = server.ListResources(*call_args) format = opts.format - display_rspec(result, format) - if (opts.file is not None): + if opts.file is None: + display_rspec(result, format) + else: file = opts.file if not file.startswith(os.sep): file = os.path.join(self.options.sfi_dir, file) @@ -804,8 +922,36 @@ class Sfi: creds.append(delegated_cred) rspec_file = self.get_rspec_file(args[1]) rspec = open(rspec_file).read() + + # users = [ + # { urn: urn:publicid:IDN+emulab.net+user+alice + # keys: [, ] + # }] + users = [] server = self.get_server_from_opts(opts) - result = server.CreateSliver(slice_urn, creds, rspec, []) + version = server.GetVersion() + if 'sfa' not in version: + # need to pass along user keys if this request is going to a ProtoGENI aggregate + # ProtoGeni Aggregates will only install the keys of the user that is issuing the + # request. So we will only pass in one user that contains the keys for all + # users of the slice + user = {'urn': user_cred.get_gid_caller().get_urn(), + 'keys': []} + slice_record = self.registry.Resolve(slice_urn, creds) + if slice_record and 'researchers' in slice_record: + user_hrns = slice_record['researchers'] + user_urns = [hrn_to_urn(hrn, 'user') for hrn in user_hrns] + user_records = self.registry.Resolve(user_urns, creds) + for user_record in user_records: + if 'keys' in user_record: + user['keys'].extend(user_record['keys']) + users.append(user) + + call_args = [slice_urn, creds, rspec, users] + if self.server_supports_call_id_arg(server): + call_args.append(unique_call_id()) + + result = server.CreateSliver(*call_args) print result return result @@ -872,8 +1018,12 @@ class Sfi: delegated_cred = self.delegate_cred(slice_cred, get_authority(self.authority)) creds.append(delegated_cred) server = self.get_server_from_opts(opts) - return server.DeleteSliver(slice_urn, creds) - + + call_args = [slice_urn, creds] + if self.server_supports_call_id_arg(server): + call_args.append(unique_call_id()) + return server.DeleteSliver(*call_args) + # start named slice def start(self, opts, args): slice_hrn = args[0] @@ -920,7 +1070,11 @@ class Sfi: delegated_cred = self.delegate_cred(slice_cred, get_authority(self.authority)) creds.append(delegated_cred) time = args[1] - return server.RenewSliver(slice_urn, creds, time) + + call_args = [slice_urn, creds, time] + if self.server_supports_call_id_arg(server): + call_args.append(unique_call_id()) + return server.RenewSliver(*call_args) def status(self, opts, args): @@ -932,7 +1086,10 @@ class Sfi: delegated_cred = self.delegate_cred(slice_cred, get_authority(self.authority)) creds.append(delegated_cred) server = self.get_server_from_opts(opts) - print server.SliverStatus(slice_urn, creds) + call_args = [slice_urn, creds] + if self.server_supports_call_id_arg(server): + call_args.append(unique_call_id()) + print server.SliverStatus(*call_args) def shutdown(self, opts, args): @@ -946,13 +1103,16 @@ class Sfi: server = self.get_server_from_opts(opts) return server.Shutdown(slice_urn, creds) + def print_help (self): + self.sfi_parser.print_help() + self.cmd_parser.print_help() # # Main: parse arguments and dispatch to command # def main(self): - parser = self.create_parser() - (options, args) = parser.parse_args() + self.sfi_parser = self.create_parser() + (options, args) = self.sfi_parser.parse_args() self.options = options self.logger.setLevelFromOptVerbose(self.options.verbose) @@ -964,17 +1124,16 @@ class Sfi: return -1 command = args[0] - self.parser = self.create_cmd_parser(command) - (cmd_opts, cmd_args) = self.parser.parse_args(args[1:]) + self.cmd_parser = self.create_cmd_parser(command) + (cmd_opts, cmd_args) = self.cmd_parser.parse_args(args[1:]) self.set_servers() - self.logger.info("Command=%s" % command) if command in ("resources"): self.logger.debug("resources cmd_opts %s" % cmd_opts.format) elif command in ("list", "show", "remove"): self.logger.debug("cmd_opts.type %s" % cmd_opts.type) - self.logger.debug('cmd_args %s',cmd_args) + self.logger.debug('cmd_args %s' % cmd_args) try: self.dispatch(command, cmd_opts, cmd_args)