X-Git-Url: http://git.onelab.eu/?a=blobdiff_plain;f=sfa%2Fclient%2Fsfi.py;h=84c77d6806529a2ca980761d7040ade615f2fb4b;hb=40d980701a909581b485fbcf7c58ca3ace543961;hp=61730d037a2e0c65c8ee47b952aaf2a7e2738ec8;hpb=4d2b508926a415a1f347d07349a43138a4c79c1a;p=sfa.git diff --git a/sfa/client/sfi.py b/sfa/client/sfi.py index 61730d03..84c77d68 100755 --- a/sfa/client/sfi.py +++ b/sfa/client/sfi.py @@ -204,6 +204,8 @@ class Sfi: default="all") # display formats if command in ("resources"): + parser.add_option("-r", "--rspec-version", dest="rspec_version", default="SFA 1", + help="schema type and version of resulting RSpec") parser.add_option("-f", "--format", dest="format", type="choice", help="display format ([xml]|dns|ip)", default="xml", choices=("xml", "dns", "ip")) @@ -225,6 +227,10 @@ class Sfi: help="delegate slice credential", metavar="HRN", default=None) if command in ("version"): + parser.add_option("-a", "--aggregate", dest="aggregate", + default=None, help="aggregate host") + parser.add_option("-p", "--port", dest="port", + default=AGGREGATE_PORT, help="aggregate port") parser.add_option("-R","--registry-version", action="store_true", dest="version_registry", default=False, help="probe registry version instead of slicemgr") @@ -334,7 +340,7 @@ class Sfi: self.key = Keypair(filename=key_file) self.key_file = key_file self.cert_file = cert_file - self.cert = Certificate(filename=cert_file) + self.cert = GID(filename=cert_file) # Establish connection to server(s) self.logger.info("Contacting Registry at: %s"%self.reg_url) self.registry = xmlrpcprotocol.get_server(self.reg_url, key_file, cert_file, self.options) @@ -368,27 +374,36 @@ class Sfi: def get_cert_file(self, key_file): - file = os.path.join(self.options.sfi_dir, self.user.replace(self.authority + '.', '') + ".cert") - if (os.path.isfile(file)): - # use existing cert if it exists - return file - else: - try: - # attempt to use gid as the cert. - gid = self._get_gid() - self.logger.info("Writing certificate to %s"%file) - gid.save_to_file(file) - except: - # generate self signed certificate - k = Keypair(filename=key_file) - cert = Certificate(subject=self.user) - cert.set_pubkey(k) - cert.set_issuer(k, self.user) - cert.sign() - self.logger.info("Writing self-signed certificate to %s"%file) - cert.save_to_file(file) - - return file + cert_file = os.path.join(self.options.sfi_dir, self.user.replace(self.authority + '.', '') + ".cert") + if (os.path.isfile(cert_file)): + # we'd perfer to use Registry issued certs instead of self signed certs. + # if this is a Registry cert (GID) then we are done + gid = GID(filename=cert_file) + if gid.get_urn(): + return cert_file + + # generate self signed certificate + k = Keypair(filename=key_file) + cert = Certificate(subject=self.user) + cert.set_pubkey(k) + cert.set_issuer(k, self.user) + cert.sign() + self.logger.info("Writing self-signed certificate to %s"%cert_file) + cert.save_to_file(cert_file) + # try to get registry issued cert + try: + self.logger.info("Getting Registry issued cert") + self.read_config() + # *hack. need to set registyr before _get_gid() is called + self.registry = xmlrpcprotocol.get_server(self.reg_url, key_file, cert_file, self.options) + gid = self._get_gid(type='user') + self.registry = None + self.logger.info("Writing certificate to %s"%cert_file) + gid.save_to_file(cert_file) + except: + self.logger.info("Failed to download Registry issued cert") + + return cert_file def get_cached_gid(self, file): """ @@ -411,7 +426,7 @@ class Sfi: self.logger.debug("Sfi.get_gid-> %s",gid.save_to_string(save_parents=True)) return gid - def _get_gid(self, hrn=None): + def _get_gid(self, hrn=None, type=None): """ git_gid helper. Retrive the gid from the registry and save it to file. """ @@ -424,7 +439,12 @@ class Sfi: if not gid: user_cred = self.get_user_cred() records = self.registry.Resolve(hrn, user_cred.save_to_string(save_parents=True)) - if not records: + record = None + if type: + for rec in records: + if type == record['type']: + record = rec + if not record: raise RecordNotFound(args[0]) gid = GID(string=records[0]['gid']) self.logger.info("Writing gid to %s"%gidfile) @@ -494,7 +514,7 @@ class Sfi: if (os.path.isfile(file)): return file else: - self.logger.critical("No such rspec file"%rspec) + self.logger.critical("No such rspec file %s"%rspec) sys.exit(1) def get_record_file(self, record): @@ -796,6 +816,7 @@ class Sfi: delegated_cred = self.delegate_cred(user_cred, get_authority(self.authority)) creds.append(delegated_cred) server = self.get_server_from_opts(opts) + #results = server.ListSlices(creds, unique_call_id()) results = server.ListSlices(creds) display_list(results) return @@ -818,7 +839,9 @@ class Sfi: creds = [cred] if opts.delegate: delegated_cred = self.delegate_cred(cred, get_authority(self.authority)) - creds.append(delegated_cred) + creds.append(delegated_cred) + if opts.rspec_version: + call_options['rspec_version'] = opts.rspec_version result = server.ListResources(creds, call_options,unique_call_id()) format = opts.format if opts.file is None: @@ -842,8 +865,30 @@ class Sfi: creds.append(delegated_cred) rspec_file = self.get_rspec_file(args[1]) rspec = open(rspec_file).read() + + # users = [ + # { urn: urn:publicid:IDN+emulab.net+user+alice + # keys: [, ] + # }] + users = [] server = self.get_server_from_opts(opts) - result = server.CreateSliver(slice_urn, creds, rspec, []) + version = server.GetVersion() + if 'sfa' not in version: + # need to pass along user keys if this request is going to a ProtoGENI aggregate + # ProtoGeni Aggregaes will only install the keys of the user that is issuing the + # request. all slice keys + user = {'urn': user_cred.get_gid_caller().get_urn(), + 'keys': []} + slice_record = self.registry.Resolve(slice_urn, creds) + if slice_record and 'researchers' in slice_record: + user_hrns = slice_record['researchers'] + user_urns = [hrn_to_urn(hrn, 'user') for hrn in user_hrns] + user_records = self.registry.Resolve(user_urns, creds) + for user_record in user_records: + if 'keys' in user_record: + user['keys'].extend(user_record['keys']) + users.append(user) + result = server.CreateSliver(slice_urn, creds, rspec, users, unique_call_id()) print result return result @@ -910,7 +955,7 @@ class Sfi: delegated_cred = self.delegate_cred(slice_cred, get_authority(self.authority)) creds.append(delegated_cred) server = self.get_server_from_opts(opts) - return server.DeleteSliver(slice_urn, creds) + return server.DeleteSliver(slice_urn, creds, unique_call_id()) # start named slice def start(self, opts, args): @@ -958,7 +1003,7 @@ class Sfi: delegated_cred = self.delegate_cred(slice_cred, get_authority(self.authority)) creds.append(delegated_cred) time = args[1] - return server.RenewSliver(slice_urn, creds, time) + return server.RenewSliver(slice_urn, creds, time, unique_call_id()) def status(self, opts, args): @@ -970,7 +1015,7 @@ class Sfi: delegated_cred = self.delegate_cred(slice_cred, get_authority(self.authority)) creds.append(delegated_cred) server = self.get_server_from_opts(opts) - print server.SliverStatus(slice_urn, creds) + print server.SliverStatus(slice_urn, creds, unique_call_id()) def shutdown(self, opts, args):