X-Git-Url: http://git.onelab.eu/?a=blobdiff_plain;f=sfa%2Fclient%2Fsfi.py;h=b1a4379e69a48d079595efe3c2aec138d2c25952;hb=3d7237fa0b5f2b4a60cb97c7fb3b6aecfd94558a;hp=06b8f0515dd41188f54669962b22cfba764bfcf7;hpb=151b6583c26ac2ea8f0c33de56fa20fef8ada495;p=sfa.git diff --git a/sfa/client/sfi.py b/sfa/client/sfi.py index 06b8f051..b1a4379e 100755 --- a/sfa/client/sfi.py +++ b/sfa/client/sfi.py @@ -3,18 +3,18 @@ # sfi -- slice-based facility interface import sys +sys.path.append('.') import os, os.path import tempfile import traceback +import socket from types import StringTypes, ListType from optparse import OptionParser - from sfa.trust.certificate import Keypair, Certificate from sfa.trust.credential import Credential -from sfa.util.geniclient import GeniClient from sfa.util.sfaticket import SfaTicket from sfa.util.record import * -from sfa.util.misc import * +from sfa.util.namespace import * from sfa.util.rspec import RSpec from sfa.util.xmlrpcprotocol import ServerException import sfa.util.xmlrpcprotocol as xmlrpcprotocol @@ -106,7 +106,7 @@ def save_record_to_file(filename, record): elif record['type'] in ['authority', 'ma', 'sa']: record = AuthorityRecord(dict = record) else: - record = GeniRecord(dict = record) + record = SfaRecord(dict = record) str = record.save_to_string() file(filename, "w").write(str) return @@ -115,7 +115,7 @@ def save_record_to_file(filename, record): # load methods def load_record_from_file(filename): str = file(filename, "r").read() - record = GeniRecord(string=str) + record = SfaRecord(string=str) return record @@ -141,7 +141,9 @@ class Sfi: "slices": "", "resources": "[name]", "create": "name rspec", + "get_trusted_certs": "cred", "get_ticket": "name rspec", + "redeem_ticket": "ticket", "delete": "name", "reset": "name", "start": "name", @@ -174,6 +176,10 @@ class Sfi: parser.add_option("-a", "--aggregate", dest="aggregate",default=None, help="aggregate hrn") + if command in ("start", "stop", "reset", "delete", "slices"): + parser.add_option("-c", "--component", dest="component",default=None, + help="component hrn") + if command in ("list", "show", "remove"): parser.add_option("-t", "--type", dest="type",type="choice", help="type filter ([all]|user|slice|sa|ma|node|aggregate)", @@ -297,8 +303,6 @@ class Sfi: self.cert_file = cert_file self.cert = Certificate(filename=cert_file) # Establish connection to server(s) - #self.slicemgr = GeniClient(sm_url, key_file, cert_file, self.options.protocol) - #self.registry = GeniClient(reg_url, key_file, cert_file, self.options.protocol) self.registry = xmlrpcprotocol.get_server(reg_url, key_file, cert_file) self.slicemgr = xmlrpcprotocol.get_server(sm_url, key_file, cert_file) return @@ -318,7 +322,8 @@ class Sfi: def get_key_file(self): - file = os.path.join(self.options.sfi_dir, get_leaf(self.user) + ".pkey") + file=os.path.join(self.options.sfi_dir, self.user.replace(self.authority + '.', '') + ".pkey") + #file = os.path.join(self.options.sfi_dir, get_leaf(self.user) + ".pkey") if (os.path.isfile(file)): return file else: @@ -328,7 +333,8 @@ class Sfi: def get_cert_file(self,key_file): - file = os.path.join(self.options.sfi_dir, get_leaf(self.user) + ".cert") + #file = os.path.join(self.options.sfi_dir, get_leaf(self.user) + ".cert") + file=os.path.join(self.options.sfi_dir, self.user.replace(self.authority + '.', '') + ".cert") if (os.path.isfile(file)): return file else: @@ -343,16 +349,14 @@ class Sfi: return file def get_gid(self): - file = os.path.join(self.options.sfi_dir, get_leaf(self.user) + ".gid") + #file = os.path.join(self.options.sfi_dir, get_leaf(self.user) + ".gid") + file=os.path.join(self.options.sfi_dir, self.user.replace(self.authority + '.', '') + ".gid") if (os.path.isfile(file)): gid = GID(filename=file) return gid else: cert_str = self.cert.save_to_string(save_parents=True) - request_hash=None - if self.hashrequest: - request_hash = self.key.compute_hash([cert_str, self.user, "user"]) - gid_str = self.registry.get_gid(cert_str, self.user, "user", request_hash) + gid_str = self.registry.get_gid(cert_str, self.user, "user") gid = GID(string=gid_str) if self.options.verbose: print "Writing user gid to", file @@ -360,16 +364,20 @@ class Sfi: return gid def get_user_cred(self): - file = os.path.join(self.options.sfi_dir, get_leaf(self.user) + ".cred") + #file = os.path.join(self.options.sfi_dir, get_leaf(self.user) + ".cred") + file=os.path.join(self.options.sfi_dir, self.user.replace(self.authority + '.', '') + ".cred") if (os.path.isfile(file)): user_cred = Credential(filename=file) return user_cred else: # bootstrap user credential cert_string = self.cert.save_to_string(save_parents=True) - request_hash=None - if self.hashrequest: - request_hash = self.key.compute_hash([cert_string, "user", self.user]) + request_hash = self.key.compute_hash([cert_string, "user", self.user]) + user_name=self.user.replace(self.authority+".", '') + if user_name.count(".") > 0: + user_name = user_name.replace(".", '_') + self.user=self.authority + "." + user_name + user_cred = self.registry.get_self_credential(cert_string, "user", self.user, request_hash) if user_cred: cred = Credential(string=user_cred) @@ -393,10 +401,7 @@ class Sfi: else: # bootstrap authority credential from user credential user_cred = self.get_user_cred().save_to_string(save_parents=True) - request_hash = None - if self.hashrequest: - request_hash = self.key.compute_hash([user_cred, "authority", self.authority]) - auth_cred = self.registry.get_credential(user_cred, "authority", self.authority, request_hash) + auth_cred = self.registry.get_credential(user_cred, "authority", self.authority) if auth_cred: cred = Credential(string=auth_cred) cred.save_to_file(file, save_parents=True) @@ -416,10 +421,7 @@ class Sfi: # bootstrap slice credential from user credential user_cred = self.get_user_cred().save_to_string(save_parents=True) arg_list = [user_cred, "slice", name] - request_hash=None - if self.hashrequest: - request_hash = self.key.compute_hash(arg_list) - slice_cred_str = self.registry.get_credential(user_cred, "slice", name, request_hash) + slice_cred_str = self.registry.get_credential(user_cred, "slice", name) if slice_cred_str: slice_cred = Credential(string=slice_cred_str) slice_cred.save_to_file(file, save_parents=True) @@ -432,11 +434,12 @@ class Sfi: def delegate_cred(self,cred, hrn, type = 'authority'): # the gid and hrn of the object we are delegating - object_gid = cred.get_gid_object() + user_cred = Credential(string=cred) + object_gid = user_cred.get_gid_object() object_hrn = object_gid.get_hrn() - cred.set_delegate(True) - if not cred.get_delegate(): - raise Exception, "Error: Object credential %(object_hrn)s does not have delegate bit set" % locals() + #cred.set_delegate(True) + #if not cred.get_delegate(): + # raise Exception, "Error: Object credential %(object_hrn)s does not have delegate bit set" % locals() records = self.registry.resolve(cred, hrn) @@ -446,25 +449,26 @@ class Sfi: raise Exception, "Error: Didn't find a %(type)s record for %(hrn)s" % locals() # the gid of the user who will be delegated too - delegee_gid = records[0].get_gid_object() + record = SfaRecord(dict=records[0]) + delegee_gid = record.get_gid_object() delegee_hrn = delegee_gid.get_hrn() # the key and hrn of the user who will be delegating user_key = Keypair(filename = self.get_key_file()) - user_hrn = cred.get_gid_caller().get_hrn() + user_hrn = user_cred.get_gid_caller().get_hrn() dcred = Credential(subject=object_hrn + " delegated to " + delegee_hrn) dcred.set_gid_caller(delegee_gid) dcred.set_gid_object(object_gid) - dcred.set_privileges(cred.get_privileges()) + dcred.set_privileges(user_cred.get_privileges()) dcred.set_delegate(True) dcred.set_pubkey(object_gid.get_pubkey()) dcred.set_issuer(user_key, user_hrn) - dcred.set_parent(cred) + dcred.set_parent(user_cred) dcred.encode() dcred.sign() - return dcred + return dcred.save_to_string(save_parents=True) def get_rspec_file(self,rspec): if (os.path.isabs(rspec)): @@ -502,6 +506,18 @@ class Sfi: os.remove(outfn) return key_string + + def get_component_server_from_hrn(self, hrn): + # direct connection to the nodes component manager interface + user_cred = self.get_user_cred().save_to_string(save_parents=True) + records = self.registry.resolve(user_cred, hrn) + records = filter_records('node', records) + if not records: + print "No such component:", opts.component + record = records[0] + cm_port = "12346" + url = "https://%s:%s" % (record['hostname'], cm_port) + return xmlrpcprotocol.get_server(url, self.key_file, self.cert_file) # # Following functions implement the commands @@ -521,11 +537,8 @@ class Sfi: def list(self,opts, args): user_cred = self.get_user_cred().save_to_string(save_parents=True) hrn = args[0] - request_hash=None - if self.hashrequest: - request_hash = self.key.compute_hash([user_cred, hrn]) try: - list = self.registry.list(user_cred, hrn, request_hash) + list = self.registry.list(user_cred, hrn) except IndexError: raise Exception, "Not enough parameters for the 'list' command" @@ -537,7 +550,7 @@ class Sfi: if opts.file: file = opts.file if not file.startswith(os.sep): - file = os.path.join(self.options.sfi_dir, get_leaf(self.user) + ".gid") + file = os.path.join(self.options.sfi_dir, file) save_records_to_file(file, list) return @@ -545,10 +558,7 @@ class Sfi: def show(self,opts, args): user_cred = self.get_user_cred().save_to_string(save_parents=True) hrn = args[0] - request_hash=None - if self.hashrequest: - request_hash = self.key.compute_hash([user_cred, hrn]) - records = self.registry.resolve(user_cred, hrn, request_hash) + records = self.registry.resolve(user_cred, hrn) records = filter_records(opts.type, records) if not records: print "No record of type", opts.type @@ -562,10 +572,10 @@ class Sfi: elif record['type'] in ['authority', 'ma', 'sa']: record = AuthorityRecord(dict = record) else: - record = GeniRecord(dict = record) + record = SfaRecord(dict = record) if (opts.format=="text"): record.dump() - else: + else: print record.save_to_string() if opts.file: @@ -638,11 +648,7 @@ class Sfi: type = opts.type if type in ['all']: type = '*' - request_hash=None - if self.hashrequest: - arg_list = [auth_cred, type, hrn] - request_hash = self.key.compute_hash(arg_list) - return self.registry.remove(auth_cred, type, hrn, request_hash) + return self.registry.remove(auth_cred, type, hrn) # add named registry record def add(self,opts, args): @@ -650,11 +656,7 @@ class Sfi: record_filepath = args[0] rec_file = self.get_record_file(record_filepath) record = load_record_from_file(rec_file).as_dict() - request_hash=None - if self.hashrequest: - arg_list = [auth_cred] - request_hash = self.key.compute_hash(arg_list) - return self.registry.register(auth_cred, record, request_hash) + return self.registry.register(auth_cred, record) # update named registry entry def update(self,opts, args): @@ -683,38 +685,42 @@ class Sfi: else: raise "unknown record type" + record.get_type() record = record.as_dict() - request_hash=None - if self.hashrequest: - arg_list = [cred] - request_hash = self.key.compute_hash(arg_list) - return self.registry.update(cred, record, request_hash) - - + return self.registry.update(cred, record) + + def get_trusted_certs(self, opts, args): + """ + return the trusted certs at this interface + """ + trusted_certs = self.registry.get_trusted_certs() + for trusted_cert in trusted_certs: + cert = Certificate(string=trusted_cert) + print cert.get_subject() + return + def aggregates(self, opts, args): + """ + return a list of details about known aggregates + """ user_cred = self.get_user_cred().save_to_string(save_parents=True) hrn = None if args: hrn = args[0] - request_hash=None - if self.hashrequest: - arg_list = [user_cred, hrn] - request_hash = self.key.compute_hash(arg_list) - result = self.registry.get_aggregates(user_cred, hrn, request_hash) + result = self.registry.get_aggregates(user_cred, hrn) display_list(result) return def registries(self, opts, args): + """ + return a list of details about known registries + """ user_cred = self.get_user_cred().save_to_string(save_parents=True) hrn = None if args: hrn = args[0] - request_hash=None - if self.hashrequest: - arg_list = [user_cred, hrn] - request_hash = self.key.compute_hash(arg_list) - result = self.registry.get_registries(user_cred, hrn, request_hash) + result = self.registry.get_registries(user_cred, hrn) display_list(result) return + # # Slice-related commands @@ -725,11 +731,11 @@ class Sfi: # list instantiated slices def slices(self,opts, args): user_cred = self.get_user_cred().save_to_string(save_parents=True) - request_hash=None - if self.hashrequest: - arg_list = [user_cred] - request_hash = self.key.compute_hash(arg_list) - results = self.slicemgr.get_slices(user_cred, request_hash) + server = self.slicemgr + # direct connection to the nodes component manager interface + if opts.component: + server = self.get_component_server_from_hrn(opts.component) + results = server.get_slices(user_cred) display_list(results) return @@ -739,9 +745,7 @@ class Sfi: server = self.slicemgr if opts.aggregate: agg_hrn = opts.aggregate - arg_list = [user_cred, arg_hrn] - request_hash = self.key.compute_hash(arg_list) - aggregates = self.registry.get_aggregates(user_cred, agg_hrn, request_hash) + aggregates = self.registry.get_aggregates(user_cred, agg_hrn) if not aggregates: raise Exception, "No such aggregate %s" % agg_hrn aggregate = aggregates[0] @@ -754,11 +758,7 @@ class Sfi: cred = user_cred hrn = None - request_hash=None - if self.hashrequest: - arg_list = [cred, hrn] - request_hash = self.key.compute_hash(arg_list) - result = server.get_resources(cred, hrn, request_hash) + result = server.get_resources(cred, hrn) format = opts.format display_rspec(result, format) @@ -783,12 +783,8 @@ class Sfi: raise Exception, "No such aggregate %s" % opts.aggregate aggregate = aggregates[0] url = "http://%s:%s" % (aggregate['addr'], aggregate['port']) - server = GeniClient(url, self.key_file, self.cert_file, self.options.protocol) - request_hash=None - if self.hashrequest: - arg_list = [slice_cred, slice_hrn, rspec] - request_hash = self.key.compute_hash(arg_list) - return server.create_slice(slice_cred, slice_hrn, rspec, request_hash) + server = xmlrpcprotocol.get_server(url, self.key_file, self.cert_file, self.options.protocol) + return server.create_slice(slice_cred, slice_hrn, rspec) # get a ticket for the specified slice def get_ticket(self, opts, args): @@ -804,57 +800,91 @@ class Sfi: raise Exception, "No such aggregate %s" % opts.aggregate aggregate = aggregates[0] url = "http://%s:%s" % (aggregate['addr'], aggregate['port']) - server = GeniClient(url, self.key_file, self.cert_file, self.options.protocol) - request_hash=None - if self.hashrequest: - arg_list = [slice_cred, slice_hrn, rspec] - request_hash = self.key.compute_hash(arg_list) - ticket_string = server.get_ticket(slice_cred, slice_hrn, rspec, request_hash) + server = xmlrpcprotocol.get_server(url, self.key_file, self.cert_file, self.options.protocol) + ticket_string = server.get_ticket(slice_cred, slice_hrn, rspec) file = os.path.join(self.options.sfi_dir, get_leaf(slice_hrn) + ".ticket") print "writing ticket to ", file ticket = SfaTicket(string=ticket_string) ticket.save_to_file(filename=file, save_parents=True) - print ticket_string + + def redeem_ticket(self, opts, args): + ticket_file = args[0] + + # get slice hrn from the ticket + # use this to get the right slice credential + ticket = SfaTicket(filename=ticket_file) + ticket.decode() + slice_hrn = ticket.attributes['slivers'][0]['hrn'] + user_cred = self.get_user_cred() + slice_cred = self.get_slice_cred(slice_hrn).save_to_string(save_parents=True) + + # get a list node hostnames from the nodespecs in the rspec + rspec = RSpec() + rspec.parseString(ticket.rspec) + nodespecs = rspec.getDictsByTagName('NodeSpec') + hostnames = [nodespec['name'] for nodespec in nodespecs] + + # create an xmlrpc connection to the component manager at each of these + # components and gall redeem_ticket + connections = {} + for hostname in hostnames: + try: + cm_port = "12346" + url = "https://%(hostname)s:%(cm_port)s" % locals() + print "Calling get_ticket at %(url)s " % locals(), + cm = xmlrpcprotocol.get_server(url, self.key_file, self.cert_file) + cm.redeem_ticket(slice_cred, ticket.save_to_string(save_parents=True)) + print "Success" + except socket.gaierror: + print "Failed:", + print "Componet Manager not accepting requests" + except Exception, e: + print "Failed:", e.message + + return # delete named slice def delete(self,opts, args): slice_hrn = args[0] + server = self.slicemgr + # direct connection to the nodes component manager interface + if opts.component: + server = self.get_component_server_from_hrn(opts.component) + slice_cred = self.get_slice_cred(slice_hrn).save_to_string(save_parents=True) - request_hash=None - if self.hashrequest: - arg_list = [slice_cred, slice_hrn] - request_hash = self.key.compute_hash(arg_list) - return self.slicemgr.delete_slice(slice_cred, slice_hrn, request_hash) + return server.delete_slice(slice_cred, slice_hrn) # start named slice def start(self,opts, args): slice_hrn = args[0] - slice_cred = self.get_slice_cred(args[0]) - request_hash=None - if self.hashrequest: - arg_list = [slice_cred, slice_hrn] - request_hash = self.key.compute_hash(arg_list) - return self.slicemgr.start_slice(slice_cred, slice_hrn, request_hash) + server = self.slicemgr + # direct connection to the nodes component manager interface + if opts.component: + server = self.get_component_server_from_hrn(opts.component) + + slice_cred = self.get_slice_cred(args[0]).save_to_string(save_parents=True) + return server.start_slice(slice_cred, slice_hrn) # stop named slice def stop(self,opts, args): slice_hrn = args[0] + server = self.slicemgr + # direct connection to the nodes component manager interface + if opts.component: + server = self.get_component_server_from_hrn(opts.component) + slice_cred = self.get_slice_cred(args[0]).save_to_string(save_parents=True) - request_hash=None - if self.hashrequest: - arg_list = [slice_cred, slice_hrn] - request_hash = self.key.compute_hash(arg_list) - return self.slicemgr.stop_slice(slice_cred, slice_hrn, request_hash) + return server.stop_slice(slice_cred, slice_hrn) # reset named slice def reset(self,opts, args): slice_hrn = args[0] + server = self.slicemgr + # direct connection to the nodes component manager interface + if opts.component: + server = self.get_component_server_from_hrn(opts.component) slice_cred = self.get_slice_cred(args[0]).save_to_string(save_parents=True) - request_hash=None - if self.hashrequest: - arg_list = [slice_cred, slice_hrn] - request_hash = self.key.compute_hash(arg_list) - return self.slicemgr.reset_slice(slice_cred, slice_hrn, request_hash) + return server.reset_slice(slice_cred, slice_hrn) # # Main: parse arguments and dispatch to command