X-Git-Url: http://git.onelab.eu/?a=blobdiff_plain;f=sfa%2Fserver%2Fsfa-server.py;h=134b44aed936eebb598635a6770696bd30ea8a03;hb=3d7237fa0b5f2b4a60cb97c7fb3b6aecfd94558a;hp=d7308be3676c56a0d5c3c365c52ff56e8731cdf7;hpb=3a4f56420d6e884272a0a44513ed047e77d8dac0;p=sfa.git diff --git a/sfa/server/sfa-server.py b/sfa/server/sfa-server.py index d7308be3..134b44ae 100755 --- a/sfa/server/sfa-server.py +++ b/sfa/server/sfa-server.py @@ -3,9 +3,9 @@ ### $Id$ ### $URL$ # -# GENI PLC Wrapper +# SFA PLC Wrapper # -# This wrapper implements the Geni Registry and Slice Interfaces on PLC. +# This wrapper implements the SFA Registry and Slice Interfaces on PLC. # Depending on command line options, it starts some combination of a # Registry, an Aggregate Manager, and a Slice Manager. # @@ -18,7 +18,7 @@ # is up to date and accurate. # # 1) Import the existing planetlab database, creating the -# appropriate geni records. This is done by running the "sfa-import-plc.py" tool. +# appropriate SFA records. This is done by running the "sfa-import-plc.py" tool. # # 2) Create a "trusted_roots" directory and place the certificate of the root # authority in that directory. Given the defaults in sfa-import-plc.py, this @@ -33,20 +33,16 @@ registry_port=12345 aggregate_port=12346 slicemgr_port=12347 +component_port=12346 import os, os.path +import sys from optparse import OptionParser - from sfa.trust.trustedroot import TrustedRootList from sfa.trust.certificate import Keypair, Certificate - -from sfa.server.registry import Registry -from sfa.server.aggregate import Aggregate -from sfa.server.slicemgr import SliceMgr - from sfa.trust.hierarchy import Hierarchy - from sfa.util.config import Config +from sfa.util.report import trace # after http://www.erlenstar.demon.co.uk/unix/faq_2.html def daemon(): @@ -62,6 +58,95 @@ def daemon(): os.dup2(crashlog, 1) os.dup2(crashlog, 2) +def init_server_key(server_key_file, server_cert_file, config, hierarchy): + + subject = config.SFA_INTERFACE_HRN + # check if the server's private key exists. If it doesnt, + # get the right one from the authorities directory. If it cant be + # found in the authorities directory, generate a random one + if not os.path.exists(server_key_file): + hrn = config.SFA_INTERFACE_HRN.lower() + hrn_parts = hrn.split(".") + rel_key_path = hrn + pkey_filename = hrn+".pkey" + + # sub authority's have "." in their hrn. This must + # be converted to os.path separator + if len(hrn_parts) > 0: + rel_key_path = hrn.replace(".", os.sep) + pkey_filename= hrn_parts[-1]+".pkey" + + key_file = os.sep.join([hierarchy.basedir, rel_key_path, pkey_filename]) + if not os.path.exists(key_file): + # if it doesnt exist then this is probably a fresh interface + # with no records. Generate a random keypair for now + trace("server's public key not found in %s" % key_file) + trace("generating a random server key pair") + key = Keypair(create=True) + key.save_to_file(server_key_file) + cert = Certificate(subject=subject) + cert.set_issuer(key=key, subject=subject) + cert.set_pubkey(key) + cert.sign() + cert.save_to_file(server_cert_file, save_parents=True) + + else: + # the pkey was found in the authorites directory. lets + # copy it to where the server key should be and generate + # the cert + key = Keypair(filename=key_file) + key.save_to_file(server_key_file) + cert = Certificate(subject=subject) + cert.set_issuer(key=key, subject=subject) + cert.set_pubkey(key) + cert.sign() + cert.save_to_file(server_cert_file, save_parents=True) + + + # If private key exists and cert doesnt, recreate cert + if (os.path.exists(server_key_file)) and (not os.path.exists(server_cert_file)): + key = Keypair(filename=server_key_file) + cert = Certificate(subject=subject) + cert.set_issuer(key=key, subject=subject) + cert.set_pubkey(key) + cert.sign() + cert.save_to_file(server_cert_file) + +def init_server(options, config): + """ + Execute the init method defined in the manager file + """ + manager_base = 'sfa.managers' + if options.registry: + mgr_type = config.SFA_REGISTRY_TYPE + manager_module = manager_base + ".registry_manager_%s" % mgr_type + try: manager = __import__(manager_module, fromlist=[manager_base]) + except: manager = None + if manager and hasattr(manager, 'init_server'): + manager.init_server() + if options.am: + mgr_type = config.SFA_AGGREGATE_TYPE + manager_module = manager_base + ".aggregate_manager_%s" % mgr_type + try: manager = __import__(manager_module, fromlist=[manager_base]) + except: manager = None + if manager and hasattr(manager, 'init_server'): + manager.init_server() + if options.sm: + mgr_type = config.SFA_SM_TYPE + manager_module = manager_base + ".slice_manager_%s" % mgr_type + try: manager = __import__(manager_module, fromlist=[manager_base]) + except: manager = None + if manager and hasattr(manager, 'init_server'): + manager.init_server() + if options.cm: + mgr_type = config.SFA_CM_TYPE + manager_module = manager_base + ".component_manager_%s" % mgr_type + try: manager = __import__(manager_module, fromlist=[manager_base]) + except: manager = None + if manager and hasattr(manager, 'init_server'): + manager.init_server() + + def main(): # xxx get rid of globals - name consistently CamelCase or under_score global AuthHierarchy @@ -78,60 +163,47 @@ def main(): help="run slice manager", default=False) parser.add_option("-a", "--aggregate", dest="am", action="store_true", help="run aggregate manager", default=False) + parser.add_option("-c", "--component", dest="cm", action="store_true", + help="run component server", default=False) parser.add_option("-v", "--verbose", dest="verbose", action="store_true", help="verbose mode", default=False) parser.add_option("-d", "--daemon", dest="daemon", action="store_true", help="Run as daemon.", default=False) (options, args) = parser.parse_args() - hierarchy = Hierarchy() - path = hierarchy.basedir - key_file = os.path.join(path, "server.key") - cert_file = os.path.join(path, "server.cert") - if (options.daemon): daemon() - if (os.path.exists(key_file)) and (not os.path.exists(cert_file)): - # If private key exists and cert doesnt, recreate cert - key = Keypair(filename=key_file) - cert = Certificate(subject="registry") - cert.set_issuer(key=key, subject="registry") - cert.set_pubkey(key) - cert.sign() - cert.save_to_file(cert_file) - - elif (not os.path.exists(key_file)) or (not os.path.exists(cert_file)): - # if no key is specified, then make one up - key = Keypair(create=True) - key.save_to_file(key_file) - cert = Certificate(subject="registry") - cert.set_issuer(key=key, subject="registry") - cert.set_pubkey(key) - cert.sign() - cert.save_to_file(cert_file) - - AuthHierarchy = Hierarchy() - - TrustedRoots = TrustedRootList(Config().get_trustedroots_dir()) + config = Config() + hierarchy = Hierarchy() + trusted_roots = TrustedRootList(config.get_trustedroots_dir()) + server_key_file = os.path.join(hierarchy.basedir, "server.key") + server_cert_file = os.path.join(hierarchy.basedir, "server.cert") + init_server_key(server_key_file, server_cert_file, config, hierarchy) + init_server(options, config) + # start registry server if (options.registry): - r = Registry("", registry_port, key_file, cert_file) - #r.trusted_cert_list = TrustedRoots.get_list() - #r.hierarchy = AuthHierarchy + from sfa.server.registry import Registry + r = Registry("", registry_port, server_key_file, server_cert_file) r.start() # start aggregate manager if (options.am): - a = Aggregate("", aggregate_port, key_file, cert_file) - #a.trusted_cert_list = TrustedRoots.get_list() + from sfa.server.aggregate import Aggregate + a = Aggregate("", aggregate_port, server_key_file, server_cert_file) a.start() # start slice manager if (options.sm): - s = SliceMgr("", slicemgr_port, key_file, cert_file) - #s.trusted_cert_list = TrustedRoots.get_list() + from sfa.server.slicemgr import SliceMgr + s = SliceMgr("", slicemgr_port, server_key_file, server_cert_file) s.start() + if (options.cm): + from sfa.server.component import Component + c = Component("", component_port, server_key_file, server_cert_file) + c.start() + if __name__ == "__main__": main()