X-Git-Url: http://git.onelab.eu/?a=blobdiff_plain;f=sfa%2Fserver%2Fsfa-server.py;h=c981158b390606cc604d6877f500a54039fb36b7;hb=db091e73c33c373b7f6c2c96bd2caf6a2acf0178;hp=33779524b689b50c5831ec2a14819254c48fb479;hpb=63baf09bcba36873eeff0467e5a792f7a6b81ada;p=sfa.git

diff --git a/sfa/server/sfa-server.py b/sfa/server/sfa-server.py
index 33779524..c981158b 100755
--- a/sfa/server/sfa-server.py
+++ b/sfa/server/sfa-server.py
@@ -1,8 +1,5 @@
 #!/usr/bin/python
 #
-### $Id$
-### $URL$
-#
 # SFA PLC Wrapper
 #
 # This wrapper implements the SFA Registry and Slice Interfaces on PLC.
@@ -30,25 +27,27 @@
 ##
 
 # TCP ports for the three servers
-registry_port=12345
-aggregate_port=12346
-slicemgr_port=12347
+#registry_port=12345
+#aggregate_port=12346
+#slicemgr_port=12347
+### xxx todo not in the config yet
 component_port=12346
 import os, os.path
+import traceback
 import sys
 from optparse import OptionParser
-import logging
 
-from sfa.util.sfalogging import sfa_logger
+from sfa.util.sfalogging import logger
 from sfa.trust.trustedroot import TrustedRootList
 from sfa.trust.certificate import Keypair, Certificate
 from sfa.trust.hierarchy import Hierarchy
+from sfa.trust.gid import GID
 from sfa.util.config import Config
-from sfa.util.report import trace
 from sfa.plc.api import SfaAPI
 from sfa.server.registry import Registries
 from sfa.server.aggregate import Aggregates
 
+
 # after http://www.erlenstar.demon.co.uk/unix/faq_2.html
 def daemon():
     """Daemonize the current process."""
@@ -65,7 +64,7 @@ def daemon():
 
 def init_server_key(server_key_file, server_cert_file, config, hierarchy):
 
-    subject = config.SFA_INTERFACE_HRN
+    hrn = config.SFA_INTERFACE_HRN.lower()
     # check if the server's private key exists. If it doesnt,
     # get the right one from the authorities directory. If it cant be
     # found in the authorities directory, generate a random one
@@ -85,15 +84,12 @@ def init_server_key(server_key_file, server_cert_file, config, hierarchy):
         if not os.path.exists(key_file):
             # if it doesnt exist then this is probably a fresh interface
             # with no records. Generate a random keypair for now
-            trace("server's public key not found in %s" % key_file)
-            trace("generating a random server key pair")
+            logger.debug("server's public key not found in %s" % key_file)
+
+            logger.debug("generating a random server key pair")
             key = Keypair(create=True)
             key.save_to_file(server_key_file)
-            cert = Certificate(subject=subject)
-            cert.set_issuer(key=key, subject=subject)
-            cert.set_pubkey(key)
-            cert.sign()
-            cert.save_to_file(server_cert_file, save_parents=True)
+            init_server_cert(hrn, key, server_cert_file, self_signed=True)    
 
         else:
             # the pkey was found in the authorites directory. lets 
@@ -101,55 +97,70 @@ def init_server_key(server_key_file, server_cert_file, config, hierarchy):
             # the cert
             key = Keypair(filename=key_file)
             key.save_to_file(server_key_file)
-            cert = Certificate(subject=subject)
-            cert.set_issuer(key=key, subject=subject)
-            cert.set_pubkey(key)
-            cert.sign()
-            cert.save_to_file(server_cert_file, save_parents=True)
-
+            init_server_cert(hrn, key, server_cert_file)    
 
     # If private key exists and cert doesnt, recreate cert
     if (os.path.exists(server_key_file)) and (not os.path.exists(server_cert_file)):
         key = Keypair(filename=server_key_file)
-        cert = Certificate(subject=subject)
-        cert.set_issuer(key=key, subject=subject)
-        cert.set_pubkey(key)
-        cert.sign()
-        cert.save_to_file(server_cert_file)
+        init_server_cert(hrn, key, server_cert_file)    
+
+
+def init_server_cert(hrn, key, server_cert_file, self_signed=False):
+    """
+    Setup the certificate for this server. Attempt to use gid before 
+    creating a self signed cert 
+    """
+    if self_signed:
+        init_self_signed_cert(hrn, key, server_cert_file)
+    else:
+        try:
+            # look for gid file
+            logger.debug("generating server cert from gid: %s"% hrn)
+            hierarchy = Hierarchy()
+            auth_info = hierarchy.get_auth_info(hrn)
+            gid = GID(filename=auth_info.gid_filename)
+            gid.save_to_file(filename=server_cert_file)
+        except:
+            # fall back to self signed cert
+            logger.debug("gid for %s not found" % hrn)
+            init_self_signed_cert(hrn, key, server_cert_file)        
+        
+def init_self_signed_cert(hrn, key, server_cert_file):
+    logger.debug("generating self signed cert")
+    # generate self signed certificate
+    cert = Certificate(subject=hrn)
+    cert.set_issuer(key=key, subject=hrn)
+    cert.set_pubkey(key)
+    cert.sign()
+    cert.save_to_file(server_cert_file)
 
 def init_server(options, config):
     """
     Execute the init method defined in the manager file 
     """
+    def init_manager(manager_module, manager_base):
+        try: manager = __import__(manager_module, fromlist=[manager_base])
+        except: manager = None
+        if manager and hasattr(manager, 'init_server'):
+            manager.init_server()
+    
     manager_base = 'sfa.managers'
     if options.registry:
         mgr_type = config.SFA_REGISTRY_TYPE
         manager_module = manager_base + ".registry_manager_%s" % mgr_type
-        try: manager = __import__(manager_module, fromlist=[manager_base])
-        except: manager = None
-        if manager and hasattr(manager, 'init_server'): 
-            manager.init_server()    
+        init_manager(manager_module, manager_base)    
     if options.am:
         mgr_type = config.SFA_AGGREGATE_TYPE
         manager_module = manager_base + ".aggregate_manager_%s" % mgr_type
-        try: manager = __import__(manager_module, fromlist=[manager_base])
-        except: manager = None
-        if manager and hasattr(manager, 'init_server'):
-            manager.init_server()    
+        init_manager(manager_module, manager_base)    
     if options.sm:
         mgr_type = config.SFA_SM_TYPE
         manager_module = manager_base + ".slice_manager_%s" % mgr_type
-        try: manager = __import__(manager_module, fromlist=[manager_base])
-        except: manager = None
-        if manager and hasattr(manager, 'init_server'):
-            manager.init_server()    
+        init_manager(manager_module, manager_base)    
     if options.cm:
         mgr_type = config.SFA_CM_TYPE
         manager_module = manager_base + ".component_manager_%s" % mgr_type
-        try: manager = __import__(manager_module, fromlist=[manager_base])
-        except: manager = None
-        if manager and hasattr(manager, 'init_server'):
-            manager.init_server()
+        init_manager(manager_module, manager_base)    
 
 def sync_interfaces(server_key_file, server_cert_file):
     """
@@ -163,13 +174,6 @@ def sync_interfaces(server_key_file, server_cert_file):
     aggregates.sync_interfaces()
 
 def main():
-    # xxx get rid of globals - name consistently CamelCase or under_score
-    global AuthHierarchy
-    global TrustedRoots
-    global registry_port
-    global aggregate_port
-    global slicemgr_port
-
     # Generate command line parser
     parser = OptionParser(usage="sfa-server [options]")
     parser.add_option("-r", "--registry", dest="registry", action="store_true",
@@ -180,14 +184,14 @@ def main():
          help="run aggregate manager", default=False)
     parser.add_option("-c", "--component", dest="cm", action="store_true",
          help="run component server", default=False)
-    parser.add_option("-v", "--verbose", dest="verbose", action="store_true", 
-         help="verbose mode", default=False)
+    parser.add_option("-v", "--verbose", action="count", dest="verbose", default=0,
+         help="verbose mode - cumulative")
     parser.add_option("-d", "--daemon", dest="daemon", action="store_true",
          help="Run as daemon.", default=False)
     (options, args) = parser.parse_args()
-    if options.verbose: sfa_logger.setLevel(logging.DEBUG)
 
     config = Config()
+    if config.SFA_API_DEBUG: pass
     hierarchy = Hierarchy()
     server_key_file = os.path.join(hierarchy.basedir, "server.key")
     server_cert_file = os.path.join(hierarchy.basedir, "server.cert")
@@ -200,28 +204,28 @@ def main():
     # start registry server
     if (options.registry):
         from sfa.server.registry import Registry
-        r = Registry("", registry_port, server_key_file, server_cert_file)
+        r = Registry("", config.SFA_REGISTRY_PORT, server_key_file, server_cert_file)
         r.start()
 
-    # start aggregate manager
     if (options.am):
         from sfa.server.aggregate import Aggregate
-        a = Aggregate("", aggregate_port, server_key_file, server_cert_file)
+        a = Aggregate("", config.SFA_AGGREGATE_PORT, server_key_file, server_cert_file)
         a.start()
 
     # start slice manager
     if (options.sm):
         from sfa.server.slicemgr import SliceMgr
-        s = SliceMgr("", slicemgr_port, server_key_file, server_cert_file)
+        s = SliceMgr("", config.SFA_SM_PORT, server_key_file, server_cert_file)
         s.start()
 
     if (options.cm):
         from sfa.server.component import Component
-        c = Component("", component_port, server_key_file, server_cert_file)
+        c = Component("", config.component_port, server_key_file, server_cert_file)
+#        c = Component("", config.SFA_COMPONENT_PORT, server_key_file, server_cert_file)
         c.start()
 
 if __name__ == "__main__":
     try:
         main()
     except:
-        sfa_logger.log_exc_critical("SFA server is exiting")
+        logger.log_exc_critical("SFA server is exiting")