X-Git-Url: http://git.onelab.eu/?a=blobdiff_plain;f=sfa%2Fserver%2Fsfa-start.py;h=caf953b36e2e33e701e3edf64459a70ec232ed69;hb=594a6ec255180c073e622c4a96fc08494087b3a8;hp=379c72d16e3e0a831177ddbbae07774f02e63aa6;hpb=4752b14b76eda8764c5995997d3c91d77788eb5d;p=sfa.git

diff --git a/sfa/server/sfa-start.py b/sfa/server/sfa-start.py
index 379c72d1..caf953b3 100755
--- a/sfa/server/sfa-start.py
+++ b/sfa/server/sfa-start.py
@@ -25,30 +25,25 @@
 # TODO: Can all three servers use the same "registry" certificate?
 ##
 
-# TCP ports for the three servers
-#registry_port=12345
-#aggregate_port=12346
-#slicemgr_port=12347
 ### xxx todo not in the config yet
 component_port=12346
 import os, os.path
 import traceback
 import sys
-import sfa.util.xmlrpcprotocol as xmlrpcprotocol
 from optparse import OptionParser
 
 from sfa.util.sfalogging import logger
+from sfa.util.xrn import get_authority, hrn_to_urn
+from sfa.util.config import Config
+from sfa.trust.gid import GID
+from sfa.trust.trustedroots import TrustedRoots
 from sfa.trust.certificate import Keypair, Certificate
 from sfa.trust.hierarchy import Hierarchy
 from sfa.trust.gid import GID
-from sfa.util.config import Config
-from sfa.plc.api import SfaAPI
+
+from sfa.server.sfaapi import SfaApi
 from sfa.server.registry import Registries
 from sfa.server.aggregate import Aggregates
-from sfa.util.xrn import get_authority, hrn_to_urn
-from sfa.util.sfalogging import logger
-
-from sfa.managers.import_manager import import_manager
 
 # after http://www.erlenstar.demon.co.uk/unix/faq_2.html
 def daemon():
@@ -60,103 +55,13 @@ def daemon():
     devnull = os.open(os.devnull, os.O_RDWR)
     os.dup2(devnull, 0)
     # xxx fixme - this is just to make sure that nothing gets stupidly lost - should use devnull
-    crashlog = os.open('/var/log/httpd/sfa_access_log', os.O_RDWR | os.O_APPEND | os.O_CREAT, 0644)
+    logdir='/var/log/httpd'
+    # when installed in standalone we might not have httpd installed
+    if not os.path.isdir(logdir): os.mkdir('/var/log/httpd')
+    crashlog = os.open('%s/sfa_access_log'%logdir, os.O_RDWR | os.O_APPEND | os.O_CREAT, 0644)
     os.dup2(crashlog, 1)
     os.dup2(crashlog, 2)
 
-def init_server_key(server_key_file, server_cert_file, config, hierarchy):
-
-    hrn = config.SFA_INTERFACE_HRN.lower()
-    # check if the server's private key exists. If it doesnt,
-    # get the right one from the authorities directory. If it cant be
-    # found in the authorities directory, generate a random one
-    if not os.path.exists(server_key_file):
-        hrn = config.SFA_INTERFACE_HRN.lower()
-        hrn_parts = hrn.split(".")
-        rel_key_path = hrn
-        pkey_filename = hrn+".pkey"
-
-        # sub authority's have "." in their hrn. This must
-        # be converted to os.path separator
-        if len(hrn_parts) > 0:
-            rel_key_path = hrn.replace(".", os.sep)
-            pkey_filename= hrn_parts[-1]+".pkey"
-
-        key_file = os.sep.join([hierarchy.basedir, rel_key_path, pkey_filename])
-        if not os.path.exists(key_file):
-            # if it doesnt exist then this is probably a fresh interface
-            # with no records. Generate a random keypair for now
-            logger.debug("server's public key not found in %s" % key_file)
-
-            logger.debug("generating a random server key pair")
-            key = Keypair(create=True)
-            key.save_to_file(server_key_file)
-            init_server_cert(hrn, key, server_cert_file, self_signed=True)    
-
-        else:
-            # the pkey was found in the authorites directory. lets 
-            # copy it to where the server key should be and generate
-            # the cert
-            key = Keypair(filename=key_file)
-            key.save_to_file(server_key_file)
-            init_server_cert(hrn, key, server_cert_file)    
-
-    # If private key exists and cert doesnt, recreate cert
-    if (os.path.exists(server_key_file)) and (not os.path.exists(server_cert_file)):
-        key = Keypair(filename=server_key_file)
-        init_server_cert(hrn, key, server_cert_file)    
-
-
-def init_server_cert(hrn, key, server_cert_file, self_signed=False):
-    """
-    Setup the certificate for this server. Attempt to use gid before 
-    creating a self signed cert 
-    """
-    if self_signed:
-        init_self_signed_cert(hrn, key, server_cert_file)
-    else:
-        try:
-            # look for gid file
-            logger.debug("generating server cert from gid: %s"% hrn)
-            hierarchy = Hierarchy()
-            auth_info = hierarchy.get_auth_info(hrn)
-            gid = GID(filename=auth_info.gid_filename)
-            gid.save_to_file(filename=server_cert_file)
-        except:
-            # fall back to self signed cert
-            logger.debug("gid for %s not found" % hrn)
-            init_self_signed_cert(hrn, key, server_cert_file)        
-        
-def init_self_signed_cert(hrn, key, server_cert_file):
-    logger.debug("generating self signed cert")
-    # generate self signed certificate
-    cert = Certificate(subject=hrn)
-    cert.set_issuer(key=key, subject=hrn)
-    cert.set_pubkey(key)
-    cert.sign()
-    cert.save_to_file(server_cert_file)
-
-def init_server(options, config):
-    """
-    Locate the manager based on config.*TYPE
-    Execute the init_server method (well in fact function, sigh) if defined in that module
-    In order to migrate to a more generic approach:
-    * search for <>_manager_<type>.py
-    * if not found, try <>_manager.py (and issue a warning if <type>!='pl')
-    """
-    if options.registry:
-        manager=import_manager ("registry",       config.SFA_REGISTRY_TYPE)
-        if manager and hasattr(manager, 'init_server'): manager.init_server()
-    if options.am:      
-        manager=import_manager ("aggregate",      config.SFA_AGGREGATE_TYPE)
-        if manager and hasattr(manager, 'init_server'): manager.init_server()
-    if options.sm:
-        manager=import_manager ("slice",          config.SFA_SM_TYPE)
-        if manager and hasattr(manager, 'init_server'): manager.init_server()
-    if options.cm:
-        manager=import_manager ("component",      config.SFA_CM_TYPE)
-        if manager and hasattr(manager, 'init_server'): manager.init_server()
-
 
 def install_peer_certs(server_key_file, server_cert_file):
     """
@@ -167,7 +72,7 @@ def install_peer_certs(server_key_file, server_cert_file):
     # There should be a gid file in /etc/sfa/trusted_roots for every
     # peer registry found in in the registries.xml config file. If there
     # are any missing gids, request a new one from the peer registry.
-    api = SfaAPI(key_file = server_key_file, cert_file = server_cert_file)
+    api = SfaApi(key_file = server_key_file, cert_file = server_cert_file)
     registries = Registries()
     aggregates = Aggregates()
     interfaces = dict(registries.items() + aggregates.items())
@@ -188,7 +93,7 @@ def install_peer_certs(server_key_file, server_cert_file):
         try:
             # get gid from the registry
             url = interfaces[new_hrn].get_url()
-            interface = interfaces[new_hrn].get_server(server_key_file, server_cert_file, timeout=30)
+            interface = interfaces[new_hrn].server_proxy(server_key_file, server_cert_file, timeout=30)
             # skip non sfa aggregates
             server_version = api.get_cached_server_version(interface)
             if 'sfa' not in server_version:
@@ -224,9 +129,9 @@ def update_cert_records(gids):
     Make sure there is a record in the registry for the specified gids. 
     Removes old records from the db.
     """
-    # import SfaTable here so this module can be loaded by ComponentAPI
-    from sfa.util.table import SfaTable
-    from sfa.util.record import SfaRecord
+    # import SfaTable here so this module can be loaded by PlcComponentApi
+    from sfa.storage.table import SfaTable
+    from sfa.storage.record import SfaRecord
     if not gids:
         return
     table = SfaTable()
@@ -267,21 +172,23 @@ def main():
          help="run component server", default=False)
     parser.add_option("-t", "--trusted-certs", dest="trusted_certs", action="store_true",
          help="refresh trusted certs", default=False)
-    parser.add_option("-v", "--verbose", action="count", dest="verbose", default=0,
-         help="verbose mode - cumulative")
     parser.add_option("-d", "--daemon", dest="daemon", action="store_true",
          help="Run as daemon.", default=False)
     (options, args) = parser.parse_args()
     
     config = Config()
-    if config.SFA_API_DEBUG: pass
+    logger.setLevelFromOptVerbose(config.SFA_API_LOGLEVEL)
+    
+
+    # ge the server's key and cert
     hierarchy = Hierarchy()
-    server_key_file = os.path.join(hierarchy.basedir, "server.key")
-    server_cert_file = os.path.join(hierarchy.basedir, "server.cert")
+    auth_info = hierarchy.get_interface_auth_info()
+    server_key_file = auth_info.get_privkey_filename()
+    server_cert_file = auth_info.get_gid_filename()
 
-    init_server_key(server_key_file, server_cert_file, config, hierarchy)
-    init_server(options, config)
- 
+    # ensure interface cert is present in trusted roots dir
+    trusted_roots = TrustedRoots(config.get_trustedroots_dir())
+    trusted_roots.add_gid(GID(filename=server_cert_file))
     if (options.daemon):  daemon()
     
     if options.trusted_certs: