X-Git-Url: http://git.onelab.eu/?a=blobdiff_plain;f=sfa%2Fserver%2Fsfa_component_setup.py;h=7cea637b1a62a155af9a63fa217ccd9c943ca92c;hb=51d3c942a330da5b1cb950d9b61a24ed53145410;hp=31320b35aaa9bfaadc52a71b5a971ddca0e69a79;hpb=ba29c3fd0bd7fd20765a8e29ac17fa41dce0a246;p=sfa.git diff --git a/sfa/server/sfa_component_setup.py b/sfa/server/sfa_component_setup.py index 31320b35..7cea637b 100755 --- a/sfa/server/sfa_component_setup.py +++ b/sfa/server/sfa_component_setup.py @@ -6,11 +6,26 @@ from optparse import OptionParser from sfa.util.config import Config import sfa.util.xmlrpcprotocol as xmlrpcprotocol from sfa.util.namespace import * +from sfa.util.faults import * from sfa.trust.certificate import Keypair, Certificate from sfa.trust.credential import Credential from sfa.trust.gid import GID from sfa.trust.hierarchy import Hierarchy +KEYDIR = "/var/lib/sfa/" +CONFDIR = "/etc/sfa/" + +def handle_gid_mismatch_exception(f): + def wrapper(*args, **kwds): + try: return f(*args, **kwds) + except ConnectionKeyGIDMismatch: + # clean regen server keypair and try again + print "cleaning keys and trying again" + clean_key_cred() + return f(args, kwds) + + return wrapper + def get_server(url=None, port=None, keyfile=None, certfile=None,verbose=False): """ returns an xmlrpc connection to the service a the specified @@ -45,6 +60,26 @@ def create_default_dirs(): for dir in all_dirs: if not os.path.exists(dir): os.makedirs(dir) + +def has_node_key(): + key_file = KEYDIR + os.sep + 'server.key' + return os.path.exists(key_file) + +def clean_key_cred(): + """ + remove the existing keypair and cred and generate new ones + """ + files = ["server.key", "server.cert", "node.cred"] + for f in files: + filepath = KEYDIR + os.sep + f + if os.path.isfile(filepath): + os.unlink(f) + + # install the new key pair + # get_credential will take care of generating the new keypair + # and credential + get_credential() + def get_node_key(registry=None, verbose=False): # this call requires no authentication, @@ -74,7 +109,8 @@ def create_server_keypair(keyfile=None, certfile=None, hrn="component", verbose= cert.set_pubkey(key) cert.sign() cert.save_to_file(certfile, save_parents=True) - + +@handle_gid_mismatch_exception def get_credential(registry=None, force=False, verbose=False): config = Config() hierarchy = Hierarchy() @@ -115,6 +151,7 @@ def get_credential(registry=None, force=False, verbose=False): return cred +@handle_gid_mismatch_exception def get_trusted_certs(registry=None, verbose=False): """ refresh our list of trusted certs. @@ -157,6 +194,7 @@ def get_trusted_certs(registry=None, verbose=False): print "Removing old gid ", gid_name os.unlink(trusted_certs_dir + os.sep + gid_name) +@handle_gid_mismatch_exception def get_gids(registry=None, verbose=False): """ Get the gid for all instantiated slices on this node and store it @@ -184,10 +222,26 @@ def get_gids(registry=None, verbose=False): # get a list of slices on this node from sfa.plc.api import ComponentAPI api = ComponentAPI() - slicenames = api.nodemanager.GetXIDs().keys() - hrns = [slicename_to_hrn(interface_hrn, slicename) for slicename in slicenames] - + xids_tuple = api.nodemanager.GetXIDs() + slices = eval(xids_tuple[1]) + slicenames = slices.keys() + # generate a list of slices that dont have gids installed + slices_without_gids = [] + for slicename in slicenames: + if not os.path.isfile("/vservers/%s/etc/slice.gid" % slicename) \ + or not os.path.isfile("/vservers/%s/etc/node.gid" % slicename): + slices_without_gids.append(slicename) + + # convert slicenames to hrns + hrns = [slicename_to_hrn(interface_hrn, slicename) \ + for slicename in slices_without_gids] + + # exit if there are no gids to install + print hrns + if not hrns: + return + if verbose: print "Getting gids for slices on this node from registry" # get the gids