X-Git-Url: http://git.onelab.eu/?a=blobdiff_plain;f=sfa%2Fserver%2Fsfa_component_setup.py;h=e35a40a60e64248baf700c5a938419da91a5efb2;hb=fad16c7d54b658b37a9b42fbee47b0d4f51cb8ec;hp=728c4337910f7a84aaa7110e996e2bc14e2667fa;hpb=657e8290ebbb4d6b6bcf337a3bc03aff9b42e62b;p=sfa.git diff --git a/sfa/server/sfa_component_setup.py b/sfa/server/sfa_component_setup.py index 728c4337..e35a40a6 100755 --- a/sfa/server/sfa_component_setup.py +++ b/sfa/server/sfa_component_setup.py @@ -1,17 +1,38 @@ #!/usr/bin/python +from __future__ import print_function + import sys import os import tempfile from optparse import OptionParser + +from sfa.util.faults import ConnectionKeyGIDMismatch from sfa.util.config import Config -import sfa.util.xmlrpcprotocol as xmlrpcprotocol -from sfa.util.namepace import * + from sfa.trust.certificate import Keypair, Certificate from sfa.trust.credential import Credential from sfa.trust.gid import GID from sfa.trust.hierarchy import Hierarchy -def get_server(url=None, port=None, keyfile=None, certfile=None,verbose=False): +from sfa.client.sfaserverproxy import SfaServerProxy + +from sfa.planetlab.plxrn import hrn_to_pl_slicename, slicename_to_hrn + +KEYDIR = "/var/lib/sfa/" +CONFDIR = "/etc/sfa/" + +def handle_gid_mismatch_exception(f): + def wrapper(*args, **kwds): + try: return f(*args, **kwds) + except ConnectionKeyGIDMismatch: + # clean regen server keypair and try again + print("cleaning keys and trying again") + clean_key_cred() + return f(args, kwds) + + return wrapper + +def server_proxy(url=None, port=None, keyfile=None, certfile=None,verbose=False): """ returns an xmlrpc connection to the service a the specified address @@ -29,9 +50,9 @@ def get_server(url=None, port=None, keyfile=None, certfile=None,verbose=False): url = "http://%(addr)s:%(port)s" % locals() if verbose: - print "Contacting registry at: %(url)s" % locals() + print("Contacting registry at: %(url)s" % locals()) - server = xmlrpcprotocol.get_server(url, keyfile, certfile) + server = SfaServerProxy(url, keyfile, certfile) return server @@ -45,6 +66,26 @@ def create_default_dirs(): for dir in all_dirs: if not os.path.exists(dir): os.makedirs(dir) + +def has_node_key(): + key_file = KEYDIR + os.sep + 'server.key' + return os.path.exists(key_file) + +def clean_key_cred(): + """ + remove the existing keypair and cred and generate new ones + """ + files = ["server.key", "server.cert", "node.cred"] + for f in files: + filepath = KEYDIR + os.sep + f + if os.path.isfile(filepath): + os.unlink(f) + + # install the new key pair + # GetCredential will take care of generating the new keypair + # and credential + GetCredential() + def get_node_key(registry=None, verbose=False): # this call requires no authentication, @@ -60,8 +101,8 @@ def get_node_key(registry=None, verbose=False): cert.sign() cert.save_to_file(certfile) - registry = get_server(url = registry, keyfile=keyfile, certfile=certfile) - registry.get_key() + registry = server_proxy(url = registry, keyfile=keyfile, certfile=certfile) + registry.get_key_from_incoming_ip() def create_server_keypair(keyfile=None, certfile=None, hrn="component", verbose=False): """ @@ -74,8 +115,9 @@ def create_server_keypair(keyfile=None, certfile=None, hrn="component", verbose= cert.set_pubkey(key) cert.sign() cert.save_to_file(certfile, save_parents=True) - -def get_credential(registry=None, force=False, verbose=False): + +@handle_gid_mismatch_exception +def GetCredential(registry=None, force=False, verbose=False): config = Config() hierarchy = Hierarchy() key_dir= hierarchy.basedir @@ -85,11 +127,11 @@ def get_credential(registry=None, force=False, verbose=False): # check for existing credential if not force and os.path.exists(credfile): if verbose: - print "Loading Credential from %(credfile)s " % locals() + print("Loading Credential from %(credfile)s " % locals()) cred = Credential(filename=credfile).save_to_string(save_parents=True) else: if verbose: - print "Getting credential from registry" + print("Getting credential from registry") # make sure node private key exists node_pkey_file = config_dir + os.sep + "node.key" node_gid_file = config_dir + os.sep + "node.gid" @@ -107,14 +149,15 @@ def get_credential(registry=None, force=False, verbose=False): create_server_keypair(keyfile, certfile, hrn, verbose) # get credential from registry - registry = get_server(url=registry, keyfile=keyfile, certfile=certfile) + registry = server_proxy(url=registry, keyfile=keyfile, certfile=certfile) cert = Certificate(filename=certfile) cert_str = cert.save_to_string(save_parents=True) - cred = registry.get_self_credential(cert_str, 'node', hrn) + cred = registry.GetSelfCredential(cert_str, 'node', hrn) Credential(string=cred).save_to_file(credfile, save_parents=True) return cred +@handle_gid_mismatch_exception def get_trusted_certs(registry=None, verbose=False): """ refresh our list of trusted certs. @@ -130,13 +173,13 @@ def get_trusted_certs(registry=None, verbose=False): node_gid = GID(filename=node_gid_file) hrn = node_gid.get_hrn() # get credential - cred = get_credential(registry=registry, verbose=verbose) + cred = GetCredential(registry=registry, verbose=verbose) # make sure server key cert pair exists create_server_keypair(keyfile=keyfile, certfile=certfile, hrn=hrn, verbose=verbose) - registry = get_server(url=registry, keyfile=keyfile, certfile=certfile) + registry = server_proxy(url=registry, keyfile=keyfile, certfile=certfile) # get the trusted certs and save them in the right place if verbose: - print "Getting trusted certs from registry" + print("Getting trusted certs from registry") trusted_certs = registry.get_trusted_certs(cred) trusted_gid_names = [] for gid_str in trusted_certs: @@ -146,7 +189,7 @@ def get_trusted_certs(registry=None, verbose=False): trusted_gid_names.append(relative_filename) gid_filename = trusted_certs_dir + os.sep + relative_filename if verbose: - print "Writing GID for %s as %s" % (gid.get_hrn(), gid_filename) + print("Writing GID for %s as %s" % (gid.get_hrn(), gid_filename)) gid.save_to_file(gid_filename, save_parents=True) # remove old certs @@ -154,9 +197,10 @@ def get_trusted_certs(registry=None, verbose=False): for gid_name in all_gids_names: if gid_name not in trusted_gid_names: if verbose: - print "Removing old gid ", gid_name + print("Removing old gid ", gid_name) os.unlink(trusted_certs_dir + os.sep + gid_name) +@handle_gid_mismatch_exception def get_gids(registry=None, verbose=False): """ Get the gid for all instantiated slices on this node and store it @@ -174,25 +218,41 @@ def get_gids(registry=None, verbose=False): hrn = node_gid.get_hrn() interface_hrn = config.SFA_INTERFACE_HRN # get credential - cred = get_credential(registry=registry, verbose=verbose) + cred = GetCredential(registry=registry, verbose=verbose) # make sure server key cert pair exists create_server_keypair(keyfile=keyfile, certfile=certfile, hrn=hrn, verbose=verbose) - registry = get_server(url=registry, keyfile=keyfile, certfile=certfile) + registry = server_proxy(url=registry, keyfile=keyfile, certfile=certfile) if verbose: - print "Getting current slices on this node" + print("Getting current slices on this node") # get a list of slices on this node - from sfa.plc.api import ComponentAPI - api = ComponentAPI() - slicenames = api.nodemanager.GetXIDs().keys() - hrns = [slicename_to_hrn(interface_hrn, slicename) for slicename in slicenames] - + from sfa.generic import Generic + generic=Generic.the_flavour() + api = generic.make_api(interface='component') + xids_tuple = api.driver.nodemanager.GetXIDs() + slices = eval(xids_tuple[1]) + slicenames = slices.keys() + # generate a list of slices that dont have gids installed + slices_without_gids = [] + for slicename in slicenames: + if not os.path.isfile("/vservers/%s/etc/slice.gid" % slicename) \ + or not os.path.isfile("/vservers/%s/etc/node.gid" % slicename): + slices_without_gids.append(slicename) + + # convert slicenames to hrns + hrns = [slicename_to_hrn(interface_hrn, slicename) \ + for slicename in slices_without_gids] + + # exit if there are no gids to install + if not hrns: + return + if verbose: - print "Getting gids for slices on this node from registry" + print("Getting gids for slices on this node from registry") # get the gids # and save them in the right palce - records = registry.get_gids(cred, hrns) + records = registry.GetGids(hrns, cred) for record in records: # if this isnt a slice record skip it if not record['type'] == 'slice': @@ -207,12 +267,12 @@ def get_gids(registry=None, verbose=False): gid = record['gid'] slice_gid_filename = os.sep.join([vserver_path, "etc", "slice.gid"]) if verbose: - print "Saving GID for %(slicename)s as %(slice_gid_filename)s" % locals() + print("Saving GID for %(slicename)s as %(slice_gid_filename)s" % locals()) GID(string=gid).save_to_file(slice_gid_filename, save_parents=True) # save the node gid in /etc/sfa node_gid_filename = os.sep.join([vserver_path, "etc", "node.gid"]) if verbose: - print "Saving node GID for %(slicename)s as %(node_gid_filename)s" % locals() + print("Saving node GID for %(slicename)s as %(node_gid_filename)s" % locals()) node_gid.save_to_file(node_gid_filename, save_parents=True) @@ -221,15 +281,15 @@ def dispatch(options, args): create_default_dirs() if options.key: if options.verbose: - print "Getting the component's pkey" + print("Getting the component's pkey") get_node_key(registry=options.registry, verbose=options.verbose) if options.certs: if options.verbose: - print "Getting the component's trusted certs" + print("Getting the component's trusted certs") get_trusted_certs(verbose=options.verbose) if options.gids: if options.verbose: - print "Geting the component's GIDs" + print("Geting the component's GIDs") get_gids(verbose=options.verbose) def main():