From: Thierry Parmentelat Date: Fri, 25 Nov 2011 08:56:20 +0000 (+0100) Subject: renamed plc-specific api call get_key into key_key_from_incoming_ip X-Git-Tag: sfa-2.0-1~6^2~23 X-Git-Url: http://git.onelab.eu/?a=commitdiff_plain;h=76057a5d838a5f2cdc5edf6e7658aba1dd92b8f3;p=sfa.git renamed plc-specific api call get_key into key_key_from_incoming_ip and move code in manager --- diff --git a/sfa/managers/registry_manager.py b/sfa/managers/registry_manager.py index 941e4b0d..e0e1db67 100644 --- a/sfa/managers/registry_manager.py +++ b/sfa/managers/registry_manager.py @@ -1,8 +1,12 @@ import types import time +# for get_key_from_incoming_ip +import tempfile +import os +import commands from sfa.util.faults import RecordNotFound, AccountNotEnabled, PermissionError, MissingAuthority, \ - UnknownSfaType, ExistingRecord + UnknownSfaType, ExistingRecord, NonExistingRecord from sfa.util.prefixTree import prefixTree from sfa.util.record import SfaRecord from sfa.util.table import SfaTable @@ -435,3 +439,66 @@ class RegistryManager: table.remove(record) return 1 + + def get_key_from_incoming_ip (self, api): + # verify that the callers's ip address exist in the db and is an interface + # for a node in the db + (ip, port) = api.remote_addr + interfaces = api.driver.GetInterfaces({'ip': ip}, ['node_id']) + if not interfaces: + raise NonExistingRecord("no such ip %(ip)s" % locals()) + nodes = api.driver.GetNodes([interfaces[0]['node_id']], ['node_id', 'hostname']) + if not nodes: + raise NonExistingRecord("no such node using ip %(ip)s" % locals()) + node = nodes[0] + + # look up the sfa record + table = SfaTable() + records = table.findObjects({'type': 'node', 'pointer': node['node_id']}) + if not records: + raise RecordNotFound("pointer:" + str(node['node_id'])) + record = records[0] + + # generate a new keypair and gid + uuid = create_uuid() + pkey = Keypair(create=True) + urn = hrn_to_urn(record['hrn'], record['type']) + gid_object = api.auth.hierarchy.create_gid(urn, uuid, pkey) + gid = gid_object.save_to_string(save_parents=True) + record['gid'] = gid + record.set_gid(gid) + + # update the record + table.update(record) + + # attempt the scp the key + # and gid onto the node + # this will only work for planetlab based components + (kfd, key_filename) = tempfile.mkstemp() + (gfd, gid_filename) = tempfile.mkstemp() + pkey.save_to_file(key_filename) + gid_object.save_to_file(gid_filename, save_parents=True) + host = node['hostname'] + key_dest="/etc/sfa/node.key" + gid_dest="/etc/sfa/node.gid" + scp = "/usr/bin/scp" + #identity = "/etc/planetlab/root_ssh_key.rsa" + identity = "/etc/sfa/root_ssh_key" + scp_options=" -i %(identity)s " % locals() + scp_options+="-o StrictHostKeyChecking=no " % locals() + scp_key_command="%(scp)s %(scp_options)s %(key_filename)s root@%(host)s:%(key_dest)s" %\ + locals() + scp_gid_command="%(scp)s %(scp_options)s %(gid_filename)s root@%(host)s:%(gid_dest)s" %\ + locals() + + all_commands = [scp_key_command, scp_gid_command] + + for command in all_commands: + (status, output) = commands.getstatusoutput(command) + if status: + raise Exception, output + + for filename in [key_filename, gid_filename]: + os.unlink(filename) + + return 1 diff --git a/sfa/methods/__init__.py b/sfa/methods/__init__.py index 0e47df60..8f35200e 100644 --- a/sfa/methods/__init__.py +++ b/sfa/methods/__init__.py @@ -23,7 +23,7 @@ Start Stop Update UpdateSliver -get_key +get_key_from_incoming_ip get_trusted_certs reset_slice """.split() diff --git a/sfa/methods/get_key.py b/sfa/methods/get_key.py deleted file mode 100644 index 1195d53a..00000000 --- a/sfa/methods/get_key.py +++ /dev/null @@ -1,85 +0,0 @@ -import os -import tempfile -import commands -from sfa.util.faults import NonExistingRecord, RecordNotFound -from sfa.util.xrn import hrn_to_urn -from sfa.util.method import Method -from sfa.util.parameter import Parameter -from sfa.util.table import SfaTable -from sfa.trust.certificate import Keypair -from sfa.trust.gid import create_uuid - -class get_key(Method): - """ - Generate a new keypair and gid for requesting caller (component). - @return 1 If successful - """ - - interfaces = ['registry'] - - accepts = [] - - returns = Parameter(int, "1 if successful, faults otherwise") - - def call(self): - # verify that the callers's ip address exist in the db and is an interface - # for a node in the db - (ip, port) = self.api.remote_addr - interfaces = self.api.driver.GetInterfaces({'ip': ip}, ['node_id']) - if not interfaces: - raise NonExistingRecord("no such ip %(ip)s" % locals()) - nodes = self.api.driver.GetNodes([interfaces[0]['node_id']], ['node_id', 'hostname']) - if not nodes: - raise NonExistingRecord("no such node using ip %(ip)s" % locals()) - node = nodes[0] - - # look up the sfa record - table = SfaTable() - records = table.findObjects({'type': 'node', 'pointer': node['node_id']}) - if not records: - raise RecordNotFound("pointer:" + str(node['node_id'])) - record = records[0] - - # generate a new keypair and gid - uuid = create_uuid() - pkey = Keypair(create=True) - urn = hrn_to_urn(record['hrn'], record['type']) - gid_object = self.api.auth.hierarchy.create_gid(urn, uuid, pkey) - gid = gid_object.save_to_string(save_parents=True) - record['gid'] = gid - record.set_gid(gid) - - # update the record - table.update(record) - - # attempt the scp the key - # and gid onto the node - # this will only work for planetlab based components - (kfd, key_filename) = tempfile.mkstemp() - (gfd, gid_filename) = tempfile.mkstemp() - pkey.save_to_file(key_filename) - gid_object.save_to_file(gid_filename, save_parents=True) - host = node['hostname'] - key_dest="/etc/sfa/node.key" - gid_dest="/etc/sfa/node.gid" - scp = "/usr/bin/scp" - #identity = "/etc/planetlab/root_ssh_key.rsa" - identity = "/etc/sfa/root_ssh_key" - scp_options=" -i %(identity)s " % locals() - scp_options+="-o StrictHostKeyChecking=no " % locals() - scp_key_command="%(scp)s %(scp_options)s %(key_filename)s root@%(host)s:%(key_dest)s" %\ - locals() - scp_gid_command="%(scp)s %(scp_options)s %(gid_filename)s root@%(host)s:%(gid_dest)s" %\ - locals() - - all_commands = [scp_key_command, scp_gid_command] - - for command in all_commands: - (status, output) = commands.getstatusoutput(command) - if status: - raise Exception, output - - for filename in [key_filename, gid_filename]: - os.unlink(filename) - - return 1 diff --git a/sfa/methods/get_key_from_incoming_ip.py b/sfa/methods/get_key_from_incoming_ip.py new file mode 100644 index 00000000..c7abb75b --- /dev/null +++ b/sfa/methods/get_key_from_incoming_ip.py @@ -0,0 +1,23 @@ +from sfa.util.method import Method +from sfa.util.parameter import Parameter +from sfa.util.sfalogging import logger + +class get_key_from_incoming_ip(Method): + """ + Generate a new keypair and gid for requesting caller (component/node). + This is a myplc-specific API call used by component manager + @return 1 If successful + """ + + interfaces = ['registry'] + + accepts = [] + + returns = Parameter(int, "1 if successful, faults otherwise") + + def call(self): + if hasattr(self.api.manager,'get_key_from_incoming_ip'): + return self.api.manager.get_key_from_incoming_ip (api) + else: + logger.warning("get_key_from_incoming_ip not supported by registry manager") + return 0 diff --git a/sfa/plc/plcomponentdriver.py b/sfa/plc/plcomponentdriver.py index c991bd67..07a655c6 100644 --- a/sfa/plc/plcomponentdriver.py +++ b/sfa/plc/plcomponentdriver.py @@ -51,7 +51,7 @@ class PlComponentDriver: cert.save_to_file(certfile) registry = self.get_registry() # the registry will scp the key onto the node - registry.get_key() + registry.get_key_from_incoming_ip() # override the method in SfaApi def getCredential(self): diff --git a/sfa/server/sfa_component_setup.py b/sfa/server/sfa_component_setup.py index ed1ee30e..3775391a 100755 --- a/sfa/server/sfa_component_setup.py +++ b/sfa/server/sfa_component_setup.py @@ -98,7 +98,7 @@ def get_node_key(registry=None, verbose=False): cert.save_to_file(certfile) registry = server_proxy(url = registry, keyfile=keyfile, certfile=certfile) - registry.get_key() + registry.get_key_from_incoming_ip() def create_server_keypair(keyfile=None, certfile=None, hrn="component", verbose=False): """