From: Tony Mack Date: Wed, 6 Jan 2010 02:26:29 +0000 (+0000) Subject: removing X-Git-Tag: sfa-0.9-8~4 X-Git-Url: http://git.onelab.eu/?a=commitdiff_plain;h=ba826c5d8c8105ef1069e3214bc13cc810b6e685;p=sfa.git removing --- diff --git a/sfacomponent/__init__.py b/sfacomponent/__init__.py deleted file mode 100644 index e69de29b..00000000 diff --git a/sfacomponent/component.py b/sfacomponent/component.py deleted file mode 100644 index bcb86ccf..00000000 --- a/sfacomponent/component.py +++ /dev/null @@ -1,275 +0,0 @@ -## -# Sfa Component Wrapper -# -# This wrapper implements the SFA Slice and Mgmt Interfaces on a node. -# -## - -import tempfile -import os -import sys -from xmlrpclib import ServerProxy - -from sfa.trust.certificate import Certificate, Keypair -from sfa.trust.gid import * -from sfa.trust.trustedroot import * - -from sfa.util.faults import * -from sfa.util.misc import * -from sfa.util.record import * -from sfa.util.sfaticket import SfaTicket -from sfa.util.server import * - -## -# ComponentManager is a SfaServer that serves slice and -# management operations at a node. - -class ComponentManager(SfaServer): - - ## - # Create a new ComponentManager object. - # - # @param ip the ip address to listen on - # @param port the port to listen on - # @param key_file private key filename of registry - # @param cert_file certificate filename containing public key (could be a GID file) - - def __init__(self, ip, port, key_file, cert_file): - SfaServer.__init__(self, ip, port, key_file, cert_file) - self.nodemanager = ServerProxy('http://127.0.0.1:812/') - - ## - # Register the server RPCs for the component - - def register_functions(self): - SfaServer.register_functions(self) - self.server.register_function(self.stop_slice) - self.server.register_function(self.start_slice) - self.server.register_function(self.reset_slice) - self.server.register_function(self.delete_slice) - self.server.register_function(self.list_slices) - self.server.register_function(self.redeem_ticket) - self.server.register_function(self.reboot) - - def sliver_exists(self, slicename): - dict = self.nodemanager.GetXIDs() - if slicename in dict.keys(): - return True - else: - return False - - # ------------------------------------------------------------------------ - # Slice Interface - - ## - # Stop a slice. - # - # @param cred a credential identifying the caller (callerGID) and the slice - # (objectGID) - - def stop_slice(self, cred_str): - self.decode_authentication(cred_str, "stopslice") - slicename = hrn_to_pl_slicename(self.object_gid.get_hrn()) - print "stopslice:", slicename - self.nodemanager.Stop(slicename) - - ## - # Start a slice. - # - # @param cred a credential identifying the caller (callerGID) and the slice - # (objectGID) - - def start_slice(self, cred_str): - self.decode_authentication(cred_str, "startslice") - slicename = hrn_to_pl_slicename(self.object_gid.get_hrn()) - print "startslice:", slicename - self.nodemanager.Start(slicename) - - ## - # Reset a slice. - # - # @param cred a credential identifying the caller (callerGID) and the slice - # (objectGID) - - def reset_slice(self, cred_str): - self.decode_authentication(cred_str, "resetslice") - slicename = hrn_to_pl_slicename(self.object_gid.get_hrn()) - print "resetslice:", slicename - - # find the existing record for the slice - if not self.sliver_exists(slicename): - raise SliverDoesNotExist(slicename) - - self.nodemanager.ReCreate(slicename) - - ## - # Delete a slice. - # - # @param cred a credential identifying the caller (callerGID) and the slice - # (objectGID) - - def delete_slice(self, cred_str): - self.decode_authentication(cred_str, "deleteslice") - slicename = hrn_to_pl_slicename(self.object_gid.get_hrn()) - print "deleteslice:", slicename - self.nodemanager.Destroy(slicename) - - ## - # Examine the ticket that was provided by the caller, check that it is - # signed and verified correctly. Throw an exception if something is - # wrong with the ticket. - # - # This is similar to decode_authentication - # - # @param ticket_string the string representation of the ticket - - def decode_ticket(self, ticket_string): - self.client_ticket = SfaTicket(string = ticket_string) - self.client_gid = self.client_ticket.get_gid_caller() - self.object_gid = self.client_ticket.get_gid_object() - - # make sure the client_gid is not blank - if not self.client_gid: - raise MissingCallerGID(self.client_ticket.get_subject()) - - # make sure the client_gid matches the certificate that the client is using - peer_cert = self.server.peer_cert - if not peer_cert.is_pubkey(self.client_gid.get_pubkey()): - raise ConnectionKeyGIDMismatch(self.client_gid.get_subject()) - - if self.trusted_cert_list: - self.client_ticket.verify_chain(self.trusted_cert_list) - if self.client_gid: - self.client_gid.verify_chain(self.trusted_cert_list) - if self.object_gid: - self.object_gid.verify_chain(self.trusted_cert_list) - - def sfa_ticket_to_plc_ticket(self, ticket): - ticket_attrs = ticket.get_attributes() - ticket_rspec = ticket.get_rspec() - - data = {} - rec = {} - attr_list = [] - - # sort out the initscript... The NM expects to receive an initscript name - # and a dictionary of initscripts. NM ends up discarding the initscript - # name and sticking the contents in the slice record. (technically, this - # is what we started with, but we have to provide the data in the format - # that the NM expects) - if ticket_attrs.get("initscript", None): - initscript_name = ticket_attrs.get("name") + "_initscript" - initscript_body = ticket_attrs.get("initscript") - data["initscripts"] = {"name": initscript_name, "script": initscript_body} - attr_dict["initscript"] = initscript_name - else: - data["initscripts"] = {} - - # copy the rspec attributes from the sfaticket into the plticket - # attributes. The NM will later copy them back out and put them into - # the rspec field of the slice record - for itemname in ticket_rspec.keys(): - attr = {"name": itemname, "value": ticket_rspec[itemname]} - attr_list.append(attr) - - # NM expects to receive a list of key dictionaries containing the - # keys. - keys = [] - for key in ticket_attrs.get("keys", []): - keys.append({"key": key}) - rec["keys"] = keys - - rec["name"] = ticket_attrs.get("name") - - rec["attributes"] = attr_list - rec["instantiation"] = ticket_attrs["instantiation"] - rec["slice_id"] = ticket_attrs["slice_id"] - - # XXX - this shouldn't be hardcoded; use the actual slice name - rec["delegations"] = "pl_genicw" - - data["timestamp"] = ticket_attrs.get("timestamp") - data["slivers"] = [rec] - - return data - - ## - # Redeem a ticket. - # - # The ticket is submitted to the node manager, and the slice is instantiated - # or updated as appropriate. - # - # TODO: This operation should return a sliver credential and indicate - # whether or not the component will accept only sliver credentials, or - # will accept both sliver and slice credentials. - # - # @param ticket_str the string representation of a ticket object - - def redeem_ticket(self, ticket_str): - self.decode_ticket(ticket_str) - ticket = self.client_ticket - - print "ticket received for", self.object_gid.get_hrn() - - pt = self.sfa_ticket_to_plc_ticket(ticket) - - print "plticket", pt - - str = xmlrpclib.dumps((pt,), allow_none=True) - self.nodemanager.AdminTicket(str) - - # TODO: should return a sliver credential - - # ------------------------------------------------------------------------ - # Slice Interface - - ## - # List the slices on a component. - # - # @param cred_str string representation of a credential object that - # authorizes the caller - # - # @return a list of slice names - - def list_slices(self, cred_str): - self.decode_authentication(cred_str, "listslices") - slice_names = self.nodemanager.GetXIDs().keys() - return slice_names - - # ------------------------------------------------------------------------ - # Management Interface - - ## - # Reboot the component. - # - # @param cred_str string representation of a credential object that - # authorizes the caller - - def reboot(self, cred_str): - self.decode_authentication(cred_str, "reboot") - system("/sbin/reboot") - - -if __name__ == "__main__": - global TrustedRoots - - key_file = "component.key" - cert_file = "component.cert" - - # if no key is specified, then make one up - if (not os.path.exists(key_file)) or (not os.path.exists(cert_file)): - key = Keypair(create=True) - key.save_to_file(key_file) - - cert = Certificate(subject="component") - cert.set_issuer(key=key, subject="component") - cert.set_pubkey(key) - cert.sign() - cert.save_to_file(cert_file) - - TrustedRoots = TrustedRootList() - - s = ComponentManager("", 12345, key_file, cert_file) - s.trusted_cert_list = TrustedRoots.get_list() - s.run() - diff --git a/sfacomponent/component_slice_config.sh b/sfacomponent/component_slice_config.sh deleted file mode 100644 index a878a71a..00000000 --- a/sfacomponent/component_slice_config.sh +++ /dev/null @@ -1,9 +0,0 @@ -USER=pl_genicw -# xxx this location is probably wrong now -KEY_FILE=../cmdline/test.pkey -DEST_DIR=/home/pl_genicw - -# for installing into the nodemanager -#USER=root -#KEY_FILE=root_ssh_key.rsa -#DEST_DIR=/usr/share/NodeManager diff --git a/sfacomponent/copynode.sh b/sfacomponent/copynode.sh deleted file mode 100755 index aacc266d..00000000 --- a/sfacomponent/copynode.sh +++ /dev/null @@ -1,8 +0,0 @@ -#!/bin/bash - -source component_slice_config.sh - -echo connecting to node: $1 -export FILES="component.py ../util/cert.py ../util/credential.py ../util/excep.py ../util/server.py ../util/sfaticket.py ../util/gid.py ../util/misc.py ../util/record.py ../util/rights.py ../util/report.py ../util/trustedroot.py ../plc/trusted_roots install" -echo $FILES -scp -i $KEY_FILE -r $FILES $USER@$1:$DEST_DIR diff --git a/sfacomponent/methods/__init__.py b/sfacomponent/methods/__init__.py deleted file mode 100644 index 96d2db7b..00000000 --- a/sfacomponent/methods/__init__.py +++ /dev/null @@ -1,11 +0,0 @@ -## Please use make index to update this file -all = """ -create_slice -delete_slice -list_slices -reset_slice -redeem_ticket -reboot -start_slice -stop_slice -""".split() diff --git a/sfacomponent/methods/delete_slice.py b/sfacomponent/methods/delete_slice.py deleted file mode 100644 index 19751fce..00000000 --- a/sfacomponent/methods/delete_slice.py +++ /dev/null @@ -1,40 +0,0 @@ -### $Id: delete_slice.py 15428 2009-10-23 15:28:03Z tmack $ -### $URL: https://svn.planet-lab.org/svn/sfa/trunk/sfacomponent/methods/delete_slice.py $ - -from sfa.util.faults import * -from sfa.util.misc import * -from sfa.util.method import Method -from sfa.util.parameter import Parameter, Mixed - -class delete_slice(Method): - """ - Delete the specified slice - - @param cred credential string specifying the rights of the caller - @param hrn human readable name of slice to instantiate - @return 1 is successful, faults otherwise - """ - - interfaces = ['component'] - - accepts = [ - Parameter(str, "Credential string"), - Parameter(str, "Human readable name of slice to instantiate"), - Mixed(Parameter(str, "Request hash"), - Parameter(None, "Request hash not specified")) - ] - - returns = [Parameter(int, "1 if successful")] - - def call(self, cred, hrn, request_hash=None): - # This cred will be an slice cred, not a user, so we cant use it to - # authenticate the caller's request_hash. Let just get the caller's gid - # from the cred and authenticate using that - client_gid = Credential(string=cred).get_gid_caller() - client_gid_str = client_gid.save_to_string(save_parents=True) - self.api.auth.authenticateGid(client_gid_str, [cred, hrn], request_hash) - self.api.auth.check(cred, 'deleteslice') - slicename = hrn_to_pl_slicename(hrn) - self.api.nodemanager.Destroy(slicename) - - return 1 diff --git a/sfacomponent/methods/list_slices.py b/sfacomponent/methods/list_slices.py deleted file mode 100644 index 5e7ea7c7..00000000 --- a/sfacomponent/methods/list_slices.py +++ /dev/null @@ -1,35 +0,0 @@ -### $Id: list_slices.py 15428 2009-10-23 15:28:03Z tmack $ -### $URL: https://svn.planet-lab.org/svn/sfa/trunk/sfacomponent/methods/list_slices.py $ - -from sfa.util.faults import * -from sfa.util.misc import * -from sfa.util.method import Method -from sfa.util.parameter import Parameter, Mixed - -class list_slices(Method): - """ - List the slices on a component - - @param cred credential string specifying the rights of the caller - @return list of slice names - """ - - interfaces = ['component'] - - accepts = [ - Parameter(str, "Credential string"), - ] - - returns = [Parameter(str, "slice name")] - - def call(self, cred, hrn, request_hash=None): - # This cred will be an slice cred, not a user, so we cant use it to - # authenticate the caller's request_hash. Let just get the caller's gid - # from the cred and authenticate using that - client_gid = Credential(string=cred).get_gid_caller() - client_gid_str = client_gid.save_to_string(save_parents=True) - self.api.auth.authenticateGid(client_gid_str, [cred, hrn], request_hash) - self.api.auth.check(cred, 'listslices') - slice_names = self.nodemanager.GetXIDs().keys() - - return slice_names diff --git a/sfacomponent/methods/reboot.py b/sfacomponent/methods/reboot.py deleted file mode 100644 index a5e6f27a..00000000 --- a/sfacomponent/methods/reboot.py +++ /dev/null @@ -1,30 +0,0 @@ -### $Id: reboot.py 15428 2009-10-23 15:28:03Z tmack $ -### $URL: https://svn.planet-lab.org/svn/sfa/trunk/sfacomponent/methods/reboot.py $ -import os -from sfa.util.faults import * -from sfa.util.misc import * -from sfa.util.method import Method -from sfa.util.parameter import Parameter, Mixed - -class reboot(Method): - """ - Reboot the component - - @param cred credential string specifying the rights of the caller - @return None - """ - - interfaces = ['component'] - - accepts = [ - Parameter(str, "Credential string"), - ] - - returns = None - - def call(self, cred, request_hash=None): - client_gid = Credential(string=cred).get_gid_caller() - client_gid_str = client_gid.save_to_string(save_parents=True) - self.api.auth.authenticateGid(client_gid_str, [cred], request_hash) - self.api.auth.check(cred, 'reboot') - os.system("/sbin/reboot") diff --git a/sfacomponent/methods/redeem_ticket.py b/sfacomponent/methods/redeem_ticket.py deleted file mode 100644 index 73518692..00000000 --- a/sfacomponent/methods/redeem_ticket.py +++ /dev/null @@ -1,56 +0,0 @@ -### $Id: reset_slice.py 15428 2009-10-23 15:28:03Z tmack $ -### $URL: https://svn.planet-lab.org/svn/sfa/trunk/sfacomponent/methods/reset_slice.py $ -import xmlrpclib -from sfa.util.faults import * -from sfa.util.misc import * -from sfa.util.method import Method -from sfa.util.parameter import Parameter, Mixed - -class redeem_ticket(Method): - """ - Reset the specified slice - - @param cred credential string specifying the rights of the caller - @param ticket - @return 1 is successful, faults otherwise - """ - - interfaces = ['component'] - - accepts = [ - Parameter(str, "Credential string representation of SFA credential"), - Parameter(str, "Ticket string representation of SFA ticket"), - Mixed(Parameter(str, "Request hash"), - Parameter(None, "Request hash not specified")) - ] - - returns = [Parameter(int, "1 if successful")] - - def call(self, cred, ticket, request_hash=None): - # This cred will be an slice cred, not a user, so we cant use it to - # authenticate the caller's request_hash. Let just get the caller's gid - # from the cred and authenticate using that - client_gid = Credential(string=cred).get_gid_caller() - client_gid_str = client_gid.save_to_string(save_parents=True) - self.api.auth.authenticateGid(client_gid_str, [cred, hrn], request_hash) - self.api.auth.check(cred, 'redeemticket') - - ticket = SfaTicket(string=ticket) - # XX we should verify the ticket, but we need the privste keys to do that - # maybe we should just pass the ticket to the authoriative registry to it - # verify the ticket for us - #ticket.verify(pkey) - # or - #self.api.registry.verify_ticket(ticket.save_to_string(save_parents=True)) - - ticket.decode() - hrn = ticket.attributes['slivers'][0]['hrn'] - slicename = hrn_to_pl_slicename(hrn) - if not self.api.sliver_exists(slicename): - raise SliverDoesNotExist(slicename) - - # convert ticket to format nm is used to - nm_ticket = xmlrpclib.dumps((ticket.attributes,), methodresponse=True) - self.api.nodemanager.AdminTicket(nm_ticket) - - return 1 diff --git a/sfacomponent/methods/reset_slice.py b/sfacomponent/methods/reset_slice.py deleted file mode 100644 index 9a1f8e4d..00000000 --- a/sfacomponent/methods/reset_slice.py +++ /dev/null @@ -1,43 +0,0 @@ -### $Id: reset_slice.py 15428 2009-10-23 15:28:03Z tmack $ -### $URL: https://svn.planet-lab.org/svn/sfa/trunk/sfacomponent/methods/reset_slice.py $ - -from sfa.util.faults import * -from sfa.util.misc import * -from sfa.util.method import Method -from sfa.util.parameter import Parameter, Mixed - -class reset_slice(Method): - """ - Reset the specified slice - - @param cred credential string specifying the rights of the caller - @param hrn human readable name of slice to instantiate - @return 1 is successful, faults otherwise - """ - - interfaces = ['component'] - - accepts = [ - Parameter(str, "Credential string"), - Parameter(str, "Human readable name of slice to instantiate"), - Mixed(Parameter(str, "Request hash"), - Parameter(None, "Request hash not specified")) - ] - - returns = [Parameter(int, "1 if successful")] - - def call(self, cred, hrn, request_hash=None): - # This cred will be an slice cred, not a user, so we cant use it to - # authenticate the caller's request_hash. Let just get the caller's gid - # from the cred and authenticate using that - client_gid = Credential(string=cred).get_gid_caller() - client_gid_str = client_gid.save_to_string(save_parents=True) - self.api.auth.authenticateGid(client_gid_str, [cred, hrn], request_hash) - self.api.auth.check(cred, 'resetslice') - slicename = hrn_to_pl_slicename(hrn) - if not self.api.sliver_exists(slicename): - raise SliverDoesNotExist(slicename) - - self.api.nodemanager.ReCreate(slicename) - - return 1 diff --git a/sfacomponent/methods/start_slice.py b/sfacomponent/methods/start_slice.py deleted file mode 100644 index 2ef49b0a..00000000 --- a/sfacomponent/methods/start_slice.py +++ /dev/null @@ -1,40 +0,0 @@ -### $Id: start_slice.py 15428 2009-10-23 15:28:03Z tmack $ -### $URL: https://svn.planet-lab.org/svn/sfa/trunk/sfacomponent/methods/start_slice.py $ - -from sfa.util.faults import * -from sfa.util.misc import * -from sfa.util.method import Method -from sfa.util.parameter import Parameter, Mixed - -class start_slice(Method): - """ - Start the specified slice - - @param cred credential string specifying the rights of the caller - @param hrn human readable name of slice to instantiate - @return 1 is successful, faults otherwise - """ - - interfaces = ['component'] - - accepts = [ - Parameter(str, "Credential string"), - Parameter(str, "Human readable name of slice to instantiate"), - Mixed(Parameter(str, "Request hash"), - Parameter(None, "Request hash not specified")) - ] - - returns = [Parameter(int, "1 if successful")] - - def call(self, cred, hrn, request_hash=None): - # This cred will be an slice cred, not a user, so we cant use it to - # authenticate the caller's request_hash. Let just get the caller's gid - # from the cred and authenticate using that - client_gid = Credential(string=cred).get_gid_caller() - client_gid_str = client_gid.save_to_string(save_parents=True) - self.api.auth.authenticateGid(client_gid_str, [cred, hrn], request_hash) - self.api.auth.check(cred, 'startslice') - slicename = hrn_to_pl_slicename(hrn) - self.api.nodemanager.Start(slicename) - - return 1 diff --git a/sfacomponent/methods/stop_slice.py b/sfacomponent/methods/stop_slice.py deleted file mode 100644 index 6fe6903c..00000000 --- a/sfacomponent/methods/stop_slice.py +++ /dev/null @@ -1,40 +0,0 @@ -### $Id: stop_slice.py 15428 2009-10-23 15:28:03Z tmack $ -### $URL: https://svn.planet-lab.org/svn/sfa/trunk/sfacomponent/methods/stop_slice.py $ - -from sfa.util.faults import * -from sfa.util.misc import * -from sfa.util.method import Method -from sfa.util.parameter import Parameter, Mixed - -class stop_slice(Method): - """ - Stop the specified slice - - @param cred credential string specifying the rights of the caller - @param hrn human readable name of slice to instantiate - @return 1 is successful, faults otherwise - """ - - interfaces = ['component'] - - accepts = [ - Parameter(str, "Credential string"), - Parameter(str, "Human readable name of slice to instantiate"), - Mixed(Parameter(str, "Request hash"), - Parameter(None, "Request hash not specified")) - ] - - returns = Parameter(int, "1 if successful") - - def call(self, cred, hrn, request_hash=None): - # This cred will be an slice cred, not a user, so we cant use it to - # authenticate the caller's request_hash. Let just get the caller's gid - # from the cred and authenticate using that - client_gid = Credential(string=cred).get_gid_caller() - client_gid_str = client_gid.save_to_string(save_parents=True) - self.api.auth.authenticateGid(client_gid_str, [cred, hrn], request_hash) - self.api.auth.check(cred, 'stopslice') - slicename = hrn_to_pl_slicename(hrn) - self.api.nodemanager.Stop(slicename) - - return 1 diff --git a/sfacomponent/plc/__init__.py b/sfacomponent/plc/__init__.py deleted file mode 100644 index e69de29b..00000000 diff --git a/sfacomponent/plc/api.py b/sfacomponent/plc/api.py deleted file mode 100644 index 7d581b41..00000000 --- a/sfacomponent/plc/api.py +++ /dev/null @@ -1,49 +0,0 @@ -# -# SFA XML-RPC and SOAP interfaces -# -### $Id: api.py 15596 2009-10-31 21:42:05Z anil $ -### $URL: https://svn.planet-lab.org/svn/sfa/trunk/sfa/plc/api.py $ -# - -import sys -import os -import traceback -from xmlrpclib import ServerProxy -from sfa.util.api import * - - -class ComponentAPI(BaseAPI): - - - def __init__(self, config = "/etc/sfa/sfa_config", encoding = "utf-8", methods='sfacomponent.methods', - peer_cert = None, interface = None, key_file = None, cert_file = None): - - BaseAPI.__init__(self, config=config, encoding=encoding, methods=methods, peer_cert=peer_cert, - interface=interface, key_file=key_file, cert_file=cert_file) - self.encoding = encoding - - # Better just be documenting the API - if config is None: - return - - self.nodemanager = self.getNodeManagerShell() - - - - def getNodeManagerShell(self): - # do we need an auth ? - auth = {} - try: - nodemanager = xmlrpclib.ServerProxy('http://127.0.0.1:812') - except: - raise - - return nodemanager - - def sliver_exists(self): - sliver_dict = self.nodemanager.GetXIDs() - if slicename in sliver_dict.keys(): - return True - else: - return False - diff --git a/sfacomponent/server/__init__.py b/sfacomponent/server/__init__.py deleted file mode 100644 index e69de29b..00000000 diff --git a/sfacomponent/server/component.py b/sfacomponent/server/component.py deleted file mode 100644 index 34aadc90..00000000 --- a/sfacomponent/server/component.py +++ /dev/null @@ -1,38 +0,0 @@ -# -# Component is a SfaServer that implements the Component interface -# -### $Id: -### $URL: -# - -import tempfile -import os -import time -import sys - -from sfa.util.server import SfaServer -from sfacomponent.plc.api import ComponentAPI - -# GeniLight client support is optional -try: - from egeni.geniLight_client import * -except ImportError: - GeniClientLight = None - -## -# Component is a SfaServer that serves component operations. - -class Component(SfaServer): - ## - # Create a new registry object. - # - # @param ip the ip address to listen on - # @param port the port to listen on - # @param key_file private key filename of registry - # @param cert_file certificate filename containing public key (could be a GID file) - - def __init__(self, ip, port, key_file, cert_file): - SfaServer.__init__(self, ip, port, key_file, cert_file) - # re-initialize the servers api as Component api - self.server.api = ComponentAPI(interface='component', key_file=key_file, cert_file=cert_file) - self.server.interface = 'component' diff --git a/sfacomponent/server/sfa-component-server.py b/sfacomponent/server/sfa-component-server.py deleted file mode 100755 index 0cc0781b..00000000 --- a/sfacomponent/server/sfa-component-server.py +++ /dev/null @@ -1,89 +0,0 @@ -#!/usr/bin/python -# -### $Id: sfa-compnent-server.py -### $URL: - -# This wrapper implements the SFA Component Interfaces on PLC. -# -# There are several items that need to be done before starting the wrapper -# server. -# -# (requirements coming soon) -## - -# TCP ports for the component server -component_port=12346 - -import os, os.path -from optparse import OptionParser - -from sfacomponent.server.component import Component -from sfa.trust.trustedroot import TrustedRootList -from sfa.trust.certificate import Keypair, Certificate -from sfa.trust.hierarchy import Hierarchy -from sfa.util.config import Config - -# after http://www.erlenstar.demon.co.uk/unix/faq_2.html -def daemon(): - """Daemonize the current process.""" - if os.fork() != 0: os._exit(0) - os.setsid() - if os.fork() != 0: os._exit(0) - os.umask(0) - devnull = os.open(os.devnull, os.O_RDWR) - os.dup2(devnull, 0) - # xxx fixme - this is just to make sure that nothing gets stupidly lost - should use devnull - crashlog = os.open('/var/log/sfa.daemon', os.O_RDWR | os.O_APPEND | os.O_CREAT, 0644) - os.dup2(crashlog, 1) - os.dup2(crashlog, 2) - -def main(): - # xxx get rid of globals - name consistently CamelCase or under_score - global AuthHierarchy - global TrustedRoots - global component_port - - # Generate command line parser - parser = OptionParser(usage="sfa-component-server [options]") - parser.add_option("-v", "--verbose", dest="verbose", action="store_true", - help="verbose mode", default=False) - parser.add_option("-d", "--daemon", dest="daemon", action="store_true", - help="Run as daemon.", default=False) - (options, args) = parser.parse_args() - - hierarchy = Hierarchy() - path = hierarchy.basedir - key_file = os.path.join(path, "server.key") - cert_file = os.path.join(path, "server.cert") - - # XX TODO: Subject should be the node's hrn - subject = "component" - if (options.daemon): daemon() - - if (os.path.exists(key_file)) and (not os.path.exists(cert_file)): - # If private key exists and cert doesnt, recreate cert - key = Keypair(filename=key_file) - cert = Certificate(subject=subject) - cert.set_issuer(key=key, subject=subject) - cert.set_pubkey(key) - cert.sign() - cert.save_to_file(cert_file) - - elif (not os.path.exists(key_file)) or (not os.path.exists(cert_file)): - # if no key is specified, then make one up - key = Keypair(create=True) - key.save_to_file(key_file) - cert = Certificate(subject=subject) - cert.set_issuer(key=key, subject=subject) - cert.set_pubkey(key) - cert.sign() - cert.save_to_file(cert_file) - - AuthHierarchy = Hierarchy() - - TrustedRoots = TrustedRootList(Config().get_trustedroots_dir()) - component = Component("", component_port, key_file, cert_file) - component.start() - -if __name__ == "__main__": - main() diff --git a/sfacomponent/sshnode.sh b/sfacomponent/sshnode.sh deleted file mode 100755 index 5f5533e1..00000000 --- a/sfacomponent/sshnode.sh +++ /dev/null @@ -1,4 +0,0 @@ -source component_slice_config.sh - -echo connecting to node: $1 -ssh -i $KEY_FILE $USER@$1