From: Barış Metin Date: Mon, 11 Oct 2010 14:06:05 +0000 (+0200) Subject: fix merge between onelab and princeton repositories X-Git-Tag: nodemanager-2.0-20~1 X-Git-Url: http://git.onelab.eu/?a=commitdiff_plain;h=e6f233023651a7bad3d7522d8db16ecd064cf463;hp=65023ffaf57f8efc693927395587db33eac09691;p=nodemanager.git fix merge between onelab and princeton repositories --- diff --git a/NodeManager.spec b/NodeManager.spec index b504233..ebf16d4 100644 --- a/NodeManager.spec +++ b/NodeManager.spec @@ -141,6 +141,8 @@ rm -rf $RPM_BUILD_ROOT - sfagids plugin deleted - band-aid patch for lack of GetSliceFamily removed +* Mon Aug 23 2010 S.Çağlar Onur - nodemanager-2.0-18 + * Fri Jul 16 2010 Thierry Parmentelat - nodemanager-2.0-17 - revert curlwrapper to former forking-curl version - fixes in the omf plugin for ssh key location and node hrn diff --git a/plugins/sfagids.py b/plugins/sfagids.py new file mode 100644 index 0000000..e7e2b1a --- /dev/null +++ b/plugins/sfagids.py @@ -0,0 +1,169 @@ +#!/usr/bin/python -tt +# vim:set ts=4 sw=4 expandtab: +# +# $Id$ +# $URL$ +# +# NodeManager plugin for installing SFA GID's in slivers +# + +import os +import sys +sys.path.append('/usr/share/NodeManager') +import logger +import traceback +import tempfile +try: + from sfa.util.namespace import * + from sfa.util.config import Config + import sfa.util.xmlrpcprotocol as xmlrpcprotocol + from sfa.trust.certificate import Keypair, Certificate + from sfa.trust.credential import Credential + from sfa.trust.gid import GID + from sfa.trust.hierarchy import Hierarchy + from sfa.plc.api import ComponentAPI + sfa = True +except: + sfa = None + +def start(): + logger.log("sfagid: plugin starting up ...") + if not sfa: + return + keyfile, certfile = get_keypair(None) + api = ComponentAPI(key_file=keyfile, cert_file=certfile) + api.get_node_key() + +def GetSlivers(data, config=None, plc=None): + if not sfa: + return + + keyfile, certfile = get_keypair(config) + api = ComponentAPI(key_file=keyfile, cert_file=certfile) + slivers = [sliver['name'] for sliver in data['slivers']] + install_gids(api, slivers) + install_trusted_certs(api) + +def install_gids(api, slivers): + # install node gid + node_gid_file = api.config.config_path + os.sep + "node.gid" + node_gid = GID(filename=node_gid_file) + node_gid_str = node_gid.save_to_string(save_parents=True) + node_hrn = node_gid.get_hrn() + + # get currently installed slice and node gids + interface_hrn = api.config.SFA_INTERFACE_HRN + slice_gids = {} + node_gids = {} + for slicename in slivers: + slice_gid_filename = "/vservers/%s/etc/slice.gid" % slicename + node_gid_filename = "/vservers/%s/etc/node.gid" % slicename + if os.path.isfile(slice_gid_filename): + gid_file = open(slice_gid_filename, 'r') + slice_gids[sliver] = gid_file.read() + gid_file.close() + if os.path.isfile(node_gid_filename): + gid_file = open(node_gid_filename, 'r') + node_gids[sliver] = gid_file.read() + gid_file.close() + + # convert slicenames to hrns + hrns = [slicename_to_hrn(interface_hrn, slicename) \ + for slicename in slivers] + + # get current gids from registry + cred = api.getCredential() + registry = api.get_registry() + #records = registry.GetGids(cred, hrns) + records = registry.get_gids(cred, hrns) + for record in records: + # skip if this isnt a slice record + if not record['type'] == 'slice': + continue + vserver_path = "/vservers/%(slicename)s" % locals() + # skip if the slice isnt instantiated + if not os.path.exists(vserver_path): + continue + + # install slice gid if it doesnt already exist or has changed + slice_gid_str = record['gid'] + slicename = hrn_to_pl_slicename(record['hrn']) + if slicename not in slice_gids or slice_gids[slicename] != slice_gid_str: + gid_filename = os.sep.join([vserver_path, "etc", "slice.gid"]) + GID(string=slice_gid_str).save_to_file(gid_filename, save_parents=True) + + # install slice gid if it doesnt already exist or has changed + if slicename not in node_gids or node_gids[slicename] != node_gid_str: + gid_filename = os.sep.join([vserver_path, "etc", "node.gid"]) + GID(string=node_gid_str).save_to_file(gid_filename, save_parents=True) + +def install_trusted_certs(api): + cred = api.getCredential() + registry = api.get_registry() + trusted_certs = registry.get_trusted_certs(cred) + trusted_gid_names = [] + for gid_str in trusted_certs: + gid = GID(string=gid_str) + gid.decode() + relative_filename = gid.get_hrn() + ".gid" + trusted_gid_names.append(relative_filename) + gid_filename = trusted_certs_dir + os.sep + relative_filename + if verbose: + print "Writing GID for %s as %s" % (gid.get_hrn(), gid_filename) + gid.save_to_file(gid_filename, save_parents=True) + + # remove old certs + all_gids_names = os.listdir(trusted_certs_dir) + for gid_name in all_gids_names: + if gid_name not in trusted_gid_names: + if verbose: + print "Removing old gid ", gid_name + os.unlink(trusted_certs_dir + os.sep + gid_name) + + + + +def get_keypair(config = None): + if not config: + config = Config() + hierarchy = Hierarchy() + key_dir= hierarchy.basedir + data_dir = config.data_path + keyfile =data_dir + os.sep + "server.key" + certfile = data_dir + os.sep + "server.cert" + + # check if files already exist + if os.path.exists(keyfile) and os.path.exists(certfile): + return (keyfile, certfile) + + # create temp keypair server key and certificate + (_, tmp_keyfile) = tempfile.mkstemp(suffix='.pkey', prefix='tmpkey', dir='/tmp') + (_, tmp_certfile) = tempfile.mkstemp(suffix='.cert', prefix='tmpcert', dir='/tmp') + tmp_key = Keypair(create=True) + tmp_key.save_to_file(tmp_keyfile) + tmp_cert = Certificate(subject='subject') + tmp_cert.set_issuer(key=tmp_key, subject='subject') + tmp_cert.set_pubkey(tmp_key) + tmp_cert.save_to_file(tmp_certfile, save_parents=True) + + # request real pkey from registry + api = ComponentAPI(key_file=tmp_keyfile, cert_file=tmp_certfile) + registry = api.get_registry() + registry.get_key() + key = Keypair(filename=keyfile) + cert = Certificate(subject=hrn) + cert.set_issuer(key=key, subject=hrn) + cert.set_pubkey(key) + cert.sign() + cert.save_to_file(certfile, save_parents=True) + return (keyfile, certfile) + + +if __name__ == '__main__': + test_slivers = {'slivers': [ + {'name': 'tmacktestslice', 'attributes': []} + ]} + start() + GetSlivers(test_slivers) + + diff --git a/sliver_vs.py b/sliver_vs.py index ea0d21d..ed81f94 100644 --- a/sliver_vs.py +++ b/sliver_vs.py @@ -80,7 +80,10 @@ class Sliver_VS(accounts.Account, vserver.VServer): logger.verbose('sliver_vs: %s: create'%name) if vref is None: logger.log("sliver_vs: %s: ERROR - no vref attached, this is unexpected"%(name)) - return + # band-aid for short period as old API doesn't have GetSliceFamily function + vref = "planetlab-f8-i386" + #return + # used to look in /etc/planetlab/family, # now relies on the 'GetSliceFamily' extra attribute in GetSlivers() # which for legacy is still exposed here as the 'vref' key