From 61a70fc51dbd291fdbd6baa2d45e352696e816b2 Mon Sep 17 00:00:00 2001 From: Thierry Parmentelat Date: Tue, 31 Jan 2012 17:01:17 +0100 Subject: [PATCH] multiuser sfa (pi only adds user in slice, slice handling done by user, different ssh keys) --- system/TestSliceSfa.py | 64 +++++++++++++++++++++++++++++----------- system/config_default.py | 53 ++++++++++++++++++++++++++++----- 2 files changed, 92 insertions(+), 25 deletions(-) diff --git a/system/TestSliceSfa.py b/system/TestSliceSfa.py index 7f8c2f3..c50466d 100644 --- a/system/TestSliceSfa.py +++ b/system/TestSliceSfa.py @@ -31,10 +31,19 @@ class TestSliceSfa: def rspec_style (self): return self.sfa_slice_spec['rspec_style'] - def hrn(self): - root_auth=self.test_plc.plc_spec['sfa']['SFA_REGISTRY_ROOT_AUTH'] - return "%s.%s.%s"%(root_auth,self.login_base,self.slicename) -# def resname (self,name,ext): return "%s_%s.%s"%(self.slicename,name,ext) + # the hrn for the site + def site_hrn (self): + return "%s.%s"%(self.test_plc.plc_spec['sfa']['SFA_REGISTRY_ROOT_AUTH'], + self.login_base) + + # something in the site (users typically) + def qualified_hrn (self, name): + return "%s.%s"%(self.site_hrn(),name) + + # the slice hrn + def hrn(self): return self.qualified_hrn (self.slicename) + + # result name def resname (self,name,ext): return "%s.%s"%(name,ext) def addslicefile (self): return self.resname("addslice","xml") @@ -42,9 +51,10 @@ class TestSliceSfa: def adfile (self): return self.resname("ad","rspec") def reqfile (self): return self.resname("req","rspec") def nodefile (self): return self.resname("nodes","txt") + # xxx this needs tweaks with more recent versions of sfa that have pgv2 as the default ? def discover_option(self): if self.rspec_style()=='pg': return "-r protogeni" - else: return "" + else: return "" def sfi_path (self): return "/root/sfi/%s"%self.slicename @@ -60,16 +70,24 @@ class TestSliceSfa: return (found,privatekey) # dir_name is local and will be pushed later on by TestPlc + # by default set SFI_USER to the pi, we'll overload this + # on the command line when needed def sfi_config (self,dir_name): plc_spec=self.test_plc.plc_spec sfa_spec=self.sfa_spec sfa_slice_spec=self.sfa_slice_spec - # - file_name=dir_name + os.sep + self.piuser + '.pkey' + # store private key for sfa pi user + file_name=dir_name + os.sep + self.qualified_hrn (self.piuser) + '.pkey' fileconf=open(file_name,'w') fileconf.write (plc_spec['keys'][0]['private']) fileconf.close() utils.header ("(Over)wrote %s"%file_name) + # store private key for sfa regular user + file_name=dir_name + os.sep + self.qualified_hrn(self.regularuser) + '.pkey' + fileconf=open(file_name,'w') + fileconf.write (plc_spec['keys'][1]['private']) + fileconf.close() + utils.header ("(Over)wrote %s"%file_name) # file_name=dir_name + os.sep + self.addpersonfile() fileconf=open(file_name,'w') @@ -80,7 +98,7 @@ class TestSliceSfa: # file_name=dir_name + os.sep + 'sfi_config' fileconf=open(file_name,'w') - SFI_AUTH="%s.%s"%(sfa_spec['SFA_REGISTRY_ROOT_AUTH'],self.login_base) + SFI_AUTH="%s"%(self.site_hrn()) fileconf.write ("SFI_AUTH='%s'"%SFI_AUTH) fileconf.write('\n') SFI_USER=SFI_AUTH + '.' + self.piuser @@ -110,29 +128,38 @@ class TestSliceSfa: def sfa_delete_user (self, options): return TestUserSfa(self.test_plc, self.sfa_slice_spec, self).delete_user() + # run as pi + def sfi_pi (self, command): + return "sfi.py -d %s -u %s %s"%(self.sfi_path(),self.qualified_hrn(self.piuser), command,) + # the sfi.py command line option to run as a regular user + def sfi_user (self, command): + return "sfi.py -d %s -u %s %s"%(self.sfi_path(),self.qualified_hrn(self.regularuser), command,) # those are step names exposed as methods of TestPlc, hence the _sfa def sfa_view (self, options): - "run sfi.py list and sfi.py show (both on Registry) and sfi.py slices (on SM)" + "run (as regular user) sfi list and sfi show (both on Registry) and sfi slices (on SM)" root_auth=self.test_plc.plc_spec['sfa']['SFA_REGISTRY_ROOT_AUTH'] return \ - self.test_plc.run_in_guest("sfi.py -d %s list %s.%s"%(self.sfi_path(),root_auth,self.login_base))==0 and \ - self.test_plc.run_in_guest("sfi.py -d %s show %s.%s"%(self.sfi_path(),root_auth,self.login_base))==0 and \ - self.test_plc.run_in_guest("sfi.py -d %s slices"%self.sfi_path())==0 + self.test_plc.run_in_guest(self.sfi_user("list %s"%(self.site_hrn())))==0 and \ + self.test_plc.run_in_guest(self.sfi_user("show %s"%(self.site_hrn())))==0 and \ + self.test_plc.run_in_guest(self.sfi_user("slices"))==0 + # needs to be run as pi def sfa_add_slice(self,options): - return self.test_plc.run_in_guest("sfi.py -d %s add %s"%(self.sfi_path(),self.addslicefile()))==0 + return self.test_plc.run_in_guest(self.sfi_pi("add %s"%(self.addslicefile())))==0 + # run as user def sfa_discover(self,options): - return self.test_plc.run_in_guest("sfi.py -d %s resources %s -o %s/%s"%\ - (self.sfi_path(),self.discover_option(),self.sfi_path(),self.adfile()))==0 + return self.test_plc.run_in_guest(self.sfi_user(\ + "resources %s -o %s/%s"% (self.discover_option(),self.sfi_path(),self.adfile())))==0 + # run sfi create as a regular user def sfa_create_slice(self,options): commands=[ "sfiListNodes.py -i %s/%s -o %s/%s"%(self.sfi_path(),self.adfile(),self.sfi_path(),self.nodefile()), "sfiAddSliver.py -i %s/%s -n %s/%s -o %s/%s"%\ (self.sfi_path(),self.adfile(),self.sfi_path(),self.nodefile(),self.sfi_path(),self.reqfile()), - "sfi.py -d %s create %s %s"%(self.sfi_path(),self.hrn(),self.reqfile()), + self.sfi_user("create %s %s"%(self.hrn(),self.reqfile())), ] for command in commands: if self.test_plc.run_in_guest(command)!=0: return False @@ -157,9 +184,10 @@ class TestSliceSfa: def sfa_update_slice(self,options): return self.sfa_create_slice(options) + # run as pi def sfa_delete_slice(self,options): - self.test_plc.run_in_guest("sfi.py -d %s delete %s"%(self.sfi_path(),self.hrn())) - return self.test_plc.run_in_guest("sfi.py -d %s remove -t slice %s"%(self.sfi_path(),self.hrn()))==0 + self.test_plc.run_in_guest(self.sfi_pi("delete %s"%(self.hrn(),))) + return self.test_plc.run_in_guest(self.sfi_pi("remove -t slice %s"%(self.hrn(),)))==0 # check the resulting sliver def ssh_slice_sfa(self,options,timeout_minutes=40,silent_minutes=30,period=15): diff --git a/system/config_default.py b/system/config_default.py index 2c280fa..80618d4 100644 --- a/system/config_default.py +++ b/system/config_default.py @@ -144,14 +144,52 @@ BO+VyPNWF+kDNI8mSUwi7jLW6liMdhNOmDaSX0+0X8CHtK898xM= -----END RSA PRIVATE KEY----- """ +### another keypair for the SFA user +public_key2="""ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDQLvh5LkrjyLIr9UJznTJHMnqjdqzRdc9ekVmI9bx/5X4flnGtPBsr6bK/CPXmWjS2Vw0QOxi1NM45qkQJZXxroS0aehCCrvJRHgp/LOZykWCyNKqVopq9w0kH4jw1KFGIuwWROpOcMq2d/kAwyr6RV/W66KNVqu2XDiNOPJLcuZCuKrH++q3fPyP2zHSJ/irew7vwqIXbDSnVvvyRXYgc9KlR57L4BWthXcUofHlje8wKq7nWBQIUslYtJDryJg5tBvJIFfCFGmWZy0WJlGJd+yppI5jRvt9c6n9HyJKN22lUBTaTaDFvo+Xu5GEazLKG/v8h/o5WpxrrE6Y3TKeX user@test.onelab.eu +""" + +private_key2=""" +-----BEGIN RSA PRIVATE KEY----- +MIIEpAIBAAKCAQEA0C74eS5K48iyK/VCc50yRzJ6o3as0XXPXpFZiPW8f+V+H5Zx +rTwbK+myvwj15lo0tlcNEDsYtTTOOapECWV8a6EtGnoQgq7yUR4KfyzmcpFgsjSq +laKavcNJB+I8NShRiLsFkTqTnDKtnf5AMMq+kVf1uuijVartlw4jTjyS3LmQriqx +/vqt3z8j9sx0if4q3sO78KiF2w0p1b78kV2IHPSpUeey+AVrYV3FKHx5Y3vMCqu5 +1gUCFLJWLSQ68iYObQbySBXwhRplmctFiZRiXfsqaSOY0b7fXOp/R8iSjdtpVAU2 +k2gxb6Pl7uRhGsyyhv7/If6OVqca6xOmN0ynlwIDAQABAoIBADZnwAmzPmEO5vkz +7DzYnPYcTA6CCiHnPt1A8Pwo9C0cZXyNzYFvTs6IEW15QwIDGvl4AHL4brmUZjyN +saAfBIgAJBBiTARLAgqO5kFcE5FnSrTnrJjUWMo0ydYkmoVt1vj7nzXX8BGG8PZ0 +JoRZx7mmGhLRjzXpKJQsXq+ohtzlrSoOzkx9jKqCOerhsZGBAIMl/w+gfePWoU6q +Q/NPHM0ckgvzNRs7x+AMcCtIn+xZIBzbLTKpoEI3dIvMf46ghAG5mTc08OJjqHaS +faTUyp828teAVLtWxAAv2JKcplEnjsDNU8KOGIFkUkwLNTTvwc0pCVYwyDKVxtl3 +Hv76T5ECgYEA6wiun6IHfY5a4Wcn+vrUsrt3atikiBMiXvZk7ZmU5HKc72+c4mVh +frmwF8F355ncI3w63/3CKfP+X4yvsHoR+ps27t2hMMfGco7j3bMDHHpo9n04/1ZX +pYP2RlPz4EKAhD2Wi0sgTsxchwrL42qkuolmzT4TWN32xjF2ZwhCDh8CgYEA4sEf +VY+jVrMNHoHG/v1UN8nBzF5g6PwHtoo4GrFd4pMb9wo6LX4ib4FGRQfSjZ4kQ0KB +Qxrl7xLw4GlYKnYqAqgZ1peb7JN7k5Yq1Drqi61ZZxvdQ2BbO7dx22Bb3VwsKA97 +DUcWUdKLVw2gU7beMYYBNMliw/E5Gx12Mqvnx4kCgYEAyQSf9cArD+PVLrt/olUt +3cAgnq2z6v4Sg43RPLYCdnDgcJjRYYC8JhrC1U6PMvKRKXhzEmiCzEb25Nn62cFN +5z0heqLr3kC/JfO4SEF3A8BeTZNEUH6Ub+exluzuxHucV34lZ/VVKI/5Azbksxje +0vv5hMj22ybcjR542h5iAJkCgYAsFw8HrPk+l2wanXNbC1j/y/whx8wiITdCuBd2 +oTw3HRGX9GYhiGAbvFA0hfPb038LkPffW3CQDufFStZ40ycSAyua/Tm1Q2wI428K +ezY12IwEr3dTbX3v25iI5nCWVyDC3Ve42jStzjmHwL+G54zGpl6/q9THcrT+37im +26QiuQKBgQCTUDGKLqQ+QM8dAl6IZpz+oExdDCWwCNjTMH83tz1Rwoc+npW7z2ZC +D/FseVOmS9MqJkgCap5pr4m1Qj5YciZNteIHdkIbD1yDoPaW1NvlOnxzVBQXK3HD +rUck4dxa0t30wUFK0XVQjNEArXqvU23EB8Z7bQQMRx0yhd4pF5k29Q== +-----END RSA PRIVATE KEY----- +""" + def keys (options,index): return [ {'name': 'key1', 'private' : private_key, 'key_fields' : {'key_type':'ssh', - 'key': public_key}} + 'key': public_key}}, + {'name': 'key2', + 'private' : private_key2, + 'key_fields' : {'key_type':'ssh', + 'key': public_key2}} + ] - ############################## initscripts initscript_by_name="""#!/bin/bash command=$1; shift @@ -325,15 +363,16 @@ def sfa_slice_spec (options,index,rspec_style): slicename='slsfa%d%s'%(index,rspec_style) prefix='%s.%s'%(sfa_root(index),the_login_base) hrn=prefix+'.'+slicename - person_hrn=prefix+'.'+regularuser - researcher=prefix+'.'+piuser + user_hrn=prefix+'.'+regularuser + pi_hrn=prefix+'.'+piuser slice_add_xml = ''' -%s'''%(hrn, researcher) +%s +'''%(hrn, user_hrn) mail="%s@%s"%(regularuser,domain) print 'in sfa_slice_spec','slicename',slicename,'hrn',hrn,'mail',mail - key=public_key - slice_person_xml =''' %(key)s2010 1piadmin%(prefix)s'''%locals() -- 2.43.0