source/steps/AuthenticateWithPLC.py

   1 #!/usr/bin/python
   2 #
   3 # Copyright (c) 2003 Intel Corporation
   4 # All rights reserved.
   5 #
   6 # Copyright (c) 2004-2006 The Trustees of Princeton University
   7 # All rights reserved.
   8
   9
  10 import os
  11
  12 from Exceptions import *
  13 import BootAPI
  14
  15
  16 AUTH_FAILURE_COUNT_FILE = "/tmp/authfailurecount"
  17
  18
  19 def Run(vars, log):
  20     """
  21     Authenticate this node with PLC. This ensures that the node can operate
  22     as normal, and that our management authority has authorized it.
  23
  24     For this, just call the PLC api function BootCheckAuthentication
  25
  26     Return 1 if authorized, a BootManagerException if not or the
  27     call fails entirely.
  28
  29     If there are two consecutive authentication failures, put the node
  30     into debug mode and exit the bootmanager.
  31
  32     Expect the following variables from the store:
  33     NUM_AUTH_FAILURES_BEFORE_DEBUG    How many failures before debug
  34     """
  35
  36     log.write("\n\nStep: Authenticating node with PLC.\n")
  37
  38     # make sure we have the variables we need
  39     try:
  40         NUM_AUTH_FAILURES_BEFORE_DEBUG = int(vars["NUM_AUTH_FAILURES_BEFORE_DEBUG"])
  41     except KeyError as var:
  42         raise BootManagerException("Missing variable in vars: {}\n".format(var))
  43     except ValueError as var:
  44         raise BootManagerException("Variable in vars, shouldn't be: {}\n".format(var))
  45
  46     try:
  47         authorized = BootAPI.call_api_function(vars, "BootCheckAuthentication", ())
  48         if authorized == 1:
  49             log.write("Authentication successful.\n")
  50
  51             try:
  52                 os.unlink(AUTH_FAILURE_COUNT_FILE)
  53             except OSError as e:
  54                 pass
  55
  56             return 1
  57     except BootManagerException as e:
  58         log.write("Authentication failed: {}.\n".format(e))
  59     except:
  60         # This is ugly.
  61         if vars['DISCONNECTED_OPERATION']:
  62             vars['API_SERVER_INST'] = None
  63             return 1
  64         else:
  65             raise
  66
  67     # increment auth failure
  68     auth_failure_count = 0
  69     try:
  70         auth_failure_count = int(file(AUTH_FAILURE_COUNT_FILE, "r").read().strip())
  71     except IOError:
  72         pass
  73     except ValueError:
  74         pass
  75
  76     auth_failure_count += 1
  77
  78     try:
  79         fail_file = file(AUTH_FAILURE_COUNT_FILE, "w")
  80         fail_file.write(str(auth_failure_count))
  81         fail_file.close()
  82     except IOError:
  83         pass
  84
  85     if auth_failure_count >= NUM_AUTH_FAILURES_BEFORE_DEBUG:
  86         log.write("Maximum number of authentication failures reached.\n")
  87         log.write("Canceling boot process and going into debug mode.\n")
  88
  89     raise BootManagerException("Unable to authenticate node.")
  90
  91