reguire gnupg1 on f>=31; sense the system to use gpg1 when installed

[nodemanager.git] / plugins / sfagids.py

#!/usr/bin/python3 -tt
# vim:set ts=4 sw=4 expandtab:
#
# NodeManager plugin for installing SFA GID's in slivers
# 

import os
import sys
sys.path.append('/usr/share/NodeManager')
import logger
import traceback
import tempfile
try:
    from sfa.util.namespace import *
    from sfa.util.config import Config as SfaConfig
    import sfa.util.xmlrpcprotocol as xmlrpcprotocol
    from sfa.trust.certificate import Keypair, Certificate
    from sfa.trust.credential import Credential
    from sfa.trust.gid import GID
    from sfa.trust.hierarchy import Hierarchy
    from sfa.plc.api import ComponentAPI
    sfa = True      
except:
    sfa = None

def start():
    logger.log("sfagid: plugin starting up ...")
    if not sfa:
        return
    try:
        keyfile, certfile = get_keypair(None)
        api = ComponentAPI(key_file=keyfile, cert_file=certfile)
        api.get_node_key()
    except:
        return

def GetSlivers(data, config=None, plc=None):
    if not sfa:
        return 

    keyfile, certfile = get_keypair(config)
    api = ComponentAPI(key_file=keyfile, cert_file=certfile)
    slivers = [sliver['name'] for sliver in data['slivers']]
    install_gids(api, slivers)
    install_trusted_certs(api)
    
def install_gids(api, slivers):
    # install node gid
    node_gid_file = api.config.config_path + os.sep + "node.gid"
    node_gid = GID(filename=node_gid_file)
    node_gid_str = node_gid.save_to_string(save_parents=True)    
    node_hrn = node_gid.get_hrn()    

    # get currently installed slice and node gids 
    interface_hrn = api.config.SFA_INTERFACE_HRN
    slice_gids = {}
    node_gids = {}
    for slicename in slivers:
        slice_gid_filename = "/vservers/%s/etc/slice.gid" % slicename
        node_gid_filename = "/vservers/%s/etc/node.gid" % slicename
        if os.path.isfile(slice_gid_filename):
            gid_file = open(slice_gid_filename, 'r') 
            slice_gids[sliver] = gid_file.read()
            gid_file.close()
        if os.path.isfile(node_gid_filename):
            gid_file = open(node_gid_filename, 'r')
            node_gids[sliver] = gid_file.read()
            gid_file.close()

    # convert slicenames to hrns
    hrns = [slicename_to_hrn(interface_hrn, slicename) \
            for slicename in slivers]

    # get current gids from registry
    cred = api.getCredential()
    registry = api.get_registry()
    #records = registry.GetGids(cred, hrns)
    records = registry.get_gids(cred, hrns)
    for record in records:
        # skip if this isnt a slice record 
        if not record['type'] == 'slice':
            continue
        vserver_path = "/vservers/%(slicename)s" % locals()
        # skip if the slice isnt instantiated
        if not os.path.exists(vserver_path):
            continue
        
        # install slice gid if it doesnt already exist or has changed
        slice_gid_str = record['gid']
        slicename = hrn_to_pl_slicename(record['hrn'])
        if slicename not in slice_gids or slice_gids[slicename] != slice_gid_str:
            gid_filename = os.sep.join([vserver_path, "etc", "slice.gid"])
            GID(string=slice_gid_str).save_to_file(gid_filename, save_parents=True)

        # install slice gid if it doesnt already exist or has changed
        if slicename not in node_gids or node_gids[slicename] != node_gid_str:
            gid_filename = os.sep.join([vserver_path, "etc", "node.gid"])
            GID(string=node_gid_str).save_to_file(gid_filename, save_parents=True) 
        
def install_trusted_certs(api):
    cred = api.getCredential()
    registry = api.get_registry()
    trusted_certs = registry.get_trusted_certs(cred)
    trusted_gid_names = []
    for gid_str in trusted_certs:
        gid = GID(string=gid_str)
        gid.decode()
        relative_filename = gid.get_hrn() + ".gid"
        trusted_gid_names.append(relative_filename)
        gid_filename = trusted_certs_dir + os.sep + relative_filename
        if verbose:
            print("Writing GID for %s as %s" % (gid.get_hrn(), gid_filename))
        gid.save_to_file(gid_filename, save_parents=True)

    # remove old certs
    all_gids_names = os.listdir(trusted_certs_dir)
    for gid_name in all_gids_names:
        if gid_name not in trusted_gid_names:
            if verbose:
                print("Removing old gid ", gid_name)
            os.unlink(trusted_certs_dir + os.sep + gid_name)
    



def get_keypair(config = None):
    if not config:
        config = SfaConfig()
    hierarchy = Hierarchy()
    key_dir= hierarchy.basedir
    data_dir = config.data_path
    keyfile =data_dir + os.sep + "server.key"
    certfile = data_dir + os.sep + "server.cert"

    # check if files already exist
    if os.path.exists(keyfile) and os.path.exists(certfile):
        return (keyfile, certfile)

    # create temp keypair server key and certificate
    (_, tmp_keyfile) = tempfile.mkstemp(suffix='.pkey', prefix='tmpkey', dir='/tmp')
    (_, tmp_certfile) = tempfile.mkstemp(suffix='.cert', prefix='tmpcert', dir='/tmp') 
    tmp_key = Keypair(create=True)
    tmp_key.save_to_file(tmp_keyfile)
    tmp_cert = Certificate(subject='subject')
    tmp_cert.set_issuer(key=tmp_key, subject='subject')
    tmp_cert.set_pubkey(tmp_key)
    tmp_cert.save_to_file(tmp_certfile, save_parents=True)

    # request real pkey from registry
    api = ComponentAPI(key_file=tmp_keyfile, cert_file=tmp_certfile)
    registry = api.get_registry()
    registry.get_key()
    key = Keypair(filename=keyfile)
    cert = Certificate(subject=hrn)
    cert.set_issuer(key=key, subject=hrn)
    cert.set_pubkey(key)
    cert.sign()
    cert.save_to_file(certfile, save_parents=True)
    return (keyfile, certfile)
    

if __name__ == '__main__':
    test_slivers = {'slivers': [
        {'name': 'tmacktestslice', 'attributes': []}
        ]}
    start()
    GetSlivers(test_slivers)