2 # vim:set ts=4 sw=4 expandtab:
7 # NodeManager plugin for installing SFA GID's in slivers
13 from sfa.util.namespace import *
14 from sfa.util.config import Config
15 import sfa.util.xmlrpcprotocol as xmlrpcprotocol
16 from sfa.trust.certificate import Keypair, Certificate
17 from sfa.trust.credential import Credential
18 from sfa.trust.gid import GID
19 from sfa.trust.hierarchy import Hierarchy
20 from sfa.plc.api import ComponentAPI
26 logger.log("sfagid: plugin starting up ...")
32 def GetSlivers(data, config=None, plc=None):
36 keyfile, certfile = get_keypair(config)
37 api = ComponentAPI(keyfile=keyfile, certfile=certfile)
38 slivers = [sliver['name'] for sliver in data['slivers']]
39 install_gids(api, slivers)
40 install_trusted_certs(api)
42 def install_gids(api, slivers):
44 node_gid_path = config_dir + os.sep + "node.gid"
45 node_gid = GID(filename=node_gid_file)
46 node_gid_str = node_gid.save_to_string(save_parents=True)
47 node_hrn = node_gid.get_hrn()
49 # get currently installed slice and node gids
50 interface_hrn = api.config.SFA_INTERFACE_HRN
53 for sliver in slivers:
54 slice_gid_filename = "/vservers/%s/etc/slice.gid" % slicename
55 node_gid_filename = "/vservers/%s/etc/node.gid" % slicename
56 if os.path.isfile(slice_gid_filename):
57 gid_file = open(slice_gid_filename, 'r')
58 slice_gids[sliver] = gid_file.read()
60 if os.path.isfile(node_gid_filename):
61 gid_file = open(node_gid_filename, 'r')
62 node_gids[sliver] = gid_file.read()
65 # convert slicenames to hrns
66 hrns = [slicename_to_hrn(interface_hrn, slicename) \
67 for slicename in slivers]
69 # get current gids from registry
70 cred = api.getCredential()
71 registry = api.get_registry()
72 records = registry.GetGids(cred, hrns)
73 for record in records:
74 # skip if this isnt a slice record
75 if not record['type'] == 'slice':
77 vserver_path = "/vservers/%(slicename)s" % locals()
78 # skip if the slice isnt instantiated
79 if not os.path.exists(vserver_path):
82 # install slice gid if it doesnt already exist or has changed
83 slice_gid_str = record['gid']
84 slicename = hrn_to_pl_slicename(record['hrn'])
85 if slicename not in slice_gids or slice_gids[slicename] != slice_gid_str:
86 gid_filename = os.sep.join([vserver_path, "etc", "slice.gid"])
87 GID(string=slice_gid_str).save_to_file(gid_filename, save_parents=True)
89 # install slice gid if it doesnt already exist or has changed
90 if slicename not in node_gids or node_gids[slicename] != node_gid_str:
91 gid_filename = os.sep.join([vserver_path, "etc", "node.gid"])
92 GID(string=node_gid_str).save_to_file(gid_filename, save_parents=True)
94 def install_trusted_certs(api):
95 cred = api.getCredential()
96 registry = api.get_registry()
97 trusted_certs = registry.get_trusted_certs(cred)
98 trusted_gid_names = []
99 for gid_str in trusted_certs:
100 gid = GID(string=gid_str)
102 relative_filename = gid.get_hrn() + ".gid"
103 trusted_gid_names.append(relative_filename)
104 gid_filename = trusted_certs_dir + os.sep + relative_filename
106 print "Writing GID for %s as %s" % (gid.get_hrn(), gid_filename)
107 gid.save_to_file(gid_filename, save_parents=True)
110 all_gids_names = os.listdir(trusted_certs_dir)
111 for gid_name in all_gids_names:
112 if gid_name not in trusted_gid_names:
114 print "Removing old gid ", gid_name
115 os.unlink(trusted_certs_dir + os.sep + gid_name)
118 def get_keypair(config = None):
121 hierarchy = Hierarchy()
122 key_dir= hierarchy.basedir
123 data_dir = config.data_path
124 keyfile =data_dir + os.sep + "server.key"
125 certfile = data_dir + os.sep + "server.cert"
127 # check if files already exist
128 if os.path.exists(keyfile) and os.path.exists(certfile):
129 return (keyfile, certfile)
131 # create server key and certificate
132 key = Keypair(filename=node_pkey_file)
133 cert = Certificate(subject=hrn)
134 cert.set_issuer(key=key, subject=hrn)
137 cert.save_to_file(certfile, save_parents=True)
138 return (keyfile, certfile)
141 if __name__ == '__main__':
142 test_slivers = {'slivers': [
143 {'name': 'tmacktestslice', 'attributes': []}
146 GetSlivers(test_slivers)