plugins/sfagids.py

   1 #!/usr/bin/python -tt
   2 # vim:set ts=4 sw=4 expandtab:
   3 #
   4 # $Id$
   5 # $URL$
   6 #
   7 # NodeManager plugin for installing SFA GID's in slivers
   8 #
   9
  10 import os
  11 import logger
  12 try:
  13     from sfa.util.namespace import *
  14     from sfa.util.config import Config
  15     import sfa.util.xmlrpcprotocol as xmlrpcprotocol
  16     from sfa.trust.certificate import Keypair, Certificate
  17     from sfa.trust.credential import Credential
  18     from sfa.trust.gid import GID
  19     from sfa.trust.hierarchy import Hierarchy
  20     from sfa.plc.api import ComponentAPI
  21     sfa = True
  22 except:
  23     sfa = None
  24
  25 def start():
  26     logger.log("sfagid: plugin starting up ...")
  27     if not sfa:
  28         return
  29     api = ComponentAPI()
  30     api.get_node_key()
  31
  32 def GetSlivers(data, config=None, plc=None):
  33     if not sfa:
  34         return
  35
  36     keyfile, certfile = get_keypair(config)
  37     api = ComponentAPI(keyfile=keyfile, certfile=certfile)
  38     slivers = [sliver['name'] for sliver in data['slivers']]
  39     install_gids(api, slivers)
  40     install_trusted_certs(api)
  41
  42 def install_gids(api, slivers):
  43     # install node gid
  44     node_gid_path = config_dir + os.sep + "node.gid"
  45     node_gid = GID(filename=node_gid_file)
  46     node_gid_str = node_gid.save_to_string(save_parents=True)
  47     node_hrn = node_gid.get_hrn()
  48
  49     # get currently installed slice and node gids
  50     interface_hrn = api.config.SFA_INTERFACE_HRN
  51     slice_gids = {}
  52     node_gids = {}
  53     for sliver in slivers:
  54         slice_gid_filename = "/vservers/%s/etc/slice.gid" % slicename
  55         node_gid_filename = "/vservers/%s/etc/node.gid" % slicename
  56         if os.path.isfile(slice_gid_filename):
  57             gid_file = open(slice_gid_filename, 'r')
  58             slice_gids[sliver] = gid_file.read()
  59             gid_file.close()
  60         if os.path.isfile(node_gid_filename):
  61             gid_file = open(node_gid_filename, 'r')
  62             node_gids[sliver] = gid_file.read()
  63             gid_file.close()
  64
  65     # convert slicenames to hrns
  66     hrns = [slicename_to_hrn(interface_hrn, slicename) \
  67             for slicename in slivers]
  68
  69     # get current gids from registry
  70     cred = api.getCredential()
  71     registry = api.get_registry()
  72     records = registry.GetGids(cred, hrns)
  73     for record in records:
  74         # skip if this isnt a slice record
  75         if not record['type'] == 'slice':
  76             continue
  77         vserver_path = "/vservers/%(slicename)s" % locals()
  78         # skip if the slice isnt instantiated
  79         if not os.path.exists(vserver_path):
  80             continue
  81
  82         # install slice gid if it doesnt already exist or has changed
  83         slice_gid_str = record['gid']
  84         slicename = hrn_to_pl_slicename(record['hrn'])
  85         if slicename not in slice_gids or slice_gids[slicename] != slice_gid_str:
  86             gid_filename = os.sep.join([vserver_path, "etc", "slice.gid"])
  87             GID(string=slice_gid_str).save_to_file(gid_filename, save_parents=True)
  88
  89         # install slice gid if it doesnt already exist or has changed
  90         if slicename not in node_gids or node_gids[slicename] != node_gid_str:
  91             gid_filename = os.sep.join([vserver_path, "etc", "node.gid"])
  92             GID(string=node_gid_str).save_to_file(gid_filename, save_parents=True)
  93
  94 def install_trusted_certs(api):
  95     cred = api.getCredential()
  96     registry = api.get_registry()
  97     trusted_certs = registry.get_trusted_certs(cred)
  98     trusted_gid_names = []
  99     for gid_str in trusted_certs:
 100         gid = GID(string=gid_str)
 101         gid.decode()
 102         relative_filename = gid.get_hrn() + ".gid"
 103         trusted_gid_names.append(relative_filename)
 104         gid_filename = trusted_certs_dir + os.sep + relative_filename
 105         if verbose:
 106             print "Writing GID for %s as %s" % (gid.get_hrn(), gid_filename)
 107         gid.save_to_file(gid_filename, save_parents=True)
 108
 109     # remove old certs
 110     all_gids_names = os.listdir(trusted_certs_dir)
 111     for gid_name in all_gids_names:
 112         if gid_name not in trusted_gid_names:
 113             if verbose:
 114                 print "Removing old gid ", gid_name
 115             os.unlink(trusted_certs_dir + os.sep + gid_name)
 116
 117
 118 def get_keypair(config = None):
 119     if not config:
 120         config = Config()
 121     hierarchy = Hierarchy()
 122     key_dir= hierarchy.basedir
 123     data_dir = config.data_path
 124     keyfile =data_dir + os.sep + "server.key"
 125     certfile = data_dir + os.sep + "server.cert"
 126
 127     # check if files already exist
 128     if os.path.exists(keyfile) and os.path.exists(certfile):
 129         return (keyfile, certfile)
 130
 131     # create server key and certificate
 132     key = Keypair(filename=node_pkey_file)
 133     cert = Certificate(subject=hrn)
 134     cert.set_issuer(key=key, subject=hrn)
 135     cert.set_pubkey(key)
 136     cert.sign()
 137     cert.save_to_file(certfile, save_parents=True)
 138     return (keyfile, certfile)
 139
 140
 141 if __name__ == '__main__':
 142     test_slivers = {'slivers': [
 143         {'name': 'tmacktestslice', 'attributes': []}
 144         ]}
 145     start()
 146     GetSlivers(test_slivers)
 147
 148