2 # vim:set ts=4 sw=4 expandtab:
7 # NodeManager plugin for installing SFA GID's in slivers
12 sys.path.append('/usr/share/NodeManager')
16 from sfa.util.namespace import *
17 from sfa.util.config import Config
18 import sfa.util.xmlrpcprotocol as xmlrpcprotocol
19 from sfa.trust.certificate import Keypair, Certificate
20 from sfa.trust.credential import Credential
21 from sfa.trust.gid import GID
22 from sfa.trust.hierarchy import Hierarchy
23 from sfa.plc.api import ComponentAPI
29 logger.log("sfagid: plugin starting up ...")
32 keyfile, certfile = get_keypair(None)
33 api = ComponentAPI(key_file=keyfile, cert_file=certfile)
36 def GetSlivers(data, config=None, plc=None):
40 keyfile, certfile = get_keypair(config)
41 api = ComponentAPI(key_file=keyfile, cert_file=certfile)
42 slivers = [sliver['name'] for sliver in data['slivers']]
43 install_gids(api, slivers)
44 install_trusted_certs(api)
46 def install_gids(api, slivers):
48 node_gid_file = api.config.config_path + os.sep + "node.gid"
49 node_gid = GID(filename=node_gid_file)
50 node_gid_str = node_gid.save_to_string(save_parents=True)
51 node_hrn = node_gid.get_hrn()
53 # get currently installed slice and node gids
54 interface_hrn = api.config.SFA_INTERFACE_HRN
57 for slicename in slivers:
58 slice_gid_filename = "/vservers/%s/etc/slice.gid" % slicename
59 node_gid_filename = "/vservers/%s/etc/node.gid" % slicename
60 if os.path.isfile(slice_gid_filename):
61 gid_file = open(slice_gid_filename, 'r')
62 slice_gids[sliver] = gid_file.read()
64 if os.path.isfile(node_gid_filename):
65 gid_file = open(node_gid_filename, 'r')
66 node_gids[sliver] = gid_file.read()
69 # convert slicenames to hrns
70 hrns = [slicename_to_hrn(interface_hrn, slicename) \
71 for slicename in slivers]
73 # get current gids from registry
74 cred = api.getCredential()
75 registry = api.get_registry()
76 #records = registry.GetGids(cred, hrns)
77 records = registry.get_gids(cred, hrns)
78 for record in records:
79 # skip if this isnt a slice record
80 if not record['type'] == 'slice':
82 vserver_path = "/vservers/%(slicename)s" % locals()
83 # skip if the slice isnt instantiated
84 if not os.path.exists(vserver_path):
87 # install slice gid if it doesnt already exist or has changed
88 slice_gid_str = record['gid']
89 slicename = hrn_to_pl_slicename(record['hrn'])
90 if slicename not in slice_gids or slice_gids[slicename] != slice_gid_str:
91 gid_filename = os.sep.join([vserver_path, "etc", "slice.gid"])
92 GID(string=slice_gid_str).save_to_file(gid_filename, save_parents=True)
94 # install slice gid if it doesnt already exist or has changed
95 if slicename not in node_gids or node_gids[slicename] != node_gid_str:
96 gid_filename = os.sep.join([vserver_path, "etc", "node.gid"])
97 GID(string=node_gid_str).save_to_file(gid_filename, save_parents=True)
99 def install_trusted_certs(api):
100 cred = api.getCredential()
101 registry = api.get_registry()
102 trusted_certs = registry.get_trusted_certs(cred)
103 trusted_gid_names = []
104 for gid_str in trusted_certs:
105 gid = GID(string=gid_str)
107 relative_filename = gid.get_hrn() + ".gid"
108 trusted_gid_names.append(relative_filename)
109 gid_filename = trusted_certs_dir + os.sep + relative_filename
111 print "Writing GID for %s as %s" % (gid.get_hrn(), gid_filename)
112 gid.save_to_file(gid_filename, save_parents=True)
115 all_gids_names = os.listdir(trusted_certs_dir)
116 for gid_name in all_gids_names:
117 if gid_name not in trusted_gid_names:
119 print "Removing old gid ", gid_name
120 os.unlink(trusted_certs_dir + os.sep + gid_name)
123 def get_keypair(config = None):
126 hierarchy = Hierarchy()
127 key_dir= hierarchy.basedir
128 data_dir = config.data_path
129 keyfile =data_dir + os.sep + "server.key"
130 certfile = data_dir + os.sep + "server.cert"
132 # check if files already exist
133 if os.path.exists(keyfile) and os.path.exists(certfile):
134 return (keyfile, certfile)
136 # create server key and certificate
137 key = Keypair(filename=node_pkey_file)
138 cert = Certificate(subject=hrn)
139 cert.set_issuer(key=key, subject=hrn)
142 cert.save_to_file(certfile, save_parents=True)
143 return (keyfile, certfile)
146 if __name__ == '__main__':
147 test_slivers = {'slivers': [
148 {'name': 'tmacktestslice', 'attributes': []}
151 GetSlivers(test_slivers)