plugins/sfagids.py

   1 #!/usr/bin/python -tt
   2 # vim:set ts=4 sw=4 expandtab:
   3 #
   4 # $Id$
   5 # $URL$
   6 #
   7 # NodeManager plugin for installing SFA GID's in slivers
   8 #
   9
  10 import os
  11 import sys
  12 sys.path.append('/usr/share/NodeManager')
  13 import logger
  14 import traceback
  15 try:
  16     from sfa.util.namespace import *
  17     from sfa.util.config import Config
  18     import sfa.util.xmlrpcprotocol as xmlrpcprotocol
  19     from sfa.trust.certificate import Keypair, Certificate
  20     from sfa.trust.credential import Credential
  21     from sfa.trust.gid import GID
  22     from sfa.trust.hierarchy import Hierarchy
  23     from sfa.plc.api import ComponentAPI
  24     sfa = True
  25 except:
  26     sfa = None
  27
  28 def start():
  29     logger.log("sfagid: plugin starting up ...")
  30     if not sfa:
  31         return
  32     keyfile, certfile = get_keypair(None)
  33     api = ComponentAPI(key_file=keyfile, cert_file=certfile)
  34     api.get_node_key()
  35
  36 def GetSlivers(data, config=None, plc=None):
  37     if not sfa:
  38         return
  39
  40     keyfile, certfile = get_keypair(config)
  41     api = ComponentAPI(key_file=keyfile, cert_file=certfile)
  42     slivers = [sliver['name'] for sliver in data['slivers']]
  43     install_gids(api, slivers)
  44     install_trusted_certs(api)
  45
  46 def install_gids(api, slivers):
  47     # install node gid
  48     node_gid_file = api.config.config_path + os.sep + "node.gid"
  49     node_gid = GID(filename=node_gid_file)
  50     node_gid_str = node_gid.save_to_string(save_parents=True)
  51     node_hrn = node_gid.get_hrn()
  52
  53     # get currently installed slice and node gids
  54     interface_hrn = api.config.SFA_INTERFACE_HRN
  55     slice_gids = {}
  56     node_gids = {}
  57     for slicename in slivers:
  58         slice_gid_filename = "/vservers/%s/etc/slice.gid" % slicename
  59         node_gid_filename = "/vservers/%s/etc/node.gid" % slicename
  60         if os.path.isfile(slice_gid_filename):
  61             gid_file = open(slice_gid_filename, 'r')
  62             slice_gids[sliver] = gid_file.read()
  63             gid_file.close()
  64         if os.path.isfile(node_gid_filename):
  65             gid_file = open(node_gid_filename, 'r')
  66             node_gids[sliver] = gid_file.read()
  67             gid_file.close()
  68
  69     # convert slicenames to hrns
  70     hrns = [slicename_to_hrn(interface_hrn, slicename) \
  71             for slicename in slivers]
  72
  73     # get current gids from registry
  74     cred = api.getCredential()
  75     registry = api.get_registry()
  76     #records = registry.GetGids(cred, hrns)
  77     records = registry.get_gids(cred, hrns)
  78     for record in records:
  79         # skip if this isnt a slice record
  80         if not record['type'] == 'slice':
  81             continue
  82         vserver_path = "/vservers/%(slicename)s" % locals()
  83         # skip if the slice isnt instantiated
  84         if not os.path.exists(vserver_path):
  85             continue
  86
  87         # install slice gid if it doesnt already exist or has changed
  88         slice_gid_str = record['gid']
  89         slicename = hrn_to_pl_slicename(record['hrn'])
  90         if slicename not in slice_gids or slice_gids[slicename] != slice_gid_str:
  91             gid_filename = os.sep.join([vserver_path, "etc", "slice.gid"])
  92             GID(string=slice_gid_str).save_to_file(gid_filename, save_parents=True)
  93
  94         # install slice gid if it doesnt already exist or has changed
  95         if slicename not in node_gids or node_gids[slicename] != node_gid_str:
  96             gid_filename = os.sep.join([vserver_path, "etc", "node.gid"])
  97             GID(string=node_gid_str).save_to_file(gid_filename, save_parents=True)
  98
  99 def install_trusted_certs(api):
 100     cred = api.getCredential()
 101     registry = api.get_registry()
 102     trusted_certs = registry.get_trusted_certs(cred)
 103     trusted_gid_names = []
 104     for gid_str in trusted_certs:
 105         gid = GID(string=gid_str)
 106         gid.decode()
 107         relative_filename = gid.get_hrn() + ".gid"
 108         trusted_gid_names.append(relative_filename)
 109         gid_filename = trusted_certs_dir + os.sep + relative_filename
 110         if verbose:
 111             print "Writing GID for %s as %s" % (gid.get_hrn(), gid_filename)
 112         gid.save_to_file(gid_filename, save_parents=True)
 113
 114     # remove old certs
 115     all_gids_names = os.listdir(trusted_certs_dir)
 116     for gid_name in all_gids_names:
 117         if gid_name not in trusted_gid_names:
 118             if verbose:
 119                 print "Removing old gid ", gid_name
 120             os.unlink(trusted_certs_dir + os.sep + gid_name)
 121
 122
 123 def get_keypair(config = None):
 124     if not config:
 125         config = Config()
 126     hierarchy = Hierarchy()
 127     key_dir= hierarchy.basedir
 128     data_dir = config.data_path
 129     keyfile =data_dir + os.sep + "server.key"
 130     certfile = data_dir + os.sep + "server.cert"
 131
 132     # check if files already exist
 133     if os.path.exists(keyfile) and os.path.exists(certfile):
 134         return (keyfile, certfile)
 135
 136     # create server key and certificate
 137     key = Keypair(filename=node_pkey_file)
 138     cert = Certificate(subject=hrn)
 139     cert.set_issuer(key=key, subject=hrn)
 140     cert.set_pubkey(key)
 141     cert.sign()
 142     cert.save_to_file(certfile, save_parents=True)
 143     return (keyfile, certfile)
 144
 145
 146 if __name__ == '__main__':
 147     test_slivers = {'slivers': [
 148         {'name': 'tmacktestslice', 'attributes': []}
 149         ]}
 150     start()
 151     GetSlivers(test_slivers)
 152
 153