if pkey isnt installed request it from the registry
[nodemanager.git] / plugins / sfagids.py
1 #!/usr/bin/python -tt
2 # vim:set ts=4 sw=4 expandtab:
3 #
4 # $Id$
5 # $URL$
6 #
7 # NodeManager plugin for installing SFA GID's in slivers
8
9
10 import os
11 import sys
12 sys.path.append('/usr/share/NodeManager')
13 import logger
14 import traceback
15 import tempfile
16 try:
17     from sfa.util.namespace import *
18     from sfa.util.config import Config
19     import sfa.util.xmlrpcprotocol as xmlrpcprotocol
20     from sfa.trust.certificate import Keypair, Certificate
21     from sfa.trust.credential import Credential
22     from sfa.trust.gid import GID
23     from sfa.trust.hierarchy import Hierarchy
24     from sfa.plc.api import ComponentAPI
25     sfa = True      
26 except:
27     sfa = None
28
29 def start():
30     logger.log("sfagid: plugin starting up ...")
31     if not sfa:
32         return
33     keyfile, certfile = get_keypair(None)
34     api = ComponentAPI(key_file=keyfile, cert_file=certfile)
35     api.get_node_key()
36
37 def GetSlivers(data, config=None, plc=None):
38     if not sfa:
39         return 
40
41     keyfile, certfile = get_keypair(config)
42     api = ComponentAPI(key_file=keyfile, cert_file=certfile)
43     slivers = [sliver['name'] for sliver in data['slivers']]
44     install_gids(api, slivers)
45     install_trusted_certs(api)
46     
47 def install_gids(api, slivers):
48     # install node gid
49     node_gid_file = api.config.config_path + os.sep + "node.gid"
50     node_gid = GID(filename=node_gid_file)
51     node_gid_str = node_gid.save_to_string(save_parents=True)    
52     node_hrn = node_gid.get_hrn()    
53
54     # get currently installed slice and node gids 
55     interface_hrn = api.config.SFA_INTERFACE_HRN
56     slice_gids = {}
57     node_gids = {}
58     for slicename in slivers:
59         slice_gid_filename = "/vservers/%s/etc/slice.gid" % slicename
60         node_gid_filename = "/vservers/%s/etc/node.gid" % slicename
61         if os.path.isfile(slice_gid_filename):
62             gid_file = open(slice_gid_filename, 'r') 
63             slice_gids[sliver] = gid_file.read()
64             gid_file.close()
65         if os.path.isfile(node_gid_filename):
66             gid_file = open(node_gid_filename, 'r')
67             node_gids[sliver] = gid_file.read()
68             gid_file.close()
69
70     # convert slicenames to hrns
71     hrns = [slicename_to_hrn(interface_hrn, slicename) \
72             for slicename in slivers]
73
74     # get current gids from registry
75     cred = api.getCredential()
76     registry = api.get_registry()
77     #records = registry.GetGids(cred, hrns)
78     records = registry.get_gids(cred, hrns)
79     for record in records:
80         # skip if this isnt a slice record 
81         if not record['type'] == 'slice':
82             continue
83         vserver_path = "/vservers/%(slicename)s" % locals()
84         # skip if the slice isnt instantiated
85         if not os.path.exists(vserver_path):
86             continue
87         
88         # install slice gid if it doesnt already exist or has changed
89         slice_gid_str = record['gid']
90         slicename = hrn_to_pl_slicename(record['hrn'])
91         if slicename not in slice_gids or slice_gids[slicename] != slice_gid_str:
92             gid_filename = os.sep.join([vserver_path, "etc", "slice.gid"])
93             GID(string=slice_gid_str).save_to_file(gid_filename, save_parents=True)
94
95         # install slice gid if it doesnt already exist or has changed
96         if slicename not in node_gids or node_gids[slicename] != node_gid_str:
97             gid_filename = os.sep.join([vserver_path, "etc", "node.gid"])
98             GID(string=node_gid_str).save_to_file(gid_filename, save_parents=True) 
99         
100 def install_trusted_certs(api):
101     cred = api.getCredential()
102     registry = api.get_registry()
103     trusted_certs = registry.get_trusted_certs(cred)
104     trusted_gid_names = []
105     for gid_str in trusted_certs:
106         gid = GID(string=gid_str)
107         gid.decode()
108         relative_filename = gid.get_hrn() + ".gid"
109         trusted_gid_names.append(relative_filename)
110         gid_filename = trusted_certs_dir + os.sep + relative_filename
111         if verbose:
112             print "Writing GID for %s as %s" % (gid.get_hrn(), gid_filename)
113         gid.save_to_file(gid_filename, save_parents=True)
114
115     # remove old certs
116     all_gids_names = os.listdir(trusted_certs_dir)
117     for gid_name in all_gids_names:
118         if gid_name not in trusted_gid_names:
119             if verbose:
120                 print "Removing old gid ", gid_name
121             os.unlink(trusted_certs_dir + os.sep + gid_name)
122     
123
124
125
126 def get_keypair(config = None):
127     if not config:
128         config = Config()
129     hierarchy = Hierarchy()
130     key_dir= hierarchy.basedir
131     data_dir = config.data_path
132     keyfile =data_dir + os.sep + "server.key"
133     certfile = data_dir + os.sep + "server.cert"
134
135     # check if files already exist
136     if os.path.exists(keyfile) and os.path.exists(certfile):
137         return (keyfile, certfile)
138
139     # create temp keypair server key and certificate
140     (_, tmp_keyfile) = tempfile.mkstemp(suffix='.pkey', prefix='tmpkey', dir='/tmp')
141     (_, tmp_certfile) = tempfile.mkstemp(suffix='.cert', prefix='tmpcert', dir='/tmp') 
142     tmp_key = Keypair(create=True)
143     tmp_key.save_to_file(tmp_keyfile)
144     tmp_cert = Certificate(subject='subject')
145     tmp_cert.set_issuer(key=tmp_key, subject='subject')
146     tmp_cert.set_pubkey(tmp_key)
147     tmp_cert.save_to_file(tmp_certfile, save_parents=True)
148
149     # request real pkey from registry
150     api = ComponentAPI(key_file=tmp_keyfile, cert_file=tmp_certfile)
151     registry = api.get_registry()
152     registry.get_key()
153     key = Keypair(filename=keyfile)
154     cert = Certificate(subject=hrn)
155     cert.set_issuer(key=key, subject=hrn)
156     cert.set_pubkey(key)
157     cert.sign()
158     cert.save_to_file(certfile, save_parents=True)
159     return (keyfile, certfile)
160     
161
162 if __name__ == '__main__':
163     test_slivers = {'slivers': [
164         {'name': 'tmacktestslice', 'attributes': []}
165         ]}
166     start()
167     GetSlivers(test_slivers) 
168             
169