2 # vim:set ts=4 sw=4 expandtab:
7 # NodeManager plugin for installing SFA GID's in slivers
12 sys.path.append('/usr/share/NodeManager')
16 from sfa.util.namespace import *
17 from sfa.util.config import Config
18 import sfa.util.xmlrpcprotocol as xmlrpcprotocol
19 from sfa.trust.certificate import Keypair, Certificate
20 from sfa.trust.credential import Credential
21 from sfa.trust.gid import GID
22 from sfa.trust.hierarchy import Hierarchy
23 from sfa.plc.api import ComponentAPI
29 logger.log("sfagid: plugin starting up ...")
32 keyfile, certfile = get_keypair(None)
33 api = ComponentAPI(key_file=keyfile, cert_file=certfile)
36 def GetSlivers(data, config=None, plc=None):
40 keyfile, certfile = get_keypair(config)
41 api = ComponentAPI(key_file=keyfile, cert_file=certfile)
42 slivers = [sliver['name'] for sliver in data['slivers']]
43 install_gids(api, slivers)
44 install_trusted_certs(api)
46 def install_gids(api, slivers):
48 node_gid_file = api.config.config_path + os.sep + "node.gid"
49 node_gid = GID(filename=node_gid_file)
50 node_gid_str = node_gid.save_to_string(save_parents=True)
51 node_hrn = node_gid.get_hrn()
53 # get currently installed slice and node gids
54 interface_hrn = api.config.SFA_INTERFACE_HRN
57 for slicename in slivers:
58 slice_gid_filename = "/vservers/%s/etc/slice.gid" % slicename
59 node_gid_filename = "/vservers/%s/etc/node.gid" % slicename
60 if os.path.isfile(slice_gid_filename):
61 gid_file = open(slice_gid_filename, 'r')
62 slice_gids[sliver] = gid_file.read()
64 if os.path.isfile(node_gid_filename):
65 gid_file = open(node_gid_filename, 'r')
66 node_gids[sliver] = gid_file.read()
69 # convert slicenames to hrns
70 hrns = [slicename_to_hrn(interface_hrn, slicename) \
71 for slicename in slivers]
73 # get current gids from registry
74 cred = api.getCredential()
75 registry = api.get_registry()
76 records = registry.GetGids(cred, hrns)
77 for record in records:
78 # skip if this isnt a slice record
79 if not record['type'] == 'slice':
81 vserver_path = "/vservers/%(slicename)s" % locals()
82 # skip if the slice isnt instantiated
83 if not os.path.exists(vserver_path):
86 # install slice gid if it doesnt already exist or has changed
87 slice_gid_str = record['gid']
88 slicename = hrn_to_pl_slicename(record['hrn'])
89 if slicename not in slice_gids or slice_gids[slicename] != slice_gid_str:
90 gid_filename = os.sep.join([vserver_path, "etc", "slice.gid"])
91 GID(string=slice_gid_str).save_to_file(gid_filename, save_parents=True)
93 # install slice gid if it doesnt already exist or has changed
94 if slicename not in node_gids or node_gids[slicename] != node_gid_str:
95 gid_filename = os.sep.join([vserver_path, "etc", "node.gid"])
96 GID(string=node_gid_str).save_to_file(gid_filename, save_parents=True)
98 def install_trusted_certs(api):
99 cred = api.getCredential()
100 registry = api.get_registry()
101 trusted_certs = registry.get_trusted_certs(cred)
102 trusted_gid_names = []
103 for gid_str in trusted_certs:
104 gid = GID(string=gid_str)
106 relative_filename = gid.get_hrn() + ".gid"
107 trusted_gid_names.append(relative_filename)
108 gid_filename = trusted_certs_dir + os.sep + relative_filename
110 print "Writing GID for %s as %s" % (gid.get_hrn(), gid_filename)
111 gid.save_to_file(gid_filename, save_parents=True)
114 all_gids_names = os.listdir(trusted_certs_dir)
115 for gid_name in all_gids_names:
116 if gid_name not in trusted_gid_names:
118 print "Removing old gid ", gid_name
119 os.unlink(trusted_certs_dir + os.sep + gid_name)
122 def get_keypair(config = None):
125 hierarchy = Hierarchy()
126 key_dir= hierarchy.basedir
127 data_dir = config.data_path
128 keyfile =data_dir + os.sep + "server.key"
129 certfile = data_dir + os.sep + "server.cert"
131 # check if files already exist
132 if os.path.exists(keyfile) and os.path.exists(certfile):
133 return (keyfile, certfile)
135 # create server key and certificate
136 key = Keypair(filename=node_pkey_file)
137 cert = Certificate(subject=hrn)
138 cert.set_issuer(key=key, subject=hrn)
141 cert.save_to_file(certfile, save_parents=True)
142 return (keyfile, certfile)
145 if __name__ == '__main__':
146 test_slivers = {'slivers': [
147 {'name': 'tmacktestslice', 'attributes': []}
150 GetSlivers(test_slivers)