plugins/sfagids.py

   1 #!/usr/bin/python -tt
   2 # vim:set ts=4 sw=4 expandtab:
   3 #
   4 # $Id$
   5 # $URL$
   6 #
   7 # NodeManager plugin for installing SFA GID's in slivers
   8 #
   9
  10 import os
  11 import sys
  12 sys.path.append('/usr/share/NodeManager')
  13 import logger
  14 import traceback
  15 try:
  16     from sfa.util.namespace import *
  17     from sfa.util.config import Config
  18     import sfa.util.xmlrpcprotocol as xmlrpcprotocol
  19     from sfa.trust.certificate import Keypair, Certificate
  20     from sfa.trust.credential import Credential
  21     from sfa.trust.gid import GID
  22     from sfa.trust.hierarchy import Hierarchy
  23     from sfa.plc.api import ComponentAPI
  24     sfa = True
  25 except:
  26     sfa = None
  27
  28 def start():
  29     logger.log("sfagid: plugin starting up ...")
  30     if not sfa:
  31         return
  32     keyfile, certfile = get_keypair(None)
  33     api = ComponentAPI(key_file=keyfile, cert_file=certfile)
  34     api.get_node_key()
  35
  36 def GetSlivers(data, config=None, plc=None):
  37     if not sfa:
  38         return
  39
  40     keyfile, certfile = get_keypair(config)
  41     api = ComponentAPI(key_file=keyfile, cert_file=certfile)
  42     slivers = [sliver['name'] for sliver in data['slivers']]
  43     install_gids(api, slivers)
  44     install_trusted_certs(api)
  45
  46 def install_gids(api, slivers):
  47     # install node gid
  48     node_gid_file = api.config.config_path + os.sep + "node.gid"
  49     node_gid = GID(filename=node_gid_file)
  50     node_gid_str = node_gid.save_to_string(save_parents=True)
  51     node_hrn = node_gid.get_hrn()
  52
  53     # get currently installed slice and node gids
  54     interface_hrn = api.config.SFA_INTERFACE_HRN
  55     slice_gids = {}
  56     node_gids = {}
  57     for slicename in slivers:
  58         slice_gid_filename = "/vservers/%s/etc/slice.gid" % slicename
  59         node_gid_filename = "/vservers/%s/etc/node.gid" % slicename
  60         if os.path.isfile(slice_gid_filename):
  61             gid_file = open(slice_gid_filename, 'r')
  62             slice_gids[sliver] = gid_file.read()
  63             gid_file.close()
  64         if os.path.isfile(node_gid_filename):
  65             gid_file = open(node_gid_filename, 'r')
  66             node_gids[sliver] = gid_file.read()
  67             gid_file.close()
  68
  69     # convert slicenames to hrns
  70     hrns = [slicename_to_hrn(interface_hrn, slicename) \
  71             for slicename in slivers]
  72
  73     # get current gids from registry
  74     cred = api.getCredential()
  75     registry = api.get_registry()
  76     records = registry.GetGids(cred, hrns)
  77     for record in records:
  78         # skip if this isnt a slice record
  79         if not record['type'] == 'slice':
  80             continue
  81         vserver_path = "/vservers/%(slicename)s" % locals()
  82         # skip if the slice isnt instantiated
  83         if not os.path.exists(vserver_path):
  84             continue
  85
  86         # install slice gid if it doesnt already exist or has changed
  87         slice_gid_str = record['gid']
  88         slicename = hrn_to_pl_slicename(record['hrn'])
  89         if slicename not in slice_gids or slice_gids[slicename] != slice_gid_str:
  90             gid_filename = os.sep.join([vserver_path, "etc", "slice.gid"])
  91             GID(string=slice_gid_str).save_to_file(gid_filename, save_parents=True)
  92
  93         # install slice gid if it doesnt already exist or has changed
  94         if slicename not in node_gids or node_gids[slicename] != node_gid_str:
  95             gid_filename = os.sep.join([vserver_path, "etc", "node.gid"])
  96             GID(string=node_gid_str).save_to_file(gid_filename, save_parents=True)
  97
  98 def install_trusted_certs(api):
  99     cred = api.getCredential()
 100     registry = api.get_registry()
 101     trusted_certs = registry.get_trusted_certs(cred)
 102     trusted_gid_names = []
 103     for gid_str in trusted_certs:
 104         gid = GID(string=gid_str)
 105         gid.decode()
 106         relative_filename = gid.get_hrn() + ".gid"
 107         trusted_gid_names.append(relative_filename)
 108         gid_filename = trusted_certs_dir + os.sep + relative_filename
 109         if verbose:
 110             print "Writing GID for %s as %s" % (gid.get_hrn(), gid_filename)
 111         gid.save_to_file(gid_filename, save_parents=True)
 112
 113     # remove old certs
 114     all_gids_names = os.listdir(trusted_certs_dir)
 115     for gid_name in all_gids_names:
 116         if gid_name not in trusted_gid_names:
 117             if verbose:
 118                 print "Removing old gid ", gid_name
 119             os.unlink(trusted_certs_dir + os.sep + gid_name)
 120
 121
 122 def get_keypair(config = None):
 123     if not config:
 124         config = Config()
 125     hierarchy = Hierarchy()
 126     key_dir= hierarchy.basedir
 127     data_dir = config.data_path
 128     keyfile =data_dir + os.sep + "server.key"
 129     certfile = data_dir + os.sep + "server.cert"
 130
 131     # check if files already exist
 132     if os.path.exists(keyfile) and os.path.exists(certfile):
 133         return (keyfile, certfile)
 134
 135     # create server key and certificate
 136     key = Keypair(filename=node_pkey_file)
 137     cert = Certificate(subject=hrn)
 138     cert.set_issuer(key=key, subject=hrn)
 139     cert.set_pubkey(key)
 140     cert.sign()
 141     cert.save_to_file(certfile, save_parents=True)
 142     return (keyfile, certfile)
 143
 144
 145 if __name__ == '__main__':
 146     test_slivers = {'slivers': [
 147         {'name': 'tmacktestslice', 'attributes': []}
 148         ]}
 149     start()
 150     GetSlivers(test_slivers)
 151
 152