plugins/sfagids.py

   1 #!/usr/bin/python -tt
   2 # vim:set ts=4 sw=4 expandtab:
   3 #
   4 # $Id$
   5 # $URL$
   6 #
   7 # NodeManager plugin for installing SFA GID's in slivers
   8 #
   9
  10 import os
  11 import logger
  12 try:
  13     from sfa.util.namespace import *
  14     from sfa.util.config import Config
  15     import sfa.util.xmlrpcprotocol as xmlrpcprotocol
  16     from sfa.trust.certificate import Keypair, Certificate
  17     from sfa.trust.credential import Credential
  18     from sfa.trust.gid import GID
  19     from sfa.trust.hierarchy import Hierarchy
  20
  21     from sfa.plc.api import SfaAPI
  22     sfa = True
  23 except:
  24     sfa = None
  25
  26 def start():
  27     logger.log("sfagid: plugin starting up ...")
  28     if not sfa:
  29         return
  30     api = ComponentAPI()
  31     api.get_node_key()
  32
  33 def GetSlivers(data, config=None, plc=None):
  34     if not sfa:
  35         return
  36
  37     keyfile, certfile = get_keypair(config)
  38     api = ComponentAPI(keyfile=keyfile, certfile=certfile)
  39     slivers = [sliver['name'] for sliver in data['slivers']]
  40     install_gids(api, slivers)
  41     install_trusted_certs(api)
  42
  43 def install_gids(api, slivers):
  44     # install node gid
  45     node_gid_path = config_dir + os.sep + "node.gid"
  46     node_gid = GID(filename=node_gid_file)
  47     node_gid_str = node_gid.save_to_string(save_parents=True)
  48     node_hrn = node_gid.get_hrn()
  49
  50     # get currently installed slice and node gids
  51     interface_hrn = api.config.SFA_INTERFACE_HRN
  52     slice_gids = {}
  53     node_gids = {}
  54     for sliver in slivers:
  55         slice_gid_filename = "/vservers/%s/etc/slice.gid" % slicename
  56         node_gid_filename = "/vservers/%s/etc/node.gid" % slicename
  57         if os.path.isfile(slice_gid_filename):
  58             gid_file = open(slice_gid_filename, 'r')
  59             slice_gids[sliver] = gid_file.read()
  60             gid_file.close()
  61         if os.path.isfile(node_gid_filename):
  62             gid_file = open(node_gid_filename, 'r')
  63             node_gids[sliver] = gid_file.read()
  64             gid_file.close()
  65
  66     # convert slicenames to hrns
  67     hrns = [slicename_to_hrn(interface_hrn, slicename) \
  68             for slicename in slivers]
  69
  70     # get current gids from registry
  71     cred = api.getCredential()
  72     registry = api.get_registry()
  73     records = registry.GetGids(cred, hrns)
  74     for record in records:
  75         # skip if this isnt a slice record
  76         if not record['type'] == 'slice':
  77             continue
  78         vserver_path = "/vservers/%(slicename)s" % locals()
  79         # skip if the slice isnt instantiated
  80         if not os.path.exists(vserver_path):
  81             continue
  82
  83         # install slice gid if it doesnt already exist or has changed
  84         slice_gid_str = record['gid']
  85         slicename = hrn_to_pl_slicename(record['hrn'])
  86         if slicename not in slice_gids or slice_gids[slicename] != slice_gid_str:
  87             gid_filename = os.sep.join([vserver_path, "etc", "slice.gid"])
  88             GID(string=slice_gid_str).save_to_file(gid_filename, save_parents=True)
  89
  90         # install slice gid if it doesnt already exist or has changed
  91         if slicename not in node_gids or node_gids[slicename] != node_gid_str:
  92             gid_filename = os.sep.join([vserver_path, "etc", "node.gid"])
  93             GID(string=node_gid_str).save_to_file(gid_filename, save_parents=True)
  94
  95 def install_trusted_certs(api):
  96     cred = api.getCredential()
  97     registry = api.get_registry()
  98     trusted_certs = registry.get_trusted_certs(cred)
  99     trusted_gid_names = []
 100     for gid_str in trusted_certs:
 101         gid = GID(string=gid_str)
 102         gid.decode()
 103         relative_filename = gid.get_hrn() + ".gid"
 104         trusted_gid_names.append(relative_filename)
 105         gid_filename = trusted_certs_dir + os.sep + relative_filename
 106         if verbose:
 107             print "Writing GID for %s as %s" % (gid.get_hrn(), gid_filename)
 108         gid.save_to_file(gid_filename, save_parents=True)
 109
 110     # remove old certs
 111     all_gids_names = os.listdir(trusted_certs_dir)
 112     for gid_name in all_gids_names:
 113         if gid_name not in trusted_gid_names:
 114             if verbose:
 115                 print "Removing old gid ", gid_name
 116             os.unlink(trusted_certs_dir + os.sep + gid_name)
 117
 118
 119 def get_keypair(config = None):
 120     if not config:
 121         config = Config()
 122     hierarchy = Hierarchy()
 123     key_dir= hierarchy.basedir
 124     data_dir = config.data_path
 125     keyfile =data_dir + os.sep + "server.key"
 126     certfile = data_dir + os.sep + "server.cert"
 127
 128     # check if files already exist
 129     if os.path.exists(keyfile) and os.path.exists(certfile):
 130         return (keyfile, certfile)
 131
 132     # create server key and certificate
 133     key = Keypair(filename=node_pkey_file)
 134     cert = Certificate(subject=hrn)
 135     cert.set_issuer(key=key, subject=hrn)
 136     cert.set_pubkey(key)
 137     cert.sign()
 138     cert.save_to_file(certfile, save_parents=True)
 139     return (keyfile, certfile)
 140
 141
 142 if __name__ == '__main__':
 143     test_slivers = {'slivers': [
 144         {'name': 'tmacktestslice', 'attributes': []}
 145         ]}
 146     start()
 147     GetSlivers(test_slivers)
 148
 149