2 # vim:set ts=4 sw=4 expandtab:
7 # NodeManager plugin for installing SFA GID's in slivers
13 from sfa.util.namespace import *
14 from sfa.util.config import Config
15 import sfa.util.xmlrpcprotocol as xmlrpcprotocol
16 from sfa.trust.certificate import Keypair, Certificate
17 from sfa.trust.credential import Credential
18 from sfa.trust.gid import GID
19 from sfa.trust.hierarchy import Hierarchy
21 from sfa.plc.api import SfaAPI
27 logger.log("sfagid: plugin starting up ...")
33 def GetSlivers(data, config=None, plc=None):
37 keyfile, certfile = get_keypair(config)
38 api = ComponentAPI(keyfile=keyfile, certfile=certfile)
39 slivers = [sliver['name'] for sliver in data['slivers']]
40 install_gids(api, slivers)
41 install_trusted_certs(api)
43 def install_gids(api, slivers):
45 node_gid_path = config_dir + os.sep + "node.gid"
46 node_gid = GID(filename=node_gid_file)
47 node_gid_str = node_gid.save_to_string(save_parents=True)
48 node_hrn = node_gid.get_hrn()
50 # get currently installed slice and node gids
51 interface_hrn = api.config.SFA_INTERFACE_HRN
54 for sliver in slivers:
55 slice_gid_filename = "/vservers/%s/etc/slice.gid" % slicename
56 node_gid_filename = "/vservers/%s/etc/node.gid" % slicename
57 if os.path.isfile(slice_gid_filename):
58 gid_file = open(slice_gid_filename, 'r')
59 slice_gids[sliver] = gid_file.read()
61 if os.path.isfile(node_gid_filename):
62 gid_file = open(node_gid_filename, 'r')
63 node_gids[sliver] = gid_file.read()
66 # convert slicenames to hrns
67 hrns = [slicename_to_hrn(interface_hrn, slicename) \
68 for slicename in slivers]
70 # get current gids from registry
71 cred = api.getCredential()
72 registry = api.get_registry()
73 records = registry.GetGids(cred, hrns)
74 for record in records:
75 # skip if this isnt a slice record
76 if not record['type'] == 'slice':
78 vserver_path = "/vservers/%(slicename)s" % locals()
79 # skip if the slice isnt instantiated
80 if not os.path.exists(vserver_path):
83 # install slice gid if it doesnt already exist or has changed
84 slice_gid_str = record['gid']
85 slicename = hrn_to_pl_slicename(record['hrn'])
86 if slicename not in slice_gids or slice_gids[slicename] != slice_gid_str:
87 gid_filename = os.sep.join([vserver_path, "etc", "slice.gid"])
88 GID(string=slice_gid_str).save_to_file(gid_filename, save_parents=True)
90 # install slice gid if it doesnt already exist or has changed
91 if slicename not in node_gids or node_gids[slicename] != node_gid_str:
92 gid_filename = os.sep.join([vserver_path, "etc", "node.gid"])
93 GID(string=node_gid_str).save_to_file(gid_filename, save_parents=True)
95 def install_trusted_certs(api):
96 cred = api.getCredential()
97 registry = api.get_registry()
98 trusted_certs = registry.get_trusted_certs(cred)
99 trusted_gid_names = []
100 for gid_str in trusted_certs:
101 gid = GID(string=gid_str)
103 relative_filename = gid.get_hrn() + ".gid"
104 trusted_gid_names.append(relative_filename)
105 gid_filename = trusted_certs_dir + os.sep + relative_filename
107 print "Writing GID for %s as %s" % (gid.get_hrn(), gid_filename)
108 gid.save_to_file(gid_filename, save_parents=True)
111 all_gids_names = os.listdir(trusted_certs_dir)
112 for gid_name in all_gids_names:
113 if gid_name not in trusted_gid_names:
115 print "Removing old gid ", gid_name
116 os.unlink(trusted_certs_dir + os.sep + gid_name)
119 def get_keypair(config = None):
122 hierarchy = Hierarchy()
123 key_dir= hierarchy.basedir
124 data_dir = config.data_path
125 keyfile =data_dir + os.sep + "server.key"
126 certfile = data_dir + os.sep + "server.cert"
128 # check if files already exist
129 if os.path.exists(keyfile) and os.path.exists(certfile):
130 return (keyfile, certfile)
132 # create server key and certificate
133 key = Keypair(filename=node_pkey_file)
134 cert = Certificate(subject=hrn)
135 cert.set_issuer(key=key, subject=hrn)
138 cert.save_to_file(certfile, save_parents=True)
139 return (keyfile, certfile)
142 if __name__ == '__main__':
143 test_slivers = {'slivers': [
144 {'name': 'tmacktestslice', 'attributes': []}
147 GetSlivers(test_slivers)