plugins/sliverauth.py

   1 #!/usr/bin/python -tt
   2 # vim:set ts=4 sw=4 expandtab:
   3 # NodeManager plugin to empower slivers to make API calls
   4
   5 """
   6 Sliver authentication support for NodeManager.
   7
   8 """
   9
  10 import errno
  11 import os
  12 import random
  13 import string
  14 import tempfile
  15 import time
  16
  17 import logger
  18 import tools
  19
  20 def start(options, conf):
  21     logger.log("sliverauth plugin starting up...")
  22
  23 def SetSliverTag(plc, slice, tagname, value):
  24     node_id = tools.node_id()
  25     slivertags=plc.GetSliceTags({"name":slice,"node_id":node_id,"tagname":tagname})
  26     if len(slivertags)==0:
  27         slivertag_id=plc.AddSliceTag(slice,tagname,value,node_id)
  28     else:
  29         slivertag_id=slivertags[0]['slice_tag_id']
  30         plc.UpdateSliceTag(slivertag_id,value)
  31
  32 def GetSlivers(data, config, plc):
  33     if 'OVERRIDES' in dir(config):
  34         if config.OVERRIDES.get('sliverauth') == '-1':
  35             logger.log("sliverauth:  Disabled", 2)
  36             return
  37
  38     if 'slivers' not in data:
  39         logger.log("sliverauth: getslivers data lack's sliver information. IGNORING!")
  40         return
  41
  42     for sliver in data['slivers']:
  43         found_hmac = False
  44         for attribute in sliver['attributes']:
  45             name = attribute.get('tagname',attribute.get('name',''))
  46             if name == 'hmac':
  47                 found_hmac = True
  48                 hmac = attribute['value']
  49                 break
  50
  51         if not found_hmac:
  52             # XXX need a better random seed?!
  53             random.seed(time.time())
  54             d = [random.choice(string.letters) for x in xrange(32)]
  55             hmac = "".join(d)
  56             SetSliverTag(plc,sliver['name'],'hmac',hmac)
  57             logger.log("sliverauth setting %s hmac" % sliver['name'])
  58
  59         path = '/vservers/%s/etc/planetlab' % sliver['name']
  60         if os.path.exists(path):
  61             keyfile = '%s/key' % path
  62             oldhmac = ''
  63             if os.path.exists(keyfile):
  64                 f = open(keyfile,'r')
  65                 oldhmac = f.read()
  66                 f.close()
  67
  68             if oldhmac <> hmac:
  69                 # create a temporary file in the vserver
  70                 fd, name = tempfile.mkstemp('','key',path)
  71                 os.write(fd,hmac)
  72                 os.close(fd)
  73                 if os.path.exists(keyfile):
  74                     os.unlink(keyfile)
  75                 os.rename(name,keyfile)
  76                 logger.log("sliverauth writing hmac to %s " % keyfile)
  77
  78             os.chmod(keyfile,0400)
  79