plugins/sliverauth.py

   1 #!/usr/bin/python -tt
   2 # vim:set ts=4 sw=4 expandtab:
   3 #
   4 # $Id$
   5 # $URL$
   6 #
   7 # NodeManager plugin to empower slivers to make API calls
   8
   9 """
  10 Sliver authentication support for NodeManager.
  11
  12 """
  13
  14 import errno
  15 import os
  16 import random
  17 import string
  18 import tempfile
  19 import time
  20
  21 import logger
  22 import tools
  23
  24 def start(options, conf):
  25     logger.log("sliverauth plugin starting up...")
  26
  27 def SetSliverTag(plc, slice, tagname, value):
  28     node_id = tools.node_id()
  29     slivertags=plc.GetSliceTags({"name":slice,"node_id":node_id,"tagname":tagname})
  30     if len(slivertags)==0:
  31         # looks like GetSlivers reports about delegated/nm-controller slices that do *not* belong to this node
  32         # and this is something that AddSliceTag does not like
  33         try:
  34             slivertag_id=plc.AddSliceTag(slice,tagname,value,node_id)
  35         except:
  36             logger.log ("SetSliverTag - CAUGHT exception for (probably delegated) slice=%(slice)s tag=%(tagname)s node_id=%(node_id)d"%locals())
  37             pass
  38     else:
  39         slivertag_id=slivertags[0]['slice_tag_id']
  40         plc.UpdateSliceTag(slivertag_id,value)
  41
  42 def GetSlivers(data, config, plc):
  43     if 'OVERRIDES' in dir(config):
  44         if config.OVERRIDES.get('sliverauth') == '-1':
  45             logger.log("sliverauth:  Disabled", 2)
  46             return
  47
  48     if 'slivers' not in data:
  49         logger.log_missing_data("sliverauth.GetSlivers", 'slivers')
  50         return
  51
  52     for sliver in data['slivers']:
  53         found_hmac = False
  54         for attribute in sliver['attributes']:
  55             name = attribute.get('tagname',attribute.get('name',''))
  56             if name == 'hmac':
  57                 found_hmac = True
  58                 hmac = attribute['value']
  59                 break
  60
  61         if not found_hmac:
  62             # XXX need a better random seed?!
  63             random.seed(time.time())
  64             d = [random.choice(string.letters) for x in xrange(32)]
  65             hmac = "".join(d)
  66             SetSliverTag(plc,sliver['name'],'hmac',hmac)
  67             logger.log("sliverauth setting %s hmac" % sliver['name'])
  68
  69         path = '/vservers/%s/etc/planetlab' % sliver['name']
  70         if os.path.exists(path):
  71             keyfile = '%s/key' % path
  72             oldhmac = ''
  73             if os.path.exists(keyfile):
  74                 f = open(keyfile,'r')
  75                 oldhmac = f.read()
  76                 f.close()
  77
  78             if oldhmac <> hmac:
  79                 # create a temporary file in the vserver
  80                 fd, name = tempfile.mkstemp('','key',path)
  81                 os.write(fd,hmac)
  82                 os.close(fd)
  83                 if os.path.exists(keyfile):
  84                     os.unlink(keyfile)
  85                 os.rename(name,keyfile)
  86                 logger.log("sliverauth writing hmac to %s " % keyfile)
  87
  88             os.chmod(keyfile,0400)
  89