plugins/sliverauth.py

   1 #!/usr/bin/python -tt
   2 # vim:set ts=4 sw=4 expandtab:
   3 # NodeManager plugin to empower slivers to make API calls
   4
   5 """
   6 Sliver authentication support for NodeManager.
   7
   8 """
   9
  10 import errno
  11 import os
  12 import random
  13 import string
  14 import tempfile
  15 import time
  16
  17 import logger
  18 import tools
  19
  20 def start(options, conf):
  21     logger.log("sliverauth plugin starting up...")
  22
  23 def SetSliverTag(plc, slice, tagname, value):
  24     node_id = tools.node_id()
  25     slivertags=plc.GetSliceTags({"name":slice,"node_id":node_id,"tagname":tagname})
  26     if len(slivertags)==0:
  27         # looks like GetSlivers reports about delegated/nm-controller slices that do *not* belong to this node
  28         # and this is something that AddSliceTag does not like
  29         try:
  30             slivertag_id=plc.AddSliceTag(slice,tagname,value,node_id)
  31         except:
  32             logger.log ("SetSliverTag - CAUGHT exception for (probably delegated) slice=%(slice)s tag=%(tagname)s node_id=%(node_id)d"%locals())
  33             pass
  34     else:
  35         slivertag_id=slivertags[0]['slice_tag_id']
  36         plc.UpdateSliceTag(slivertag_id,value)
  37
  38 def GetSlivers(data, config, plc):
  39     if 'OVERRIDES' in dir(config):
  40         if config.OVERRIDES.get('sliverauth') == '-1':
  41             logger.log("sliverauth:  Disabled", 2)
  42             return
  43
  44     if 'slivers' not in data:
  45         logger.log("sliverauth: getslivers data lack's sliver information. IGNORING!")
  46         return
  47
  48     for sliver in data['slivers']:
  49         found_hmac = False
  50         for attribute in sliver['attributes']:
  51             name = attribute.get('tagname',attribute.get('name',''))
  52             if name == 'hmac':
  53                 found_hmac = True
  54                 hmac = attribute['value']
  55                 break
  56
  57         if not found_hmac:
  58             # XXX need a better random seed?!
  59             random.seed(time.time())
  60             d = [random.choice(string.letters) for x in xrange(32)]
  61             hmac = "".join(d)
  62             SetSliverTag(plc,sliver['name'],'hmac',hmac)
  63             logger.log("sliverauth setting %s hmac" % sliver['name'])
  64
  65         path = '/vservers/%s/etc/planetlab' % sliver['name']
  66         if os.path.exists(path):
  67             keyfile = '%s/key' % path
  68             oldhmac = ''
  69             if os.path.exists(keyfile):
  70                 f = open(keyfile,'r')
  71                 oldhmac = f.read()
  72                 f.close()
  73
  74             if oldhmac <> hmac:
  75                 # create a temporary file in the vserver
  76                 fd, name = tempfile.mkstemp('','key',path)
  77                 os.write(fd,hmac)
  78                 os.close(fd)
  79                 if os.path.exists(keyfile):
  80                     os.unlink(keyfile)
  81                 os.rename(name,keyfile)
  82                 logger.log("sliverauth writing hmac to %s " % keyfile)
  83
  84             os.chmod(keyfile,0400)
  85