-#!/usr/bin/python -tt
+#!/usr/bin/python3 -tt
# vim:set ts=4 sw=4 expandtab:
#
-# $Id$
-# $URL$
-#
# NodeManager plugin for installing SFA GID's in slivers
#
import os
+import sys
+sys.path.append('/usr/share/NodeManager')
import logger
+import traceback
+import tempfile
try:
from sfa.util.namespace import *
- from sfa.util.config import Config
+ from sfa.util.config import Config as SfaConfig
import sfa.util.xmlrpcprotocol as xmlrpcprotocol
from sfa.trust.certificate import Keypair, Certificate
from sfa.trust.credential import Credential
logger.log("sfagid: plugin starting up ...")
if not sfa:
return
- api = ComponentAPI()
- api.get_node_key()
+ try:
+ keyfile, certfile = get_keypair(None)
+ api = ComponentAPI(key_file=keyfile, cert_file=certfile)
+ api.get_node_key()
+ except:
+ return
def GetSlivers(data, config=None, plc=None):
if not sfa:
return
keyfile, certfile = get_keypair(config)
- api = ComponentAPI(keyfile=keyfile, certfile=certfile)
+ api = ComponentAPI(key_file=keyfile, cert_file=certfile)
slivers = [sliver['name'] for sliver in data['slivers']]
install_gids(api, slivers)
install_trusted_certs(api)
def install_gids(api, slivers):
# install node gid
- node_gid_path = config_dir + os.sep + "node.gid"
+ node_gid_file = api.config.config_path + os.sep + "node.gid"
node_gid = GID(filename=node_gid_file)
node_gid_str = node_gid.save_to_string(save_parents=True)
node_hrn = node_gid.get_hrn()
interface_hrn = api.config.SFA_INTERFACE_HRN
slice_gids = {}
node_gids = {}
- for sliver in slivers:
+ for slicename in slivers:
slice_gid_filename = "/vservers/%s/etc/slice.gid" % slicename
node_gid_filename = "/vservers/%s/etc/node.gid" % slicename
if os.path.isfile(slice_gid_filename):
# get current gids from registry
cred = api.getCredential()
registry = api.get_registry()
- records = registry.GetGids(cred, hrns)
+ #records = registry.GetGids(cred, hrns)
+ records = registry.get_gids(cred, hrns)
for record in records:
# skip if this isnt a slice record
if not record['type'] == 'slice':
trusted_gid_names.append(relative_filename)
gid_filename = trusted_certs_dir + os.sep + relative_filename
if verbose:
- print "Writing GID for %s as %s" % (gid.get_hrn(), gid_filename)
+ print("Writing GID for %s as %s" % (gid.get_hrn(), gid_filename))
gid.save_to_file(gid_filename, save_parents=True)
# remove old certs
for gid_name in all_gids_names:
if gid_name not in trusted_gid_names:
if verbose:
- print "Removing old gid ", gid_name
+ print("Removing old gid ", gid_name)
os.unlink(trusted_certs_dir + os.sep + gid_name)
+
+
def get_keypair(config = None):
if not config:
- config = Config()
+ config = SfaConfig()
hierarchy = Hierarchy()
key_dir= hierarchy.basedir
data_dir = config.data_path
if os.path.exists(keyfile) and os.path.exists(certfile):
return (keyfile, certfile)
- # create server key and certificate
- key = Keypair(filename=node_pkey_file)
+ # create temp keypair server key and certificate
+ (_, tmp_keyfile) = tempfile.mkstemp(suffix='.pkey', prefix='tmpkey', dir='/tmp')
+ (_, tmp_certfile) = tempfile.mkstemp(suffix='.cert', prefix='tmpcert', dir='/tmp')
+ tmp_key = Keypair(create=True)
+ tmp_key.save_to_file(tmp_keyfile)
+ tmp_cert = Certificate(subject='subject')
+ tmp_cert.set_issuer(key=tmp_key, subject='subject')
+ tmp_cert.set_pubkey(tmp_key)
+ tmp_cert.save_to_file(tmp_certfile, save_parents=True)
+
+ # request real pkey from registry
+ api = ComponentAPI(key_file=tmp_keyfile, cert_file=tmp_certfile)
+ registry = api.get_registry()
+ registry.get_key()
+ key = Keypair(filename=keyfile)
cert = Certificate(subject=hrn)
cert.set_issuer(key=key, subject=hrn)
cert.set_pubkey(key)
git://git.onelab.eu / nodemanager.git / blobdiff