8 from geniserver import *
10 from trustedroot import *
13 from geniticket import *
21 class ComponentManager(GeniServer):
22 def __init__(self, ip, port, key_file, cert_file):
23 GeniServer.__init__(self, ip, port, key_file, cert_file)
25 def register_functions(self):
26 GeniServer.register_functions(self)
27 self.server.register_function(self.stop_slice)
28 self.server.register_function(self.start_slice)
29 self.server.register_function(self.reset_slice)
30 self.server.register_function(self.delete_slice)
31 self.server.register_function(self.list_slices)
32 self.server.register_function(self.redeem_ticket)
33 self.server.register_function(self.reboot)
37 def stop_slice(self, cred_str):
38 self.decode_authentication(cred_str, "stopslice")
39 slicename = hrn_to_pl_slicename(self.object_gid.get_hrn())
40 print "stopslice:", slicename
41 accounts.get(slicename).start()
43 def start_slice(self, cred_str):
44 self.decode_authentication(cred_str, "startslice")
45 slicename = hrn_to_pl_slicename(self.object_gid.get_hrn())
46 print "startslice:", slicename
47 accounts.get(slicename).start()
49 def reset_slice(self, cred_str):
50 self.decode_authentication(cred_str, "resetslice")
51 slicename = hrn_to_pl_slicename(self.object_gid.get_hrn())
52 print "resetslice:", slicename
54 # find the existing record for the slice
56 rec = database.db[slicename]
58 raise SliverDoesNotExist(slicename)
60 accounts.get(slicename).stop()
61 accounts.get(slicename).ensure_destroyed()
62 accounts.get(slicename).ensure_created(rec)
64 def delete_slice(self, cred_str):
65 self.decode_authentication(cred_str, "deleteslice")
66 slicename = hrn_to_pl_slicename(self.object_gid.get_hrn())
67 print "deleteslice:", slicename
68 accounts.get(slicename).ensure_destroyed()
70 # this is similar to geniserver.decode_authentication
71 def decode_ticket(self, ticket_string):
72 self.client_ticket = Ticket(string = ticket_string)
73 self.client_gid = self.client_ticket.get_gid_caller()
74 self.object_gid = self.client_ticket.get_gid_object()
76 # make sure the client_gid is not blank
77 if not self.client_gid:
78 raise MissingCallerGID(self.client_ticket.get_subject())
80 # make sure the client_gid matches the certificate that the client is using
81 peer_cert = self.server.peer_cert
82 if not peer_cert.is_pubkey(self.client_gid.get_pubkey()):
83 raise ConnectionKeyGIDMismatch(self.client_gid.get_subject())
85 if self.trusted_cert_list:
86 self.client_ticket.verify_chain(self.trusted_cert_list)
88 self.client_gid.verify_chain(self.trusted_cert_list)
90 self.object_gid.verify_chain(self.trusted_cert_list)
92 def geni_ticket_to_plc_rec(self, ticket):
93 ticket_attrs = ticket.get_attributes()
94 ticket_rspec = ticket.get_rspec()
97 rec["name"] = ticket_attrs.get("name")
98 rec["keys"] = '\n'.join(ticket_attrs.get("keys",[]))
99 rec["initscript"] = ticket_attrs.get("initscript", "")
100 rec["vref"] = ticket_attrs.get("vref", "default")
101 rec["timestamp"] = ticket_attrs.get("timestamp") # should there be a default timestamp?
105 for resname, default_amt in sm.DEFAULT_ALLOCATION.iteritems():
107 t = type(default_amt)
108 amt = t.__new__(t, ticket_attrs[resname])
109 except (KeyError, ValueError):
115 def redeem_ticket(self, ticket_str):
116 self.decode_ticket(ticket_str)
117 ticket = self.client_ticket
119 print "ticket received for", self.object_gid.get_hrn()
121 rec = self.geni_ticket_to_plc_rec(ticket)
125 database.db.deliver_record(rec)
129 def list_slices(self, cred_str):
130 self.decode_authentication(cred_str, "listslices")
131 slice_names = database.db.keys()
134 # Management Interface
136 def reboot(self, cred_str):
137 self.decode_authentication(cred_str, "reboot")
138 system("/sbin/reboot")
141 if __name__ == "__main__":
144 key_file = "component.key"
145 cert_file = "component.cert"
147 # if no key is specified, then make one up
148 if (not os.path.exists(key_file)) or (not os.path.exists(cert_file)):
149 key = Keypair(create=True)
150 key.save_to_file(key_file)
152 cert = Certificate(subject="component")
153 cert.set_issuer(key=key, subject="component")
156 cert.save_to_file(cert_file)
158 TrustedRoots = TrustedRootList()
160 # XXX: does this conflict with the nodemanager's database? I don't think
161 # so because there are locks, but double check...
164 s = ComponentManager("", 12345, key_file, cert_file)
165 s.trusted_cert_list = TrustedRoots.get_list()