3 # sfi -- slice-based facility interface
9 from types import StringTypes, ListType
10 from optparse import OptionParser
12 from sfa.trust.certificate import Keypair, Certificate
13 from sfa.trust.credential import Credential
14 from sfa.util.geniclient import GeniClient
15 from sfa.util.record import *
16 from sfa.util.rspec import Rspec
17 from sfa.util.xmlrpcprotocol import ServerException
18 import sfa.util.xmlrpcprotocol as xmlrpcprotocol
19 import sfa.util.soapprotocol as soapprotocol
20 from sfa.util.config import Config
31 # Establish Connection to SliceMgr and Registry Servers
33 def set_servers(self):
34 config_file = self.options.sfi_dir + os.sep + "sfi_config"
36 config = Config (config_file)
38 print "Failed to read configuration file",config_file
39 print "Make sure to remove the export clauses and to add quotes"
40 if not self.options.verbose:
41 print "Re-run with -v for more details"
48 if (self.options.sm is not None):
49 sm_url = self.options.sm
50 elif hasattr(config,"SFI_SM"):
51 sm_url = config.SFI_SM
53 print "You need to set e.g. SFI_SM='http://your.slicemanager.url:12347/' in %s"%config_file
57 if (self.options.registry is not None):
58 reg_url = self.options.registry
59 elif hasattr(config,"SFI_REGISTRY"):
60 reg_url = config.SFI_REGISTRY
62 print "You need to set e.g. SFI_REGISTRY='http://your.registry.url:12345/' in %s"%config_file
66 if (self.options.user is not None):
67 self.user = self.options.user
68 elif hasattr(config,"SFI_USER"):
69 self.user = config.SFI_USER
71 print "You need to set e.g. SFI_USER='plc.princeton.username' in %s"%config_file
75 if (self.options.auth is not None):
76 self.authority = self.options.auth
77 elif hasattr(config,"SFI_AUTH"):
78 self.authority = config.SFI_AUTH
80 print "You need to set e.g. SFI_AUTH='plc.princeton' in %s"%config_file
86 if self.options.verbose :
87 print "Contacting Slice Manager at:", sm_url
88 print "Contacting Registry at:", reg_url
90 # Get key and certificate
91 key_file = self.get_key_file()
92 cert_file = self.get_cert_file(key_file)
93 self.key = Keypair(filename=key_file)
94 self.key_file = key_file
95 self.cert_file = cert_file
96 self.cert = Certificate(filename=cert_file)
97 # Establish connection to server(s)
98 #self.slicemgr = GeniClient(sm_url, key_file, cert_file, self.options.protocol)
99 #self.registry = GeniClient(reg_url, key_file, cert_file, self.options.protocol)
100 self.registry = xmlrpcprotocol.get_server(reg_url, key_file, cert_file)
101 self.slicemgr = xmlrpcprotocol.get_server(sm_url, key_file, cert_file)
105 # Get various credential and spec files
107 # Establishes limiting conventions
108 # - conflates MAs and SAs
109 # - assumes last token in slice name is unique
111 # Bootstraps credentials
112 # - bootstrap user credential from self-signed certificate
113 # - bootstrap authority credential from user credential
114 # - bootstrap slice credential from user credential
117 def get_leaf(self,name):
118 parts = name.split(".")
121 def get_key_file(self):
122 file = os.path.join(self.options.sfi_dir, self.get_leaf(self.user) + ".pkey")
123 if (os.path.isfile(file)):
126 print "Key file", file, "does not exist"
130 def get_cert_file(self,key_file):
132 file = os.path.join(self.options.sfi_dir, self.get_leaf(self.user) + ".cert")
133 if (os.path.isfile(file)):
136 k = Keypair(filename = key_file)
137 cert = Certificate(subject=self.user)
139 cert.set_issuer(k, self.user)
141 if self.options.verbose :
142 print "Writing self-signed certificate to", file
143 cert.save_to_file(file)
147 file = os.path.join(self.options.sfi_dir, self.get_leaf(self.user) + ".gid")
148 if (os.path.isfile(file)):
149 gid = GID(filename=file)
152 cert_str = self.cert.save_to_string(save_parents=True)
153 request_hash = self.key.compute_hash([cert_str, self.user, "user"])
154 gid_str = self.registry.get_gid(cert_str, self.user, "user", request_hash)
155 gid = GID(string=gid_str)
156 if self.options.verbose:
157 print "Writing user gid to", file
158 gid.save_to_file(file, save_parents=True)
161 def get_user_cred(self):
162 file = os.path.join(self.options.sfi_dir, self.get_leaf(self.user) + ".cred")
163 if (os.path.isfile(file)):
164 user_cred = Credential(filename=file)
167 # bootstrap user credential
168 cert_string = self.cert.save_to_string(save_parents=True)
169 request_hash = self.key.compute_hash([cert_string, "user", self.user])
170 user_cred = self.registry.get_self_credential(cert_string, "user", self.user, request_hash)
172 cred = Credential(string=user_cred)
173 cred.save_to_file(file, save_parents=True)
174 if self.options.verbose:
175 print "Writing user credential to", file
178 print "Failed to get user credential"
181 def get_auth_cred(self):
183 if not self.authority:
184 print "no authority specified. Use -a or set SF_AUTH"
187 file = os.path.join(self.options.sfi_dir, self.get_leaf("authority") +".cred")
188 if (os.path.isfile(file)):
189 auth_cred = Credential(filename=file)
192 # bootstrap authority credential from user credential
193 user_cred = self.get_user_cred().save_to_string(save_parents=True)
194 request_hash = self.key.compute_hash([user_cred, "authority", self.authority])
195 auth_cred = self.registry.get_credential(user_cred, "authority", self.authority, request_hash)
197 cred = Credential(string=auth_cred)
198 cred.save_to_file(file, save_parents=True)
199 if self.options.verbose:
200 print "Writing authority credential to", file
203 print "Failed to get authority credential"
206 def get_slice_cred(self,name):
207 file = os.path.join(self.options.sfi_dir, "slice_" + self.get_leaf(name) + ".cred")
208 if (os.path.isfile(file)):
209 slice_cred = Credential(filename=file)
212 # bootstrap slice credential from user credential
213 user_cred = self.get_user_cred().save_to_string(save_parents=True)
214 arg_list = [user_cred, "slice", name]
215 request_hash = self.key.compute_hash(arg_list)
216 slice_cred_str = self.registry.get_credential(user_cred, "slice", name, request_hash)
218 slice_cred = Credential(string=slice_cred_str)
219 slice_cred.save_to_file(file, save_parents=True)
220 if self.options.verbose:
221 print "Writing slice credential to", file
224 print "Failed to get slice credential"
227 def delegate_cred(self,cred, hrn, type = 'authority'):
228 # the gid and hrn of the object we are delegating
229 object_gid = cred.get_gid_object()
230 object_hrn = object_gid.get_hrn()
231 cred.set_delegate(True)
232 if not cred.get_delegate():
233 raise Exception, "Error: Object credential %(object_hrn)s does not have delegate bit set" % locals()
236 records = self.registry.resolve(cred, hrn)
237 records = self.filter_records(type, records)
240 raise Exception, "Error: Didn't find a %(type)s record for %(hrn)s" % locals()
242 # the gid of the user who will be delegated too
243 delegee_gid = records[0].get_gid_object()
244 delegee_hrn = delegee_gid.get_hrn()
246 # the key and hrn of the user who will be delegating
247 user_key = Keypair(filename = self.get_key_file())
248 user_hrn = cred.get_gid_caller().get_hrn()
250 dcred = Credential(subject=object_hrn + " delegated to " + delegee_hrn)
251 dcred.set_gid_caller(delegee_gid)
252 dcred.set_gid_object(object_gid)
253 dcred.set_privileges(cred.get_privileges())
254 dcred.set_delegate(True)
255 dcred.set_pubkey(object_gid.get_pubkey())
256 dcred.set_issuer(user_key, user_hrn)
257 dcred.set_parent(cred)
263 def get_rspec_file(self,rspec):
264 if (os.path.isabs(rspec)):
267 file = os.path.join(self.options.sfi_dir, rspec)
268 if (os.path.isfile(file)):
271 print "No such rspec file", rspec
274 def get_record_file(self,record):
275 if (os.path.isabs(record)):
278 file = os.path.join(self.options.sfi_dir, record)
279 if (os.path.isfile(file)):
282 print "No such registry record file", record
285 def load_publickey_string(self,fn):
287 key_string = f.read()
289 # if the filename is a private key file, then extract the public key
290 if "PRIVATE KEY" in key_string:
291 outfn = tempfile.mktemp()
292 cmd = "openssl rsa -in " + fn + " -pubout -outform PEM -out " + outfn
295 key_string = f.read()
300 # Generate sub-command parser
302 def create_cmd_parser(self,command, additional_cmdargs = None):
303 cmdargs = {"gid": "",
309 "aggregates": "[name]",
310 "registries": "[name]",
312 "resources": "[name]",
313 "create": "name rspec",
321 if additional_cmdargs:
322 cmdargs.update(additional_cmdargs)
324 if command not in cmdargs:
325 print "Invalid command\n"
327 for key in cmdargs.keys():
332 parser = OptionParser(usage="sfi [sfi_options] %s [options] %s" \
333 % (command, cmdargs[command]))
335 if command in ("resources"):
336 parser.add_option("-f", "--format", dest="format",type="choice",
337 help="display format ([xml]|dns|ip)",default="xml",
338 choices=("xml","dns","ip"))
339 parser.add_option("-a", "--aggregate", dest="aggregate",
340 default=None, help="aggregate hrn")
342 if command in ("create"):
343 parser.add_option("-a", "--aggregate", dest="aggregate",default=None,
344 help="aggregate hrn")
346 if command in ("list", "show", "remove"):
347 parser.add_option("-t", "--type", dest="type",type="choice",
348 help="type filter ([all]|user|slice|sa|ma|node|aggregate)",
349 choices=("all","user","slice","sa","ma","node","aggregate"),
352 if command in ("resources", "show", "list"):
353 parser.add_option("-o", "--output", dest="file",
354 help="output XML to file", metavar="FILE", default=None)
356 if command in ("show", "list"):
357 parser.add_option("-f", "--format", dest="format", type="choice",
358 help="display format ([text]|xml)",default="text",
359 choices=("text","xml"))
361 if command in ("delegate"):
362 parser.add_option("-u", "--user",
363 action="store_true", dest="delegate_user", default=False,
364 help="delegate user credential")
365 parser.add_option("-s", "--slice", dest="delegate_slice",
366 help="delegate slice credential", metavar="HRN", default=None)
369 def create_parser(self):
371 # Generate command line parser
372 parser = OptionParser(usage="sfi [options] command [command_options] [command_args]",
373 description="Commands: gid,list,show,remove,add,update,nodes,slices,resources,create,delete,start,stop,reset")
374 parser.add_option("-r", "--registry", dest="registry",
375 help="root registry", metavar="URL", default=None)
376 parser.add_option("-s", "--slicemgr", dest="sm",
377 help="slice manager", metavar="URL", default=None)
378 default_sfi_dir=os.path.expanduser("~/.sfi/")
379 parser.add_option("-d", "--dir", dest="sfi_dir",
380 help="config & working directory - default is " + default_sfi_dir,
381 metavar="PATH", default = default_sfi_dir)
382 parser.add_option("-u", "--user", dest="user",
383 help="user name", metavar="HRN", default=None)
384 parser.add_option("-a", "--auth", dest="auth",
385 help="authority name", metavar="HRN", default=None)
386 parser.add_option("-v", "--verbose",
387 action="store_true", dest="verbose", default=False,
389 parser.add_option("-p", "--protocol",
390 dest="protocol", default="xmlrpc",
391 help="RPC protocol (xmlrpc or soap)")
392 parser.disable_interspersed_args()
396 def dispatch(self,command, cmd_opts, cmd_args):
397 getattr(self,command)(cmd_opts, cmd_args)
400 # Following functions implement the commands
402 # Registry-related commands
405 def gid(self, opts, args):
407 print "GID: %s" % (gid.save_to_string(save_parents=True))
410 # list entires in named authority registry
411 def list(self,opts, args):
412 user_cred = self.get_user_cred().save_to_string(save_parents=True)
414 request_hash = self.key.compute_hash([user_cred, hrn])
416 list = self.registry.list(user_cred, hrn, request_hash)
418 raise Exception, "Not enough parameters for the 'list' command"
420 # filter on person, slice, site, node, etc.
421 # THis really should be in the self.filter_records funct def comment...
422 list = self.filter_records(opts.type, list)
424 print "%s (%s)" % (record['hrn'], record['type'])
426 self.save_records_to_file(opts.file, list)
429 # show named registry record
430 def show(self,opts, args):
431 user_cred = self.get_user_cred().save_to_string(save_parents=True)
433 request_hash = self.key.compute_hash([user_cred, hrn])
434 records = self.registry.resolve(user_cred, hrn, request_hash)
435 records = self.filter_records(opts.type, records)
437 print "No record of type", opts.type
438 for record in records:
439 if record['type'] in ['user']:
440 record = UserRecord(dict = record)
441 elif record['type'] in ['slice']:
442 record = SliceRecord(dict = record)
443 elif record['type'] in ['node']:
444 record = NodeRecord(dict = record)
445 elif record['type'] in ['authority', 'ma', 'sa']:
446 record = AuthorityRecord(dict = record)
448 record = GeniRecord(dict = record)
449 if (opts.format=="text"):
452 print record.save_to_string()
455 self.save_records_to_file(opts.file, records)
458 def delegate(self,opts, args):
459 user_cred = self.get_user_cred()
460 if opts.delegate_user:
461 object_cred = user_cred
462 elif opts.delegate_slice:
463 object_cred = self.get_slice_cred(opts.delegate_slice)
465 print "Must specify either --user or --slice <hrn>"
468 # the gid and hrn of the object we are delegating
469 object_gid = object_cred.get_gid_object()
470 object_hrn = object_gid.get_hrn()
472 if not object_cred.get_delegate():
473 print "Error: Object credential", object_hrn, "does not have delegate bit set"
476 records = self.registry.resolve(user_cred, args[0])
477 records = self.filter_records("user", records)
480 print "Error: Didn't find a user record for", args[0]
483 # the gid of the user who will be delegated too
484 delegee_gid = records[0].get_gid_object()
485 delegee_hrn = delegee_gid.get_hrn()
487 # the key and hrn of the user who will be delegating
488 user_key = Keypair(filename = self.get_key_file())
489 user_hrn = user_cred.get_gid_caller().get_hrn()
491 dcred = Credential(subject=object_hrn + " delegated to " + delegee_hrn)
492 dcred.set_gid_caller(delegee_gid)
493 dcred.set_gid_object(object_gid)
494 dcred.set_privileges(object_cred.get_privileges())
495 dcred.set_delegate(True)
496 dcred.set_pubkey(object_gid.get_pubkey())
497 dcred.set_issuer(user_key, user_hrn)
498 dcred.set_parent(object_cred)
502 if opts.delegate_user:
503 dest_fn = os.path.join(self.options.sfi_dir, self.get_leaf(delegee_hrn) + "_"
504 + self.get_leaf(object_hrn) + ".cred")
505 elif opts.delegate_slice:
506 dest_fn = os.path_join(self.options.sfi_dir, self.get_leaf(delegee_hrn) + "_slice_"
507 + self.get_leaf(object_hrn) + ".cred")
509 dcred.save_to_file(dest_fn, save_parents = True)
511 print "delegated credential for", object_hrn, "to", delegee_hrn, "and wrote to", dest_fn
513 # removed named registry record
514 # - have to first retrieve the record to be removed
515 def remove(self,opts, args):
516 auth_cred = self.get_auth_cred().save_to_string(save_parents=True)
521 arg_list = [auth_cred, type, hrn]
522 request_hash = self.key.compute_hash(arg_list)
523 return self.registry.remove(auth_cred, type, hrn, request_hash)
525 # add named registry record
526 def add(self,opts, args):
527 auth_cred = self.get_auth_cred().save_to_string(save_parents=True)
528 record_filepath = args[0]
529 rec_file = self.get_record_file(record_filepath)
530 record = self.load_record_from_file(rec_file).as_dict()
531 arg_list = [auth_cred]
532 request_hash = self.key.compute_hash(arg_list)
533 return self.registry.register(auth_cred, record, request_hash)
535 # update named registry entry
536 def update(self,opts, args):
537 user_cred = self.get_user_cred()
538 rec_file = self.get_record_file(args[0])
539 record = self.load_record_from_file(rec_file)
540 if record['type'] == "user":
541 if record.get_name() == user_cred.get_gid_object().get_hrn():
542 cred = user_cred.save_to_string(save_parents=True)
544 cred = self.get_auth_cred().save_to_string(save_parents=True)
545 elif record['type'] in ["slice"]:
547 cred = self.get_slice_cred(record.get_name()).save_to_string(save_parents=True)
548 except ServerException, e:
549 # XXX smbaker -- once we have better error return codes, update this
550 # to do something better than a string compare
551 if "Permission error" in e.args[0]:
552 cred = self.get_auth_cred().save_to_string(save_parents=True)
555 elif record.get_type() in ["authority"]:
556 cred = self.get_auth_cred().save_to_string(save_parents=True)
557 elif record.get_type() == 'node':
558 cred = self.get_auth_cred().save_to_string(save_parents=True)
560 raise "unknown record type" + record.get_type()
561 record = record.as_dict()
563 request_hash = self.key.compute_hash(arg_list)
564 return self.registry.update(cred, record, request_hash)
567 def aggregates(self, opts, args):
568 user_cred = self.get_user_cred().save_to_string(save_parents=True)
572 arg_list = [user_cred, hrn]
573 request_hash = self.key.compute_hash(arg_list)
574 result = self.registry.get_aggregates(user_cred, hrn, request_hash)
575 self.display_list(result)
578 def registries(self, opts, args):
579 user_cred = self.get_user_cred().save_to_string(save_parents=True)
583 arg_list = [user_cred, hrn]
584 request_hash = self.key.compute_hash(arg_list)
585 result = self.registry.get_registries(user_cred, hrn, request_hash)
586 self.display_list(result)
590 # Slice-related commands
593 # list available nodes -- use 'resources' w/ no argument instead
595 # list instantiated slices
596 def slices(self,opts, args):
597 user_cred = self.get_user_cred().save_to_string(save_parents=True)
598 arg_list = [user_cred]
599 request_hash = self.key.compute_hash(arg_list)
600 results = self.slicemgr.get_slices(user_cred, request_hash)
601 self.display_list(results)
604 # show rspec for named slice
605 def resources(self,opts, args):
606 user_cred = self.get_user_cred().save_to_string(save_parents=True)
607 server = self.slicemgr
609 agg_hrn = opts.aggregate
610 arg_list = [user_cred, arg_hrn]
611 request_hash = self.key.compute_hash(arg_list)
612 aggregates = self.registry.get_aggregates(user_cred, agg_hrn, request_hash)
614 raise Exception, "No such aggregate %s" % agg_hrn
615 aggregate = aggregates[0]
616 url = "http://%s:%s" % (aggregate['addr'], aggregate['port'])
617 server = xmlrpcprotocol.get_server(url, self.key_file, self.cert_file)
619 cred = self.get_slice_cred(args[0]).save_to_string(save_parents=True)
625 arg_list = [cred, hrn]
626 request_hash = self.key.compute_hash(arg_list)
627 result = server.get_resources(cred, hrn, request_hash)
630 self.display_rspec(result, format)
631 if (opts.file is not None):
632 self.save_rspec_to_file(result, opts.file)
635 # created named slice with given rspec
636 def create(self,opts, args):
638 user_cred = self.get_user_cred()
639 slice_cred = self.get_slice_cred(slice_hrn).save_to_string(save_parents=True)
640 rspec_file = self.get_rspec_file(args[1])
641 rspec=open(rspec_file).read()
642 server = self.slicemgr
644 aggregates = self.registry.get_aggregates(user_cred, opts.aggregate)
646 raise Exception, "No such aggregate %s" % opts.aggregate
647 aggregate = aggregates[0]
648 url = "http://%s:%s" % (aggregate['addr'], aggregate['port'])
649 server = GeniClient(url, self.key_file, self.cert_file, self.options.protocol)
650 arg_list = [slice_cred, slice_hrn, rspec]
651 request_hash = self.key.compute_hash(arg_list)
652 return server.create_slice(slice_cred, slice_hrn, rspec, request_hash)
655 def delete(self,opts, args):
657 slice_cred = self.get_slice_cred(slice_hrn).save_to_string(save_parents=True)
658 arg_list = [slice_cred, slice_hrn]
659 request_hash = self.key.compute_hash(arg_list)
660 return self.slicemgr.delete_slice(slice_cred, slice_hrn, request_hash)
663 def start(self,opts, args):
665 slice_cred = self.get_slice_cred(args[0])
666 arg_list = [slice_cred, slice_hrn]
667 request_hash = self.key.compute_hash(arg_list)
668 return self.slicemgr.start_slice(slice_cred, slice_hrn, request_hash)
671 def stop(self,opts, args):
673 slice_cred = self.get_slice_cred(args[0]).save_to_string(save_parents=True)
674 arg_list = [slice_cred, slice_hrn]
675 request_hash = self.key.compute_hash(arg_list)
676 return self.slicemgr.stop_slice(slice_cred, slice_hrn, request_hash)
679 def reset(self,opts, args):
681 slice_cred = self.get_slice_cred(args[0]).save_to_string(save_parents=True)
682 arg_list = [slice_cred, slice_hrn]
683 request_hash = self.key.compute_hash(arg_list)
684 return self.slicemgr.reset_slice(slice_cred, slice_hrn, request_hash)
688 # Display, Save, and Filter RSpecs and Records
689 # - to be replace by EMF-generated routines
693 def display_rspec(self,rspec, format = 'rspec'):
694 if format in ['dns']:
696 spec.parseString(rspec)
698 nodespecs = spec.getDictsByTagName('NodeSpec')
699 for nodespec in nodespecs:
700 if nodespec.has_key('name') and nodespec['name']:
701 if isinstance(nodespec['name'], ListType):
702 hostnames.extend(nodespec['name'])
703 elif isinstance(nodespec['name'], StringTypes):
704 hostnames.append(nodespec['name'])
706 elif format in ['ip']:
708 spec.parseString(rspec)
710 ifspecs = spec.getDictsByTagName('IfSpec')
711 for ifspec in ifspecs:
712 if ifspec.has_key('addr') and ifspec['addr']:
713 ips.append(ifspec['addr'])
721 def display_list(self,results):
722 for result in results:
725 def save_rspec_to_file(self,rspec, filename):
726 if not filename.startswith(os.sep):
727 filename = self.options.sfi_dir + filename
728 if not filename.endswith(".rspec"):
729 filename = filename + ".rspec"
731 f = open(filename, 'w')
736 def display_records(self,recordList, dump = False):
737 ''' Print all fields in the record'''
738 for record in recordList:
739 self.display_record(record, dump)
741 def display_record(self,record, dump = False):
745 info = record.getdict()
746 print "%s (%s)" % (info['hrn'], info['type'])
749 def filter_records(self,type, records):
750 filtered_records = []
751 for record in records:
752 if (record['type'] == type) or (type == "all"):
753 filtered_records.append(record)
754 return filtered_records
756 def save_records_to_file(self,filename, recordList):
758 for record in recordList:
760 self.save_record_to_file(filename + "." + str(index), record)
762 self.save_record_to_file(filename, record)
765 def save_record_to_file(self,filename, record):
766 if record['type'] in ['user']:
767 record = UserRecord(dict = record)
768 elif record['type'] in ['slice']:
769 record = SliceRecord(dict = record)
770 elif record['type'] in ['node']:
771 record = NodeRecord(dict = record)
772 elif record['type'] in ['authority', 'ma', 'sa']:
773 record = AuthorityRecord(dict = record)
775 record = GeniRecord(dict = record)
776 if not filename.startswith(os.sep):
777 filename = self.options.sfi_dir + filename
778 str = record.save_to_string()
779 file(filename, "w").write(str)
782 def load_record_from_file(self,filename):
783 str = file(filename, "r").read()
784 record = GeniRecord(string=str)
788 # Main: parse arguments and dispatch to command
791 parser = self.create_parser()
792 (options, args) = parser.parse_args()
793 self.options = options
796 print "No command given. Use -h for help."
800 (cmd_opts, cmd_args) = self.create_cmd_parser(command).parse_args(args[1:])
801 if self.options.verbose :
802 print "Registry %s, sm %s, dir %s, user %s, auth %s" % (options.registry,
807 print "Command %s" %command
808 if command in ("resources"):
809 print "resources cmd_opts %s" %cmd_opts.format
810 elif command in ("list","show","remove"):
811 print "cmd_opts.type %s" %cmd_opts.type
812 print "cmd_args %s" %cmd_args
817 self.dispatch(command, cmd_opts, cmd_args)
820 print "Command not found:", command
825 if __name__=="__main__":