3 # sfi -- slice-based facility interface
8 from types import StringTypes, ListType
9 from optparse import OptionParser
11 from sfa.trust.certificate import Keypair, Certificate
12 from sfa.trust.credential import Credential
14 from sfa.util.geniclient import GeniClient
15 from sfa.util.record import *
16 from sfa.util.rspec import Rspec
17 from sfa.util.xmlrpcprotocol import ServerException
19 # xxx todo xxx auto-load ~/.sfi/sfi_config
21 sfi_dir = os.path.expanduser("~/.sfi/")
29 # Establish Connection to SliceMgr and Registry Servers
31 def set_servers(options):
38 if (options.sm is not None):
40 elif ("SFI_SM" in os.environ):
41 sm_url = os.environ["SFI_SM"]
43 print "No Known Slice Manager"
45 print " export SFI_SM=http://your.slicemanager.url:12347/"
46 print "Or add this argument to the command line:"
47 print " --slicemgr=http://your.slicemanager.url:12347/"
51 if (options.registry is not None):
52 reg_url = options.registry
53 elif ("SFI_REGISTRY" in os.environ):
54 reg_url = os.environ["SFI_REGISTRY"]
56 print "No Known Registry Server"
58 print " export SFI_REGISTRY=http://your.registry.url:12345/"
59 print "Or add this argument to the command line:"
60 print " --registry=http://your.registry.url:12345/"
64 print "Contacting Slice Manager at:", sm_url
65 print "Contacting Registry at:", reg_url
68 if (options.user is not None):
70 elif ("SFI_USER" in os.environ):
71 user = os.environ["SFI_USER"]
73 print "No Known User Name"
75 print " export SFI_USER=$SFI_AUTH.username"
76 print "Or add this argument to the command line:"
77 print " --user=username"
81 if (options.auth is not None):
82 authority = options.auth
83 elif ("SFI_AUTH" in os.environ):
84 authority = os.environ["SFI_AUTH"]
88 # Get key and certificate
89 key_file = get_key_file()
90 cert_file = get_cert_file(key_file)
92 # Establish connection to server(s)
93 slicemgr = GeniClient(sm_url, key_file, cert_file, options.protocol)
94 registry = GeniClient(reg_url, key_file, cert_file, options.protocol)
98 # Get various credential and spec files
100 # Establishes limiting conventions
101 # - conflates MAs and SAs
102 # - assumes last token in slice name is unique
104 # Bootstraps credentials
105 # - bootstrap user credential from self-signed certificate
106 # - bootstrap authority credential from user credential
107 # - bootstrap slice credential from user credential
111 parts = name.split(".")
115 file = os.path.join(sfi_dir, get_leaf(user) + ".pkey")
116 if (os.path.isfile(file)):
119 print "Key file", file, "does not exist"
123 def get_cert_file(key_file):
126 file = os.path.join(sfi_dir, get_leaf(user) + ".cert")
127 if (os.path.isfile(file)):
130 k = Keypair(filename = key_file)
131 cert = Certificate(subject=user)
133 cert.set_issuer(k, user)
136 print "Writing self-signed certificate to", file
137 cert.save_to_file(file)
143 file = os.path.join(sfi_dir, get_leaf(user) + ".cred")
144 if (os.path.isfile(file)):
145 user_cred = Credential(filename=file)
148 # bootstrap user credential
149 user_cred = registry.get_credential(None, "user", user)
151 user_cred.save_to_file(file, save_parents=True)
153 print "Writing user credential to", file
156 print "Failed to get user credential"
163 print "no authority specified. Use -a or set SF_AUTH"
166 file = os.path.join(sfi_dir, get_leaf("authority") +".cred")
167 if (os.path.isfile(file)):
168 auth_cred = Credential(filename=file)
171 # bootstrap authority credential from user credential
172 user_cred = get_user_cred()
173 auth_cred = registry.get_credential(user_cred, "sa", authority)
175 auth_cred.save_to_file(file, save_parents=True)
177 print "Writing authority credential to", file
180 print "Failed to get authority credential"
183 def get_slice_cred(name):
184 file = os.path.join(sfi_dir, "slice_" + get_leaf(name) + ".cred")
185 if (os.path.isfile(file)):
186 slice_cred = Credential(filename=file)
189 # bootstrap slice credential from user credential
190 user_cred = get_user_cred()
191 slice_cred = registry.get_credential(user_cred, "slice", name)
193 slice_cred.save_to_file(file, save_parents=True)
195 print "Writing slice credential to", file
198 print "Failed to get slice credential"
201 def delegate_cred(cred, hrn, type = 'authority'):
202 # the gid and hrn of the object we are delegating
203 object_gid = cred.get_gid_object()
204 object_hrn = object_gid.get_hrn()
205 cred.set_delegate(True)
206 if not cred.get_delegate():
207 raise Exception, "Error: Object credential %(object_hrn)s does not have delegate bit set" % locals()
210 records = registry.resolve(cred, hrn)
211 records = filter_records(type, records)
214 raise Exception, "Error: Didn't find a %(type)s record for %(hrn)s" % locals()
216 # the gid of the user who will be delegated too
217 delegee_gid = records[0].get_gid_object()
218 delegee_hrn = delegee_gid.get_hrn()
220 # the key and hrn of the user who will be delegating
221 user_key = Keypair(filename = get_key_file())
222 user_hrn = cred.get_gid_caller().get_hrn()
224 dcred = Credential(subject=object_hrn + " delegated to " + delegee_hrn)
225 dcred.set_gid_caller(delegee_gid)
226 dcred.set_gid_object(object_gid)
227 dcred.set_privileges(cred.get_privileges())
228 dcred.set_delegate(True)
229 dcred.set_pubkey(object_gid.get_pubkey())
230 dcred.set_issuer(user_key, user_hrn)
231 dcred.set_parent(cred)
237 def get_rspec_file(rspec):
238 if (os.path.isabs(rspec)):
241 file = os.path.join(sfi_dir, rspec)
242 if (os.path.isfile(file)):
245 print "No such rspec file", rspec
248 def get_record_file(record):
249 if (os.path.isabs(record)):
252 file = os.path.join(sfi_dir, record)
253 if (os.path.isfile(file)):
256 print "No such registry record file", record
259 def load_publickey_string(fn):
261 key_string = f.read()
263 # if the filename is a private key file, then extract the public key
264 if "PRIVATE KEY" in key_string:
265 outfn = tempfile.mktemp()
266 cmd = "openssl rsa -in " + fn + " -pubout -outform PEM -out " + outfn
269 key_string = f.read()
274 # Generate sub-command parser
276 def create_cmd_parser(command, additional_cmdargs = None):
277 cmdargs = {"list": "name",
283 "resources": "[name]",
284 "create": "name rspec",
292 if additional_cmdargs:
293 cmdargs.update(additional_cmdargs)
295 if command not in cmdargs:
296 print "Invalid command\n"
298 for key in cmdargs.keys():
303 parser = OptionParser(usage="sfi [sfi_options] %s [options] %s" \
304 % (command, cmdargs[command]))
305 if command in ("resources"):
306 parser.add_option("-f", "--format", dest="format",type="choice",
307 help="display format (dns|ip|rspec)",default="rspec",
308 choices=("dns","ip","rspec"))
309 if command in ("list", "show", "remove"):
310 parser.add_option("-t", "--type", dest="type",type="choice",
311 help="type filter (user|slice|sa|ma|node|aggregate)",
312 choices=("user","slice","sa","ma","node","aggregate", "all"),
314 if command in ("show", "list", "resources"):
315 parser.add_option("-o", "--output", dest="file",
316 help="output XML to file", metavar="FILE", default=None)
317 if command in ("delegate"):
318 parser.add_option("-u", "--user",
319 action="store_true", dest="delegate_user", default=False,
320 help="delegate user credential")
321 parser.add_option("-s", "--slice", dest="delegate_slice",
322 help="delegate slice credential", metavar="HRN", default=None)
326 # Generate command line parser
327 parser = OptionParser(usage="sfi [options] command [command_options] [command_args]",
328 description="Commands: list,show,remove,add,update,nodes,slices,resources,create,delete,start,stop,reset")
329 parser.add_option("-r", "--registry", dest="registry",
330 help="root registry", metavar="URL", default=None)
331 parser.add_option("-s", "--slicemgr", dest="sm",
332 help="slice manager", metavar="URL", default=None)
333 parser.add_option("-d", "--dir", dest="dir",
334 help="working directory", metavar="PATH", default = sfi_dir)
335 parser.add_option("-u", "--user", dest="user",
336 help="user name", metavar="HRN", default=None)
337 parser.add_option("-a", "--auth", dest="auth",
338 help="authority name", metavar="HRN", default=None)
339 parser.add_option("-v", "--verbose",
340 action="store_true", dest="verbose", default=False,
342 parser.add_option("-p", "--protocol",
343 dest="protocol", default="xmlrpc",
344 help="RPC protocol (xmlrpc or soap)")
345 parser.disable_interspersed_args()
349 def dispatch(command, cmd_opts, cmd_args):
350 globals()[command](cmd_opts, cmd_args)
353 # Main: parse arguments and dispatch to command
358 parser = create_parser()
359 (options, args) = parser.parse_args()
362 print "No command given. Use -h for help."
366 (cmd_opts, cmd_args) = create_cmd_parser(command).parse_args(args[1:])
367 verbose = options.verbose
369 print "Resgistry %s, sm %s, dir %s, user %s, auth %s" % (options.registry,
374 print "Command %s" %command
375 if command in ("resources"):
376 print "resources cmd_opts %s" %cmd_opts.format
377 elif command in ("list","show","remove"):
378 print "cmd_opts.type %s" %cmd_opts.type
379 print "cmd_args %s" %cmd_args
384 dispatch(command, cmd_opts, cmd_args)
387 print "Command not found:", command
393 # Following functions implement the commands
395 # Registry-related commands
398 # list entires in named authority registry
399 def list(opts, args):
401 user_cred = get_user_cred()
403 list = registry.list(user_cred, args[0])
405 raise Exception, "Not enough parameters for the 'list' command"
407 # filter on person, slice, site, node, etc.
408 # THis really should be in the filter_records funct def comment...
409 list = filter_records(opts.type, list)
411 print "%s (%s)" % (record['hrn'], record['type'])
413 save_records_to_file(opts.file, list)
416 # show named registry record
417 def show(opts, args):
419 user_cred = get_user_cred()
420 records = registry.resolve(user_cred, args[0])
421 records = filter_records(opts.type, records)
423 print "No record of type", opts.type
424 for record in records:
425 if record['type'] in ['user']:
426 record = UserRecord(dict = record)
427 elif record['type'] in ['slice']:
428 record = SliceRecord(dict = record)
429 elif record['type'] in ['node']:
430 record = NodeRecord(dict = record)
431 elif record['type'] in ['authority', 'ma', 'sa']:
432 record = AuthorityRecord(dict = record)
434 record = GeniRecord(dict = record)
438 save_records_to_file(opts.file, records)
441 def delegate(opts, args):
443 user_cred = get_user_cred()
444 if opts.delegate_user:
445 object_cred = user_cred
446 elif opts.delegate_slice:
447 object_cred = get_slice_cred(opts.delegate_slice)
449 print "Must specify either --user or --slice <hrn>"
452 # the gid and hrn of the object we are delegating
453 object_gid = object_cred.get_gid_object()
454 object_hrn = object_gid.get_hrn()
456 if not object_cred.get_delegate():
457 print "Error: Object credential", object_hrn, "does not have delegate bit set"
460 records = registry.resolve(user_cred, args[0])
461 records = filter_records("user", records)
464 print "Error: Didn't find a user record for", args[0]
467 # the gid of the user who will be delegated too
468 delegee_gid = records[0].get_gid_object()
469 delegee_hrn = delegee_gid.get_hrn()
471 # the key and hrn of the user who will be delegating
472 user_key = Keypair(filename = get_key_file())
473 user_hrn = user_cred.get_gid_caller().get_hrn()
475 dcred = Credential(subject=object_hrn + " delegated to " + delegee_hrn)
476 dcred.set_gid_caller(delegee_gid)
477 dcred.set_gid_object(object_gid)
478 dcred.set_privileges(object_cred.get_privileges())
479 dcred.set_delegate(True)
480 dcred.set_pubkey(object_gid.get_pubkey())
481 dcred.set_issuer(user_key, user_hrn)
482 dcred.set_parent(object_cred)
486 if opts.delegate_user:
487 dest_fn = os.path.join(sfi_dir, get_leaf(delegee_hrn) + "_" + get_leaf(object_hrn) + ".cred")
488 elif opts.delegate_slice:
489 dest_fn = os.path_join(sfi_dir, get_leaf(delegee_hrn) + "_slice_" + get_leaf(object_hrn) + ".cred")
491 dcred.save_to_file(dest_fn, save_parents = True)
493 print "delegated credential for", object_hrn, "to", delegee_hrn, "and wrote to", dest_fn
495 # removed named registry record
496 # - have to first retrieve the record to be removed
497 def remove(opts, args):
499 auth_cred = get_auth_cred()
500 return registry.remove(auth_cred, opts.type, args[0])
502 # add named registry record
505 auth_cred = get_auth_cred()
506 rec_file = get_record_file(args[0])
507 record = load_record_from_file(rec_file)
509 return registry.register(auth_cred, record)
511 # update named registry entry
512 def update(opts, args):
514 user_cred = get_user_cred()
515 rec_file = get_record_file(args[0])
516 record = load_record_from_file(rec_file)
517 if record.get_type() == "user":
518 if record.get_name() == user_cred.get_gid_object().get_hrn():
521 cred = get_auth_cred()
522 elif record.get_type() in ["slice"]:
524 cred = get_slice_cred(record.get_name())
525 except ServerException, e:
526 # XXX smbaker -- once we have better error return codes, update this
527 # to do something better than a string compare
528 if "Permission error" in e.args[0]:
529 cred = get_auth_cred()
532 elif record.get_type() in ["authority"]:
533 cred = get_auth_cred()
534 elif record.get_type() == 'node':
535 cred = get_auth_cred()
537 raise "unknown record type" + record.get_type()
538 return registry.update(cred, record)
541 # Slice-related commands
544 # list available nodes -- now use 'resources' w/ no argument instead
545 #def nodes(opts, args):
547 # user_cred = get_user_cred()
548 # if not opts.format:
551 # context = opts.format
552 # results = slicemgr.list_nodes(user_cred)
553 # if opts.format in ['rspec']:
554 # display_rspec(results)
556 # display_list(results)
557 # if (opts.file is not None):
558 # rspec = slicemgr.list_nodes(user_cred)
559 # save_rspec_to_file(rspec, opts.file)
562 # list instantiated slices
563 def slices(opts, args):
565 user_cred = get_user_cred()
566 results = slicemgr.get_slices(user_cred)
567 display_list(results)
570 # show rspec for named slice
571 def resources(opts, args):
574 slice_cred = get_slice_cred(args[0])
575 result = slicemgr.get_resources(slice_cred, args[0])
577 user_cred = get_user_cred()
578 result = slicemgr.get_resources(user_cred)
580 display_rspec(result, format)
581 if (opts.file is not None):
582 save_rspec_to_file(result, opts.file)
585 # created named slice with given rspec
586 def create(opts, args):
589 slice_cred = get_slice_cred(slice_hrn)
590 rspec_file = get_rspec_file(args[1])
591 rspec=open(rspec_file).read()
592 return slicemgr.create_slice(slice_cred, slice_hrn, rspec)
595 def delete(opts, args):
598 slice_cred = get_slice_cred(slice_hrn)
600 return slicemgr.delete_slice(slice_cred, slice_hrn)
603 def start(opts, args):
606 slice_cred = get_slice_cred(args[0])
607 return slicemgr.start_slice(slice_cred, slice_hrn)
610 def stop(opts, args):
613 slice_cred = get_slice_cred(args[0])
614 return slicemgr.stop_slice(slice_cred, slice_hrn)
617 def reset(opts, args):
620 slice_cred = get_slice_cred(args[0])
621 return slicemgr.reset_slice(slice_cred, slice_hrn)
625 # Display, Save, and Filter RSpecs and Records
626 # - to be replace by EMF-generated routines
630 def display_rspec(rspec, format = 'rspec'):
631 if format in ['dns']:
633 spec.parseString(rspec)
635 nodespecs = spec.getDictsByTagName('NodeSpec')
636 for nodespec in nodespecs:
637 if nodespec.has_key('name') and nodespec['name']:
638 if isinstance(nodespec['name'], ListType):
639 hostnames.extend(nodespec['name'])
640 elif isinstance(nodespec['name'], StringTypes):
641 hostnames.append(nodespec['name'])
643 elif format in ['ip']:
645 spec.parseString(rspec)
647 ifspecs = spec.getDictsByTagName('IfSpec')
648 for ifspec in ifspecs:
649 if ifspec.has_key('addr') and ifspec['addr']:
650 ips.append(ifspec['addr'])
658 def display_list(results):
659 for result in results:
662 def save_rspec_to_file(rspec, filename):
663 if not filename.startswith(os.sep):
664 filename = sfi_dir + filename
665 if not filename.endswith(".rspec"):
666 filename = filename + ".rspec"
668 f = open(filename, 'w')
673 def display_records(recordList, dump = False):
674 ''' Print all fields in the record'''
675 for record in recordList:
676 display_record(record, dump)
678 def display_record(record, dump = False):
682 info = record.getdict()
683 print "%s (%s)" % (info['hrn'], info['type'])
686 def filter_records(type, records):
687 filtered_records = []
688 for record in records:
689 if (record.get_type() == type) or (type == "all"):
690 filtered_records.append(record)
691 return filtered_records
693 def save_records_to_file(filename, recordList):
695 for record in recordList:
697 save_record_to_file(filename + "." + str(index), record)
699 save_record_to_file(filename, record)
702 def save_record_to_file(filename, record):
703 if not filename.startswith(os.sep):
704 filename = sfi_dir + filename
705 str = record.save_to_string()
706 file(filename, "w").write(str)
709 def load_record_from_file(filename):
710 str = file(filename, "r").read()
711 record = GeniRecord(string=str)
714 if __name__=="__main__":