3 # sfi -- slice-based facility interface
9 from types import StringTypes, ListType
10 from optparse import OptionParser
12 from sfa.trust.certificate import Keypair, Certificate
13 from sfa.trust.credential import Credential
15 from sfa.util.geniclient import GeniClient
16 from sfa.util.record import *
17 from sfa.util.rspec import Rspec
18 from sfa.util.xmlrpcprotocol import ServerException
19 from sfa.util.config import Config
30 # Establish Connection to SliceMgr and Registry Servers
32 def set_servers(self):
33 config_file = self.options.sfi_dir + os.sep + "sfi_config"
35 config = Config (config_file)
37 print "Failed to read configuration file",config_file
38 print "Make sure to remove the export clauses and to add quotes"
39 if not self.options.verbose:
40 print "Re-run with -v for more details"
47 if (self.options.sm is not None):
48 sm_url = self.options.sm
49 elif hasattr(config,"SFI_SM"):
50 sm_url = config.SFI_SM
52 print "You need to set e.g. SFI_SM='http://your.slicemanager.url:12347/' in %s"%config_file
56 if (self.options.registry is not None):
57 reg_url = self.options.registry
58 elif hasattr(config,"SFI_REGISTRY"):
59 reg_url = config.SFI_REGISTRY
61 print "You need to set e.g. SFI_REGISTRY='http://your.registry.url:12345/' in %s"%config_file
65 if (self.options.user is not None):
66 self.user = self.options.user
67 elif hasattr(config,"SFI_USER"):
68 self.user = config.SFI_USER
70 print "You need to set e.g. SFI_USER='plc.princeton.username' in %s"%config_file
74 if (self.options.auth is not None):
75 self.authority = self.options.auth
76 elif hasattr(config,"SFI_AUTH"):
77 self.authority = config.SFI_AUTH
79 print "You need to set e.g. SFI_AUTH='plc.princeton' in %s"%config_file
85 if self.options.verbose :
86 print "Contacting Slice Manager at:", sm_url
87 print "Contacting Registry at:", reg_url
89 # Get key and certificate
90 key_file = self.get_key_file()
91 cert_file = self.get_cert_file(key_file)
92 self.key_file = key_file
93 self.cert_file = cert_file
94 # Establish connection to server(s)
95 self.slicemgr = GeniClient(sm_url, key_file, cert_file, self.options.protocol)
96 self.registry = GeniClient(reg_url, key_file, cert_file, self.options.protocol)
100 # Get various credential and spec files
102 # Establishes limiting conventions
103 # - conflates MAs and SAs
104 # - assumes last token in slice name is unique
106 # Bootstraps credentials
107 # - bootstrap user credential from self-signed certificate
108 # - bootstrap authority credential from user credential
109 # - bootstrap slice credential from user credential
112 def get_leaf(self,name):
113 parts = name.split(".")
116 def get_key_file(self):
117 file = os.path.join(self.options.sfi_dir, self.get_leaf(self.user) + ".pkey")
118 if (os.path.isfile(file)):
121 print "Key file", file, "does not exist"
125 def get_cert_file(self,key_file):
127 file = os.path.join(self.options.sfi_dir, self.get_leaf(self.user) + ".cert")
128 if (os.path.isfile(file)):
131 k = Keypair(filename = key_file)
132 cert = Certificate(subject=self.user)
134 cert.set_issuer(k, self.user)
136 if self.options.verbose :
137 print "Writing self-signed certificate to", file
138 cert.save_to_file(file)
141 def get_user_cred(self):
142 file = os.path.join(self.options.sfi_dir, self.get_leaf(self.user) + ".cred")
143 if (os.path.isfile(file)):
144 user_cred = Credential(filename=file)
147 # bootstrap user credential
148 user_cred = self.registry.get_credential(None, "user", self.user)
150 user_cred.save_to_file(file, save_parents=True)
151 if self.options.verbose:
152 print "Writing user credential to", file
155 print "Failed to get user credential"
158 def get_auth_cred(self):
160 if not self.authority:
161 print "no authority specified. Use -a or set SF_AUTH"
164 file = os.path.join(self.options.sfi_dir, self.get_leaf("authority") +".cred")
165 if (os.path.isfile(file)):
166 auth_cred = Credential(filename=file)
169 # bootstrap authority credential from user credential
170 user_cred = self.get_user_cred()
171 auth_cred = self.registry.get_credential(user_cred, "authority", self.authority)
173 auth_cred.save_to_file(file, save_parents=True)
174 if self.options.verbose:
175 print "Writing authority credential to", file
178 print "Failed to get authority credential"
181 def get_slice_cred(self,name):
182 file = os.path.join(self.options.sfi_dir, "slice_" + self.get_leaf(name) + ".cred")
183 if (os.path.isfile(file)):
184 slice_cred = Credential(filename=file)
187 # bootstrap slice credential from user credential
188 user_cred = self.get_user_cred()
189 slice_cred = self.registry.get_credential(user_cred, "slice", name)
191 slice_cred.save_to_file(file, save_parents=True)
192 if self.options.verbose:
193 print "Writing slice credential to", file
196 print "Failed to get slice credential"
199 def delegate_cred(self,cred, hrn, type = 'authority'):
200 # the gid and hrn of the object we are delegating
201 object_gid = cred.get_gid_object()
202 object_hrn = object_gid.get_hrn()
203 cred.set_delegate(True)
204 if not cred.get_delegate():
205 raise Exception, "Error: Object credential %(object_hrn)s does not have delegate bit set" % locals()
208 records = self.registry.resolve(cred, hrn)
209 records = self.filter_records(type, records)
212 raise Exception, "Error: Didn't find a %(type)s record for %(hrn)s" % locals()
214 # the gid of the user who will be delegated too
215 delegee_gid = records[0].get_gid_object()
216 delegee_hrn = delegee_gid.get_hrn()
218 # the key and hrn of the user who will be delegating
219 user_key = Keypair(filename = self.get_key_file())
220 user_hrn = cred.get_gid_caller().get_hrn()
222 dcred = Credential(subject=object_hrn + " delegated to " + delegee_hrn)
223 dcred.set_gid_caller(delegee_gid)
224 dcred.set_gid_object(object_gid)
225 dcred.set_privileges(cred.get_privileges())
226 dcred.set_delegate(True)
227 dcred.set_pubkey(object_gid.get_pubkey())
228 dcred.set_issuer(user_key, user_hrn)
229 dcred.set_parent(cred)
235 def get_rspec_file(self,rspec):
236 if (os.path.isabs(rspec)):
239 file = os.path.join(self.options.sfi_dir, rspec)
240 if (os.path.isfile(file)):
243 print "No such rspec file", rspec
246 def get_record_file(self,record):
247 if (os.path.isabs(record)):
250 file = os.path.join(self.options.sfi_dir, record)
251 if (os.path.isfile(file)):
254 print "No such registry record file", record
257 def load_publickey_string(self,fn):
259 key_string = f.read()
261 # if the filename is a private key file, then extract the public key
262 if "PRIVATE KEY" in key_string:
263 outfn = tempfile.mktemp()
264 cmd = "openssl rsa -in " + fn + " -pubout -outform PEM -out " + outfn
267 key_string = f.read()
272 # Generate sub-command parser
274 def create_cmd_parser(self,command, additional_cmdargs = None):
275 cmdargs = {"list": "name",
280 "aggregates": "[name]",
281 "registries": "[name]",
283 "resources": "[name]",
284 "create": "name rspec",
292 if additional_cmdargs:
293 cmdargs.update(additional_cmdargs)
295 if command not in cmdargs:
296 print "Invalid command\n"
298 for key in cmdargs.keys():
303 parser = OptionParser(usage="sfi [sfi_options] %s [options] %s" \
304 % (command, cmdargs[command]))
306 if command in ("resources"):
307 parser.add_option("-f", "--format", dest="format",type="choice",
308 help="display format ([xml]|dns|ip)",default="xml",
309 choices=("xml","dns","ip"))
310 parser.add_option("-a", "--aggregate", dest="aggregate",
311 default=None, help="aggregate hrn")
313 if command in ("create"):
314 parser.add_option("-a", "--aggregate", dest="aggregate",default=None,
315 help="aggregate hrn")
317 if command in ("list", "show", "remove"):
318 parser.add_option("-t", "--type", dest="type",type="choice",
319 help="type filter ([all]|user|slice|sa|ma|node|aggregate)",
320 choices=("all","user","slice","sa","ma","node","aggregate"),
323 if command in ("resources", "show", "list"):
324 parser.add_option("-o", "--output", dest="file",
325 help="output XML to file", metavar="FILE", default=None)
327 if command in ("show", "list"):
328 parser.add_option("-f", "--format", dest="format", type="choice",
329 help="display format ([text]|xml)",default="text",
330 choices=("text","xml"))
332 if command in ("delegate"):
333 parser.add_option("-u", "--user",
334 action="store_true", dest="delegate_user", default=False,
335 help="delegate user credential")
336 parser.add_option("-s", "--slice", dest="delegate_slice",
337 help="delegate slice credential", metavar="HRN", default=None)
340 def create_parser(self):
342 # Generate command line parser
343 parser = OptionParser(usage="sfi [options] command [command_options] [command_args]",
344 description="Commands: list,show,remove,add,update,nodes,slices,resources,create,delete,start,stop,reset")
345 parser.add_option("-r", "--registry", dest="registry",
346 help="root registry", metavar="URL", default=None)
347 parser.add_option("-s", "--slicemgr", dest="sm",
348 help="slice manager", metavar="URL", default=None)
349 default_sfi_dir=os.path.expanduser("~/.sfi/")
350 parser.add_option("-d", "--dir", dest="sfi_dir",
351 help="config & working directory - default is " + default_sfi_dir,
352 metavar="PATH", default = default_sfi_dir)
353 parser.add_option("-u", "--user", dest="user",
354 help="user name", metavar="HRN", default=None)
355 parser.add_option("-a", "--auth", dest="auth",
356 help="authority name", metavar="HRN", default=None)
357 parser.add_option("-v", "--verbose",
358 action="store_true", dest="verbose", default=False,
360 parser.add_option("-p", "--protocol",
361 dest="protocol", default="xmlrpc",
362 help="RPC protocol (xmlrpc or soap)")
363 parser.disable_interspersed_args()
367 def dispatch(self,command, cmd_opts, cmd_args):
368 getattr(self,command)(cmd_opts, cmd_args)
371 # Following functions implement the commands
373 # Registry-related commands
376 # list entires in named authority registry
377 def list(self,opts, args):
378 user_cred = self.get_user_cred()
380 list = self.registry.list(user_cred, args[0])
382 raise Exception, "Not enough parameters for the 'list' command"
384 # filter on person, slice, site, node, etc.
385 # THis really should be in the self.filter_records funct def comment...
386 list = self.filter_records(opts.type, list)
388 print "%s (%s)" % (record['hrn'], record['type'])
390 self.save_records_to_file(opts.file, list)
393 # show named registry record
394 def show(self,opts, args):
395 user_cred = self.get_user_cred()
396 records = self.registry.resolve(user_cred, args[0])
397 records = self.filter_records(opts.type, records)
399 print "No record of type", opts.type
400 for record in records:
401 if record['type'] in ['user']:
402 record = UserRecord(dict = record)
403 elif record['type'] in ['slice']:
404 record = SliceRecord(dict = record)
405 elif record['type'] in ['node']:
406 record = NodeRecord(dict = record)
407 elif record['type'] in ['authority', 'ma', 'sa']:
408 record = AuthorityRecord(dict = record)
410 record = GeniRecord(dict = record)
411 if (opts.format=="text"):
414 print record.save_to_string()
417 self.save_records_to_file(opts.file, records)
420 def delegate(self,opts, args):
421 user_cred = self.get_user_cred()
422 if opts.delegate_user:
423 object_cred = user_cred
424 elif opts.delegate_slice:
425 object_cred = self.get_slice_cred(opts.delegate_slice)
427 print "Must specify either --user or --slice <hrn>"
430 # the gid and hrn of the object we are delegating
431 object_gid = object_cred.get_gid_object()
432 object_hrn = object_gid.get_hrn()
434 if not object_cred.get_delegate():
435 print "Error: Object credential", object_hrn, "does not have delegate bit set"
438 records = self.registry.resolve(user_cred, args[0])
439 records = self.filter_records("user", records)
442 print "Error: Didn't find a user record for", args[0]
445 # the gid of the user who will be delegated too
446 delegee_gid = records[0].get_gid_object()
447 delegee_hrn = delegee_gid.get_hrn()
449 # the key and hrn of the user who will be delegating
450 user_key = Keypair(filename = self.get_key_file())
451 user_hrn = user_cred.get_gid_caller().get_hrn()
453 dcred = Credential(subject=object_hrn + " delegated to " + delegee_hrn)
454 dcred.set_gid_caller(delegee_gid)
455 dcred.set_gid_object(object_gid)
456 dcred.set_privileges(object_cred.get_privileges())
457 dcred.set_delegate(True)
458 dcred.set_pubkey(object_gid.get_pubkey())
459 dcred.set_issuer(user_key, user_hrn)
460 dcred.set_parent(object_cred)
464 if opts.delegate_user:
465 dest_fn = os.path.join(self.options.sfi_dir, self.get_leaf(delegee_hrn) + "_"
466 + self.get_leaf(object_hrn) + ".cred")
467 elif opts.delegate_slice:
468 dest_fn = os.path_join(self.options.sfi_dir, self.get_leaf(delegee_hrn) + "_slice_"
469 + self.get_leaf(object_hrn) + ".cred")
471 dcred.save_to_file(dest_fn, save_parents = True)
473 print "delegated credential for", object_hrn, "to", delegee_hrn, "and wrote to", dest_fn
475 # removed named registry record
476 # - have to first retrieve the record to be removed
477 def remove(self,opts, args):
478 auth_cred = self.get_auth_cred()
482 return self.registry.remove(auth_cred, type, args[0])
484 # add named registry record
485 def add(self,opts, args):
486 auth_cred = self.get_auth_cred()
487 rec_file = self.get_record_file(args[0])
488 record = self.load_record_from_file(rec_file)
490 return self.registry.register(auth_cred, record)
492 # update named registry entry
493 def update(self,opts, args):
494 user_cred = self.get_user_cred()
495 rec_file = self.get_record_file(args[0])
496 record = self.load_record_from_file(rec_file)
497 if record.get_type() == "user":
498 if record.get_name() == user_cred.get_gid_object().get_hrn():
501 cred = self.get_auth_cred()
502 elif record.get_type() in ["slice"]:
504 cred = self.get_slice_cred(record.get_name())
505 except ServerException, e:
506 # XXX smbaker -- once we have better error return codes, update this
507 # to do something better than a string compare
508 if "Permission error" in e.args[0]:
509 cred = self.get_auth_cred()
512 elif record.get_type() in ["authority"]:
513 cred = self.get_auth_cred()
514 elif record.get_type() == 'node':
515 cred = self.get_auth_cred()
517 raise "unknown record type" + record.get_type()
518 return self.registry.update(cred, record)
521 def aggregates(self, opts, args):
522 user_cred = self.get_user_cred()
527 result = self.registry.get_aggregates(user_cred, hrn)
528 self.display_list(result)
531 def registries(self, opts, args):
532 user_cred = self.get_user_cred()
537 result = self.registry.get_registries(user_cred, hrn)
538 self.display_list(result)
542 # Slice-related commands
545 # list available nodes -- use 'resources' w/ no argument instead
547 # list instantiated slices
548 def slices(self,opts, args):
549 user_cred = self.get_user_cred()
550 results = self.slicemgr.get_slices(user_cred)
551 self.display_list(results)
554 # show rspec for named slice
555 def resources(self,opts, args):
556 user_cred = self.get_user_cred()
557 server = self.slicemgr
559 aggregates = self.registry.get_aggregates(user_cred, opts.aggregate)
561 raise Exception, "No such aggregate %s" % opts.aggregate
562 aggregate = aggregates[0]
563 url = "http://%s:%s" % (aggregate['addr'], aggregate['port'])
564 server = GeniClient(url, self.key_file, self.cert_file, self.options.protocol)
566 slice_cred = self.get_slice_cred(args[0])
567 result = server.get_resources(slice_cred, args[0])
569 result = server.get_resources(user_cred)
572 self.display_rspec(result, format)
573 if (opts.file is not None):
574 self.save_rspec_to_file(result, opts.file)
577 # created named slice with given rspec
578 def create(self,opts, args):
580 user_cred = self.get_user_cred()
581 slice_cred = self.get_slice_cred(slice_hrn)
582 rspec_file = self.get_rspec_file(args[1])
583 rspec=open(rspec_file).read()
584 server = self.slicemgr
586 aggregates = self.registry.get_aggregates(user_cred, opts.aggregate)
588 raise Exception, "No such aggregate %s" % opts.aggregate
589 aggregate = aggregates[0]
590 url = "http://%s:%s" % (aggregate['addr'], aggregate['port'])
591 server = GeniClient(url, self.key_file, self.cert_file, self.options.protocol)
592 return server.create_slice(slice_cred, slice_hrn, rspec)
595 def delete(self,opts, args):
597 slice_cred = self.get_slice_cred(slice_hrn)
599 return self.slicemgr.delete_slice(slice_cred, slice_hrn)
602 def start(self,opts, args):
604 slice_cred = self.get_slice_cred(args[0])
605 return self.slicemgr.start_slice(slice_cred, slice_hrn)
608 def stop(self,opts, args):
610 slice_cred = self.get_slice_cred(args[0])
611 return self.slicemgr.stop_slice(slice_cred, slice_hrn)
614 def reset(self,opts, args):
616 slice_cred = self.get_slice_cred(args[0])
617 return self.slicemgr.reset_slice(slice_cred, slice_hrn)
621 # Display, Save, and Filter RSpecs and Records
622 # - to be replace by EMF-generated routines
626 def display_rspec(self,rspec, format = 'rspec'):
627 if format in ['dns']:
629 spec.parseString(rspec)
631 nodespecs = spec.getDictsByTagName('NodeSpec')
632 for nodespec in nodespecs:
633 if nodespec.has_key('name') and nodespec['name']:
634 if isinstance(nodespec['name'], ListType):
635 hostnames.extend(nodespec['name'])
636 elif isinstance(nodespec['name'], StringTypes):
637 hostnames.append(nodespec['name'])
639 elif format in ['ip']:
641 spec.parseString(rspec)
643 ifspecs = spec.getDictsByTagName('IfSpec')
644 for ifspec in ifspecs:
645 if ifspec.has_key('addr') and ifspec['addr']:
646 ips.append(ifspec['addr'])
654 def display_list(self,results):
655 for result in results:
658 def save_rspec_to_file(self,rspec, filename):
659 if not filename.startswith(os.sep):
660 filename = self.options.sfi_dir + filename
661 if not filename.endswith(".rspec"):
662 filename = filename + ".rspec"
664 f = open(filename, 'w')
669 def display_records(self,recordList, dump = False):
670 ''' Print all fields in the record'''
671 for record in recordList:
672 self.display_record(record, dump)
674 def display_record(self,record, dump = False):
678 info = record.getdict()
679 print "%s (%s)" % (info['hrn'], info['type'])
682 def filter_records(self,type, records):
683 filtered_records = []
684 for record in records:
685 if (record.get_type() == type) or (type == "all"):
686 filtered_records.append(record)
687 return filtered_records
689 def save_records_to_file(self,filename, recordList):
691 for record in recordList:
693 self.save_record_to_file(filename + "." + str(index), record)
695 self.save_record_to_file(filename, record)
698 def save_record_to_file(self,filename, record):
699 if not filename.startswith(os.sep):
700 filename = self.options.sfi_dir + filename
701 str = record.save_to_string()
702 file(filename, "w").write(str)
705 def load_record_from_file(self,filename):
706 str = file(filename, "r").read()
707 record = GeniRecord(string=str)
711 # Main: parse arguments and dispatch to command
715 parser = self.create_parser()
716 (options, args) = parser.parse_args()
717 self.options = options
720 print "No command given. Use -h for help."
724 (cmd_opts, cmd_args) = self.create_cmd_parser(command).parse_args(args[1:])
725 if self.options.verbose :
726 print "Registry %s, sm %s, dir %s, user %s, auth %s" % (options.registry,
731 print "Command %s" %command
732 if command in ("resources"):
733 print "resources cmd_opts %s" %cmd_opts.format
734 elif command in ("list","show","remove"):
735 print "cmd_opts.type %s" %cmd_opts.type
736 print "cmd_args %s" %cmd_args
741 self.dispatch(command, cmd_opts, cmd_args)
744 print "Command not found:", command
749 if __name__=="__main__":
git://git.onelab.eu / sfa.git / blob