from sfa.trust.certificate import Keypair, Certificate
from sfa.trust.credential import Credential
-
from sfa.util.geniclient import GeniClient
from sfa.util.record import *
-from sfa.util.rspec import Rspec
+from sfa.util.rspec import RSpec
from sfa.util.xmlrpcprotocol import ServerException
+import sfa.util.xmlrpcprotocol as xmlrpcprotocol
from sfa.util.config import Config
class Sfi:
# Get key and certificate
key_file = self.get_key_file()
cert_file = self.get_cert_file(key_file)
-
+ self.key = Keypair(filename=key_file)
+ self.key_file = key_file
+ self.cert_file = cert_file
+ self.cert = Certificate(filename=cert_file)
# Establish connection to server(s)
- self.slicemgr = GeniClient(sm_url, key_file, cert_file, self.options.protocol)
- self.registry = GeniClient(reg_url, key_file, cert_file, self.options.protocol)
+ #self.slicemgr = GeniClient(sm_url, key_file, cert_file, self.options.protocol)
+ #self.registry = GeniClient(reg_url, key_file, cert_file, self.options.protocol)
+ self.registry = xmlrpcprotocol.get_server(reg_url, key_file, cert_file)
+ self.slicemgr = xmlrpcprotocol.get_server(sm_url, key_file, cert_file)
return
#
print "Writing self-signed certificate to", file
cert.save_to_file(file)
return file
-
+
+ def get_gid(self):
+ file = os.path.join(self.options.sfi_dir, self.get_leaf(self.user) + ".gid")
+ if (os.path.isfile(file)):
+ gid = GID(filename=file)
+ return gid
+ else:
+ cert_str = self.cert.save_to_string(save_parents=True)
+ request_hash = self.key.compute_hash([cert_str, self.user, "user"])
+ gid_str = self.registry.get_gid(cert_str, self.user, "user", request_hash)
+ gid = GID(string=gid_str)
+ if self.options.verbose:
+ print "Writing user gid to", file
+ gid.save_to_file(file, save_parents=True)
+ return gid
+
def get_user_cred(self):
- file = os.path.join(self.options.sfi_dir, self.get_leaf(self.user) + ".cred")
- if (os.path.isfile(file)):
- user_cred = Credential(filename=file)
- return user_cred
- else:
- # bootstrap user credential
- user_cred = self.registry.get_credential(None, "user", self.user)
- if user_cred:
- user_cred.save_to_file(file, save_parents=True)
- if self.options.verbose:
- print "Writing user credential to", file
- return user_cred
- else:
- print "Failed to get user credential"
- sys.exit(-1)
+ file = os.path.join(self.options.sfi_dir, self.get_leaf(self.user) + ".cred")
+ if (os.path.isfile(file)):
+ user_cred = Credential(filename=file)
+ return user_cred
+ else:
+ # bootstrap user credential
+ cert_string = self.cert.save_to_string(save_parents=True)
+ request_hash = self.key.compute_hash([cert_string, "user", self.user])
+ user_cred = self.registry.get_self_credential(cert_string, "user", self.user, request_hash)
+ if user_cred:
+ cred = Credential(string=user_cred)
+ cred.save_to_file(file, save_parents=True)
+ if self.options.verbose:
+ print "Writing user credential to", file
+ return cred
+ else:
+ print "Failed to get user credential"
+ sys.exit(-1)
def get_auth_cred(self):
return auth_cred
else:
# bootstrap authority credential from user credential
- user_cred = self.get_user_cred()
- auth_cred = self.registry.get_credential(user_cred, "authority", self.authority)
+ user_cred = self.get_user_cred().save_to_string(save_parents=True)
+ request_hash = self.key.compute_hash([user_cred, "authority", self.authority])
+ auth_cred = self.registry.get_credential(user_cred, "authority", self.authority, request_hash)
if auth_cred:
- auth_cred.save_to_file(file, save_parents=True)
+ cred = Credential(string=auth_cred)
+ cred.save_to_file(file, save_parents=True)
if self.options.verbose:
print "Writing authority credential to", file
- return auth_cred
+ return cred
else:
print "Failed to get authority credential"
sys.exit(-1)
return slice_cred
else:
# bootstrap slice credential from user credential
- user_cred = self.get_user_cred()
- slice_cred = self.registry.get_credential(user_cred, "slice", name)
+ user_cred = self.get_user_cred().save_to_string(save_parents=True)
+ arg_list = [user_cred, "slice", name]
+ request_hash = self.key.compute_hash(arg_list)
+ slice_cred_str = self.registry.get_credential(user_cred, "slice", name, request_hash)
if slice_cred:
+ slice_cred = Credential(string=slice_cred_str)
slice_cred.save_to_file(file, save_parents=True)
if self.options.verbose:
print "Writing slice credential to", file
# Generate sub-command parser
#
def create_cmd_parser(self,command, additional_cmdargs = None):
- cmdargs = {"list": "name",
+ cmdargs = {"gid": "",
+ "list": "name",
"show": "name",
"remove": "name",
"add": "record",
"update": "record",
+ "aggregates": "[name]",
+ "registries": "[name]",
"slices": "",
"resources": "[name]",
"create": "name rspec",
parser.add_option("-f", "--format", dest="format",type="choice",
help="display format ([xml]|dns|ip)",default="xml",
choices=("xml","dns","ip"))
-
+ parser.add_option("-a", "--aggregate", dest="aggregate",
+ default=None, help="aggregate hrn")
+
+ if command in ("create"):
+ parser.add_option("-a", "--aggregate", dest="aggregate",default=None,
+ help="aggregate hrn")
+
if command in ("list", "show", "remove"):
parser.add_option("-t", "--type", dest="type",type="choice",
help="type filter ([all]|user|slice|sa|ma|node|aggregate)",
# Generate command line parser
parser = OptionParser(usage="sfi [options] command [command_options] [command_args]",
- description="Commands: list,show,remove,add,update,nodes,slices,resources,create,delete,start,stop,reset")
+ description="Commands: gid,list,show,remove,add,update,nodes,slices,resources,create,delete,start,stop,reset")
parser.add_option("-r", "--registry", dest="registry",
help="root registry", metavar="URL", default=None)
parser.add_option("-s", "--slicemgr", dest="sm",
#
# Registry-related commands
#
-
+
+ def gid(self, opts, args):
+ gid = self.get_gid()
+ print "GID: %s" % (gid.save_to_string(save_parents=True))
+ return
+
# list entires in named authority registry
def list(self,opts, args):
- user_cred = self.get_user_cred()
+ user_cred = self.get_user_cred().save_to_string(save_parents=True)
+ hrn = args[0]
+ request_hash = self.key.compute_hash([user_cred, hrn])
try:
- list = self.registry.list(user_cred, args[0])
+ list = self.registry.list(user_cred, hrn, request_hash)
except IndexError:
raise Exception, "Not enough parameters for the 'list' command"
# show named registry record
def show(self,opts, args):
- user_cred = self.get_user_cred()
- records = self.registry.resolve(user_cred, args[0])
+ user_cred = self.get_user_cred().save_to_string(save_parents=True)
+ hrn = args[0]
+ request_hash = self.key.compute_hash([user_cred, hrn])
+ records = self.registry.resolve(user_cred, hrn, request_hash)
records = self.filter_records(opts.type, records)
if not records:
print "No record of type", opts.type
dcred.sign()
if opts.delegate_user:
- dest_fn = os.path.join(self.sfi_dir, self.get_leaf(delegee_hrn) + "_"
+ dest_fn = os.path.join(self.options.sfi_dir, self.get_leaf(delegee_hrn) + "_"
+ self.get_leaf(object_hrn) + ".cred")
elif opts.delegate_slice:
- dest_fn = os.path_join(self.sfi_dir, self.get_leaf(delegee_hrn) + "_slice_"
+ dest_fn = os.path_join(self.options.sfi_dir, self.get_leaf(delegee_hrn) + "_slice_"
+ self.get_leaf(object_hrn) + ".cred")
dcred.save_to_file(dest_fn, save_parents = True)
# removed named registry record
# - have to first retrieve the record to be removed
def remove(self,opts, args):
- auth_cred = self.get_auth_cred()
- return self.registry.remove(auth_cred, opts.type, args[0])
+ auth_cred = self.get_auth_cred().save_to_string(save_parents=True)
+ hrn = args[0]
+ type = opts.type
+ if type in ['all']:
+ type = '*'
+ arg_list = [auth_cred, type, hrn]
+ request_hash = self.key.compute_hash(arg_list)
+ return self.registry.remove(auth_cred, type, hrn, request_hash)
# add named registry record
def add(self,opts, args):
- auth_cred = self.get_auth_cred()
- rec_file = self.get_record_file(args[0])
- record = self.load_record_from_file(rec_file)
-
- return self.registry.register(auth_cred, record)
+ auth_cred = self.get_auth_cred().save_to_string(save_parents=True)
+ record_filepath = args[0]
+ rec_file = self.get_record_file(record_filepath)
+ record = self.load_record_from_file(rec_file).as_dict()
+ arg_list = [auth_cred]
+ request_hash = self.key.compute_hash(arg_list)
+ return self.registry.register(auth_cred, record, request_hash)
# update named registry entry
def update(self,opts, args):
user_cred = self.get_user_cred()
rec_file = self.get_record_file(args[0])
record = self.load_record_from_file(rec_file)
- if record.get_type() == "user":
+ if record['type'] == "user":
if record.get_name() == user_cred.get_gid_object().get_hrn():
- cred = user_cred
+ cred = user_cred.save_to_string(save_parents=True)
else:
- cred = self.get_auth_cred()
- elif record.get_type() in ["slice"]:
+ cred = self.get_auth_cred().save_to_string(save_parents=True)
+ elif record['type'] in ["slice"]:
try:
- cred = self.get_slice_cred(record.get_name())
+ cred = self.get_slice_cred(record.get_name()).save_to_string(save_parents=True)
except ServerException, e:
# XXX smbaker -- once we have better error return codes, update this
# to do something better than a string compare
if "Permission error" in e.args[0]:
- cred = self.get_auth_cred()
+ cred = self.get_auth_cred().save_to_string(save_parents=True)
else:
raise
elif record.get_type() in ["authority"]:
- cred = self.get_auth_cred()
+ cred = self.get_auth_cred().save_to_string(save_parents=True)
elif record.get_type() == 'node':
- cred = self.get_auth_cred()
+ cred = self.get_auth_cred().save_to_string(save_parents=True)
else:
raise "unknown record type" + record.get_type()
- return self.registry.update(cred, record)
-
+ record = record.as_dict()
+ arg_list = [cred]
+ request_hash = self.key.compute_hash(arg_list)
+ return self.registry.update(cred, record, request_hash)
+
+
+ def aggregates(self, opts, args):
+ user_cred = self.get_user_cred().save_to_string(save_parents=True)
+ hrn = None
+ if args:
+ hrn = args[0]
+ arg_list = [user_cred, hrn]
+ request_hash = self.key.compute_hash(arg_list)
+ result = self.registry.get_aggregates(user_cred, hrn, request_hash)
+ self.display_list(result)
+ return
+
+ def registries(self, opts, args):
+ user_cred = self.get_user_cred().save_to_string(save_parents=True)
+ hrn = None
+ if args:
+ hrn = args[0]
+ arg_list = [user_cred, hrn]
+ request_hash = self.key.compute_hash(arg_list)
+ result = self.registry.get_registries(user_cred, hrn, request_hash)
+ self.display_list(result)
+ return
+
#
# Slice-related commands
#
# list instantiated slices
def slices(self,opts, args):
- user_cred = self.get_user_cred()
- results = self.slicemgr.get_slices(user_cred)
- self.display_list(results)
- return
+ user_cred = self.get_user_cred().save_to_string(save_parents=True)
+ arg_list = [user_cred]
+ request_hash = self.key.compute_hash(arg_list)
+ results = self.slicemgr.get_slices(user_cred, request_hash)
+ self.display_list(results)
+ return
# show rspec for named slice
def resources(self,opts, args):
- if args:
- slice_cred = self.get_slice_cred(args[0])
- result = self.slicemgr.get_resources(slice_cred, args[0])
- else:
- user_cred = self.get_user_cred()
- result = self.slicemgr.get_resources(user_cred)
- format = opts.format
- self.display_rspec(result, format)
- if (opts.file is not None):
- self.save_rspec_to_file(result, opts.file)
- return
+ user_cred = self.get_user_cred().save_to_string(save_parents=True)
+ server = self.slicemgr
+ if opts.aggregate:
+ agg_hrn = opts.aggregate
+ arg_list = [user_cred, arg_hrn]
+ request_hash = self.key.compute_hash(arg_list)
+ aggregates = self.registry.get_aggregates(user_cred, agg_hrn, request_hash)
+ if not aggregates:
+ raise Exception, "No such aggregate %s" % agg_hrn
+ aggregate = aggregates[0]
+ url = "http://%s:%s" % (aggregate['addr'], aggregate['port'])
+ server = xmlrpcprotocol.get_server(url, self.key_file, self.cert_file)
+ if args:
+ cred = self.get_slice_cred(args[0]).save_to_string(save_parents=True)
+ hrn = args[0]
+ else:
+ cred = user_cred
+ hrn = None
+
+ arg_list = [cred, hrn]
+ request_hash = self.key.compute_hash(arg_list)
+ result = server.get_resources(cred, hrn, request_hash)
+ format = opts.format
+
+ self.display_rspec(result, format)
+ if (opts.file is not None):
+ self.save_rspec_to_file(result, opts.file)
+ return
# created named slice with given rspec
def create(self,opts, args):
slice_hrn = args[0]
- slice_cred = self.get_slice_cred(slice_hrn)
+ user_cred = self.get_user_cred()
+ slice_cred = self.get_slice_cred(slice_hrn).save_to_string(save_parents=True)
rspec_file = self.get_rspec_file(args[1])
rspec=open(rspec_file).read()
- return self.slicemgr.create_slice(slice_cred, slice_hrn, rspec)
+ server = self.slicemgr
+ if opts.aggregate:
+ aggregates = self.registry.get_aggregates(user_cred, opts.aggregate)
+ if not aggregates:
+ raise Exception, "No such aggregate %s" % opts.aggregate
+ aggregate = aggregates[0]
+ url = "http://%s:%s" % (aggregate['addr'], aggregate['port'])
+ server = GeniClient(url, self.key_file, self.cert_file, self.options.protocol)
+ arg_list = [slice_cred, slice_hrn, rspec]
+ request_hash = self.key.compute_hash(arg_list)
+ return server.create_slice(slice_cred, slice_hrn, rspec, request_hash)
# delete named slice
def delete(self,opts, args):
- slice_hrn = args[0]
- slice_cred = self.get_slice_cred(slice_hrn)
-
- return self.slicemgr.delete_slice(slice_cred, slice_hrn)
+ slice_hrn = args[0]
+ slice_cred = self.get_slice_cred(slice_hrn).save_to_string(save_parents=True)
+ arg_list = [slice_cred, slice_hrn]
+ request_hash = self.key.compute_hash(arg_list)
+ return self.slicemgr.delete_slice(slice_cred, slice_hrn, request_hash)
# start named slice
def start(self,opts, args):
- slice_hrn = args[0]
- slice_cred = self.get_slice_cred(args[0])
- return self.slicemgr.start_slice(slice_cred, slice_hrn)
+ slice_hrn = args[0]
+ slice_cred = self.get_slice_cred(args[0])
+ arg_list = [slice_cred, slice_hrn]
+ request_hash = self.key.compute_hash(arg_list)
+ return self.slicemgr.start_slice(slice_cred, slice_hrn, request_hash)
# stop named slice
def stop(self,opts, args):
- slice_hrn = args[0]
- slice_cred = self.get_slice_cred(args[0])
- return self.slicemgr.stop_slice(slice_cred, slice_hrn)
+ slice_hrn = args[0]
+ slice_cred = self.get_slice_cred(args[0]).save_to_string(save_parents=True)
+ arg_list = [slice_cred, slice_hrn]
+ request_hash = self.key.compute_hash(arg_list)
+ return self.slicemgr.stop_slice(slice_cred, slice_hrn, request_hash)
# reset named slice
def reset(self,opts, args):
- slice_hrn = args[0]
- slice_cred = self.get_slice_cred(args[0])
- return self.slicemgr.reset_slice(slice_cred, slice_hrn)
+ slice_hrn = args[0]
+ slice_cred = self.get_slice_cred(args[0]).save_to_string(save_parents=True)
+ arg_list = [slice_cred, slice_hrn]
+ request_hash = self.key.compute_hash(arg_list)
+ return self.slicemgr.reset_slice(slice_cred, slice_hrn, request_hash)
#
#
def display_rspec(self,rspec, format = 'rspec'):
if format in ['dns']:
- spec = Rspec()
+ spec = RSpec()
spec.parseString(rspec)
hostnames = []
nodespecs = spec.getDictsByTagName('NodeSpec')
hostnames.append(nodespec['name'])
result = hostnames
elif format in ['ip']:
- spec = Rspec()
+ spec = RSpec()
spec.parseString(rspec)
ips = []
ifspecs = spec.getDictsByTagName('IfSpec')
def save_rspec_to_file(self,rspec, filename):
if not filename.startswith(os.sep):
- filename = self.sfi_dir + filename
+ filename = self.options.sfi_dir + filename
if not filename.endswith(".rspec"):
filename = filename + ".rspec"
def filter_records(self,type, records):
filtered_records = []
for record in records:
- if (record.get_type() == type) or (type == "all"):
+ if (record['type'] == type) or (type == "all"):
filtered_records.append(record)
return filtered_records
index = index + 1
def save_record_to_file(self,filename, record):
+ if record['type'] in ['user']:
+ record = UserRecord(dict = record)
+ elif record['type'] in ['slice']:
+ record = SliceRecord(dict = record)
+ elif record['type'] in ['node']:
+ record = NodeRecord(dict = record)
+ elif record['type'] in ['authority', 'ma', 'sa']:
+ record = AuthorityRecord(dict = record)
+ else:
+ record = GeniRecord(dict = record)
if not filename.startswith(os.sep):
- filename = self.sfi_dir + filename
+ filename = self.options.sfi_dir + filename
str = record.save_to_string()
file(filename, "w").write(str)
return
# Main: parse arguments and dispatch to command
#
def main(self):
-
parser = self.create_parser()
(options, args) = parser.parse_args()
self.options = options