#!/usr/bin/python
#
-### $Id$
-### $URL$
-#
# SFA PLC Wrapper
#
# This wrapper implements the SFA Registry and Slice Interfaces on PLC.
##
# TCP ports for the three servers
-registry_port=12345
-aggregate_port=12346
-slicemgr_port=12347
+#registry_port=12345
+#aggregate_port=12346
+#slicemgr_port=12347
+### xxx todo not in the config yet
component_port=12346
-
import os, os.path
+import traceback
import sys
from optparse import OptionParser
+
+from sfa.util.sfalogging import logger
from sfa.trust.trustedroot import TrustedRootList
from sfa.trust.certificate import Keypair, Certificate
from sfa.trust.hierarchy import Hierarchy
+from sfa.trust.gid import GID
from sfa.util.config import Config
-from sfa.util.report import trace
from sfa.plc.api import SfaAPI
from sfa.server.registry import Registries
from sfa.server.aggregate import Aggregates
+
# after http://www.erlenstar.demon.co.uk/unix/faq_2.html
def daemon():
"""Daemonize the current process."""
devnull = os.open(os.devnull, os.O_RDWR)
os.dup2(devnull, 0)
# xxx fixme - this is just to make sure that nothing gets stupidly lost - should use devnull
- crashlog = os.open('/var/log/sfa.daemon', os.O_RDWR | os.O_APPEND | os.O_CREAT, 0644)
+ crashlog = os.open('/var/log/httpd/sfa_access_log', os.O_RDWR | os.O_APPEND | os.O_CREAT, 0644)
os.dup2(crashlog, 1)
os.dup2(crashlog, 2)
def init_server_key(server_key_file, server_cert_file, config, hierarchy):
- subject = config.SFA_INTERFACE_HRN
+ hrn = config.SFA_INTERFACE_HRN.lower()
# check if the server's private key exists. If it doesnt,
# get the right one from the authorities directory. If it cant be
# found in the authorities directory, generate a random one
if not os.path.exists(key_file):
# if it doesnt exist then this is probably a fresh interface
# with no records. Generate a random keypair for now
- trace("server's public key not found in %s" % key_file)
- trace("generating a random server key pair")
+ logger.debug("server's public key not found in %s" % key_file)
+
+ logger.debug("generating a random server key pair")
key = Keypair(create=True)
key.save_to_file(server_key_file)
- cert = Certificate(subject=subject)
- cert.set_issuer(key=key, subject=subject)
- cert.set_pubkey(key)
- cert.sign()
- cert.save_to_file(server_cert_file, save_parents=True)
+ init_server_cert(hrn, key, server_cert_file, self_signed=True)
else:
# the pkey was found in the authorites directory. lets
# the cert
key = Keypair(filename=key_file)
key.save_to_file(server_key_file)
- cert = Certificate(subject=subject)
- cert.set_issuer(key=key, subject=subject)
- cert.set_pubkey(key)
- cert.sign()
- cert.save_to_file(server_cert_file, save_parents=True)
-
+ init_server_cert(hrn, key, server_cert_file)
# If private key exists and cert doesnt, recreate cert
if (os.path.exists(server_key_file)) and (not os.path.exists(server_cert_file)):
key = Keypair(filename=server_key_file)
- cert = Certificate(subject=subject)
- cert.set_issuer(key=key, subject=subject)
- cert.set_pubkey(key)
- cert.sign()
- cert.save_to_file(server_cert_file)
+ init_server_cert(hrn, key, server_cert_file)
+
+
+def init_server_cert(hrn, key, server_cert_file, self_signed=False):
+ """
+ Setup the certificate for this server. Attempt to use gid before
+ creating a self signed cert
+ """
+ if self_signed:
+ init_self_signed_cert(hrn, key, server_cert_file)
+ else:
+ try:
+ # look for gid file
+ logger.debug("generating server cert from gid: %s"% hrn)
+ hierarchy = Hierarchy()
+ auth_info = hierarchy.get_auth_info(hrn)
+ gid = GID(filename=auth_info.gid_filename)
+ gid.save_to_file(filename=server_cert_file)
+ except:
+ # fall back to self signed cert
+ logger.debug("gid for %s not found" % hrn)
+ init_self_signed_cert(hrn, key, server_cert_file)
+
+def init_self_signed_cert(hrn, key, server_cert_file):
+ logger.debug("generating self signed cert")
+ # generate self signed certificate
+ cert = Certificate(subject=hrn)
+ cert.set_issuer(key=key, subject=hrn)
+ cert.set_pubkey(key)
+ cert.sign()
+ cert.save_to_file(server_cert_file)
def init_server(options, config):
"""
Execute the init method defined in the manager file
"""
+ def init_manager(manager_module, manager_base):
+ try: manager = __import__(manager_module, fromlist=[manager_base])
+ except: manager = None
+ if manager and hasattr(manager, 'init_server'):
+ manager.init_server()
+
manager_base = 'sfa.managers'
if options.registry:
mgr_type = config.SFA_REGISTRY_TYPE
manager_module = manager_base + ".registry_manager_%s" % mgr_type
- try: manager = __import__(manager_module, fromlist=[manager_base])
- except: manager = None
- if manager and hasattr(manager, 'init_server'):
- manager.init_server()
+ init_manager(manager_module, manager_base)
if options.am:
mgr_type = config.SFA_AGGREGATE_TYPE
manager_module = manager_base + ".aggregate_manager_%s" % mgr_type
- try: manager = __import__(manager_module, fromlist=[manager_base])
- except: manager = None
- if manager and hasattr(manager, 'init_server'):
- manager.init_server()
+ init_manager(manager_module, manager_base)
if options.sm:
mgr_type = config.SFA_SM_TYPE
manager_module = manager_base + ".slice_manager_%s" % mgr_type
- try: manager = __import__(manager_module, fromlist=[manager_base])
- except: manager = None
- if manager and hasattr(manager, 'init_server'):
- manager.init_server()
+ init_manager(manager_module, manager_base)
if options.cm:
mgr_type = config.SFA_CM_TYPE
manager_module = manager_base + ".component_manager_%s" % mgr_type
- try: manager = __import__(manager_module, fromlist=[manager_base])
- except: manager = None
- if manager and hasattr(manager, 'init_server'):
- manager.init_server()
-
+ init_manager(manager_module, manager_base)
-def sync_interfaces():
+def sync_interfaces(server_key_file, server_cert_file):
"""
Attempt to install missing trusted gids and db records for
our federated interfaces
"""
- api = SfaAPI()
+ api = SfaAPI(key_file = server_key_file, cert_file = server_cert_file)
registries = Registries(api)
aggregates = Aggregates(api)
registries.sync_interfaces()
aggregates.sync_interfaces()
def main():
- # xxx get rid of globals - name consistently CamelCase or under_score
- global AuthHierarchy
- global TrustedRoots
- global registry_port
- global aggregate_port
- global slicemgr_port
-
# Generate command line parser
parser = OptionParser(usage="sfa-server [options]")
parser.add_option("-r", "--registry", dest="registry", action="store_true",
help="run aggregate manager", default=False)
parser.add_option("-c", "--component", dest="cm", action="store_true",
help="run component server", default=False)
- parser.add_option("-v", "--verbose", dest="verbose", action="store_true",
- help="verbose mode", default=False)
+ parser.add_option("-v", "--verbose", action="count", dest="verbose", default=0,
+ help="verbose mode - cumulative")
parser.add_option("-d", "--daemon", dest="daemon", action="store_true",
help="Run as daemon.", default=False)
(options, args) = parser.parse_args()
- if (options.daemon): daemon()
-
config = Config()
+ if config.SFA_API_DEBUG: pass
hierarchy = Hierarchy()
server_key_file = os.path.join(hierarchy.basedir, "server.key")
server_cert_file = os.path.join(hierarchy.basedir, "server.cert")
init_server_key(server_key_file, server_cert_file, config, hierarchy)
init_server(options, config)
- sync_interfaces()
+ sync_interfaces(server_key_file, server_cert_file)
+ if (options.daemon): daemon()
# start registry server
if (options.registry):
from sfa.server.registry import Registry
- r = Registry("", registry_port, server_key_file, server_cert_file)
+ r = Registry("", config.SFA_REGISTRY_PORT, server_key_file, server_cert_file)
r.start()
- # start aggregate manager
if (options.am):
from sfa.server.aggregate import Aggregate
- a = Aggregate("", aggregate_port, server_key_file, server_cert_file)
+ a = Aggregate("", config.SFA_AGGREGATE_PORT, server_key_file, server_cert_file)
a.start()
# start slice manager
if (options.sm):
from sfa.server.slicemgr import SliceMgr
- s = SliceMgr("", slicemgr_port, server_key_file, server_cert_file)
+ s = SliceMgr("", config.SFA_SM_PORT, server_key_file, server_cert_file)
s.start()
if (options.cm):
from sfa.server.component import Component
- c = Component("", component_port, server_key_file, server_cert_file)
+ c = Component("", config.component_port, server_key_file, server_cert_file)
+# c = Component("", config.SFA_COMPONENT_PORT, server_key_file, server_cert_file)
c.start()
if __name__ == "__main__":
- main()
+ try:
+ main()
+ except:
+ logger.log_exc_critical("SFA server is exiting")