import os
import tempfile
from optparse import OptionParser
+
+from sfa.util.faults import ConnectionKeyGIDMismatch
from sfa.util.config import Config
-import sfa.util.xmlrpcprotocol as xmlrpcprotocol
-import sfa.util.misc as misc
+from sfa.client.sfaserverproxy import SfaServerProxy
+from sfa.util.plxrn import hrn_to_pl_slicename, slicename_to_hrn
+
from sfa.trust.certificate import Keypair, Certificate
from sfa.trust.credential import Credential
from sfa.trust.gid import GID
from sfa.trust.hierarchy import Hierarchy
-def get_server(url=None, port=None, keyfile=None, certfile=None,verbose=False):
+KEYDIR = "/var/lib/sfa/"
+CONFDIR = "/etc/sfa/"
+
+def handle_gid_mismatch_exception(f):
+ def wrapper(*args, **kwds):
+ try: return f(*args, **kwds)
+ except ConnectionKeyGIDMismatch:
+ # clean regen server keypair and try again
+ print "cleaning keys and trying again"
+ clean_key_cred()
+ return f(args, kwds)
+
+ return wrapper
+
+def server_proxy(url=None, port=None, keyfile=None, certfile=None,verbose=False):
"""
returns an xmlrpc connection to the service a the specified
address
if verbose:
print "Contacting registry at: %(url)s" % locals()
- server = xmlrpcprotocol.get_server(url, keyfile, certfile)
+ server = SfaServerProxy(url, keyfile, certfile)
return server
for dir in all_dirs:
if not os.path.exists(dir):
os.makedirs(dir)
+
+def has_node_key():
+ key_file = KEYDIR + os.sep + 'server.key'
+ return os.path.exists(key_file)
+
+def clean_key_cred():
+ """
+ remove the existing keypair and cred and generate new ones
+ """
+ files = ["server.key", "server.cert", "node.cred"]
+ for f in files:
+ filepath = KEYDIR + os.sep + f
+ if os.path.isfile(filepath):
+ os.unlink(f)
+
+ # install the new key pair
+ # GetCredential will take care of generating the new keypair
+ # and credential
+ GetCredential()
+
def get_node_key(registry=None, verbose=False):
# this call requires no authentication,
# so we can generate a random keypair here
subject="component"
- keyfile = tempfile.mktemp()
- certfile = tempfile.mktemp()
+ (kfd, keyfile) = tempfile.mkstemp()
+ (cfd, certfile) = tempfile.mkstemp()
key = Keypair(create=True)
key.save_to_file(keyfile)
cert = Certificate(subject=subject)
cert.sign()
cert.save_to_file(certfile)
- registry = get_server(url = registry, keyfile=keyfile, certfile=certfile)
- registry.get_key()
+ registry = server_proxy(url = registry, keyfile=keyfile, certfile=certfile)
+ registry.get_key_from_incoming_ip()
def create_server_keypair(keyfile=None, certfile=None, hrn="component", verbose=False):
"""
cert.set_pubkey(key)
cert.sign()
cert.save_to_file(certfile, save_parents=True)
-
-def get_credential(registry=None, force=False, verbose=False):
+
+@handle_gid_mismatch_exception
+def GetCredential(registry=None, force=False, verbose=False):
config = Config()
hierarchy = Hierarchy()
key_dir= hierarchy.basedir
create_server_keypair(keyfile, certfile, hrn, verbose)
# get credential from registry
- registry = get_server(url=registry, keyfile=keyfile, certfile=certfile)
+ registry = server_proxy(url=registry, keyfile=keyfile, certfile=certfile)
cert = Certificate(filename=certfile)
cert_str = cert.save_to_string(save_parents=True)
- cred = registry.get_self_credential(cert_str, 'node', hrn)
+ cred = registry.GetSelfCredential(cert_str, 'node', hrn)
Credential(string=cred).save_to_file(credfile, save_parents=True)
return cred
+@handle_gid_mismatch_exception
def get_trusted_certs(registry=None, verbose=False):
"""
refresh our list of trusted certs.
node_gid = GID(filename=node_gid_file)
hrn = node_gid.get_hrn()
# get credential
- cred = get_credential(registry=registry, verbose=verbose)
+ cred = GetCredential(registry=registry, verbose=verbose)
# make sure server key cert pair exists
create_server_keypair(keyfile=keyfile, certfile=certfile, hrn=hrn, verbose=verbose)
- registry = get_server(url=registry, keyfile=keyfile, certfile=certfile)
+ registry = server_proxy(url=registry, keyfile=keyfile, certfile=certfile)
# get the trusted certs and save them in the right place
if verbose:
print "Getting trusted certs from registry"
print "Removing old gid ", gid_name
os.unlink(trusted_certs_dir + os.sep + gid_name)
+@handle_gid_mismatch_exception
def get_gids(registry=None, verbose=False):
"""
Get the gid for all instantiated slices on this node and store it
hrn = node_gid.get_hrn()
interface_hrn = config.SFA_INTERFACE_HRN
# get credential
- cred = get_credential(registry=registry, verbose=verbose)
+ cred = GetCredential(registry=registry, verbose=verbose)
# make sure server key cert pair exists
create_server_keypair(keyfile=keyfile, certfile=certfile, hrn=hrn, verbose=verbose)
- registry = get_server(url=registry, keyfile=keyfile, certfile=certfile)
+ registry = server_proxy(url=registry, keyfile=keyfile, certfile=certfile)
if verbose:
print "Getting current slices on this node"
# get a list of slices on this node
- from sfa.plc.api import ComponentAPI
- api = ComponentAPI()
- slicenames = api.nodemanager.GetXIDs().keys()
- hrns = [misc.slicename_to_hrn(interface_hrn, slicename) for slicename in slicenames]
-
+ from sfa.generic import Generic
+ generic=Generic.the_flavour()
+ api = generic.make_api(interface='component')
+ xids_tuple = api.driver.nodemanager.GetXIDs()
+ slices = eval(xids_tuple[1])
+ slicenames = slices.keys()
+ # generate a list of slices that dont have gids installed
+ slices_without_gids = []
+ for slicename in slicenames:
+ if not os.path.isfile("/vservers/%s/etc/slice.gid" % slicename) \
+ or not os.path.isfile("/vservers/%s/etc/node.gid" % slicename):
+ slices_without_gids.append(slicename)
+
+ # convert slicenames to hrns
+ hrns = [slicename_to_hrn(interface_hrn, slicename) \
+ for slicename in slices_without_gids]
+
+ # exit if there are no gids to install
+ if not hrns:
+ return
+
if verbose:
print "Getting gids for slices on this node from registry"
# get the gids
# and save them in the right palce
- records = registry.get_gids(cred, hrns)
+ records = registry.GetGids(hrns, cred)
for record in records:
# if this isnt a slice record skip it
if not record['type'] == 'slice':
continue
- slicename = misc.hrn_to_pl_slicename(record['hrn'])
+ slicename = hrn_to_pl_slicename(record['hrn'])
# if this slice isnt really instatiated skip it
if not os.path.exists("/vservers/%(slicename)s" % locals()):
continue
git://git.onelab.eu / sfa.git / blobdiff