+++ /dev/null
-#!/usr/bin/python
-import os
-import sys
-import socket
-sys.path.append('/usr/share/plc_api')
-from sfa.util.config import Config as SfaConfig
-from PLC.Config import Config as PlcConfig
-
-sfa_config = SfaConfig()
-plc_config = PlcConfig()
-default_host = socket.gethostbyname(socket.gethostname())
-all_vars = ['SFA_CONFIG_DIR', 'SFA_DATA_DIR', 'SFA_INTERFACE_HRN',
- 'SFA_CM_SLICE_PREFIX', 'SFA_REGISTRY_HOST', 'SFA_REGISTRY_PORT',
- 'SFA_AGGREGATE_HOST', 'SFA_AGGREGATE_PORT',
- 'SFA_CM_ENABLED', 'SFA_CM_HOST', 'SFA_CM_PORT', 'SFA_CM_TYPE', 'SFA_CM_SLICE_PREFIX',
- 'SFA_API_LOGLEVEL']
-
-defaults = {
- 'SFA_CM_ENABLED': '1',
- 'SFA_CM_HOST': 'localhost',
- 'SFA_CM_PORT': '12346',
- 'SFA_CM_SLICE_PREFIX': plc_config.PLC_SLICE_PREFIX,
- 'SFA_CM_TYPE': 'pl',
- 'SFA_API_LOGLEVEL': '0'
-}
-
-host_defaults = {
- 'SFA_REGISTRY_HOST': default_host,
- 'SFA_AGGREGATE_HOST': default_host,
-}
-
-const_dict = {}
-for key in all_vars:
- value = ""
-
- if key in defaults:
- value = defaults[key]
- elif hasattr(sfa_config, key):
- value = getattr(sfa_config, key)
- # sfa_config may specify localhost instead of a resolvalbe host or ip
- # if so replace this with the host's address
- if key in host_defaults and value in ['localhost', '127.0.0.1']:
- value = host_defaults[key]
- const_dict[key] = value
-
-filename = sfa_config.config_path + os.sep + 'sfa_component_config'
-conffile = open(filename, 'w')
-format = '%s="%s"\n'
-
-for var in all_vars:
- conffile.write(format % (var, const_dict[var]))
-
-conffile.close()
+++ /dev/null
-# SFA Config file for the Component Manager
-#
-
-# HRN
-# Human readable name for this interface
-SFA_INTERFACE_HRN="plc"
-
-# loglevel
-# How deep are we logging (0|1|2)
-SFA_API_LOGLEVEL=1
-
-## ============================================================
-# Registry Configuration
-#
-# Enabled
-# Enable the registry interface
-SFA_REGISTRY_ENABLED=0
-
-# Root Auth
-# The hrn of the registry's root auth
-SFA_REGISTRY_ROOT_AUTH="plc"
-
-# Level1 Auth
-# The hrn of the registry's level1 auth (sub authority)
-# The full name of this interface (only secify if this
-# interface is a sub authority)
-# xxx could be determined from hrn above
-SFA_REGISTRY_LEVEL1_AUTH=""
-
-SFA_GENERIC_FLAVOUR='pl'
-
-# Hostname
-# The fully qualified hostname of the registry server
-SFA_REGISTRY_HOST="localhost"
-
-# Port
-# SFA registry port
-SFA_REGISTRY_PORT=12345
-
-## ==============================================================
-## Aggregate Configuration
-##
-## Enable aggregate inteface
-## Enable the aggregate inteface.
-SFA_AGGREGATE_ENABLED=0
-
-#
-#
-## Hostname
-## The fully qualified hostname of the aggregate server
-SFA_AGGREGATE_HOST="localhost"
-#
-## Port
-## SFA aggregate server port
-SFA_AGGREGATE_PORT=12346
-
-## ===============================================================
-# Component Manager Configuration
-#
-# Enabled
-## Enable the slice manager
-SFA_CM_ENABLED=1
-
-# Component Manager type
-#
-# The type of backend server for this component manager
-SFA_CM_TYPE='pl'
-#
-# Host
-## The fully qualified hostname or IP address of the slice manager server
-SFA_CM_HOST="localhost"
-#
-# Port
-# SFA slice manager server port
-SFA_CM_PORT=12346
-
-
-# Directory internal data gets stored
-SFA_CONFIG_DIR="/etc/sfa"
-
-# Directory internal data gets stored
-SFA_DATA_DIR="/var/lib/sfa"
pythondoc.py ../sfa/util/certificate.py ../sfa/util/credential.py ../sfa/util/gid.py \
../sfa/util/rights.py ../sfa/util/config.py ../sfa/trust/hierarchy.py \
../sfa/util/record.py ../sfa/util/client.py \
- ../sfa/server/sfaserver.py
+ ../sfa/server/sfaserver.py
pythondoc.py ../sfa/registry/registry.py ../sfa/registry/import.py \
../sfa/registry/nuke.py
-
- pythondoc.py ../component/component.py
+++ /dev/null
-<!DOCTYPE html PUBLIC '-//W3C//DTD XHTML 1.0 Strict//EN' 'http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd'>
-<html>
-<head>
-<meta http-equiv='Content-Type' content='text/html; charset=us-ascii' />
-<title>The component Module</title>
-</head>
-<body>
-<h1>The component Module</h1>
-<p>Geni Component Wrapper
-
-This wrapper implements the Geni Component Interface</p>
-<dl>
-<dt><b>ComponentManager(ip, port, key_file, cert_file)</b> (class) [<a href='#component.ComponentManager-class'>#</a>]</dt>
-<dd>
-<p>ComponentManager is a GeniServer that serves component interface requests.</p>
-<p>For more information about this class, see <a href='#component.ComponentManager-class'><i>The ComponentManager Class</i></a>.</p>
-</dd>
-</dl>
-<h2><a id='component.ComponentManager-class' name='component.ComponentManager-class'>The ComponentManager Class</a></h2>
-<dl>
-<dt><b>ComponentManager(ip, port, key_file, cert_file)</b> (class) [<a href='#component.ComponentManager-class'>#</a>]</dt>
-<dd>
-<p>ComponentManager is a GeniServer that serves component interface requests.</p>
-</dd>
-<dt><a id='component.ComponentManager.decode_ticket-method' name='component.ComponentManager.decode_ticket-method'><b>decode_ticket(ticket_string)</b></a> [<a href='#component.ComponentManager.decode_ticket-method'>#</a>]</dt>
-<dd>
-<p>Examine the ticket that was provided by the caller, check that it is
-signed and verified correctly. Throw an exception if something is
-wrong with the ticket.
-
-This is similar to geniserver.decode_authentication</p>
-<dl>
-<dt><i>ticket_string</i></dt>
-<dd>
-the string representation of the ticket</dd>
-</dl><br />
-</dd>
-<dt><a id='component.ComponentManager.delete_slice-method' name='component.ComponentManager.delete_slice-method'><b>delete_slice(cred_str)</b></a> [<a href='#component.ComponentManager.delete_slice-method'>#</a>]</dt>
-<dd>
-<p>Delete a slice.</p>
-<dl>
-<dt><i>cred</i></dt>
-<dd>
-a credential identifying the caller (callerGID) and the slice
- (objectGID)</dd>
-</dl><br />
-</dd>
-<dt><a id='component.ComponentManager.geni_ticket_to_plc_rec-method' name='component.ComponentManager.geni_ticket_to_plc_rec-method'><b>geni_ticket_to_plc_rec(ticket)</b></a> [<a href='#component.ComponentManager.geni_ticket_to_plc_rec-method'>#</a>]</dt>
-<dd>
-<p>Convert a geni ticket into a PLC record that can be submitted to the
-node manager. This involves some minor reformatting of the fields
-contained in the ticket.</p>
-<dl>
-<dt><i>ticket</i></dt>
-<dd>
-a ticket object</dd>
-<dt>Returns:</dt>
-<dd>
-a dictionary containing the PLC record info</dd>
-</dl><br />
-</dd>
-<dt><a id='component.ComponentManager.list_slices-method' name='component.ComponentManager.list_slices-method'><b>list_slices(cred_str)</b></a> [<a href='#component.ComponentManager.list_slices-method'>#</a>]</dt>
-<dd>
-<p>List the slices on a component.</p>
-<dl>
-<dt><i>cred_str</i></dt>
-<dd>
-string representation of a credential object that
- authorizes the caller</dd>
-<dt>Returns:</dt>
-<dd>
-a list of slice names</dd>
-</dl><br />
-</dd>
-<dt><a id='component.ComponentManager.reboot-method' name='component.ComponentManager.reboot-method'><b>reboot(cred_str)</b></a> [<a href='#component.ComponentManager.reboot-method'>#</a>]</dt>
-<dd>
-<p>Reboot the component.</p>
-<dl>
-<dt><i>cred_str</i></dt>
-<dd>
-string representation of a credential object that
- authorizes the caller</dd>
-</dl><br />
-</dd>
-<dt><a id='component.ComponentManager.redeem_ticket-method' name='component.ComponentManager.redeem_ticket-method'><b>redeem_ticket(ticket_str)</b></a> [<a href='#component.ComponentManager.redeem_ticket-method'>#</a>]</dt>
-<dd>
-<p>Redeem a ticket.
-
-The ticket is submitted to the node manager, and the slice is instantiated
-or updated as appropriate.
-
-TODO: This operation should return a sliver credential and indicate
-whether or not the component will accept only sliver credentials, or
-will accept both sliver and slice credentials.</p>
-<dl>
-<dt><i>ticket_str</i></dt>
-<dd>
-the string representation of a ticket object</dd>
-</dl><br />
-</dd>
-<dt><a id='component.ComponentManager.register_functions-method' name='component.ComponentManager.register_functions-method'><b>register_functions()</b></a> [<a href='#component.ComponentManager.register_functions-method'>#</a>]</dt>
-<dd>
-<p>Register the server RPCs for the component</p>
-</dd>
-<dt><a id='component.ComponentManager.reset_slice-method' name='component.ComponentManager.reset_slice-method'><b>reset_slice(cred_str)</b></a> [<a href='#component.ComponentManager.reset_slice-method'>#</a>]</dt>
-<dd>
-<p>Reset a slice.</p>
-<dl>
-<dt><i>cred</i></dt>
-<dd>
-a credential identifying the caller (callerGID) and the slice
- (objectGID)</dd>
-</dl><br />
-</dd>
-<dt><a id='component.ComponentManager.start_slice-method' name='component.ComponentManager.start_slice-method'><b>start_slice(cred_str)</b></a> [<a href='#component.ComponentManager.start_slice-method'>#</a>]</dt>
-<dd>
-<p>Start a slice.</p>
-<dl>
-<dt><i>cred</i></dt>
-<dd>
-a credential identifying the caller (callerGID) and the slice
- (objectGID)</dd>
-</dl><br />
-</dd>
-<dt><a id='component.ComponentManager.stop_slice-method' name='component.ComponentManager.stop_slice-method'><b>stop_slice(cred_str)</b></a> [<a href='#component.ComponentManager.stop_slice-method'>#</a>]</dt>
-<dd>
-<p>Stop a slice.</p>
-<dl>
-<dt><i>cred</i></dt>
-<dd>
-a credential identifying the caller (callerGID) and the slice
- (objectGID)</dd>
-</dl><br />
-</dd>
-</dl>
-</body></html>
def aggregate_class(self): pass
- def component_class(self): pass
-
# build an API object
# insert a manager instance
def make_api(self, *args, **kwargs):
def make_manager(self, interface):
"""
- interface expected in ['registry', 'aggregate', 'component']
+ interface expected in ['registry', 'aggregate']
flavour is e.g. 'pl' or 'max' or whatever
"""
flavour = self.flavour
message = "Generic.make_driver for flavour=%s and interface=%s" % (
flavour, interface)
- if interface == "component":
- classname = "component_driver_class"
- else:
- classname = "driver_class"
+ classname = "driver_class"
try:
class_obj = getattr(self, classname)()
logger.debug("%s : %s" % (message, class_obj))
def driver_class(self):
import sfa.iotlab.iotlabdriver
return sfa.iotlab.iotlabdriver.IotLabDriver
-
- def component_manager_class(self):
- return None
- # driver_class
-
- def component_driver_class(self):
- return None
def driver_class(self):
import sfa.planetlab.pldriver
return sfa.planetlab.pldriver.PlDriver
-
- # for the component mode, to be run on board planetlab nodes
- # manager class
- def component_manager_class(self):
- import sfa.managers
- return sfa.managers.component_manager_pl
- # driver_class
-
- def component_driver_class(self):
- import sfa.planetlab.plcomponentdriver
- return sfa.planetlab.plcomponentdriver.PlComponentDriver
+++ /dev/null
-
-def start_slice(api, slicename):
- return
-
-
-def stop_slice(api, slicename):
- return
-
-
-def DeleteSliver(api, slicename, call_id):
- return
-
-
-def reset_slice(api, slicename):
- return
-
-
-def ListSlices(api):
- return []
-
-
-def reboot():
- return
-
-
-def redeem_ticket(api, ticket_string):
- return
+++ /dev/null
-from sfa.util.faults import SliverDoesNotExist
-from sfa.util.version import version_core
-from sfa.util.py23 import xmlrpc_client
-
-from sfa.trust.sfaticket import SfaTicket
-
-from sfa.planetlab.plxrn import PlXrn
-
-
-def GetVersion(api, options):
- return version_core({'interface': 'component',
- 'testbed': 'myplc'})
-
-
-def init_server():
- from sfa.server import sfa_component_setup
- # get current trusted gids
- try:
- sfa_component_setup.get_trusted_certs()
- except:
- # our keypair may be old, try refreshing
- sfa_component_setup.get_node_key()
- sfa_component_setup.GetCredential(force=True)
- sfa_component_setup.get_trusted_certs()
-
-
-def SliverStatus(api, slice_xrn, creds):
- result = {}
- result['geni_urn'] = slice_xrn
- result['geni_status'] = 'unknown'
- result['geni_resources'] = {}
- return result
-
-
-def start_slice(api, xrn, creds):
- slicename = PlXrn(xrn, type='slice').pl_slicename()
- api.driver.nodemanager.Start(slicename)
-
-
-def stop_slice(api, xrn, creds):
- slicename = PlXrn(xrn, type='slice').pl_slicename()
- api.driver.nodemanager.Stop(slicename)
-
-
-def DeleteSliver(api, xrn, creds, call_id):
- slicename = PlXrn(xrn, type='slice').pl_slicename()
- api.driver.nodemanager.Destroy(slicename)
-
-
-def reset_slice(api, xrn):
- slicename = PlXrn(xrn, type='slice').pl_slicename()
- if not api.sliver_exists(slicename):
- raise SliverDoesNotExist(slicename)
- api.driver.nodemanager.ReCreate(slicename)
-
-# xxx outdated - this should accept a credential & call_id
-
-
-def ListSlices(api):
- # this returns a tuple, the data we want is at index 1
- xids = api.driver.nodemanager.GetXIDs()
- # unfortunately the data we want is given to us as
- # a string but we really want it as a dict
- # lets eval it
- slices = eval(xids[1])
- return slices.keys()
-
-
-def redeem_ticket(api, ticket_string):
- ticket = SfaTicket(string=ticket_string)
- ticket.decode()
- hrn = ticket.attributes['slivers'][0]['hrn']
- slicename = PlXrn(hrn).pl_slicename()
- if not api.sliver_exists(slicename):
- raise SliverDoesNotExist(slicename)
-
- # convert ticket to format nm is used to
- nm_ticket = xmlrpc_client.dumps((ticket.attributes,), methodresponse=True)
- api.driver.nodemanager.AdminTicket(nm_ticket)
@return 1 is successful, faults otherwise
"""
- interfaces = ['aggregate', 'component']
+ interfaces = ['aggregate']
accepts = [
Parameter(
Returns this GENI Aggregate Manager's Version Information
@return version
"""
- interfaces = ['registry', 'aggregate', 'component']
+ interfaces = ['registry', 'aggregate']
accepts = [
Parameter(dict, "Options")
]
@param slice_urn (string) URN of slice to allocate to
"""
- interfaces = ['aggregate', 'component']
+ interfaces = ['aggregate']
accepts = [
Parameter(type([str]), "Slice or sliver URNs"),
Parameter(type([dict]), "credentials"),
+++ /dev/null
-import os
-import tempfile
-
-from sfa.client.sfaserverproxy import SfaServerProxy
-from sfa.planetlab.nodemanager import NodeManager
-
-from sfa.trust.credential import Credential
-from sfa.trust.certificate import Certificate, Keypair
-from sfa.trust.gid import GID
-
-####################
-
-
-class PlComponentDriver:
- """
- This class is the type for the toplevel 'api' object
- when running the component manager inside a planetlab node.
- As such it runs an SFA-compliant interface and thus inherits SfaApi
- However the fact that we run inside a planetlab nodes requires
- some tweaks as compared with a service running in the infrastructure.
- """
-
- def __init__(self, config):
- self.nodemanager = NodeManager(config)
-
- def sliver_exists(self):
- sliver_dict = self.nodemanager.GetXIDs()
- # xxx slicename is undefined
- if slicename in sliver_dict.keys():
- return True
- else:
- return False
-
- def get_registry(self):
- addr, port = self.config.SFA_REGISTRY_HOST, self.config.SFA_REGISTRY_PORT
- url = "http://%(addr)s:%(port)s" % locals()
- # xxx this would require access to the api...
- server = SfaServerProxy(url, self.key_file, self.cert_file)
- return server
-
- def get_node_key(self):
- # this call requires no authentication,
- # so we can generate a random keypair here
- subject = "component"
- (kfd, keyfile) = tempfile.mkstemp()
- (cfd, certfile) = tempfile.mkstemp()
- key = Keypair(create=True)
- key.save_to_file(keyfile)
- cert = Certificate(subject=subject)
- cert.set_issuer(key=key, subject=subject)
- cert.set_pubkey(key)
- cert.sign()
- cert.save_to_file(certfile)
- registry = self.get_registry()
- # the registry will scp the key onto the node
- registry.get_key_from_incoming_ip()
-
- # override the method in SfaApi
- def getCredential(self):
- """
- Get our credential from a remote registry
- """
- path = self.config.SFA_DATA_DIR
- config_dir = self.config.config_path
- cred_filename = path + os.sep + 'node.cred'
- try:
- credential = Credential(filename=cred_filename)
- return credential.save_to_string(save_parents=True)
- except IOError:
- node_pkey_file = config_dir + os.sep + "node.key"
- node_gid_file = config_dir + os.sep + "node.gid"
- cert_filename = path + os.sep + 'server.cert'
- if not os.path.exists(node_pkey_file) or \
- not os.path.exists(node_gid_file):
- self.get_node_key()
-
- # get node's hrn
- gid = GID(filename=node_gid_file)
- hrn = gid.get_hrn()
- # get credential from registry
- cert_str = Certificate(
- filename=cert_filename).save_to_string(save_parents=True)
- registry = self.get_registry()
- cred = registry.GetSelfCredential(cert_str, hrn, 'node')
- # xxx credfile is undefined
- Credential(string=cred).save_to_file(credfile, save_parents=True)
-
- return cred
-
- def clean_key_cred(self):
- """
- remove the existing keypair and cred and generate new ones
- """
- files = ["server.key", "server.cert", "node.cred"]
- for f in files:
- # xxx KEYDIR is undefined, could be meant to be "/var/lib/sfa/"
- # from sfa_component_setup.py
- filepath = KEYDIR + os.sep + f
- if os.path.isfile(filepath):
- os.unlink(f)
-
- # install the new key pair
- # GetCredential will take care of generating the new keypair
- # and credential
- self.get_node_key()
- self.getCredential()
+++ /dev/null
-#
-# Component is a SfaServer that implements the Component interface
-#
-import tempfile
-import os
-import time
-import sys
-
-from sfa.server.sfaserver import SfaServer
-
-# GeniLight client support is optional
-try:
- from egeni.geniLight_client import *
-except ImportError:
- GeniClientLight = None
-
-##
-# Component is a SfaServer that serves component operations.
-
-
-class Component(SfaServer):
- ##
- # Create a new registry object.
- #
- # @param ip the ip address to listen on
- # @param port the port to listen on
- # @param key_file private key filename of registry
- # @param cert_file certificate filename containing public key (could be a GID file)
-
- def __init__(self, ip, port, key_file, cert_file):
- SfaServer.__init__(self, ip, port, key_file,
- cert_file, interface='component')
# TODO: Can all three servers use the same "registry" certificate?
##
-# xxx todo not in the config yet
-component_port = 12346
import os
import os.path
import traceback
help="run registry server", default=False)
parser.add_option("-a", "--aggregate", dest="am", action="store_true",
help="run aggregate manager", default=False)
- parser.add_option("-c", "--component", dest="cm", action="store_true",
- help="run component server", default=False)
parser.add_option("-t", "--trusted-certs",
dest="trusted_certs", action="store_true",
help="refresh trusted certs", default=False)
server_key_file, server_cert_file)
a.start()
- if (options.cm):
- from sfa.server.component import Component
- c = Component("", config.component_port,
- server_key_file, server_cert_file)
-# c = Component("", config.SFA_COMPONENT_PORT, server_key_file, server_cert_file)
- c.start()
-
if __name__ == "__main__":
try:
main()
+++ /dev/null
-#!/usr/bin/python
-from __future__ import print_function
-
-import sys
-import os
-import tempfile
-from optparse import OptionParser
-
-from sfa.util.faults import ConnectionKeyGIDMismatch
-from sfa.util.config import Config
-
-from sfa.trust.certificate import Keypair, Certificate
-from sfa.trust.credential import Credential
-from sfa.trust.gid import GID
-from sfa.trust.hierarchy import Hierarchy
-
-from sfa.client.sfaserverproxy import SfaServerProxy
-
-from sfa.planetlab.plxrn import hrn_to_pl_slicename, slicename_to_hrn
-
-KEYDIR = "/var/lib/sfa/"
-CONFDIR = "/etc/sfa/"
-
-
-def handle_gid_mismatch_exception(f):
- def wrapper(*args, **kwds):
- try:
- return f(*args, **kwds)
- except ConnectionKeyGIDMismatch:
- # clean regen server keypair and try again
- print("cleaning keys and trying again")
- clean_key_cred()
- return f(args, kwds)
-
- return wrapper
-
-
-def server_proxy(url=None, port=None, keyfile=None, certfile=None, verbose=False):
- """
- returns an xmlrpc connection to the service a the specified
- address
- """
- if url:
- url_parts = url.split(":")
- if len(url_parts) > 1:
- pass
- else:
- url = "http://%(url)s:%(port)s" % locals()
- else:
- # connect to registry by default
- config = Config()
- addr, port = config.SFA_REGISTRY_HOST, config.SFA_REGISTRY_PORT
- url = "http://%(addr)s:%(port)s" % locals()
-
- if verbose:
- print("Contacting registry at: %(url)s" % locals())
-
- server = SfaServerProxy(url, keyfile, certfile)
- return server
-
-
-def create_default_dirs():
- config = Config()
- hierarchy = Hierarchy()
- config_dir = config.config_path
- trusted_certs_dir = config.get_trustedroots_dir()
- authorities_dir = hierarchy.basedir
- all_dirs = [config_dir, trusted_certs_dir, authorities_dir]
- for dir in all_dirs:
- if not os.path.exists(dir):
- os.makedirs(dir)
-
-
-def has_node_key():
- key_file = KEYDIR + os.sep + 'server.key'
- return os.path.exists(key_file)
-
-
-def clean_key_cred():
- """
- remove the existing keypair and cred and generate new ones
- """
- files = ["server.key", "server.cert", "node.cred"]
- for f in files:
- filepath = KEYDIR + os.sep + f
- if os.path.isfile(filepath):
- os.unlink(f)
-
- # install the new key pair
- # GetCredential will take care of generating the new keypair
- # and credential
- GetCredential()
-
-
-def get_node_key(registry=None, verbose=False):
- # this call requires no authentication,
- # so we can generate a random keypair here
- subject = "component"
- (kfd, keyfile) = tempfile.mkstemp()
- (cfd, certfile) = tempfile.mkstemp()
- key = Keypair(create=True)
- key.save_to_file(keyfile)
- cert = Certificate(subject=subject)
- cert.set_issuer(key=key, subject=subject)
- cert.set_pubkey(key)
- cert.sign()
- cert.save_to_file(certfile)
-
- registry = server_proxy(url=registry, keyfile=keyfile, certfile=certfile)
- registry.get_key_from_incoming_ip()
-
-
-def create_server_keypair(keyfile=None, certfile=None, hrn="component", verbose=False):
- """
- create the server key/cert pair in the right place
- """
- key = Keypair(filename=keyfile)
- key.save_to_file(keyfile)
- cert = Certificate(subject=hrn)
- cert.set_issuer(key=key, subject=hrn)
- cert.set_pubkey(key)
- cert.sign()
- cert.save_to_file(certfile, save_parents=True)
-
-
-@handle_gid_mismatch_exception
-def GetCredential(registry=None, force=False, verbose=False):
- config = Config()
- hierarchy = Hierarchy()
- key_dir = hierarchy.basedir
- data_dir = config.data_path
- config_dir = config.config_path
- credfile = data_dir + os.sep + 'node.cred'
- # check for existing credential
- if not force and os.path.exists(credfile):
- if verbose:
- print("Loading Credential from %(credfile)s " % locals())
- cred = Credential(filename=credfile).save_to_string(save_parents=True)
- else:
- if verbose:
- print("Getting credential from registry")
- # make sure node private key exists
- node_pkey_file = config_dir + os.sep + "node.key"
- node_gid_file = config_dir + os.sep + "node.gid"
- if not os.path.exists(node_pkey_file) or \
- not os.path.exists(node_gid_file):
- get_node_key(registry=registry, verbose=verbose)
-
- gid = GID(filename=node_gid_file)
- hrn = gid.get_hrn()
- # create server key and certificate
- keyfile = data_dir + os.sep + "server.key"
- certfile = data_dir + os.sep + "server.cert"
- key = Keypair(filename=node_pkey_file)
- key.save_to_file(keyfile)
- create_server_keypair(keyfile, certfile, hrn, verbose)
-
- # get credential from registry
- registry = server_proxy(
- url=registry, keyfile=keyfile, certfile=certfile)
- cert = Certificate(filename=certfile)
- cert_str = cert.save_to_string(save_parents=True)
- cred = registry.GetSelfCredential(cert_str, 'node', hrn)
- Credential(string=cred).save_to_file(credfile, save_parents=True)
-
- return cred
-
-
-@handle_gid_mismatch_exception
-def get_trusted_certs(registry=None, verbose=False):
- """
- refresh our list of trusted certs.
- """
- # define useful variables
- config = Config()
- data_dir = config.SFA_DATA_DIR
- config_dir = config.SFA_CONFIG_DIR
- trusted_certs_dir = config.get_trustedroots_dir()
- keyfile = data_dir + os.sep + "server.key"
- certfile = data_dir + os.sep + "server.cert"
- node_gid_file = config_dir + os.sep + "node.gid"
- node_gid = GID(filename=node_gid_file)
- hrn = node_gid.get_hrn()
- # get credential
- cred = GetCredential(registry=registry, verbose=verbose)
- # make sure server key cert pair exists
- create_server_keypair(
- keyfile=keyfile, certfile=certfile, hrn=hrn, verbose=verbose)
- registry = server_proxy(url=registry, keyfile=keyfile, certfile=certfile)
- # get the trusted certs and save them in the right place
- if verbose:
- print("Getting trusted certs from registry")
- trusted_certs = registry.get_trusted_certs(cred)
- trusted_gid_names = []
- for gid_str in trusted_certs:
- gid = GID(string=gid_str)
- gid.decode()
- relative_filename = gid.get_hrn() + ".gid"
- trusted_gid_names.append(relative_filename)
- gid_filename = trusted_certs_dir + os.sep + relative_filename
- if verbose:
- print("Writing GID for %s as %s" % (gid.get_hrn(), gid_filename))
- gid.save_to_file(gid_filename, save_parents=True)
-
- # remove old certs
- all_gids_names = os.listdir(trusted_certs_dir)
- for gid_name in all_gids_names:
- if gid_name not in trusted_gid_names:
- if verbose:
- print("Removing old gid ", gid_name)
- os.unlink(trusted_certs_dir + os.sep + gid_name)
-
-
-@handle_gid_mismatch_exception
-def get_gids(registry=None, verbose=False):
- """
- Get the gid for all instantiated slices on this node and store it
- in /etc/sfa/slice.gid in the slice's filesystem
- """
- # define useful variables
- config = Config()
- data_dir = config.data_path
- config_dir = config.SFA_CONFIG_DIR
- trusted_certs_dir = config.get_trustedroots_dir()
- keyfile = data_dir + os.sep + "server.key"
- certfile = data_dir + os.sep + "server.cert"
- node_gid_file = config_dir + os.sep + "node.gid"
- node_gid = GID(filename=node_gid_file)
- hrn = node_gid.get_hrn()
- interface_hrn = config.SFA_INTERFACE_HRN
- # get credential
- cred = GetCredential(registry=registry, verbose=verbose)
- # make sure server key cert pair exists
- create_server_keypair(
- keyfile=keyfile, certfile=certfile, hrn=hrn, verbose=verbose)
- registry = server_proxy(url=registry, keyfile=keyfile, certfile=certfile)
-
- if verbose:
- print("Getting current slices on this node")
- # get a list of slices on this node
- from sfa.generic import Generic
- generic = Generic.the_flavour()
- api = generic.make_api(interface='component')
- xids_tuple = api.driver.nodemanager.GetXIDs()
- slices = eval(xids_tuple[1])
- slicenames = slices.keys()
-
- # generate a list of slices that dont have gids installed
- slices_without_gids = []
- for slicename in slicenames:
- if not os.path.isfile("/vservers/%s/etc/slice.gid" % slicename) \
- or not os.path.isfile("/vservers/%s/etc/node.gid" % slicename):
- slices_without_gids.append(slicename)
-
- # convert slicenames to hrns
- hrns = [slicename_to_hrn(interface_hrn, slicename)
- for slicename in slices_without_gids]
-
- # exit if there are no gids to install
- if not hrns:
- return
-
- if verbose:
- print("Getting gids for slices on this node from registry")
- # get the gids
- # and save them in the right palce
- records = registry.GetGids(hrns, cred)
- for record in records:
- # if this isnt a slice record skip it
- if not record['type'] == 'slice':
- continue
- slicename = hrn_to_pl_slicename(record['hrn'])
- # if this slice isnt really instatiated skip it
- if not os.path.exists("/vservers/%(slicename)s" % locals()):
- continue
-
- # save the slice gid in /etc/sfa/ in the vservers filesystem
- vserver_path = "/vservers/%(slicename)s" % locals()
- gid = record['gid']
- slice_gid_filename = os.sep.join([vserver_path, "etc", "slice.gid"])
- if verbose:
- print("Saving GID for %(slicename)s as %(slice_gid_filename)s" % locals())
- GID(string=gid).save_to_file(slice_gid_filename, save_parents=True)
- # save the node gid in /etc/sfa
- node_gid_filename = os.sep.join([vserver_path, "etc", "node.gid"])
- if verbose:
- print("Saving node GID for %(slicename)s as %(node_gid_filename)s" % locals())
- node_gid.save_to_file(node_gid_filename, save_parents=True)
-
-
-def dispatch(options, args):
-
- create_default_dirs()
- if options.key:
- if options.verbose:
- print("Getting the component's pkey")
- get_node_key(registry=options.registry, verbose=options.verbose)
- if options.certs:
- if options.verbose:
- print("Getting the component's trusted certs")
- get_trusted_certs(verbose=options.verbose)
- if options.gids:
- if options.verbose:
- print("Geting the component's GIDs")
- get_gids(verbose=options.verbose)
-
-
-def main():
- args = sys.argv
- prog_name = args[0]
- parser = OptionParser(usage="%(prog_name)s [options]" % locals())
- parser.add_option("-v", "--verbose", dest="verbose", action="store_true",
- default=False, help="Be verbose")
- parser.add_option("-r", "--registry", dest="registry", default=None,
- help="Url of registry to contact")
- parser.add_option("-k", "--key", dest="key", action="store_true",
- default=False,
- help="Get the node's pkey from the registry")
- parser.add_option("-c", "--certs", dest="certs", action="store_true",
- default=False,
- help="Get the trusted certs from the registry")
- parser.add_option("-g", "--gids", dest="gids", action="store_true",
- default=False,
- help="Get gids for all the slices on the component")
-
- (options, args) = parser.parse_args()
-
- dispatch(options, args)
-
-if __name__ == '__main__':
- main()
-##
-# This module implements a general-purpose server layer for sfa.
-# The same basic server should be usable on the registry, component, or
-# other interfaces.
-#
-# TODO: investigate ways to combine this with existing PLC server?
-##
+"""
+This module implements a general-purpose server layer for sfa.
+The same basic server should be usable on the registry or
+other interfaces.
+"""
import threading
# will raise an exception if the ticket inst valid
SfaTicket(string=ticket)
-class ComponentTest(BasicTestCase):
- def setUp(self):
- BasicTestCase.setUp(self)
- self.slice_cred = self.client.GetCredential(self.slice['hrn'], 'slice')
-
- def testStartSlice(self):
- self.cm.start_slice(self.slice_cred, self.slice['hrn'])
-
- def testStopSlice(self):
- self.cm.stop_slice(self.slice_cred, self.slice['hrn'])
-
- def testDeleteSlice(self):
- self.cm.DeleteSliver(self.slice_cred, self.slice['hrn'],"call-id-delete-slice-cm")
-
- def testRestartSlice(self):
- self.cm.restart_slice(self.slice_cred, self.slice['hrn'])
-
- def testGetSlices(self):
- self.cm.ListSlices(self.slice_cred, self.slice['hrn'])
-
- def testRedeemTicket(self):
- rspec = self.aggregate.get_resources(self.credential)
- ticket = self.aggregate.GetTicket(slice_cred, self.slice['hrn'], rspec)
- self.cm.redeem_ticket(slice_cred, ticket)
-
-
def test_names(testcase):
return [name for name in dir(testcase) if name.startswith('test')]
return "complete"
if self.interface_options.aggregate: return "aggregate"
elif self.interface_options.registry: return "registry"
- elif self.interface_options.component: return "component"
else: return "unknown"
def filter_argname(self, argname):
help="Generate registry.wsdl", metavar="FILE")
parser.add_option("-a", "--aggregate", action="store_true", dest="aggregate",
help="Generate am.wsdl")
- parser.add_option("-c", "--component", action="store_true", dest="component",
- help="Generate cm.wsdl")
parser.add_option("-g", "--geni-aggregate", action="store_true", dest="geni_am",
help="Generate gm.wsdl")
parser.add_option("-l", "--lite", action="store_true", dest="lite",
git://git.onelab.eu / sfa.git / commitdiff