<!--
Default SFA configuration file
-Thierry Parmentelat
+Thierry Parmentelat
-->
<variable id="generic_flavour" type="string">
<name>Generic Flavour</name>
<value>pl</value>
- <description>This string refers to a class located in sfa.generic that describes
+ <description>This string refers to a class located in sfa.generic that describes
which specific implementation needs to be used for api, manager and driver objects.
PlanetLab users do not need to change this setting.
</description>
<value>0</value>
<description>Logging level; 0=minimum, 1=info, 2=debug</description>
</variable>
-
+
<variable id="max_slice_renew" type="int">
<name>Max Slice Renew</name>
<value>60</value>
<name>User Session Keys Path </name>
<value>/var/lib/sfa/session_keys</value>
<description>Some services will peform operations on behalf of a user, but make
- it look like the user is the one performing the operation. Doing this requires a
- valid key pair and credential for the user. This option defines the path where
+ it look like the user is the one performing the operation. Doing this requires a
+ valid key pair and credential for the user. This option defines the path where
key pairs and credentials are generated and stored.
- This functionality is used by the SFA web GUI.
- </description>
+ This functionality is used by the SFA web GUI.
+ </description>
</variable>
<variable id="data_dir" type="string">
</variablelist>
</category>
- <!-- ======================================== -->
- <category id="sfa_flashpolicy">
- <name>SFA Flash Policy</name>
- <description>The settings that affect the flash policy server that will run
- as part of this SFA instance.</description>
-
- <variablelist>
- <variable id="enabled" type="boolean">
- <name>Enable Flash Policy Server</name>
- <value>false</value>
- <description>Allows this local SFA instance to run a
- flash policy server.</description>
- </variable>
- <variable id="config_file" type="string">
- <name>Flash policy config file</name>
- <value>/etc/sfa/sfa_flashpolicy_config.xml</value>
- <description>The path to where the flash policy config file can be reached.</description>
- </variable>
- <variable id="port" type="int">
- <name>Flash policy port</name>
- <value>843</value>
- <description>The flash policy server port.</description>
- </variable>
- </variablelist>
- </category>
-
<!-- ======================================== -->
<category id="sfa_plc">
<name></name>
<!-- ======================================== -->
<category id="sfa_nova">
<name>SFA Flash Policy</name>
- <description>The settings that affect how SFA connects to
+ <description>The settings that affect how SFA connects to
the Nova/EC2 API</description>
<variablelist>
<variable id="user" type="string">
<name>Sfa nova user</name>
<value>novaadmin</value>
- <description>Account/context to use when performing
+ <description>Account/context to use when performing
administrative nova operations</description>
</variable>
<variable id="api_url" type="string">
+++ /dev/null
-#!/usr/bin/env python
-#
-# flashpolicyd.py
-# Simple socket policy file server for Flash
-#
-# Usage: flashpolicyd.py [--port=N] --file=FILE
-#
-# Logs to stderr
-# Requires Python 2.5 or later
-
-from __future__ import with_statement
-import os
-import sys
-import optparse
-import socket
-import thread
-import exceptions
-import contextlib
-
-VERSION = 0.1
-
-
-def daemon():
- """Daemonize the current process."""
- if os.fork() != 0:
- os._exit(0)
- os.setsid()
- if os.fork() != 0:
- os._exit(0)
- os.umask(0)
- devnull = os.open(os.devnull, os.O_RDWR)
- os.dup2(devnull, 0)
- # xxx fixme - this is just to make sure that nothing gets stupidly lost -
- # should use devnull
- crashlog = os.open('/var/log/sfa_flashpolicy.log', os.O_RDWR | os.O_APPEND | os.O_CREAT, 0644)
- os.dup2(crashlog, 1)
- os.dup2(crashlog, 2)
-
-
-class policy_server(object):
-
- def __init__(self, port, path):
- self.port = port
- self.path = path
- self.policy = self.read_policy(path)
- self.log('Listening on port %d\n' % port)
- try:
- self.sock = socket.socket(socket.AF_INET6, socket.SOCK_STREAM)
- except AttributeError:
- # AttributeError catches Python built without IPv6
- self.sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
- except socket.error:
- # socket.error catches OS with IPv6 disabled
- self.sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
- self.sock.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1)
- self.sock.bind(('', port))
- self.sock.listen(5)
-
- def read_policy(self, path):
- with open(path, 'rb') as f:
- policy = f.read(10001)
- if len(policy) > 10000:
- raise exceptions.RuntimeError('File probably too large to be a policy file',
- path)
- if 'cross-domain-policy' not in policy:
- raise exceptions.RuntimeError('Not a valid policy file',
- path)
- return policy
-
- def run(self):
- try:
- while True:
- thread.start_new_thread(self.handle, self.sock.accept())
- except socket.error as e:
- self.log('Error accepting connection: %s' % e[1])
-
- def handle(self, conn, addr):
- addrstr = '%s:%s' % (addr[0], addr[1])
- try:
- self.log('Connection from %s' % addrstr)
- with contextlib.closing(conn):
- # It's possible that we won't get the entire request in
- # a single recv, but very unlikely.
- request = conn.recv(1024).strip()
- # if request != '<policy-file-request/>\0':
- # self.log('Unrecognized request from %s: %s' % (addrstr, request))
- # return
- self.log('Valid request received from %s' % addrstr)
- conn.sendall(self.policy)
- self.log('Sent policy file to %s' % addrstr)
- except socket.error as e:
- self.log('Error handling connection from %s: %s' % (addrstr, e[1]))
- except Exception as e:
- self.log('Error handling connection from %s: %s' % (addrstr, e[1]))
-
- def log(self, str):
- print >>sys.stderr, str
-
-
-def main():
- parser = optparse.OptionParser(usage='%prog [--port=PORT] --file=FILE',
- version='%prog ' + str(VERSION))
- parser.add_option('-p', '--port', dest='port', type=int, default=843,
- help='listen on port PORT', metavar='PORT')
- parser.add_option('-f', '--file', dest='path',
- help='server policy file FILE', metavar='FILE')
- parser.add_option("-d", "--daemon", dest="daemon", action="store_true",
- help="Run as daemon.", default=False)
- opts, args = parser.parse_args()
- if args:
- parser.error('No arguments are needed. See help.')
- if not opts.path:
- parser.error('File must be specified. See help.')
-
- try:
- if opts.daemon:
- daemon()
- policy_server(opts.port, opts.path).run()
- except Exception as e:
- print >> sys.stderr, e
- sys.exit(1)
- except KeyboardInterrupt:
- pass
-
-if __name__ == '__main__':
- main()
+++ /dev/null
-<?xml version="1.0"?>
-<!DOCTYPE cross-domain-policy SYSTEM "/xml/dtds/cross-domain-policy.dtd">
-
-<cross-domain-policy>
- <site-control permitted-cross-domain-policies="master-only"/>
- <allow-access-from domain="*" to-ports="80,443,12345,12346,12347" />
-</cross-domain-policy>
-
'systemd/sfa-setup.sh',
'sfatables/sfatables',
'keyconvert/keyconvert.py',
- 'flashpolicy/sfa_flashpolicy.py',
]
packages = [
'sfa/trust/sig.xsd',
'sfa/trust/xml.xsd',
'sfa/trust/protogeni-rspec-common.xsd',
- 'flashpolicy/sfa_flashpolicy_config.xml',
]),
('/etc/sfatables/matches/', glob('sfatables/matches/*.xml')),
('/etc/sfatables/targets/', glob('sfatables/targets/*.xml')),
Group: Applications/System
Requires: sfa
-%package flashpolicy
-Summary: SFA support for flash clients
-Group: Applications/System
-Requires: sfa
-
%package federica
Summary: the SFA layer around Federica
Group: Applications/System
This package implements the SFA interface which serves as a layer
between the existing PlanetLab interfaces and the SFA API.
-%description flashpolicy
-This package provides support for adobe flash client applications.
-
%description federica
The SFA driver for FEDERICA.
/etc/sfa/protogeni-rspec-common.xsd
/etc/sfa/topology
-%files flashpolicy
-%{_bindir}/sfa_flashpolicy.py*
-/etc/sfa/sfa_flashpolicy_config.xml
-
%files federica
%{python_sitelib}/sfa/federica