--- /dev/null
+# $Id: Makefile,v 1.6 2008/10/29 01:01:35 ghantoos Exp $
+#
+
+PYTHON=`which python`
+DESTDIR=/
+BUILDIR=$(CURDIR)/debian/sfa
+PROJECT=sfa
+VERSION=0.2.0
+
+all:
+ @echo "make source - Create source package"
+ @echo "make install - Install on local system"
+ @echo "make buildrpm - Generate a rpm package"
+ @echo "make builddeb - Generate a deb package"
+ @echo "make clean - Get rid of scratch and byte files"
+
+source:
+ $(PYTHON) setup.py sdist $(COMPILE)
+
+install:
+ $(PYTHON) setup.py install --root $(DESTDIR) $(COMPILE)
+
+buildrpm:
+ $(PYTHON) setup.py bdist_rpm --post-install=rpm/postinstall --pre-uninstall=rpm/preuninstall
+
+builddeb:
+ rm -f sfaadmin sfascan sfi
+ # build the source package in the parent directory
+ # then rename it to project_version.orig.tar.gz
+ $(PYTHON) setup.py sdist $(COMPILE) --dist-dir=../ --prune
+ rename -f 's/$(PROJECT)-(.*)\.tar\.gz/$(PROJECT)_$$1\.orig\.tar\.gz/' ../*
+ # build the package
+ dpkg-buildpackage -i -I -rfakeroot
+
+clean:
+ $(PYTHON) setup.py clean
+ $(MAKE) -f $(CURDIR)/debian/rules clean
+ rm -rf build/ MANIFEST
+ find . -name '*.pyc' -delete
--- /dev/null
+sfa (0.2.0) UNRELEASED; urgency=low
+
+ * Initial release. (Closes: #XXXXXX)
+
+ -- Jordan Augé <jordan.auge@lip6.fr> Tue, 12 Jun 2012 17:22:18 +0300
--- /dev/null
+Source: sfa
+Section: misc
+Priority: optional
+Maintainer: Jordan Augé <jordan.auge@lip6.fr>
+Build-Depends: debhelper (>=7.0.50~), debconf, dpatch
+Homepage: http://www.joomla.org
+Standards-Version: 3.9.3.1
+
+Package: sfa
+Architecture: all
+Depends: python-openssl, python-m2crypto, python-dateutil
+Description: SFA
+ SFA
--- /dev/null
+#!/bin/bash
+cp
--- /dev/null
+#!/usr/bin/make -f
+# -*- makefile -*-
+
+%:
+ dh $@
--- /dev/null
+# -*-Shell-script-*-
+#
+# functions This file contains functions to be used by most or all
+# shell scripts in the /etc/init.d directory.
+#
+
+TEXTDOMAIN=initscripts
+
+# Make sure umask is sane
+umask 022
+
+# Set up a default search path.
+PATH="/sbin:/usr/sbin:/bin:/usr/bin"
+export PATH
+
+if [ $PPID -ne 1 -a -z "$SYSTEMCTL_SKIP_REDIRECT" ] && \
+ ( /bin/mountpoint -q /cgroup/systemd || /bin/mountpoint -q /sys/fs/cgroup/systemd ) ; then
+ case "$0" in
+ /etc/init.d/*|/etc/rc.d/init.d/*)
+ _use_systemctl=1
+ ;;
+ esac
+fi
+
+systemctl_redirect () {
+ local s
+ local prog=${1##*/}
+ local command=$2
+
+ case "$command" in
+ start)
+ s=$"Starting $prog (via systemctl): "
+ ;;
+ stop)
+ s=$"Stopping $prog (via systemctl): "
+ ;;
+ reload|try-reload)
+ s=$"Reloading $prog configuration (via systemctl): "
+ ;;
+ restart|try-restart|condrestart)
+ s=$"Restarting $prog (via systemctl): "
+ ;;
+ esac
+
+ action "$s" /bin/systemctl $command "$prog.service"
+}
+
+# Get a sane screen width
+[ -z "${COLUMNS:-}" ] && COLUMNS=80
+
+#if [ -z "${CONSOLETYPE:-}" ]; then
+# if [ -r "/dev/stderr" ]; then
+# CONSOLETYPE="$(/sbin/consoletype < /dev/stderr)"
+# else
+# CONSOLETYPE="$(/sbin/consoletype)"
+# fi
+#fi
+
+if [ -z "${NOLOCALE:-}" ] && [ -z "${LANGSH_SOURCED:-}" ] && [ -f /etc/sysconfig/i18n ] ; then
+ . /etc/profile.d/lang.sh 2>/dev/null
+ # avoid propagating LANGSH_SOURCED any further
+ unset LANGSH_SOURCED
+fi
+
+# Read in our configuration
+if [ -z "${BOOTUP:-}" ]; then
+ if [ -f /etc/sysconfig/init ]; then
+ . /etc/sysconfig/init
+ else
+ # This all seem confusing? Look in /etc/sysconfig/init,
+ # or in /usr/doc/initscripts-*/sysconfig.txt
+ BOOTUP=color
+ RES_COL=60
+ MOVE_TO_COL="echo -en \\033[${RES_COL}G"
+ SETCOLOR_SUCCESS="echo -en \\033[1;32m"
+ SETCOLOR_FAILURE="echo -en \\033[1;31m"
+ SETCOLOR_WARNING="echo -en \\033[1;33m"
+ SETCOLOR_NORMAL="echo -en \\033[0;39m"
+ LOGLEVEL=1
+ fi
+ if [ "$CONSOLETYPE" = "serial" ]; then
+ BOOTUP=serial
+ MOVE_TO_COL=
+ SETCOLOR_SUCCESS=
+ SETCOLOR_FAILURE=
+ SETCOLOR_WARNING=
+ SETCOLOR_NORMAL=
+ fi
+fi
+
+# Interpret escape sequences in an fstab entry
+fstab_decode_str() {
+ fstab-decode echo "$1"
+}
+
+# Check if any of $pid (could be plural) are running
+checkpid() {
+ local i
+
+ for i in $* ; do
+ [ -d "/proc/$i" ] && return 0
+ done
+ return 1
+}
+
+__readlink() {
+ ls -bl "$@" 2>/dev/null| awk '{ print $NF }'
+}
+
+__fgrep() {
+ s=$1
+ f=$2
+ while read line; do
+ if strstr "$line" "$s"; then
+ echo $line
+ return 0
+ fi
+ done < $f
+ return 1
+}
+
+# __umount_loop awk_program fstab_file first_msg retry_msg umount_args
+# awk_program should process fstab_file and return a list of fstab-encoded
+# paths; it doesn't have to handle comments in fstab_file.
+__umount_loop() {
+ local remaining sig=
+ local retry=3 count
+
+ remaining=$(LC_ALL=C awk "/^#/ {next} $1" "$2" | sort -r)
+ while [ -n "$remaining" -a "$retry" -gt 0 ]; do
+ if [ "$retry" -eq 3 ]; then
+ action "$3" fstab-decode umount $5 $remaining
+ else
+ action "$4" fstab-decode umount $5 $remaining
+ fi
+ count=4
+ remaining=$(LC_ALL=C awk "/^#/ {next} $1" "$2" | sort -r)
+ while [ "$count" -gt 0 ]; do
+ [ -z "$remaining" ] && break
+ count=$(($count-1))
+ # jordan # usleep 500000
+ sleep 0.5
+ remaining=$(LC_ALL=C awk "/^#/ {next} $1" "$2" | sort -r)
+ done
+ [ -z "$remaining" ] && break
+ fstab-decode /sbin/fuser -k -m $sig $remaining >/dev/null
+ sleep 3
+ retry=$(($retry -1))
+ sig=-9
+ done
+}
+
+# Similar to __umount loop above, specialized for loopback devices
+__umount_loopback_loop() {
+ local remaining devremaining sig=
+ local retry=3
+
+ remaining=$(awk '$1 ~ /^\/dev\/loop/ && $2 != "/" {print $2}' /proc/mounts)
+ devremaining=$(awk '$1 ~ /^\/dev\/loop/ && $2 != "/" {print $1}' /proc/mounts)
+ while [ -n "$remaining" -a "$retry" -gt 0 ]; do
+ if [ "$retry" -eq 3 ]; then
+ action $"Unmounting loopback filesystems: " \
+ fstab-decode umount $remaining
+ else
+ action $"Unmounting loopback filesystems (retry):" \
+ fstab-decode umount $remaining
+ fi
+ for dev in $devremaining ; do
+ losetup $dev > /dev/null 2>&1 && \
+ action $"Detaching loopback device $dev: " \
+ losetup -d $dev
+ done
+ remaining=$(awk '$1 ~ /^\/dev\/loop/ && $2 != "/" {print $2}' /proc/mounts)
+ devremaining=$(awk '$1 ~ /^\/dev\/loop/ && $2 != "/" {print $1}' /proc/mounts)
+ [ -z "$remaining" ] && break
+ fstab-decode /sbin/fuser -k -m $sig $remaining >/dev/null
+ sleep 3
+ retry=$(($retry -1))
+ sig=-9
+ done
+}
+
+# __proc_pids {program} [pidfile]
+# Set $pid to pids from /var/run* for {program}. $pid should be declared
+# local in the caller.
+# Returns LSB exit code for the 'status' action.
+__pids_var_run() {
+ local base=${1##*/}
+ local pid_file=${2:-/var/run/$base.pid}
+
+ pid=
+ if [ -f "$pid_file" ] ; then
+ local line p
+
+ [ ! -r "$pid_file" ] && return 4 # "user had insufficient privilege"
+ while : ; do
+ read line
+ [ -z "$line" ] && break
+ for p in $line ; do
+ [ -z "${p//[0-9]/}" ] && [ -d "/proc/$p" ] && pid="$pid $p"
+ done
+ done < "$pid_file"
+
+ if [ -n "$pid" ]; then
+ return 0
+ fi
+ return 1 # "Program is dead and /var/run pid file exists"
+ fi
+ return 3 # "Program is not running"
+}
+
+# Output PIDs of matching processes, found using pidof
+__pids_pidof() {
+ pidof -c -o $$ -o $PPID -o %PPID -x "$1" || \
+ pidof -c -o $$ -o $PPID -o %PPID -x "${1##*/}"
+# jordan # pidof -c -m -o $$ -o $PPID -o %PPID -x "$1" || \
+# jordan # pidof -c -m -o $$ -o $PPID -o %PPID -x "${1##*/}"
+}
+
+
+# A function to start a program.
+daemon() {
+ # Test syntax.
+ local gotbase= force= nicelevel corelimit
+ local pid base= user= nice= bg= pid_file=
+ local cgroup=
+ nicelevel=0
+ while [ "$1" != "${1##[-+]}" ]; do
+ case $1 in
+ '') echo $"$0: Usage: daemon [+/-nicelevel] {program}"
+ return 1;;
+ --check)
+ base=$2
+ gotbase="yes"
+ shift 2
+ ;;
+ --check=?*)
+ base=${1#--check=}
+ gotbase="yes"
+ shift
+ ;;
+ --user)
+ user=$2
+ shift 2
+ ;;
+ --user=?*)
+ user=${1#--user=}
+ shift
+ ;;
+ --pidfile)
+ pid_file=$2
+ shift 2
+ ;;
+ --pidfile=?*)
+ pid_file=${1#--pidfile=}
+ shift
+ ;;
+ --force)
+ force="force"
+ shift
+ ;;
+ [-+][0-9]*)
+ nice="nice -n $1"
+ shift
+ ;;
+ *) echo $"$0: Usage: daemon [+/-nicelevel] {program}"
+ return 1;;
+ esac
+ done
+
+ # Save basename.
+ [ -z "$gotbase" ] && base=${1##*/}
+
+ # See if it's already running. Look *only* at the pid file.
+ __pids_var_run "$base" "$pid_file"
+
+ [ -n "$pid" -a -z "$force" ] && return
+
+ # make sure it doesn't core dump anywhere unless requested
+ corelimit="ulimit -S -c ${DAEMON_COREFILE_LIMIT:-0}"
+
+ # if they set NICELEVEL in /etc/sysconfig/foo, honor it
+ [ -n "${NICELEVEL:-}" ] && nice="nice -n $NICELEVEL"
+
+ # if they set CGROUP_DAEMON in /etc/sysconfig/foo, honor it
+ if [ -n "${CGROUP_DAEMON}" ]; then
+ if [ ! -x /bin/cgexec ]; then
+ echo -n "Cgroups not installed"; warning
+ echo
+ else
+ cgroup="/bin/cgexec";
+ for i in $CGROUP_DAEMON; do
+ cgroup="$cgroup -g $i";
+ done
+ fi
+ fi
+
+ # Echo daemon
+ [ "${BOOTUP:-}" = "verbose" -a -z "${LSB:-}" ] && echo -n " $base"
+
+ # And start it up.
+ if [ -z "$user" ]; then
+ $cgroup $nice /bin/bash -c "$corelimit >/dev/null 2>&1 ; $*"
+ else
+ $cgroup $nice runuser -s /bin/bash $user -c "$corelimit >/dev/null 2>&1 ; $*"
+ fi
+
+ [ "$?" -eq 0 ] && success $"$base startup" || failure $"$base startup"
+}
+
+# A function to stop a program.
+killproc() {
+ local RC killlevel= base pid pid_file= delay
+
+ RC=0; delay=3
+ # Test syntax.
+ if [ "$#" -eq 0 ]; then
+ echo $"Usage: killproc [-p pidfile] [ -d delay] {program} [-signal]"
+ return 1
+ fi
+ if [ "$1" = "-p" ]; then
+ pid_file=$2
+ shift 2
+ fi
+ if [ "$1" = "-d" ]; then
+ delay=$2
+ shift 2
+ fi
+
+
+ # check for second arg to be kill level
+ [ -n "${2:-}" ] && killlevel=$2
+
+ # Save basename.
+ base=${1##*/}
+
+ # Find pid.
+ __pids_var_run "$1" "$pid_file"
+ RC=$?
+ if [ -z "$pid" ]; then
+ if [ -z "$pid_file" ]; then
+ pid="$(__pids_pidof "$1")"
+ else
+ [ "$RC" = "4" ] && { failure $"$base shutdown" ; return $RC ;}
+ fi
+ fi
+
+ # Kill it.
+ if [ -n "$pid" ] ; then
+ [ "$BOOTUP" = "verbose" -a -z "${LSB:-}" ] && echo -n "$base "
+ if [ -z "$killlevel" ] ; then
+ if checkpid $pid 2>&1; then
+ # TERM first, then KILL if not dead
+ kill -TERM $pid >/dev/null 2>&1
+ sleep 0.1
+ # jordan # usleep 100000
+ if checkpid $pid && sleep 1 &&
+ checkpid $pid && sleep $delay &&
+ checkpid $pid ; then
+ kill -KILL $pid >/dev/null 2>&1
+ sleep 0.1
+ # jordan # usleep 100000
+ fi
+ fi
+ checkpid $pid
+ RC=$?
+ [ "$RC" -eq 0 ] && failure $"$base shutdown" || success $"$base shutdown"
+ RC=$((! $RC))
+ # use specified level only
+ else
+ if checkpid $pid; then
+ kill $killlevel $pid >/dev/null 2>&1
+ RC=$?
+ [ "$RC" -eq 0 ] && success $"$base $killlevel" || failure $"$base $killlevel"
+ elif [ -n "${LSB:-}" ]; then
+ RC=7 # Program is not running
+ fi
+ fi
+ else
+ if [ -n "${LSB:-}" -a -n "$killlevel" ]; then
+ RC=7 # Program is not running
+ else
+ failure $"$base shutdown"
+ RC=0
+ fi
+ fi
+
+ # Remove pid file if any.
+ if [ -z "$killlevel" ]; then
+ rm -f "${pid_file:-/var/run/$base.pid}"
+ fi
+ return $RC
+}
+
+# A function to find the pid of a program. Looks *only* at the pidfile
+pidfileofproc() {
+ local pid
+
+ # Test syntax.
+ if [ "$#" = 0 ] ; then
+ echo $"Usage: pidfileofproc {program}"
+ return 1
+ fi
+
+ __pids_var_run "$1"
+ [ -n "$pid" ] && echo $pid
+ return 0
+}
+
+# A function to find the pid of a program.
+pidofproc() {
+ local RC pid pid_file=
+
+ # Test syntax.
+ if [ "$#" = 0 ]; then
+ echo $"Usage: pidofproc [-p pidfile] {program}"
+ return 1
+ fi
+ if [ "$1" = "-p" ]; then
+ pid_file=$2
+ shift 2
+ fi
+ fail_code=3 # "Program is not running"
+
+ # First try "/var/run/*.pid" files
+ __pids_var_run "$1" "$pid_file"
+ RC=$?
+ if [ -n "$pid" ]; then
+ echo $pid
+ return 0
+ fi
+
+ [ -n "$pid_file" ] && return $RC
+ __pids_pidof "$1" || return $RC
+}
+
+status() {
+ local base pid lock_file= pid_file=
+
+ # Test syntax.
+ if [ "$#" = 0 ] ; then
+ echo $"Usage: status [-p pidfile] {program}"
+ return 1
+ fi
+ if [ "$1" = "-p" ]; then
+ pid_file=$2
+ shift 2
+ fi
+ if [ "$1" = "-l" ]; then
+ lock_file=$2
+ shift 2
+ fi
+ base=${1##*/}
+
+ if [ "$_use_systemctl" = "1" ]; then
+ systemctl status ${0##*/}.service
+ return $?
+ fi
+
+ # First try "pidof"
+ __pids_var_run "$1" "$pid_file"
+ RC=$?
+ if [ -z "$pid_file" -a -z "$pid" ]; then
+ pid="$(__pids_pidof "$1")"
+ fi
+ if [ -n "$pid" ]; then
+ echo $"${base} (pid $pid) is running..."
+ return 0
+ fi
+
+ case "$RC" in
+ 0)
+ echo $"${base} (pid $pid) is running..."
+ return 0
+ ;;
+ 1)
+ echo $"${base} dead but pid file exists"
+ return 1
+ ;;
+ 4)
+ echo $"${base} status unknown due to insufficient privileges."
+ return 4
+ ;;
+ esac
+ if [ -z "${lock_file}" ]; then
+ lock_file=${base}
+ fi
+ # See if /var/lock/subsys/${lock_file} exists
+ if [ -f /var/lock/subsys/${lock_file} ]; then
+ echo $"${base} dead but subsys locked"
+ return 2
+ fi
+ echo $"${base} is stopped"
+ return 3
+}
+
+echo_success() {
+ [ "$BOOTUP" = "color" ] && $MOVE_TO_COL
+ echo -n "["
+ [ "$BOOTUP" = "color" ] && $SETCOLOR_SUCCESS
+ echo -n $" OK "
+ [ "$BOOTUP" = "color" ] && $SETCOLOR_NORMAL
+ echo -n "]"
+ echo -ne "\r"
+ return 0
+}
+
+echo_failure() {
+ [ "$BOOTUP" = "color" ] && $MOVE_TO_COL
+ echo -n "["
+ [ "$BOOTUP" = "color" ] && $SETCOLOR_FAILURE
+ echo -n $"FAILED"
+ [ "$BOOTUP" = "color" ] && $SETCOLOR_NORMAL
+ echo -n "]"
+ echo -ne "\r"
+ return 1
+}
+
+echo_passed() {
+ [ "$BOOTUP" = "color" ] && $MOVE_TO_COL
+ echo -n "["
+ [ "$BOOTUP" = "color" ] && $SETCOLOR_WARNING
+ echo -n $"PASSED"
+ [ "$BOOTUP" = "color" ] && $SETCOLOR_NORMAL
+ echo -n "]"
+ echo -ne "\r"
+ return 1
+}
+
+echo_warning() {
+ [ "$BOOTUP" = "color" ] && $MOVE_TO_COL
+ echo -n "["
+ [ "$BOOTUP" = "color" ] && $SETCOLOR_WARNING
+ echo -n $"WARNING"
+ [ "$BOOTUP" = "color" ] && $SETCOLOR_NORMAL
+ echo -n "]"
+ echo -ne "\r"
+ return 1
+}
+
+# Inform the graphical boot of our current state
+update_boot_stage() {
+ if [ -x /usr/bin/plymouth ]; then
+ /usr/bin/plymouth --update="$1"
+ fi
+ return 0
+}
+
+# Log that something succeeded
+success() {
+ [ "$BOOTUP" != "verbose" -a -z "${LSB:-}" ] && echo_success
+ return 0
+}
+
+# Log that something failed
+failure() {
+ local rc=$?
+ [ "$BOOTUP" != "verbose" -a -z "${LSB:-}" ] && echo_failure
+ [ -x /usr/bin/plymouth ] && /usr/bin/plymouth --details
+ return $rc
+}
+
+# Log that something passed, but may have had errors. Useful for fsck
+passed() {
+ local rc=$?
+ [ "$BOOTUP" != "verbose" -a -z "${LSB:-}" ] && echo_passed
+ return $rc
+}
+
+# Log a warning
+warning() {
+ local rc=$?
+ [ "$BOOTUP" != "verbose" -a -z "${LSB:-}" ] && echo_warning
+ return $rc
+}
+
+# Run some action. Log its output.
+action() {
+ local STRING rc
+
+ STRING=$1
+ echo -n "$STRING "
+ shift
+ "$@" && success $"$STRING" || failure $"$STRING"
+ rc=$?
+ echo
+ return $rc
+}
+
+# returns OK if $1 contains $2
+strstr() {
+ [ "${1#*$2*}" = "$1" ] && return 1
+ return 0
+}
+
+# Confirm whether we really want to run this service
+confirm() {
+ [ -x /usr/bin/plymouth ] && /usr/bin/plymouth --hide-splash
+ while : ; do
+ echo -n $"Start service $1 (Y)es/(N)o/(C)ontinue? [Y] "
+ read answer
+ if strstr $"yY" "$answer" || [ "$answer" = "" ] ; then
+ return 0
+ elif strstr $"cC" "$answer" ; then
+ rm -f /var/run/confirm
+ [ -x /usr/bin/plymouth ] && /usr/bin/plymouth --show-splash
+ return 2
+ elif strstr $"nN" "$answer" ; then
+ return 1
+ fi
+ done
+}
+
+# resolve a device node to its major:minor numbers in decimal or hex
+get_numeric_dev() {
+(
+ fmt="%d:%d"
+ if [ "$1" = "hex" ]; then
+ fmt="%x:%x"
+ fi
+ ls -lH "$2" | awk '{ sub(/,/, "", $5); printf("'"$fmt"'", $5, $6); }'
+) 2>/dev/null
+}
+
+# Check whether file $1 is a backup or rpm-generated file and should be ignored
+is_ignored_file() {
+ case "$1" in
+ *~ | *.bak | *.orig | *.rpmnew | *.rpmorig | *.rpmsave)
+ return 0
+ ;;
+ esac
+ return 1
+}
+
+# Evaluate shvar-style booleans
+is_true() {
+ case "$1" in
+ [tT] | [yY] | [yY][eE][sS] | [tT][rR][uU][eE])
+ return 0
+ ;;
+ esac
+ return 1
+}
+
+# Evaluate shvar-style booleans
+is_false() {
+ case "$1" in
+ [fF] | [nN] | [nN][oO] | [fF][aA][lL][sS][eE])
+ return 0
+ ;;
+ esac
+ return 1
+}
+
+key_is_random() {
+ [ "$1" = "/dev/urandom" -o "$1" = "/dev/hw_random" \
+ -o "$1" = "/dev/random" ]
+}
+
+find_crypto_mount_point() {
+ local fs_spec fs_file fs_vfstype remaining_fields
+ local fs
+ while read fs_spec fs_file remaining_fields; do
+ if [ "$fs_spec" = "/dev/mapper/$1" ]; then
+ echo $fs_file
+ break;
+ fi
+ done < /etc/fstab
+}
+
+# Because of a chicken/egg problem, init_crypto must be run twice. /var may be
+# encrypted but /var/lib/random-seed is needed to initialize swap.
+init_crypto() {
+ local have_random dst src key opt mode owner params makeswap skip arg opt
+ local param value rc ret mke2fs mdir prompt mount_point
+
+ ret=0
+ have_random=$1
+ while read dst src key opt; do
+ [ -z "$dst" -o "${dst#\#}" != "$dst" ] && continue
+ [ -b "/dev/mapper/$dst" ] && continue;
+ if [ "$have_random" = 0 ] && key_is_random "$key"; then
+ continue
+ fi
+ if [ -n "$key" -a "x$key" != "xnone" ]; then
+ if test -e "$key" ; then
+ owner=$(ls -l $key | (read a b owner rest; echo $owner))
+ if ! key_is_random "$key"; then
+ mode=$(ls -l "$key" | cut -c 5-10)
+ if [ "$mode" != "------" ]; then
+ echo $"INSECURE MODE FOR $key"
+ fi
+ fi
+ if [ "$owner" != root ]; then
+ echo $"INSECURE OWNER FOR $key"
+ fi
+ else
+ echo $"Key file for $dst not found, skipping"
+ ret=1
+ continue
+ fi
+ else
+ key=""
+ fi
+ params=""
+ makeswap=""
+ mke2fs=""
+ skip=""
+ # Parse the src field for UUID= and convert to real device names
+ if [ "${src%%=*}" == "UUID" ]; then
+ src=$(/sbin/blkid -t "$src" -l -o device)
+ elif [ "${src/^\/dev\/disk\/by-uuid\/}" != "$src" ]; then
+ src=$(__readlink $src)
+ fi
+ # Is it a block device?
+ [ -b "$src" ] || continue
+ # Is it already a device mapper slave? (this is gross)
+ devesc=${src##/dev/}
+ devesc=${devesc//\//!}
+ for d in /sys/block/dm-*/slaves ; do
+ [ -e $d/$devesc ] && continue 2
+ done
+ # Parse the options field, convert to cryptsetup parameters and
+ # contruct the command line
+ while [ -n "$opt" ]; do
+ arg=${opt%%,*}
+ opt=${opt##$arg}
+ opt=${opt##,}
+ param=${arg%%=*}
+ value=${arg##$param=}
+
+ case "$param" in
+ cipher)
+ params="$params -c $value"
+ if [ -z "$value" ]; then
+ echo $"$dst: no value for cipher option, skipping"
+ skip="yes"
+ fi
+ ;;
+ size)
+ params="$params -s $value"
+ if [ -z "$value" ]; then
+ echo $"$dst: no value for size option, skipping"
+ skip="yes"
+ fi
+ ;;
+ hash)
+ params="$params -h $value"
+ if [ -z "$value" ]; then
+ echo $"$dst: no value for hash option, skipping"
+ skip="yes"
+ fi
+ ;;
+ verify)
+ params="$params -y"
+ ;;
+ swap)
+ makeswap=yes
+ ;;
+ tmp)
+ mke2fs=yes
+ esac
+ done
+ if [ "$skip" = "yes" ]; then
+ ret=1
+ continue
+ fi
+ if [ -z "$makeswap" ] && cryptsetup isLuks "$src" 2>/dev/null ; then
+ if key_is_random "$key"; then
+ echo $"$dst: LUKS requires non-random key, skipping"
+ ret=1
+ continue
+ fi
+ if [ -n "$params" ]; then
+ echo "$dst: options are invalid for LUKS partitions," \
+ "ignoring them"
+ fi
+ if [ -n "$key" ]; then
+ /sbin/cryptsetup -d $key luksOpen "$src" "$dst" <&1 2>/dev/null && success || failure
+ rc=$?
+ else
+ mount_point="$(find_crypto_mount_point $dst)"
+ [ -n "$mount_point" ] || mount_point=${src##*/}
+ prompt=$(printf $"%s is password protected" "$mount_point")
+ plymouth ask-for-password --prompt "$prompt" --command="/sbin/cryptsetup luksOpen -T1 $src $dst" <&1
+ rc=$?
+ fi
+ else
+ [ -z "$key" ] && plymouth --hide-splash
+ /sbin/cryptsetup $params ${key:+-d $key} create "$dst" "$src" <&1 2>/dev/null && success || failure
+ rc=$?
+ [ -z "$key" ] && plymouth --show-splash
+ fi
+ if [ $rc -ne 0 ]; then
+ ret=1
+ continue
+ fi
+ if [ -b "/dev/mapper/$dst" ]; then
+ if [ "$makeswap" = "yes" ]; then
+ mkswap "/dev/mapper/$dst" 2>/dev/null >/dev/null
+ fi
+ if [ "$mke2fs" = "yes" ]; then
+ if mke2fs "/dev/mapper/$dst" 2>/dev/null >/dev/null \
+ && mdir=$(mktemp -d /tmp/mountXXXXXX); then
+ mount "/dev/mapper/$dst" "$mdir" && chmod 1777 "$mdir"
+ umount "$mdir"
+ rmdir "$mdir"
+ fi
+ fi
+ fi
+ done < /etc/crypttab
+ return $ret
+}
+
+# A sed expression to filter out the files that is_ignored_file recognizes
+__sed_discard_ignored_files='/\(~\|\.bak\|\.orig\|\.rpmnew\|\.rpmorig\|\.rpmsave\)$/d'
+
+if [ "$_use_systemctl" = "1" ]; then
+ if [ "x$1" = xstart -o \
+ "x$1" = xstop -o \
+ "x$1" = xrestart -o \
+ "x$1" = xreload -o \
+ "x$1" = xtry-restart -o \
+ "x$1" = xforce-reload -o \
+ "x$1" = xcondrestart ] ; then
+
+ systemctl_redirect $0 $1
+ exit $?
+ fi
+fi
# source function library
. /etc/init.d/functions
+
+# <jordan>
+
+# borrowed from postgresql
+versions=()
+for v in `ls /usr/lib/postgresql/ 2>/dev/null`; do
+ if [ -x /usr/lib/postgresql/$v/bin/pg_ctl ] && [ ! -x /etc/init.d/postgresql-$v ]; then
+ versions+=($v)
+ fi
+done
+if [[ ${#versions[*]} == "0" ]]; then
+ echo "E: Missing postgresql installation. Aborting."
+ exit
+fi
+if [[ ${#versions[*]} != "1" ]]; then
+ echo "E: Too many postgresql versions installed. Aborting."
+ exit
+fi
+pgver=${versions[0]}
+
+LOCKFILE=/var/run/sfa-start.py
+# </jordan>
+
# Default locations
-PGDATA=/var/lib/pgsql/data
+PGDATA=/etc/postgresql/$pgver/main/
postgresql_conf=$PGDATA/postgresql.conf
pghba_conf=$PGDATA/pg_hba.conf
postgresql_sysconfig=/etc/sysconfig/pgsql
function postgresql_check () {
# wait until postmaster is up and running - or 10s max
- if status postmaster >& /dev/null && [ -f /var/lock/subsys/postgresql ] ; then
+ if status postgres >& /dev/null && [ -f /var/run/postgresql/$pgver-main.pid ] ; then
# The only way we can be sure is if we can access it
for i in $(seq 1 10) ; do
# Must do this as the postgres user initially (before we
[ "$SFA_FLASHPOLICY_ENABLED" == 1 ] && \
action "Flash Policy Server" daemon /usr/bin/sfa_flashpolicy.py --file="$SFA_FLASHPOLICY_CONFIG_FILE" --port=$SFA_FLASHPOLICY_PORT -d
- touch /var/lock/subsys/sfa-start.py
+ touch $LOCKFILE
}
db_stop
- rm -f /var/lock/subsys/sfa-start.py
+ rm -f $LOCKFILE
}
reload) reload force ;;
restart) stop; start ;;
condrestart)
- if [ -f /var/lock/subsys/sfa-start.py ]; then
+ if [ -f $LOCKFILE ]; then
stop
start
fi
--- /dev/null
+#!/bin/bash
+#
+# sfa Wraps PLCAPI into the SFA compliant API
+#
+# hopefully right after plc
+# chkconfig: 2345 61 39
+#
+# description: Wraps PLCAPI into the SFA compliant API
+#
+
+# source function library
+. /etc/init.d/functions
+# Default locations
+PGDATA=/var/lib/pgsql/data
+postgresql_conf=$PGDATA/postgresql.conf
+pghba_conf=$PGDATA/pg_hba.conf
+postgresql_sysconfig=/etc/sysconfig/pgsql
+
+# SFA consolidated (merged) config file
+sfa_whole_config=/etc/sfa/sfa_config
+# SFA default config (read-only template)
+sfa_default_config=/etc/sfa/default_config.xml
+# SFA local (site-dependent) file
+sfa_local_config=/etc/sfa/configs/site_config
+sfa_local_config_xml=/etc/sfa/configs/site_config.xml
+
+# Source sfa shell config if present
+[ -f /etc/sfa/sfa_config.sh ] && . /etc/sfa/sfa_config.sh
+
+# Export so that we do not have to specify -p to psql invocations
+export PGPORT=$SFA_DB_PORT
+
+##########
+# Total number of errors
+ERRORS=0
+
+# Count the exit status of the last command
+check ()
+{
+ ERRORS=$(($ERRORS+$?))
+}
+
+# can't trust the return of service postgresql start / nor status
+function postgresql_check () {
+
+ # wait until postmaster is up and running - or 10s max
+ if status postmaster >& /dev/null && [ -f /var/lock/subsys/postgresql ] ; then
+ # The only way we can be sure is if we can access it
+ for i in $(seq 1 10) ; do
+ # Must do this as the postgres user initially (before we
+ # fix pg_hba.conf to passwordless localhost access).
+ su -c 'psql -U postgres -c "" template1' postgres && return 0
+ sleep 1
+ done
+ fi
+
+ return 1
+}
+
+# use a single date of this script invocation for the dump_*_db functions.
+DATE=$(date +"%Y-%m-%d-%H-%M-%S")
+
+# Dumps the database - optional argument to specify filename suffix
+function dump_sfa_db() {
+ if [ -n "$1" ] ; then suffix="-$1" ; else suffix="" ; fi
+ mkdir -p /usr/share/sfa/backups
+ dumpfile=/usr/share/sfa/backups/$(date +"${SFA_DB_NAME}.${DATE}${suffix}.sql")
+ pg_dump -U $SFA_DB_USER $SFA_DB_NAME > $dumpfile
+ echo "Saved sfa database in $dumpfile"
+ check
+}
+
+# Regenerate configuration files - almost verbatim from plc.init
+function reload () {
+ force=$1
+
+ # Regenerate the main configuration file from default values
+ # overlaid with site-specific and current values.
+ # Thierry -- 2007-07-05 : values in plc_config.xml are *not* taken into account here
+ files=( $sfa_default_config $sfa_local_config )
+ for file in "${files[@]}" ; do
+ if [ -n "$force" -o $file -nt $sfa_whole_config ] ; then
+ tmp=$(mktemp /tmp/sfa_config.XXXXXX)
+ sfa-config --python "${files[@]}" >$tmp
+ if [ $? -eq 0 ] ; then
+ mv $tmp $sfa_whole_config
+ chmod 444 $sfa_whole_config
+ else
+ echo "SFA: Warning: Invalid configuration file(s) detected"
+ rm -f $tmp
+ fi
+ break
+ fi
+ done
+
+ # Convert configuration to various formats
+ if [ -f $sfa_local_config_xml ] ; then
+ sfa-config --python $sfa_local_config_xml > $sfa_local_config
+ rm $sfa_local_config_xml
+ fi
+ if [ -n "$force" -o $sfa_local_config -nt $sfa_whole_config ] ; then
+ sfa-config --python $sfa_default_config $sfa_local_config > $sfa_whole_config
+ fi
+ if [ -n "$force" -o $sfa_whole_config -nt /etc/sfa/sfa_config.sh ] ; then
+ sfa-config --shell $sfa_default_config $sfa_local_config > /etc/sfa/sfa_config.sh
+ fi
+# if [ -n "$force" -o $sfa_whole_config -nt /etc/sfa/php/sfa_config.php ] ; then
+# mkdir -p /etc/sfa/php
+# plc-config --php $sfa_whole_config >/etc/sfa/php/sfa_config.php
+# fi
+
+ # [re]generate the sfa_component_config
+ # this is a server-side thing but produces a file that somehow needs to be pushed
+ # on the planetlab nodes; in the case where sfa and myplc run on different boxes
+ # (or there is no myplc at all) this should be turned off
+ # as the component manager is not operational yet we skip this for now
+ #gen-sfa-cm-config.py
+
+ # reload the shell version
+ [ -f /etc/sfa/sfa_config.sh ] && . /etc/sfa/sfa_config.sh
+
+}
+
+### initialize DB (don't chkconfig postgresql on)
+function db_start () {
+
+ # only if enabled
+ [ "$SFA_DB_ENABLED" == 1 -o "$SFA_DB_ENABLED" == True ] || return
+
+ if ! rpm -q myplc >& /dev/null; then
+
+ ######## standalone deployment - no colocated myplc
+
+ ######## sysconfig
+ # Set data directory and redirect startup output to /var/log/pgsql
+ mkdir -p $(dirname $postgresql_sysconfig)
+ # remove previous definitions
+ touch $postgresql_sysconfig
+ tmp=${postgresql_sysconfig}.new
+ ( egrep -v '^(PGDATA=|PGLOG=|PGPORT=)' $postgresql_sysconfig
+ echo "PGDATA=$PGDATA"
+ echo "PGLOG=/var/log/pgsql"
+ echo "PGPORT=$SFA_DB_PORT"
+ ) >> $tmp ; mv -f $tmp $postgresql_sysconfig
+
+ ######## /var/lib/pgsql/data
+ # Fix ownership (rpm installation may have changed it)
+ chown -R -H postgres:postgres $(dirname $PGDATA)
+
+ # PostgreSQL must be started at least once to bootstrap
+ # /var/lib/pgsql/data
+ if [ ! -f $postgresql_conf ] ; then
+ service postgresql initdb &> /dev/null || :
+ check
+ fi
+
+ ######## /var/lib/pgsql/data/postgresql.conf
+ registry_ip=""
+ foo=$(python -c "import socket; print socket.gethostbyname(\"$SFA_REGISTRY_HOST\")") && registry_ip="$foo"
+ # Enable DB server. drop Postgresql<=7.x
+ # PostgreSQL >=8.0 defines listen_addresses
+ # listen on a specific IP + localhost, more robust when run within a vserver
+ sed -i -e '/^listen_addresses/d' $postgresql_conf
+ if [ -z "$registry_ip" ] ; then
+ echo "listen_addresses = 'localhost'" >> $postgresql_conf
+ else
+ echo "listen_addresses = '${registry_ip},localhost'" >> $postgresql_conf
+ fi
+ # tweak timezone to be 'UTC'
+ sed -i -e '/^timezone=/d' $postgresql_conf
+ echo "timezone='UTC'" >> $postgresql_conf
+
+ ######## /var/lib/pgsql/data/pg_hba.conf
+ # Disable access to all DBs from all hosts
+ sed -i -e '/^\(host\|local\)/d' $pghba_conf
+
+ # Enable passwordless localhost access
+ echo "local all all trust" >>$pghba_conf
+ # grant access
+ (
+ echo "host $SFA_DB_NAME $SFA_DB_USER 127.0.0.1/32 password"
+ [ -n "$registry_ip" ] && echo "host $SFA_DB_NAME $SFA_DB_USER ${registry_ip}/32 password"
+ ) >>$pghba_conf
+
+ if [ "$SFA_GENERIC_FLAVOUR" == "openstack" ] ; then
+ [ -n "$registry_ip" ] && echo "host nova nova ${registry_ip}/32 password" >> $pghba_conf
+ fi
+
+ # Fix ownership (sed -i changes it)
+ chown postgres:postgres $postgresql_conf $pghba_conf
+
+ ######## compute a password if needed
+ if [ -z "$SFA_DB_PASSWORD" ] ; then
+ SFA_DB_PASSWORD=$(uuidgen)
+ sfa-config --category=sfa_db --variable=password --value="$SFA_DB_PASSWORD" --save=$sfa_local_config $sfa_local_config >& /dev/null
+ reload force
+ fi
+
+ else
+
+ ######## we are colocated with a myplc
+ # no need to worry about the pgsql setup (see /etc/plc.d/postgresql)
+ # myplc enforces the password for its user
+ PLC_DB_USER=$(plc-config --category=plc_db --variable=user)
+ PLC_DB_PASSWORD=$(plc-config --category=plc_db --variable=password)
+ # store this as the SFA user/password
+ sfa-config --category=sfa_db --variable=user --value=$PLC_DB_USER --save=$sfa_local_config $sfa_local_config >& /dev/null
+ sfa-config --category=sfa_db --variable=password --value=$PLC_DB_PASSWORD --save=$sfa_local_config $sfa_local_config >& /dev/null
+ reload force
+ fi
+
+ ######## Start up the server
+ # not too nice, but.. when co-located with myplc we'll let it start/stop postgresql
+ if ! rpm -q myplc >& /dev/null ; then
+ echo STARTING...
+ service postgresql start >& /dev/null
+ fi
+ postgresql_check
+ check
+
+ ######## make sure we have the user and db created
+ # user
+ if ! psql -U $SFA_DB_USER -c "" template1 >/dev/null 2>&1 ; then
+ psql -U postgres -c "CREATE USER $SFA_DB_USER PASSWORD '$SFA_DB_PASSWORD'" template1 >& /dev/null
+ else
+ psql -U postgres -c "ALTER USER $SFA_DB_USER WITH PASSWORD '$SFA_DB_PASSWORD'" template1 >& /dev/null
+ fi
+ check
+
+ # db
+ if ! psql -U $SFA_DB_USER -c "" $SFA_DB_NAME >/dev/null 2>&1 ; then
+ createdb -U postgres --template=template0 --encoding=UNICODE --owner=$SFA_DB_USER $SFA_DB_NAME
+ check
+ fi
+ check
+ # mention sfaadmin.py instead of just sfaadmin for people who do not install through rpm
+ sfaadmin.py reg sync_db
+
+ MESSAGE=$"SFA: Checking for PostgreSQL server"
+ echo -n "$MESSAGE"
+ [ "$ERRORS" == 0 ] && success "$MESSAGE" || failure "$MESSAGE" ; echo
+}
+
+# shutdown DB
+function db_stop () {
+
+ # only if enabled
+ [ "$SFA_DB_ENABLED" == 1 -o "$SFA_DB_ENABLED" == True ] || return
+
+ # not too nice, but.. when co-located with myplc we'll let it start/stop postgresql
+ if ! rpm -q myplc >& /dev/null ; then
+ service postgresql stop >& /dev/null
+ check
+ MESSAGE=$"Stopping PostgreSQL server"
+ echo -n "$MESSAGE"
+ [ "$ERRORS" == 0 ] && success "$MESSAGE" || failure "$MESSAGE" ; echo
+ fi
+}
+
+function start() {
+
+ reload
+
+ db_start
+ # migrations are now handled in the code by sfa.storage.dbschema
+
+ # install peer certs
+ action $"SFA: installing peer certs" daemon /usr/bin/sfa-start.py -t -d $OPTIONS
+
+ [ "$SFA_REGISTRY_ENABLED" == 1 -o "$SFA_REGISTRY_ENABLED" == True ] && action $"SFA: Registry" daemon /usr/bin/sfa-start.py -r -d $OPTIONS
+
+ [ "$SFA_AGGREGATE_ENABLED" == 1 -o "$SFA_AGGREGATE_ENABLED" == True ] && action $"SFA: Aggregate" daemon /usr/bin/sfa-start.py -a -d $OPTIONS
+
+ [ "$SFA_SM_ENABLED" == 1 -o "$SFA_SM_ENABLED" == True ] && action "SFA: SliceMgr" daemon /usr/bin/sfa-start.py -s -d $OPTIONS
+
+ [ "$SFA_FLASHPOLICY_ENABLED" == 1 ] && \
+ action "Flash Policy Server" daemon /usr/bin/sfa_flashpolicy.py --file="$SFA_FLASHPOLICY_CONFIG_FILE" --port=$SFA_FLASHPOLICY_PORT -d
+
+ touch /var/lock/subsys/sfa-start.py
+
+}
+
+function stop() {
+ action $"Shutting down SFA" killproc sfa-start.py
+
+ db_stop
+
+ rm -f /var/lock/subsys/sfa-start.py
+}
+
+
+case "$1" in
+ start) start ;;
+ stop) stop ;;
+ reload) reload force ;;
+ restart) stop; start ;;
+ condrestart)
+ if [ -f /var/lock/subsys/sfa-start.py ]; then
+ stop
+ start
+ fi
+ ;;
+ status)
+ status sfa-start.py
+ RETVAL=$?
+ ;;
+ dbdump)
+ dump_sfa_db
+ ;;
+ *)
+ echo $"Usage: $0 {start|stop|reload|restart|condrestart|status|dbdump}"
+ exit 1
+ ;;
+esac
+
+exit $RETVAL
+
'sfatables/processors',
]
-initscripts = [ 'sfa', 'sfa-cm' ]
+initscripts = [ 'functions', 'sfa', 'sfa-cm' ]
data_files = [ ('/etc/sfa/', [ 'config/aggregates.xml',
'config/registries.xml',
self.print_help()
sys.exit(1)
target_hrn = args[0]
- gid = self.registry().CreateGid(self.my_credential_string, target_hrn, self.client_bootstrap.my_gid_string())
+ my_gid_string = open(self.client_bootstrap.my_gid()).read()
+ gid = self.registry().CreateGid(self.my_credential_string, target_hrn, my_gid_string)
if options.file:
filename = options.file
else:
--- /dev/null
+import os
+
+from sfa.util.config import Config
+from sfa.util.xrn import Xrn, get_leaf, get_authority, hrn_to_urn
+
+from sfa.trust.gid import create_uuid
+from sfa.trust.certificate import convert_public_key, Keypair
+
+from sfa.storage.alchemy import dbsession
+from sfa.storage.model import RegRecord, RegAuthority, RegSlice, RegNode, RegUser, RegKey
+
+class Importer:
+
+ def __init__ (self, auth_hierarchy, logger):
+ self.auth_hierarchy = auth_hierarchy
+ self.logger=logger
+
+ def add_options (self, parser):
+ # We don't have any options for now
+ pass
+
+ # hrn hash is initialized from current db
+ # remember just-created records as we go
+ # xxx might make sense to add a UNIQUE constraint in the db itself
+ def remember_record_by_hrn (self, record):
+ tuple = (record.type, record.hrn)
+ if tuple in self.records_by_type_hrn:
+ self.logger.warning ("Importer.remember_record_by_hrn: duplicate (%s,%s)"%tuple)
+ return
+ self.records_by_type_hrn [ tuple ] = record
+
+ # ditto for pointer hash
+ def remember_record_by_pointer (self, record):
+ if record.pointer == -1:
+ self.logger.warning ("Importer.remember_record_by_pointer: pointer is void")
+ return
+ tuple = (record.type, record.pointer)
+ if tuple in self.records_by_type_pointer:
+ self.logger.warning ("Importer.remember_record_by_pointer: duplicate (%s,%s)"%tuple)
+ return
+ self.records_by_type_pointer [ ( record.type, record.pointer,) ] = record
+
+ def remember_record (self, record):
+ self.remember_record_by_hrn (record)
+ self.remember_record_by_pointer (record)
+
+ def locate_by_type_hrn (self, type, hrn):
+ return self.records_by_type_hrn.get ( (type, hrn), None)
+
+ def locate_by_type_pointer (self, type, pointer):
+ return self.records_by_type_pointer.get ( (type, pointer), None)
+
+ ############################################################################
+ # Object import functions (authorities, resources, users, slices)
+ #
+
+ def import_auth(self, auth, parent_auth_hrn):
+ """
+ @return HRN of the newly created authority
+ """
+ auth_hrn = self.get_auth_naming(auth, parent_auth_hrn)
+ auth_urn = hrn_to_urn(auth_hrn, 'authority')
+
+ # import if hrn is not in list of existing hrns or if the hrn exists
+ # but its not a auth record
+ auth_record=self.locate_by_type_hrn ('authority', auth_hrn)
+ if not auth_record:
+ try:
+ # We ensure the parent is created through the root
+ #if not self.auth_hierarchy.auth_exists(auth_urn):
+ # self.auth_hierarchy.create_auth(auth_urn)
+ auth_info = self.auth_hierarchy.get_auth_info(auth_urn)
+ auth_record = RegAuthority(hrn = auth_hrn, gid = auth_info.get_gid_object(),
+ pointer = 0,
+ authority = get_authority(auth_hrn))
+ auth_record.just_created()
+ dbsession.add(auth_record)
+ dbsession.commit()
+ self.logger.info("Importer: imported authority (auth) : %s" % auth_record)
+ self.remember_record (auth_record)
+ except Exception, e:
+ # if the auth import fails then there is no point in trying to import the
+ # auth's child records (node, slices, persons), so skip them.
+ raise Exception, "Importer: failed to import auth. Skipping child records : %s" % e
+ else:
+ # xxx update the record ...
+ pass
+ auth_record.stale=False
+
+ return auth_hrn
+
+ def import_resource(self, resource, parent_auth_hrn):
+ """
+ @return HRN of the newly created resource
+ """
+ resource_hrn = self.get_resource_naming(resource, parent_auth_hrn)
+ resource_urn = hrn_to_urn(resource_hrn, 'node')
+
+ resource_record = self.locate_by_type_hrn ('node', resource_hrn )
+ if not resource_record:
+ try:
+ pkey = Keypair(create=True)
+ resource_gid = self.auth_hierarchy.create_gid(resource_urn, create_uuid(), pkey)
+ resource_record = RegNode (hrn = resource_hrn, gid = resource_gid,
+ pointer = resource['id'],
+ authority = get_authority(resource_hrn))
+ resource_record.just_created()
+ dbsession.add(resource_record)
+ dbsession.commit()
+ self.logger.info("Importer: imported resource: %s" % resource_record)
+ self.remember_record (resource_record)
+ except:
+ self.logger.log_exc("Importer: failed to import resource")
+ else:
+ # xxx update the record ...
+ pass
+
+ resource_record.stale=False
+
+ return resource_hrn
+
+ def init_user_key(self, user):
+ pubkey = None
+ pkey = None
+ if user['keys']:
+ # pick first working key in set
+ for pubkey in user['keys']:
+ try:
+ pkey = convert_public_key(pubkey)
+ break
+ except:
+ continue
+ if not pkey:
+ self.logger.warn('Importer: unable to convert public key for %s' % user_hrn)
+ pkey = Keypair(create=True)
+ else:
+ # the user has no keys. Creating a random keypair for the user's gid
+ self.logger.warn("Importer: user %s does not have a public key on the testbed"%user_hrn)
+ pkey = Keypair(create=True)
+ return (pubkey, pkey)
+
+ def import_user(self, user, parent_auth_hrn):
+ """
+ @return HRN of the newly created user
+ """
+ user_hrn = self.get_user_naming(user, parent_auth_hrn)
+ user_urn = hrn_to_urn(user_hrn, 'user')
+
+ # return a tuple pubkey (a public key) and pkey (a Keypair object)
+
+ user_record = self.locate_by_type_hrn ( 'user', user_hrn)
+ try:
+ if not user_record:
+ (pubkey,pkey) = self.init_user_key (user)
+ user_gid = self.auth_hierarchy.create_gid(user_urn, create_uuid(), pkey)
+ user_gid.set_email(user['email'])
+ user_record = RegUser(hrn = user_hrn, gid = user_gid,
+ pointer = user['id'],
+ authority = get_authority(user_hrn),
+ email = user['email'])
+ if pubkey:
+ user_record.reg_keys=[RegKey(pubkey)]
+ else:
+ self.logger.warning("No key found for user %s" % user_record)
+ user_record.just_created()
+ dbsession.add (user_record)
+ dbsession.commit()
+ self.logger.info("Importer: imported user: %s" % user_record)
+ self.remember_record ( user_record )
+ else:
+ # update the record ?
+ # if user's primary key has changed then we need to update the
+ # users gid by forcing an update here
+ sfa_keys = user_record.reg_keys
+ def key_in_list (key,sfa_keys):
+ for reg_key in sfa_keys:
+ if reg_key.key==key: return True
+ return False
+ # is there a new key ? XXX understand ?
+ new_keys=False
+ for key in user['keys']:
+ if not key_in_list (key,sfa_keys):
+ new_keys = True
+ if new_keys:
+ (pubkey,pkey) = init_user_key (user)
+ user_gid = self.auth_hierarchy.create_gid(user_urn, create_uuid(), pkey)
+ if not pubkey:
+ user_record.reg_keys=[]
+ else:
+ user_record.reg_keys=[ RegKey (pubkey)]
+ self.logger.info("Importer: updated user: %s" % user_record)
+ user_record.email = user['email']
+ dbsession.commit()
+ user_record.stale=False
+ except:
+ self.logger.log_exc("Importer: failed to import user %s %s"%(user['id'],user['email']))
+
+ return user_hrn
+
+ def import_slice(self, slice, parent_auth_hrn):
+ """
+ @return HRN of the newly created slice
+ """
+ slice_hrn = self.get_slice_naming(slice, parent_auth_hrn)
+ slice_urn = hrn_to_urn(slice_hrn, 'slice')
+
+ slice_record = self.locate_by_type_hrn ('slice', slice_hrn)
+ if not slice_record:
+ try:
+ pkey = Keypair(create=True)
+ slice_gid = self.auth_hierarchy.create_gid(slice_urn, create_uuid(), pkey)
+ slice_record = RegSlice (hrn=slice_hrn, gid=slice_gid,
+ pointer=slice['id'],
+ authority=get_authority(slice_hrn))
+ slice_record.just_created()
+ dbsession.add(slice_record)
+ dbsession.commit()
+ self.logger.info("Importer: imported slice: %s" % slice_record)
+ self.remember_record ( slice_record )
+ except:
+ self.logger.log_exc("Importer: failed to import slice")
+ else:
+ # xxx update the record ...
+ self.logger.warning ("Slice update not yet implemented")
+ pass
+ # record current users affiliated with the slice
+ slice_record.reg_researchers = \
+ [ self.locate_by_type_pointer ('user',int(id)) for id in slice['user_ids'] ]
+ dbsession.commit()
+ slice_record.stale=False
+
+ return slice_hrn
+
+ ############################################################################
+ # Recursive import
+ #
+ def import_auth_rec(self, auth, parent=None):
+ """
+ Import authority and related objects (resources, users, slices), then
+ recurse through all subauthorities.
+
+ @param auth authority to be processed.
+ @return 1 if successful, exception otherwise
+ """
+
+ # Create entry for current authority
+ try:
+ auth_hrn = self.import_auth(auth, parent)
+
+ # Import objects related to current authority
+ if auth['resource_ids']:
+ for resource_id in auth['resource_ids']:
+ self.import_resource(self.resources_by_id[resource_id], auth_hrn)
+ if auth['user_ids']:
+ for user_id in auth['user_ids']:
+ self.import_user(self.users_by_id[user_id], auth_hrn)
+ if auth['slice_ids']:
+ for slice_id in auth['slice_ids']:
+ self.import_slice(self.slices_by_id[slice_id], auth_hrn)
+
+ # Recursive import of subauthorities
+ if auth['auth_ids']:
+ for auth_id in auth['auth_ids']:
+ self.import_auth_rec(self.authorities_by_id[auth_id], auth_hrn)
+ except Exception, e:
+ self.logger.log_exc(e)
+ pass
+
+ def locate_by_type_hrn (self, type, hrn):
+ return self.records_by_type_hrn.get ( (type, hrn), None)
+
+ ############################################################################
+ # Main processing function
+ #
+ def run (self, options):
+ config = Config ()
+ interface_hrn = config.SFA_INTERFACE_HRN
+ root_auth = config.SFA_REGISTRY_ROOT_AUTH
+ # <mytestbed> shell = NitosShell (config)
+
+ ######## retrieve all existing SFA objects
+ all_records = dbsession.query(RegRecord).all()
+
+ # create hash by (type,hrn)
+ # we essentially use this to know if a given record is already known to SFA
+ self.records_by_type_hrn = \
+ dict ( [ ( (record.type, record.hrn) , record ) for record in all_records ] )
+ # create hash by (type,pointer)
+ self.records_by_type_pointer = \
+ dict ( [ ( (record.type, record.pointer) , record ) for record in all_records
+ if record.pointer != -1] )
+
+ # initialize record.stale to True by default, then mark stale=False on the ones that are in use
+ for record in all_records: record.stale=True
+
+ ######## Data collection
+
+ # Here we make the adaptation between the testbed API, and dictionaries with required fields
+
+ # AUTHORITIES
+ authorities = self.get_authorities()
+ self.authorities_by_id = {}
+ if authorities:
+ self.authorities_by_id = dict([(auth['id'], auth) for auth in authorities])
+
+ # USERS & KEYS
+ users = self.get_users()
+ self.users_by_id = {}
+ self.keys_by_id = {}
+ if users:
+ self.users_by_id = dict ( [ ( user['id'], user) for user in users ] )
+ self.keys_by_id = dict ( [ ( user['id'], user['keys']) for user in users ] )
+
+ # RESOURCES
+ resources = self.get_resources()
+ self.resources_by_id = {}
+ if resources:
+ self.resources_by_id = dict ( [ (resource['id'], resource) for resource in resources ] )
+
+ # SLICES
+ slices = self.get_slices()
+ self.slices_by_id = {}
+ if slices:
+ self.slices_by_id = dict ( [ (slice['id'], slice) for slice in slices ] )
+
+ ######## Import process
+
+ if authorities:
+ # Everybody belongs to sub-authorities, and we rely on the different
+ # subauthorities to give appropriate pointers to objects.
+ root = {
+ 'id': 0,
+ 'name': interface_hrn,
+ 'auth_ids': self.authorities_by_id.keys(),
+ 'user_ids': None,
+ 'resource_ids': None,
+ 'slice_ids': None
+ }
+ else:
+ # We create a root authority with all objects linked to it.
+ root = {
+ 'id': 0,
+ 'name': interface_hrn,
+ 'auth_ids': self.authorities_by_id.keys(),
+ 'user_ids': self.users_by_id.keys(),
+ 'resource_ids': self.resources_by_id.keys(),
+ 'slice_ids': self.slices_by_id.keys()
+ }
+
+ # Recurse through authorities and import the different objects
+ self.import_auth_rec(root)
+
+ ######## Remove stale records
+
+ # special records must be preserved
+ system_hrns = [interface_hrn, root_auth, interface_hrn + '.slicemanager']
+ for record in all_records:
+ if record.hrn in system_hrns:
+ record.stale=False
+ if record.peer_authority:
+ record.stale=False
+
+ for record in all_records:
+ try:
+ stale = record.stale
+ except:
+ stale = True
+ self.logger.warning("stale not found with %s"%record)
+ if stale:
+ self.logger.info("Importer: deleting stale record: %s" % record)
+ dbsession.delete(record)
+ dbsession.commit()
+
+ ############################################################################
+ # Testbed specific functions
+
+ # OBJECTS
+
+ def get_authorities(self):
+ raise Exception, "Not implemented"
+
+ def get_resources(self):
+ raise Exception, "Not implemented"
+
+ def get_users(self):
+ raise Exception, "Not implemented"
+
+ def get_slices(self):
+ raise Exception, "Not implemented"
+
+ # NAMING
+
+ def get_auth_naming(self, site, interface_hrn):
+ raise Exception, "Not implemented"
+
+ def get_resource_naming(self, site, node):
+ raise Exception, "Not implemented"
+
+ def get_user_naming(self, site, user):
+ raise Exception, "Not implemented"
+
+ def get_slice_naming(self, site, slice):
+ raise Exception, "Not implemented"
+
+if __name__ == "__main__":
+ from sfa.util.sfalogging import logger
+ importer = Importer("mytestbed", logger)
+ importer.run(None)
--- /dev/null
+class Wrapper:
+
+ def match_dict(self, dic, filter):
+ # We suppose if a field is in filter, it is therefore in the dic
+ if not filter:
+ return True
+ match = True
+ for k, v in filter.items():
+ if k[0] in Filter.modifiers:
+ op = k[0]
+ k = k[1:]
+ elif k in ['-SORT', '-LIMIT', '-OFFSET']:
+ continue;
+ else:
+ op = '='
+
+ if op == '=':
+ if isinstance(v, list):
+ match &= (dic[k] in v) # array ?
+ else:
+ match &= (dic[k] == v)
+ elif op == '~':
+ if isinstance(v, list):
+ match &= (dic[k] not in v) # array ?
+ else:
+ match &= (dic[k] != v) # array ?
+ elif op == '<':
+ if isinstance(v, StringTypes):
+ # prefix match
+ match &= dic[k].startswith('%s.' % v)
+ else:
+ match &= (dic[k] < v)
+ elif op == '[':
+ if isinstance(v, StringTypes):
+ match &= dic[k] == v or dic[k].startswith('%s.' % v)
+ else:
+ match &= (dic[k] <= v)
+ elif op == '>':
+ if isinstance(v, StringTypes):
+ # prefix match
+ match &= v.startswith('%s.' % dic[k])
+ else:
+ match &= (dic[k] > v)
+ elif op == ']':
+ if isinstance(v, StringTypes):
+ # prefix match
+ match &= dic[k] == v or v.startswith('%s.' % dic[k])
+ else:
+ match &= (dic[k] >= v)
+ elif op == '&':
+ match &= (dic[k] & v) # array ?
+ elif op == '|':
+ match &= (dic[k] | v) # array ?
+ elif op == '{':
+ match &= (v in dic[k])
+ return match
+
+ def project_select_and_rename_fields(self, table, pkey, filters, fields):
+ filtered = []
+ for row in table:
+ # apply input filters
+ if self.selection or self.match_dict(row, filters):
+ # apply output_fields
+ if self.projection:
+ filtered.append(row)
+ else:
+ c = {}
+ for k,v in row.items():
+ # if no fields = keep everything
+ if not fields or k in fields or k == pkey:
+ c[k] = v
+ filtered.append(c)
+ return filtered
+
+ def get_objects(self, method, filters=None, fields=None):
+ if not method in ['authorities', 'resources', 'users', 'slices']:
+ raise Exception, "Unknown object type"
+ results = self.get(method, filters, fields)
+ # Perform missing operations
+ if results and (filter and not self.selection) or (fields and not self.projection):
+ results = self.project_select_and_rename_fields(results, 'id', filters, fields)
+ return results
--- /dev/null
+[DEFAULT]
+Depends: python (>=2.5), python-lxml, python-openssl (>=0.7), python-m2crypto, python-dateutil, libxmlsec1-openssl, python-libxslt1, python-zsi, uuid-runtime, python-setuptools, postgresql (>= 8.2), python-psycopg2, python-sqlalchemy, python-migrate, xmlsec1, sysvinit-utils
+# python-xmlbuilder (unavailable, and required only for the eucalyptus driver)
+# sysvinit-utils for pidof
import time
import pdb
import xml.dom.minidom
-import xml.dom.ext
+#import xml.dom.ext
import apistub
import inspect
def pretty_print(self):
if (self.wsdl):
- xml.dom.ext.PrettyPrint(self.wsdl)
+ #xml.dom.ext.PrettyPrint(self.wsdl)
+ xml.dom.minidom.Document.toprettyxml(self.wsdl)
else:
raise Exception("Empty WSDL")
git://git.onelab.eu / sfa.git / commitdiff