# Directory internal data gets stored
-# using /etc/sfa until gec5 but /var/lib/sfa would be a more reasonable choice
SFA_CONFIG_DIR="/etc/sfa"
# Directory internal data gets stored
%define name sfa
%define version 1.0
-%define taglevel 1
+%define taglevel 2
%define release %{taglevel}%{?pldistro:.%{pldistro}}%{?date:.%{date}}
%global python_sitearch %( python -c "from distutils.sysconfig import get_python_lib; print get_python_lib(1)" )
%changelog
+* Mon Oct 11 2010 Thierry Parmentelat <thierry.parmentelat@sophia.inria.fr> - sfa-1.0-2
+- deprecated old methods (e.g. List/list, and GetCredential/get_credential)
+- NOTE: get_(self_)credential both have type and hrn swapped when moving to Get(Self)Credential
+- hrn-urn translations tweaked
+- fixed 'service sfa status'
+- sfa-nuke-plc has a -f/--file-system option to clean up /var/lib/authorities (exp.)
+- started to repair sfadump - although not usable yet
+- trust objects now have dump_string method that dump() actually prints
+- unit tests under review
+- logging cleanup ongoing (always safe to use sfalogging.sfa_logger())
+- binaries now support -v or -vv to increase loglevel
+- trashed obsolete sfa.util.client
+
* Mon Oct 04 2010 Thierry Parmentelat <thierry.parmentelat@sophia.inria.fr> - sfa-1.0-1
- various bugfixes and cleanup, improved/harmonized logging
cache and use in more general ways.
%changelog
+* Mon Oct 11 2010 Thierry Parmentelat <thierry.parmentelat@sophia.inria.fr> - sfa-1.0-2
+- deprecated old methods (e.g. List/list, and GetCredential/get_credential)
+- NOTE: get_(self_)credential both have type and hrn swapped when moving to Get(Self)Credential
+- hrn-urn translations tweaked
+- fixed 'service sfa status'
+- sfa-nuke-plc has a -f/--file-system option to clean up /var/lib/authorities (exp.)
+- started to repair sfadump - although not usable yet
+- trust objects now have dump_string method that dump() actually prints
+- unit tests under review
+- logging cleanup ongoing (always safe to use sfalogging.sfa_logger())
+- binaries now support -v or -vv to increase loglevel
+- trashed obsolete sfa.util.client
+
* Mon Oct 04 2010 Thierry Parmentelat <thierry.parmentelat@sophia.inria.fr> - sfa-1.0-1
- various bugfixes and cleanup, improved/harmonized logging
faiyaza at cs dot princeton dot edu
Copyright (c) 2009 Board of Trustees, Princeton University
-$Id$
-$HeadURL$
"""
import sys
faiyaza at cs dot princeton dot edu
Copyright (c) 2009 Board of Trustees, Princeton University
-$Id$
-$HeadURL$
"""
import sys
#! /usr/bin/env python
-# $Id$
-# $URL$
from __future__ import with_statement
import sys
from sfa.trust.certificate import Certificate
from sfa.trust.credential import Credential
+from sfa.trust.gid import GID
from sfa.util.record import SfaRecord
from sfa.util.rspec import RSpec
+from sfa.util.sfalogging import sfa_logger, sfa_logger_goes_to_console
def determine_sfa_filekind(fn):
- cert = Certificate(filename = fn)
- data = cert.get_data()
- if data:
- dict = xmlrpclib.loads(data)[0][0]
- else:
- dict = {}
+ if fn.endswith('.gid'): return 'gid'
+ elif fn.endswith('.cert'): return 'certificate'
+ elif fn.endswith('cred'): return 'credential'
+
+ try:
+ cred=Credential(filename=fn)
+ return 'credential'
+ except: pass
- if "gidCaller" in dict:
- return "credential"
+ try:
+ gid=GID(filename=fn)
+ if gid.uuid: return 'gid'
+ except: pass
- if "uuid" in dict:
- return "gid"
+ try:
+ cert = Certificate(filename = fn)
+ return 'certificate'
+ except: pass
+
+ # to be completed
+# if "gidCaller" in dict:
+# return "credential"
+#
+# if "uuid" in dict:
+# return "gid"
return "unknown"
if gidObject and ((gidCaller == None) or (gidCaller.get_hrn() != gidObject.get_hrn())):
save_gid(gidObject)
- if extract_parents:
- parent = cred.get_parent()
- if parent:
- extract_gids(parent, extract_parents)
-
-def create_parser():
- # Generate command line parser
- parser = OptionParser(usage="%prog [options] filename")
-
- parser.add_option("-e", "--extractgids", action="store_true", dest="extract_gids", default=False, help="Extract GIDs from credentials")
- parser.add_option("-p", "--dumpparents", action="store_true", dest="dump_parents", default=False, help="Show parents")
-
- return parser
+ # no such method Credential.get_parent
+# if extract_parents:
+# parent = cred.get_parent()
+# if parent:
+# extract_gids(parent, extract_parents)
+
+def handle_input (filename, options):
+ kind = determine_sfa_filekind(filename)
+ handle_input_kind (filename,options,kind)
+
+def handle_input_kind (filename, options, kind):
+
+
+# dump methods current do 'print' so let's go this road for now
+ if kind=="certificate":
+ cert=Certificate (filename=filename)
+ print '--------------------',filename,'IS A',kind
+ cert.dump(show_extensions=options.show_extensions)
+ elif kind=="credential":
+ cred = Credential(filename = filename)
+ print '--------------------',filename,'IS A',kind
+ cred.dump(dump_parents = options.dump_parents)
+ if options.extract_gids:
+ print '--------------------',filename,'embedded GIDS'
+ extract_gids(cred, extract_parents = options.dump_parents)
+ elif kind=="gid":
+ gid = GID(filename = filename)
+ print '--------------------',filename,'IS A',kind
+ gid.dump(dump_parents = options.dump_parents)
+ else:
+ print "%s: unknown filekind '%s'"% (filename,kind)
def main():
- parser = create_parser()
- (options, args) = parser.parse_args()
-
- if len(args) <= 0:
- print "No filename given. Use -h for help."
- return -1
-
- filename = args[0]
- kind = determine_sfa_filekind(filename)
-
- if kind=="credential":
- cred = Credential(filename = filename)
- cred.dump(dump_parents = options.dump_parents)
- if options.extract_gids:
- extract_gids(cred, extract_parents = options.dump_parents)
- elif kind=="gid":
- gid = Gid(filename = filename)
- gid.dump(dump_parents = options.dump_parents)
- else:
- print "unknown filekind", kind
+ sfa_logger_goes_to_console()
+ usage = """%prog file1 [ .. filen]
+display info on input files"""
+ parser = OptionParser(usage=usage)
+
+ parser.add_option("-g", "--extract-gids", action="store_true", dest="extract_gids", default=False, help="Extract GIDs from credentials")
+ parser.add_option("-p", "--dump-parents", action="store_true", dest="dump_parents", default=False, help="Show parents")
+ parser.add_option("-e", "--extensions", action="store_true", dest="show_extensions", default="False", help="Show certificate extensions")
+ parser.add_option("-v", "--verbose", action='count', dest='verbose', default=0)
+ (options, args) = parser.parse_args()
+
+ sfa_logger().setLevelFromOptVerbose(options.verbose)
+ if len(args) <= 0:
+ parser.print_help()
+ sys.exit(1)
+ for f in args:
+ handle_input(f,options)
if __name__=="__main__":
main()
from types import StringTypes, ListType
from optparse import OptionParser
import zlib
-import logging
+from sfa.util.sfalogging import sfa_logger,sfa_logger_goes_to_console
from sfa.trust.certificate import Keypair, Certificate
from sfa.trust.gid import GID
from sfa.trust.credential import Credential
from sfa.util.xmlrpcprotocol import ServerException
import sfa.util.xmlrpcprotocol as xmlrpcprotocol
from sfa.util.config import Config
-from sfa.util.sfalogging import console_logger
AGGREGATE_PORT=12346
CM_PORT=12346
self.authority = None
self.options = None
self.hashrequest = False
- self.logger=console_logger
+ sfa_logger_goes_to_console()
+ self.logger=sfa_logger()
def create_cmd_parser(self, command, additional_cmdargs=None):
cmdargs = {"list": "name",
help="user name", metavar="HRN", default=None)
parser.add_option("-a", "--auth", dest="auth",
help="authority name", metavar="HRN", default=None)
- parser.add_option("-v", "--verbose",
- action="store_true", dest="verbose", default=False,
- help="verbose mode")
+ parser.add_option("-v", "--verbose", action="count", dest="verbose", default=0,
+ help="verbose mode - cumulative")
parser.add_option("-D", "--debug",
action="store_true", dest="debug", default=False,
help="Debug (xml-rpc) protocol messages")
- parser.add_option("-p", "--protocol",
- dest="protocol", default="xmlrpc",
+ parser.add_option("-p", "--protocol", dest="protocol", default="xmlrpc",
help="RPC protocol (xmlrpc or soap)")
parser.add_option("-k", "--hashrequest",
action="store_true", dest="hashrequest", default=False,
except:
self.logger.critical("Failed to read configuration file %s"%config_file)
self.logger.info("Make sure to remove the export clauses and to add quotes")
- if not self.options.verbose:
+ if self.options.verbose==0:
self.logger.info("Re-run with -v for more details")
else:
self.logger.log_exc("Could not read config file %s"%config_file)
self.key_file = key_file
self.cert_file = cert_file
self.cert = Certificate(filename=cert_file)
- # instruct xmlrpcprotocol to redirect logs to console_logger
- self.options.client=True
# Establish connection to server(s)
self.logger.info("Contacting Registry at: %s"%reg_url)
self.registry = xmlrpcprotocol.get_server(reg_url, key_file, cert_file, self.options)
(options, args) = parser.parse_args()
self.options = options
- if self.options.verbose: self.logger.setLevel(logging.DEBUG)
+ self.logger.setLevelFromOptVerbose(self.options.verbose)
if options.hashrequest:
self.hashrequest = True
self.set_servers()
- self.logger.info("Command %s" % command)
- self.logger.info("dir %s, user %s, auth %s, reg %s, sm %s" % (
- self. options.sfi_dir, self.options.user,self.options.auth,
- self.options.registry, self.options.sm))
+ self.logger.info("Command=%s" % command)
if command in ("resources"):
self.logger.debug("resources cmd_opts %s" % cmd_opts.format)
elif command in ("list", "show", "remove"):
return
if __name__ == "__main__":
- Sfi().main()
+ Sfi().main()
fi
RETVAL=$?
- [ $RETVAL -eq 0 ] && touch /var/lock/subsys/sfa
+ [ $RETVAL -eq 0 ] && touch /var/lock/subsys/sfa-server.py
}
action $"Shutting down SFA" killproc sfa-server.py
RETVAL=$?
- [ $RETVAL -eq 0 ] && rm -f /var/lock/subsys/sfa
+ [ $RETVAL -eq 0 ] && rm -f /var/lock/subsys/sfa-server.py
}
reload) reload force ;;
restart) stop; start ;;
condrestart)
- if [ -f /var/lock/subsys/sfa ]; then
+ if [ -f /var/lock/subsys/sfa-server.py ]; then
stop
start
fi
;;
status)
- status sfa
+ status sfa-server.py
RETVAL=$?
;;
*)
from __future__ import with_statement
-from sfa.util.faults import *
-from sfa.util.namespace import *
-from sfa.util.rspec import RSpec
-from sfa.server.registry import Registries
+
+import sys
+import os
import boto
from boto.ec2.regioninfo import RegionInfo
from lxml import etree as ET
from sqlobject import *
-import sys
-import os
+from sfa.util.faults import *
+from sfa.util.namespace import urn_to_hrn
+from sfa.util.rspec import RSpec
+from sfa.server.registry import Registries
##
# The data structure used to represent a cloud.
from sfa.util.rspec import RSpec
import sys
import pdb
-from sfa.util.namespace import *
+from sfa.util.namespace import hrn_to_pl_slicename, urn_to_hrn, get_authority
from sfa.util.rspec import *
from sfa.util.specdict import *
from sfa.util.faults import *
-from sfa.util.faults import *
-from sfa.util.namespace import *
-from sfa.util.rspec import RSpec
-from sfa.server.registry import Registries
-from sfa.util.config import Config
-from sfa.plc.nodes import *
import sys
+import socket
+import struct
+
#The following is not essential
#from soaplib.wsgi_soap import SimpleWSGISoapApp
#from soaplib.serializers.primitive import *
#from soaplib.serializers.clazz import *
-import socket
-import struct
+from sfa.util.faults import *
+from sfa.util.namespace import urn_to_hrn
+from sfa.util.rspec import RSpec
+from sfa.server.registry import Registries
+from sfa.util.config import Config
+from sfa.plc.nodes import *
# Message IDs for all the SFA light calls
# This will be used by the aggrMgr controller
-### $Id: slices.py 15842 2009-11-22 09:56:13Z anil $
-### $URL: https://svn.planet-lab.org/svn/sfa/trunk/sfa/plc/slices.py $
-
import datetime
import time
import traceback
import sys
import re
from types import StringTypes
-from sfa.util.namespace import *
+
+from sfa.util.namespace import get_authority, urn_to_hrn, slicename_to_hrn, hrn_to_pl_slicename, hrn_to_urn
from sfa.util.rspec import *
from sfa.util.specdict import *
from sfa.util.faults import *
-### $Id: slices.py 15842 2009-11-22 09:56:13Z anil $
-### $URL: https://svn.planet-lab.org/svn/sfa/trunk/sfa/plc/slices.py $
-
import datetime
import time
import traceback
import sys
from types import StringTypes
-from sfa.util.namespace import *
+from sfa.util.namespace import hrn_to_pl_slicename, urn_to_hrn
from sfa.util.rspec import *
from sfa.util.specdict import *
from sfa.util.faults import *
import os
import xmlrpclib
+
from sfa.util.faults import *
-from sfa.util.namespace import *
+from sfa.util.namespace import urn_to_hrn, hrn_to_pl_slicename
from sfa.util.sfaticket import SfaTicket
def init_server():
from sfa.util.table import SfaTable
from sfa.util.record import SfaRecord
from sfa.trust.gid import GID
-from sfa.util.namespace import *
+from sfa.util.namespace import get_leaf, get_authority, hrn_to_urn, hrn_to_pl_login_base, urn_to_hrn
from sfa.trust.credential import *
from sfa.trust.certificate import *
from sfa.util.faults import *
### $Id: slices.py 15842 2009-11-22 09:56:13Z anil $
### $URL: https://svn.planet-lab.org/svn/sfa/trunk/sfa/plc/slices.py $
-import datetime
-import time
-import traceback
import sys
-from copy import deepcopy
-from lxml import etree
+import time,datetime
from StringIO import StringIO
from types import StringTypes
+from copy import deepcopy
+from copy import copy
+from lxml import etree
+
+from sfa.util.sfalogging import sfa_logger
from sfa.util.rspecHelper import merge_rspecs
-from sfa.util.namespace import *
+from sfa.util.namespace import urn_to_hrn, hrn_to_urn
from sfa.util.rspec import *
from sfa.util.specdict import *
from sfa.util.faults import *
from sfa.util.threadmanager import ThreadManager
import sfa.util.xmlrpcprotocol as xmlrpcprotocol
import sfa.plc.peers as peers
-from copy import copy
def get_version():
version = {}
for request in root.iterfind("./request"):
rspec.append(deepcopy(request))
+ sfa_logger().debug('get_rspec: rspec=%r'%rspec)
rspec = etree.tostring(rspec, xml_declaration=True, pretty_print=True)
# cache the result
if api.cache and not xrn:
from sfa.util.faults import *
-from sfa.util.namespace import *
+from sfa.util.namespace import urn_to_hrn
from sfa.util.method import Method
from sfa.util.parameter import Parameter, Mixed
from sfa.util.sfatablesRuntime import run_sfatables
### $URL: https://svn.planet-lab.org/svn/sfa/trunk/sfa/methods/stop_slice.py $
from sfa.util.faults import *
-from sfa.util.namespace import *
+from sfa.util.namespace import urn_to_hrn
from sfa.util.method import Method
from sfa.util.parameter import Parameter, Mixed
from sfa.trust.auth import Auth
#
-from sfa.trust.credential import *
from sfa.trust.rights import *
from sfa.util.faults import *
-from sfa.util.namespace import *
+from sfa.util.namespace import urn_to_hrn
from sfa.util.method import Method
from sfa.util.parameter import Parameter, Mixed
from sfa.trust.credential import Credential
-from sfa.trust.credential import *
-from sfa.trust.rights import *
from sfa.util.faults import *
-from sfa.util.namespace import *
+from sfa.util.namespace import urn_to_hrn
from sfa.util.method import Method
from sfa.util.parameter import Parameter, Mixed
from sfa.util.record import SfaRecord
+from sfa.trust.credential import Credential
from sfa.trust.certificate import Certificate
+from sfa.trust.rights import Right, Rights
class GetSelfCredential(Method):
"""
"""
GetSelfCredential a degenerate version of GetCredential used by a client
to get his initial credential when de doesnt have one. This is the same as
- get_credetial(..., cred = None, ...)
+ GetCredential(..., cred = None, ...)
The registry ensures that the client is the principal that is named by
(type, name) by comparing the public key in the record's GID to the
private key used to encrypt the client side of the HTTPS connection. Thus
- it is impossible for one principal to retrive another principal's
+ it is impossible for one principal to retrieve another principal's
credential without having the appropriate private key.
@param type type of object (user | slice | sa | ma | node)
# authenticate the certificate against the gid in the db
certificate = Certificate(string=cert)
if not certificate.is_pubkey(gid.get_pubkey()):
+ for (obj,name) in [ (certificate,"CERT"), (gid,"GID"), ]:
+ self.api.logger.debug("ConnectionKeyGIDMismatch, %s pubkey: %s"%(name,obj.get_pubkey().get_pubkey_string()))
+ self.api.logger.debug("ConnectionKeyGIDMismatch, %s dump: %s"%(name,obj.dump_string()))
+ if hasattr (obj,'filename'):
+ self.api.logger.debug("ConnectionKeyGIDMismatch, %s filename: %s"%(name,obj.filename))
raise ConnectionKeyGIDMismatch(gid.get_subject())
return manager.get_credential(self.api, xrn, type, is_self=True)
### $URL: https://svn.planet-lab.org/svn/sfa/trunk/sfa/methods/get_ticket.py $
import time
from sfa.util.faults import *
-from sfa.util.namespace import *
+from sfa.util.namespace import urn_to_hrn
from sfa.util.method import Method
from sfa.util.parameter import Parameter, Mixed
from sfa.trust.auth import Auth
from sfa.util.faults import *
-from sfa.util.namespace import *
from sfa.util.method import Method
from sfa.util.parameter import Parameter
### $URL: https://svn.planet-lab.org/svn/sfa/trunk/sfa/methods/list.py $
from sfa.util.faults import *
-from sfa.util.namespace import *
+from sfa.util.namespace import urn_to_hrn
from sfa.util.method import Method
from sfa.util.parameter import Parameter, Mixed
from sfa.util.record import SfaRecord
from sfa.util.faults import *
-from sfa.util.namespace import *
+from sfa.util.namespace import urn_to_hrn
from sfa.util.method import Method
from sfa.util.parameter import Parameter, Mixed
from sfa.trust.credential import Credential
-### $Id: stop_slice.py 17732 2010-04-19 21:10:45Z tmack $
-### $URL: https://svn.planet-lab.org/svn/sfa/trunk/sfa/methods/stop_slice.py $
-
from sfa.util.faults import *
-from sfa.util.namespace import *
from sfa.util.method import Method
from sfa.util.parameter import Parameter, Mixed
from sfa.trust.auth import Auth
from sfa.trust.gid import *
from sfa.util.faults import *
-from sfa.util.namespace import *
+from sfa.util.namespace import get_authority
from sfa.util.method import Method
from sfa.util.parameter import Parameter, Mixed
from sfa.util.record import SfaRecord
### $URL: https://svn.planet-lab.org/svn/sfa/trunk/sfa/methods/remove.py $
from sfa.util.faults import *
-from sfa.util.namespace import *
+from sfa.util.namespace import urn_to_hrn
from sfa.util.method import Method
from sfa.util.parameter import Parameter, Mixed
from sfa.trust.credential import Credential
from sfa.util.faults import *
-from sfa.util.namespace import *
+from sfa.util.namespace import urn_to_hrn
from sfa.util.method import Method
from sfa.util.parameter import Parameter
from sfa.trust.credential import Credential
import traceback
import types
from sfa.util.faults import *
-from sfa.util.namespace import *
+from sfa.util.namespace import urn_to_hrn
from sfa.util.method import Method
from sfa.util.parameter import Parameter, Mixed
from sfa.trust.credential import Credential
from sfa.util.faults import *
-from sfa.util.namespace import *
from sfa.util.method import Method
from sfa.util.parameter import Parameter
from sfa.trust.credential import Credential
from sfa.util.faults import *
-from sfa.util.namespace import *
from sfa.util.method import Method
from sfa.util.parameter import Parameter
from sfa.methods.Stop import Stop
from sfa.util.faults import *
-from sfa.util.namespace import *
+from sfa.util.namespace import urn_to_hrn
from sfa.util.method import Method
from sfa.util.parameter import Parameter, Mixed
### $URL: https://svn.planet-lab.org/svn/sfa/trunk/sfa/methods/stop_slice.py $
from sfa.util.faults import *
-from sfa.util.namespace import *
+from sfa.util.namespace import urn_to_hrn
from sfa.util.method import Method
from sfa.util.parameter import Parameter, Mixed
from sfa.trust.auth import Auth
### $URL: https://svn.planet-lab.org/svn/sfa/trunk/sfa/methods/stop_slice.py $
from sfa.util.faults import *
-from sfa.util.namespace import *
+from sfa.util.namespace import urn_to_hrn
from sfa.util.method import Method
from sfa.util.parameter import Parameter, Mixed
from sfa.trust.auth import Auth
from sfa.util.faults import *
-from sfa.util.namespace import *
from sfa.util.method import Method
from sfa.util.parameter import Parameter, Mixed
import sys
-### $Id: get_slices.py 14387 2009-07-08 18:19:11Z faiyaza $
-### $URL: https://svn.planet-lab.org/svn/sfa/trunk/sfa/methods/get_aggregates.py $
from types import StringTypes
from sfa.util.faults import *
-from sfa.util.namespace import *
+from sfa.util.namespace import urn_to_hrn
from sfa.util.method import Method
from sfa.util.parameter import Parameter, Mixed
from sfa.trust.auth import Auth
import tempfile
import commands
from sfa.util.faults import *
-from sfa.util.namespace import *
+from sfa.util.namespace import hrn_to_urn
from sfa.util.method import Method
from sfa.util.parameter import Parameter, Mixed
from sfa.trust.auth import Auth
### $URL: https://svn.planet-lab.org/svn/sfa/trunk/sfa/methods/get_registries.py $
from types import StringTypes
from sfa.util.faults import *
-from sfa.util.namespace import *
+from sfa.util.namespace import urn_to_hrn
from sfa.util.method import Method
from sfa.util.parameter import Parameter, Mixed
from sfa.trust.auth import Auth
from sfa.trust.gid import *
from sfa.util.faults import *
-from sfa.util.namespace import *
+from sfa.util.namespace import get_authority
from sfa.util.method import Method
from sfa.util.parameter import Parameter, Mixed
from sfa.util.record import SfaRecord
### $URL: https://svn.planet-lab.org/svn/sfa/trunk/sfa/methods/reset_slices.py $
from sfa.util.faults import *
-from sfa.util.namespace import *
+from sfa.util.namespace import urn_to_hrn
from sfa.util.method import Method
from sfa.util.parameter import Parameter, Mixed
from sfa.trust.auth import Auth
#
# SFA XML-RPC and SOAP interfaces
#
-### $Id$
-### $URL$
-#
import sys
import os
import string
import xmlrpclib
+from sfa.util.faults import *
+from sfa.util.api import *
+from sfa.util.config import *
from sfa.util.sfalogging import sfa_logger
import sfa.util.xmlrpcprotocol as xmlrpcprotocol
from sfa.trust.auth import Auth
-from sfa.util.config import *
-from sfa.util.faults import *
-from sfa.trust.rights import *
-from sfa.trust.credential import *
-from sfa.trust.certificate import *
-from sfa.util.namespace import *
-from sfa.util.api import *
+from sfa.trust.rights import Right, Rights, determine_rights
+from sfa.trust.credential import Credential,Keypair
+from sfa.trust.certificate import Certificate
+from sfa.util.namespace import get_authority, hrn_to_pl_slicename, hrn_to_pl_slicename, hrn_to_urn, slicename_to_hrn, hostname_to_hrn
from sfa.util.nodemanager import NodeManager
try:
from collections import defaultdict
self.hrn = self.config.SFA_INTERFACE_HRN
self.time_format = "%Y-%m-%d %H:%M:%S"
- self.logger=sfa_logger
+ self.logger=sfa_logger()
def getPLCShell(self):
self.plauth = {'Username': self.config.SFA_PLC_USER,
from __future__ import with_statement
import re
import socket
-from sfa.util.namespace import *
+from sfa.util.namespace import get_authority, hrn_to_pl_slicename
from sfa.util.faults import *
from xmlbuilder import XMLBuilder
from lxml import etree
import getopt
import sys
import tempfile
-import logging
from sfa.util.record import *
from sfa.util.table import SfaTable
-from sfa.util.namespace import *
+from sfa.util.namespace import get_leaf, get_authority, hostname_to_hrn, slicename_to_hrn, email_to_hrn, hrn_to_pl_slicename
from sfa.util.config import Config
from sfa.trust.certificate import convert_public_key, Keypair
from sfa.trust.trustedroot import *
interface_hrn = config.SFA_INTERFACE_HRN
keys_filename = config.config_path + os.sep + 'person_keys.py'
sfaImporter = sfaImport()
- if config.SFA_API_DEBUG: sfaImporter.logger.setLevel(logging.DEBUG)
+ if config.SFA_API_DEBUG: sfaImporter.logger.setLevelDebug()
shell = sfaImporter.shell
plc_auth = sfaImporter.plc_auth
table = SfaTable()
# start importing
for site in sites:
site_hrn = interface_hrn + "." + site['login_base']
- print "Importing site: %s" % site_hrn
+ sfa_logger().info("Importing site: %s" % site_hrn)
# import if hrn is not in list of existing hrns or if the hrn exists
# but its not a site record
# is not purged by this tool and may be deleted by a command like 'rm'.
##
-import getopt
import sys
+import os
+from optparse import OptionParser
from sfa.trust.hierarchy import *
from sfa.util.record import *
from sfa.util.table import SfaTable
-from sfa.util.sfalogging import sfa_import_logger
-
-def process_options():
-
- (options, args) = getopt.getopt(sys.argv[1:], '', [])
- for opt in options:
- name = opt[0]
- val = opt[1]
+from sfa.util.sfalogging import sfa_logger_goes_to_import,sfa_logger
def main():
- process_options()
-
- sfa_import_logger.info("Purging SFA records from database")
- table = SfaTable()
- table.sfa_records_purge()
-
+ usage="%prog: trash the registry DB (the 'sfa' table in the 'planetlab5' database)"
+ parser = OptionParser(usage=usage)
+ parser.add_option('-f','--file-system',dest='clean_fs',action='store_true',default=False,
+ help='Clean up the /var/lib/sfa/authorities area as well')
+ (options,args)=parser.parse_args()
+ if args:
+ parser.print_help()
+ sys.exit(1)
+ sfa_logger_goes_to_import()
+ sfa_logger().info("Purging SFA records from database")
+ table = SfaTable()
+ table.sfa_records_purge()
+ if options.clean_fs:
+ # just remove all files that do not match 'server.key' or 'server.cert'
+ preserved_files = [ 'server.key', 'server.cert']
+ for (dir,_,files) in os.walk('/var/lib/sfa/authorities'):
+ for file in files:
+ if file in preserved_files: continue
+ path=dir+os.sep+file
+ os.unlink(path)
+ if not os.path.exists(path):
+ sfa_logger().info("Unlinked file %s"%path)
+ else:
+ sfa_logger().error("Could not unlink file %s"%path)
if __name__ == "__main__":
- main()
+ main()
import sys
import tempfile
-from sfa.util.sfalogging import sfa_import_logger
+from sfa.util.sfalogging import sfa_logger_goes_to_import,sfa_logger
+
from sfa.util.record import *
from sfa.util.table import SfaTable
-from sfa.util.namespace import *
+from sfa.util.namespace import get_authority, hrn_to_urn, email_to_hrn
from sfa.util.config import Config
from sfa.trust.certificate import convert_public_key, Keypair
from sfa.trust.trustedroot import *
class sfaImport:
def __init__(self):
- self.logger = sfa_import_logger
- self.AuthHierarchy = Hierarchy()
- self.config = Config()
- self.TrustedRoots = TrustedRootList(Config.get_trustedroots_dir(self.config))
- self.plc_auth = self.config.get_plc_auth()
- self.root_auth = self.config.SFA_REGISTRY_ROOT_AUTH
+ sfa_logger_goes_to_import()
+ self.logger = sfa_logger()
+ self.AuthHierarchy = Hierarchy()
+ self.config = Config()
+ self.TrustedRoots = TrustedRootList(Config.get_trustedroots_dir(self.config))
+ self.plc_auth = self.config.get_plc_auth()
+ self.root_auth = self.config.SFA_REGISTRY_ROOT_AUTH
- # connect to planetlab
- self.shell = None
- if "Url" in self.plc_auth:
- from sfa.plc.remoteshell import RemoteShell
- self.shell = RemoteShell(self.logger)
- else:
- import PLC.Shell
- self.shell = PLC.Shell.Shell(globals = globals())
+ # connect to planetlab
+ self.shell = None
+ if "Url" in self.plc_auth:
+ from sfa.plc.remoteshell import RemoteShell
+ self.shell = RemoteShell(self.logger)
+ else:
+ import PLC.Shell
+ self.shell = PLC.Shell.Shell(globals = globals())
def create_top_level_auth_records(self, hrn):
# create the authority if it doesnt already exist
if not self.AuthHierarchy.auth_exists(urn):
- self.logger.info("Import: creating top level authorites")
+ self.logger.info("Import: creating top level authorities")
self.AuthHierarchy.create_auth(urn)
# create the db record if it doesnt already exist
if len(hrn) > 64:
hrn = hrn[:64]
- self.logger.info("Import: importing person " + hrn)
+ self.logger.info("Import: person " + hrn)
key_ids = []
if 'key_ids' in person and person['key_ids']:
key_ids = person["key_ids"]
pkey = Keypair(create=True)
else:
# the user has no keys
- self.logger.info(" person " + hrn + " does not have a PL public key")
+ self.logger.warning("Import: person %s does not have a PL public key"%hrn)
# if a key is unavailable, then we still need to put something in the
# user's GID. So make one up.
pkey = Keypair(create=True)
slicename = _cleanup_string(slicename)
if not slicename:
- self.logger.error("Import_Slice: failed to parse slice name " + slice['name'])
+ self.logger.error("Import: failed to parse slice name " + slice['name'])
return
hrn = parent_hrn + "." + slicename
- self.logger.info("Import: importing slice " + hrn)
+ self.logger.info("Import: slice " + hrn)
pkey = Keypair(create=True)
urn = hrn_to_urn(hrn, 'slice')
nodename = _cleanup_string(nodename)
if not nodename:
- self.logger.error("Import_node: failed to parse node name " + node['hostname'])
+ self.logger.error("Import: failed to parse node name " + node['hostname'])
return
hrn = parent_hrn + "." + nodename
- self.logger.info("Import: importing node " + hrn)
+ self.logger.info("Import: node %s" % hrn)
# ASN.1 will have problems with hrn's longer than 64 characters
if len(hrn) > 64:
hrn = hrn[:64]
plc_auth = self.plc_auth
sitename = site['login_base']
sitename = _cleanup_string(sitename)
- print 'importing site %s' % sitename
hrn = parent_hrn + "." + sitename
# Hardcode 'internet2' into the hrn for sites hosting
# internet2 nodes. This is a special operation for some vini
hrn = ".".join([parent_hrn, "internet2", sitename])
urn = hrn_to_urn(hrn, 'authority')
- self.logger.info("Import: importing site " + hrn)
+ self.logger.info("Import: site " + hrn)
# create the authority
if not self.AuthHierarchy.auth_exists(urn):
table = SfaTable()
record_list = table.find({'type': type, 'hrn': hrn})
for record in record_list:
- self.logger.info("Import: Removing record %s %s" % (type, hrn))
+ self.logger.info("Import: removing record %s %s" % (type, hrn))
table.remove(record)
-### $Id$
-### $URL$
-
import datetime
import time
import traceback
import sys
from types import StringTypes
-from sfa.util.namespace import *
+from sfa.util.namespace import get_leaf, get_authority, hrn_to_urn, hrn_to_pl_slicename, urn_to_hrn
from sfa.util.rspec import *
from sfa.util.specdict import *
from sfa.util.faults import *
from sfa.util.rspec import RSpec
import sys
import pdb
-from sfa.util.namespace import *
+from sfa.util.namespace import get_authority, hrn_to_pl_slicename,
from sfa.util.rspec import *
from sfa.util.specdict import *
from sfa.util.faults import *
-from sfa.util.faults import *
-from sfa.util.namespace import *
-from sfa.util.rspec import RSpec
-from sfa.server.registry import Registries
-from sfa.util.config import Config
-from sfa.plc.nodes import *
import sys
#The following is not essential
import socket
import struct
+from sfa.util.faults import *
+from sfa.util.rspec import RSpec
+from sfa.server.registry import Registries
+from sfa.util.config import Config
+from sfa.plc.nodes import *
+
# Message IDs for all the SFA light calls
# This will be used by the aggrMgr controller
SFA_GET_RESOURCES = 101
### $URL$
-from sfa.util.server import SfaServer
from sfa.util.faults import *
+from sfa.util.server import SfaServer
from sfa.util.namespace import hrn_to_urn
from sfa.server.interface import Interfaces
import sfa.util.xmlrpcprotocol as xmlrpcprotocol
# @param key_file private key filename of registry
# @param cert_file certificate filename containing public key (could be a GID file)
def __init__(self, ip, port, key_file, cert_file):
- SfaServer.__init__(self, ip, port, key_file, cert_file)
- self.server.interface = 'aggregate'
+ SfaServer.__init__(self, ip, port, key_file, cert_file,'aggregate')
##
# Aggregates is a dictionary of aggregate connections keyed on the aggregate hrn
from sfa.util.faults import *
from sfa.util.storage import *
-from sfa.util.namespace import *
+from sfa.util.namespace import get_authority, hrn_to_urn
from sfa.trust.gid import GID
from sfa.util.record import SfaRecord
import traceback
except Exception, err:
# Log error in /var/log/httpd/(ssl_)?error_log
- sfa_logger.log_exc('%r'%err)
+ sfa_logger().log_exc('%r'%err)
return apache.HTTP_INTERNAL_SERVER_ERROR
except Exception, err:
# Log error in /var/log/httpd/(ssl_)?error_log
- sfa_logger.log_exc('%r'%err)
+ sfa_logger().log_exc('%r'%err)
return apache.HTTP_INTERNAL_SERVER_ERROR
except Exception, err:
# Log error in /var/log/httpd/(ssl_)?error_log
- sfa_logger.log_exc('%r'%err)
+ sfa_logger().log_exc('%r'%err)
return apache.HTTP_INTERNAL_SERVER_ERROR
except Exception, err:
# Log error in /var/log/httpd/(ssl_)?error_log
- sfa_logger.log_exc("%r"%e)
+ sfa_logger().log_exc("%r"%e)
return apache.HTTP_INTERNAL_SERVER_ERROR
# @param cert_file certificate filename containing public key (could be a GID file)
def __init__(self, ip, port, key_file, cert_file):
- SfaServer.__init__(self, ip, port, key_file, cert_file)
- self.server.interface = 'registry'
-
+ SfaServer.__init__(self, ip, port, key_file, cert_file,'registry')
##
# Registries is a dictionary of registry connections keyed on the registry
import sys
import os
import traceback
-from sfa.util.namespace import *
from sfa.util.table import SfaTable
from sfa.util.prefixTree import prefixTree
from sfa.plc.api import SfaAPI
import os, os.path
import sys
from optparse import OptionParser
-import logging
from sfa.util.sfalogging import sfa_logger
from sfa.trust.trustedroot import TrustedRootList
if not os.path.exists(key_file):
# if it doesnt exist then this is probably a fresh interface
# with no records. Generate a random keypair for now
- sfa_logger.debug("server's public key not found in %s" % key_file)
- sfa_logger.debug("generating a random server key pair")
+ sfa_logger().debug("server's public key not found in %s" % key_file)
+ sfa_logger().debug("generating a random server key pair")
key = Keypair(create=True)
key.save_to_file(server_key_file)
cert = Certificate(subject=subject)
help="run aggregate manager", default=False)
parser.add_option("-c", "--component", dest="cm", action="store_true",
help="run component server", default=False)
- parser.add_option("-v", "--verbose", dest="verbose", action="store_true",
- help="verbose mode", default=False)
+ parser.add_option("-v", "--verbose", action="count", dest="verbose", default=0,
+ help="verbose mode - cumulative")
parser.add_option("-d", "--daemon", dest="daemon", action="store_true",
help="Run as daemon.", default=False)
(options, args) = parser.parse_args()
- if options.verbose: sfa_logger.setLevel(logging.DEBUG)
+ sfa_logger().setLevelFromOptVerbose(options.verbose)
config = Config()
- if config.SFA_API_DEBUG: sfa_logger.setLevel(logging.DEBUG)
+ if config.SFA_API_DEBUG: sfa_logger().setLevelDebug()
hierarchy = Hierarchy()
server_key_file = os.path.join(hierarchy.basedir, "server.key")
server_cert_file = os.path.join(hierarchy.basedir, "server.cert")
try:
main()
except:
- sfa_logger.log_exc_critical("SFA server is exiting")
+ sfa_logger().log_exc_critical("SFA server is exiting")
from optparse import OptionParser
from sfa.util.config import Config
import sfa.util.xmlrpcprotocol as xmlrpcprotocol
-from sfa.util.namespace import *
+from sfa.util.namespace import hrn_to_pl_slicename, slicename_to_hrn
from sfa.util.faults import *
from sfa.trust.certificate import Keypair, Certificate
from sfa.trust.credential import Credential
# @param cert_file certificate filename containing public key (could be a GID file)
def __init__(self, ip, port, key_file, cert_file, config = "/etc/sfa/sfa_config"):
- SfaServer.__init__(self, ip, port, key_file, cert_file)
- self.server.interface = 'slicemgr'
+ SfaServer.__init__(self, ip, port, key_file, cert_file,'slicemgr')
#
# SfaAPI authentication
#
-### $Id$
-### $URL$
-#
-
+import sys
from sfa.trust.certificate import Keypair, Certificate
from sfa.trust.credential import Credential
from sfa.util.faults import *
from sfa.trust.hierarchy import Hierarchy
from sfa.util.config import *
-from sfa.util.namespace import *
+from sfa.util.namespace import get_authority
from sfa.util.sfaticket import *
-import sys
+
+from sfa.util.sfalogging import sfa_logger
class Auth:
"""
valid = []
if not isinstance(creds, list):
creds = [creds]
+ sfa_logger().debug("Auth.checkCredentials with %d creds"%len(creds))
for cred in creds:
try:
self.check(cred, operation, hrn)
valid.append(cred)
except:
+ cred_obj=Credential(string=cred)
+ sfa_logger().debug("failed to validate credential - dump="+cred_obj.dump_string(dump_parents=True))
error = sys.exc_info()[:2]
continue
Check the credential against the peer cert (callerGID included
in the credential matches the caller that is connected to the
HTTPS connection, check if the credential was signed by a
- trusted cert and check if the credential is allowd to perform
+ trusted cert and check if the credential is allowed to perform
the specified operation.
"""
self.client_cred = Credential(string = cred)
# This module exports two classes: Keypair and Certificate.
##
#
-### $Id$
-### $URL$
-#
import os
import tempfile
try:
k.load_pubkey_from_file(ssl_fn)
except:
- sfa_logger.log_exc("convert_public_key caught exception")
+ sfa_logger().log_exc("convert_public_key caught exception")
k = None
# remove the temporary files
def save_to_file(self, filename):
open(filename, 'w').write(self.as_pem())
+ self.filename=filename
##
# Load the private key from a file. Implicity the private key includes the public key.
def load_from_file(self, filename):
buffer = open(filename, 'r').read()
self.load_from_string(buffer)
+ self.filename=filename
##
# Load the private key from a string. Implicitly the private key includes the public key.
# get the pyopenssl pkey from the pyopenssl x509
self.key = pyx509.get_pubkey()
+ self.filename=filename
##
# Load the public key from a string. No private key is loaded.
def get_openssl_pkey(self):
return self.key
-
##
# Given another Keypair object, return TRUE if the two keys are the same.
def compute_hash(self, value):
return self.sign_string(str(value))
+ # only informative
+ def get_filename(self):
+ return getattr(self,'filename',None)
+
+ def dump (self, *args, **kwargs):
+ print self.dump_string(*args, **kwargs)
+
+ def dump_string (self):
+ result=""
+ result += "KEYPAIR: pubkey=%40s..."%self.get_pubkey_string()
+ filename=self.get_filename()
+ if filename: result += "Filename %s\n"%filename
+ return result
+
##
# The certificate class implements a general purpose X509 certificate, making
# use of the appropriate pyOpenSSL or M2Crypto abstractions. It also adds
file = open(filename)
string = file.read()
self.load_from_string(string)
+ self.filename=filename
##
# Save the certificate to a string.
f = open(filename, 'w')
f.write(string)
f.close()
+ self.filename=filename
##
# Save the certificate to a random file in /tmp/
# Get an X509 extension from the certificate
def get_extension(self, name):
+
# pyOpenSSL does not have a way to get extensions
m2x509 = X509.load_cert_string(self.save_to_string())
value = m2x509.get_ext(name).get_value()
+
return value
##
# Sign the certificate using the issuer private key and issuer subject previous set with set_issuer().
def sign(self):
+ sfa_logger().debug('certificate.sign')
assert self.cert != None
assert self.issuerSubject != None
assert self.issuerKey != None
# @param cert certificate object
def is_signed_by_cert(self, cert):
+ print 'is_signed_by_cert'
k = cert.get_pubkey()
result = self.verify(k)
return result
# verify expiration time
if self.cert.has_expired():
+ sfa_logger().debug("verify_chain: NO our certificate has expired")
raise CertExpired(self.get_subject(), "client cert")
# if this cert is signed by a trusted_cert, then we are set
for trusted_cert in trusted_certs:
if self.is_signed_by_cert(trusted_cert):
- sfa_logger.debug("Cert %s signed by trusted cert %s", self.get_subject(), trusted_cert.get_subject())
# verify expiration of trusted_cert ?
if not trusted_cert.cert.has_expired():
+ sfa_logger().debug("verify_chain: YES cert %s signed by trusted cert %s"%(
+ self.get_subject(), trusted_cert.get_subject()))
return trusted_cert
else:
- sfa_logger.debug("Trusted cert %s is expired", trusted_cert.get_subject())
+ sfa_logger().debug("verify_chain: NO cert %s is signed by trusted_cert %s, but this is expired..."%(
+ self.get_subject(),trusted_cert.get_subject()))
+ raise CertExpired(self.get_subject(),"trusted_cert %s"%trusted_cert.get_subject())
# if there is no parent, then no way to verify the chain
if not self.parent:
- sfa_logger.debug("%r has no parent"%self.get_subject())
+ sfa_logger().debug("verify_chain: NO %s has no parent and is not in trusted roots"%self.get_subject())
raise CertMissingParent(self.get_subject())
# if it wasn't signed by the parent...
if not self.is_signed_by_cert(self.parent):
- sfa_logger.debug("%r is not signed by parent"%self.get_subject())
+ sfa_logger().debug("verify_chain: NO %s is not signed by parent"%self.get_subject())
return CertNotSignedByParent(self.get_subject())
# if the parent isn't verified...
+ sfa_logger().debug("verify_chain: .. %s, -> verifying parent %s",self.get_subject(),self.parent.get_subject())
self.parent.verify_chain(trusted_certs)
return
+
+ ### more introspection
+ def get_extensions(self):
+ # pyOpenSSL does not have a way to get extensions
+ triples=[]
+ m2x509 = X509.load_cert_string(self.save_to_string())
+ nb_extensions=m2x509.get_ext_count()
+ sfa_logger().debug("X509 had %d extensions"%nb_extensions)
+ for i in range(nb_extensions):
+ ext=m2x509.get_ext_at(i)
+ triples.append( (ext.get_name(), ext.get_value(), ext.get_critical(),) )
+ return triples
+
+ def get_data_names(self):
+ return self.data.keys()
+
+ def get_all_datas (self):
+ triples=self.get_extensions()
+ for name in self.get_data_names():
+ triples.append( (name,self.get_data(name),'data',) )
+ return triples
+
+ # only informative
+ def get_filename(self):
+ return getattr(self,'filename',None)
+
+ def dump (self, *args, **kwargs):
+ print self.dump_string(*args, **kwargs)
+
+ def dump_string (self,show_extensions=False):
+ result = ""
+ result += "CERTIFICATE for %s\n"%self.get_subject()
+ result += "Issued by %s\n"%self.get_issuer()
+ filename=self.get_filename()
+ if filename: result += "Filename %s\n"%filename
+ if show_extensions:
+ all_datas=self.get_all_datas()
+ result += " has %d extensions/data attached"%len(all_datas)
+ for (n,v,c) in all_datas:
+ if c=='data':
+ result += " data: %s=%s\n"%(n,v)
+ else:
+ result += " ext: %s (crit=%s)=<<<%s>>>\n"%(n,c,v)
+ return result
from sfa.trust.credential_legacy import CredentialLegacy
from sfa.trust.rights import Right, Rights
from sfa.trust.gid import GID
-from sfa.util.namespace import *
+from sfa.util.namespace import urn_to_hrn
# 2 weeks, in seconds
DEFAULT_CREDENTIAL_LIFETIME = 86400 * 14
str = string
elif filename:
str = file(filename).read()
+ self.filename=filename
if str.strip().startswith("-----"):
self.legacy = CredentialLegacy(False,string=str)
f = open(filename, "w")
f.write(self.xml)
f.close()
+ self.filename=filename
def save_to_string(self, save_parents=True):
if not self.xml:
trusted_cert_objects.append(GID(filename=f))
ok_trusted_certs.append(f)
except Exception, exc:
- sfa_logger.error("Failed to load trusted cert from %s: %r", f, exc)
+ sfa_logger().error("Failed to load trusted cert from %s: %r", f, exc)
trusted_certs = ok_trusted_certs
# Use legacy verification if this is a legacy credential
# Maybe should be (hrn, type) = urn_to_hrn(root_cred_signer.get_urn())
root_cred_signer_type = root_cred_signer.get_type()
if (root_cred_signer_type == 'authority'):
- #sfa_logger.debug('Cred signer is an authority')
+ #sfa_logger().debug('Cred signer is an authority')
# signer is an authority, see if target is in authority's domain
hrn = root_cred_signer.get_hrn()
if root_target_gid.get_hrn().startswith(hrn):
dcred.sign()
return dcred
- ##
- # Dump the contents of a credential to stdout in human-readable format
- #
- # @param dump_parents If true, also dump the parent certificates
- def dump(self, dump_parents=False):
- print "CREDENTIAL", self.get_subject()
+ # only informative
+ def get_filename(self):
+ return getattr(self,'filename',None)
- print " privs:", self.get_privileges().save_to_string()
-
- print " gidCaller:"
+ # @param dump_parents If true, also dump the parent certificates
+ def dump (self, *args, **kwargs):
+ print self.dump_string(*args, **kwargs)
+
+ def dump_string(self, dump_parents=False):
+ result=""
+ result += "CREDENTIAL %s\n" % self.get_subject()
+ filename=self.get_filename()
+ if filename: result += "Filename %s\n"%filename
+ result += " privs: %s\n" % self.get_privileges().save_to_string()
gidCaller = self.get_gid_caller()
if gidCaller:
- gidCaller.dump(8, dump_parents)
+ result += " gidCaller:\n"
+ result += gidCaller.dump_string(8, dump_parents)
- print " gidObject:"
gidObject = self.get_gid_object()
if gidObject:
- gidObject.dump(8, dump_parents)
-
+ result += " gidObject:\n"
+ result += gidObject.dump_string(8, dump_parents)
if self.parent and dump_parents:
- print "PARENT",
- self.parent.dump_parents()
+ result += "PARENT"
+ result += self.parent.dump_string(dump_parents)
+ return result
#
# @param dump_parents If true, also dump the parent certificates
- def dump(self, dump_parents=False):
- print "CREDENTIAL", self.get_subject()
+ def dump(self, *args, **kwargs):
+ print self.dump_string(*args,**kwargs)
- print " privs:", self.get_privileges().save_to_string()
+ def dump_string(self, dump_parents=False):
+ result=""
+ result += "CREDENTIAL %s\n" % self.get_subject()
+
+ result += " privs: %s\n" % self.get_privileges().save_to_string()
- print " gidCaller:"
gidCaller = self.get_gid_caller()
if gidCaller:
+ result += " gidCaller:\n"
gidCaller.dump(8, dump_parents)
- print " gidObject:"
gidObject = self.get_gid_object()
if gidObject:
- gidObject.dump(8, dump_parents)
+ result += " gidObject:\n"
+ result += gidObject.dump_string(8, dump_parents)
- print " delegate:", self.get_delegate()
+ result += " delegate: %s" % self.get_delegate()
if self.parent and dump_parents:
- print "PARENT",
- self.parent.dump(dump_parents)
+ result += "PARENT\n"
+ result += self.parent.dump_string(dump_parents)
+ return result
from sfa.util.sfalogging import sfa_logger
from sfa.trust.certificate import Certificate
-from sfa.util.namespace import *
+from sfa.util.namespace import hrn_to_urn, urn_to_hrn
##
# Create a new uuid. Returns the UUID as a string.
Certificate.__init__(self, create, subject, string, filename)
if subject:
- sfa_logger.debug("Creating GID for subject: %s" % subject)
+ sfa_logger().debug("Creating GID for subject: %s" % subject)
if uuid:
self.uuid = int(uuid)
if hrn:
# @param indent specifies a number of spaces to indent the output
# @param dump_parents If true, also dump the parents of the GID
- def dump(self, indent=0, dump_parents=False):
- print " "*indent, " hrn:", self.get_hrn()
- print " "*indent, " urn:", self.get_urn()
- print " "*indent, "uuid:", self.get_uuid()
+ def dump(self, *args, **kwargs):
+ print self.dump_string(*args,**kwargs)
+
+ def dump_string(self, indent=0, dump_parents=False):
+ result="GID\n"
+ result += " "*indent + "hrn:" + str(self.get_hrn()) +"\n"
+ result += " "*indent + "urn:" + str(self.get_urn()) +"\n"
+ result += " "*indent + "uuid:" + str(self.get_uuid()) + "\n"
+ filename=self.get_filename()
+ if filename: result += "Filename %s\n"%filename
if self.parent and dump_parents:
- print " "*indent, "parent:"
- self.parent.dump(indent+4, dump_parents)
+ result += " "*indent + "parent:\n"
+ result += self.parent.dump_string(indent+4, dump_parents)
+ return result
##
# Verify the chain of authenticity of the GID. First perform the checks
# *.DBINFO - database info
##
-### $Id$
-### $URL$
-
import os
from sfa.util.sfalogging import sfa_logger
from sfa.trust.certificate import Keypair
from sfa.trust.credential import *
from sfa.trust.gid import GID, create_uuid
-from sfa.util.namespace import *
+from sfa.util.namespace import get_leaf, get_authority, hrn_to_urn, urn_to_hrn
from sfa.util.config import Config
from sfa.util.sfaticket import SfaTicket
def create_auth(self, xrn, create_parents=False):
hrn, type = urn_to_hrn(xrn)
- sfa_logger.debug("Hierarchy: creating authority: " + hrn)
+ sfa_logger().debug("Hierarchy: creating authority: " + hrn)
# create the parent authority if necessary
parent_hrn = get_authority(hrn)
pass
if os.path.exists(privkey_filename):
- sfa_logger.debug("using existing key %r for authority %r"%(privkey_filename,hrn))
+ sfa_logger().debug("using existing key %r for authority %r"%(privkey_filename,hrn))
pkey = Keypair(filename = privkey_filename)
else:
pkey = Keypair(create = True)
def get_auth_info(self, xrn):
hrn, type = urn_to_hrn(xrn)
- sfa_logger.debug("Hierarchy: xrn=%s, getting authority for hrn=%s"%(xrn,hrn))
if not self.auth_exists(hrn):
+ sfa_logger().warning("Hierarchy: mising authority - xrn=%s, hrn=%s"%(xrn,hrn))
raise MissingAuthority(hrn)
(directory, gid_filename, privkey_filename, dbinfo_filename) = \
if not params:
if self.debug:
- sfa_logger.debug('execute0 %r'%query)
+ sfa_logger().debug('execute0 %r'%query)
cursor.execute(query)
elif isinstance(params,dict):
if self.debug:
- sfa_logger.debug('execute-dict: params=[%r] query=[%r]'%(params,query%params))
+ sfa_logger().debug('execute-dict: params=[%r] query=[%r]'%(params,query%params))
cursor.execute(query,params)
elif isinstance(params,tuple) and len(params)==1:
if self.debug:
- sfa_logger.debug('execute-tuple %r'%(query%params[0]))
+ sfa_logger().debug('execute-tuple %r'%(query%params[0]))
cursor.execute(query,params[0])
else:
param_seq=(params,)
if self.debug:
for params in param_seq:
- sfa_logger.debug('executemany %r'%(query%params))
+ sfa_logger().debug('executemany %r'%(query%params))
cursor.executemany(query, param_seq)
(self.rowcount, self.description, self.lastrowid) = \
(cursor.rowcount, cursor.description, cursor.lastrowid)
except:
pass
uuid = commands.getoutput("uuidgen")
- sfa_logger.error("Database error %s:" % uuid)
- sfa_logger.error("Exception=%r"%e)
- sfa_logger.error("Query=%r"%query)
- sfa_logger.error("Params=%r"%pformat(params))
- sfa_logger.log_exc("PostgreSQL.execute caught exception")
+ sfa_logger().error("Database error %s:" % uuid)
+ sfa_logger().error("Exception=%r"%e)
+ sfa_logger().error("Query=%r"%query)
+ sfa_logger().error("Params=%r"%pformat(params))
+ sfa_logger().log_exc("PostgreSQL.execute caught exception")
raise SfaDBError("Please contact support: %s" % str(e))
return cursor
#
# SFA XML-RPC and SOAP interfaces
#
-### $Id$
-### $URL$
-#
import sys
import os
from sfa.util.faults import *
from sfa.trust.credential import *
from sfa.trust.certificate import *
-from sfa.util.namespace import *
# See "2.2 Characters" in the XML specification:
#
except SfaFault, fault:
result = fault
except Exception, fault:
- sfa_logger.log_exc("BaseAPI.handle has caught Exception")
+ sfa_logger().log_exc("BaseAPI.handle has caught Exception")
result = SfaAPIError(fault)
# internal error, report as HTTP server error
self.send_response(500)
self.end_headers()
- sfa_logger.log_exc("componentserver.SecureXMLRpcRequestHandler.do_POST")
+ sfa_logger().log_exc("componentserver.SecureXMLRpcRequestHandler.do_POST")
else:
# got a valid XML RPC response
self.send_response(200)
if self.api.config.SFA_API_DEBUG or hasattr(self, 'message'):
msg=getattr(self,'message',"method %s completed in %02f s"%(methodname,runtime))
- sfa_logger.info(msg)
+ sfa_logger().debug(msg)
return result
# Prepend caller and method name to expected faults
fault.faultString = caller + ": " + self.name + ": " + fault.faultString
runtime = time.time() - start
- sfa_logger.log_exc("Method %s raised an exception"%self.name)
+ sfa_logger().log_exc("Method %s raised an exception"%self.name)
raise fault
-### $Id$
-### $URL$
import re
from sfa.util.faults import *
URN_PREFIX = "urn:publicid:IDN"
from sfa.util.rspec import *
from sfa.util.parameter import *
-from sfa.util.namespace import *
+from sfa.util.namespace import get_authority
from sfa.util.row import Row
class SfaRecord(Row):
except Exception, e:
# logging.debug("%s: web file not found" % xsdURI)
# logging.debug("Using local file %s" % self.xsd")
- sfa_logger.log_exc("rspec.parseXSD: can't find %s on the web. Continuing." % xsdURI)
+ sfa_logger().log_exc("rspec.parseXSD: can't find %s on the web. Continuing." % xsdURI)
if not schemaDom:
if os.path.exists(xsdURI):
# logging.debug("using local copy.")
- sfa_logger.debug("rspec.parseXSD: Using local %s" % xsdURI)
+ sfa_logger().debug("rspec.parseXSD: Using local %s" % xsdURI)
schemaDom = minidom.parse(xsdURI)
else:
raise Exception("rspec.parseXSD: can't find xsd locally")
from sfa.util.faults import *
from sfa.plc.api import SfaAPI
from sfa.util.cache import Cache
+from sfa.util.sfalogging import sfa_logger
+
##
# Verification callback for pyOpenSSL. We do our own checking of keys because
# we have our own authentication spec. Thus we disable several of the normal
except Exception, fault:
# This should only happen if the module is buggy
# internal error, report as HTTP server error
- sfa_error.log_exc("server.do_POST")
+ sfa_logger().log_exc("server.do_POST")
response = self.api.prepare_response(fault)
#self.send_response(500)
#self.end_headers()
It it very similar to SimpleXMLRPCServer but it uses HTTPS for transporting XML data.
"""
+ sfa_logger().debug("SecureXMLRPCServer.__init__, server_address=%s, cert_file=%s"%(server_address,cert_file))
self.logRequests = logRequests
self.interface = None
self.key_file = key_file
# the client.
def _dispatch(self, method, params):
+ sfa_logger().debug("SecureXMLRPCServer._dispatch, method=%s"%method)
try:
return SimpleXMLRPCServer.SimpleXMLRPCDispatcher._dispatch(self, method, params)
except:
# @param cert_file certificate filename containing public key
# (could be a GID file)
- def __init__(self, ip, port, key_file, cert_file):
+ def __init__(self, ip, port, key_file, cert_file,interface):
threading.Thread.__init__(self)
self.key = Keypair(filename = key_file)
self.cert = Certificate(filename = cert_file)
#self.server = SecureXMLRPCServer((ip, port), SecureXMLRpcRequestHandler, key_file, cert_file)
self.server = ThreadedServer((ip, port), SecureXMLRpcRequestHandler, key_file, cert_file)
+ self.server.interface=interface
self.trusted_cert_list = None
self.register_functions()
-
+ sfa_logger().info("Starting SfaServer, interface=%s"%interface)
##
# Register functions that will be served by the XMLRPC server. This
#!/usr/bin/python
-import os
+import os, sys
import traceback
import logging, logging.handlers
+CRITICAL=logging.CRITICAL
+ERROR=logging.ERROR
+WARNING=logging.WARNING
+INFO=logging.INFO
+DEBUG=logging.DEBUG
+
# a logger that can handle tracebacks
class _SfaLogger:
def __init__ (self,logfile=None,loggername=None,level=logging.INFO):
if not logfile:
loggername='console'
handler=logging.StreamHandler()
- handler.setFormatter(logging.Formatter("%(message)s"))
+ handler.setFormatter(logging.Formatter("%(levelname)s %(message)s"))
else:
if not loggername:
loggername=os.path.basename(logfile)
self.logger=logging.getLogger(loggername)
self.logger.setLevel(level)
self.logger.addHandler(handler)
+ self.loggername=loggername
def setLevel(self,level):
self.logger.setLevel(level)
+ # shorthand to avoid having to import logging all over the place
+ def setLevelDebug(self):
+ self.logger.setLevel(logging.DEBUG)
+
+ # define a verbose option with s/t like
+ # parser.add_option("-v", "--verbose", action="count", dest="verbose", default=0)
+ # and pass the coresponding options.verbose to this method to adjust level
+ def setLevelFromOptVerbose(self,verbose):
+ if verbose==0:
+ self.logger.setLevel(logging.WARNING)
+ elif verbose==1:
+ self.logger.setLevel(logging.INFO)
+ elif verbose==2:
+ self.logger.setLevel(logging.DEBUG)
+
####################
def wrap(fun):
def wrapped(self,msg,*args,**kwds):
self.debug("%s BEG STACK"%message+"\n"+to_log)
self.debug("%s END STACK"%message)
-sfa_logger=_SfaLogger(logfile='/var/log/sfa.log')
-sfa_import_logger=_SfaLogger(logfile='/var/log/sfa_import.log')
-console_logger=_SfaLogger()
+####################
+# import-related operations go in this file
+_import_logger=_SfaLogger(logfile='/var/log/sfa_import.log')
+# servers log into /var/log/sfa.log
+_server_logger=_SfaLogger(logfile='/var/log/sfa.log')
+# clients use the console
+_console_logger=_SfaLogger()
+
+# default is to use the server-side logger
+_the_logger=_server_logger
+
+# clients would change the default by issuing one of these call
+def sfa_logger_goes_to_console():
+ current_module=sys.modules[globals()['__name__']]
+ current_module._the_logger=_console_logger
+
+# clients would change the default by issuing one of these call
+def sfa_logger_goes_to_import():
+ current_module=sys.modules[globals()['__name__']]
+ current_module._logger=_import_logger
+
+# this is how to retrieve the 'right' logger
+def sfa_logger():
+ return _the_logger
########################################
import time
logger.setLevel(logging.DEBUG)
logger.debug("logger.debug again")
- @profile(console_logger)
+ sfa_logger_goes_to_console()
+ my_logger=sfa_logger()
+ my_logger.info("redirected to console")
+
+ @profile(my_logger)
def sleep(seconds = 1):
time.sleep(seconds)
-
- console_logger.info('console.info')
+ my_logger.info('console.info')
sleep(0.5)
- console_logger.setLevel(logging.DEBUG)
+ my_logger.setLevel(logging.DEBUG)
sleep(0.25)
+
import xmlrpclib
-from sfa.util.sfalogging import sfa_logger, console_logger
+from sfa.util.sfalogging import sfa_logger
##
# ServerException, ExceptionUnmarshaller
verbose = False
if self.options and self.options.debug:
verbose = True
- if self.options and hasattr(self.options,'client'):
- XMLRPCServerProxy.logger=console_logger
- else:
- XMLRPCServerProxy.logger=sfa_logger
xmlrpclib.ServerProxy.__init__(self, url, transport, allow_none=allow_none, verbose=verbose)
def __getattr__(self, attr):
- XMLRPCServerProxy.logger.debug("Calling xml-rpc method:%s"%attr)
+ sfa_logger().debug("Calling xml-rpc method:%s"%attr)
return xmlrpclib.ServerProxy.__getattr__(self, attr)
git://git.onelab.eu / sfa.git / commitdiff