--- /dev/null
+build/*
+*.pyc
\ No newline at end of file
# (*) otherwise, entering through the root context
# make sync PLCHOST=testbox1.inria.fr GUEST=vplc03.inria.fr
+PLCHOST ?= testplc.onelab.eu
+
ifdef GUEST
ifdef PLCHOST
SSHURL:=root@$(PLCHOST):/vservers/$(GUEST)
@exit 1
else
+$(RSYNC) ./sfa/ $(SSHURL)/usr/lib/python2.5/site-packages/sfa/
+ +$(RSYNC) ./tests/ $(SSHURL)/root/tests-sfa
+$(RSYNC) $(BINS) $(SSHURL)/usr/bin
$(SSHCOMMAND) exec service sfa restart
endif
%define name sfa
%define version 1.0
-%define taglevel 0
+%define taglevel 1
%define release %{taglevel}%{?pldistro:.%{pldistro}}%{?date:.%{date}}
%global python_sitearch %( python -c "from distutils.sysconfig import get_python_lib; print get_python_lib(1)" )
%changelog
+* Mon Oct 04 2010 Thierry Parmentelat <thierry.parmentelat@sophia.inria.fr> - sfa-1.0-1
+- various bugfixes and cleanup, improved/harmonized logging
+
* Tue Sep 07 2010 Tony Mack <tmack@cs.princeton.edu> - sfa-0.9-16
- truncate login base of external (ProtoGeni, etc) slices to 20 characters
to avoid returning a PLCAPI exception that might confuse users.
cache and use in more general ways.
%changelog
+* Mon Oct 04 2010 Thierry Parmentelat <thierry.parmentelat@sophia.inria.fr> - sfa-1.0-1
+- various bugfixes and cleanup, improved/harmonized logging
+
* Thu May 11 2010 Tony Mack <tmack@cs.princeton.edu> - sfa-0.9-11
- SfaServer now uses a pool of threads to handle requests concurrently
- sfa.util.rspec no longer used to process/manage rspecs (deprecated). This is now handled by sfa.plc.network and is not backwards compatible
from StringIO import StringIO
from types import StringTypes, ListType
from optparse import OptionParser
+import zlib
+import logging
+
from sfa.trust.certificate import Keypair, Certificate
from sfa.trust.credential import Credential
from sfa.util.sfaticket import SfaTicket
-from sfa.util.record import *
-from sfa.util.namespace import *
+from sfa.util.record import SfaRecord, UserRecord, SliceRecord, NodeRecord, AuthorityRecord
+from sfa.util.namespace import get_leaf, get_authority, hrn_to_urn
from sfa.util.xmlrpcprotocol import ServerException
import sfa.util.xmlrpcprotocol as xmlrpcprotocol
from sfa.util.config import Config
-import zlib
+from sfa.util.sfalogging import console_logger
+
AGGREGATE_PORT=12346
CM_PORT=12346
class Sfi:
- slicemgr = None
- registry = None
- user = None
- authority = None
- options = None
- hashrequest = False
+ def __init__ (self):
+ self.slicemgr = None
+ self.registry = None
+ self.user = None
+ self.authority = None
+ self.options = None
+ self.hashrequest = False
+ self.logger=console_logger
def create_cmd_parser(self, command, additional_cmdargs=None):
cmdargs = {"list": "name",
cmdargs.update(additional_cmdargs)
if command not in cmdargs:
- print "Invalid command\n"
- print "Commands: ",
- for key in cmdargs.keys():
- print key + ",",
- print ""
+ msg="Invalid command\n"
+ msg+="Commands: "
+ msg += ','.join(cmdargs.keys())
+ self.logger.critical(msg)
sys.exit(2)
parser = OptionParser(usage="sfi [sfi_options] %s [options] %s" \
try:
config = Config (config_file)
except:
- print "Failed to read configuration file", config_file
- print "Make sure to remove the export clauses and to add quotes"
+ self.logger.critical("Failed to read configuration file %s"%config_file)
+ self.logger.info("Make sure to remove the export clauses and to add quotes")
if not self.options.verbose:
- print "Re-run with -v for more details"
+ self.logger.info("Re-run with -v for more details")
else:
- traceback.print_exc()
+ self.logger.log_exc("Could not read config file %s"%config_file)
sys.exit(1)
errors = 0
elif hasattr(config, "SFI_SM"):
sm_url = config.SFI_SM
else:
- print "You need to set e.g. SFI_SM='http://your.slicemanager.url:12347/' in %s" % config_file
+ self.logger.error("You need to set e.g. SFI_SM='http://your.slicemanager.url:12347/' in %s" % config_file)
errors += 1
# Set Registry URL
elif hasattr(config, "SFI_REGISTRY"):
reg_url = config.SFI_REGISTRY
else:
- print "You need to set e.g. SFI_REGISTRY='http://your.registry.url:12345/' in %s" % config_file
+ self.logger.errors("You need to set e.g. SFI_REGISTRY='http://your.registry.url:12345/' in %s" % config_file)
errors += 1
elif hasattr(config, "SFI_USER"):
self.user = config.SFI_USER
else:
- print "You need to set e.g. SFI_USER='plc.princeton.username' in %s" % config_file
+ self.logger.errors("You need to set e.g. SFI_USER='plc.princeton.username' in %s" % config_file)
errors += 1
# Set authority HRN
elif hasattr(config, "SFI_AUTH"):
self.authority = config.SFI_AUTH
else:
- print "You need to set e.g. SFI_AUTH='plc.princeton' in %s" % config_file
+ self.logger.error("You need to set e.g. SFI_AUTH='plc.princeton' in %s" % config_file)
errors += 1
if errors:
self.key_file = key_file
self.cert_file = cert_file
self.cert = Certificate(filename=cert_file)
+ # instruct xmlrpcprotocol to redirect logs to console_logger
+ self.options.client=True
# Establish connection to server(s)
- if self.options.verbose : print "Contacting Registry at:", reg_url
- self.registry = xmlrpcprotocol.get_server(reg_url, key_file, cert_file, self.options.debug)
- if self.options.verbose : print "Contacting Slice Manager at:", sm_url
- self.slicemgr = xmlrpcprotocol.get_server(sm_url, key_file, cert_file, self.options.debug)
+ self.logger.info("Contacting Registry at: %s"%reg_url)
+ self.registry = xmlrpcprotocol.get_server(reg_url, key_file, cert_file, self.options)
+ self.logger.info("Contacting Slice Manager at: %s"%sm_url)
+ self.slicemgr = xmlrpcprotocol.get_server(sm_url, key_file, cert_file, self.options)
return
if (os.path.isfile(file)):
return file
else:
- print "Key file", file, "does not exist"
+ self.logger.error("Key file %s does not exist"%file)
sys.exit(-1)
return
cert.set_pubkey(k)
cert.set_issuer(k, self.user)
cert.sign()
- if self.options.verbose :
- print "Writing self-signed certificate to", file
+ self.logger.info("Writing self-signed certificate to %s"%file)
cert.save_to_file(file)
return file
if args:
hrn = args[0]
gid = self._get_gid(hrn)
- print gid.save_to_string(save_parents=True)
+ self.logger.debug("Sfi.get_gid-> %s",gid.save_to_string(save_parents=True))
return gid
def _get_gid(self, hrn=None):
if not records:
raise RecordNotFound(args[0])
gid = GID(string=records[0]['gid'])
- if self.options.verbose:
- print "Writing gid to ", gidfile
+ self.logger.info("Writing gid to %s"%gidfile)
gid.save_to_file(filename=gidfile)
return gid
def get_auth_cred(self):
if not self.authority:
- print "no authority specified. Use -a or set SF_AUTH"
+ self.logger.critical("no authority specified. Use -a or set SF_AUTH")
sys.exit(-1)
file = os.path.join(self.options.sfi_dir, get_leaf("authority") + ".cred")
return self.get_cred(file, 'authority', self.authority)
if user_name.count(".") > 0:
user_name = user_name.replace(".", '_')
self.user = self.authority + "." + user_name
- cred_str = self.registry.get_self_credential(cert_string, "user", hrn)
+ cred_str = self.registry.GetSelfCredential(cert_string, hrn, "user")
else:
# bootstrap slice credential from user credential
user_cred = self.get_user_cred().save_to_string(save_parents=True)
- cred_str = self.registry.get_credential(user_cred, type, hrn)
+ cred_str = self.registry.GetCredential(user_cred, hrn, type)
if not cred_str:
- print "Failed to get %s credential" % (type)
+ self.logger.critical("Failed to get %s credential" % type)
sys.exit(-1)
cred = Credential(string=cred_str)
cred.save_to_file(file, save_parents=True)
- if self.options.verbose:
- print "Writing %s credential to %s" %(type, file)
+ self.logger.info("Writing %s credential to %s" %(type, file))
return cred
if (os.path.isfile(file)):
return file
else:
- print "No such rspec file", rspec
+ self.logger.critical("No such rspec file"%rspec)
sys.exit(1)
def get_record_file(self, record):
if (os.path.isfile(file)):
return file
else:
- print "No such registry record file", record
+ self.logger.critical("No such registry record file %s"%record)
sys.exit(1)
def load_publickey_string(self, fn):
records = self.registry.Resolve(hrn, user_cred)
records = filter_records('node', records)
if not records:
- print "No such component:", opts.component
+ self.logger.warning("No such component:%r"% opts.component)
record = records[0]
return self.get_server(record['hostname'], CM_PORT, self.key_file, \
- self.cert_file, self.options.debug)
+ self.cert_file, self.options)
- def get_server(self, host, port, keyfile, certfile, debug):
+ def get_server(self, host, port, keyfile, certfile):
"""
Return an instnace of an xmlrpc server connection
"""
url = "http://%s:%s" % (host, port)
- return xmlrpcprotocol.get_server(url, keyfile, certfile, debug)
+ return xmlrpcprotocol.get_server(url, keyfile, certfile, self.options)
def get_server_from_opts(self, opts):
"""
server = self.slicemgr
# direct connection to an aggregate
if hasattr(opts, 'aggregate') and opts.aggregate:
- server = self.get_server(opts.aggregate, opts.port, self.key_file, \
- self.cert_file, self.options.debug)
+ server = self.get_server(opts.aggregate, opts.port, self.key_file, self.cert_file)
# direct connection to the nodes component manager interface
if hasattr(opts, 'component') and opts.component:
server = self.get_component_server_from_hrn(opts.component)
#==========================================================================
def dispatch(self, command, cmd_opts, cmd_args):
- getattr(self, command)(cmd_opts, cmd_args)
+ return getattr(self, command)(cmd_opts, cmd_args)
# list entires in named authority registry
def list(self, opts, args):
slice_cred = self.get_slice_cred(opts.delegate_slice)
cred = self.delegate_cred(slice_cred, delegee_hrn)
else:
- print "Must specify either --user or --slice <hrn>"
+ self.logger.warning("Must specify either --user or --slice <hrn>")
return
delegated_cred = Credential(string=cred)
object_hrn = delegated_cred.get_gid_object().get_hrn()
delegated_cred.save_to_file(dest_fn, save_parents=True)
- print "delegated credential for", object_hrn, "to", delegee_hrn, "and wrote to", dest_fn
+ self.logger.info("delegated credential for %s to %s and wrote to %s"%(object_hrn, delegee_hrn,dest_fn))
def delegate_cred(self, object_cred, hrn):
# the gid and hrn of the object we are delegating
object_hrn = object_gid.get_hrn()
if not object_cred.get_privileges().get_all_delegate():
- print "Error: Object credential", object_hrn, "does not have delegate bit set"
+ self.logger.error("Object credential %s does not have delegate bit set"%object_hrn)
return
# the delegating user's gid
trusted_certs = self.registry.get_trusted_certs()
for trusted_cert in trusted_certs:
cert = Certificate(string=trusted_cert)
- print cert.get_subject()
+ self.logger.debug('Sfi.get_trusted_certs -> %r'%cert.get_subject())
return
def aggregates(self, opts, args):
server = self.get_server_from_opts(opts)
ticket_string = server.GetTicket(slice_urn, creds, rspec, [])
file = os.path.join(self.options.sfi_dir, get_leaf(slice_hrn) + ".ticket")
- print "writing ticket to ", file
+ self.logger.info("writing ticket to %s"%file)
ticket = SfaTicket(string=ticket_string)
ticket.save_to_file(filename=file, save_parents=True)
connections = {}
for hostname in hostnames:
try:
- print "Calling redeem_ticket at %(hostname)s " % locals(),
+ self.logger.info("Calling redeem_ticket at %(hostname)s " % locals())
server = self.get_server(hostname, CM_PORT, self.key_file, \
self.cert_file, self.options.debug)
server.RedeemTicket(ticket.save_to_string(save_parents=True), slice_cred)
- print "Success"
+ self.logger.info("Success")
except socket.gaierror:
- print "Failed:",
- print "Componet Manager not accepting requests"
+ self.logger.error("redeem_ticket failed: Component Manager not accepting requests")
except Exception, e:
- print "Failed:", e.message
+ self.logger.log_exc(e.message)
return
# delete named slice
server = self.get_server_from_opts(opts)
return server.Shutdown(slice_urn, creds)
+
#
# Main: parse arguments and dispatch to command
#
parser = self.create_parser()
(options, args) = parser.parse_args()
self.options = options
-
+
+ if self.options.verbose: self.logger.setLevel(logging.DEBUG)
if options.hashrequest:
self.hashrequest = True
if len(args) <= 0:
- print "No command given. Use -h for help."
- return - 1
+ self.logger.critical("No command given. Use -h for help.")
+ return -1
command = args[0]
(cmd_opts, cmd_args) = self.create_cmd_parser(command).parse_args(args[1:])
- if self.options.verbose :
- print "Registry %s, sm %s, dir %s, user %s, auth %s" % (options.registry, options.sm,
- options.sfi_dir, options.user,
- options.auth)
- print "Command %s" % command
- if command in ("resources"):
- print "resources cmd_opts %s" % cmd_opts.format
- elif command in ("list", "show", "remove"):
- print "cmd_opts.type %s" % cmd_opts.type
- print "cmd_args %s" % cmd_args
-
+
self.set_servers()
+ self.logger.info("Command %s" % command)
+ self.logger.info("dir %s, user %s, auth %s, reg %s, sm %s" % (
+ self. options.sfi_dir, self.options.user,self.options.auth,
+ self.options.registry, self.options.sm))
+ if command in ("resources"):
+ self.logger.debug("resources cmd_opts %s" % cmd_opts.format)
+ elif command in ("list", "show", "remove"):
+ self.logger.debug("cmd_opts.type %s" % cmd_opts.type)
+ self.logger.debug('cmd_args %s',cmd_args)
+
try:
self.dispatch(command, cmd_opts, cmd_args)
except KeyError:
- raise
- print "Command not found:", command
+ self.logger.critical ("Unknown command %s"%command)
sys.exit(1)
return
print >> sys.stderr, "FAILED: on node %s: %s=%s" % (node, name, value)
print command.rspec
-
-
-
print >> sys.stderr, "FAILED: on node %s: %s=%s" % (node, name, value)
print command.rspec
-
-
-
from sfa.util.faults import *
from sfa.util.storage import *
from sfa.util.policy import Policy
-from sfa.util.debug import log
from sfa.server.aggregate import Aggregates
from sfa.server.registry import Registries
from sfa.util.faults import *
from sfa.util.policy import Policy
from sfa.util.record import *
from sfa.util.sfaticket import SfaTicket
-from sfa.util.debug import log
from sfa.plc.slices import Slices
from sfa.trust.credential import Credential
import sfa.plc.peers as peers
from sfa.util.record import *
from sfa.util.sfaticket import SfaTicket
from sfa.server.registry import Registries
-from sfa.util.debug import log
from sfa.plc.slices import Slices
import sfa.plc.peers as peers
from sfa.managers.vini.vini_network import *
from sfa.trust.credential import *
from sfa.trust.certificate import *
from sfa.util.faults import *
+from sfa.trust.gid import create_uuid
def get_version(api):
version = {}
from sfa.trust.credential import Credential
from sfa.util.threadmanager import ThreadManager
import sfa.util.xmlrpcprotocol as xmlrpcprotocol
-from sfa.util.debug import log
import sfa.plc.peers as peers
from copy import copy
return merged_rspec
def renew_slice(api, xrn, creds, expiration_time):
+ hrn, type = urn_to_hrn(xrn)
+
# get the callers hrn
valid_cred = api.auth.checkCredentials(creds, 'renewesliver', hrn)[0]
caller_hrn = Credential(string=valid_cred).get_gid_caller().get_hrn()
aggregate_rspecs[aggregate_hrn] = rspec
# get the callers hrn
- valid_cred = api.auth.checkCredentials(creds, 'getticket', hrn)[0]
+ valid_cred = api.auth.checkCredentials(creds, 'getticket', slice_hrn)[0]
caller_hrn = Credential(string=valid_cred).get_gid_caller().get_hrn()
# attempt to use delegated credential first
def delete_slice(api, xrn, creds):
+ hrn, type = urn_to_hrn(xrn)
+
# get the callers hrn
valid_cred = api.auth.checkCredentials(creds, 'deletesliver', hrn)[0]
caller_hrn = Credential(string=valid_cred).get_gid_caller().get_hrn()
return 1
def start_slice(api, xrn, creds):
+ hrn, type = urn_to_hrn(xrn)
+
# get the callers hrn
valid_cred = api.auth.checkCredentials(creds, 'startslice', hrn)[0]
caller_hrn = Credential(string=valid_cred).get_gid_caller().get_hrn()
return 1
def stop_slice(api, xrn, creds):
+ hrn, type = urn_to_hrn(xrn)
+
# get the callers hrn
valid_cred = api.auth.checkCredentials(creds, 'stopslice', hrn)[0]
caller_hrn = Credential(string=valid_cred).get_gid_caller().get_hrn()
return slices
# get the callers hrn
- valid_cred = api.auth.checkCredentials(creds, 'listslices', hrn)[0]
+ valid_cred = api.auth.checkCredentials(creds, 'listslices', None)[0]
caller_hrn = Credential(string=valid_cred).get_gid_caller().get_hrn()
# attempt to use delegated credential first
from sfa.util.method import Method
from sfa.util.parameter import Parameter, Mixed
from sfa.util.sfatablesRuntime import run_sfatables
-import sys
from sfa.trust.credential import Credential
class CreateSliver(Method):
allocated = manager.create_slice(self.api, slice_xrn, creds, rspec, users)
return rspec
-
-### $Id: get_credential.py 17576 2010-04-05 20:56:15Z tmack $
-### $URL: https://svn.planet-lab.org/svn/sfa/trunk/sfa/methods/get_credential.py $
-
+#
from sfa.trust.credential import *
from sfa.trust.rights import *
from sfa.util.faults import *
from sfa.util.namespace import *
from sfa.util.method import Method
from sfa.util.parameter import Parameter, Mixed
-from sfa.util.debug import log
from sfa.trust.credential import Credential
class GetCredential(Method):
"""
Retrive a credential for an object
- If cred == None then the behavior reverts to get_self_credential
+ If cred == None then the behavior reverts to GetSelfCredential
@param hrn human readable name of object (hrn or urn)
@param cred credential object specifying rights of the caller
-### $Id: get_credential.py 15321 2009-10-15 05:01:21Z tmack $
-### $URL: https://svn.planet-lab.org/svn/sfa/trunk/sfa/methods/get_credential.py $
from sfa.trust.credential import *
from sfa.trust.rights import *
from sfa.util.method import Method
from sfa.util.parameter import Parameter, Mixed
from sfa.util.record import SfaRecord
-from sfa.util.debug import log
from sfa.trust.certificate import Certificate
class GetSelfCredential(Method):
def call(self, cert, xrn, type):
"""
- get_self_credential a degenerate version of get_credential used by a client
+ GetSelfCredential a degenerate version of GetCredential used by a client
to get his initial credential when de doesnt have one. This is the same as
get_credetial(..., cred = None, ...)
class RedeemTicket(Method):
"""
- Deprecated. Use RedeemTicket instead.
@param cred credential string specifying the rights of the caller
@param ticket
from sfa.util.method import Method
from sfa.util.parameter import Parameter, Mixed
from sfa.util.record import SfaRecord
-from sfa.util.debug import log
from sfa.trust.auth import Auth
from sfa.trust.gid import create_uuid
from sfa.trust.credential import Credential
from sfa.util.parameter import Parameter, Mixed
from sfa.util.record import SfaRecord
from sfa.util.table import SfaTable
-from sfa.util.debug import log
from sfa.trust.auth import Auth
from sfa.trust.gid import create_uuid
from sfa.trust.credential import Credential
from sfa.util.namespace import *
from sfa.util.method import Method
from sfa.util.parameter import Parameter, Mixed
-from sfa.util.debug import log
from sfa.trust.credential import Credential
class Remove(Method):
from sfa.trust.auth import Auth
from sfa.util.record import SfaRecord
from sfa.util.table import SfaTable
-from sfa.util.debug import log
from sfa.trust.credential import Credential
from types import StringTypes
from sfa.util.namespace import *
from sfa.util.method import Method
from sfa.util.parameter import Parameter, Mixed
-from sfa.util.debug import log
from sfa.trust.credential import Credential
from sfa.util.record import SfaRecord
from sfa.util.faults import *
from sfa.util.method import Method
from sfa.util.parameter import Parameter, Mixed
-from sfa.util.debug import log
from sfa.trust.credential import Credential
class Update(Method):
-## Please use make index to update this file
all = """
-create_slice
-delete_slice
+GetCredential
+GetSelfCredential
+GetGids
get_aggregates
-get_credential
-get_gids
get_key
get_registries
-get_resources
-get_self_credential
-get_slices
-get_ticket
get_trusted_certs
-list
List
-redeem_ticket
RedeemTicket
-register
Register
register_peer_object
-remove
Remove
reset_slice
-resolve
Resolve
-start_slice
-stop_slice
-update
Update
remove_peer_object
GetTicket
+++ /dev/null
-### $Id$
-### $URL$
-
-from sfa.util.faults import *
-from sfa.util.namespace import *
-from sfa.util.method import Method
-from sfa.util.parameter import Parameter, Mixed
-from sfa.methods.CreateSliver import CreateSliver
-
-class create_slice(CreateSliver):
- """
- Deprecated. Use CreateSliver instead.
- Instantiate the specified slice according to whats defined in the specified rspec
-
- @param cred credential string specifying the rights of the caller
- @param hrn human readable name of slice to instantiate (hrn or xrn)
- @param rspec resource specification
- @return 1 is successful, faults otherwise
- """
-
- interfaces = ['aggregate', 'slicemgr']
-
- accepts = [
- Parameter(str, "Credential string"),
- Parameter(str, "Human readable name of slice to instantiate (hrn or xrn)"),
- Parameter(str, "Resource specification"),
- Mixed(Parameter(str, "Human readable name of the original caller"),
- Parameter(None, "Origin hrn not specified"))
- ]
-
- returns = Parameter(int, "1 if successful")
-
- def call(self, cred, xrn, requested_rspec, origin_hrn=None):
-
- return CreateSliver.call(self, xrn, cred, requested_rspec, [])
+++ /dev/null
-### $Id$
-### $URL$
-
-from sfa.util.faults import *
-from sfa.util.namespace import *
-from sfa.util.method import Method
-from sfa.util.parameter import Parameter, Mixed
-from sfa.methods.DeleteSliver import DeleteSliver
-
-class delete_slice(DeleteSliver):
- """
- Deprecated. Use delete instead.
-
- Remove the slice from all nodes.
-
- @param cred credential string specifying the rights of the caller
- @param xrn human readable name specifying the slice to delete (hrn or urn)
- @return 1 if successful, faults otherwise
- """
-
- interfaces = ['aggregate', 'slicemgr', 'component']
-
- accepts = [
- Parameter(str, "Credential string"),
- Parameter(str, "Human readable name of slice to delete (hrn or urn)"),
- Mixed(Parameter(str, "Human readable name of the original caller"),
- Parameter(None, "Origin hrn not specified"))
- ]
-
- returns = Parameter(int, "1 if successful")
-
- def call(self, cred, xrn, origin_hrn=None):
-
- return DeleteSliver.call(self, xrn, cred)
+++ /dev/null
-### $Id$
-### $URL$
-
-from sfa.trust.credential import *
-from sfa.trust.rights import *
-from sfa.util.faults import *
-from sfa.util.namespace import *
-from sfa.util.method import Method
-from sfa.util.parameter import Parameter, Mixed
-from sfa.methods.GetCredential import GetCredential
-
-class get_credential(GetCredential):
- """
- Deprecated. Use GetCredential instead.
-
- Retrive a credential for an object
- If cred == Nonee then the behavior reverts to get_self_credential
-
- @param cred credential object specifying rights of the caller
- @param type type of object (user | slice | sa | ma | node)
- @param hrn human readable name of object (hrn or urn)
-
- @return the string representation of a credential object
- """
-
- interfaces = ['registry']
-
- accepts = [
- Mixed(Parameter(str, "credential"),
- Parameter(None, "No credential")),
- Parameter(str, "Human readable name (hrn or urn)")
- ]
-
- returns = Parameter(str, "String representation of a credential object")
-
- def call(self, cred, type, xrn, origin_hrn=None):
- return GetCredential.call(self, cred, xrn, type)
+++ /dev/null
-from sfa.util.faults import *
-from sfa.util.method import Method
-from sfa.util.parameter import Parameter, Mixed
-from sfa.methods.GetGids import GetGids
-
-class get_gids(GetGids):
- """
- Deprecated. Use GetGids instead.
-
- Get a list of record information (hrn, gid and type) for
- the specified hrns.
-
- @param cred credential string
- @param cert certificate string
- @return
- """
-
- interfaces = ['registry']
-
- accepts = [
- Parameter(str, "Certificate string"),
- Mixed(Parameter(str, "Human readable name (hrn or xrn)"),
- Parameter(type([str]), "List of Human readable names (hrn or xrn)"))
- ]
-
- returns = [Parameter(dict, "Dictionary of gids keyed on hrn")]
-
- def call(self, cred, xrns):
-
- return GetGids.call(self, xrns, cred)
+++ /dev/null
-### $Id$
-### $URL$
-
-from sfa.util.faults import *
-from sfa.util.method import Method
-from sfa.util.parameter import Parameter, Mixed
-from sfa.methods.ListResources import ListResources
-# RSpecManager_pl is not used. This line is a check that ensures that everything is in place for the import to work.
-import sfa.rspecs.aggregates.rspec_manager_pl
-
-class get_resources(ListResources):
- """
- Deprecated. Use ListResources instead.
-
- Get an resource specification (rspec). The rspec may describe the resources
- available at an authority or the resources being used by a slice.
-
- @param cred credential string specifying the rights of the caller
- @param hrn human readable name of the slice we are interesed in or None
- for an authority.
- """
-
- interfaces = ['aggregate', 'slicemgr']
-
- accepts = [
- Parameter(str, "Credential string"),
- Mixed(Parameter(str, "Human readable name (hrn or urn)"),
- Parameter(None, "hrn not specified")),
- Mixed(Parameter(str, "Human readable name of the original caller"),
- Parameter(None, "Origin hrn not specified"))
- ]
-
- returns = Parameter(str, "String representatin of an rspec")
-
- def call(self, cred, xrn=None, origin_hrn=None):
- options = {'geni_slice_urn': xrn,
- 'origin_hrn': origin_hrn
- }
-
- return ListResources.call(self, cred, options)
+++ /dev/null
-### $Id: get_credential.py 15321 2009-10-15 05:01:21Z tmack $
-### $URL: https://svn.planet-lab.org/svn/sfa/trunk/sfa/methods/get_credential.py $
-
-from sfa.trust.credential import *
-from sfa.trust.rights import *
-from sfa.util.faults import *
-from sfa.util.namespace import *
-from sfa.util.method import Method
-from sfa.util.parameter import Parameter, Mixed
-from sfa.util.record import SfaRecord
-from sfa.util.debug import log
-from sfa.methods.GetSelfCredential import GetSelfCredential
-
-class get_self_credential(GetSelfCredential):
- """
- Deprecated. Use GetSelfCredential instead.
-
- Retrive a credential for an object
- @param cert certificate string
- @param type type of object (user | slice | sa | ma | node)
- @param hrn human readable name of object (hrn or urn)
-
- @return the string representation of a credential object
- """
-
- interfaces = ['registry']
-
- accepts = [
- Parameter(str, "Human readable name (hrn or urn)"),
- Parameter(str, "certificate"),
- Mixed(Parameter(str, "Request hash"),
- Parameter(None, "Request hash not specified"))
- ]
-
- returns = Parameter(str, "String representation of a credential object")
-
- def call(self, cert, type, xrn, origin_hrn=None):
- """
- get_self_credential a degenerate version of get_credential used by a client
- to get his initial credential when de doesnt have one. This is the same as
- get_credetial(..., cred = None, ...)
-
- The registry ensures that the client is the principal that is named by
- (type, name) by comparing the public key in the record's GID to the
- private key used to encrypt the client side of the HTTPS connection. Thus
- it is impossible for one principal to retrive another principal's
- credential without having the appropriate private key.
-
- @param type type of object (user | slice | sa | ma | node)
- @param hrn human readable name of authority to list
- @return string representation of a credential object
- """
- return GetSelfCredential.call(self, cert, xrn, type)
+++ /dev/null
-### $Id$
-### $URL$
-
-from sfa.util.faults import *
-from sfa.util.method import Method
-from sfa.util.parameter import Parameter, Mixed
-from sfa.methods.ListSlices import ListSlices
-
-class get_slices(ListSlices):
- """
- Deprecated. Use ListSlices instead.
- Get a list of instantiated slices at this authority.
-
- @param cred credential string specifying the rights of the caller
- @return list of human readable slice names (hrn).
- """
-
- interfaces = ['aggregate', 'slicemgr', 'component']
-
- accepts = [
- Parameter(str, "Credential string"),
- Mixed(Parameter(str, "Human readable name of the original caller"),
- Parameter(None, "Origin hrn not specified"))
- ]
-
- returns = [Parameter(str, "Human readable slice name (hrn)")]
-
- def call(self, cred, origin_hrn=None):
-
- return ListSlices.call(self, cred)
+++ /dev/null
-### $Id$
-### $URL$
-import time
-from sfa.util.faults import *
-from sfa.util.namespace import *
-from sfa.util.method import Method
-from sfa.util.parameter import Parameter, Mixed
-from sfa.methods.GetTicket import GetTicket
-
-class get_ticket(GetTicket):
- """
- Deprecated. Use GetTicket instead.
-
- Retrieve a ticket. This operation is currently implemented on PLC
- only (see SFA, engineering decisions); it is not implemented on
- components.
-
- The ticket is filled in with information from the PLC database. This
- information includes resources, and attributes such as user keys and
- initscripts.
-
- @param cred credential string
- @param name name of the slice to retrieve a ticket for (hrn or urn)
- @param rspec resource specification dictionary
-
- @return the string representation of a ticket object
- """
-
- interfaces = ['aggregate', 'slicemgr']
-
- accepts = [
- Parameter(str, "Credential string"),
- Parameter(str, "Human readable name of slice to retrive a ticket for (hrn or urn)"),
- Parameter(str, "Resource specification (rspec)"),
- Mixed(Parameter(str, "Human readable name of the original caller"),
- Parameter(None, "Origin hrn not specified"))
- ]
-
- returns = Parameter(str, "String represeneation of a ticket object")
-
- def call(self, cred, xrn, rspec, origin_hrn=None):
-
- return GetTicket.call(self, xrn, cred, rspec, None)
-
-### $URL: https://svn.planet-lab.org/svn/sfa/trunk/sfa/methods/reset_slices.py $
-
from sfa.util.faults import *
from sfa.util.method import Method
from sfa.util.parameter import Parameter, Mixed
from sfa.trust.auth import Auth
from sfa.trust.credential import Credential
+
class get_trusted_certs(Method):
"""
@param cred credential string specifying the rights of the caller
# If cred is not specified just return the gid for this interface.
# This is true when when a peer is attempting to initiate federation
# with this interface
- print cred
+ self.api.logger.debug("get_trusted_certs: %r"%cred)
if not cred:
gid_strings = []
for gid in self.api.auth.trusted_cert_list:
+++ /dev/null
-### $Id$
-### $URL$
-
-from sfa.util.faults import *
-from sfa.util.namespace import *
-from sfa.util.method import Method
-from sfa.util.parameter import Parameter, Mixed
-from sfa.util.record import SfaRecord
-from sfa.methods.List import List
-
-class list(List):
- """
- Deprecated. Use List instead.
-
- List the records in an authority.
-
- @param cred credential string specifying the rights of the caller
- @param hrn human readable name of authority to list (hrn or urn)
- @return list of record dictionaries
- """
- interfaces = ['registry']
-
- accepts = [
- Parameter(str, "Credential string"),
- Parameter(str, "Human readable name (hrn or urn)"),
- Mixed(Parameter(str, "Human readable name of the original caller"),
- Parameter(None, "Origin hrn not specified"))
- ]
-
- returns = [SfaRecord]
-
- def call(self, cred, xrn, origin_hrn=None):
-
- return List.call(self, xrn, cred)
+++ /dev/null
-### $Id: reset_slice.py 15428 2009-10-23 15:28:03Z tmack $
-### $URL: https://svn.planet-lab.org/svn/sfa/trunk/sfacomponent/methods/reset_slice.py $
-import xmlrpclib
-from sfa.util.faults import *
-from sfa.util.method import Method
-from sfa.util.parameter import Parameter, Mixed
-from sfa.methods.RedeemTicket import RedeemTicket
-
-class redeem_ticket(RedeemTicket):
- """
- Deprecated. Use RedeemTicket instead.
-
- Redeem a approved set of resource allocations (ticket).
-
- @param cred credential string specifying the rights of the caller
- @param ticket
- @return 1 is successful, faults otherwise
- """
-
- interfaces = ['component']
-
- accepts = [
- Parameter(str, "Credential string representation of SFA credential"),
- Parameter(str, "Ticket string representation of SFA ticket")
- ]
-
- returns = [Parameter(int, "1 if successful")]
-
- def call(self, cred, ticket):
-
- return RedeemTicket.call(self, ticket, cred)
+++ /dev/null
-### $Id$
-### $URL$
-
-from sfa.trust.certificate import Keypair, convert_public_key
-from sfa.trust.gid import *
-from sfa.util.faults import *
-from sfa.util.method import Method
-from sfa.util.parameter import Parameter, Mixed
-from sfa.methods.Register import Register
-
-class register(Register):
- """
- Deprecated. Used Register instead.
-
- Register an object with the registry. In addition to being stored in the
- SFA database, the appropriate records will also be created in the
- PLC databases
-
- @param cred credential string
- @param record_dict dictionary containing record fields
-
- @return gid string representation
- """
-
- interfaces = ['registry']
-
- accepts = [
- Parameter(str, "Credential string"),
- Parameter(dict, "Record dictionary containing record fields")
- ]
-
- returns = Parameter(int, "String representation of gid object")
-
- def call(self, cred, record, origin_hrn=None):
-
- return Register.call(self, record, cred)
from sfa.util.parameter import Parameter, Mixed
from sfa.util.record import SfaRecord
from sfa.util.table import SfaTable
-from sfa.util.debug import log
from sfa.trust.auth import Auth
from sfa.trust.gid import create_uuid
from sfa.trust.credential import Credential
+++ /dev/null
-### $Id$
-### $URL$
-
-from sfa.util.faults import *
-from sfa.util.namespace import *
-from sfa.util.method import Method
-from sfa.util.parameter import Parameter, Mixed
-from sfa.methods.Remove import Remove
-
-class remove(Remove):
- """
- Deprecated. Use Remove instead.
-
- Remove an object from the registry. If the object represents a PLC object,
- then the PLC records will also be removed.
-
- @param cred credential string
- @param type record type
- @param xrn human readable name of record to remove (hrn or urn)
-
- @return 1 if successful, faults otherwise
- """
-
- interfaces = ['registry']
-
- accepts = [
- Parameter(str, "Credential string"),
- Parameter(str, "Record type"),
- Parameter(str, "Human readable name of slice to instantiate (hrn or urn)"),
- Mixed(Parameter(str, "Human readable name of the original caller"),
- Parameter(None, "Origin hrn not specified"))
- ]
-
- returns = Parameter(int, "1 if successful")
-
- def call(self, cred, type, xrn, origin_hrn=None):
-
- return Remove.call(self, xrn, cred, type)
from sfa.trust.auth import Auth
from sfa.util.record import SfaRecord
from sfa.util.table import SfaTable
-from sfa.util.debug import log
from sfa.trust.credential import Credential
from types import StringTypes
+++ /dev/null
-### $Id$
-### $URL$
-import traceback
-import types
-from sfa.util.faults import *
-from sfa.util.namespace import *
-from sfa.util.method import Method
-from sfa.util.parameter import Parameter, Mixed
-from sfa.util.record import SfaRecord
-from sfa.methods.Resolve import Resolve
-
-class resolve(Resolve):
- """
- Deprecated. Use Resolve instead
- Resolve a record.
-
- @param cred credential string authorizing the caller
- @param hrn human readable name to resolve (hrn or urn)
- @return a list of record dictionaries or empty list
- """
-
- interfaces = ['registry']
-
- accepts = [
- Parameter(str, "Credential string"),
- Mixed(Parameter(str, "Human readable name (hrn or urn)"),
- Parameter(list, "List of Human readable names ([hrn])"))
- ]
-
- returns = [SfaRecord]
-
- def call(self, cred, xrns, origin_hrn=None):
- return Resolve.call(self, xrns, cred)
-
-
-
+++ /dev/null
-### $Id$
-### $URL$
-
-from sfa.util.faults import *
-from sfa.util.namespace import *
-from sfa.util.method import Method
-from sfa.util.parameter import Parameter, Mixed
-from sfa.methods.Start import Start
-
-class start_slice(Start):
- """
- Deprecated. Use Start instead
-
- Start the specified slice
-
- @param cred credential string specifying the rights of the caller
- @param hrn human readable name of slice to instantiate (urn or hrn)
- @return 1 is successful, faults otherwise
- """
-
- interfaces = ['aggregate', 'slicemgr', 'component']
-
- accepts = [
- Parameter(str, "Credential string"),
- Parameter(str, "Human readable name of slice to instantiate (urn or hrn)"),
- Mixed(Parameter(str, "Human readable name of the original caller"),
- Parameter(None, "Origin hrn not specified"))
- ]
-
- returns = [Parameter(int, "1 if successful")]
-
- def call(self, cred, xrn, origin_hrn=None):
-
- return Start.call(self, xrn, cred)
+++ /dev/null
-### $Id$
-### $URL$
-
-from sfa.util.faults import *
-from sfa.util.namespace import *
-from sfa.util.method import Method
-from sfa.util.parameter import Parameter, Mixed
-from sfa.methods.Stop import Stop
-
-class stop_slice(Stop):
- """
- Deprecated. Use Stop instead
- Stop the specified slice
-
- @param cred credential string specifying the rights of the caller
- @param xrn human readable name of slice to instantiate (hrn or urn)
- @return 1 is successful, faults otherwise
- """
-
- interfaces = ['aggregate', 'slicemgr', 'component']
-
- accepts = [
- Parameter(str, "Credential string"),
- Parameter(str, "Human readable name of slice to instantiate (hrn or urn)"),
- Mixed(Parameter(str, "Human readable name of the original caller"),
- Parameter(None, "Origin hrn not specified"))
- ]
-
- returns = Parameter(int, "1 if successful")
-
- def call(self, cred, xrn, origin_hrn=None):
-
- return Stop.call(self, xrn, cred)
+++ /dev/null
-### $Id$
-### $URL$
-
-import time
-from sfa.util.faults import *
-from sfa.util.method import Method
-from sfa.util.parameter import Parameter, Mixed
-from sfa.methods.Update import Update
-
-class update(Update):
- """
- Deprecated. Use Update instead.
-
- Update an object in the registry. Currently, this only updates the
- PLC information associated with the record. The SFA fields (name, type,
- GID) are fixed.
-
- @param cred credential string specifying rights of the caller
- @param record a record dictionary to be updated
-
- @return 1 if successful, faults otherwise
- """
-
- interfaces = ['registry']
-
- accepts = [
- Parameter(str, "Credential string"),
- Parameter(dict, "Record dictionary to be updated"),
- Mixed(Parameter(str, "Human readable name of the original caller"),
- Parameter(None, "Origin hrn not specified"))
- ]
-
- returns = Parameter(int, "1 if successful")
-
- def call(self, cred, record_dict, origin_hrn=None):
-
- return Update.call(self, record_dict, cred)
-
import string
import xmlrpclib
-import sfa.util.sfalogging
+from sfa.util.sfalogging import sfa_logger
from sfa.trust.auth import Auth
from sfa.util.config import *
from sfa.util.faults import *
-from sfa.util.debug import *
from sfa.trust.rights import *
from sfa.trust.credential import *
from sfa.trust.certificate import *
self.hrn = self.config.SFA_INTERFACE_HRN
self.time_format = "%Y-%m-%d %H:%M:%S"
- self.logger=sfa.util.sfalogging.logger
+ self.logger=sfa_logger
def getPLCShell(self):
self.plauth = {'Username': self.config.SFA_PLC_USER,
registry = registries[self.hrn]
cert_string=self.cert.save_to_string(save_parents=True)
# get self credential
- self_cred = registry.get_self_credential(cert_string, type, self.hrn)
+ self_cred = registry.GetSelfCredential(cert_string, self.hrn, type)
# get credential
- cred = registry.get_credential(self_cred, type, self.hrn)
+ cred = registry.GetCredential(self_cred, type, self.hrn)
# save cred to file
Credential(string=cred).save_to_file(cred_filename, save_parents=True)
import string
import xmlrpclib
-import sfa.util.sfalogging
+from sfa.util.sfalogging import sfa_logger
import sfa.util.xmlrpcprotocol as xmlrpcprotocol
from sfa.trust.auth import Auth
from sfa.util.config import *
from sfa.util.faults import *
-from sfa.util.debug import *
from sfa.trust.rights import *
from sfa.trust.credential import *
from sfa.trust.certificate import *
self.hrn = self.config.SFA_INTERFACE_HRN
self.time_format = "%Y-%m-%d %H:%M:%S"
- self.logger=sfa.util.sfalogging.logger
+ self.logger=sfa_logger
def getPLCShell(self):
self.plauth = {'Username': self.config.SFA_PLC_USER,
def getCredential(self):
"""
- Retrun a valid credential for this interface.
+ Return a valid credential for this interface.
"""
if self.interface in ['registry']:
return self.getCredentialFromLocalRegistry()
registry = registries[self.hrn]
cert_string=self.cert.save_to_string(save_parents=True)
# get self credential
- self_cred = registry.get_self_credential(cert_string, type, self.hrn)
+ self_cred = registry.GetSelfCredential(cert_string, self.hrn, type)
# get credential
- cred = registry.get_credential(self_cred, type, self.hrn)
+ cred = registry.GetCredential(self_cred, self.hrn, type)
# save cred to file
Credential(string=cred).save_to_file(cred_filename, save_parents=True)
# get credential from registry
cert_str = Certificate(filename=cert_filename).save_to_string(save_parents=True)
registry = self.get_registry()
- cred = registry.get_self_credential(cert_str, 'node', hrn)
+ cred = registry.GetSelfCredential(cert_str, hrn, 'node')
Credential(string=cred).save_to_file(credfile, save_parents=True)
return cred
os.unlink(f)
# install the new key pair
- # get_credential will take care of generating the new keypair
+ # GetCredential will take care of generating the new keypair
# and credential
self.get_node_key()
self.getCredential()
self.hostname = iface['hostname']
self.primary = iface['is_primary']
- """
- Just print out bwlimit right now
- """
def toxml(self, xml):
+ """
+ Just print out bwlimit right now
+ """
if self.bwlimit:
with xml.bw_limit(units="kbps"):
xml << str(self.bwlimit / 1000)
import xmlrpclib
class RemoteShell:
- def __init__(self):
+ def __init__(self,logger):
self.servers = {}
+ self.logger=logger
def call(self, name, pl_auth, *args):
key = pl_auth["Url"] + "#" + pl_auth["Username"]
if not (key in self.servers):
+ self.logger.info("Connecting to PLCAPI at url %s"%pl_auth['Url'])
server = xmlrpclib.Server(pl_auth["Url"], verbose = 0, allow_none=True)
#server.AdmAuthCheck(pl_auth)
server.AuthCheck(pl_auth)
#!/usr/bin/python
#
-### $Id$
-### $URL$
-#
##
# Import PLC records into the SFA database. It is indended that this tool be
# run once to create SFA records that reflect the current state of the
import getopt
import sys
import tempfile
-import logging.handlers
import logging
+
from sfa.util.record import *
from sfa.util.table import SfaTable
from sfa.util.namespace import *
from sfa.trust.hierarchy import *
from sfa.plc.api import *
from sfa.trust.gid import create_uuid
-from sfa.plc.sfaImport import *
-from sfa.util.report import trace, error
+from sfa.plc.sfaImport import sfaImport
def process_options():
- global hrn
(options, args) = getopt.getopt(sys.argv[1:], '', [])
for opt in options:
f.close()
def main():
- # setup the logger
- LOGFILE='/var/log/sfa_import_plc.log'
- logging.basicConfig(level=logging.INFO,
- format='%(asctime)s - %(message)s',
- filename=LOGFILE)
- rotate_handler = logging.handlers.RotatingFileHandler(LOGFILE, maxBytes=1000000, backupCount=5)
- logger = logging.getLogger()
- logger.addHandler(rotate_handler)
-
+
process_options()
config = Config()
if not config.SFA_REGISTRY_ENABLED:
root_auth = config.SFA_REGISTRY_ROOT_AUTH
interface_hrn = config.SFA_INTERFACE_HRN
keys_filename = config.config_path + os.sep + 'person_keys.py'
- sfaImporter = sfaImport(logger)
+ sfaImporter = sfaImport()
+ if config.SFA_API_DEBUG: sfaImporter.logger.setLevel(logging.DEBUG)
shell = sfaImporter.shell
plc_auth = sfaImporter.plc_auth
- AuthHierarchy = sfaImporter.AuthHierarchy
- TrustedRoots = sfaImporter.TrustedRoots
table = SfaTable()
if not table.exists():
if not root_auth == interface_hrn:
sfaImporter.create_top_level_auth_records(interface_hrn)
- trace("Import: adding " + interface_hrn + " to trusted list", logger)
- authority = AuthHierarchy.get_auth_info(interface_hrn)
- TrustedRoots.add_gid(authority.get_gid_object())
+ sfaImporter.logger.info("Import: adding " + interface_hrn + " to trusted list")
+ authority = sfaImporter.AuthHierarchy.get_auth_info(interface_hrn)
+ sfaImporter.TrustedRoots.add_gid(authority.get_gid_object())
if ".vini" in interface_hrn and interface_hrn.endswith('vini'):
# create a fake internet2 site first
sfaImporter.delete_record(record_hrn, type)
# save pub keys
- trace('Import: saving current pub keys', logger)
+ sfaImporter.logger.info('Import: saving current pub keys')
save_keys(keys_filename, person_keys)
if __name__ == "__main__":
from sfa.trust.hierarchy import *
from sfa.util.record import *
from sfa.util.table import SfaTable
+from sfa.util.sfalogging import sfa_import_logger
def process_options():
def main():
process_options()
- print "Purging SFA records from database"
+ sfa_import_logger.info("Purging SFA records from database")
table = SfaTable()
table.sfa_records_purge()
import sys
import tempfile
+from sfa.util.sfalogging import sfa_import_logger
from sfa.util.record import *
from sfa.util.table import SfaTable
from sfa.util.namespace import *
from sfa.util.config import Config
-from sfa.util.report import trace, error
from sfa.trust.certificate import convert_public_key, Keypair
from sfa.trust.trustedroot import *
from sfa.trust.hierarchy import *
from sfa.trust.gid import create_uuid
-def un_unicode(str):
+def _un_unicode(str):
if isinstance(str, unicode):
return str.encode("ascii", "ignore")
else:
return str
-def cleanup_string(str):
+def _cleanup_string(str):
# pgsql has a fit with strings that have high ascii in them, so filter it
# out when generating the hrns.
tmp = ""
tmp = tmp + c
str = tmp
- str = un_unicode(str)
+ str = _un_unicode(str)
str = str.replace(" ", "_")
str = str.replace(".", "_")
str = str.replace("(", "_")
class sfaImport:
- def __init__(self, logger=None):
- self.logger = logger
+ def __init__(self):
+ self.logger = sfa_import_logger
self.AuthHierarchy = Hierarchy()
self.config = Config()
self.TrustedRoots = TrustedRootList(Config.get_trustedroots_dir(self.config))
self.shell = None
if "Url" in self.plc_auth:
from sfa.plc.remoteshell import RemoteShell
- self.shell = RemoteShell()
+ self.shell = RemoteShell(self.logger)
else:
import PLC.Shell
self.shell = PLC.Shell.Shell(globals = globals())
def create_top_level_auth_records(self, hrn):
- AuthHierarchy = self.AuthHierarchy
urn = hrn_to_urn(hrn, 'authority')
# make sure parent exists
parent_hrn = get_authority(hrn)
self.create_top_level_auth_records(parent_hrn)
# create the authority if it doesnt already exist
- if not AuthHierarchy.auth_exists(urn):
- trace("Import: creating top level authorites", self.logger)
- AuthHierarchy.create_auth(urn)
+ if not self.AuthHierarchy.auth_exists(urn):
+ self.logger.info("Import: creating top level authorites")
+ self.AuthHierarchy.create_auth(urn)
# create the db record if it doesnt already exist
- auth_info = AuthHierarchy.get_auth_info(hrn)
+ auth_info = self.AuthHierarchy.get_auth_info(hrn)
table = SfaTable()
auth_record = table.find({'type': 'authority', 'hrn': hrn})
if not auth_record:
auth_record = SfaRecord(hrn=hrn, gid=auth_info.get_gid_object(), type="authority", pointer=-1)
auth_record['authority'] = get_authority(auth_record['hrn'])
- trace("Import: inserting authority record for " + hrn, self.logger)
+ self.logger.info("Import: inserting authority record for " + hrn)
table.insert(auth_record)
def import_person(self, parent_hrn, person):
- AuthHierarchy = self.AuthHierarchy
hrn = email_to_hrn(parent_hrn, person['email'])
# ASN.1 will have problems with hrn's longer than 64 characters
if len(hrn) > 64:
hrn = hrn[:64]
- trace("Import: importing person " + hrn, self.logger)
+ self.logger.info("Import: importing person " + hrn)
key_ids = []
if 'key_ids' in person and person['key_ids']:
key_ids = person["key_ids"]
pkey = Keypair(create=True)
else:
# the user has no keys
- trace(" person " + hrn + " does not have a PL public key", self.logger)
+ self.logger.info(" person " + hrn + " does not have a PL public key")
# if a key is unavailable, then we still need to put something in the
# user's GID. So make one up.
pkey = Keypair(create=True)
# create the gid
urn = hrn_to_urn(hrn, 'user')
- person_gid = AuthHierarchy.create_gid(urn, create_uuid(), pkey)
+ person_gid = self.AuthHierarchy.create_gid(urn, create_uuid(), pkey)
table = SfaTable()
person_record = SfaRecord(hrn=hrn, gid=person_gid, type="user", pointer=person['person_id'])
person_record['authority'] = get_authority(person_record['hrn'])
if not existing_records:
table.insert(person_record)
else:
- trace("Import: %s exists, updating " % hrn, self.logger)
+ self.logger.info("Import: %s exists, updating " % hrn)
existing_record = existing_records[0]
person_record['record_id'] = existing_record['record_id']
table.update(person_record)
def import_slice(self, parent_hrn, slice):
- AuthHierarchy = self.AuthHierarchy
slicename = slice['name'].split("_",1)[-1]
- slicename = cleanup_string(slicename)
+ slicename = _cleanup_string(slicename)
if not slicename:
- error("Import_Slice: failed to parse slice name " + slice['name'], self.logger)
+ self.logger.error("Import_Slice: failed to parse slice name " + slice['name'])
return
hrn = parent_hrn + "." + slicename
- trace("Import: importing slice " + hrn, self.logger)
+ self.logger.info("Import: importing slice " + hrn)
pkey = Keypair(create=True)
urn = hrn_to_urn(hrn, 'slice')
- slice_gid = AuthHierarchy.create_gid(urn, create_uuid(), pkey)
+ slice_gid = self.AuthHierarchy.create_gid(urn, create_uuid(), pkey)
slice_record = SfaRecord(hrn=hrn, gid=slice_gid, type="slice", pointer=slice['slice_id'])
slice_record['authority'] = get_authority(slice_record['hrn'])
table = SfaTable()
if not existing_records:
table.insert(slice_record)
else:
- trace("Import: %s exists, updating " % hrn, self.logger)
+ self.logger.info("Import: %s exists, updating " % hrn)
existing_record = existing_records[0]
slice_record['record_id'] = existing_record['record_id']
table.update(slice_record)
def import_node(self, parent_hrn, node):
- AuthHierarchy = self.AuthHierarchy
nodename = node['hostname'].split(".")[0]
- nodename = cleanup_string(nodename)
+ nodename = _cleanup_string(nodename)
if not nodename:
- error("Import_node: failed to parse node name " + node['hostname'], self.logger)
+ self.logger.error("Import_node: failed to parse node name " + node['hostname'])
return
hrn = parent_hrn + "." + nodename
- trace("Import: importing node " + hrn, self.logger)
+ self.logger.info("Import: importing node " + hrn)
# ASN.1 will have problems with hrn's longer than 64 characters
if len(hrn) > 64:
hrn = hrn[:64]
node_record = table.find({'type': 'node', 'hrn': hrn})
pkey = Keypair(create=True)
urn = hrn_to_urn(hrn, 'node')
- node_gid = AuthHierarchy.create_gid(urn, create_uuid(), pkey)
+ node_gid = self.AuthHierarchy.create_gid(urn, create_uuid(), pkey)
node_record = SfaRecord(hrn=hrn, gid=node_gid, type="node", pointer=node['node_id'])
node_record['authority'] = get_authority(node_record['hrn'])
existing_records = table.find({'hrn': hrn, 'type': 'node', 'pointer': node['node_id']})
if not existing_records:
table.insert(node_record)
else:
- trace("Import: %s exists, updating " % hrn, self.logger)
+ self.logger.info("Import: %s exists, updating " % hrn)
existing_record = existing_records[0]
node_record['record_id'] = existing_record['record_id']
table.update(node_record)
def import_site(self, parent_hrn, site):
- AuthHierarchy = self.AuthHierarchy
shell = self.shell
plc_auth = self.plc_auth
sitename = site['login_base']
- sitename = cleanup_string(sitename)
+ sitename = _cleanup_string(sitename)
print 'importing site %s' % sitename
hrn = parent_hrn + "." + sitename
# Hardcode 'internet2' into the hrn for sites hosting
hrn = ".".join([parent_hrn, "internet2", sitename])
urn = hrn_to_urn(hrn, 'authority')
- trace("Import: importing site " + hrn, self.logger)
+ self.logger.info("Import: importing site " + hrn)
# create the authority
- if not AuthHierarchy.auth_exists(urn):
- AuthHierarchy.create_auth(urn)
+ if not self.AuthHierarchy.auth_exists(urn):
+ self.AuthHierarchy.create_auth(urn)
- auth_info = AuthHierarchy.get_auth_info(urn)
+ auth_info = self.AuthHierarchy.get_auth_info(urn)
table = SfaTable()
auth_record = SfaRecord(hrn=hrn, gid=auth_info.get_gid_object(), type="authority", pointer=site['site_id'])
if not existing_records:
table.insert(auth_record)
else:
- trace("Import: %s exists, updating " % hrn, self.logger)
+ self.logger.info("Import: %s exists, updating " % hrn)
existing_record = existing_records[0]
auth_record['record_id'] = existing_record['record_id']
table.update(auth_record)
table = SfaTable()
record_list = table.find({'type': type, 'hrn': hrn})
for record in record_list:
- trace("Import: Removing record %s %s" % (type, hrn), self.logger)
+ self.logger.info("Import: Removing record %s %s" % (type, hrn))
table.remove(record)
from sfa.util.record import SfaRecord
from sfa.util.policy import Policy
from sfa.util.prefixTree import prefixTree
-from sfa.util.debug import log
MAXINT = 2L**31-1
from sfa.util.faults import *
from sfa.util.storage import *
from sfa.util.policy import Policy
-from sfa.util.debug import log
from sfa.server.aggregate import Aggregates
from sfa.server.registry import Registries
from sfa.util.faults import *
import sfa.util.xmlrpcprotocol as xmlrpcprotocol
import sfa.util.soapprotocol as soapprotocol
-
# GeniLight client support is optional
try:
from egeni.geniLight_client import *
except:
message = "interface: %s\tunable to install trusted gid for %s" % \
(self.api.interface, new_hrn)
- self.api.logger.info(message)
- traceback.print_exc()
+ self.api.logger.log_exc(message)
# reload the trusted certs list
self.api.auth.load_trusted_certs()
defined in the config file (registries.xml). Removes old records from
the db.
"""
- # import SfaTable here so this module can be loaded by CompoenetAPI
+ # import SfaTable here so this module can be loaded by ComponentAPI
from sfa.util.table import SfaTable
if not gids:
return
from mod_python import apache
from sfa.plc.api import SfaAPI
-from sfa.util.debug import log
+from sfa.util.sfalogging import sfa_logger
api = SfaAPI(interface='aggregate')
-class unbuffered:
- """\r
- Write to /var/log/httpd/error_log. See\r
-\r
- http://www.modpython.org/FAQ/faqw.py?req=edit&file=faq02.003.htp\r
- """\r
-\r
- def write(self, data):\r
- sys.stderr.write(data)\r
- sys.stderr.flush()\r
-\r
-#log = unbuffered()
-
def handler(req):
try:
if req.method != "POST":
except Exception, err:
# Log error in /var/log/httpd/(ssl_)?error_log
- print >> log, err, traceback.format_exc()
+ sfa_logger.log_exc('%r'%err)
return apache.HTTP_INTERNAL_SERVER_ERROR
import traceback
import xmlrpclib
from mod_python import apache
-from sfa.util.debug import log
+
from sfa.plc.api import SfaAPI
+from sfa.util.sfalogging import sfa_logger
api = SfaAPI(interface='registry')
-class unbuffered:
- """\r
- Write to /var/log/httpd/error_log. See\r
-\r
- http://www.modpython.org/FAQ/faqw.py?req=edit&file=faq02.003.htp\r
- """\r
-\r
- def write(self, data):\r
- sys.stderr.write(data)\r
- sys.stderr.flush()\r
-\r
-#log = unbuffered()
-
def handler(req):
try:
if req.method != "POST":
except Exception, err:
# Log error in /var/log/httpd/(ssl_)?error_log
- print >> log, err, traceback.format_exc()
+ sfa_logger.log_exc('%r'%err)
return apache.HTTP_INTERNAL_SERVER_ERROR
from mod_python import apache
from sfa.plc.api import SfaAPI
-from sfa.util.debug import log
+from sfa.util.sfalogging import sfa_logger
api = SfaAPI(interface='slicemgr')
-class unbuffered:
- """\r
- Write to /var/log/httpd/error_log. See\r
-\r
- http://www.modpython.org/FAQ/faqw.py?req=edit&file=faq02.003.htp\r
- """\r
-\r
- def write(self, data):\r
- sys.stderr.write(data)\r
- sys.stderr.flush()\r
-\r
-#log = unbuffered()
-
def handler(req):
try:
if req.method != "POST":
except Exception, err:
# Log error in /var/log/httpd/(ssl_)?error_log
- print >> log, err, traceback.format_exc()
+ sfa_logger.log_exc('%r'%err)
return apache.HTTP_INTERNAL_SERVER_ERROR
from ApiExceptionCodes import *
-VerboseExceptions = False
-
-def EnableVerboseExceptions(x=True):
- global VerboseExceptions
- VerboseExceptions = x
-
class ExceptionUnmarshaller(xmlrpclib.Unmarshaller):
def close(self):
- try:\r
- return xmlrpclib.Unmarshaller.close(self)\r
- except xmlrpclib.Fault, e:\r
- # if the server tagged some traceback info onto the end of the\r
- # exception text, then print it out on the client.\r
-\r
- if "\nFAULT_TRACEBACK:" in e.faultString:\r
- parts = e.faultString.split("\nFAULT_TRACEBACK:")\r
- e.faultString = parts[0]\r
- if VerboseExceptions:\r
- print "\n|Server Traceback:", "\n|".join(parts[1].split("\n"))\r
-\r
- raise e\r
-\r
+ try:
+ return xmlrpclib.Unmarshaller.close(self)
+ except xmlrpclib.Fault, e:
+ # if the server tagged some traceback info onto the end of the
+ # exception text, then print it out on the client.
+
+ if "\nFAULT_TRACEBACK:" in e.faultString:
+ parts = e.faultString.split("\nFAULT_TRACEBACK:")
+ e.faultString = parts[0]
+ if BaseClient.VerboseExceptions:
+ print "\n|Server Traceback:", "\n|".join(parts[1].split("\n"))
+
+ raise e
+
class ExceptionReportingTransport(xmlrpclib.Transport):
def make_connection(self, host):
- import httplib\r
- if host.startswith("https:"):\r
- return httplib.HTTPS(host)\r
- else:\r
- return httplib.HTTP(host)\r
-\r
- def getparser(self):\r
- unmarshaller = ExceptionUnmarshaller()\r
- parser = xmlrpclib.ExpatParser(unmarshaller)\r
+ import httplib
+ if host.startswith("https:"):
+ return httplib.HTTPS(host)
+ else:
+ return httplib.HTTP(host)
+
+ def getparser(self):
+ unmarshaller = ExceptionUnmarshaller()
+ parser = xmlrpclib.ExpatParser(unmarshaller)
return parser, unmarshaller
class BaseClient():
+
+ VerboseExceptions = False
+
def __init__(self, url):
self.url = url
self.server = xmlrpclib.ServerProxy(self.url, ExceptionReportingTransport())
def noop(self, value):
return self.server.noop(value)
+
+ @staticmethod
+ def EnableVerboseExceptions(x=True):
+ BaseClient.VerboseExceptions = x
+
import xmlrpclib
from mod_python import apache
+from sfa.util.logging import sfa_logger
from API import RemoteApi
api = RemoteApi()
-class unbuffered:
- """\r
- Write to /var/log/httpd/error_log. See\r
-\r
- http://www.modpython.org/FAQ/faqw.py?req=edit&file=faq02.003.htp\r
- """\r
-\r
- def write(self, data):\r
- sys.stderr.write(data)\r
- sys.stderr.flush()\r
-\r
-#log = unbuffered()
-
def handler(req):
try:
if req.method != "POST":
except Exception, err:
# Log error in /var/log/httpd/(ssl_)?error_log
- print >> log, err, traceback.format_exc()
+ sfa_logger.log_exc("%r"%e)
return apache.HTTP_INTERNAL_SERVER_ERROR
import sys
import traceback
-from BaseClient import BaseClient, EnableVerboseExceptions
+from BaseClient import BaseClient
from AuthenticatedClient import AuthenticatedClient
-EnableVerboseExceptions(True)
+BaseClient.EnableVerboseExceptions(True)
HOST = "localhost"
URL = "http://" + HOST + "/TESTAPI/"
from sfa.util.config import Config
from sfa.trust.certificate import Keypair
from sfa.trust.hierarchy import Hierarchy
-from sfa.util.report import trace, error
from sfa.server.registry import Registries
import sfa.util.xmlrpcprotocol as xmlrpcprotocol
import socket
#!/usr/bin/python
#
-### $Id$
-### $URL$
-#
# SFA PLC Wrapper
#
# This wrapper implements the SFA Registry and Slice Interfaces on PLC.
##
# TCP ports for the three servers
-registry_port=12345
-aggregate_port=12346
-slicemgr_port=12347
+#registry_port=12345
+#aggregate_port=12346
+#slicemgr_port=12347
+### xxx todo not in the config yet
component_port=12346
import os, os.path
import sys
from optparse import OptionParser
+import logging
+
+from sfa.util.sfalogging import sfa_logger
from sfa.trust.trustedroot import TrustedRootList
from sfa.trust.certificate import Keypair, Certificate
from sfa.trust.hierarchy import Hierarchy
from sfa.util.config import Config
-from sfa.util.report import trace
from sfa.plc.api import SfaAPI
from sfa.server.registry import Registries
from sfa.server.aggregate import Aggregates
devnull = os.open(os.devnull, os.O_RDWR)
os.dup2(devnull, 0)
# xxx fixme - this is just to make sure that nothing gets stupidly lost - should use devnull
- crashlog = os.open('/var/log/sfa.daemon', os.O_RDWR | os.O_APPEND | os.O_CREAT, 0644)
+ crashlog = os.open('/var/log/httpd/sfa_access_log', os.O_RDWR | os.O_APPEND | os.O_CREAT, 0644)
os.dup2(crashlog, 1)
os.dup2(crashlog, 2)
if not os.path.exists(key_file):
# if it doesnt exist then this is probably a fresh interface
# with no records. Generate a random keypair for now
- trace("server's public key not found in %s" % key_file)
- trace("generating a random server key pair")
+ sfa_logger.debug("server's public key not found in %s" % key_file)
+ sfa_logger.debug("generating a random server key pair")
key = Keypair(create=True)
key.save_to_file(server_key_file)
cert = Certificate(subject=subject)
aggregates.sync_interfaces()
def main():
- # xxx get rid of globals - name consistently CamelCase or under_score
- global AuthHierarchy
- global TrustedRoots
- global registry_port
- global aggregate_port
- global slicemgr_port
-
# Generate command line parser
parser = OptionParser(usage="sfa-server [options]")
parser.add_option("-r", "--registry", dest="registry", action="store_true",
parser.add_option("-d", "--daemon", dest="daemon", action="store_true",
help="Run as daemon.", default=False)
(options, args) = parser.parse_args()
-
+ if options.verbose: sfa_logger.setLevel(logging.DEBUG)
config = Config()
+ if config.SFA_API_DEBUG: sfa_logger.setLevel(logging.DEBUG)
hierarchy = Hierarchy()
server_key_file = os.path.join(hierarchy.basedir, "server.key")
server_cert_file = os.path.join(hierarchy.basedir, "server.cert")
# start registry server
if (options.registry):
from sfa.server.registry import Registry
- r = Registry("", registry_port, server_key_file, server_cert_file)
+ r = Registry("", config.SFA_REGISTRY_PORT, server_key_file, server_cert_file)
r.start()
# start aggregate manager
if (options.am):
from sfa.server.aggregate import Aggregate
- a = Aggregate("", aggregate_port, server_key_file, server_cert_file)
+ a = Aggregate("", config.SFA_AGGREGATE_PORT, server_key_file, server_cert_file)
a.start()
# start slice manager
if (options.sm):
from sfa.server.slicemgr import SliceMgr
- s = SliceMgr("", slicemgr_port, server_key_file, server_cert_file)
+ s = SliceMgr("", config.SFA_SM_PORT, server_key_file, server_cert_file)
s.start()
if (options.cm):
from sfa.server.component import Component
- c = Component("", component_port, server_key_file, server_cert_file)
+ c = Component("", config.component_port, server_key_file, server_cert_file)
+# c = Component("", config.SFA_COMPONENT_PORT, server_key_file, server_cert_file)
c.start()
if __name__ == "__main__":
- main()
+ try:
+ main()
+ except:
+ sfa_logger.log_exc_critical("SFA server is exiting")
registry = get_server(url=registry, keyfile=keyfile, certfile=certfile)
cert = Certificate(filename=certfile)
cert_str = cert.save_to_string(save_parents=True)
- cred = registry.GetSelfCredential(cert_str, hrn, 'node')
+ cred = registry.GetSelfCredential(cert_str, 'node', hrn)
Credential(string=cred).save_to_file(credfile, save_parents=True)
return cred
--- /dev/null
+tags:
+ etags *.py
#
-#import sfa.util.sfalogging
from sfa.trust.certificate import Keypair, Certificate
from sfa.trust.credential import Credential
from sfa.trust.trustedroot import TrustedRootList
verify_cancreate_credential()
"""
- rl = RightList()
+ rl = Rights()
type = record['type']
import M2Crypto
from M2Crypto import X509
-import sfa.util.sfalogging
+from sfa.util.sfalogging import sfa_logger
from sfa.util.namespace import urn_to_hrn
from sfa.util.faults import *
try:
k.load_pubkey_from_file(ssl_fn)
except:
- traceback.print_exc()
+ sfa_logger.log_exc("convert_public_key caught exception")
k = None
# remove the temporary files
# if this cert is signed by a trusted_cert, then we are set
for trusted_cert in trusted_certs:
if self.is_signed_by_cert(trusted_cert):
- sfa.util.sfalogging.logger.debug("Cert %s signed by trusted cert %s", self.get_subject(), trusted_cert.get_subject())
+ sfa_logger.debug("Cert %s signed by trusted cert %s", self.get_subject(), trusted_cert.get_subject())
# verify expiration of trusted_cert ?
if not trusted_cert.cert.has_expired():
return trusted_cert
else:
- sfa.util.sfalogging.logger.debug("Trusted cert %s is expired", trusted_cert.get_subject())
+ sfa_logger.debug("Trusted cert %s is expired", trusted_cert.get_subject())
# if there is no parent, then no way to verify the chain
if not self.parent:
- #print self.get_subject(), "has no parent"
+ sfa_logger.debug("%r has no parent"%self.get_subject())
raise CertMissingParent(self.get_subject())
# if it wasn't signed by the parent...
if not self.is_signed_by_cert(self.parent):
- #print self.get_subject(), "is not signed by parent"
+ sfa_logger.debug("%r is not signed by parent"%self.get_subject())
return CertNotSignedByParent(self.get_subject())
# if the parent isn't verified...
from xml.dom.minidom import Document, parseString
from dateutil.parser import parse
-import sfa.util.sfalogging
+from sfa.util.faults import *
+from sfa.util.sfalogging import sfa_logger
from sfa.trust.certificate import Keypair
from sfa.trust.credential_legacy import CredentialLegacy
-from sfa.trust.rights import *
-from sfa.trust.gid import *
-from sfa.util.faults import *
-
-
-
+from sfa.trust.rights import Right, Rights
+from sfa.trust.gid import GID
# Two years, in seconds
DEFAULT_CREDENTIAL_LIFETIME = 60 * 60 * 24 * 365 * 2
##
# set the privileges
#
- # @param privs either a comma-separated list of privileges of a RightList object
+ # @param privs either a comma-separated list of privileges of a Rights object
def set_privileges(self, privs):
if isinstance(privs, str):
- self.privileges = RightList(string = privs)
+ self.privileges = Rights(string = privs)
else:
self.privileges = privs
##
- # return the privileges as a RightList object
+ # return the privileges as a Rights object
def get_privileges(self):
if not self.privileges:
# Process privileges
privs = cred.getElementsByTagName("privileges")[0]
- rlist = RightList()
+ rlist = Rights()
for priv in privs.getElementsByTagName("privilege"):
kind = getTextNode(priv, "name")
deleg = str2bool(getTextNode(priv, "can_delegate"))
trusted_cert_objects.append(GID(filename=f))
ok_trusted_certs.append(f)
except Exception, exc:
- sfa.util.sfalogging.logger.error("Failed to load trusted cert from %s: %r", f, exc)
+ sfa_logger.error("Failed to load trusted cert from %s: %r", f, exc)
trusted_certs = ok_trusted_certs
# Use legacy verification if this is a legacy credential
# Maybe should be (hrn, type) = urn_to_hrn(root_cred_signer.get_urn())
root_cred_signer_type = root_cred_signer.get_type()
if (root_cred_signer_type == 'authority'):
- #sfa.util.sfalogging.logger.debug('Cred signer is an authority')
+ #sfa_logger.debug('Cred signer is an authority')
# signer is an authority, see if target is in authority's domain
hrn = root_cred_signer.get_hrn()
if root_target_gid.get_hrn().startswith(hrn):
import xmlrpclib
-from sfa.trust.certificate import Certificate
-from sfa.trust.rights import *
-from sfa.trust.gid import *
from sfa.util.faults import *
+from sfa.trust.certificate import Certificate
+from sfa.trust.rights import Right,Rights
+from sfa.trust.gid import GID
##
# Credential is a tuple:
##
# set the privileges
#
- # @param privs either a comma-separated list of privileges of a RightList object
+ # @param privs either a comma-separated list of privileges of a Rights object
def set_privileges(self, privs):
if isinstance(privs, str):
- self.privileges = RightList(string = privs)
+ self.privileges = Rights(string = privs)
else:
self.privileges = privs
##
- # return the privileges as a RightList object
+ # return the privileges as a Rights object
def get_privileges(self):
if not self.privileges:
privStr = dict.get("privileges", None)
if privStr:
- self.privileges = RightList(string = privStr)
+ self.privileges = Rights(string = privStr)
else:
self.privileges = None
import xmlrpclib
import uuid
-import sfa.util.sfalogging
+from sfa.util.sfalogging import sfa_logger
from sfa.trust.certificate import Certificate
from sfa.util.namespace import *
Certificate.__init__(self, create, subject, string, filename)
if subject:
- sfa.util.sfalogging.logger.debug("Creating GID for subject: %s" % subject)
+ sfa_logger.debug("Creating GID for subject: %s" % subject)
if uuid:
self.uuid = int(uuid)
if hrn:
if self.parent:
# make sure the parent's hrn is a prefix of the child's hrn
if not self.get_hrn().startswith(self.parent.get_hrn()):
- #print self.get_hrn(), " ", self.parent.get_hrn()
- raise GidParentHrn("This cert %s HRN doesnt start with parent HRN %s" % (self.get_hrn(), self.parent.get_hrn()))
+ raise GidParentHrn("This cert HRN %s doesnt start with parent HRN %s" % (self.get_hrn(), self.parent.get_hrn()))
else:
# make sure that the trusted root's hrn is a prefix of the child's
trusted_gid = GID(string=trusted_root.save_to_string())
import os
-from sfa.util.report import *
+from sfa.util.sfalogging import sfa_logger
from sfa.trust.certificate import Keypair
from sfa.trust.credential import *
from sfa.trust.gid import GID, create_uuid
def create_auth(self, xrn, create_parents=False):
hrn, type = urn_to_hrn(xrn)
- trace("Hierarchy: creating authority: " + hrn)
+ sfa_logger.debug("Hierarchy: creating authority: " + hrn)
# create the parent authority if necessary
parent_hrn = get_authority(hrn)
pass
if os.path.exists(privkey_filename):
- print "using existing key", privkey_filename, "for authority", hrn
+ sfa_logger.debug("using existing key %r for authority %r"%(privkey_filename,hrn))
pkey = Keypair(filename = privkey_filename)
else:
pkey = Keypair(create = True)
# @param xrn the human readable name of the authority to create (urn will be converted to hrn).
def get_auth_info(self, xrn):
-
- #trace("Hierarchy: getting authority: " + hrn)
hrn, type = urn_to_hrn(xrn)
+ sfa_logger.debug("Hierarchy: xrn=%s, getting authority for hrn=%s"%(xrn,hrn))
if not self.auth_exists(hrn):
raise MissingAuthority(hrn)
#
# Right - represents a single right
#
-# RightList - represents a list of rights
+# Rights - represents a list of rights
#
# A right may allow several different operations. For example, the "info" right
# allows "listslices", "listcomponentresources", etc.
"sa": ["getticket", "redeemslice", "redeemticket", "createslice", "createsliver", "deleteslice", "deletesliver", "updateslice",
"getsliceresources", "getticket", "loanresources", "stopslice", "startslice", "renewsliver",
"deleteslice", "deletesliver", "resetslice", "listslices", "listnodes", "getpolicy", "sliverstatus"],
- "embed": ["getticket", "redeemslice", "redeemticket", "createslice", "createsliver", "renewsliver", "deleteslice", "deletesliver", "updateslice", "sliverstatus", "getsliceresources", "shutdown"],
+ "embed": ["getticket", "redeemslice", "redeemticket", "createslice", "createsliver", "renewsliver", "deleteslice",
+ "deletesliver", "updateslice", "sliverstatus", "getsliceresources", "shutdown"],
"bind": ["getticket", "loanresources", "redeemticket"],
- "control": ["updateslice", "createslice", "createsliver", "renewsliver", "sliverstatus", "stopslice", "startslice", "deleteslice", "deletesliver", "resetslice", "getsliceresources", "getgids"],
+ "control": ["updateslice", "createslice", "createsliver", "renewsliver", "sliverstatus", "stopslice", "startslice",
+ "deleteslice", "deletesliver", "resetslice", "getsliceresources", "getgids"],
"info": ["listslices", "listnodes", "getpolicy"],
"ma": ["setbootstate", "getbootstate", "reboot", "getgids", "gettrustedcerts"],
"operator": ["gettrustedcerts", "getgids"],
##
-# Determine tje rights that an object should have. The rights are entirely
+# Determine the rights that an object should have. The rights are entirely
# dependent on the type of the object. For example, users automatically
# get "refresh", "resolve", and "info".
#
# @param type the type of the object (user | sa | ma | slice | node)
# @param name human readable name of the object (not used at this time)
#
-# @return RightList object containing rights
+# @return Rights object containing rights
def determine_rights(type, name):
- rl = RightList()
+ rl = Rights()
# rights seem to be somewhat redundant with the type of the credential.
# For example, a "sa" credential implies the authority right, because
return True
##
-# A RightList object represents a list of privileges.
+# A Rights object represents a list of privileges.
-class RightList:
+class Rights:
##
# Create a new rightlist object, containing no rights.
#
# @param type the type of the object (user | sa | ma | slice | node)
# @param name human readable name of the object (not used at this time)
#
- # @return RightList object containing rights
+ # @return Rights object containing rights
def determine_rights(self, type, name):
- rl = RightList()
+ rl = Rights()
# rights seem to be somewhat redundant with the type of the credential.
# For example, a "sa" credential implies the authority right, because
from pprint import pformat
from sfa.util.faults import *
-from sfa.util.debug import *
+from sfa.util.sfalogging import sfa_logger
if not psycopg2:
is8bit = re.compile("[\x80-\xff]").search
if not params:
if self.debug:
- print >> log,'execute0',query
+ sfa_logger.debug('execute0 %r'%query)
cursor.execute(query)
elif isinstance(params,dict):
if self.debug:
- print >> log,'execute-dict: params',params,'query',query%params
+ sfa_logger.debug('execute-dict: params=[%r] query=[%r]'%(params,query%params))
cursor.execute(query,params)
elif isinstance(params,tuple) and len(params)==1:
if self.debug:
- print >> log,'execute-tuple',query%params[0]
+ sfa_logger.debug('execute-tuple %r'%(query%params[0]))
cursor.execute(query,params[0])
else:
param_seq=(params,)
if self.debug:
for params in param_seq:
- print >> log,'executemany',query%params
+ sfa_logger.debug('executemany %r'%(query%params))
cursor.executemany(query, param_seq)
(self.rowcount, self.description, self.lastrowid) = \
(cursor.rowcount, cursor.description, cursor.lastrowid)
except:
pass
uuid = commands.getoutput("uuidgen")
- print >> log, "Database error %s:" % uuid
- print >> log, e
- print >> log, "Query:"
- print >> log, query
- print >> log, "Params:"
- print >> log, pformat(params)
+ sfa_logger.error("Database error %s:" % uuid)
+ sfa_logger.error("Exception=%r"%e)
+ sfa_logger.error("Query=%r"%query)
+ sfa_logger.error("Params=%r"%pformat(params))
+ sfa_logger.log_exc("PostgreSQL.execute caught exception")
raise SfaDBError("Please contact support: %s" % str(e))
return cursor
import string
import xmlrpclib
-import sfa.util.sfalogging
+from sfa.util.sfalogging import sfa_logger
from sfa.trust.auth import Auth
from sfa.util.config import *
from sfa.util.faults import *
-from sfa.util.debug import *
from sfa.trust.credential import *
from sfa.trust.certificate import *
from sfa.util.namespace import *
self.credential = None
self.source = None
self.time_format = "%Y-%m-%d %H:%M:%S"
- self.logger=sfa.util.sfalogging.logger
+ self.logger=sfa_logger
# load registries
from sfa.server.registry import Registries
except SfaFault, fault:
result = fault
except Exception, fault:
- traceback.print_exc(file = log)
+ sfa_logger.log_exc("BaseAPI.handle has caught Exception")
result = SfaAPIError(fault)
+++ /dev/null
-##
-# This module implements the client-side of the SFA API. Stubs are provided
-# that convert the supplied parameters to the necessary format and send them
-# via XMLRPC to an SFA Server.
-#
-# TODO: Investigate ways to combine this with existing PLC API?
-##
-
-### $Id$
-### $URL$
-
-from sfa.trust.certificate import *
-from sfa.trust.gid import *
-from sfa.trust.credential import *
-from sfa.util.record import *
-from sfa.util.sfaticket import SfaTicket
-
-##
-# The GeniClient class provides stubs for executing SFA operations. A given
-# client object connects to one server. To connect to multiple servers, create
-# multiple GeniClient objects.
-#
-# The SFA protocol uses an HTTPS connection, and the client's side of the
-# connection uses his private key. Generally, this private key must match the
-# public key that is containing in the GID that the client is providing for
-# those functions that take a GID.
-
-class GeniClient:
- ##
- # Create a new GeniClient object.
- #
- # @param url is the url of the server
- # @param key_file = private key file of client
- # @param cert_file = x.509 cert containing the client's public key. This
- # could be a GID certificate, or any x.509 cert.
- # @param protocol The ORPC protocol to use. Can be "soap" or "xmlrpc"
-
- def __init__(self, url, key_file, cert_file, protocol="xmlrpc"):
- self.url = url
- self.key_file = key_file
- self.cert_file = cert_file
- self.key = Keypair(filename = self.key_file)
-
-
- if (protocol=="xmlrpc"):
- import xmlrpcprotocol
- self.server = xmlrpcprotocol.get_server(self.url, self.key_file, self.cert_file)
- elif (protocol=="soap"):
- import soapprotocol
- self.server = soapprotocol.get_server(self.url, self.key_file, self.cert_file)
- else:
- raise Exception("Attempted use of undefined protocol %s"%protocol)
-
-
- # -------------------------------------------------------------------------
- # Registry Interface
- # -------------------------------------------------------------------------
-
- ##
- # Create a new GID. For MAs and SAs that are physically located on the
- # registry, this allows a owner/operator/PI to create a new GID and have it
- # signed by his respective authority.
- #
- # @param cred credential of caller
- # @param name hrn for new GID
- # @param uuid unique identifier for new GID
- # @param pkey_string public-key string (TODO: why is this a string and not a keypair object?)
- #
- # @return a GID object
-
- def create_gid(self, cred, name, uuid, pkey_string):
- gid_str = self.server.create_gid(cred.save_to_string(save_parents=True), name, uuid, pkey_string)
- return GID(string=gid_str)
-
- ##
- # Retrieve the GID for an object. This function looks up a record in the
- # registry and returns the GID of the record if it exists.
- # TODO: Is this function needed? It's a shortcut for Resolve()
- #
- # @param name hrn to look up
- #
- # @return a GID object
-
- #def get_gid(self, name):
- # gid_str_list = self.server.get_gid(name)
- # gid_list = []
- # for str in gid_str_list:
- # gid_list.append(GID(string=str))
- # return gid_list
-
-
- def get_gid(self, cert, hrn, type, request_hash):
- cert_string = cert.save_to_string(save_parents=True)
- gid_str = self.server.get_gid(cert_string, hrn, type, request_hash)
- return GID(string=gid_str)
- ##
- # Get_self_credential a degenerate version of get_credential used by a
- # client to get his initial credential when he doesn't have one. This is
- # the same as get_credential(..., cred=None,...).
- #
- # The registry ensures that the client is the principal that is named by
- # (type, name) by comparing the public key in the record's GID to the
- # private key used to encrypt the client-side of the HTTPS connection. Thus
- # it is impossible for one principal to retrieve another principal's
- # credential without having the appropriate private key.
- #
- # @param type type of object (user | slice | sa | ma | node
- # @param name human readable name of object
- #
- # @return a credential object
-
- def get_self_credential(self, type, name):
- cred_str = self.server.get_self_credential(type, name)
- return Credential(string = cred_str)
-
- ##
- # Retrieve a credential for an object.
- #
- # If cred==None, then the behavior reverts to get_self_credential()
- #
- # @param cred credential object specifying rights of the caller
- # @param type type of object (user | slice | sa | ma | node)
- # @param name human readable name of object
- #
- # @return a credental object
-
- def get_credential(self, cred, type, name):
- if cred:
- cred = cred.save_to_string(save_parents=True)
- cred_str = self.server.get_credential(cred, type, name)
- return Credential(string = cred_str)
-
- ##
- # List the records in an authority. The objectGID in the supplied credential
- # should name the authority that will be listed.
- #
- # @param cred credential object specifying rights of the caller
- #
- # @return list of record objects
-
- def list(self, cred, auth_hrn, caller_cred=None):
- result_dict_list = self.server.list(cred.save_to_string(save_parents=True), auth_hrn, caller_cred)
- result_rec_list = []
- for dict in result_dict_list:
- result_rec_list.append(SfaRecord(dict=dict))
- return result_rec_list
-
- ##
- # Register an object with the registry. In addition to being stored in the
- # SFA database, the appropriate records will also be created in the
- # PLC databases.
- #
- #
- #
- # @param cred credential object specifying rights of the caller
- # @param record to register
- #
- # @return GID object for the newly-registered record
-
- def register(self, cred, record, caller_cred=None):
- gid_str = self.server.register(cred.save_to_string(save_parents=True), record.as_dict(), caller_cred)
- return GID(string = gid_str)
-
-
- ##
- # Register a peer object with the registry.
- #
- #
- # @param cred credential object specifying rights of the caller
- # @param record to register
- #
- # @return GID object for the newly-registered record
-
- def register_peer_object(self, cred, record, caller_cred=None):
- return self.server.register_peer_object(cred.save_to_string(save_parents=True), record, caller_cred)
-
- ##
- # Remove an object from the registry. If the object represents a PLC object,
- # then the PLC records will also be removed.
- #
- # @param cred credential object specifying rights of the caller
- # @param type
- # @param hrn
-
- def remove(self, cred, type, hrn, caller_cred=None):
- return self.server.remove(cred.save_to_string(save_parents=True), type, hrn, caller_cred)
-
- ##
- # Remove a peer object from the registry. If the object represents a PLC object,
- # then the PLC records will also be removed.
- #
- # @param cred credential object specifying rights of the caller
- # @param type
- # @param hrn
-
- def remove_peer_object(self, cred, record, caller_cred=None):
- result = self.server.remove_peer_object(cred.save_to_string(save_parents=True), record, caller_cred)
- return result
-
- ##
- # Resolve an object in the registry. A given HRN may have multiple records
- # associated with it, and therefore multiple records may be returned. The
- # caller should check the type fields of the records to find the one that
- # he is interested in.
- #
- # @param cred credential object specifying rights of the caller
- # @param name human readable name of object
-
- def resolve(self, cred, name, caller_cred=None):
- result_dict_list = self.server.resolve(cred.save_to_string(save_parents=True), name, caller_cred)
- result_rec_list = []
- for dict in result_dict_list:
- if dict['type'] in ['authority']:
- result_rec_list.append(AuthorityRecord(dict=dict))
- elif dict['type'] in ['node']:
- result_rec_list.append(NodeRecord(dict=dict))
- elif dict['type'] in ['slice']:
- result_rec_list.append(SliceRecord(dict=dict))
- elif dict['type'] in ['user']:
- result_rec_list.append(UserRecord(dict=dict))
- else:
- result_rec_list.append(SfaRecord(dict=dict))
- return result_rec_list
-
- ##
- # Update an object in the registry. Currently, this only updates the
- # PLC information associated with the record. The SFA fields (name, type,
- # GID) are fixed.
- #
- #
- #
- # @param cred credential object specifying rights of the caller
- # @param record a record object to be updated
-
- def update(self, cred, record, caller_cred=None):
- result = self.server.update(cred.save_to_string(save_parents=True), record.as_dict(), caller_cred)
- return result
-
-
- #-------------------------------------------------------------------------
- # Aggregate Interface
- #-------------------------------------------------------------------------
-
- ## list resources
- #
- # @param cred a credential
- # @param hrn slice hrn
-
- def get_resources(self, cred, hrn=None, caller_cred=None):
- result = self.server.get_resources(cred.save_to_string(save_parents=True), hrn, caller_cred)
- return result
-
- def get_aggregates(self, cred, hrn=None):
- result = self.server.get_aggregates(cred.save_to_string(save_parents=True), hrn)
- return result
-
- def get_registries(self, cred, hrn=None):
- result = self.server.get_registries(cred.save_to_string(save_parents=True), hrn)
- return result
-
- ## get policy
- #
- # @param cred a credential
-
- def get_policy(self, cred):
- result = self.server.get_policy(cred.save_to_string(save_parents=True))
- return result
-
- ## create slice
- #
- # @param cred a credential
- # @param rspec resource specification defining how to instantiate the slice
-
- def create_slice(self, cred, hrn, rspec, caller_cred=None):
- result = self.server.create_slice(cred.save_to_string(save_parents=True), hrn, rspec, caller_cred)
- return result
-
-
- ## delete slice
- #
- # @param cred a credential
- # @param hrn slice to delete
- def delete_slice(self, cred, hrn, caller_cred=None):
- result = self.server.delete_slice(cred.save_to_string(save_parents=True), hrn, caller_cred)
- return result
-
- # ------------------------------------------------------------------------
- # Slice Interface
- # ------------------------------------------------------------------------
-
- ##
- # Start a slice.
- #
- # @param cred a credential identifying the caller (callerGID) and the slice
- # (objectGID)
-
- def start_slice(self, cred, hrn):
- result = self.server.start_slice(cred.save_to_string(save_parents=True), hrn)
- return result
-
- ##
- # Stop a slice.
- #
- # @param cred a credential identifying the caller (callerGID) and the slice
- # (objectGID)
-
- def stop_slice(self, cred, hrn):
- result = self.server.stop_slice(cred.save_to_string(save_parents=True), hrn)
- return result
-
- ##
- # Reset a slice.
- #
- # @param cred a credential identifying the caller (callerGID) and the slice
- # (objectGID)
-
- def reset_slice(self, cred, hrn):
- result = self.server.reset_slice(cred.save_to_string(save_parents=True), hrn)
- return result
-
- ##
- # Delete a slice.
- #
- # @param cred a credential identifying the caller (callerGID) and the slice
- # (objectGID)
-
- def delete_slice(self, cred, hrn, caller_cred=None):
- result = self.server.delete_slice(cred.save_to_string(save_parents=True), hrn, caller_cred)
- return result
-
- ##
- # List the slices on a component.
- #
- # @param cred credential object that authorizes the caller
- #
- # @return a list of slice names
-
- def get_slices(self, cred):
- result = self.server.get_slices(cred.save_to_string(save_parents=True))
- return result
-
- ##
- # Retrieve a ticket. This operation is currently implemented on the
- # registry (see SFA, engineering decisions), and is not implemented on
- # components.
- #
- # The ticket is filled in with information from the PLC database. This
- # information includes resources, and attributes such as user keys and
- # initscripts.
- #
- # @param cred credential object
- # @param name name of the slice to retrieve a ticket for
- # @param rspec resource specification dictionary
- #
- # @return a ticket object
-
- def get_ticket(self, cred, name, rspec):
- ticket_str = self.server.get_ticket(cred.save_to_string(save_parents=True), name, rspec)
- ticket = SfaTicket(string=ticket_str)
- return ticket
-
- ##
- # Redeem a ticket. This operation is currently implemented on the
- # component.
- #
- # The ticket is submitted to the node manager, and the slice is instantiated
- # or updated as appropriate.
- #
- # TODO: This operation should return a sliver credential and indicate
- # whether or not the component will accept only sliver credentials, or
- # will accept both sliver and slice credentials.
- #
- # @param ticket a ticket object containing the ticket
-
- def redeem_ticket(self, ticket):
- result = self.server.redeem_ticket(ticket.save_to_string(save_parents=True))
- return result
-
-
- def remove_remote_object(self, cred, hrn, record):
- result = self.server.remove_remote_object(cred.save_to_string(save_parents=True), hrn, record)
- return result
import SimpleHTTPServer
import SimpleXMLRPCServer
from OpenSSL import SSL
+
+from sfa.util.sfalogging import sfa_logger
from sfa.trust.certificate import Keypair, Certificate
from sfa.trust.credential import *
from sfa.util.faults import *
from sfa.plc.api import ComponentAPI
from sfa.util.server import verify_callback, ThreadedServer
-from sfa.util.debug import log
##
# internal error, report as HTTP server error
self.send_response(500)
self.end_headers()
- traceback.print_exc()
+ sfa_logger.log_exc("componentserver.SecureXMLRpcRequestHandler.do_POST")
else:
# got a valid XML RPC response
self.send_response(200)
import os.path
import traceback
-from sfa.util.debug import log
-
class Config:
"""
Parse the bash/Python/PHP version of the configuration file. Very
+++ /dev/null
-### $Id$
-### $URL$
-
-import time
-import sys
-import syslog
-
-class unbuffered:
- """
- Write to /var/log/httpd/error_log. See
-
- http://www.modpython.org/FAQ/faqw.py?req=edit&file=faq02.003.htp
- """
-
- def write(self, data):
- sys.stderr.write(data)
- sys.stderr.flush()
-
-log = unbuffered()
-
-def profile(callable):
- """
- Prints the runtime of the specified callable. Use as a decorator, e.g.,
-
- @profile
- def foo(...):
- ...
-
- Or, equivalently,
-
- def foo(...):
- ...
- foo = profile(foo)
-
- Or inline:
-
- result = profile(foo)(...)
- """
-
- def wrapper(*args, **kwds):
- start = time.time()
- result = callable(*args, **kwds)
- end = time.time()
- args = map(str, args)
- args += ["%s = %s" % (name, str(value)) for (name, value) in kwds.items()]
- print >> log, "%s (%s): %f s" % (callable.__name__, ", ".join(args), end - start)
- return result
-
- return wrapper
-
-if __name__ == "__main__":
- def sleep(seconds = 1):
- time.sleep(seconds)
-
- sleep = profile(sleep)
-
- sleep(1)
clip_part += " ORDER BY " + ",".join(sorts)
if clips:
clip_part += " " + " ".join(clips)
-# print 'where_part=',where_part,'clip_part',clip_part
return (where_part,clip_part)
import xmlrpclib
-import sfa.util.sfalogging
+from sfa.util.sfalogging import sfa_logger
from sfa.util.faults import *
from sfa.util.parameter import Parameter, Mixed, python_type, xmlrpc_type
from sfa.trust.auth import Auth
-#from sfa.util.debug import profile, log
# we inherit object because we use new-style classes for legacy methods
class Method (object):
runtime = time.time() - start
if self.api.config.SFA_API_DEBUG or hasattr(self, 'message'):
- msg=getattr(self,'message',"method %s completed"%methodname)
- sfa.util.sfalogging.logger.info(msg)
- # XX print to some log file
- # print >> log, "some output"
+ msg=getattr(self,'message',"method %s completed in %02f s"%(methodname,runtime))
+ sfa_logger.info(msg)
return result
# Prepend caller and method name to expected faults
fault.faultString = caller + ": " + self.name + ": " + fault.faultString
runtime = time.time() - start
-# if self.api.config.SFA_API_DEBUG:
-# traceback.print_exc()
- sfa.util.sfalogging.log_exc("Method %s raised an exception"%self.name)
+ sfa_logger.log_exc("Method %s raised an exception"%self.name)
raise fault
def hrn_to_pl_slicename(hrn):
# remove any escaped no alpah numeric characters
#hrn = re.sub('\\\[^a-zA-Z0-9]', '', hrn)
- # remove any escaped '.' (i.e. '\.')
- hrn = hrn.replace('\\.', '')
- parts = hrn.split(".")
+ # remove any escaped '.' (i.e. '\.')
+ hrn = hrn.replace('\\.', '')
+ parts = hrn.split(".")
return parts[-2] + "_" + parts[-1]
# assuming hrn is the hrn of an authority, return the plc authority name
import os
from sfa.util.storage import *
-from sfa.util.debug import log
class Policy(SimpleStorage):
from sfa.trust.gid import *
-import sfa.util.report
from sfa.util.rspec import *
from sfa.util.parameter import *
from sfa.util.namespace import *
+++ /dev/null
-def trace(x, logger=None):
- if logger:
- logger.info(x)
- else:
- print x
-
-def error(x, logger=None):
- if logger:
- logger.error(x)
- else:
- print x
from lxml import etree
from StringIO import StringIO
+from sfa.util.sfalogging import sfa_logger
class RSpec:
except Exception, e:
# logging.debug("%s: web file not found" % xsdURI)
# logging.debug("Using local file %s" % self.xsd")
- print e
- print "Can't find %s on the web. Continuing." % xsdURI
+ sfa_logger.log_exc("rspec.parseXSD: can't find %s on the web. Continuing." % xsdURI)
if not schemaDom:
if os.path.exists(xsdURI):
# logging.debug("using local copy.")
- print "Using local %s" % xsdURI
+ sfa_logger.debug("rspec.parseXSD: Using local %s" % xsdURI)
schemaDom = minidom.parse(xsdURI)
else:
- raise Exception("Can't find xsd locally")
+ raise Exception("rspec.parseXSD: can't find xsd locally")
self.schemaDict = self.toDict(schemaDom.childNodes[0])
from OpenSSL import SSL
from Queue import Queue
-#import sfa.util.sfalogging
from sfa.trust.certificate import Keypair, Certificate
from sfa.trust.credential import *
from sfa.util.faults import *
from sfa.plc.api import SfaAPI
from sfa.util.cache import Cache
-#from sfa.util.debug import log
##
# Verification callback for pyOpenSSL. We do our own checking of keys because
# we have our own authentication spec. Thus we disable several of the normal
except Exception, fault:
# This should only happen if the module is buggy
# internal error, report as HTTP server error
- traceback.print_exc()
+ sfa_error.log_exc("server.do_POST")
response = self.api.prepare_response(fault)
#self.send_response(500)
#self.end_headers()
-import logging
+#!/usr/bin/python
+
import os
import traceback
+import logging, logging.handlers
+
+# a logger that can handle tracebacks
+class _SfaLogger:
+ def __init__ (self,logfile=None,loggername=None,level=logging.INFO):
+ # default is to locate loggername from the logfile if avail.
+ if not logfile:
+ loggername='console'
+ handler=logging.StreamHandler()
+ handler.setFormatter(logging.Formatter("%(message)s"))
+ else:
+ if not loggername:
+ loggername=os.path.basename(logfile)
+ try:
+ handler=logging.handlers.RotatingFileHandler(logfile,maxBytes=1000000, backupCount=5)
+ except IOError:
+ # This is usually a permissions error becaue the file is
+ # owned by root, but httpd is trying to access it.
+ tmplogfile=os.getenv("TMPDIR", "/tmp") + os.path.sep + os.path.basename(logfile)
+ handler=logging.handlers.RotatingFileHandler(tmplogfile,maxBytes=1000000, backupCount=5)
+ handler.setFormatter(logging.Formatter("%(asctime)s - %(levelname)s - %(message)s"))
+
+ self.logger=logging.getLogger(loggername)
+ self.logger.setLevel(level)
+ self.logger.addHandler(handler)
-#SFA access log initialization
-TMPDIR = os.getenv("TMPDIR", "/tmp")
-SFA_HTTPD_ACCESS_LOGFILE = TMPDIR + "/" + 'sfa_httpd_access.log'
-SFA_ACCESS_LOGFILE='/var/log/sfa_access.log'
-logger=logging.getLogger()
-#logger.setLevel(logging.INFO)
-logger.setLevel(logging.DEBUG)
-
-try:
- logfile=logging.FileHandler(SFA_ACCESS_LOGFILE)
-except IOError:
- # This is usually a permissions error becaue the file is
- # owned by root, but httpd is trying to access it.
- logfile=logging.FileHandler(SFA_HTTPD_ACCESS_LOGFILE)
+ def setLevel(self,level):
+ self.logger.setLevel(level)
+
+ ####################
+ def wrap(fun):
+ def wrapped(self,msg,*args,**kwds):
+ native=getattr(self.logger,fun.__name__)
+ return native(msg,*args,**kwds)
+ #wrapped.__doc__=native.__doc__
+ return wrapped
+
+ @wrap
+ def critical(): pass
+ @wrap
+ def error(): pass
+ @wrap
+ def warning(): pass
+ @wrap
+ def info(): pass
+ @wrap
+ def debug(): pass
+
+ # logs an exception - use in an except statement
+ def log_exc(self,message):
+ self.error("%s BEG TRACEBACK"%message+"\n"+traceback.format_exc().strip("\n"))
+ self.error("%s END TRACEBACK"%message)
-formatter = logging.Formatter("%(asctime)s - %(levelname)s - %(message)s")
-logfile.setFormatter(formatter)
-logger.addHandler(logfile)
-def get_sfa_logger():
- return logger
-
-# logs an exception - use in an except statement
-def log_exc(message):
- logger.error("%s BEG TRACEBACK"%message+"\n"+traceback.format_exc().strip("\n"))
- logger.error("%s END TRACEBACK"%message)
+ def log_exc_critical(self,message):
+ self.critical("%s BEG TRACEBACK"%message+"\n"+traceback.format_exc().strip("\n"))
+ self.critical("%s END TRACEBACK"%message)
+ # for investigation purposes, can be placed anywhere
+ def log_stack(self,message):
+ to_log="".join(traceback.format_stack())
+ self.debug("%s BEG STACK"%message+"\n"+to_log)
+ self.debug("%s END STACK"%message)
-# for investigation purposes, can be placed anywhere
-def log_stack(message):
- to_log="".join(traceback.format_stack())
- logger.debug("%s BEG STACK"%message+"\n"+to_log)
- logger.debug("%s END STACK"%message)
+sfa_logger=_SfaLogger(logfile='/var/log/sfa.log')
+sfa_import_logger=_SfaLogger(logfile='/var/log/sfa_import.log')
+console_logger=_SfaLogger()
+
+########################################
+import time
+
+def profile(logger):
+ """
+ Prints the runtime of the specified callable. Use as a decorator, e.g.,
+
+ @profile(logger)
+ def foo(...):
+ ...
+ """
+ def logger_profile(callable):
+ def wrapper(*args, **kwds):
+ start = time.time()
+ result = callable(*args, **kwds)
+ end = time.time()
+ args = map(str, args)
+ args += ["%s = %s" % (name, str(value)) for (name, value) in kwds.items()]
+ # should probably use debug, but then debug is not always enabled
+ logger.info("PROFILED %s (%s): %.02f s" % (callable.__name__, ", ".join(args), end - start))
+ return result
+ return wrapper
+ return logger_profile
+
+
+if __name__ == '__main__':
+ print 'testing sfalogging into logger.log'
+ logger=_SfaLogger('logger.log')
+ logger.critical("logger.critical")
+ logger.error("logger.error")
+ logger.warning("logger.warning")
+ logger.info("logger.info")
+ logger.debug("logger.debug")
+ logger.setLevel(logging.DEBUG)
+ logger.debug("logger.debug again")
+ @profile(console_logger)
+ def sleep(seconds = 1):
+ time.sleep(seconds)
+
+ console_logger.info('console.info')
+ sleep(0.5)
+ console_logger.setLevel(logging.DEBUG)
+ sleep(0.25)
#
# TODO: Use existing PLC database methods? or keep this separate?
-import report
import pgdb
from sfa.util.PostgreSQL import *
from sfa.trust.gid import *
from sfa.util.record import *
-from sfa.util.debug import *
from sfa.util.config import *
from sfa.util.filter import *
import xmlrpclib
+from sfa.util.sfalogging import sfa_logger, console_logger
+
##
# ServerException, ExceptionUnmarshaller
#
parser = xmlrpclib.ExpatParser(unmarshaller)
return parser, unmarshaller
-def get_server(url, key_file, cert_file, debug=False):
+class XMLRPCServerProxy(xmlrpclib.ServerProxy):
+ def __init__(self, url, transport, allow_none=True, options=None):
+ self.options = options
+ verbose = False
+ if self.options and self.options.debug:
+ verbose = True
+ if self.options and hasattr(self.options,'client'):
+ XMLRPCServerProxy.logger=console_logger
+ else:
+ XMLRPCServerProxy.logger=sfa_logger
+ xmlrpclib.ServerProxy.__init__(self, url, transport, allow_none=allow_none, verbose=verbose)
+
+ def __getattr__(self, attr):
+ XMLRPCServerProxy.logger.debug("Calling xml-rpc method:%s"%attr)
+ return xmlrpclib.ServerProxy.__getattr__(self, attr)
+
+
+def get_server(url, key_file, cert_file, options=None):
transport = XMLRPCTransport()
transport.key_file = key_file
transport.cert_file = cert_file
- return xmlrpclib.ServerProxy(url, transport, allow_none=True, verbose=debug)
+ return XMLRPCServerProxy(url, transport, allow_none=True, options=options)
-from testRights import *
-from testCert import *
-from testGid import *
-from testCred import *
+#!/usr/bin/python
+from testNamespace import *
+# xxx broken-test
+#from testRights import *
+# xxx broken-test
+#from testCert import *
+# xxx broken-test
+#from testGid import *
+# xxx broken-test
+#from testCred import *
from testKeypair import *
from testMisc import *
-from testHierarchy import *
+# xxx broken-test
+#from testHierarchy import *
from testRecord import *
-from testTable import *
if __name__ == "__main__":
unittest.main()
--- /dev/null
+#!/usr/bin/python
+import sys
+import unittest
+
+from sfa.util.namespace import *
+
+class TestNamespace(unittest.TestCase):
+
+ hrns=[
+ ('plc.princeton.tmack','user'),
+ ('ple.inria.baris','user'),
+ ('emulab\.net.slice.jktest','slice'),
+ ]
+
+ urns=[
+ 'urn:publicid:IDN+emulab:net+slice+jktest',
+ 'urn:publicid:IDN+emulab.net+slice+jktest',
+
+ ]
+
+ def test_hrns(self):
+ for (h,t) in TestNamespace.hrns:
+ print 'testing hrn',h,t
+ urn=hrn_to_urn(h,t)
+ (h1,t1) = urn_to_hrn(urn)
+ self.assertEqual(h1,h)
+ self.assertEqual(t1,t)
+ if h1!=h or t1!=t:
+ print "hrn->urn->hrn : MISMATCH with in=(%s,%s) -- out=(%s,%s) -- urn=%s"%(h,t,h1,t1,urn)
+
+ def test_urns(self):
+ for urn in TestNamespace.urns:
+ print 'testing urn',urn
+ (h,t)=urn_to_hrn(urn)
+ urn1 = hrn_to_urn(h,t)
+ self.assertEqual(urn1,urn)
+ if urn1!=urn:
+ print "urn->hrn->urn : MISMATCH with in=(%s) -- out=(%s) -- hrn=(%s,%s)"%(urn,urn1,h,t)
import unittest
import xmlrpclib
from sfa.trust.gid import *
-from sfa.trust.config import *
+from sfa.util.config import *
from sfa.util.record import *
class TestRecord(unittest.TestCase):
self.assert_(not pright.is_superset(cright))
self.assert_(not cright.is_superset(pright))
-class TestRightList(unittest.TestCase):
+class TestRights(unittest.TestCase):
def setUp(self):
pass
def testInit(self):
# create a blank right list
- rightList = RightList()
+ rightList = Rights()
# create a right list with "embed" in it
- rightList = RightList(string="embed")
+ rightList = Rights(string="embed")
def testAsString(self):
- rightList = RightList()
+ rightList = Rights()
self.assertEqual(rightList.save_to_string(), "")
- rightList = RightList(string="embed")
+ rightList = Rights(string="embed")
self.assertEqual(rightList.save_to_string(), "embed")
- rightList = RightList(string="embed,resolve")
+ rightList = Rights(string="embed,resolve")
self.assertEqual(rightList.save_to_string(), "embed,resolve")
def testCanPerform(self):
- rightList = RightList(string="embed")
+ rightList = Rights(string="embed")
self.assert_(rightList.can_perform("getticket"))
self.assert_(not rightList.can_perform("resolve"))
- rightList = RightList(string="embed,resolve")
+ rightList = Rights(string="embed,resolve")
self.assert_(rightList.can_perform("getticket"))
self.assert_(rightList.can_perform("resolve"))
def testIsSuperset(self):
- pRightList = RightList(string="sa")
- cRightList = RightList(string="embed")
- self.assert_(pRightList.is_superset(cRightList))
- self.assert_(not cRightList.is_superset(pRightList))
-
- pRightList = RightList(string="embed")
- cRightList = RightList(string="embed")
- self.assert_(pRightList.is_superset(cRightList))
- self.assert_(cRightList.is_superset(pRightList))
-
- pRightList = RightList(string="control")
- cRightList = RightList(string="embed")
- self.assert_(not pRightList.is_superset(cRightList))
- self.assert_(not cRightList.is_superset(pRightList))
-
- pRightList = RightList(string="control,sa")
- cRightList = RightList(string="embed")
- self.assert_(pRightList.is_superset(cRightList))
- self.assert_(not cRightList.is_superset(pRightList))
+ pRights = Rights(string="sa")
+ cRights = Rights(string="embed")
+ self.assert_(pRights.is_superset(cRights))
+ self.assert_(not cRights.is_superset(pRights))
+
+ pRights = Rights(string="embed")
+ cRights = Rights(string="embed")
+ self.assert_(pRights.is_superset(cRights))
+ self.assert_(cRights.is_superset(pRights))
+
+ pRights = Rights(string="control")
+ cRights = Rights(string="embed")
+ self.assert_(not pRights.is_superset(cRights))
+ self.assert_(not cRights.is_superset(pRights))
+
+ pRights = Rights(string="control,sa")
+ cRights = Rights(string="embed")
+ self.assert_(pRights.is_superset(cRights))
+ self.assert_(not cRights.is_superset(pRights))
if __name__ == "__main__":
git://git.onelab.eu / sfa.git / commitdiff