def run(self, options=None):
if not self.config.SFA_REGISTRY_ENABLED:
self.logger.critical(
"Importer: need SFA_REGISTRY_ENABLED to run import")
# testbed-neutral : create local certificates and the like
auth_hierarchy = Hierarchy()
self.create_top_level_auth_records(self.config.SFA_INTERFACE_HRN)
self.create_interface_records()
# testbed-specific
testbed_importer = None
generic = Generic.the_flavour()
importer_class = generic.importer_class()
if importer_class:
begin_time = datetime.now()
self.logger.info ("Starting import on %s, using class %s from flavour %s"%\
(begin_time,importer_class.__name__,generic.flavour))
testbed_importer = importer_class(auth_hierarchy, self.logger)
if testbed_importer:
testbed_importer.add_options(options)
testbed_importer.run(options)
end_time = datetime.now()
duration = end_time - begin_time
self.logger.info("Import took %s" % duration)
def import_slice_to_registry(self, slicename):
'''
Method to import a slice created in the testbed to the SFA Registry
:param slicename: name of the node being imported
:type string
'''
auth_hierarchy = Hierarchy()
clab_importer = ClabImporter(auth_hierarchy, clab_logger)
clab_importer.import_single_slice(slicename)
def create_default_dirs():
config = Config()
hierarchy = Hierarchy()
config_dir = config.config_path
trusted_certs_dir = config.get_trustedroots_dir()
authorities_dir = hierarchy.basedir
all_dirs = [config_dir, trusted_certs_dir, authorities_dir]
for dir in all_dirs:
if not os.path.exists(dir):
os.makedirs(dir)
def __init__(self, auth_hierarchy=None, logger=None):
self.config = Config()
if auth_hierarchy is not None:
self.auth_hierarchy = auth_hierarchy
else:
self.auth_hierarchy = Hierarchy()
if logger is not None:
self.logger = logger
else:
self.logger = _SfaLogger(logfile='/var/log/sfa_import.log',
loggername='importlog')
self.logger.setLevelFromOptVerbose(self.config.SFA_API_LOGLEVEL)
# ugly side effect so that other modules get it right
import sfa.util.sfalogging
sfa.util.sfalogging.logger = logger
def getDelegatedCredential(self, creds):
"""
Attempt to find a credential delegated to us in
the specified list of creds.
"""
from sfa.trust.hierarchy import Hierarchy
if creds and not isinstance(creds, list):
creds = [creds]
hierarchy = Hierarchy()
delegated_cred = None
for cred in creds:
if hierarchy.auth_exists(
Credential(cred=cred).get_gid_caller().get_hrn()):
delegated_cred = cred
break
return delegated_cred
def server_proxy(self, interface, cred, timeout=30):
"""
Returns a connection to the specified interface. Use the specified
credential to determine the caller and look for the caller's key/cert
in the registry hierarchy cache.
"""
from sfa.trust.hierarchy import Hierarchy
if not isinstance(cred, Credential):
cred_obj = Credential(string=cred)
else:
cred_obj = cred
caller_gid = cred_obj.get_gid_caller()
hierarchy = Hierarchy()
auth_info = hierarchy.get_auth_info(caller_gid.get_hrn())
key_file = auth_info.get_privkey_filename()
cert_file = auth_info.get_gid_filename()
server = interface.server_proxy(key_file, cert_file, timeout)
return server
def GetCredential(registry=None, force=False, verbose=False):
config = Config()
hierarchy = Hierarchy()
key_dir = hierarchy.basedir
data_dir = config.data_path
config_dir = config.config_path
credfile = data_dir + os.sep + 'node.cred'
# check for existing credential
if not force and os.path.exists(credfile):
if verbose:
print "Loading Credential from %(credfile)s " % locals()
cred = Credential(filename=credfile).save_to_string(save_parents=True)
else:
if verbose:
print "Getting credential from registry"
# make sure node private key exists
node_pkey_file = config_dir + os.sep + "node.key"
node_gid_file = config_dir + os.sep + "node.gid"
if not os.path.exists(node_pkey_file) or \
not os.path.exists(node_gid_file):
get_node_key(registry=registry, verbose=verbose)
gid = GID(filename=node_gid_file)
hrn = gid.get_hrn()
# create server key and certificate
keyfile = data_dir + os.sep + "server.key"
certfile = data_dir + os.sep + "server.cert"
key = Keypair(filename=node_pkey_file)
key.save_to_file(keyfile)
create_server_keypair(keyfile, certfile, hrn, verbose)
# get credential from registry
registry = server_proxy(url=registry,
keyfile=keyfile,
certfile=certfile)
cert = Certificate(filename=certfile)
cert_str = cert.save_to_string(save_parents=True)
cred = registry.GetSelfCredential(cert_str, 'node', hrn)
Credential(string=cred).save_to_file(credfile, save_parents=True)
return cred
def export(self, xrn, type=None, outfile=None):
"""Fetch an object's GID from the Registry"""
from sfa.storage.model import RegRecord
hrn = Xrn(xrn).get_hrn()
request = self.api.dbsession().query(RegRecord).filter_by(hrn=hrn)
if type: request = request.filter_by(type=type)
record = request.first()
if record:
gid = GID(string=record.gid)
else:
# check the authorities hierarchy
hierarchy = Hierarchy()
try:
auth_info = hierarchy.get_auth_info(hrn)
gid = auth_info.gid_object
except:
print "Record: %s not found" % hrn
sys.exit(1)
# save to file
if not outfile:
outfile = os.path.abspath('./%s.gid' % gid.get_hrn())
gid.save_to_file(outfile, save_parents=True)
def nuke(self, all=False, certs=False, reinit=True):
"""Cleanup local registry DB, plus various additional filesystem cleanups optionally"""
from sfa.storage.dbschema import DBSchema
from sfa.util.sfalogging import _SfaLogger
logger = _SfaLogger(logfile='/var/log/sfa_import.log',
loggername='importlog')
logger.setLevelFromOptVerbose(self.api.config.SFA_API_LOGLEVEL)
logger.info("Purging SFA records from database")
dbschema = DBSchema()
dbschema.nuke()
# for convenience we re-create the schema here, so there's no need for an explicit
# service sfa restart
# however in some (upgrade) scenarios this might be wrong
if reinit:
logger.info("re-creating empty schema")
dbschema.init_or_upgrade()
# remove the server certificate and all gids found in /var/lib/sfa/authorities
if certs:
logger.info("Purging cached certificates")
for (dir, _, files) in os.walk('/var/lib/sfa/authorities'):
for file in files:
if file.endswith('.gid') or file == 'server.cert':
path = dir + os.sep + file
os.unlink(path)
# just remove all files that do not match 'server.key' or 'server.cert'
if all:
logger.info("Purging registry filesystem cache")
preserved_files = ['server.key', 'server.cert']
for (dir, _, files) in os.walk(Hierarchy().basedir):
for file in files:
if file in preserved_files: continue
path = dir + os.sep + file
os.unlink(path)
def __init__(self, peer_cert=None, config=None):
self.peer_cert = peer_cert
self.hierarchy = Hierarchy()
if not config:
self.config = Config()
self.load_trusted_certs()
from sfa.generic import Generic
from sfa.util.xrn import Xrn
from sfa.storage.record import Record
from sfa.client.sfi import save_records_to_file
from sfa.trust.hierarchy import Hierarchy
from sfa.trust.gid import GID
from sfa.trust.certificate import convert_public_key
from sfa.client.candidates import Candidates
from sfa.client.common import optparse_listvalue_callback, optparse_dictvalue_callback, terminal_render, filter_records
pprinter = PrettyPrinter(indent=4)
try:
help_basedir = Hierarchy().basedir
except:
help_basedir = '*unable to locate Hierarchy().basedir'
def args(*args, **kwargs):
def _decorator(func):
func.__dict__.setdefault('options', []).insert(0, (args, kwargs))
return func
return _decorator
class Commands(object):
def _get_commands(self):
command_names = []
def main():
# Generate command line parser
parser = OptionParser(usage="sfa-start.py [options]")
parser.add_option("-r",
"--registry",
dest="registry",
action="store_true",
help="run registry server",
default=False)
parser.add_option("-s",
"--slicemgr",
dest="sm",
action="store_true",
help="run slice manager",
default=False)
parser.add_option("-a",
"--aggregate",
dest="am",
action="store_true",
help="run aggregate manager",
default=False)
parser.add_option("-c",
"--component",
dest="cm",
action="store_true",
help="run component server",
default=False)
parser.add_option("-t",
"--trusted-certs",
dest="trusted_certs",
action="store_true",
help="refresh trusted certs",
default=False)
parser.add_option("-d",
"--daemon",
dest="daemon",
action="store_true",
help="Run as daemon.",
default=False)
(options, args) = parser.parse_args()
config = Config()
logger.setLevelFromOptVerbose(config.SFA_API_LOGLEVEL)
# ge the server's key and cert
hierarchy = Hierarchy()
auth_info = hierarchy.get_interface_auth_info()
server_key_file = auth_info.get_privkey_filename()
server_cert_file = auth_info.get_gid_filename()
# ensure interface cert is present in trusted roots dir
trusted_roots = TrustedRoots(config.get_trustedroots_dir())
trusted_roots.add_gid(GID(filename=server_cert_file))
if (options.daemon): daemon()
if options.trusted_certs:
install_peer_certs(server_key_file, server_cert_file)
# start registry server
if (options.registry):
from sfa.server.registry import Registry
r = Registry("", config.SFA_REGISTRY_PORT, server_key_file,
server_cert_file)
r.start()
if (options.am):
from sfa.server.aggregate import Aggregate
a = Aggregate("", config.SFA_AGGREGATE_PORT, server_key_file,
server_cert_file)
a.start()
# start slice manager
if (options.sm):
from sfa.server.slicemgr import SliceMgr
s = SliceMgr("", config.SFA_SM_PORT, server_key_file, server_cert_file)
s.start()
if (options.cm):
from sfa.server.component import Component
c = Component("", config.component_port, server_key_file,
server_cert_file)
# c = Component("", config.SFA_COMPONENT_PORT, server_key_file, server_cert_file)
c.start()
