def redeem_ticket(self, opts, args):
ticket_file = args[0]
# get slice hrn from the ticket
# use this to get the right slice credential
ticket = SfaTicket(filename=ticket_file)
ticket.decode()
slice_hrn = ticket.gidObject.get_hrn()
slice_urn = hrn_to_urn(slice_hrn, 'slice')
#slice_hrn = ticket.attributes['slivers'][0]['hrn']
user_cred = self.get_user_cred()
slice_cred = self.get_slice_cred(slice_hrn).save_to_string(save_parents=True)
# get a list of node hostnames from the RSpec
tree = etree.parse(StringIO(ticket.rspec))
root = tree.getroot()
hostnames = root.xpath("./network/site/node/hostname/text()")
# create an xmlrpc connection to the component manager at each of these
# components and gall redeem_ticket
connections = {}
for hostname in hostnames:
try:
self.logger.info("Calling redeem_ticket at %(hostname)s " % locals())
server = self.get_server(hostname, CM_PORT, self.key_file, \
self.cert_file, self.options.debug)
server.RedeemTicket(ticket.save_to_string(save_parents=True), slice_cred)
self.logger.info("Success")
except socket.gaierror:
self.logger.error("redeem_ticket failed: Component Manager not accepting requests")
except Exception, e:
self.logger.log_exc(e.message)
def redeem_ticket(api, ticket_string):
ticket = SfaTicket(string=ticket_string)
ticket.decode()
hrn = ticket.attributes['slivers'][0]['hrn']
slicename = PlXrn (hrn).pl_slicename()
if not api.sliver_exists(slicename):
raise SliverDoesNotExist(slicename)
# convert ticket to format nm is used to
nm_ticket = xmlrpclib.dumps((ticket.attributes,), methodresponse=True)
api.nodemanager.AdminTicket(nm_ticket)
def get_ticket(self, opts, args):
slice_hrn, rspec_path = args[0], args[1]
slice_urn = hrn_to_urn(slice_hrn, 'slice')
user_cred = self.get_user_cred()
slice_cred = self.get_slice_cred(slice_hrn).save_to_string(save_parents=True)
creds = [slice_cred]
if opts.delegate:
delegated_cred = self.delegate_cred(slice_cred, get_authority(self.authority))
creds.append(delegated_cred)
rspec_file = self.get_rspec_file(rspec_path)
rspec = open(rspec_file).read()
server = self.get_server_from_opts(opts)
ticket_string = server.GetTicket(slice_urn, creds, rspec, [])
file = os.path.join(self.options.sfi_dir, get_leaf(slice_hrn) + ".ticket")
self.logger.info("writing ticket to %s"%file)
ticket = SfaTicket(string=ticket_string)
ticket.save_to_file(filename=file, save_parents=True)
def get_auth_ticket(self, xrn):
hrn, type = urn_to_hrn(xrn)
auth_info = self.get_auth_info(hrn)
gid = auth_info.get_gid_object()
ticket = SfaTicket(subject=hrn)
ticket.set_gid_caller(gid)
ticket.set_gid_object(gid)
ticket.set_delegate(True)
ticket.set_pubkey(auth_info.get_gid_object().get_pubkey())
parent_hrn = get_authority(hrn)
if not parent_hrn:
# if there is no parent hrn, then it must be self-signed. this
# is where we terminate the recursion
ticket.set_issuer(auth_info.get_pkey_object(), hrn)
else:
# we need the parent's private key in order to sign this GID
parent_auth_info = self.get_auth_info(parent_hrn)
ticket.set_issuer(parent_auth_info.get_pkey_object(), parent_auth_info.hrn)
ticket.set_parent(self.get_auth_cred(parent_hrn))
ticket.encode()
ticket.sign()
return ticket
def get_ticket(api, xrn, creds, rspec, users):
reg_objects = __get_registry_objects(xrn, creds, users)
slice_hrn, type = urn_to_hrn(xrn)
slices = Slices(api)
peer = slices.get_peer(slice_hrn)
sfa_peer = slices.get_sfa_peer(slice_hrn)
# get the slice record
registry = api.registries[api.hrn]
credential = api.getCredential()
records = registry.Resolve(xrn, credential)
# similar to CreateSliver, we must verify that the required records exist
# at this aggregate before we can issue a ticket
site_id, remote_site_id = slices.verify_site(registry, credential, slice_hrn,
peer, sfa_peer, reg_objects)
slice = slices.verify_slice(registry, credential, slice_hrn, site_id,
remote_site_id, peer, sfa_peer, reg_objects)
# make sure we get a local slice record
record = None
for tmp_record in records:
if tmp_record['type'] == 'slice' and \
not tmp_record['peer_authority']:
record = SliceRecord(dict=tmp_record)
if not record:
raise RecordNotFound(slice_hrn)
# get sliver info
slivers = Slices(api).get_slivers(slice_hrn)
if not slivers:
raise SliverDoesNotExist(slice_hrn)
# get initscripts
initscripts = []
data = {
'timestamp': int(time.time()),
'initscripts': initscripts,
'slivers': slivers
}
# create the ticket
object_gid = record.get_gid_object()
new_ticket = SfaTicket(subject = object_gid.get_subject())
new_ticket.set_gid_caller(api.auth.client_gid)
new_ticket.set_gid_object(object_gid)
new_ticket.set_issuer(key=api.key, subject=api.hrn)
new_ticket.set_pubkey(object_gid.get_pubkey())
new_ticket.set_attributes(data)
new_ticket.set_rspec(rspec)
#new_ticket.set_parent(api.auth.hierarchy.get_auth_ticket(auth_hrn))
new_ticket.encode()
new_ticket.sign()
return new_ticket.save_to_string(save_parents=True)
