def _generateOpensslConfig(self):
config = """
[ req ]
distinguished_name = req_distinguished_name
x509_extensions = v3_ca
prompt = no
input_password = %(certPassword)s
output_password = %(certPassword)s
dirstring_type = nobmp
[ req_distinguished_name ]
C = EU
O = StratusLab Project
OU = Testing Department
CN = %(commonName)s
[ v3_ca ]
basicConstraints = CA:false
nsCertType=client, email, objsign
keyUsage=critical, digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment, keyAgreement
subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid:always,issuer:always
subjectAltName=email:%(subjectEmail)s
""" % self.configHolder.options
conf_filename = os.path.join(self.tmp_dir, 'openssl.cfg')
open(conf_filename, 'w').write(config)
Util.printDetail("Generated openssl configuration in: %s" % conf_filename,
self.configHolder.verboseLevel)
Util.printDetail("Openssl configuration: %s" % open(conf_filename).read(),
self.configHolder.verboseLevel,
Util.VERBOSE_LEVEL_DETAILED)
def testfilePutGetContentUnicode(self):
_, filename = tempfile.mkstemp()
try:
Util.filePutContent(filename, unicode('Élément', encoding='utf8'))
assert 'Élément' == Util.fileGetContent(filename)
finally:
os.unlink(filename)
def _validateParameters(self):
Util.printStep('Validating parameters')
if not self.registrationLdapScheme:
raise ValidationException('registration_ldap_scheme is not defined')
if not self.registrationLdapHost:
raise ValidationException('registration_ldap_host is not defined')
if not self.registrationLdapPort:
raise ValidationException('registration_ldap_port is not defined')
if not self.registrationLdapManagerDn:
raise ValidationException('registration_ldap_manager_dn is not defined')
if not self.registrationLdapManagerPassword:
raise ValidationException('registration_ldap_manager_password is not defined')
if not self.registrationAdminEmail:
raise ValidationException('registration_admin_email is not defined')
if not self.registrationMailHost:
raise ValidationException('registration_mail_host is not defined')
if not self.registrationMailPort:
raise ValidationException('registration_mail_port is not defined')
if not self.registrationMailUser:
raise ValidationException('registration_mail_user is not defined')
if not self.registrationMailPassword:
raise ValidationException('registration_mail_password is not defined')
if not self.registrationMailSsl:
raise ValidationException('registration_mail_ssl is not defined')
if not self.registrationMailDebug:
raise ValidationException('registration_mail_debug is not defined')
if not self.registrationSslTruststore:
self.registrationSslTruststore = ''
def testfilePutGetContentStr(self):
_, filename = tempfile.mkstemp()
try:
Util.filePutContent(filename, str('Element'))
assert 'Element' == Util.fileGetContent(filename)
finally:
os.unlink(filename)
def _shutdownNode(self):
if self.shutdownVm:
self._stopMachine()
else:
self._printStep('Machine ready for use')
msg = '\n\tMachine IP: %s\tRemember to stop the machine when finished' % self.vmIp
Util.printInfo(msg)
def addNetworkAcl(self, users, net_id_int, rights):
"""
users - hex
net_id_int - integer, network ID
rights - hex
"""
# "magic" number
_magic = self.ACL_USERS['UID']
net_resource = hex(self.ACL_RESOURCES['NET'] + _magic + net_id_int)
# Hack to retry on SSL errors
maxRetries = 3
retries = 0
while True:
try:
ret, info, _ = self._rpc.one.acl.addrule(self._sessionString,
users,
net_resource,
rights)
break
except ssl.SSLError as e:
retries += 1
t = strftime("%Y-%m-%d %H:%M:%S", gmtime())
Util.printDetail('SSL ERROR ENCOUNTERED (%s): %s' % (t, str(e)))
if retries >= maxRetries:
raise e
if not ret:
raise OneException(info)
return info
def _killMachine(self):
self._printStep('Killing machine')
if self.vmId:
self.cloud.vmKill(self.vmId)
else:
Util.printWarning('Undefined VM ID, when trying to kill machine.')
def listVms(self, showVmsFromAllUsers=False):
fromAllUsers = -2
currentUserOnly = -3
if showVmsFromAllUsers:
visibilitySwitch = fromAllUsers
else:
visibilitySwitch = currentUserOnly
# Hack to retry on SSL errors.
maxRetries = 3
retries = 0
while True:
try:
ret, info, _ = self._rpc.one.vmpool.info(self._sessionString, visibilitySwitch, -1, -1, -1)
break
except ssl.SSLError as e:
retries += 1
t = strftime("%Y-%m-%d %H:%M:%S", gmtime())
Util.printDetail('SSL ERROR ENCOUNTERED (%s): %s' % (t, str(e)))
if retries >= maxRetries:
raise e
if not ret:
raise OneException(info)
vmlist = Util.etree_from_text(info)
for xml in vmlist.findall('VM'):
self._addStateSummary(xml)
return etree.tostring(vmlist)
def _configureNetworkInterface(self, device, ip, netmask):
deviceConf = '/etc/sysconfig/network-scripts/ifcfg-%s' % device
data = """DEVICE=%s
IPADDR=%s
NETMASK=%s
""" % (device, ip, netmask)
Util.filePutContent(deviceConf, data)
def _remoteFileAppendContents(self, filename, data):
data = Util.escapeDoubleQuotes(data, times=4)
rc, output = self._nodeShell('"echo \\"%s\\" >> %s"' % (data, filename),
withOutput=True, shell=True)
if rc != 0:
Util.printError("Failed to append to %s\n%s" % (filename, output))
def _configureSudo(self):
Util.appendOrReplaceInFile(self.sudoersFilePath,
'Defaults:%s !requiretty' % self.cloudUsername,
'Defaults:%s !requiretty' % self.cloudUsername)
Util.appendOrReplaceInFile(self.sudoersFilePath,
'%s ALL= NOPASSWD: %s' % (self.cloudUsername, self.firewall.binary),
'%s ALL= NOPASSWD: %s' % (self.cloudUsername, self.firewall.binary))
def doWork(self):
# checking marketplace endpoint URL
url_is_ok = Util.checkUrlExists(ENDPOINT_MKP, 30)
if url_is_ok is True:
req = urllib2.Request(ENDPOINT_MKP)
response = urllib2.urlopen(req)
content = response.read()
xml = Util.etree_from_text(content)
desc_nodes = xml.iter("{" + RDF + "}Description")
all_desc = []
desc = {}
for desc_node in desc_nodes:
desc["description"] = desc_node.find('{' + DCTERMS + '}description').text
desc["identifier"] = desc_node.find('{' + DCTERMS + '}identifier').text
desc["creator"] = desc_node.find('{' + DCTERMS + '}creator').text
desc["created"] = desc_node.find('{' + DCTERMS + '}created').text
desc["os"] = desc_node.find('{' + SLTERMS + '}os').text
desc["os-version"] = desc_node.find('{' + SLTERMS + '}os-version').text
desc["os-arch"] = desc_node.find('{' + SLTERMS + '}os-arch').text
# cast in str for NoneType object (otherwise, we should use try/Except)
print "Description: " + str(desc["description"])
print "ID: " + str(desc["identifier"])
print "OS: " + str(desc["os"]), str(desc["os-version"]), "| Arch: " + str(desc["os-arch"])
print "Creator: " + str(desc["creator"])
print "Created at: " + str(desc["created"].replace("Z", "").split('T'))
print "####\n"
all_desc.append(desc)
def _lcmStateToString(self):
lcm = self._lcmStateAsInt()
if (lcm is not None) and (lcm >= 0) and (lcm < len(self.lcmStateDefintion)):
return self.lcmStateDefintion[lcm]
else:
Util.printError('Invalid state: %s' % lcm, exit=False)
return self.invalidState
def _configureVirtualNetInterface(self, device, ip, netmask):
device = device + ":privlan"
Util.printDetail("Configuring network interface %s." % device)
self._configureNetworkInterface(device, ip, netmask)
Util.printDetail("Starting network interface %s." % device)
self.executeCmd(["ifup", device])
def _installPackages(self):
Util.printStep('Removing CIMI server package')
cmd = 'yum erase -y %s' % self._package
self._executeExitOnError(cmd)
Util.printStep('Installing CIMI server package')
cmd = 'yum install --nogpgcheck -y %s' % self._package
self._executeExitOnError(cmd)
def doWork(self):
configHolder = ConfigHolder(self.options.__dict__)
signator = Signator(self.manifestFile, configHolder)
isError = signator.sign()
if isError:
Util.printError('Error signing metadata file')
else:
Util.printDetail('Metadata file successfully signed: %s' % signator.outputManifestFile)
def _writeToFilesRemote(self, listOfFileNameContentTuples):
tmpFilename = tempfile.mktemp()
for remoteFilename, content in listOfFileNameContentTuples:
Util.filePutContent(tmpFilename, content)
self._nodeCopy(tmpFilename, remoteFilename)
try:
os.unlink(tmpFilename)
except: pass
def sign(self):
res, output = self._sign()
if res:
Util.printError(output, exit=False)
self._cleanupTempFile()
else:
self._renameFiles()
return res
def _installDhcp(self):
Util.printDetail('Installing DHCP server.')
dhcpPackage = self.getPackageName('dhcp')
self.installPackages([dhcpPackage])
if not self.isPackageInstalled(dhcpPackage):
Util.printError('Failed to install %s.' % dhcpPackage)
def _saveFirewallRules(self, filename):
# back-up
self.executeCmd(('cp -fp %s %s.LAST'%((filename,)*2)).split(' '))
_,output = self.executeCmdWithOutput(['iptables-save'])
Util.printDetail('Saving firewall rules to %s.' % filename)
filePutContent(filename, output)
os.chmod(filename, 0600)
def _configureVirtualNetInterface(self, device, ip, netmask):
device = device + ':privlan'
Util.printDetail('Configuring network interface %s.' % device)
self._configureNetworkInterface(device, ip, netmask)
Util.printDetail('Starting network interface %s.' % device)
self.executeCmd(['ifup', device])
def getUidGidFromNode(user):
rc, output = self._nodeShell(getUidGidCmd % user,
withOutput=True)
if rc != 0:
Util.printError("Error getting '%s' user UID/GID from Node.\n%s" %
(user,output))
return _extractUidGidFromGetentPasswdOutput(output)
def _installDhcp(self):
Util.printDetail("Installing DHCP server.")
dhcpPackage = self.getPackageName("dhcp")
self.installPackages([dhcpPackage])
if not self.isPackageInstalled(dhcpPackage):
Util.printError("Failed to install %s." % dhcpPackage)
def _startDhcp(self):
Util.printDetail('(Re)Starting DHCP server.')
serviceName = self.packages['dhcp'].initdScriptName
rc = self.restartService(serviceName)
if rc != 0:
Util.printError('Failed to (re)start DHCP service.')
def _execute(self, command):
if self.verboseLevel <= Util.VERBOSE_LEVEL_NORMAL:
devNull = open(os.path.devnull, 'w')
ret = Util.execute(command, stdout=devNull, stderr=devNull)
devNull.close()
else:
ret = Util.execute(command)
return ret
def getHttpProxyForUrl(url):
proxy = None
url_host = Util.parseUri(url)[1]
envProxy = HttpClient._getEnvVarProxy()
if envProxy and not (url_host in HttpClient._getEnvVarNoProxy()):
proxy_server, proxy_port = Util.parseUri(envProxy)[1:3]
proxy = httplib2.ProxyInfo(3, proxy_server, int(proxy_port), proxy_rdns=True)
return proxy
def _configureNetworkInterface(self, device, ip, netmask):
data = """auto %s
iface %s inet static
address %s
netmask %s
pre-up iptables-restore < %s""" % (device, device, ip, netmask,
self.FILE_FIREWALL_RULES)
Util.appendOrReplaceMultilineBlockInFile(self.FILE_INTERFACES, data)
def _installFetchCrl(self):
"""fetch-crl 3:
http://www.nikhef.nl/grid/fetchcrl3
http://dist.eugridpma.info/distribution/util/fetch-crl3/
"""
Util.printDetail('NB! Installation of fetch-crl is not implemented for Ubuntu.')
Util.printDetail("""For manual installation see:
http://www.nikhef.nl/grid/fetchcrl3
http://dist.eugridpma.info/distribution/util/fetch-crl3/""")
def _getManifest(self, resourceUri):
url = MarketplaceUtil.metadataUrl(self.marketplaceEndpoint, resourceUri)
self._printDetail('Downloading from: %s' % url)
try:
return self.__getManifest(url)
except:
reason = ''.join(traceback.format_exception_only(*(sys.exc_info()[:2])))
Util.printError('Failed to get manifest for resource uri: %s. %s' % (url,
reason))
def _downloadImage(self, url):
compressionExtension = self._extractCompressionExtension(url)
localFilename = tempfile.mktemp()
localImageName = localFilename + compressionExtension
Util.wget(url, localImageName)
return localImageName