def proceed_with_node():
"""
Read the node configuration for the node process.
If needed, the database file is created and initialized as well.
If it fails, it returns None and prints the reason of the failure
(so the caller may not bother doing it).
@returns: The port-to-node_settings mapping, like
C{settings.get_my_nodes_settings()}; or None if failed for some reason.
@rtype: dict, NoneType
"""
settings.configure_logging(postfix='common')
node_settings_map = settings.get_my_nodes_settings()
rel_db_url = settings.get_common().rel_db_url
db.init(rel_db_url, SQLALCHEMY_ECHO)
node_common_settings = settings.get_common()
try:
ds.init(fast_db_url=node_common_settings.fast_db_url,
big_db_url=node_common_settings.big_db_url)
except ds.MongoDBInitializationException as e:
print(u'MongoDB problem: {}'.format(e))
else:
# Create the database if the file is missing or 0 bytes long.
if not db.RDB.is_schema_initialized:
print('Initializing database schema...')
try:
db.create_node_db_schema()
except Exception:
cli_error('cannot create the RDB schema:\n%s',
traceback.format_exc())
else:
print('Successfully initialized.')
else:
# If the database is available, launch maintenance procedures.
with db.RDB() as rdbw:
Queries.System.maintenance(rdbw)
logger.debug('Maintenance done')
__migrate_if_needed()
return node_settings_map
def test_web_download(arguments):
node_map = proceed_with_node()
if len(arguments) < 3:
cli_error(u'You must pass at least 3 arguments to this command: '
u'the dataset UUID , '
u'base directory of the file, '
u'and the relative path of the file.'
.format(op=op_name))
else:
ds_uuid = try_parse_uuid(arguments.popleft())
base_dir = arguments.popleft()
rel_path = arguments.popleft()
edition = settings.get_common().edition
print(u'Downloading file from dataset {}, base directory {}, '
u'path {}'
.format(ds_uuid, base_dir, rel_path))
with db.RDB() as rdbw, ds.BDB() as bdbw:
cr = data_ops.get_cryptographer(ds_uuid, edition, rdbw)
file_data = data_ops.download_file(ds_uuid, base_dir, rel_path,
edition, rdbw)
result_filename = os.path.basename(rel_path)
logger.debug('Writing to file %r %i bytes long',
result_filename, file_data.size)
with open(result_filename, 'wb') as fh:
# Preallocate file
if file_data.size:
fh.seek(file_data.size - 1)
fh.write('\x00')
fh.seek(0)
# Now write the file contents.
try:
for bl in data_ops.get_file_of_blocks_gen(
file_data.blocks, cr, bdbw=bdbw):
fh.write(bl)
except BDBQueries.Chunks.NoChunkException as e:
logger.error('Problem while downloading the file: %s',
e)
print(u'Error: file {!r} cannot be created!'.format(
result_filename))
def on_end(self):
# By this time, whatever process to determine the host UUID
# for the user we use, we've definitely completed it,
# and the proper host UUID is present in the source message.
_host = self.message.src
_message = self.message
_ack = self.message_ack = self.message.reply()
if _host is None:
_ack.ack_result = 'fail'
elif self.manager.app.known_hosts.is_peer_alive(_host.uuid):
_ack.ack_result = 'dual login'
else:
_ack.ack_result = 'ok'
_ack.ack_host_uuid = _host.uuid
with db.RDB() as rdbw:
user_groups = list(
Queries.Inhabitants.get_groups_for_user(
_host.user.name, rdbw))
thost_uuids = \
{h.uuid
for h in TrustedQueries.HostAtNode
.get_all_trusted_hosts(
rdbw=rdbw)}
is_trusted_host = _host.uuid in thost_uuids
_ack.ack_username = self.message.src.user.name
_ack.ack_groups = user_groups
logger.debug('For user %r, %s %r, groups are: %r',
_ack.ack_username,
'trusted host' if is_trusted_host else 'host',
_host.uuid, _ack.ack_groups)
# If we have an SSL request, create the certificate
_req = _message.cert_request
if _req is not None:
assert isinstance(_req, crypto.X509Req), \
repr(_req)
subj = _req.get_subject()
if not ssl.validate_host_req(_req):
# Need explicit str() here, as subj is non-pickleable!
logger.warning('%s probably trying to spoof himself: %r',
_host.uuid, str(subj))
else:
# Force CN to be the host UUID
subj.commonName = str(_host.uuid)
node_cert = get_common().ssl_cert
node_key = get_common().ssl_pkey
_key_duration = ssl.OPENSSL_TRUSTED_HOST_KEY_DURATION \
if is_trusted_host \
else ssl.OPENSSL_HOST_KEY_DURATION
_ack.ack_ssl_cert = \
ssl.createCertificate(
_req,
node_cert, node_key,
notAfter=long(_key_duration.total_seconds()))
self.manager.post_message(self.message_ack)
def on_end(self):
# By this time, whatever process to determine the host UUID
# for the user we use, we've definitely completed it,
# and the proper host UUID is present in the source message.
_host = self.message.src
_message = self.message
_ack = self.message_ack = self.message.reply()
if _host is None:
_ack.ack_result = 'fail'
elif self.manager.app.known_hosts.is_peer_alive(_host.uuid):
_ack.ack_result = 'dual login'
else:
_ack.ack_result = 'ok'
_ack.ack_host_uuid = _host.uuid
with db.RDB() as rdbw:
user_groups = list(Queries.Inhabitants
.get_groups_for_user(_host.user.name,
rdbw))
thost_uuids = \
{h.uuid
for h in TrustedQueries.HostAtNode
.get_all_trusted_hosts(
rdbw=rdbw)}
is_trusted_host = _host.uuid in thost_uuids
_ack.ack_username = self.message.src.user.name
_ack.ack_groups = user_groups
logger.debug('For user %r, %s %r, groups are: %r',
_ack.ack_username,
'trusted host' if is_trusted_host else 'host',
_host.uuid,
_ack.ack_groups)
# If we have an SSL request, create the certificate
_req = _message.cert_request
if _req is not None:
assert isinstance(_req, crypto.X509Req), \
repr(_req)
subj = _req.get_subject()
if not ssl.validate_host_req(_req):
# Need explicit str() here, as subj is non-pickleable!
logger.warning('%s probably trying to spoof himself: %r',
_host.uuid, str(subj))
else:
# Force CN to be the host UUID
subj.commonName = str(_host.uuid)
node_cert = get_common().ssl_cert
node_key = get_common().ssl_pkey
_key_duration = ssl.OPENSSL_TRUSTED_HOST_KEY_DURATION \
if is_trusted_host \
else ssl.OPENSSL_HOST_KEY_DURATION
_ack.ack_ssl_cert = \
ssl.createCertificate(
_req,
node_cert, node_key,
notAfter=long(_key_duration.total_seconds()))
self.manager.post_message(self.message_ack)
