def connect_syndicate(
username=CONFIG.SYNDICATE_OPENCLOUD_USER,
password=CONFIG.SYNDICATE_OPENCLOUD_PASSWORD,
user_pkey_path=CONFIG.SYNDICATE_OPENCLOUD_PKEY,
):
"""
Connect to the OpenCloud Syndicate SMI, using the OpenCloud user credentials.
"""
debug = True
if hasattr(CONFIG, "DEBUG"):
debug = CONFIG.DEBUG
user_pkey_pem = None
if user_pkey_path is not None:
user_pkey = syndicate_storage_api.read_private_key(user_pkey_path)
if user_pkey is None:
raise Exception("Failed to load private key from %s" % user_pkey_path)
else:
user_pkey_pem = user_pkey.exportKey()
client = syntool.Client(
username, CONFIG.SYNDICATE_SMI_URL, password=password, user_pkey_pem=user_pkey_pem, debug=debug
)
return client
def connect_syndicate(username=CONFIG.SYNDICATE_OPENCLOUD_USER,
password=CONFIG.SYNDICATE_OPENCLOUD_PASSWORD,
user_pkey_path=CONFIG.SYNDICATE_OPENCLOUD_PKEY):
"""
Connect to the OpenCloud Syndicate SMI, using the OpenCloud user credentials.
"""
debug = True
if hasattr(CONFIG, "DEBUG"):
debug = CONFIG.DEBUG
user_pkey_pem = None
if user_pkey_path is not None:
user_pkey = syndicate_storage_api.read_private_key(user_pkey_path)
if user_pkey is None:
raise Exception("Failed to load private key from %s" %
user_pkey_path)
else:
user_pkey_pem = user_pkey.exportKey()
client = syntool.Client(username,
CONFIG.SYNDICATE_SMI_URL,
password=password,
user_pkey_pem=user_pkey_pem,
debug=debug)
return client
def ft_do_push( syndicate_url, volume_name, volume_owner, slice_name, slice_secret, principal_pkey_path, hostname, automount_daemon_port,
instantiate_UG=None, run_UG=None, UG_port=0, UG_closure=None,
instantiate_RG=None, run_RG=None, RG_port=0, RG_closure=None, RG_global_hostname=None,
instantiate_AG=None, run_AG=None, AG_port=0, AG_closure=None, AG_global_hostname=None,
gateway_name_prefix="" ):
"""
Push credentials to a single host.
"""
c_syndicate.crypto_init()
observer_key = syndicate_storage_api.read_private_key( CONFIG.SYNDICATE_OBSERVER_PRIVATE_KEY )
user_key = syndicate_storage_api.read_private_key( principal_pkey_path )
observer_key_pem = observer_key.exportKey()
user_pkey_pem = user_key.exportKey()
if observer_key_pem is None:
raise Exception("Failed to read observer private key from %s" % observer_key_pem )
if user_pkey_pem is None:
raise Exception("Failed to read user private key from %s" % principal_pkey_path )
# convert to binary
slice_secret = binascii.unhexlify( slice_secret )
cred = observer_cred.create_slice_credential_blob( observer_key_pem, slice_name, slice_secret, syndicate_url, volume_name, volume_owner, user_pkey_pem,
instantiate_UG=instantiate_UG, run_UG=run_UG, UG_port=UG_port, UG_closure=UG_closure,
instantiate_RG=instantiate_RG, run_RG=run_RG, RG_port=RG_port, RG_closure=RG_closure, RG_global_hostname=RG_global_hostname,
instantiate_AG=instantiate_AG, run_AG=run_AG, AG_port=AG_port, AG_closure=AG_closure, AG_global_hostname=AG_global_hostname,
gateway_name_prefix=gateway_name_prefix )
if cred is None:
raise Exception("Failed to generate slice credential")
rc = do_push( [hostname], automount_daemon_port, cred )
c_syndicate.crypto_shutdown()
def get_private_key_pem(pkey_path):
"""
Get a private key from storage, PEM-encoded.
"""
# get the OpenCloud private key
observer_pkey = syndicate_storage.read_private_key(pkey_path)
if observer_pkey is None:
logger.error("Failed to load Observer private key")
return None
observer_pkey_pem = observer_pkey.exportKey()
return observer_pkey_pem
def get_observer_private_key_pem(pkey_path):
"""
Get a private key from storage, PEM-encoded.
"""
# get the OpenCloud private key
observer_pkey = syndicate_storage_api.read_private_key(pkey_path)
if observer_pkey is None:
logger.error("Failed to load Observer private key")
return None
observer_pkey_pem = observer_pkey.exportKey()
return observer_pkey_pem
def credential_server_spawn( old_exit_status ):
"""
Start our credential server (i.e. in a separate process, started by the watchdog)
"""
setproctitle.setproctitle( "syndicate-credential-server" )
private_key = syndicate_storage.read_private_key( CONFIG.SYNDICATE_PRIVATE_KEY )
if private_key is None:
# exit code 255 will be ignored...
logger.error("Cannot load private key. Exiting...")
sys.exit(255)
logger.info("Starting Syndicate Observer credential server on port %s" % CONFIG.SYNDICATE_HTTP_PORT)
srv = CredentialServer( private_key.exportKey(), CONFIG.SYNDICATE_OPENCLOUD_SECRET, ('', CONFIG.SYNDICATE_HTTP_PORT), CredentialServerHandler)
srv.serve_forever()
def credential_server_spawn(old_exit_status):
"""
Start our credential server (i.e. in a separate process, started by the watchdog)
"""
setproctitle.setproctitle("syndicate-credential-server")
private_key = syndicate_storage.read_private_key(
CONFIG.SYNDICATE_PRIVATE_KEY)
if private_key is None:
# exit code 255 will be ignored...
logger.error("Cannot load private key. Exiting...")
sys.exit(255)
logger.info("Starting Syndicate Observer credential server on port %s" %
CONFIG.SYNDICATE_HTTP_PORT)
srv = CredentialServer(private_key.exportKey(),
CONFIG.SYNDICATE_OPENCLOUD_SECRET,
('', CONFIG.SYNDICATE_HTTP_PORT),
CredentialServerHandler)
srv.serve_forever()
def ft_credential_server_1(syndicate_url, principal_id, principal_pkey_path):
"""
Functional test for the credential server.
Use a set of fake volume data.
"""
import syndicate.observer.sync as observer_sync
import syndicate.observer.core as observer_core
import syndicate.syndicate as c_syndicate
from collections import namedtuple
c_syndicate.crypto_init()
observer_pkey_pem = syndicate_storage_api.read_private_key(
CONFIG.SYNDICATE_OBSERVER_PRIVATE_KEY).exportKey()
user_pkey_pem = syndicate_storage_api.read_private_key(
principal_pkey_path).exportKey()
slice_secret = binascii.unhexlify(
"0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef")
ft_volumes = ["ft_volume_1", "ft_volume_2", "ft_volume_3"]
RG_ports = {
"ft_volume_1": 32781,
"ft_volume_2": 32783,
"ft_volume_3": 32785
}
UG_ports = {
"ft_volume_1": 32780,
"ft_volume_2": 32782,
"ft_volume_3": 32784
}
OpenCloudVolume = namedtuple("OpenCloudVolume", [
"name", "blocksize", "description", "private", "archive",
"cap_read_data", "cap_write_data", "cap_host_data"
])
# set up some volumes
for vol_name in ft_volumes:
opencloud_volume = OpenCloudVolume(
name=vol_name,
blocksize=1024,
description="Functional test volume",
private=True,
archive=False,
cap_read_data=True,
cap_write_data=True,
cap_host_data=True)
observer_core.ensure_volume_exists(CONFIG.SYNDICATE_OPENCLOUD_USER,
opencloud_volume)
# set up some RGs for the volumes
for vol_name in ft_volumes:
g = observer_core.setup_global_RG(CONFIG.SYNDICATE_OPENCLOUD_USER,
vol_name,
CONFIG.SYNDICATE_GATEWAY_NAME_PREFIX,
slice_secret,
RG_ports[vol_name],
CONFIG.SYNDICATE_RG_CLOSURE,
global_hostname="localhost")
assert g == True, "Failed to ensure global RG for volume %s exists" % vol_name
ft_volumeslice = {
"ft_volume_1":
observer_sync.VolumeSlice(
volume_id=1,
slice_id=1,
cap_read_data=True,
cap_write_data=True,
cap_host_data=True,
UG_portnum=UG_ports["ft_volume_1"],
RG_portnum=RG_ports["ft_volume_1"],
credentials_blob=observer_core.generate_slice_credentials(
observer_pkey_pem,
syndicate_url,
principal_id,
"ft_volume_1",
"ft_slice_1",
None,
slice_secret,
user_pkey_pem=user_pkey_pem,
instantiate_UG=True,
run_UG=True,
UG_port=UG_ports["ft_volume_1"],
UG_closure=None,
instantiate_RG=None,
run_RG=True,
RG_port=RG_ports["ft_volume_1"],
RG_closure=None,
RG_global_hostname="localhost",
instantiate_AG=None,
run_AG=None,
AG_port=0,
AG_closure=None,
gateway_name_prefix="OpenCloud")),
"ft_volume_2":
observer_sync.VolumeSlice(
volume_id=2,
slice_id=1,
cap_read_data=True,
cap_write_data=True,
cap_host_data=True,
UG_portnum=UG_ports["ft_volume_2"],
RG_portnum=RG_ports["ft_volume_2"],
credentials_blob=observer_core.generate_slice_credentials(
observer_pkey_pem,
syndicate_url,
principal_id,
"ft_volume_2",
"ft_slice_1",
None,
slice_secret,
user_pkey_pem=user_pkey_pem,
instantiate_UG=True,
run_UG=True,
UG_port=UG_ports["ft_volume_2"],
UG_closure=None,
instantiate_RG=None,
run_RG=True,
RG_port=RG_ports["ft_volume_2"],
RG_closure=None,
RG_global_hostname="localhost",
instantiate_AG=None,
run_AG=None,
AG_port=0,
AG_closure=None,
gateway_name_prefix="OpenCloud")),
"ft_volume_3":
observer_sync.VolumeSlice(
volume_id=3,
slice_id=1,
cap_read_data=True,
cap_write_data=False,
cap_host_data=False,
UG_portnum=UG_ports["ft_volume_3"],
RG_portnum=RG_ports["ft_volume_3"],
credentials_blob=observer_core.generate_slice_credentials(
observer_pkey_pem,
syndicate_url,
principal_id,
"ft_volume_3",
"ft_slice_1",
None,
slice_secret,
user_pkey_pem=user_pkey_pem,
instantiate_UG=True,
run_UG=True,
UG_port=UG_ports["ft_volume_3"],
UG_closure=None,
instantiate_RG=None,
run_RG=True,
RG_port=RG_ports["ft_volume_3"],
RG_closure=None,
RG_global_hostname="localhost",
instantiate_AG=None,
run_AG=None,
AG_port=0,
AG_closure=None,
gateway_name_prefix="OpenCloud"))
}
# re-programm observer_storage with test methods
def ft_get_slice_secret(private_key_pem, slice_name):
logger.info("get slice secret for %s" % slice_name)
return slice_secret
def ft_get_volumeslice_volume_names(slice_name):
logger.info("get volume names for %s" % slice_name)
return ["ft_volume_1", "ft_volume_2", "ft_volume_3"]
def ft_get_volumeslice(volume_name, slice_name):
logger.info("get volumeslice for (%s, %s)" % (volume_name, slice_name))
return ft_volumeslice.get(volume_name, None)
observer_storage.get_slice_secret = ft_get_slice_secret
observer_storage.get_volumeslice_volume_names = ft_get_volumeslice_volume_names
observer_storage.get_volumeslice = ft_get_volumeslice
ensure_credential_server_running(run_once=True, foreground=True)
c_syndicate.crypto_shutdown()
def ft_credential_server_1( syndicate_url, principal_id, principal_pkey_path ):
"""
Functional test for the credential server.
Use a set of fake volume data.
"""
import syndicate.observer.sync as observer_sync
import syndicate.observer.core as observer_core
import syndicate.syndicate as c_syndicate
from collections import namedtuple
c_syndicate.crypto_init()
observer_pkey_pem = syndicate_storage_api.read_private_key( CONFIG.SYNDICATE_OBSERVER_PRIVATE_KEY ).exportKey()
user_pkey_pem = syndicate_storage_api.read_private_key( principal_pkey_path ).exportKey()
slice_secret = binascii.unhexlify( "0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef" )
ft_volumes = ["ft_volume_1", "ft_volume_2", "ft_volume_3"]
RG_ports = {
"ft_volume_1": 32781,
"ft_volume_2": 32783,
"ft_volume_3": 32785
}
UG_ports = {
"ft_volume_1": 32780,
"ft_volume_2": 32782,
"ft_volume_3": 32784
}
OpenCloudVolume = namedtuple("OpenCloudVolume", ["name", "blocksize", "description", "private", "archive", "cap_read_data", "cap_write_data", "cap_host_data"])
# set up some volumes
for vol_name in ft_volumes:
opencloud_volume = OpenCloudVolume( name = vol_name,
blocksize = 1024,
description = "Functional test volume",
private = True,
archive = False,
cap_read_data = True,
cap_write_data = True,
cap_host_data = True )
observer_core.ensure_volume_exists( CONFIG.SYNDICATE_OPENCLOUD_USER, opencloud_volume )
# set up some RGs for the volumes
for vol_name in ft_volumes:
g = observer_core.setup_global_RG( CONFIG.SYNDICATE_OPENCLOUD_USER, vol_name, CONFIG.SYNDICATE_GATEWAY_NAME_PREFIX, slice_secret, RG_ports[vol_name], CONFIG.SYNDICATE_RG_CLOSURE, global_hostname="localhost" )
assert g == True, "Failed to ensure global RG for volume %s exists" % vol_name
ft_volumeslice = {
"ft_volume_1": observer_sync.VolumeSlice( volume_id=1,
slice_id=1,
cap_read_data=True,
cap_write_data=True,
cap_host_data=True,
UG_portnum=UG_ports["ft_volume_1"],
RG_portnum=RG_ports["ft_volume_1"],
credentials_blob=observer_core.generate_slice_credentials(observer_pkey_pem,
syndicate_url,
principal_id,
"ft_volume_1",
"ft_slice_1",
None,
slice_secret,
user_pkey_pem=user_pkey_pem,
instantiate_UG=True, run_UG=True, UG_port=UG_ports["ft_volume_1"], UG_closure=None,
instantiate_RG=None, run_RG=True, RG_port=RG_ports["ft_volume_1"], RG_closure=None, RG_global_hostname="localhost",
instantiate_AG=None, run_AG=None, AG_port=0, AG_closure=None,
gateway_name_prefix="OpenCloud")
),
"ft_volume_2": observer_sync.VolumeSlice( volume_id=2,
slice_id=1,
cap_read_data=True,
cap_write_data=True,
cap_host_data=True,
UG_portnum=UG_ports["ft_volume_2"],
RG_portnum=RG_ports["ft_volume_2"],
credentials_blob=observer_core.generate_slice_credentials(observer_pkey_pem,
syndicate_url,
principal_id,
"ft_volume_2",
"ft_slice_1",
None,
slice_secret,
user_pkey_pem=user_pkey_pem,
instantiate_UG=True, run_UG=True, UG_port=UG_ports["ft_volume_2"], UG_closure=None,
instantiate_RG=None, run_RG=True, RG_port=RG_ports["ft_volume_2"], RG_closure=None, RG_global_hostname="localhost",
instantiate_AG=None, run_AG=None, AG_port=0, AG_closure=None,
gateway_name_prefix="OpenCloud")
),
"ft_volume_3": observer_sync.VolumeSlice( volume_id=3,
slice_id=1,
cap_read_data=True,
cap_write_data=False,
cap_host_data=False,
UG_portnum=UG_ports["ft_volume_3"],
RG_portnum=RG_ports["ft_volume_3"],
credentials_blob=observer_core.generate_slice_credentials(observer_pkey_pem,
syndicate_url,
principal_id,
"ft_volume_3",
"ft_slice_1",
None,
slice_secret,
user_pkey_pem=user_pkey_pem,
instantiate_UG=True, run_UG=True, UG_port=UG_ports["ft_volume_3"], UG_closure=None,
instantiate_RG=None, run_RG=True, RG_port=RG_ports["ft_volume_3"], RG_closure=None, RG_global_hostname="localhost",
instantiate_AG=None, run_AG=None, AG_port=0, AG_closure=None,
gateway_name_prefix="OpenCloud")
)
}
# re-programm observer_storage with test methods
def ft_get_slice_secret( private_key_pem, slice_name ):
logger.info("get slice secret for %s" % slice_name )
return slice_secret
def ft_get_volumeslice_volume_names( slice_name ):
logger.info("get volume names for %s" % slice_name )
return ["ft_volume_1", "ft_volume_2", "ft_volume_3"]
def ft_get_volumeslice( volume_name, slice_name ):
logger.info("get volumeslice for (%s, %s)" % (volume_name, slice_name))
return ft_volumeslice.get( volume_name, None )
observer_storage.get_slice_secret = ft_get_slice_secret
observer_storage.get_volumeslice_volume_names = ft_get_volumeslice_volume_names
observer_storage.get_volumeslice = ft_get_volumeslice
ensure_credential_server_running( run_once=True, foreground=True )
c_syndicate.crypto_shutdown()
