def run(self, options=None): if not self.config.SFA_REGISTRY_ENABLED: self.logger.critical( "Importer: need SFA_REGISTRY_ENABLED to run import") # testbed-neutral : create local certificates and the like auth_hierarchy = Hierarchy() self.create_top_level_auth_records(self.config.SFA_INTERFACE_HRN) self.create_interface_records() # testbed-specific testbed_importer = None generic = Generic.the_flavour() importer_class = generic.importer_class() if importer_class: begin_time = datetime.now() self.logger.info ("Starting import on %s, using class %s from flavour %s"%\ (begin_time,importer_class.__name__,generic.flavour)) testbed_importer = importer_class(auth_hierarchy, self.logger) if testbed_importer: testbed_importer.add_options(options) testbed_importer.run(options) end_time = datetime.now() duration = end_time - begin_time self.logger.info("Import took %s" % duration)
def import_slice_to_registry(self, slicename): ''' Method to import a slice created in the testbed to the SFA Registry :param slicename: name of the node being imported :type string ''' auth_hierarchy = Hierarchy() clab_importer = ClabImporter(auth_hierarchy, clab_logger) clab_importer.import_single_slice(slicename)
def create_default_dirs(): config = Config() hierarchy = Hierarchy() config_dir = config.config_path trusted_certs_dir = config.get_trustedroots_dir() authorities_dir = hierarchy.basedir all_dirs = [config_dir, trusted_certs_dir, authorities_dir] for dir in all_dirs: if not os.path.exists(dir): os.makedirs(dir)
def __init__(self, auth_hierarchy=None, logger=None): self.config = Config() if auth_hierarchy is not None: self.auth_hierarchy = auth_hierarchy else: self.auth_hierarchy = Hierarchy() if logger is not None: self.logger = logger else: self.logger = _SfaLogger(logfile='/var/log/sfa_import.log', loggername='importlog') self.logger.setLevelFromOptVerbose(self.config.SFA_API_LOGLEVEL) # ugly side effect so that other modules get it right import sfa.util.sfalogging sfa.util.sfalogging.logger = logger
def getDelegatedCredential(self, creds): """ Attempt to find a credential delegated to us in the specified list of creds. """ from sfa.trust.hierarchy import Hierarchy if creds and not isinstance(creds, list): creds = [creds] hierarchy = Hierarchy() delegated_cred = None for cred in creds: if hierarchy.auth_exists( Credential(cred=cred).get_gid_caller().get_hrn()): delegated_cred = cred break return delegated_cred
def server_proxy(self, interface, cred, timeout=30): """ Returns a connection to the specified interface. Use the specified credential to determine the caller and look for the caller's key/cert in the registry hierarchy cache. """ from sfa.trust.hierarchy import Hierarchy if not isinstance(cred, Credential): cred_obj = Credential(string=cred) else: cred_obj = cred caller_gid = cred_obj.get_gid_caller() hierarchy = Hierarchy() auth_info = hierarchy.get_auth_info(caller_gid.get_hrn()) key_file = auth_info.get_privkey_filename() cert_file = auth_info.get_gid_filename() server = interface.server_proxy(key_file, cert_file, timeout) return server
def GetCredential(registry=None, force=False, verbose=False): config = Config() hierarchy = Hierarchy() key_dir = hierarchy.basedir data_dir = config.data_path config_dir = config.config_path credfile = data_dir + os.sep + 'node.cred' # check for existing credential if not force and os.path.exists(credfile): if verbose: print "Loading Credential from %(credfile)s " % locals() cred = Credential(filename=credfile).save_to_string(save_parents=True) else: if verbose: print "Getting credential from registry" # make sure node private key exists node_pkey_file = config_dir + os.sep + "node.key" node_gid_file = config_dir + os.sep + "node.gid" if not os.path.exists(node_pkey_file) or \ not os.path.exists(node_gid_file): get_node_key(registry=registry, verbose=verbose) gid = GID(filename=node_gid_file) hrn = gid.get_hrn() # create server key and certificate keyfile = data_dir + os.sep + "server.key" certfile = data_dir + os.sep + "server.cert" key = Keypair(filename=node_pkey_file) key.save_to_file(keyfile) create_server_keypair(keyfile, certfile, hrn, verbose) # get credential from registry registry = server_proxy(url=registry, keyfile=keyfile, certfile=certfile) cert = Certificate(filename=certfile) cert_str = cert.save_to_string(save_parents=True) cred = registry.GetSelfCredential(cert_str, 'node', hrn) Credential(string=cred).save_to_file(credfile, save_parents=True) return cred
def export(self, xrn, type=None, outfile=None): """Fetch an object's GID from the Registry""" from sfa.storage.model import RegRecord hrn = Xrn(xrn).get_hrn() request = self.api.dbsession().query(RegRecord).filter_by(hrn=hrn) if type: request = request.filter_by(type=type) record = request.first() if record: gid = GID(string=record.gid) else: # check the authorities hierarchy hierarchy = Hierarchy() try: auth_info = hierarchy.get_auth_info(hrn) gid = auth_info.gid_object except: print "Record: %s not found" % hrn sys.exit(1) # save to file if not outfile: outfile = os.path.abspath('./%s.gid' % gid.get_hrn()) gid.save_to_file(outfile, save_parents=True)
def nuke(self, all=False, certs=False, reinit=True): """Cleanup local registry DB, plus various additional filesystem cleanups optionally""" from sfa.storage.dbschema import DBSchema from sfa.util.sfalogging import _SfaLogger logger = _SfaLogger(logfile='/var/log/sfa_import.log', loggername='importlog') logger.setLevelFromOptVerbose(self.api.config.SFA_API_LOGLEVEL) logger.info("Purging SFA records from database") dbschema = DBSchema() dbschema.nuke() # for convenience we re-create the schema here, so there's no need for an explicit # service sfa restart # however in some (upgrade) scenarios this might be wrong if reinit: logger.info("re-creating empty schema") dbschema.init_or_upgrade() # remove the server certificate and all gids found in /var/lib/sfa/authorities if certs: logger.info("Purging cached certificates") for (dir, _, files) in os.walk('/var/lib/sfa/authorities'): for file in files: if file.endswith('.gid') or file == 'server.cert': path = dir + os.sep + file os.unlink(path) # just remove all files that do not match 'server.key' or 'server.cert' if all: logger.info("Purging registry filesystem cache") preserved_files = ['server.key', 'server.cert'] for (dir, _, files) in os.walk(Hierarchy().basedir): for file in files: if file in preserved_files: continue path = dir + os.sep + file os.unlink(path)
def __init__(self, peer_cert=None, config=None): self.peer_cert = peer_cert self.hierarchy = Hierarchy() if not config: self.config = Config() self.load_trusted_certs()
from sfa.generic import Generic from sfa.util.xrn import Xrn from sfa.storage.record import Record from sfa.client.sfi import save_records_to_file from sfa.trust.hierarchy import Hierarchy from sfa.trust.gid import GID from sfa.trust.certificate import convert_public_key from sfa.client.candidates import Candidates from sfa.client.common import optparse_listvalue_callback, optparse_dictvalue_callback, terminal_render, filter_records pprinter = PrettyPrinter(indent=4) try: help_basedir = Hierarchy().basedir except: help_basedir = '*unable to locate Hierarchy().basedir' def args(*args, **kwargs): def _decorator(func): func.__dict__.setdefault('options', []).insert(0, (args, kwargs)) return func return _decorator class Commands(object): def _get_commands(self): command_names = []
def main(): # Generate command line parser parser = OptionParser(usage="sfa-start.py [options]") parser.add_option("-r", "--registry", dest="registry", action="store_true", help="run registry server", default=False) parser.add_option("-s", "--slicemgr", dest="sm", action="store_true", help="run slice manager", default=False) parser.add_option("-a", "--aggregate", dest="am", action="store_true", help="run aggregate manager", default=False) parser.add_option("-c", "--component", dest="cm", action="store_true", help="run component server", default=False) parser.add_option("-t", "--trusted-certs", dest="trusted_certs", action="store_true", help="refresh trusted certs", default=False) parser.add_option("-d", "--daemon", dest="daemon", action="store_true", help="Run as daemon.", default=False) (options, args) = parser.parse_args() config = Config() logger.setLevelFromOptVerbose(config.SFA_API_LOGLEVEL) # ge the server's key and cert hierarchy = Hierarchy() auth_info = hierarchy.get_interface_auth_info() server_key_file = auth_info.get_privkey_filename() server_cert_file = auth_info.get_gid_filename() # ensure interface cert is present in trusted roots dir trusted_roots = TrustedRoots(config.get_trustedroots_dir()) trusted_roots.add_gid(GID(filename=server_cert_file)) if (options.daemon): daemon() if options.trusted_certs: install_peer_certs(server_key_file, server_cert_file) # start registry server if (options.registry): from sfa.server.registry import Registry r = Registry("", config.SFA_REGISTRY_PORT, server_key_file, server_cert_file) r.start() if (options.am): from sfa.server.aggregate import Aggregate a = Aggregate("", config.SFA_AGGREGATE_PORT, server_key_file, server_cert_file) a.start() # start slice manager if (options.sm): from sfa.server.slicemgr import SliceMgr s = SliceMgr("", config.SFA_SM_PORT, server_key_file, server_cert_file) s.start() if (options.cm): from sfa.server.component import Component c = Component("", config.component_port, server_key_file, server_cert_file) # c = Component("", config.SFA_COMPONENT_PORT, server_key_file, server_cert_file) c.start()