def __init__(self, options):
try: self.config = config = Config(options.config_file)
except:
print "failed to read config_file %s" % options.config_file
sys.exit(1)
key_path = os.path.dirname(options.config_file)
user_name = self.config.SFI_USER.split('.')[-1:][0]
key_file = key_path + os.sep + user_name + '.pkey'
cert_file = key_path + os.sep + user_name + '.cert'
self.key = Keypair(filename=key_file)
self.cert = Certificate(subject=self.config.SFI_USER)
self.cert.set_pubkey(self.key)
self.cert.set_issuer(self.key, self.config.SFI_USER)
self.cert.sign()
self.cert.save_to_file(cert_file)
SFI_AGGREGATE = config.SFI_SM.replace('12347', '12346')
SFI_CM = 'http://' + options.cm_host + ':12346'
self.registry = xmlrpc.get_server(config.SFI_REGISTRY, key_file, cert_file)
self.aggregate = xmlrpc.get_server(SFI_AGGREGATE, key_file, cert_file)
self.sm = xmlrpc.get_server(config.SFI_SM, key_file, cert_file)
self.cm = xmlrpc.get_server(SFI_CM, key_file, cert_file)
self.hrn = config.SFI_USER
# XX defaulting to user, but this should be configurable so we can
# test from components persepctive
self.type = 'user'
self.credential = self.get_credential(self.hrn)
def set_servers(self):
self.read_config()
# Get key and certificate
key_file = self.get_key_file()
cert_file = self.get_cert_file(key_file)
self.key = Keypair(filename=key_file)
self.key_file = key_file
self.cert_file = cert_file
self.cert = GID(filename=cert_file)
self.logger.info("Contacting Registry at: %s"%self.reg_url)
self.registry = xmlrpcprotocol.get_server(self.reg_url, key_file, cert_file, timeout=self.options.timeout, verbose=self.options.debug)
self.logger.info("Contacting Slice Manager at: %s"%self.sm_url)
self.slicemgr = xmlrpcprotocol.get_server(self.sm_url, key_file, cert_file, timeout=self.options.timeout, verbose=self.options.debug)
return
def get_cert_file(self, key_file):
cert_file = os.path.join(self.options.sfi_dir, self.user.replace(self.authority + '.', '') + ".cert")
if (os.path.isfile(cert_file)):
# we'd perfer to use Registry issued certs instead of self signed certs.
# if this is a Registry cert (GID) then we are done
gid = GID(filename=cert_file)
if gid.get_urn():
return cert_file
# generate self signed certificate
k = Keypair(filename=key_file)
cert = Certificate(subject=self.user)
cert.set_pubkey(k)
cert.set_issuer(k, self.user)
cert.sign()
self.logger.info("Writing self-signed certificate to %s"%cert_file)
cert.save_to_file(cert_file)
self.cert = cert
# try to get registry issued cert
try:
self.logger.info("Getting Registry issued cert")
self.read_config()
# *hack. need to set registyr before _get_gid() is called
self.registry = xmlrpcprotocol.get_server(self.reg_url, key_file, cert_file, timeout=self.options.timeout, verbose=self.options.debug)
gid = self._get_gid(type='user')
self.registry = None
self.logger.info("Writing certificate to %s"%cert_file)
gid.save_to_file(cert_file)
except:
self.logger.info("Failed to download Registry issued cert")
return cert_file
def main():
config = Config()
if not config.SFA_REGISTRY_ENABLED:
sys.exit(0)
# Get the path to the sfa server key/cert files from
# the sfa hierarchy object
sfa_hierarchy = Hierarchy()
sfa_key_path = sfa_hierarchy.basedir
key_file = os.path.join(sfa_key_path, "server.key")
cert_file = os.path.join(sfa_key_path, "server.cert")
key = Keypair(filename=key_file)
# get a connection to our local sfa registry
# and a valid credential
authority = config.SFA_INTERFACE_HRN
url = 'http://%s:%s/' %(config.SFA_REGISTRY_HOST, config.SFA_REGISTRY_PORT)
registry = xmlrpcprotocol.get_server(url, key_file, cert_file)
sfa_api = SfaAPI(key_file = key_file, cert_file = cert_file, interface='registry')
credential = sfa_api.getCredential()
# get peer registries
registries = Registries(sfa_api)
tree = prefixTree()
tree.load(registries.keys())
# get local peer records
table = SfaTable()
peer_records = table.find({'~peer_authority': None})
found_records = []
hrn_dict = {}
for record in peer_records:
registry_hrn = tree.best_match(record['hrn'])
if registry_hrn not in hrn_dict:
hrn_dict[registry_hrn] = []
hrn_dict[registry_hrn].append(record['hrn'])
# attempt to resolve the record at the authoritative interface
for registry_hrn in hrn_dict:
if registry_hrn in registries:
records = []
target_hrns = hrn_dict[registry_hrn]
try:
records = registries[registry_hrn].Resolve(target_hrns, credential)
found_records.extend([record['hrn'] for record in records])
except ServerException:
# an exception will be thrown if the record doenst exist
# if so remove the record from the local registry
continue
except:
# this deosnt necessarily mean the records dont exist
# lets give them the benefit of the doubt here (for now)
found_records.extend(target_hrns)
traceback.print_exc()
# remove what wasnt found
for peer_record in peer_records:
if peer_record['hrn'] not in found_records:
registries[sfa_api.hrn].Remove(peer_record['hrn'], credential, peer_record['type'])
def get_server(self, key_file, cert_file, timeout=30):
server = None
if self.client_type == 'geniclientlight' and GeniClientLight:
server = GeniClientLight(url, self.api.key_file, self.api.cert_file)
else:
server = xmlrpcprotocol.get_server(self.get_url(), key_file, cert_file, timeout)
return server
def get_server(self, host, port, keyfile, certfile):
"""
Return an instance of an xmlrpc server connection
"""
# port is appended onto the domain, before the path. Should look like:
# http://domain:port/path
host_parts = host.split('/')
host_parts[0] = host_parts[0] + ":" + str(port)
url = "http://%s" % "/".join(host_parts)
return xmlrpcprotocol.get_server(url, keyfile, certfile, timeout=self.options.timeout, verbose=self.options.debug)
def get_server(url=None, port=None, keyfile=None, certfile=None,verbose=False):
"""
returns an xmlrpc connection to the service a the specified
address
"""
if url:
url_parts = url.split(":")
if len(url_parts) >1:
pass
else:
url = "http://%(url)s:%(port)s" % locals()
else:
# connect to registry by default
config = Config()
addr, port = config.SFA_REGISTRY_HOST, config.SFA_REGISTRY_PORT
url = "http://%(addr)s:%(port)s" % locals()
if verbose:
print "Contacting registry at: %(url)s" % locals()
server = xmlrpcprotocol.get_server(url, keyfile, certfile)
return server
def get_version(self):
if self.probed:
return self._version
# dummy to meet Sfi's expectations for its 'options' field
class DummyOptions:
pass
options=DummyOptions()
options.verbose=False
options.timeout=10
try:
client=Sfi(options)
client.read_config()
key_file = client.get_key_file()
cert_file = client.get_cert_file(key_file)
url=self.url()
logger.info('issuing get version at %s'%url)
logger.debug("GetVersion, using timeout=%d"%options.timeout)
server=xmlrpcprotocol.get_server(url, key_file, cert_file, timeout=options.timeout, verbose=options.verbose)
self._version=server.GetVersion()
except:
self._version={}
self.probed=True
return self._version
def get_registry(self):
addr, port = self.config.SFA_REGISTRY_HOST, self.config.SFA_REGISTRY_PORT
url = "http://%(addr)s:%(port)s" % locals()
server = xmlrpcprotocol.get_server(url, self.key_file, self.cert_file)
return server