def sync_volumeslice_record(vs):
"""
Synchronize a VolumeSlice record
"""
logger.info("Sync VolumeSlice for (%s, %s)" % (vs.volume_id.name, vs.slice_id.name))
# extract arguments...
principal_id = vs.slice_id.creator.email
slice_name = vs.slice_id.name
volume_name = vs.volume_id.name
syndicate_caps = observer_core.opencloud_caps_to_syndicate_caps(vs.cap_read_data, vs.cap_write_data, vs.cap_host_data)
RG_port = vs.RG_portnum
UG_port = vs.UG_portnum
slice_secret = None
gateway_name_prefix = None
config = observer_core.get_config()
try:
observer_secret = observer_core.get_syndicate_observer_secret(config.SYNDICATE_OBSERVER_SECRET)
RG_closure = config.SYNDICATE_RG_CLOSURE
observer_pkey_path = config.SYNDICATE_OBSERVER_PRIVATE_KEY
syndicate_url = config.SYNDICATE_SMI_URL
gateway_name_prefix = config.SYNDICATE_GATEWAY_NAME_PREFIX
except Exception, e:
traceback.print_exc()
logger.error("syndicatelib config is missing one or more of the following: SYNDICATE_OBSERVER_SECRET, SYNDICATE_RG_CLOSURE, SYNDICATE_OBSERVER_PRIVATE_KEY, SYNDICATE_SMI_URL")
raise e
def sync_volumeslice_record(vs):
"""
Synchronize a VolumeSlice record
"""
logger.info("Sync VolumeSlice for (%s, %s)" %
(vs.volume_id.name, vs.slice_id.name))
# extract arguments...
principal_id = vs.slice_id.creator.email
slice_name = vs.slice_id.name
volume_name = vs.volume_id.name
syndicate_caps = observer_core.opencloud_caps_to_syndicate_caps(
vs.cap_read_data, vs.cap_write_data, vs.cap_host_data)
RG_port = vs.RG_portnum
UG_port = vs.UG_portnum
slice_secret = None
gateway_name_prefix = None
config = observer_core.get_config()
try:
observer_secret = observer_core.get_syndicate_observer_secret(
config.SYNDICATE_OBSERVER_SECRET)
RG_closure = config.SYNDICATE_RG_CLOSURE
observer_pkey_path = config.SYNDICATE_OBSERVER_PRIVATE_KEY
syndicate_url = config.SYNDICATE_SMI_URL
gateway_name_prefix = config.SYNDICATE_GATEWAY_NAME_PREFIX
except Exception, e:
traceback.print_exc()
logger.error(
"syndicatelib config is missing one or more of the following: SYNDICATE_OBSERVER_SECRET, SYNDICATE_RG_CLOSURE, SYNDICATE_OBSERVER_PRIVATE_KEY, SYNDICATE_SMI_URL"
)
raise e
def pre_save( self, model_inst, add ):
"""
Encrypt the value with the Observer key
"""
import syndicate.observer.core as syndicatelib
import syndicate.observer.storage.common as observer_storage_common
# get observer private key
config = syndicatelib.get_config()
try:
observer_pkey_path = config.SYNDICATE_OBSERVER_PRIVATE_KEY
observer_pkey_pem = syndicatelib.get_observer_private_key_pem( observer_pkey_path )
except:
raise syndicatelib.SyndicateObserverError( "Internal Syndicate Observer error: failed to load Observer private key" )
slice_secret = getattr(model_inst, self.attname )
if slice_secret is not None:
# encrypt it
sealed_slice_secret = observer_storage_common.encrypt_slice_secret( observer_pkey_pem, slice_secret )
return ObserverSecretValue.serialize( sealed_slice_secret )
else:
raise syndicatelib.SyndicateObserverError( "Internal Syndicate Observer error: No slice secret generated" )
def sync_volume_record(volume):
"""
Synchronize a Volume record with Syndicate.
"""
logger.info("Sync Volume = %s\n\n" % volume.name)
principal_id = volume.owner_id.email
config = observer_core.get_config()
max_UGs = None
max_RGs = None
volume_principal_id = observer_core.make_volume_principal_id(
principal_id, volume.name)
# get the observer secret
try:
max_UGs = CONFIG.SYNDICATE_UG_QUOTA
max_RGs = CONFIG.SYNDICATE_RG_QUOTA
observer_secret = observer_core.get_syndicate_observer_secret(
config.SYNDICATE_OBSERVER_SECRET)
except Exception, e:
traceback.print_exc()
logger.error(
"config is missing SYNDICATE_OBSERVER_SECRET, SYNDICATE_UG_QUOTA, SYNDICATE_RG_QUOTA"
)
raise e
def sync_volumeaccessright_record(vac):
"""
Synchronize a volume access record
"""
syndicate_caps = "UNKNOWN" # for exception handling
# get arguments
config = observer_core.get_config()
principal_id = vac.owner_id.email
volume_name = vac.volume.name
syndicate_caps = observer_core.opencloud_caps_to_syndicate_caps(
vac.cap_read_data, vac.cap_write_data, vac.cap_host_data)
logger.info("Sync VolumeAccessRight for (%s, %s)" %
(principal_id, volume_name))
# validate config
try:
observer_secret = observer_core.get_syndicate_observer_secret(
config.SYNDICATE_OBSERVER_SECRET)
except Exception, e:
traceback.print_exc()
logger.error(
"syndicatelib config is missing SYNDICATE_RG_DEFAULT_PORT, SYNDICATE_OBSERVER_SECRET"
)
raise e
def save(self, *args, **kw):
"""
Make sure a SliceSecret exists for this slice
"""
import syndicate.observer.core as syndicatelib
# get observer private key
config = syndicatelib.get_config()
try:
observer_pkey_path = config.SYNDICATE_OBSERVER_PRIVATE_KEY
observer_pkey_pem = syndicatelib.get_observer_private_key_pem(
observer_pkey_path)
except:
raise syndicatelib.SyndicateObserverError(
"Internal Syndicate Observer error: failed to load Observer private key"
)
# get or create the slice secret
slice_secret = syndicatelib.get_or_create_slice_secret(
observer_pkey_pem, None, slice_fk=self.slice_id)
if slice_secret is None:
raise SyndicateObserverError(
"Failed to get or create slice secret for %s" %
self.slice_id.name)
super(VolumeSlice, self).save(*args, **kw)
def pre_save(self, model_inst, add):
"""
Encrypt the value with the Observer key
"""
import syndicate.observer.core as syndicatelib
import syndicate.observer.storage.common as observer_storage_common
# get observer private key
config = syndicatelib.get_config()
try:
observer_pkey_path = config.SYNDICATE_OBSERVER_PRIVATE_KEY
observer_pkey_pem = syndicatelib.get_observer_private_key_pem(
observer_pkey_path)
except:
raise syndicatelib.SyndicateObserverError(
"Internal Syndicate Observer error: failed to load Observer private key"
)
slice_secret = getattr(model_inst, self.attname)
if slice_secret is not None:
# encrypt it
sealed_slice_secret = observer_storage_common.encrypt_slice_secret(
observer_pkey_pem, slice_secret)
return ObserverSecretValue.serialize(sealed_slice_secret)
else:
raise syndicatelib.SyndicateObserverError(
"Internal Syndicate Observer error: No slice secret generated")
def delete_volume_record(volume):
"""
Delete a volume from Syndicate.
"""
logger.info("Delete Volume =%s\n\n" % volume.name)
volume_name = volume.name
config = observer_core.get_config()
# delete the Volume on Syndicate.
try:
rc = observer_core.ensure_volume_absent(volume_name)
except Exception, e:
traceback.print_exc()
logger.error("Failed to delete volume %s", volume_name)
raise e
def delete_volume_record(volume):
"""
Delete a volume from Syndicate.
"""
logger.info("Delete Volume =%s\n\n" % volume.name)
volume_name = volume.name
config = observer_core.get_config()
# delete the Volume on Syndicate.
try:
rc = observer_core.ensure_volume_absent(volume_name)
except Exception, e:
traceback.print_exc()
logger.error("Failed to delete volume %s", volume_name)
raise e
def to_python(self, secret_str):
"""
Decrypt the value with the Observer key
"""
# is this in the clear?
if not ObserverSecretValue.is_encrypted(secret_str):
# nothing to do
return secret_str
# otherwise, decrypt it
import syndicate.observer.core as syndicatelib
import syndicate.observer.storage.common as observer_storage_common
# get observer private key
config = syndicatelib.get_config()
try:
observer_pkey_path = config.SYNDICATE_OBSERVER_PRIVATE_KEY
observer_pkey_pem = syndicatelib.get_observer_private_key_pem(
observer_pkey_path)
except:
raise syndicatelib.SyndicateObserverError(
"Internal Syndicate Observer error: failed to load Observer private key"
)
# deserialize
secret_str = ObserverSecretValue.unserialize(secret_str)
# decrypt
if secret_str is not None and len(secret_str) > 0:
slice_secret = observer_storage_common.decrypt_slice_secret(
observer_pkey_pem, secret_str)
if slice_secret is not None:
return slice_secret
else:
raise syndicatelib.SyndicateObserverError(
"Internal Syndicate Observer error: failed to decrypt slice secret value"
)
else:
return None
def sync_volumeaccessright_record(vac):
"""
Synchronize a volume access record
"""
syndicate_caps = "UNKNOWN" # for exception handling
# get arguments
config = observer_core.get_config()
principal_id = vac.owner_id.email
volume_name = vac.volume.name
syndicate_caps = observer_core.opencloud_caps_to_syndicate_caps(vac.cap_read_data, vac.cap_write_data, vac.cap_host_data)
logger.info("Sync VolumeAccessRight for (%s, %s)" % (principal_id, volume_name))
# validate config
try:
observer_secret = observer_core.get_syndicate_observer_secret(config.SYNDICATE_OBSERVER_SECRET)
except Exception, e:
traceback.print_exc()
logger.error("syndicatelib config is missing SYNDICATE_RG_DEFAULT_PORT, SYNDICATE_OBSERVER_SECRET")
raise e
def sync_volume_record(volume):
"""
Synchronize a Volume record with Syndicate.
"""
logger.info("Sync Volume = %s\n\n" % volume.name)
principal_id = volume.owner_id.email
config = observer_core.get_config()
max_UGs = None
max_RGs = None
volume_principal_id = observer_core.make_volume_principal_id(principal_id, volume.name)
# get the observer secret
try:
max_UGs = CONFIG.SYNDICATE_UG_QUOTA
max_RGs = CONFIG.SYNDICATE_RG_QUOTA
observer_secret = observer_core.get_syndicate_observer_secret(config.SYNDICATE_OBSERVER_SECRET)
except Exception, e:
traceback.print_exc()
logger.error("config is missing SYNDICATE_OBSERVER_SECRET, SYNDICATE_UG_QUOTA, SYNDICATE_RG_QUOTA")
raise e
def to_python( self, secret_str ):
"""
Decrypt the value with the Observer key
"""
# is this in the clear?
if not ObserverSecretValue.is_encrypted( secret_str ):
# nothing to do
return secret_str
# otherwise, decrypt it
import syndicate.observer.core as syndicatelib
import syndicate.observer.storage.common as observer_storage_common
# get observer private key
config = syndicatelib.get_config()
try:
observer_pkey_path = config.SYNDICATE_OBSERVER_PRIVATE_KEY
observer_pkey_pem = syndicatelib.get_observer_private_key_pem( observer_pkey_path )
except:
raise syndicatelib.SyndicateObserverError( "Internal Syndicate Observer error: failed to load Observer private key" )
# deserialize
secret_str = ObserverSecretValue.unserialize( secret_str )
# decrypt
if secret_str is not None and len(secret_str) > 0:
slice_secret = observer_storage_common.decrypt_slice_secret( observer_pkey_pem, secret_str )
if slice_secret is not None:
return slice_secret
else:
raise syndicatelib.SyndicateObserverError( "Internal Syndicate Observer error: failed to decrypt slice secret value" )
else:
return None
def save(self, *args, **kw):
"""
Make sure a SliceSecret exists for this slice
"""
import syndicate.observer.core as syndicatelib
# get observer private key
config = syndicatelib.get_config()
try:
observer_pkey_path = config.SYNDICATE_OBSERVER_PRIVATE_KEY
observer_pkey_pem = syndicatelib.get_observer_private_key_pem( observer_pkey_path )
except:
raise syndicatelib.SyndicateObserverError( "Internal Syndicate Observer error: failed to load Observer private key" )
# get or create the slice secret
slice_secret = syndicatelib.get_or_create_slice_secret( observer_pkey_pem, None, slice_fk=self.slice_id )
if slice_secret is None:
raise SyndicateObserverError( "Failed to get or create slice secret for %s" % self.slice_id.name )
super(VolumeSlice, self).save(*args, **kw)
import logging
from logging import Logger
logging.basicConfig(
format='[%(levelname)s] [%(module)s:%(lineno)d] %(message)s')
logger = logging.getLogger()
logger.setLevel(logging.INFO)
import syndicate.util.storage as syndicate_storage_api
import syndicate.util.watchdog as syndicate_watchdog
import syndicate.util.daemonize as syndicate_daemon
import syndicate.util.config as modconf
import syndicate.observer.core as observer_core
import syndicate.observer.cred as observer_cred
CONFIG = observer_core.get_config()
observer_storage = observer_core.get_observer_storage()
#-------------------------------
class CredentialServerHandler(BaseHTTPServer.BaseHTTPRequestHandler):
"""
HTTP server handler that allows syndicated.py instances to poll
for volume state.
NOTE: this is a fall-back mechanism. The observer should push new
volume state to the slices' slivers. However, if that fails, the
slivers are configured to poll for volume state periodically. This
server allows them to do just that.
Responses:
from Crypto.Hash import SHA256 as HashAlg
from Crypto.PublicKey import RSA as CryptoKey
from Crypto import Random
from Crypto.Signature import PKCS1_PSS as CryptoSigner
import logging
from logging import Logger
logging.basicConfig(format='[%(levelname)s] [%(module)s:%(lineno)d] %(message)s')
logger = logging.getLogger()
logger.setLevel(logging.INFO)
import syndicate.observer.core as observer_core
import syndicate.observer.cred as observer_cred
import syndicate.observer.push as observer_push
CONFIG = observer_core.get_config()
# objects expected by these methods
SyndicatePrincipal = namedtuple("SyndicatePrincipal", ["principal_id", "public_key_pem", "sealed_private_key"])
Volume = namedtuple("Volume", ["name", "owner_id", "description", "blocksize", "private", "archive", "cap_read_data", "cap_write_data", "cap_host_data", "slice_id"])
VolumeAccessRight = namedtuple("VolumeAccessRight", ["owner_id", "volume", "cap_read_data", "cap_write_data", "cap_host_data"])
SliceSecret = namedtuple("SliceSecret", ["slice_id", "secret"])
VolumeSlice = namedtuple("VolumeSlice", ["volume_id", "slice_id", "cap_read_data", "cap_write_data", "cap_host_data", "UG_portnum", "RG_portnum", "credentials_blob"])
#-------------------------------
def sync_volume_record(volume):
"""
Synchronize a Volume record with Syndicate.
"""
logger.info("Sync Volume = %s\n\n" % volume.name)