def __get_registry_objects(slice_xrn, creds, users): """ """ hrn, type = urn_to_hrn(slice_xrn) hrn_auth = get_authority(hrn) # Build up objects that an SFA registry would return if SFA # could contact the slice's registry directly reg_objects = None if users: # dont allow special characters in the site login base #only_alphanumeric = re.compile('[^a-zA-Z0-9]+') #login_base = only_alphanumeric.sub('', hrn_auth[:20]).lower() slicename = hrn_to_pl_slicename(hrn) login_base = slicename.split('_')[0] reg_objects = {} site = {} site['site_id'] = 0 site['name'] = 'geni.%s' % login_base site['enabled'] = True site['max_slices'] = 100 # Note: # Is it okay if this login base is the same as one already at this myplc site? # Do we need uniqueness? Should use hrn_auth instead of just the leaf perhaps? site['login_base'] = login_base site['abbreviated_name'] = login_base site['max_slivers'] = 1000 reg_objects['site'] = site slice = {} # get_expiration always returns a normalized datetime - no need to utcparse extime = Credential(string=creds[0]).get_expiration() # If the expiration time is > 60 days from now, set the expiration time to 60 days from now if extime > datetime.datetime.utcnow() + datetime.timedelta(days=60): extime = datetime.datetime.utcnow() + datetime.timedelta(days=60) slice['expires'] = int(time.mktime(extime.timetuple())) slice['hrn'] = hrn slice['name'] = hrn_to_pl_slicename(hrn) slice['url'] = hrn slice['description'] = hrn slice['pointer'] = 0 reg_objects['slice_record'] = slice reg_objects['users'] = {} for user in users: user['key_ids'] = [] hrn, _ = urn_to_hrn(user['urn']) user['email'] = hrn_to_pl_slicename(hrn) + "@geni.net" user['first_name'] = hrn user['last_name'] = hrn reg_objects['users'][user['email']] = user return reg_objects
def verify_slice(self, slice_hrn, slice_record, peer, sfa_peer): slicename = hrn_to_pl_slicename(slice_hrn) parts = slicename.split("_") login_base = parts[0] slices = self.api.plshell.GetSlices(self.api.plauth, [slicename]) if not slices: slice = {'name': slicename, 'url': slice_record.get('url', slice_hrn), 'description': slice_record.get('description', slice_hrn)} # add the slice slice['slice_id'] = self.api.plshell.AddSlice(self.api.plauth, slice) slice['node_ids'] = [] slice['person_ids'] = [] if peer: slice['peer_slice_id'] = slice_record.get('slice_id', None) # mark this slice as an sfa peer record if sfa_peer: peer_dict = {'type': 'slice', 'hrn': slice_hrn, 'peer_authority': sfa_peer, 'pointer': slice['slice_id']} self.registry.register_peer_object(self.credential, peer_dict) else: slice = slices[0] if peer: slice['peer_slice_id'] = slice_record.get('slice_id', None) # unbind from peer so we can modify if necessary. Will bind back later self.api.plshell.UnBindObjectFromPeer(self.api.plauth, 'slice',\ slice['slice_id'], peer['shortname']) #Update existing record (e.g. expires field) it with the latest info. if slice_record and slice['expires'] != slice_record['expires']: self.api.plshell.UpdateSlice(self.api.plauth, slice['slice_id'],\ {'expires' : slice_record['expires']}) return slice
def DeleteSliver(api, xrn, creds, call_id): if Callids().already_handled(call_id): return "" (hrn, type) = urn_to_hrn(xrn) slicename = hrn_to_pl_slicename(hrn) slices = api.plshell.GetSlices(api.plauth, {'name': slicename}) if not slices: return 1 slice = slices[0] api.plshell.DeleteSliceFromNodes(api.plauth, slicename, slice['node_ids']) return 1
def get_slice(self, api, hrn): """ Return a Slice object for a single slice """ slicename = hrn_to_pl_slicename(hrn) slice = api.plshell.GetSlices(api.plauth, [slicename]) if len(slice): self.slice = Slice(self, slicename, slice[0]) return self.slice else: return None
def start_slice(api, xrn, creds): hrn, type = urn_to_hrn(xrn) slicename = hrn_to_pl_slicename(hrn) slices = api.plshell.GetSlices(api.plauth, {'name': slicename}, ['slice_id']) if not slices: raise RecordNotFound(hrn) slice_id = slices[0]['slice_id'] slice_tags = api.plshell.GetSliceTags(api.plauth, {'slice_id': slice_id, 'tagname': 'enabled'}, ['slice_tag_id']) # just remove the tag if it exists if slice_tags: api.plshell.DeleteSliceTag(api.plauth, slice_tags[0]['slice_tag_id']) return 1
def SliverStatus(api, slice_xrn, creds, call_id): if Callids().already_handled(call_id): return {} (hrn, type) = urn_to_hrn(slice_xrn) # find out where this slice is currently running slicename = hrn_to_pl_slicename(hrn) slices = api.plshell.GetSlices(api.plauth, [slicename], ['slice_id', 'node_ids','person_ids','name','expires']) if len(slices) == 0: raise Exception("Slice %s not found (used %s as slicename internally)" % (slice_xrn, slicename)) slice = slices[0] # report about the local nodes only nodes = api.plshell.GetNodes(api.plauth, {'node_id':slice['node_ids'],'peer_id':None}, ['node_id', 'hostname', 'site_id', 'boot_state', 'last_contact']) site_ids = [node['site_id'] for node in nodes] sites = api.plshell.GetSites(api.plauth, site_ids, ['site_id', 'login_base']) sites_dict = dict ( [ (site['site_id'],site['login_base'] ) for site in sites ] ) result = {} top_level_status = 'unknown' if nodes: top_level_status = 'ready' slice_urn = Xrn(slice_xrn, 'slice').get_urn() result['geni_urn'] = slice_urn result['pl_login'] = slice['name'] result['pl_expires'] = datetime.datetime.fromtimestamp(slice['expires']).ctime() resources = [] for node in nodes: res = {} res['pl_hostname'] = node['hostname'] res['pl_boot_state'] = node['boot_state'] res['pl_last_contact'] = node['last_contact'] if node['last_contact'] is not None: res['pl_last_contact'] = datetime.datetime.fromtimestamp(node['last_contact']).ctime() sliver_id = urn_to_sliver_id(slice_urn, slice['slice_id'], node['node_id']) res['geni_urn'] = sliver_id if node['boot_state'] == 'boot': res['geni_status'] = 'ready' else: res['geni_status'] = 'failed' top_level_staus = 'failed' res['geni_error'] = '' resources.append(res) result['geni_status'] = top_level_status result['geni_resources'] = resources return result
def stop_slice(api, xrn, creds): hrn, type = urn_to_hrn(xrn) slicename = hrn_to_pl_slicename(hrn) slices = api.plshell.GetSlices(api.plauth, {'name': slicename}, ['slice_id']) if not slices: raise RecordNotFound(hrn) slice_id = slices[0]['slice_id'] slice_tags = api.plshell.GetSliceTags(api.plauth, {'slice_id': slice_id, 'tagname': 'enabled'}) if not slice_tags: api.plshell.AddSliceTag(api.plauth, slice_id, 'enabled', '0') elif slice_tags[0]['value'] != "0": tag_id = attributes[0]['slice_tag_id'] api.plshell.UpdateSliceTag(api.plauth, tag_id, '0') return 1
def RenewSliver(api, xrn, creds, expiration_time, call_id): if Callids().already_handled(call_id): return True (hrn, type) = urn_to_hrn(xrn) slicename = hrn_to_pl_slicename(hrn) slices = api.plshell.GetSlices(api.plauth, {'name': slicename}, ['slice_id']) if not slices: raise RecordNotFound(hrn) slice = slices[0] requested_time = utcparse(expiration_time) record = {'expires': int(time.mktime(requested_time.timetuple()))} try: api.plshell.UpdateSlice(api.plauth, slice['slice_id'], record) return True except: return False
def sfa_fields_to_pl_fields(self, type, hrn, record): def convert_ints(tmpdict, int_fields): for field in int_fields: if field in tmpdict: tmpdict[field] = int(tmpdict[field]) pl_record = {} #for field in record: # pl_record[field] = record[field] if type == "slice": if not "instantiation" in pl_record: pl_record["instantiation"] = "plc-instantiated" pl_record["name"] = hrn_to_pl_slicename(hrn) if "url" in record: pl_record["url"] = record["url"] if "description" in record: pl_record["description"] = record["description"] if "expires" in record: pl_record["expires"] = int(record["expires"]) elif type == "node": if not "hostname" in pl_record: if not "hostname" in record: raise MissingSfaInfo("hostname") pl_record["hostname"] = record["hostname"] if not "model" in pl_record: pl_record["model"] = "geni" elif type == "authority": pl_record["login_base"] = hrn_to_pl_login_base(hrn) if not "name" in pl_record: pl_record["name"] = hrn if not "abbreviated_name" in pl_record: pl_record["abbreviated_name"] = hrn if not "enabled" in pl_record: pl_record["enabled"] = True if not "is_public" in pl_record: pl_record["is_public"] = True return pl_record
def DeleteSliver(api, xrn, creds, call_id): if Callids().already_handled(call_id): return "" (hrn, type) = urn_to_hrn(xrn) slicename = hrn_to_pl_slicename(hrn) slices = api.plshell.GetSlices(api.plauth, {'name': slicename}) if not slices: return 1 slice = slices[0] # determine if this is a peer slice peer = peers.get_peer(api, hrn) try: if peer: api.plshell.UnBindObjectFromPeer(api.plauth, 'slice', slice['slice_id'], peer) api.plshell.DeleteSliceFromNodes(api.plauth, slicename, slice['node_ids']) finally: if peer: api.plshell.BindObjectToPeer(api.plauth, 'slice', slice['slice_id'], peer, slice['peer_slice_id']) return 1
def verify_site(self, slice_xrn, slice_record={}, peer=None, sfa_peer=None): (slice_hrn, type) = urn_to_hrn(slice_xrn) site_hrn = get_authority(slice_hrn) # login base can't be longer than 20 characters slicename = hrn_to_pl_slicename(slice_hrn) authority_name = slicename.split('_')[0] login_base = authority_name[:20] sites = self.api.plshell.GetSites(self.api.plauth, login_base) if not sites: # create new site record site = {'name': 'geni.%s' % authority_name, 'abbreviated_name': authority_name, 'login_base': login_base, 'max_slices': 100, 'max_slivers': 1000, 'enabled': True, 'peer_site_id': None} if peer: site['peer_site_id'] = slice_record.get('site_id', None) site['site_id'] = self.api.plshell.AddSite(self.api.plauth, site) # exempt federated sites from monitor policies self.api.plshell.AddSiteTag(self.api.plauth, site['site_id'], 'exempt_site_until', "20200101") # is this still necessary? # add record to the local registry if sfa_peer and slice_record: peer_dict = {'type': 'authority', 'hrn': site_hrn, \ 'peer_authority': sfa_peer, 'pointer': site['site_id']} self.registry.register_peer_object(self.credential, peer_dict) else: site = sites[0] if peer: # unbind from peer so we can modify if necessary. Will bind back later self.api.plshell.UnBindObjectFromPeer(self.api.plauth, 'site', site['site_id'], peer['shortname']) return site
def create_slice_aggregate(self, xrn, rspec): hrn, type = urn_to_hrn(xrn) # Determine if this is a peer slice peer = self.get_peer(hrn) sfa_peer = self.get_sfa_peer(hrn) spec = RSpec(rspec) # Get the slice record from sfa slicename = hrn_to_pl_slicename(hrn) slice = {} slice_record = None registry = self.api.registries[self.api.hrn] credential = self.api.getCredential() site_id, remote_site_id = self.verify_site(registry, credential, hrn, peer, sfa_peer) slice = self.verify_slice(registry, credential, hrn, site_id, remote_site_id, peer, sfa_peer) # find out where this slice is currently running nodelist = self.api.plshell.GetNodes(self.api.plauth, slice['node_ids'], ['hostname']) hostnames = [node['hostname'] for node in nodelist] # get netspec details nodespecs = spec.getDictsByTagName('NodeSpec') # dict in which to store slice attributes to set for the nodes nodes = {} for nodespec in nodespecs: if isinstance(nodespec['name'], list): for nodename in nodespec['name']: nodes[nodename] = {} for k in nodespec.keys(): rspec_attribute_value = nodespec[k] if (self.rspec_to_slice_tag.has_key(k)): slice_tag_name = self.rspec_to_slice_tag[k] nodes[nodename][slice_tag_name] = rspec_attribute_value elif isinstance(nodespec['name'], StringTypes): nodename = nodespec['name'] nodes[nodename] = {} for k in nodespec.keys(): rspec_attribute_value = nodespec[k] if (self.rspec_to_slice_tag.has_key(k)): slice_tag_name = self.rspec_to_slice_tag[k] nodes[nodename][slice_tag_name] = rspec_attribute_value for k in nodespec.keys(): rspec_attribute_value = nodespec[k] if (self.rspec_to_slice_tag.has_key(k)): slice_tag_name = self.rspec_to_slice_tag[k] nodes[nodename][slice_tag_name] = rspec_attribute_value node_names = nodes.keys() # remove nodes not in rspec deleted_nodes = list(set(hostnames).difference(node_names)) # add nodes from rspec added_nodes = list(set(node_names).difference(hostnames)) try: if peer: self.api.plshell.UnBindObjectFromPeer(self.api.plauth, 'slice', slice['slice_id'], peer) self.api.plshell.AddSliceToNodes(self.api.plauth, slicename, added_nodes) # Add recognized slice tags for node_name in node_names: node = nodes[node_name] for slice_tag in node.keys(): value = node[slice_tag] if (isinstance(value, list)): value = value[0] self.api.plshell.AddSliceTag(self.api.plauth, slicename, slice_tag, value, node_name) self.api.plshell.DeleteSliceFromNodes(self.api.plauth, slicename, deleted_nodes) finally: if peer: self.api.plshell.BindObjectToPeer(self.api.plauth, 'slice', slice['slice_id'], peer, slice['peer_slice_id']) return 1
def get_slivers(self, xrn, node=None): hrn, type = urn_to_hrn(xrn) slice_name = hrn_to_pl_slicename(hrn) # XX Should we just call PLCAPI.GetSliceTicket(slice_name) instead # of doing all of this? #return self.api.GetSliceTicket(self.auth, slice_name) # from PLCAPI.GetSlivers.get_slivers() slice_fields = ['slice_id', 'name', 'instantiation', 'expires', 'person_ids', 'slice_tag_ids'] slices = self.api.plshell.GetSlices(self.api.plauth, slice_name, slice_fields) # Build up list of users and slice attributes person_ids = set() all_slice_tag_ids = set() for slice in slices: person_ids.update(slice['person_ids']) all_slice_tag_ids.update(slice['slice_tag_ids']) person_ids = list(person_ids) all_slice_tag_ids = list(all_slice_tag_ids) # Get user information all_persons_list = self.api.plshell.GetPersons(self.api.plauth, {'person_id':person_ids,'enabled':True}, ['person_id', 'enabled', 'key_ids']) all_persons = {} for person in all_persons_list: all_persons[person['person_id']] = person # Build up list of keys key_ids = set() for person in all_persons.values(): key_ids.update(person['key_ids']) key_ids = list(key_ids) # Get user account keys all_keys_list = self.api.plshell.GetKeys(self.api.plauth, key_ids, ['key_id', 'key', 'key_type']) all_keys = {} for key in all_keys_list: all_keys[key['key_id']] = key # Get slice attributes all_slice_tags_list = self.api.plshell.GetSliceTags(self.api.plauth, all_slice_tag_ids) all_slice_tags = {} for slice_tag in all_slice_tags_list: all_slice_tags[slice_tag['slice_tag_id']] = slice_tag slivers = [] for slice in slices: keys = [] for person_id in slice['person_ids']: if person_id in all_persons: person = all_persons[person_id] if not person['enabled']: continue for key_id in person['key_ids']: if key_id in all_keys: key = all_keys[key_id] keys += [{'key_type': key['key_type'], 'key': key['key']}] attributes = [] # All (per-node and global) attributes for this slice slice_tags = [] for slice_tag_id in slice['slice_tag_ids']: if slice_tag_id in all_slice_tags: slice_tags.append(all_slice_tags[slice_tag_id]) # Per-node sliver attributes take precedence over global # slice attributes, so set them first. # Then comes nodegroup slice attributes # Followed by global slice attributes sliver_attributes = [] if node is not None: for sliver_attribute in filter(lambda a: a['node_id'] == node['node_id'], slice_tags): sliver_attributes.append(sliver_attribute['tagname']) attributes.append({'tagname': sliver_attribute['tagname'], 'value': sliver_attribute['value']}) # set nodegroup slice attributes for slice_tag in filter(lambda a: a['nodegroup_id'] in node['nodegroup_ids'], slice_tags): # Do not set any nodegroup slice attributes for # which there is at least one sliver attribute # already set. if slice_tag not in slice_tags: attributes.append({'tagname': slice_tag['tagname'], 'value': slice_tag['value']}) for slice_tag in filter(lambda a: a['node_id'] is None, slice_tags): # Do not set any global slice attributes for # which there is at least one sliver attribute # already set. if slice_tag['tagname'] not in sliver_attributes: attributes.append({'tagname': slice_tag['tagname'], 'value': slice_tag['value']}) # XXX Sanity check; though technically this should be a system invariant # checked with an assertion if slice['expires'] > MAXINT: slice['expires']= MAXINT slivers.append({ 'hrn': hrn, 'name': slice['name'], 'slice_id': slice['slice_id'], 'instantiation': slice['instantiation'], 'expires': slice['expires'], 'keys': keys, 'attributes': attributes }) return slivers
def get_gids(registry=None, verbose=False): """ Get the gid for all instantiated slices on this node and store it in /etc/sfa/slice.gid in the slice's filesystem """ # define useful variables config = Config() data_dir = config.data_path config_dir = config.SFA_CONFIG_DIR trusted_certs_dir = config.get_trustedroots_dir() keyfile = data_dir + os.sep + "server.key" certfile = data_dir + os.sep + "server.cert" node_gid_file = config_dir + os.sep + "node.gid" node_gid = GID(filename=node_gid_file) hrn = node_gid.get_hrn() interface_hrn = config.SFA_INTERFACE_HRN # get credential cred = get_credential(registry=registry, verbose=verbose) # make sure server key cert pair exists create_server_keypair(keyfile=keyfile, certfile=certfile, hrn=hrn, verbose=verbose) registry = get_server(url=registry, keyfile=keyfile, certfile=certfile) if verbose: print "Getting current slices on this node" # get a list of slices on this node from sfa.plc.api import ComponentAPI api = ComponentAPI() xids_tuple = api.nodemanager.GetXIDs() slices = eval(xids_tuple[1]) slicenames = slices.keys() # generate a list of slices that dont have gids installed slices_without_gids = [] for slicename in slicenames: if not os.path.isfile("/vservers/%s/etc/slice.gid" % slicename) \ or not os.path.isfile("/vservers/%s/etc/node.gid" % slicename): slices_without_gids.append(slicename) # convert slicenames to hrns hrns = [slicename_to_hrn(interface_hrn, slicename) \ for slicename in slices_without_gids] # exit if there are no gids to install if not hrns: return if verbose: print "Getting gids for slices on this node from registry" # get the gids # and save them in the right palce records = registry.GetGids(hrns, cred) for record in records: # if this isnt a slice record skip it if not record['type'] == 'slice': continue slicename = hrn_to_pl_slicename(record['hrn']) # if this slice isnt really instatiated skip it if not os.path.exists("/vservers/%(slicename)s" % locals()): continue # save the slice gid in /etc/sfa/ in the vservers filesystem vserver_path = "/vservers/%(slicename)s" % locals() gid = record['gid'] slice_gid_filename = os.sep.join([vserver_path, "etc", "slice.gid"]) if verbose: print "Saving GID for %(slicename)s as %(slice_gid_filename)s" % locals() GID(string=gid).save_to_file(slice_gid_filename, save_parents=True) # save the node gid in /etc/sfa node_gid_filename = os.sep.join([vserver_path, "etc", "node.gid"]) if verbose: print "Saving node GID for %(slicename)s as %(node_gid_filename)s" % locals() node_gid.save_to_file(node_gid_filename, save_parents=True)
def main(): process_options() config = Config() if not config.SFA_REGISTRY_ENABLED: sys.exit(0) root_auth = config.SFA_REGISTRY_ROOT_AUTH interface_hrn = config.SFA_INTERFACE_HRN keys_filename = config.config_path + os.sep + 'person_keys.py' sfaImporter = sfaImport() if config.SFA_API_DEBUG: sfaImporter.logger.setLevelDebug() shell = sfaImporter.shell plc_auth = sfaImporter.plc_auth # initialize registry db table table = SfaTable() if not table.exists(): table.create() # create root authority sfaImporter.create_top_level_auth_records(root_auth) if not root_auth == interface_hrn: sfaImporter.create_top_level_auth_records(interface_hrn) # create s user record for the slice manager sfaImporter.create_sm_client_record() # create interface records sfaImporter.logger.info("Import: creating interface records") sfaImporter.create_interface_records() # add local root authority's cert to trusted list sfaImporter.logger.info("Import: adding " + interface_hrn + " to trusted list") authority = sfaImporter.AuthHierarchy.get_auth_info(interface_hrn) sfaImporter.TrustedRoots.add_gid(authority.get_gid_object()) # special case for vini if ".vini" in interface_hrn and interface_hrn.endswith('vini'): # create a fake internet2 site first i2site = {'name': 'Internet2', 'abbreviated_name': 'I2', 'login_base': 'internet2', 'site_id': -1} sfaImporter.import_site(interface_hrn, i2site) # create dict of all existing sfa records existing_records = {} existing_hrns = [] key_ids = [] person_keys = {} results = table.find() for result in results: existing_records[(result['hrn'], result['type'])] = result existing_hrns.append(result['hrn']) # Get all plc sites sites = shell.GetSites(plc_auth, {'peer_id': None}) sites_dict = {} for site in sites: sites_dict[site['login_base']] = site # Get all plc users persons = shell.GetPersons(plc_auth, {'peer_id': None, 'enabled': True}, ['person_id', 'email', 'key_ids', 'site_ids']) persons_dict = {} for person in persons: persons_dict[person['person_id']] = person key_ids.extend(person['key_ids']) # Get all public keys keys = shell.GetKeys(plc_auth, {'peer_id': None, 'key_id': key_ids}) keys_dict = {} for key in keys: keys_dict[key['key_id']] = key['key'] # create a dict of person keys keyed on key_id old_person_keys = load_keys(keys_filename) for person in persons: pubkeys = [] for key_id in person['key_ids']: pubkeys.append(keys_dict[key_id]) person_keys[person['person_id']] = pubkeys # Get all plc nodes nodes = shell.GetNodes(plc_auth, {'peer_id': None}, ['node_id', 'hostname', 'site_id']) nodes_dict = {} for node in nodes: nodes_dict[node['node_id']] = node # Get all plc slices slices = shell.GetSlices(plc_auth, {'peer_id': None}, ['slice_id', 'name']) slices_dict = {} for slice in slices: slices_dict[slice['slice_id']] = slice # start importing for site in sites: site_hrn = _get_site_hrn(interface_hrn, site) sfaImporter.logger.info("Importing site: %s" % site_hrn) # import if hrn is not in list of existing hrns or if the hrn exists # but its not a site record if site_hrn not in existing_hrns or \ (site_hrn, 'authority') not in existing_records: sfaImporter.import_site(site_hrn, site) # import node records for node_id in site['node_ids']: if node_id not in nodes_dict: continue node = nodes_dict[node_id] site_auth = get_authority(site_hrn) site_name = get_leaf(site_hrn) hrn = hostname_to_hrn(site_auth, site_name, node['hostname']) if hrn not in existing_hrns or \ (hrn, 'node') not in existing_records: sfaImporter.import_node(hrn, node) # import slices for slice_id in site['slice_ids']: if slice_id not in slices_dict: continue slice = slices_dict[slice_id] hrn = slicename_to_hrn(interface_hrn, slice['name']) if hrn not in existing_hrns or \ (hrn, 'slice') not in existing_records: sfaImporter.import_slice(site_hrn, slice) # import persons for person_id in site['person_ids']: if person_id not in persons_dict: continue person = persons_dict[person_id] hrn = email_to_hrn(site_hrn, person['email']) old_keys = [] new_keys = [] if person_id in old_person_keys: old_keys = old_person_keys[person_id] if person_id in person_keys: new_keys = person_keys[person_id] update_record = False for key in new_keys: if key not in old_keys: update_record = True if hrn not in existing_hrns or \ (hrn, 'user') not in existing_records or update_record: sfaImporter.import_person(site_hrn, person) # remove stale records system_records = [interface_hrn, root_auth, interface_hrn + '.slicemanager'] for (record_hrn, type) in existing_records.keys(): if record_hrn in system_records: continue record = existing_records[(record_hrn, type)] if record['peer_authority']: continue # dont delete vini's internet2 placeholdder record # normally this would be deleted becuase it does not have a plc record if ".vini" in interface_hrn and interface_hrn.endswith('vini') and \ record_hrn.endswith("internet2"): continue found = False if type == 'authority': for site in sites: site_hrn = interface_hrn + "." + site['login_base'] if site_hrn == record_hrn and site['site_id'] == record['pointer']: found = True break elif type == 'user': login_base = get_leaf(get_authority(record_hrn)) username = get_leaf(record_hrn) if login_base in sites_dict: site = sites_dict[login_base] for person in persons: tmp_username = person['email'].split("@")[0] alt_username = person['email'].split("@")[0].replace(".", "_").replace("+", "_") if username in [tmp_username, alt_username] and \ site['site_id'] in person['site_ids'] and \ person['person_id'] == record['pointer']: found = True break elif type == 'slice': slicename = hrn_to_pl_slicename(record_hrn) for slice in slices: if slicename == slice['name'] and \ slice['slice_id'] == record['pointer']: found = True break elif type == 'node': login_base = get_leaf(get_authority(record_hrn)) nodename = Xrn.unescape(get_leaf(record_hrn)) if login_base in sites_dict: site = sites_dict[login_base] for node in nodes: tmp_nodename = node['hostname'] if tmp_nodename == nodename and \ node['site_id'] == site['site_id'] and \ node['node_id'] == record['pointer']: found = True break else: continue if not found: record_object = existing_records[(record_hrn, type)] sfaImporter.delete_record(record_hrn, type) # save pub keys sfaImporter.logger.info('Import: saving current pub keys') save_keys(keys_filename, person_keys)