def _getCredential(self):
"""
Get our credential from a remote registry
"""
from sfa.server.registry import Registries
registries = Registries()
registry = registries.server_proxy(self.hrn, self.key_file,
self.cert_file)
cert_string = self.cert.save_to_string(save_parents=True)
# get self credential
self_cred = registry.GetSelfCredential(cert_string, self.hrn,
'authority')
# get credential
cred = registry.GetCredential(self_cred, self.hrn, 'authority')
return Credential(string=cred)
def __init__(self,
encoding="utf-8",
methods='sfa.methods',
config="/etc/sfa/sfa_config",
peer_cert=None,
interface=None,
key_file=None,
cert_file=None,
cache=None):
XmlrpcApi.__init__(self, encoding)
# we may be just be documenting the API
if config is None:
return
# Load configuration
self.config = Config(config)
self.credential = None
self.auth = Auth(peer_cert)
self.interface = interface
self.hrn = self.config.SFA_INTERFACE_HRN
self.key_file = key_file
self.key = Keypair(filename=self.key_file)
self.cert_file = cert_file
self.cert = Certificate(filename=self.cert_file)
self.cache = cache
if self.cache is None:
self.cache = Cache()
# load registries
from sfa.server.registry import Registries
self.registries = Registries()
# load aggregates
from sfa.server.aggregate import Aggregates
self.aggregates = Aggregates()
# filled later on by generic/Generic
self.manager = None
self._dbsession = None
def install_peer_certs(server_key_file, server_cert_file):
"""
Attempt to install missing trusted gids and db records for
our federated interfaces
"""
# Attempt to get any missing peer gids
# There should be a gid file in /etc/sfa/trusted_roots for every
# peer registry found in in the registries.xml config file. If there
# are any missing gids, request a new one from the peer registry.
api = SfaApi(key_file=server_key_file, cert_file=server_cert_file)
registries = Registries()
aggregates = Aggregates()
interfaces = dict(registries.items() + aggregates.items())
gids_current = api.auth.trusted_cert_list
hrns_current = [gid.get_hrn() for gid in gids_current]
hrns_expected = set([hrn for hrn in interfaces])
new_hrns = set(hrns_expected).difference(hrns_current)
#gids = self.get_peer_gids(new_hrns) + gids_current
peer_gids = []
if not new_hrns:
return
trusted_certs_dir = api.config.get_trustedroots_dir()
for new_hrn in new_hrns:
if not new_hrn: continue
# the gid for this interface should already be installed
if new_hrn == api.config.SFA_INTERFACE_HRN: continue
try:
# get gid from the registry
url = interfaces[new_hrn].get_url()
interface = interfaces[new_hrn].server_proxy(server_key_file,
server_cert_file,
timeout=30)
# skip non sfa aggregates
server_version = api.get_cached_server_version(interface)
if 'sfa' not in server_version:
logger.info(
"get_trusted_certs: skipping non sfa aggregate: %s" %
new_hrn)
continue
trusted_gids = ReturnValue.get_value(interface.get_trusted_certs())
if trusted_gids:
# the gid we want should be the first one in the list,
# but lets make sure
for trusted_gid in trusted_gids:
# default message
message = "interface: %s\t" % (api.interface)
message += "unable to install trusted gid for %s" % \
(new_hrn)
gid = GID(string=trusted_gid)
peer_gids.append(gid)
if gid.get_hrn() == new_hrn:
gid_filename = os.path.join(trusted_certs_dir,
'%s.gid' % new_hrn)
gid.save_to_file(gid_filename, save_parents=True)
message = "installed trusted cert for %s" % new_hrn
# log the message
api.logger.info(message)
except:
message = "interface: %s\tunable to install trusted gid for %s" % \
(api.interface, new_hrn)
api.logger.log_exc(message)
# doesnt matter witch one
update_cert_records(peer_gids)
