source: fedd/fedd_allocate_project.py @ 3925b50

#!/usr/local/bin/python

import os,sys

from BaseHTTPServer import BaseHTTPRequestHandler
from ZSI import *
from M2Crypto import SSL
from M2Crypto.m2xmlrpclib import SSL_Transport
from M2Crypto.SSL.SSLServer import SSLServer
import M2Crypto.httpslib
import xmlrpclib

import re
import random
import string
import subprocess
import tempfile

from fedd_services import *
from fedd_internal_services import *
from fedd_util import *
import parse_detail
from service_error import *
import logging


# Configure loggers to dump to /dev/null which avoids errors if calling classes
# don't configure them.
class nullHandler(logging.Handler):
    def emit(self, record): pass

fl = logging.getLogger("fedd.allocate.local")
fl.addHandler(nullHandler())
fl = logging.getLogger("fedd.allocate.remote")
fl.addHandler(nullHandler())

class fedd_allocate_project_local:
    """
    Allocate projects on this machine in response to an access request.
    """
    def __init__(self, dp=False, url=None, certs=None):
        """
        Initializer.  Parses a configuration if one is given.
        """

        self.dynamic_projects = dp
        self.wap = '/usr/testbed/sbin/wap'
        self.newproj = '/usr/testbed/sbin/newproj'
        self.mkproj = '/usr/testbed/sbin/mkproj'
        self.grantnodetype = '/usr/testbed/sbin/grantnodetype'
        self.log = logging.getLogger("fedd.allocate.local")

        # Internal services are SOAP only
        self.soap_services = {\
                "AllocateProject": make_soap_handler(\
                AllocateProjectRequestMessage.typecode,\
                self.dynamic_project, AllocateProjectResponseMessage,\
                "AllocateProjectResponseBody")\
                }
        self.xmlrpc_services = { }

    def random_string(self, s, n=3):
        """Append n random ASCII characters to s and return the string"""
        rv = s
        for i in range(0,n):
            rv += random.choice(string.ascii_letters)
        return rv

    def write_attr_xml(self, file, root, lines):
        """
        Write an emulab config file for a dynamic project.

        Format is <root><attribute name=lines[0]>lines[1]</attribute></root>
        """
        # Convert a pair to an attribute line
        out_attr = lambda a,v : \
                '<attribute name="%s"><value>%s</value></attribute>' % (a, v)

        f = os.fdopen(file, "w")
        f.write("<%s>\n" % root)
        f.write("\n".join([out_attr(*l) for l in lines]))
        f.write("</%s>\n" % root)
        f.close()


    def dynamic_project(self, req, fedid=None):
        """
        Create a dynamic project with ssh access

        Req includes the project and resources as a dictionary
        """
        # tempfiles for the parameter files
        uf, userfile = tempfile.mkstemp(prefix="usr", suffix=".xml",
                dir="/tmp")
        pf, projfile = tempfile.mkstemp(prefix="proj", suffix=".xml",
                dir="/tmp")

        if req.has_key('AllocateProjectRequestBody') and \
                req['AllocateProjectRequestBody'].has_key('project'):
            proj = req['AllocateProjectRequestBody']['project']
        else:
            raise service_error(service_error.req, 
                    "Badly formed allocation request")
        # Take the first user and ssh key
        name = proj.get('name', None) or self.random_string("proj",4)
        user = proj.get('user', None)
        if user != None:
            user = user[0]      # User is a list, take the first entry
            if not user.has_key("userID"):
                uname = self.random_string("user", 3)
            else:
                uid = proj['userID']
                # XXX: fedid
                uname = uid.get('localname', None) or \
                        uid.get('kerberosUsername', None) or \
                        uid.get('uri', None)
                if uname == None:
                    raise fedd_proj.service_error(fedd_proj.service_error.req, 
                            "No ID for user");

            access = user.get('access', None)
            if access != None:
                ssh = access[0].get('sshPubkey', None)
                if ssh == None:
                    raise fedd_proj.service_error(fedd_proj.service_error.req, 
                            "No ssh key for user");
        else:
            raise fedd_proj.service_error(fedd_proj.service_error.req, 
                    "No access information for project");

        # uname, name and ssh are set
        user_fields = [
                ("name", "Federation User %s" % uname),
                ("email", "%s-fed@isi.deterlab.net" % uname),
                ("password", self.random_string("", 8)),
                ("login", uname),
                ("address", "4676 Admiralty"),
                ("city", "Marina del Rey"),
                ("state", "CA"),
                ("zip", "90292"),
                ("country", "USA"),
                ("phone", "310-448-9190"),
                ("title", "None"),
                ("affiliation", "USC/ISI"),
                ("pubkey", ssh)
        ]

        proj_fields = [
                ("name", name),
                ("short description", "dynamic federated project"),
                ("URL", "http://www.isi.edu/~faber"),
                ("funders", "USC/USU"),
                ("long description", "Federation access control"),
                ("public", "1"),
                ("num_pcs", "100"),
                ("linkedtous", "1"),
                ("newuser_xml", userfile)
        ]
        

        # Write out the files
        self.write_attr_xml(uf, "user", user_fields)
        self.write_attr_xml(pf, "project", proj_fields)

        # Generate the commands (only grantnodetype's are dynamic)
        cmds = [
                (self.wap, self.newproj, projfile),
                (self.wap, self.mkproj, name)
                ]

        # Add commands to grant access to any resources in the request.
        for nt in [ h for r in req.get('resources', []) \
                if r.has_key('node') and r['node'].has_key('hardware')\
                    for h in r['node']['hardware'] ] :
            cmds.append((self.wap, self.grantnodetype, '-p', name, nt))

        # Create the projects
        rc = 0
        for cmd in cmds:
            self.log.debug("[dynamic_project]: %s" % ' '.join(cmd))
            if self.dynamic_projects:
                try:
                    rc = subprocess.call(cmd)
                except OSerror, e:
                    raise fedd_proj.service_error(\
                            fedd_proj.service_error.internal,
                            "Dynamic project subprocess creation error "+ \
                                    "[%s] (%s)" %  (cmd[1], e.strerror))

            if rc != 0: 
                raise fedd_proj.service_error(\
                        fedd_proj.service_error.internal,
                        "Dynamic project subprocess error " +\
                                "[%s] (%d)" % (cmd[1], rc))
        # Clean up tempfiles
        os.unlink(userfile)
        os.unlink(projfile)
        rv = {\
            'project': {\
                'name': { 'localname': name }, 
                'user' : [ {\
                    'userID': { 'localname' : uname },
                    'access': [ { 'sshPubkey' : ssh } ],
                } ]\
            }\
        }
        return rv


class fedd_allocate_project_remote:
    """
    Allocate projects on a remote machine using the internal SOAP interface
    """
    def __init__(self, dp=False, url=None, certs=None):
        """
        Initializer.  Parses a configuration if one is given.
        """

        self.dynamic_projects = dp
        self.url = url

        if certs != None and isinstance(certs, type(tuple())):
            self.cert_file, self.trusted_certs, self.cert_pwd = certs
        else:
            self.cert_file, self.trusted_certs, self.cert_pwd = \
                    (None, None, None)
        self.soap_services = { }
        self.xmlrpc_services = { }
        
    def dynamic_project(self, req, fedid=None):
        """
        Send req on to a remote project instantiator.

        Req is just the projectAllocType object.  This function re-wraps it.
        It also rethrows any faults.
        """
        # No retry loop here.  Proxy servers must correctly authenticate
        # themselves without help
        try:
            ctx = fedd_ssl_context(self.cert_file, self.trusted_certs,
                    password=self.cert_pwd)
        except SSL.SSLError:
            raise service_error(service_error.server_config, 
                    "Server certificates misconfigured")

        loc = feddInternalServiceLocator();
        port = loc.getfeddInternalPortType(self.url,
                transport=M2Crypto.httpslib.HTTPSConnection, 
                transdict={ 'ssl_context' : ctx })

        if req.has_key('AllocateProjectRequestBody'):
            req = req['AllocateProjectRequestBody']
        else:
            raise service_error(service_error.req, "Bad formated request");

        # Reconstruct the full request message
        msg = AllocateProjectRequestMessage()
        msg.set_element_AllocateProjectRequestBody(
                pack_soap(msg, "AllocateProjectRequestBody", req))
        try:
            resp = port.AllocateProject(msg)
        except ZSI.ParseException, e:
            raise service_error(service_error.proxy,
                    "Bad format message (XMLRPC??): %s" % str(e))
        r = unpack_soap(resp)

        if r.has_key('AllocateProjectResponseBody'):
            return r['AllocateProjectResponseBody']
        else:
            raise service_error(service_error.proxy, "Bad proxy response")