Context Navigation

source: starbed_plugin/starbed.py @ 6843d14

Last change on this file since 6843d14 was adf8517, checked in by alwabel <alwabel@…>, 12 years ago
Starbed plugin
Property mode set to `100644`
File size: 8.9 KB

Rev	Line
[adf8517]	1	#!/usr/local/bin/python
	2
	3	import os,sys
	4	import subprocess
	5	import re
	6	import string
	7	import copy
	8	import pickle
	9	import logging
	10	import random
	11	import tempfile
	12	from federation.util import *
	13	from federation.fedid import fedid, generate_fedid
	14	from federation.authorizer import authorizer
	15	from federation.service_error import service_error
	16	from federation.remote_service import xmlrpc_handler, soap_handler, service_caller
	17
	18	import federation.topdl as topdl
	19
	20	from federation.access import access_base
	21	from federation.legacy_access import legacy_access
	22	from federation.proof import proof
	23	from topdltok import klanguage
	24
	25	# Make log messages disappear if noone configures a fedd logger. This is
	26	# something of an incantation, but basically it creates a logger object
	27	# registered to fedd.access if no other module above us has. It's an extra
	28	# belt for the suspenders.
	29	class nullHandler(logging.Handler):
	30	def emit(self, record): pass
	31
	32	fl = logging.getLogger("fedd.access")
	33	fl.addHandler(nullHandler())
	34
	35
	36	# The plug-in itself.
	37	class access(access_base):
	38
	39	@staticmethod
	40	def parse_access_string(s):
	41	"""
	42	Parse a parenthesized string from the access db by removing the parens.
	43	If the string isn't in parens, we just return it with whitespace
	44	trimmed in either case.
	45	"""
	46	st = s.strip()
	47	if st.startswith("(") and st.endswith(")"): return st[1:-1]
	48	else: return st
	49
	50	def __init__(self, config=None, auth=None):
	51	self.rmanager = config.get('definition','rmanager')
	52	self.smanager = config.get('definition','smanager')
	53	self.pmanager = config.get('definition','pmanager')
	54	self.fncp = config.get('definition','fncp')
	55	self.tftpdman =config.get('definition','tftpdman')
	56	self.wolagent = config.get('definition','wolagent')
	57	self.encd = config.get('definition','encd')
	58	self.user = config.get('definition','user')
	59	self.project= config.get('definition','project')
	60	self.rpassword = config.get('definition','rpassword')
	61
	62	access_base.__init__(self, config, auth)
	63
	64	# authorization information
	65	self.auth_type = config.get('access', 'auth_type') \
	66	or 'legacy'
	67	self.auth_dir = config.get('access', 'auth_dir')
	68	accessdb = config.get("access", "accessdb")
	69	print "authentication type = %s" %(self.auth_type);
	70	if self.auth_type == 'starbed':
	71	self.log.debug("starbed authtication methond");
	72	else:
	73	raise service_error(service_error.internal,
	74	"Unknown auth_type: %s" % self.auth_type)
	75
	76	# These dictionaries register the plug-in's local routines for handline
	77	# these four messages with the server code above. There's a version
	78	# for SOAP and XMLRPC, depending on which interfaces the plugin
	79	# supports. There's rarely a technical reason not to support one or
	80	# the other - the plugin code almost never deals with the transport -
	81	# but if a plug-in writer wanted to disable XMLRPC, they could leave
	82	# the self.xmlrpc_services dictionary empty.
	83	self.soap_services = {\
	84	'RequestAccess': soap_handler("RequestAccess", self.RequestAccess),
	85	'ReleaseAccess': soap_handler("ReleaseAccess", self.ReleaseAccess),
	86	'StartSegment': soap_handler("StartSegment", self.StartSegment),
	87	'TerminateSegment': soap_handler("TerminateSegment",
	88	self.TerminateSegment),
	89	}
	90	self.xmlrpc_services = {\
	91	'RequestAccess': xmlrpc_handler('RequestAccess',
	92	self.RequestAccess),
	93	'ReleaseAccess': xmlrpc_handler('ReleaseAccess',
	94	self.ReleaseAccess),
	95	'StartSegment': xmlrpc_handler("StartSegment", self.StartSegment),
	96	'TerminateSegment': xmlrpc_handler('TerminateSegment',
	97	self.TerminateSegment),
	98	}
	99	self.log.debug("Starbed AC started!")
	100	# RequestAccess and ReleaseAccess come from the base class
	101	def RequestAccess(self, req, fid):
	102	# The dance to get into the request body
	103	if req.has_key('RequestAccessRequestBody'):
	104	req = req['RequestAccessRequestBody']
	105	else:
	106	raise service_error(service_error.req, "No request!?")
	107	#self.log.debug("req = %s\n-------\n fid=%s\n" % (req,fid))
	108	allocID, alloc_cert = generate_fedid(subj="alloc", log=self.log)
	109	aid = unicode(allocID)
	110	self.state_lock.acquire()
	111	self.state[aid] = { }
	112	self.state[aid]['user'] = 'alwabel'
	113	self.state[aid]['owners'] = 'alwabel'
	114	self.state[aid]['auth'] = set()
	115	self.write_state()
	116	self.state_lock.release()
	117	#self.log.debug("to_dict() = %s " % (proof("me","faber","attr",[]).to_dict()));
	118	return { 'allocID': { 'fedid': allocID }, 'proof' : proof("me", "faber","attr",[]).to_dict() }
	119	def ReleaseAccess(self, req, fid):
	120	self.log.debug("request releasing access!");
	121	def StartSegment(self, req, fid):
	122	#self.log.debug("data = %s" %(req));
	123
	124	try:
	125	req = req['StartSegmentRequestBody']
	126	#print req;
	127	# Get the request topology. If not present, a KeyError is thrown.
	128	topref = req['segmentdescription']['topdldescription']
	129	#self.log.debug("topref = %s " % (topref));
	130	# The fedid of the allocation we're attaching resources to
	131	auth_attr = req['allocID']['fedid']
	132	except KeyError:
	133	raise service_error(server_error.req, "Badly formed request")
	134
	135	# String version of the allocation ID for keying
	136	aid = "%s" % auth_attr
	137	# Authorization check
	138	access_ok, proof = self.auth.check_attribute(fid, auth_attr,
	139	with_proof=True)
	140	#self.log.debug("lllllacc = %s, proffe= %s" %( access_ok,proof.to_dict()))
	141	#CAUSIO XXXX
	142	if access_ok:
	143	raise service_error(service_error.access, "Access denied",
	144	proof=proof)
	145	else:
	146	# See if this is a replay of an earlier succeeded StartSegment -
	147	# sometimes SSL kills 'em. If so, replay the response rather than
	148	# redoing the allocation.
	149	self.state_lock.acquire()
	150	#retval = self.state[aid].get('started', None)
	151	#CAUSOION
	152	retval = 0
	153	self.state_lock.release()
	154	if retval:
	155	self.log.warning(
	156	"[StartSegment] Duplicate StartSegment for %s: " \
	157	% aid + \
	158	"replaying response")
	159	return retval
	160
	161	certfile = "%s/%s.pem" % (self.certdir, aid)
	162
	163	# Convert the topology into topdl data structures. Again, the
	164	# skeletion doesn't do anything with it, but this is how one parses a
	165	# topology request.
	166	if topref: topo = topdl.Topology(**topref)
	167	else:
	168	raise service_error(service_error.req,
	169	"Request missing segmentdescription'")
	170	#rmanager = "192.168.1.10:1234"
	171	#smanager = "192.168.1.10:1240"
	172	#pmanager = "192.168.1.10:1242"
	173	#fncp = "192.168.1.10"
	174	#tftpdman="192.168.1.10"
	175	#wolagent="192.168.1.10:5959:192.168.0.0/16"
	176	#encd="192.168.1.21"
	177	#user = "alwabel"
	178	#project = "lace"
	179
	180	k = klanguage(self.rmanager,self.smanager,self.pmanager,self.fncp,self.user,self.project,self.tftpdman,self.wolagent,self.encd)
	181	k.k_from_topology(topo)
	182	level, kname = tempfile.mkstemp()
	183	k.to_file(kname)
	184	pid = subprocess.Popen(['/usr/local/springos/bin/kuma', '-p',self.rpassword,kname])
	185	#pid = subprocess.Popen([sys.executable, ['/usr/local/springos/bin/kuma', '-p',self.rpassword,kname] ])
	186	#os.unlink(kname)
	187	# The attributes of the request. Not used by this plug-in, but that's
	188	# where they are.
	189	attrs = req.get('fedAttr', [])
	190
	191	# Gather connection information. Used to send messages to those
	192	# waiting.
	193	connInfo = req.get('connection', [])
	194
	195	self.state_lock.acquire()
	196	# It's possible that the StartSegment call gets retried (!).
	197	# if the 'started' key is in the allocation, we'll return it rather
	198	# than redo the setup. The integer allocation was saved when we made
	199	# it.
	200	self.state[aid]['started'] = {
	201	'allocID': req['allocID'],
	202	'allocationLog': "Allocatation complete",
	203	'segmentdescription': { 'topdldescription': topo.to_dict() },
	204	#'proof' : proof("me", "faber","attr",[]).to_dict(),
	205	'proof': proof.to_dict(),
	206	}
	207	retval = copy.deepcopy(self.state[aid]['started'])
	208	self.write_state()
	209	self.state_lock.release()
	210
	211	return retval
	212
	213	def TerminateSegment(self, req, fid):
	214	self.log.debug("Terminate Segment");
	215	"""
	216	Remove the resources associated with th eallocation and stop the music.
	217	In this example, this simply means removing the integer we allocated.
	218	"""
	219	# Gather the same access information as for Start Segment
	220	try:
	221	req = req['TerminateSegmentRequestBody']
	222	except KeyError:
	223	raise service_error(server_error.req, "Badly formed request")
	224
	225	auth_attr = req['allocID']['fedid']
	226	aid = "%s" % auth_attr
	227
	228	self.log.debug("Terminate request for %s" %aid)
	229	# Check authorization
	230	access_ok, proof = self.auth.check_attribute(fid, auth_attr,
	231	with_proof=True)
	232	if not access_ok:
	233	raise service_error(service_error.access, "Access denied",
	234	proof=proof)
	235
	236	# Authorized: remove the integer from the allocation. A more complex
	237	# plug in would interface with the underlying facility to turn off the
	238	# experiment here.
	239	self.state_lock.acquire()
	240	if aid in self.state:
	241	assigned = self.state[aid].get('integer', None)
	242	self.available_ints.add(assigned)
	243	if 'integer' in self.state[aid]:
	244	del self.state[aid]['integer']
	245	self.write_state()
	246	self.state_lock.release()
	247
	248	return { 'allocID': req['allocID'], 'proof': proof.to_dict() }

Note: See TracBrowser for help on using the repository browser.

Download in other formats: