Changeset 2dc99e3 for fedd


Ignore:
Timestamp:
Jan 18, 2013 3:33:04 PM (7 years ago)
Author:
Ted Faber <faber@…>
Branches:
master
Children:
5dbcc93
Parents:
1819839
Message:

More tweaks. This version will connect to DETER

File:
1 edited

Legend:

Unmodified
Added
Removed
  • fedd/federation/desktop_access.py

    r1819839 r2dc99e3  
    138138        self.call_GetValue = service_caller('GetValue', log=self.log)
    139139
    140     # RequestAccess and ReleaseAccess come from the base class
     140    # ReleaseAccess come from the base class, this is a slightly modified
     141    # RequestAccess from the base that includes a fedAttr to force this side to
     142    # be active.
     143    def RequestAccess(self, req, fid):
     144        """
     145        Handle an access request.  Success here maps the requester into the
     146        local access control space and establishes state about that user keyed
     147        to a fedid.  We also save a copy of the certificate underlying that
     148        fedid so this allocation can access configuration information and
     149        shared parameters on the experiment controller.
     150        """
     151
     152        self.log.info("RequestAccess called by %s" % fid)
     153        # The dance to get into the request body
     154        if req.has_key('RequestAccessRequestBody'):
     155            req = req['RequestAccessRequestBody']
     156        else:
     157            raise service_error(service_error.req, "No request!?")
     158
     159        # Base class lookup routine.  If this fails, it throws a service
     160        # exception denying access that triggers a fault response back to the
     161        # caller.
     162        found,  owners, proof = self.lookup_access(req, fid)
     163        self.log.info(
     164                "[RequestAccess] Access granted local creds %s" % found)
     165        # Make a fedid for this allocation
     166        allocID, alloc_cert = generate_fedid(subj="alloc", log=self.log)
     167        aid = unicode(allocID)
     168
     169        # Store the data about this allocation:
     170        self.state_lock.acquire()
     171        self.state[aid] = { }
     172        self.state[aid]['user'] = found
     173        self.state[aid]['owners'] = owners
     174        self.state[aid]['auth'] = set()
     175        # Authorize the creating fedid and the principal representing the
     176        # allocation to manipulate it.
     177        self.append_allocation_authorization(aid,
     178                ((fid, allocID), (allocID, allocID)))
     179        self.write_state()
     180        self.state_lock.release()
     181
     182        # Create a directory to stash the certificate in, ans stash it.
     183        try:
     184            f = open("%s/%s.pem" % (self.certdir, aid), "w")
     185            print >>f, alloc_cert
     186            f.close()
     187        except EnvironmentError, e:
     188            raise service_error(service_error.internal,
     189                    "Can't open %s/%s : %s" % (self.certdir, aid, e))
     190        self.log.debug('[RequestAccess] Returning allocation ID: %s' % allocID)
     191        msg = {
     192                'allocID': { 'fedid': allocID },
     193                'fedAttr': [{ 'attribute': 'nat_portals', 'value': 'True' }],
     194                'proof': proof.to_dict()
     195                }
     196        return msg
    141197
    142198    def validate_topology(self, top):
     
    241297            print >>script, 'sudo ip route delete %s' % dest
    242298
     299    def find_a_peer(self, addr):
     300        '''
     301        Find another node in the experiment that's on our subnet.  This is a
     302        hack to handle the problem that we really cannot require the desktop to
     303        dynamically route.  Will be improved by distributing static routes.
     304        '''
     305
     306        peer = None
     307        hosts = os.path.join(self.localdir, 'hosts')
     308        p = addr.rfind('.')
     309        if p == -1:
     310            raise service_error(service_error.req, 'bad address in topology')
     311        prefix = addr[0:p]
     312        addr_re = re.compile('(%s.\\d+)' % prefix)
     313        try:
     314            f = open(hosts, 'r')
     315            for line in f:
     316                m = addr_re.search(line)
     317                if m is not None and m.group(1) != addr:
     318                    peer = m.group(1)
     319                    break
     320            else:
     321                raise service_error(service_error.req,
     322                        'No other nodes in this subnet??')
     323        except EnvironmentError, e:
     324            raise service_error(service_error.internal,
     325                    'Cannot open %s: %s' % (e.filename, e.strerror))
     326        return peer
     327
     328
    243329
    244330
     
    278364                    'Cannot find all config parameters %s %s %s' % (peer, port, my_addr))
    279365
     366        exp_peer = self.find_a_peer(my_addr)
     367
    280368        cscript = os.path.join(self.localdir, 'connect')
    281369        dscript = os.path.join(self.localdir, 'disconnect')
     
    289377            # a file this end can access into its local file system.  Try once
    290378            # a minute.
    291             print >>f,'while !/usr/bin/scp -i "StrictHostKeyChecking no" -i %s %s:/usr/local/federation/etc/prep_done /dev/null; do' % (self.ssh_identity, peer)
     379            print >>f,'while ! /usr/bin/scp -o "StrictHostKeyChecking no" -i %s %s:/usr/local/federation/etc/prep_done /dev/null; do' % (self.ssh_identity, peer)
    292380            print >>f, 'sleep 60; done'
    293381            print >>f, ('sudo ssh -w 0:0 -p %s -o "Tunnel ethernet" ' + \
    294                     '-o "StrictHostKeyChecking no" -i %s -N %s &') % \
    295                     (port, self.ssh_identity, peer)
     382                    '-o "StrictHostKeyChecking no" -i %s %s perl -I/usr/local/federation/lib /usr/local/federation/bin/setup_bridge.pl --tapno=0 --addr=%s &') % \
     383                    (port, self.ssh_identity, peer, my_addr)
    296384            # This should give the tap a a chance to come up
    297385            print >>f,'sleep 10'
     
    299387            print >>f, 'sudo ifconfig tap0 %s netmask 255.255.255.0 up' % \
    300388                    my_addr
    301             self.set_route('10.0.0.0/8', f, peer)
     389            self.set_route('10.0.0.0/8', f, exp_peer)
    302390            f.close()
    303391            os.chmod(cscript, 0755)
Note: See TracChangeset for help on using the changeset viewer.