Skip to content
Browse files

Merge branch 'ctxbroker-breakout'

Conflicts:
	scripts/lib/gt4.0/dist/build.properties
  • Loading branch information...
2 parents 7135a05 + 18bd32e commit 6837e43bcf08af0a53d74586a1f93e8e40b6f68c @timf timf committed
Showing with 4,379 additions and 146 deletions.
  1. +2 −0 .gitignore
  2. +4 −5 .idea-modules/ctx/contextualization.iml
  3. +14 −0 .idea-modules/query-general/query-general.iml
  4. +2 −1 .idea-modules/query/ec2query.iml
  5. +1 −1 .idea-modules/service-suites/tests-common.iml
  6. +2 −1 .idea-modules/wrksp-svc/workspace-service.iml
  7. +0 −15 .idea/libraries/ctxbroker_libs.xml
  8. +0 −29 .idea/libraries/workspace_service_libs.xml
  9. +1 −0 .idea/modules.xml
  10. +1 −0 authzdb/build.xml
  11. +1 −0 ctx-broker/build.properties
  12. +14 −6 ctx-broker/build.xml
  13. +6 −0 ctx-broker/gar/build.properties
  14. +53 −3 ctx-broker/gar/build.xml
  15. 0 ctx-broker/gar/etc/other/{main.conflocator.xml → bundled-main.conflocator.xml}
  16. +3 −6 ctx-broker/gar/etc/other/{main.xml → bundled-main.xml}
  17. +70 −0 ctx-broker/gar/etc/other/standalone-main.xml
  18. 0 ctx-broker/gar/etc/user-mapfile
  19. +38 −0 ctx-broker/home/bin/broker-configure
  20. +28 −0 ctx-broker/home/bin/brokerctl
  21. +594 −0 ctx-broker/home/lib/ProcessManager.py
  22. +83 −0 ctx-broker/home/lib/brokerctl.py
  23. +3 −0 ctx-broker/home/lib/pynimbusconfig/README
  24. 0 ctx-broker/home/lib/pynimbusconfig/__init__.py
  25. +273 −0 ctx-broker/home/lib/pynimbusconfig/autoca.py
  26. 0 ctx-broker/home/lib/pynimbusconfig/broker/__init__.py
  27. +579 −0 ctx-broker/home/lib/pynimbusconfig/broker/main.py
  28. +92 −0 ctx-broker/home/lib/pynimbusconfig/checkssl.py
  29. +72 −0 ctx-broker/home/lib/pynimbusconfig/ezpz_ca.py
  30. +29 −0 ctx-broker/home/lib/pynimbusconfig/forcessl.py
  31. +133 −0 ctx-broker/home/lib/pynimbusconfig/gtcontainer.py
  32. 0 ctx-broker/home/lib/pynimbusconfig/iaas/__init__.py
  33. +85 −0 ctx-broker/home/lib/pynimbusconfig/iaas/derbyutil.py
  34. +169 −0 ctx-broker/home/lib/pynimbusconfig/iaas/groupauthz.py
  35. +422 −0 ctx-broker/home/lib/pynimbusconfig/iaas/main.py
  36. +39 −0 ctx-broker/home/lib/pynimbusconfig/javautil.py
  37. +194 −0 ctx-broker/home/lib/pynimbusconfig/pathutil.py
  38. +196 −0 ctx-broker/home/lib/pynimbusconfig/runutil.py
  39. +57 −0 ctx-broker/home/lib/pynimbusconfig/setuperrors.py
  40. 0 ctx-broker/home/lib/pynimbusconfig/test/__init__.py
  41. +73 −0 ctx-broker/home/lib/pynimbusconfig/test/test_groupauthz.py
  42. 0 ctx-broker/home/lib/pynimbusconfig/web/__init__.py
  43. +95 −0 ctx-broker/home/lib/pynimbusconfig/web/newconf.py
  44. +17 −0 ctx-broker/home/lib/run-broker.sh
  45. +22 −0 ctx-broker/home/lib/run-pynimbusconfig-tests.sh
  46. +1 −1 ctx-broker/src/org/nimbustools/ctxbroker/rest/BrokerResource.java
  47. +0 −1 ctx-broker/src/org/nimbustools/ctxbroker/rest/ContextStatus.java
  48. +1 −2 ctx-broker/src/org/nimbustools/ctxbroker/rest/RestHttp.java
  49. +1 −0 ctx-broker/wsdl/stubs/build.xml
  50. 0 home/libexec/nimbus_import_users.py
  51. 0 lib/{services → workspaceservice}/commons-dbcp.jar
  52. 0 lib/{services → workspaceservice}/commons-io-1.4.jar
  53. 0 lib/{services → workspaceservice}/commons-pool.jar
  54. 0 lib/{services → workspaceservice}/derby.jar
  55. 0 lib/{services → workspaceservice}/derbyclient.jar
  56. 0 lib/{services → workspaceservice}/derbynet.jar
  57. 0 lib/{services → workspaceservice}/derbyrun.jar
  58. 0 lib/{services → workspaceservice}/derbytools.jar
  59. 0 lib/{services → workspaceservice}/junixsocket-1.3.jar
  60. 0 lib/{services → workspaceservice}/junixsocket-rmi-1.3.jar
  61. 0 lib/{services → workspaceservice}/sqlitejdbc-v056.jar
  62. +6 −2 messaging/gt4.0/java/gar-builder/build.properties
  63. +40 −16 messaging/gt4.0/java/gar-builder/build.xml
  64. +1 −0 messaging/query/java/source/build.properties
  65. +3 −2 messaging/query/java/source/build.xml
  66. +2 −0 ...query/java/source/src/org/nimbustools/messaging/query/security/NimbusAuthzUserDetailsService.java
  67. +2 −0 ...ing/query/java/source/src/org/nimbustools/messaging/query/security/QueryAuthenticationFilter.java
  68. +1 −0 ...ging/query/java/source/src/org/nimbustools/messaging/query/security/QueryAuthenticationToken.java
  69. +2 −0 ...aging/query/java/source/src/org/nimbustools/messaging/query/security/QueryContainerInterface.java
  70. +1 −0 metadata/java/source/build.properties
  71. +4 −0 metadata/java/source/build.xml
  72. +12 −0 query/build.properties
  73. +116 −0 query/build.xml
  74. +2 −17 ...ls/messaging/query → query/src/org/nimbustools/querygeneral}/security/FileUserDetailsService.java
  75. +2 −1 ...org/nimbustools/messaging/query → query/src/org/nimbustools/querygeneral}/security/QueryUser.java
  76. +2 −1 ...s/messaging/query → query/src/org/nimbustools/querygeneral}/security/QueryUserDetailsService.java
  77. +54 −0 scripts/broker-make-dist.sh
  78. +1 −1 scripts/gt/broker-build-and-install.sh
  79. +230 −0 scripts/install-broker-only
  80. +32 −0 scripts/lib/gt4.0/brokerdist/build.properties
  81. +160 −0 scripts/lib/gt4.0/brokerdist/build.xml
  82. +193 −0 scripts/lib/gt4.0/brokerdist/topdocs/LICENSE.txt
  83. +15 −0 scripts/lib/gt4.0/brokerdist/topdocs/README.txt
  84. +1 −1 scripts/lib/gt4.0/build/build.properties
  85. +14 −23 scripts/lib/gt4.0/build/build.xml
  86. +2 −2 scripts/lib/gt4.0/dist/build.properties
  87. +5 −8 scripts/lib/gt4.0/dist/build.xml
  88. +1 −0 scripts/make-dist.sh
  89. +2 −1 service/service/java/source/build.properties
  90. +3 −0 service/service/java/source/build.xml
View
2 .gitignore
@@ -43,3 +43,5 @@ setuptools-0.6c11-py2.7.egg
cumulus/deps/boto-2.0b4.tar.gz
/cumulus/pip-0.7.2.tar.gz
lantorrent/lantorrent.egg-info/
+ctx-broker/gar/etc/other/main.xml
+
View
9 .idea-modules/ctx/contextualization.iml
@@ -9,13 +9,12 @@
</content>
<orderEntry type="inheritedJdk" />
<orderEntry type="sourceFolder" forTests="false" />
- <orderEntry type="library" name="ctxbroker-libs" level="project" />
- <orderEntry type="module" module-name="common" />
<orderEntry type="library" name="test-libs" level="project" />
- <orderEntry type="library" name="cxf-libs" level="project" />
- <orderEntry type="module" module-name="ec2query" />
- <orderEntry type="library" name="workspace-service-libs" level="project" />
<orderEntry type="module" module-name="authzdb" />
+ <orderEntry type="module" module-name="query-general" />
+ <orderEntry type="library" name="lib-services" level="project" />
+ <orderEntry type="library" name="generated-libs" level="project" />
+ <orderEntry type="module" module-name="rm-api" />
</component>
</module>
View
14 .idea-modules/query-general/query-general.iml
@@ -0,0 +1,14 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<module type="JAVA_MODULE" version="4">
+ <component name="NewModuleRootManager" inherit-compiler-output="true">
+ <exclude-output />
+ <content url="file://$MODULE_DIR$/../../query">
+ <sourceFolder url="file://$MODULE_DIR$/../../query/src" isTestSource="false" />
+ </content>
+ <orderEntry type="inheritedJdk" />
+ <orderEntry type="sourceFolder" forTests="false" />
+ <orderEntry type="library" name="rm-api-libs" level="project" />
+ <orderEntry type="library" name="lib-services" level="project" />
+ </component>
+</module>
+
View
3 .idea-modules/query/ec2query.iml
@@ -22,8 +22,9 @@
<orderEntry type="module" module-name="common" />
<orderEntry type="module" module-name="ec2soap" />
<orderEntry type="library" name="test-libs" level="project" />
- <orderEntry type="library" name="workspace-service-libs" level="project" />
+ <orderEntry type="library" name="lib-workspaceservice" level="project" />
<orderEntry type="module" module-name="authzdb" />
+ <orderEntry type="module" module-name="query-general" />
</component>
</module>
View
2 .idea-modules/service-suites/tests-common.iml
@@ -10,7 +10,7 @@
<orderEntry type="module" module-name="rm-api" exported="" />
<orderEntry type="module" module-name="workspace-service" exported="" />
<orderEntry type="library" exported="" name="test-libs" level="project" />
- <orderEntry type="library" exported="" name="workspace-service-libs" level="project" />
+ <orderEntry type="library" exported="" name="lib-workspaceservice" level="project" />
</component>
</module>
View
3 .idea-modules/wrksp-svc/workspace-service.iml
@@ -30,10 +30,11 @@
</content>
<orderEntry type="inheritedJdk" />
<orderEntry type="sourceFolder" forTests="false" />
- <orderEntry type="library" name="workspace-service-libs" level="project" />
+ <orderEntry type="library" name="lib-workspaceservice" level="project" />
<orderEntry type="module" module-name="rm-api" />
<orderEntry type="library" name="test-libs" level="project" />
<orderEntry type="module" module-name="authzdb" />
+ <orderEntry type="library" name="lib-services" level="project" />
</component>
</module>
View
15 .idea/libraries/ctxbroker_libs.xml
@@ -1,15 +0,0 @@
-<component name="libraryTable">
- <library name="ctxbroker-libs">
- <CLASSES>
- <root url="jar://$PROJECT_DIR$/lib/services/jce-jdk13-125.jar!/" />
- <root url="jar://$PROJECT_DIR$/lib/services/cog-jglobus.jar!/" />
- <root url="jar://$PROJECT_DIR$/lib/services/commons-logging.jar!/" />
- <root url="jar://$PROJECT_DIR$/lib/services/wsrf_core.jar!/" />
- <root url="jar://$PROJECT_DIR$/lib/services/axis.jar!/" />
- <root url="jar://$PROJECT_DIR$/lib/generated/nimbus-ctx-stubs-gt4.0.jar!/" />
- <root url="jar://$PROJECT_DIR$/lib/services/addressing-1.0.jar!/" />
- </CLASSES>
- <JAVADOC />
- <SOURCES />
- </library>
-</component>
View
29 .idea/libraries/workspace_service_libs.xml
@@ -1,29 +0,0 @@
-<component name="libraryTable">
- <library name="workspace-service-libs">
- <CLASSES>
- <root url="jar://$PROJECT_DIR$/lib/services/commonj.jar!/" />
- <root url="jar://$PROJECT_DIR$/lib/services/commons-pool.jar!/" />
- <root url="jar://$PROJECT_DIR$/lib/services/commons-dbcp.jar!/" />
- <root url="jar://$PROJECT_DIR$/lib/services/commons-logging.jar!/" />
- <root url="jar://$PROJECT_DIR$/lib/services/servlet.jar!/" />
- <root url="jar://$PROJECT_DIR$/lib/services/derbyclient.jar!/" />
- <root url="jar://$PROJECT_DIR$/lib/services/jetty-6.1.21.jar!/" />
- <root url="jar://$PROJECT_DIR$/lib/services/derbytools.jar!/" />
- <root url="jar://$PROJECT_DIR$/lib/services/derby.jar!/" />
- <root url="jar://$PROJECT_DIR$/lib/services/backport-util-concurrent-3.1-jdk1.4.jar!/" />
- <root url="jar://$PROJECT_DIR$/lib/services/jetty-util-6.1.21.jar!/" />
- <root url="jar://$PROJECT_DIR$/lib/services/jug-2.0.0.jar!/" />
- <root url="jar://$PROJECT_DIR$/lib/services/commons-collections-3.2.1.jar!/" />
- <root url="jar://$PROJECT_DIR$/lib/services/commons-io-1.4.jar!/" />
- <root url="jar://$PROJECT_DIR$/lib/services/junixsocket-1.3.jar!/" />
- <root url="jar://$PROJECT_DIR$/lib/services/junixsocket-rmi-1.3.jar!/" />
- <root url="jar://$PROJECT_DIR$/lib/services/commons-cli-2.0.jar!/" />
- <root url="jar://$PROJECT_DIR$/lib/services/gson-1.4.jar!/" />
- <root url="jar://$PROJECT_DIR$/lib/services/ehcache-core-2.3.1.jar!/" />
- <root url="jar://$PROJECT_DIR$/lib/services/slf4j-api-1.5.11.jar!/" />
- <root url="jar://$PROJECT_DIR$/lib/services/slf4j-jdk14-1.5.11.jar!/" />
- </CLASSES>
- <JAVADOC />
- <SOURCES />
- </library>
-</component>
View
1 .idea/modules.xml
@@ -12,6 +12,7 @@
<module fileurl="file://$PROJECT_DIR$/.idea-modules/ec2soap/ec2soap.iml" filepath="$PROJECT_DIR$/.idea-modules/ec2soap/ec2soap.iml" group="protocols" />
<module fileurl="file://$PROJECT_DIR$/.idea-modules/service-suites/failure.iml" filepath="$PROJECT_DIR$/.idea-modules/service-suites/failure.iml" group="service-suites" />
<module fileurl="file://$PROJECT_DIR$/.idea-modules/installer/installer.iml" filepath="$PROJECT_DIR$/.idea-modules/installer/installer.iml" />
+ <module fileurl="file://$PROJECT_DIR$/.idea-modules/query-general//query-general.iml" filepath="$PROJECT_DIR$/.idea-modules/query-general//query-general.iml" />
<module fileurl="file://$PROJECT_DIR$/.idea-modules/rm-api/rm-api.iml" filepath="$PROJECT_DIR$/.idea-modules/rm-api/rm-api.iml" />
<module fileurl="file://$PROJECT_DIR$/.idea-modules/service-suites//spotinstances.iml" filepath="$PROJECT_DIR$/.idea-modules/service-suites//spotinstances.iml" group="service-suites" />
<module fileurl="file://$PROJECT_DIR$/.idea-modules/service-suites/tests-common.iml" filepath="$PROJECT_DIR$/.idea-modules/service-suites/tests-common.iml" group="service-suites" />
View
1 authzdb/build.xml
@@ -59,6 +59,7 @@
classpathref="nimbus.authz.main.classpath"
source="1.5"
target="1.5"
+ includeantruntime="false"
debug="on">
<include name="**/*.java"/>
View
1 ctx-broker/build.properties
@@ -18,3 +18,4 @@ nimbus.ctxbroker.lib.dir=../lib/services
nimbus.messaging.query.dist.dir=../messaging/query/java/source/dist
nimbus.service.api.dist.dir=../service-api/java/source/dist/
nimbus.authz.dist.dir=../authzdb/dist
+nimbus.querygeneral.dist.dir=../query/dist
View
20 ctx-broker/build.xml
@@ -72,12 +72,12 @@
<include name="*.jar"/>
</fileset>
- <fileset dir="${nimbus.messaging.query.dist.dir}">
+ <fileset dir="${nimbus.authz.dist.dir}">
<include name="*.jar"/>
</fileset>
- <fileset dir="${nimbus.authz.dist.dir}">
- <include name="*.jar"/>
+ <fileset dir="${nimbus.querygeneral.dist.dir}">
+ <include name="*.jar"/>
</fileset>
<fileset dir="${nimbus.service.api.dist.dir}">
@@ -168,11 +168,19 @@
GAR RELATED
******************************************************************* -->
- <target name="gar">
- <ant dir="${nimbus.ctxbroker.gar.dir}" target="dist" />
+ <target name="gar-bundled">
+ <ant dir="${nimbus.ctxbroker.gar.dir}" target="dist-bundled" />
+ </target>
+
+ <target name="gar-standalone">
+ <ant dir="${nimbus.ctxbroker.gar.dir}" target="dist-standalone" />
+ </target>
+
+ <target name="deploy" depends="dist, gar-bundled">
+ <ant dir="${nimbus.ctxbroker.gar.dir}" target="deploy" />
</target>
- <target name="deploy" depends="dist, gar">
+ <target name="deploy-standalone" depends="dist, gar-standalone">
<ant dir="${nimbus.ctxbroker.gar.dir}" target="deploy" />
</target>
View
6 ctx-broker/gar/build.properties
@@ -30,3 +30,9 @@ nimbusctx.gt4_0.service.dist=../dist
# custom build-packages to bundle gar file
nimbus.messaging.gt4_0.gar.build.packages.xml=../../scripts/lib/gt4.0/build/build-packages.xml
+
+nimbusctx.baselibservices.dir=../../lib/services
+nimbusctx.service.api.dist.dir=../../service-api/java/source/dist
+nimbusctx.authzdbmodule.dist.dir=../../authzdb/dist
+nimbusctx.autocommon.dist.dir=../../autocommon/dist
+nimbusctx.querygeneral.dist.dir=../../query/dist
View
56 ctx-broker/gar/build.xml
@@ -130,6 +130,38 @@
</target>
+
+ <!-- *******************************************************************
+ COPIES FOR LIB DIRECTORY FOR STANDALONE DISTRIBUTION
+ ******************************************************************* -->
+
+ <target name="copy_libraries" depends="init">
+
+ <copy todir="${nimbusctx.gt4_0.gar.build.lib.dir}">
+
+ <fileset dir="${nimbusctx.baselibservices.dir}">
+ <include name="*.jar"/>
+ <include name="*LICENSE*"/>
+ </fileset>
+ <fileset dir="${nimbusctx.service.api.dist.dir}">
+ <include name="*.jar"/>
+ <include name="*LICENSE*"/>
+ </fileset>
+ <fileset dir="${nimbusctx.authzdbmodule.dist.dir}">
+ <include name="*.jar"/>
+ <include name="*LICENSE*"/>
+ </fileset>
+ <fileset dir="${nimbusctx.autocommon.dist.dir}">
+ <include name="*.jar"/>
+ <include name="*LICENSE*"/>
+ </fileset>
+ <fileset dir="${nimbusctx.querygeneral.dist.dir}">
+ <include name="*.jar"/>
+ <include name="*LICENSE*"/>
+ </fileset>
+ </copy>
+ </target>
+
<!-- *******************************************************************
COPIES FOR ETC DIRECTORY
@@ -140,7 +172,19 @@
<fileset dir="${nimbusctx.gt4_0.gar.etc.dir}" />
</copy>
</target>
-
+
+ <target name="copy-bundled-main.xml">
+ <copy tofile="${nimbusctx.gt4_0.gar.etc.dir}/other/main.xml"
+ file="${nimbusctx.gt4_0.gar.etc.dir}/other/bundled-main.xml" />
+ <echo>Broker context: bundled-main.xml</echo>
+ </target>
+
+ <target name="copy-standalone-main.xml">
+ <copy tofile="${nimbusctx.gt4_0.gar.etc.dir}/other/main.xml"
+ file="${nimbusctx.gt4_0.gar.etc.dir}/other/standalone-main.xml" />
+ <echo>Broker context: standalone-main.xml</echo>
+ </target>
+
<!-- *******************************************************************
CREATE DISTRIBUTION
@@ -165,7 +209,14 @@
<delete dir="tmp"/>
</target>
- <target name="dist" depends="disp">
+ <target name="dist-bundled" depends="disp, copy-bundled-main.xml">
+ <echo>Building: ${nimbusctx.gt4_0.gar.print-noun}</echo>
+ <antcall target="_dist" />
+ <echo>Built: ${nimbusctx.gt4_0.gar.print-noun}
+ </echo>
+ </target>
+
+ <target name="dist-standalone" depends="disp, copy_libraries, copy-standalone-main.xml">
<echo>Building: ${nimbusctx.gt4_0.gar.print-noun}</echo>
<antcall target="_dist" />
<echo>Built: ${nimbusctx.gt4_0.gar.print-noun}
@@ -264,4 +315,3 @@ Did you build?
</target>
</project>
-
View
0 ...broker/gar/etc/other/main.conflocator.xml → ...ar/etc/other/bundled-main.conflocator.xml
File renamed without changes.
View
9 ctx-broker/gar/etc/other/main.xml → ctx-broker/gar/etc/other/bundled-main.xml
@@ -3,14 +3,11 @@
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:jaxrs="http://cxf.apache.org/jaxrs"
- xmlns:aop="http://www.springframework.org/schema/aop"
xmlns:security="http://www.springframework.org/schema/security"
xsi:schemaLocation="
-http://www.springframework.org/schema/beans
+http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
-http://www.springframework.org/schema/aop
-http://www.springframework.org/schema/aop/spring-aop.xsd
-http://www.springframework.org/schema/security
+http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security-3.0.xsd
http://cxf.apache.org/jaxrs
http://cxf.apache.org/schemas/jaxrs.xsd">
@@ -93,7 +90,7 @@ http://cxf.apache.org/schemas/jaxrs.xsd">
<!--
property sources are concentrated in this file
-->
- <import resource="main.conflocator.xml"/>
+ <import resource="bundled-main.conflocator.xml"/>
</beans>
View
70 ctx-broker/gar/etc/other/standalone-main.xml
@@ -0,0 +1,70 @@
+<?xml version="1.0" encoding="UTF-8"?>
+
+<beans xmlns="http://www.springframework.org/schema/beans"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xmlns:jaxrs="http://cxf.apache.org/jaxrs"
+ xmlns:security="http://www.springframework.org/schema/security"
+ xsi:schemaLocation="
+http://www.springframework.org/schema/beans
+http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
+http://www.springframework.org/schema/security
+http://www.springframework.org/schema/security/spring-security-3.0.xsd
+http://cxf.apache.org/jaxrs
+http://cxf.apache.org/schemas/jaxrs.xsd">
+
+ <import resource="classpath:META-INF/cxf/cxf.xml" />
+ <import resource="classpath:META-INF/cxf/cxf-extension-jaxrs-binding.xml" />
+ <import resource="classpath:META-INF/cxf/cxf-servlet.xml" />
+
+ <bean id="userDetailsService" class="org.nimbustools.querygeneral.security.FileUserDetailsService">
+ <constructor-arg value="$NIMBUS_HOME/services/etc/nimbus-context-broker/user-mapfile"/>
+ </bean>
+
+ <jaxrs:server id="ContextBroker" address="/ContextBroker/">
+ <jaxrs:serviceBeans>
+ <ref bean="brokerResource" />
+ </jaxrs:serviceBeans>
+ <jaxrs:outFaultInterceptors>
+ <ref bean="outFaultInterceptor"/>
+ </jaxrs:outFaultInterceptors>
+ <jaxrs:properties>
+ <entry key="org.apache.cxf.propogate.exception" value="false"/>
+ </jaxrs:properties>
+ </jaxrs:server>
+
+ <bean id="brokerResource" class="org.nimbustools.ctxbroker.rest.BrokerResource"/>
+
+ <bean id="basicAuthenticationFilter"
+ class="org.springframework.security.web.authentication.www.BasicAuthenticationFilter">
+
+ <property name="authenticationManager" ref="authenticationManager"/>
+ <property name="authenticationEntryPoint" ref="authenticationEntryPoint"/>
+ </bean>
+
+ <security:authentication-manager alias="authenticationManager">
+ <security:authentication-provider user-service-ref="userDetailsService"/>
+ </security:authentication-manager>
+
+ <bean id="authenticationEntryPoint"
+ class="org.nimbustools.ctxbroker.rest.FailAuthenticationEntryPoint">
+ <property name="responseUtil" ref="responseUtil"/>
+ </bean>
+
+ <bean name="outFaultInterceptor" class="org.nimbustools.ctxbroker.rest.OutFaultInterceptor">
+ <property name="responseUtil" ref="responseUtil"/>
+ </bean>
+
+ <bean id="responseUtil" class="org.nimbustools.ctxbroker.rest.ResponseUtil"/>
+
+ <security:http auto-config="false" create-session="never" entry-point-ref="authenticationEntryPoint" >
+ <security:custom-filter ref="basicAuthenticationFilter" position="BASIC_AUTH_FILTER" />
+ <security:intercept-url pattern="/**" access="ROLE_USER"/>
+ <security:access-denied-handler ref="accessDeniedHandler"/>
+ </security:http>
+
+ <bean id="accessDeniedHandler" class="org.nimbustools.ctxbroker.rest.FailAccessDeniedHandler">
+ <property name="responseUtil" ref="responseUtil"/>
+ </bean>
+
+</beans>
+
View
0 ctx-broker/gar/etc/user-mapfile
No changes.
View
38 ctx-broker/home/bin/broker-configure
@@ -0,0 +1,38 @@
+#!/bin/bash
+
+PYTHON_EXE="/usr/bin/env python -Wignore::DeprecationWarning"
+
+NIMBUS_HOME_REL="`dirname $0`/.."
+NIMBUS_HOME=`cd $NIMBUS_HOME_REL; pwd`
+
+if [ -d $NIMBUS_HOME/lib/pynimbusconfig ]; then
+ NIMBUS_PYLIB=$NIMBUS_HOME/lib
+else
+ echo "Cannot locate Python lib directory"
+ exit 1
+fi
+
+PYTHONPATH="$NIMBUS_PYLIB:$PYTHONPATH"
+export PYTHONPATH
+
+# returns 0 if Python 2.5+
+$PYTHON_EXE -c "import sys; sys.exit(sys.version_info < (2,5))"
+if [ $? -ne 0 ]; then
+ echo "ERROR: Your system must have Python version 2.5 or later."
+ exit 1
+fi
+
+$PYTHON_EXE $NIMBUS_HOME/lib/pynimbusconfig/broker/main.py --basedir $NIMBUS_HOME $@
+EXITCODE=$?
+if [ $EXITCODE -ne 42 ]; then
+
+ if [ $EXITCODE -eq 0 ]; then
+ exit 0
+ else
+ echo ""
+ echo "Nimbus is not set up properly, exiting."
+ exit 2
+ fi
+fi
+
+
View
28 ctx-broker/home/bin/brokerctl
@@ -0,0 +1,28 @@
+#!/bin/bash
+
+PYTHON_EXE="/usr/bin/env python -Wignore::DeprecationWarning"
+
+NIMBUS_HOME_REL="`dirname $0`/.."
+NIMBUS_HOME=`cd $NIMBUS_HOME_REL; pwd`
+
+export NIMBUS_HOME
+
+if [ -d $NIMBUS_HOME/lib/pynimbusconfig ]; then
+ NIMBUS_PYLIB=$NIMBUS_HOME/lib
+else
+ echo "Cannot locate Python lib directory"
+ exit 1
+fi
+
+PYTHONPATH="$NIMBUS_PYLIB:$PYTHONPATH"
+export PYTHONPATH
+
+# returns 0 if Python 2.5+
+$PYTHON_EXE -c "import sys; sys.exit(sys.version_info < (2,5))"
+if [ $? -ne 0 ]; then
+ echo "ERROR: Your system must have Python version 2.5 or later."
+ exit 1
+fi
+
+$PYTHON_EXE $NIMBUS_HOME/lib/brokerctl.py $@
+exit $?
View
594 ctx-broker/home/lib/ProcessManager.py
@@ -0,0 +1,594 @@
+# ----------------------------------------------------------------------------
+# Copyright (c) 2006, Humanized, Inc.
+# All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions
+# are met:
+#
+# * Redistributions of source code must retain the above copyright
+# notice, this list of conditions and the following disclaimer.
+#
+# * Redistributions in binary form must reproduce the above
+# copyright notice, this list of conditions and the following
+# disclaimer in the documentation and/or other materials provided
+# with the distribution.
+#
+# * Neither the name of Humanized, Inc. nor the names of its
+# contributors may be used to endorse or promote products derived
+# from this software without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+# FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+# COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
+# INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
+# BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+# LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
+# CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN
+# ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+# POSSIBILITY OF SUCH DAMAGE.
+# ----------------------------------------------------------------------------
+
+# ----------------------------------------------------------------------------
+#
+# ProcessManager.py
+# Author: Atul Varma <atul@humanized.com>
+#
+# Python Version - 2.4
+#
+# ----------------------------------------------------------------------------
+
+"""
+ A simple module for process management. Please see the file
+ README.txt, included with this distribution, for more
+ information. This file is also available at the following
+ location:
+
+ http://www.humanized.com/ProcessManager
+"""
+
+# ----------------------------------------------------------------------------
+# TODO's
+#
+# * Document the public methods better.
+#
+# * Don't require ProcessManager to be run as root, but do raise
+# exceptions if the user tries to control a process that requires
+# changing the user ID and it can't be done.
+# ----------------------------------------------------------------------------
+
+# ----------------------------------------------------------------------------
+# Imports
+# ----------------------------------------------------------------------------
+
+import os
+import sys
+import time
+
+
+# ----------------------------------------------------------------------------
+# Public Names and Version Information
+# ----------------------------------------------------------------------------
+
+__all__ = [
+ "Process",
+ "init",
+ "add",
+ "rcScriptMain",
+ "main"
+ ]
+
+__version__ = "0.0.4"
+
+
+# ----------------------------------------------------------------------------
+# Constants
+# ----------------------------------------------------------------------------
+
+# Amount of time we wait in seconds after starting a process to see if
+# it's still alive.
+POST_PROCESS_START_DELAY = 5
+
+# Amount of time we wait in seconds after killing a process to see if
+# it's dead.
+POST_PROCESS_STOP_DELAY = 2
+
+# A list of all valid commands, accessible from the command-line; they
+# map directly to public instance methods of the Process class.
+COMMANDS = {
+ "stop" : "stop the target",
+ "start" : "start the target",
+ "restart" : "restart (stop, then start) the target",
+ "status" : "show status of the target"
+ }
+
+# Usage string when running the module's main() function.
+USAGE_TEXT = """\
+
+ %(scriptName)s <target> <command> [options]
+
+targets:
+%(targets)s\
+ all (this target applies the command to all
+ of the above targets)
+
+commands:
+%(commands)s\
+"""
+
+# Usage string when running the module's rcScriptMain() function.
+RC_SCRIPT_USAGE_TEXT = """\
+
+ %(scriptName)s <command> [options]
+
+This script controls %(targetDesc)s.
+
+commands:
+%(commands)s\
+"""
+
+# ----------------------------------------------------------------------------
+# Module Variables
+# ----------------------------------------------------------------------------
+
+# Directory where all intermediate data files are kept.
+_dataDir = None
+
+# Our process registry; keys are the name identifiers for processes,
+# and the values are Process objects.
+_processes = {}
+
+# OptionParser object representing command-line options parser.
+_parser = None
+
+# object storing command-line options, created by an OptionParser
+# object.
+_options = None
+
+
+# ----------------------------------------------------------------------------
+# Process Class
+# ----------------------------------------------------------------------------
+
+class Process:
+ """
+ Encapsulates a process that can be stopped, started, and
+ restarted.
+ """
+
+ def __init__( self,
+ name,
+ desc,
+ program,
+ args,
+ workingDir,
+ uid = None,
+ gid = None,
+ stopSignal = None,
+ postStartDelay = POST_PROCESS_START_DELAY):
+ """
+ Creates a process with the given name/identifier, description,
+ program executable path, argument tuple, and working
+ directory. When it is run, it will run with the given user
+ and group ID privileges. When it is stopped, the given signal
+ will be sent to tell it to do so.
+ """
+
+ if stopSignal == None:
+ import signal
+ stopSignal = signal.SIGKILL
+
+ self.name = name
+ self.desc = desc
+ self.program = program
+ self.args = [ program ]
+ self.args.extend( args )
+ self.workingDir = workingDir
+ self.stopSignal = stopSignal
+ self.postStartDelay = postStartDelay
+
+ if gid:
+ import grp
+ self.gid = grp.getgrnam( gid )[2]
+ else:
+ self.gid = None
+
+ if uid:
+ import pwd
+ self.uid = pwd.getpwnam( uid )[2]
+ else:
+ self.uid = None
+
+ def _pidfile( self ):
+ """
+ Returns the filename of the pid file for this process. A pid
+ file just contains the pid of the process, if it's believed to
+ be currently running.
+ """
+
+ return os.path.join( _dataDir, "%s.pid" % self.name )
+
+ def _readpid( self ):
+ """
+ Opens the pid file for this process and gets the pid for
+ it. If the pid file doesn't exist, this method returns None.
+ """
+
+ if not os.path.exists( self._pidfile() ):
+ return None
+ f = open( self._pidfile(), "r" )
+ pid = int( f.read() )
+ f.close()
+ return pid
+
+ def status( self ):
+ """
+ Public method that prints out what this process' status is
+ (running, stopped, etc).
+ """
+ status = self._getStatus()
+ print "%-30s%s" % ( self.desc, status )
+ if status != 'running':
+ raise ProcessStatusError()
+
+ def _getStatus( self ):
+ """
+ Returns a single word indicating the status of this process.
+ """
+
+ pid = self._readpid()
+ if pid == None:
+ return "stopped"
+ elif _isPidRunning( pid ):
+ return "running"
+ else:
+ return "crashed"
+
+ def start( self, warnCrashed = False ):
+ """
+ Public method that starts the process. If the process is
+ already deemed to be running, nothing happens.
+
+ If the process fails to launch, raise a
+ ProcessStartupError exception.
+ """
+
+ pid = self._readpid()
+ if pid != None:
+ if _isPidRunning( pid ):
+ print "Process '%s' is already running!" % self.name
+ return
+ elif warnCrashed:
+ print "Process '%s' may have died prematurely." % self.name
+
+ # Start the process now.
+ leftColumnText = "Launching %s..." % self.desc
+ print "%-30s" % leftColumnText,
+ sys.stdout.flush()
+
+ self._doStart()
+
+ def _doStart( self ):
+ """
+ Protected implementation method that starts the actual
+ process.
+ """
+
+ forkResult = os.fork()
+ if forkResult == 0:
+ # We're the child process.
+
+ if self.gid:
+ os.setgid( self.gid )
+
+ if self.uid:
+ os.setuid( self.uid )
+
+ os.chdir( self.workingDir )
+
+ nullFile = os.open( "/dev/null", os.O_RDWR )
+
+ # Replace stdin.
+ os.dup2( nullFile, 0 )
+
+ # Replace stdout
+ os.dup2( nullFile, 1 )
+
+ # Replace stderr
+ os.dup2( nullFile, 2 )
+
+ os.close( nullFile )
+
+ # Launch the program.
+ os.execv( self.program, self.args )
+ else:
+ # We're the parent process.
+ pid = forkResult
+ f = open( self._pidfile(), "w" )
+ f.write( "%d" % pid )
+ f.close()
+
+ if self.postStartDelay:
+ time.sleep(self.postStartDelay)
+
+ retVal = os.waitpid( pid, os.WNOHANG )
+ if retVal == (0, 0):
+ print "OK"
+ else:
+ print "FAILED"
+ try:
+ os.remove(self._pidfile())
+ except:
+ pass
+ raise ProcessStartupError()
+
+ def stop( self, warnCrashed = True ):
+ """
+ Public method that stops the process if it's currently
+ running.
+ """
+
+ pid = self._readpid()
+ if pid != None:
+ if _isPidRunning( pid ):
+ leftColumnText = "Stopping %s..." % self.desc
+ print "%-30s" % leftColumnText,
+ sys.stdout.flush()
+
+ os.kill( pid, self.stopSignal )
+
+ time.sleep( POST_PROCESS_STOP_DELAY )
+
+ if not _isPidRunning( pid ):
+ print "OK"
+ else:
+ print "FAILED"
+ elif warnCrashed:
+ print "Process '%s' may have died prematurely." % self.name
+ os.remove( self._pidfile() )
+ else:
+ print "Process '%s' is not running." % self.name
+
+ def restart( self ):
+ """
+ Public method that stops the process and then starts it again.
+ """
+
+ self.stop( warnCrashed = False )
+ self.start()
+
+class ProcessStartupError( Exception ):
+ """
+ Exception raised when a process fails to start.
+ """
+
+ pass
+
+class ProcessStatusError( Exception ):
+ """
+ Exception raised when a process is not running.
+ """
+ pass
+
+# ----------------------------------------------------------------------------
+# Module Functions
+# ----------------------------------------------------------------------------
+
+def init( dataDir ):
+ """
+ Initializes the module.
+
+ dataDir is the directory where all intermediate data files are
+ stored (e.g., pidfiles).
+ """
+
+ global _dataDir
+
+ _dataDir = dataDir
+
+def _isPidRunning( pid ):
+ """
+ Returns whether or not a process with the given pid is running.
+ """
+ try:
+ os.kill(pid, 0)
+ except OSError:
+ return False
+ else:
+ return True
+
+def add( process ):
+ """
+ Adds the given Process object as a target for the registry of
+ processes to manage.
+ """
+
+ if _processes.has_key( process.name ):
+ raise TargetAlreadyExistsError()
+ _processes[process.name] = process
+
+class TargetAlreadyExistsError( Exception ):
+ """
+ Exception raised when a target is added to the ProcessManager
+ whose name already exists.
+ """
+
+ pass
+
+def _runCommandOnTarget( command, target ):
+ """
+ Runs the given command on the given target.
+ """
+
+ if _dataDir == None:
+ print "Error! ProcessManager not initialized."
+ print "Please use ProcessManager.init()."
+ sys.exit( -1 )
+
+ errorOccurred = False
+
+ if target == "all":
+ for process in _processes.values():
+ method = getattr( process, command )
+ try:
+ method()
+ except (ProcessStartupError, ProcessStatusError):
+ errorOccurred = True
+ else:
+ method = getattr( _processes[target], command )
+ try:
+ method()
+ except (ProcessStartupError, ProcessStatusError):
+ errorOccurred = True
+
+ if errorOccurred:
+ sys.exit(1)
+
+def _checkPrivileges():
+ """
+ Checks to ensure that the current user has the proper privileges
+ to run the ProcessManager; exits the program if not.
+ """
+
+ needRoot = False
+ for process in _processes.values():
+ if process.gid or process.uid:
+ needRoot = True
+ break
+
+ if not needRoot:
+ return
+
+ if os.getuid() != 0:
+ print "ERROR: This script must be run as root."
+ sys.exit( -1 )
+
+def _generateTargetHelpText():
+ """
+ Returns a string containing a list of available targets with their
+ descriptions.
+ """
+
+ targets = ""
+ for key in _processes.keys():
+ targets += " %-21s%s\n" % ( key, _processes[key].desc )
+ return targets
+
+def _generateCommandHelpText():
+ """
+ Returns a string containing a list of available commands with a
+ description of what they do.
+ """
+
+ commands = ""
+ for command in COMMANDS.keys():
+ commands += " %-21s%s\n" % ( command, COMMANDS[command] )
+ commands = commands[:-1]
+ return commands
+
+def rcScriptMain():
+ """
+ The main function of the rc-script use of the Process Manager,
+ whereby the name of the script determines the target, and the
+ first command-line parameter determines the command.
+ """
+
+ _checkPrivileges()
+
+ target = os.path.split( sys.argv[0] )[1]
+ if not _processes.has_key( target ):
+ # If we're in a rc.d directory, we may have 3 characters
+ # prepended to our name, such as "S01foo". So let's try
+ # stripping off the first 3 characters of our name and seeing
+ # if that works as a target.
+ if target[0] in ["K", "S"]:
+ ordering = target[1:3]
+ try:
+ # See if these characters constitute a number.
+ int( ordering )
+ # If so, let's try reinterpreting our target.
+ target = target[3:]
+ except ValueError:
+ pass
+
+ if not _processes.has_key( target ):
+ print "ERROR: Target '%s' does not exist!" % target
+ print "Consider renaming this script to match one"
+ print "of the following targets:"
+ print
+ print _generateTargetHelpText()
+ sys.exit( -1 )
+
+ usageTextDict = {
+ "scriptName" : target,
+ "targetDesc" : _processes[ target ].desc,
+ "commands" : _generateCommandHelpText(),
+ }
+
+ usageText = RC_SCRIPT_USAGE_TEXT % usageTextDict
+
+ _processCmdLineOptions( usageText )
+
+ if len( sys.argv ) == 1:
+ command = ""
+ else:
+ command = sys.argv[1]
+
+ if not command in COMMANDS.keys():
+ _parser.print_help()
+ sys.exit( -1 )
+
+ _runCommandOnTarget( command, target )
+
+def _processCmdLineOptions( usageText, args=None ):
+ """
+ Parses and processes standard command-line options.
+ """
+
+ import optparse
+
+ global _parser
+ global _options
+ global _args
+
+ _parser = optparse.OptionParser( usage = usageText )
+
+ ( _options, _args ) = _parser.parse_args(args=args)
+
+def main(argv=sys.argv, usage=USAGE_TEXT):
+ """
+ The main function of the Process Manager which processes
+ command-line arguments and acts on them.
+ """
+
+ _checkPrivileges()
+
+ usageTextDict = {
+ "scriptName" : os.path.split( argv[0] )[1],
+ "targets" : _generateTargetHelpText(),
+ "commands" : _generateCommandHelpText(),
+ }
+
+ usageText = usage % usageTextDict
+
+ _processCmdLineOptions( usageText, args=argv[1:] )
+
+ if len( _args ) < 2:
+ _parser.print_help()
+ sys.exit( -1 )
+
+ target = _args[0]
+ command = _args[1]
+
+ if target not in _processes.keys() and target != "all":
+ print "Invalid target: '%s'" % target
+ sys.exit( -1 )
+ if command not in COMMANDS.keys():
+ print "Invalid command: '%s'" % command
+ sys.exit( -1 )
+
+ _runCommandOnTarget( command, target )
+
View
83 ctx-broker/home/lib/brokerctl.py
@@ -0,0 +1,83 @@
+#! /usr/bin/env python
+
+import os
+import sys
+
+import ProcessManager
+from ProcessManager import Process
+import ConfigParser
+
+USAGE_TEXT = """\
+
+ nimbusctl [target] command
+
+Omit the target to perform the command for all targets.
+
+Targets:
+%(targets)s\
+
+Commands:
+%(commands)s\
+"""
+
+
+NIMBUS_HOME = os.getenv("NIMBUS_HOME")
+
+if not NIMBUS_HOME:
+ sys.exit("The NIMBUS_HOME environment variable is not set!")
+
+if not os.path.isdir(NIMBUS_HOME):
+ sys.exit("$NIMBUS_HOME does not exist: "+ NIMBUS_HOME)
+
+
+CONFIG_PATH = os.path.join(NIMBUS_HOME, 'nimbus-setup.conf')
+_NO_CONFIG_ERROR = """
+Could not find the Nimbus setup config file:
+ %s
+This file is created after successful completion of the nimbus-configure
+program. You should try running nimbus-configure before using this program.
+""" % CONFIG_PATH
+config = ConfigParser.SafeConfigParser()
+if not config.read(CONFIG_PATH):
+ sys.exit(_NO_CONFIG_ERROR)
+broker_enabled = config.getboolean('nimbussetup', 'broker.enabled')
+
+if not (broker_enabled):
+ sys.exit("Broker is not enabled. "+
+ "See the '%s' config file to adjust this setting." % CONFIG_PATH)
+
+try:
+ services_wait = config.getint('nimbussetup', 'services.wait')
+except ConfigParser.NoOptionError:
+ services_wait = 10
+
+NIMBUS_RUN_DIR = os.path.join(NIMBUS_HOME, 'var/run/')
+if not os.path.isdir(NIMBUS_RUN_DIR):
+ try:
+ os.mkdir(NIMBUS_RUN_DIR)
+ except:
+ sys.exit("Failed to create run directory: %s" % NIMBUS_RUN_DIR)
+
+ProcessManager.init(dataDir = NIMBUS_RUN_DIR)
+
+if broker_enabled:
+ NIMBUS_BROKER_EXE = os.path.join(NIMBUS_HOME, 'lib/run-broker.sh')
+ if not os.path.exists(NIMBUS_BROKER_EXE):
+ sys.exit("The broker executable does not exist: " +
+ NIMBUS_BROKER_EXE)
+ ProcessManager.add( Process(
+ name = "broker",
+ desc = "Nimbus Context Broker",
+ program = NIMBUS_BROKER_EXE,
+ args = [],
+ workingDir = NIMBUS_HOME,
+ postStartDelay=services_wait
+ ))
+
+
+argv = sys.argv
+if len(argv) == 2:
+ argv = argv[:]
+ argv.insert(1, 'all')
+
+ProcessManager.main(argv=argv, usage=USAGE_TEXT)
View
3 ctx-broker/home/lib/pynimbusconfig/README
@@ -0,0 +1,3 @@
+In the next release, the configuration libraries for use with ctx-broker, web, and IaaS will all be housed in a common library.
+
+This is an interim solution, the future library will be this new "pynimbusconfig" library and it will be accessible from any install's home dir venv (iaas or ctx-broker only).
View
0 ctx-broker/home/lib/pynimbusconfig/__init__.py
No changes.
View
273 ctx-broker/home/lib/pynimbusconfig/autoca.py
@@ -0,0 +1,273 @@
+import os
+import shutil
+import sys
+
+from pynimbusconfig import javautil
+from pynimbusconfig import pathutil
+from pynimbusconfig import runutil
+from pynimbusconfig.setuperrors import *
+
+# Make this False if you want to keep stuff around for examining, otherwise it
+# would be in an inconsistent state after an exception during CA creation.
+WIPE_NEW_CA_DIRECTORY_ON_ERRORS = True
+
+
+EXE_HOSTGUESS="org.nimbustools.auto_common.HostGuess"
+EXE_NEW_HOSTCERTFILE="org.nimbustools.auto_common.confmgr.ReplaceCertFile"
+EXE_NEW_HOSTKEYFILE="org.nimbustools.auto_common.confmgr.ReplaceKeyFile"
+EXE_CREATE_NEW_CA="org.nimbustools.auto_common.ezpz_ca.GenerateNewCA"
+EXE_CREATE_CRL="org.nimbustools.auto_common.ezpz_ca.GenerateCRL"
+EXE_CREATE_NEW_CERT="org.nimbustools.auto_common.ezpz_ca.GenerateNewCert"
+EXE_FIND_CA_PUBPEM="org.nimbustools.auto_common.ezpz_ca.FindCAPubFile"
+EXE_FIND_CA_PRIVPEM="org.nimbustools.auto_common.ezpz_ca.FindCAPrivFile"
+EXE_GET_HASHED_CERT_NAME="org.nimbustools.auto_common.ezpz_ca.CertFilenameHash"
+EXE_GET_CERT_DN="org.nimbustools.auto_common.ezpz_ca.CertDN"
+EXE_WRITE_SIGNING_POLICY="org.nimbustools.auto_common.ezpz_ca.SigningPolicy"
+EXE_KEYSTORE_FROM_PEM="org.nimbustools.auto_common.ezpz_ca.KeystoreFromPEM"
+
+def createCert(CN, basedir, cadir, certtarget, keytarget, log,
+ allow_overwrite=False):
+
+ if not allow_overwrite and pathutil.check_path_exists(certtarget):
+ msg = "Certificate file present already: " + certtarget
+ raise IncompatibleEnvironment(msg)
+ if not allow_overwrite and pathutil.check_path_exists(keytarget):
+ msg = "Key file present already: " + keytarget
+ raise IncompatibleEnvironment(msg)
+
+ cacert_path = findCAcert(basedir, cadir, log)
+ cakey_path = findCAkey(basedir, cadir, log)
+
+ # Create temp directory.
+ uuid = pathutil.uuidgen()
+ tempdir = pathutil.pathjoin(cadir, uuid)
+ os.mkdir(tempdir)
+ pathutil.ensure_dir_exists(tempdir, "temp certs directory")
+ log.debug("Created %s" % tempdir)
+
+ args = [tempdir, CN, "pub", "priv", cacert_path, cakey_path]
+ (exitcode, stdout, stderr) = javautil.run(basedir, log, EXE_CREATE_NEW_CERT, args=args)
+ runutil.generic_bailout("Problem creating certificate.", exitcode, stdout, stderr)
+
+ pub_DN = stdout.strip()
+
+ temp_pub_path = pathutil.pathjoin(tempdir, "pub")
+ pathutil.ensure_file_exists(temp_pub_path, "temp cert")
+ log.debug("temp cert exists: " + temp_pub_path)
+
+ # copy that to user-cert records
+ args = [temp_pub_path]
+ (exitcode, stdout, stderr) = javautil.run(basedir, log, EXE_GET_HASHED_CERT_NAME, args=args)
+ runutil.generic_bailout("Problem finding hashed cert name.", exitcode, stdout, stderr)
+ usercertfilehash = stdout.strip()
+ log.debug("user cert file hash is '%s'" % usercertfilehash)
+ cert_records_path = pathutil.pathjoin(cadir, "user-certs")
+ cert_records_path = pathutil.pathjoin(cert_records_path,
+ usercertfilehash + ".0")
+ shutil.copyfile(temp_pub_path, cert_records_path)
+ pathutil.ensure_file_exists(cert_records_path, "new certificate (record)")
+ log.debug("cert exists at target: " + cert_records_path)
+
+ temp_priv_path = pathutil.pathjoin(tempdir, "priv")
+ pathutil.ensure_file_exists(temp_priv_path, "temp key")
+ log.debug("temp key exists: " + temp_priv_path)
+
+ log.debug("Created certificate: %s" % pub_DN)
+
+ # Those user-supplied targets still don't exist, right? :-)
+ if not allow_overwrite and pathutil.check_path_exists(certtarget):
+ msg = "Certificate file present already: " + certtarget
+ raise IncompatibleEnvironment(msg)
+ if not allow_overwrite and pathutil.check_path_exists(keytarget):
+ msg = "Key file present already: " + keytarget
+ raise IncompatibleEnvironment(msg)
+
+ shutil.copyfile(temp_pub_path, certtarget)
+ pathutil.ensure_file_exists(certtarget, "new certificate")
+ log.debug("cert exists at target: " + certtarget)
+
+ shutil.copyfile(temp_priv_path, keytarget)
+ pathutil.ensure_file_exists(keytarget, "new key")
+ log.debug("key exists at target: " + keytarget)
+
+ pathutil.make_path_rw_private(keytarget)
+ pathutil.ensure_path_private(keytarget, "new key")
+ log.debug("file made private: %s" % keytarget)
+
+ shutil.rmtree(tempdir)
+
+ return pub_DN
+
+class KeystoreMismatchError(Exception):
+ pass
+
+def ensureKeystore(certpath, keypath, storepath, password, basedir, log):
+ """
+ Creates or validates a Java keystore from PEM-encoded certificate and key
+ """
+
+ if not pathutil.check_path_exists(certpath):
+ msg = "Certificate file does not exist: " + certpath
+ raise IncompatibleEnvironment(msg)
+
+ if not pathutil.check_path_exists(keypath):
+ msg = "Private key file does not exist: " + keypath
+ raise IncompatibleEnvironment(msg)
+
+ if pathutil.check_path_exists(storepath):
+ log.debug("Keystore file exists: %s." % storepath,
+ "Ensuring that it contains right cert/key")
+
+ args = [certpath, keypath, storepath, password]
+ (exitcode, stdout, stderr) = javautil.run(basedir, log,
+ EXE_KEYSTORE_FROM_PEM, args=args)
+ if exitcode == 2:
+ raise KeystoreMismatchError(stderr)
+ runutil.generic_bailout("Problem creating keystore",
+ exitcode, stdout, stderr)
+
+def getCertDN(certpath, basedir, log):
+
+ if not pathutil.check_path_exists(certpath):
+ msg = "Certificate file does not exist: " + certpath
+ raise IncompatibleEnvironment(msg)
+
+ args = [certpath]
+ (exitcode, stdout, stderr) = javautil.run(basedir, log,
+ EXE_GET_CERT_DN, args=args)
+ runutil.generic_bailout("Problem finding cert DN",
+ exitcode, stdout, stderr)
+
+ return stdout.strip()
+
+def findCAcert(basedir, cadir, log):
+ cacertdir = pathutil.pathjoin(cadir, "ca-certs")
+ args = [cacertdir]
+ (exitcode, stdout, stderr) = javautil.run(basedir, log, EXE_FIND_CA_PUBPEM, args=args)
+ runutil.generic_bailout("Problem finding CA certificate.", exitcode, stdout, stderr)
+ if not stdout:
+ raise UnexpectedError("Path is not present for CA certificate")
+ certpath = stdout.strip()
+ pathutil.ensure_file_exists(certpath, "CA certificate")
+ return certpath
+
+def findCAkey(basedir, cadir, log):
+ cacertdir = pathutil.pathjoin(cadir, "ca-certs")
+ args = [cacertdir]
+ (exitcode, stdout, stderr) = javautil.run(basedir, log, EXE_FIND_CA_PRIVPEM, args=args)
+ runutil.generic_bailout("Problem finding CA key.", exitcode, stdout, stderr)
+ if not stdout:
+ raise UnexpectedError("Path is not present for CA key")
+ keypath = stdout.strip()
+ pathutil.ensure_file_exists(keypath, "CA key")
+ return keypath
+
+def createCA(ca_name, basedir, cadir, log):
+ if pathutil.check_path_exists(cadir):
+ raise IncompatibleEnvironment("cannot create a CA at a directory that exists already")
+ try:
+ _createCA(ca_name, basedir, cadir, log)
+ except:
+ if not WIPE_NEW_CA_DIRECTORY_ON_ERRORS:
+ raise
+ # wipe the whole directory
+ print >>sys.stderr, "Error, wiping the unfinished '%s' directory" % cadir
+ shutil.rmtree(cadir)
+ raise
+
+def _createCA(ca_name, basedir, cadir, log):
+
+ javautil.check(basedir, log)
+
+ # mkdir $cadir
+ # mkdir $cadir/ca-certs
+ # mkdir $cadir/trusted-certs
+ # mkdir $cadir/user-certs
+
+ os.mkdir(cadir)
+ pathutil.ensure_dir_exists(cadir, "New CA directory")
+ log.debug("Created %s" % cadir)
+
+ cacertdir = pathutil.pathjoin(cadir, "ca-certs")
+ os.mkdir(cacertdir)
+ pathutil.ensure_dir_exists(cacertdir, "New CA certs directory")
+ log.debug("Created %s" % cacertdir)
+
+ trustedcertdir = pathutil.pathjoin(cadir, "trusted-certs")
+ os.mkdir(trustedcertdir)
+ pathutil.ensure_dir_exists(trustedcertdir, "New CA trusted certs directory")
+ log.debug("Created %s" % trustedcertdir)
+
+ usercertdir = pathutil.pathjoin(cadir, "user-certs")
+ os.mkdir(usercertdir)
+ pathutil.ensure_dir_exists(usercertdir, "New CA user certs directory")
+ log.debug("Created %s" % usercertdir)
+
+ # Create the cert via autocommon
+
+ args = [cacertdir, ca_name]
+ (exitcode, stdout, stderr) = javautil.run(basedir, log, EXE_CREATE_NEW_CA, args=args)
+ runutil.generic_bailout("Problem creating CA.", exitcode, stdout, stderr)
+
+
+ # Make the private key owner-readable only
+
+ privkeyname = "private-key-" + ca_name + ".pem"
+ cakeyfile = pathutil.pathjoin(cacertdir, privkeyname)
+ pathutil.ensure_file_exists(cakeyfile, "New CA key")
+ log.debug("file exists: %s" % cakeyfile)
+ pathutil.make_path_rw_private(cakeyfile)
+ pathutil.ensure_path_private(cakeyfile, "New CA key")
+ log.debug("file made private: %s" % cakeyfile)
+
+
+ # Copy the new certificate file to the "hash.0" version that some toolings
+ # will expect.
+
+ cacertfile = pathutil.pathjoin(cacertdir, ca_name + ".pem")
+ pathutil.ensure_file_exists(cacertfile, "New CA cert")
+ log.debug("file exists: %s" % cacertfile)
+
+ args = [cacertfile]
+ (exitcode, stdout, stderr) = javautil.run(basedir, log, EXE_GET_HASHED_CERT_NAME, args=args)
+ runutil.generic_bailout("Problem finding hashed cert name.", exitcode, stdout, stderr)
+ cacertfilehash = stdout.strip()
+ log.debug("cert file hash is '%s'" % cacertfilehash)
+
+ newpath = pathutil.pathjoin(cacertdir, cacertfilehash + ".0")
+ shutil.copyfile(cacertfile, newpath)
+ pathutil.ensure_file_exists(newpath, "New CA cert (hashed #1)")
+ log.debug("file exists: %s" % newpath)
+
+ newpath = pathutil.pathjoin(trustedcertdir, cacertfilehash + ".0")
+ shutil.copyfile(cacertfile, newpath)
+ pathutil.ensure_file_exists(newpath, "New CA cert (hashed #2)")
+ log.debug("file exists: %s" % newpath)
+
+ # Signing policy
+
+ signing1 = pathutil.pathjoin(cacertdir, cacertfilehash + ".signing_policy")
+ args = [cacertfile, signing1]
+ (exitcode, stdout, stderr) = javautil.run(basedir, log, EXE_WRITE_SIGNING_POLICY, args=args)
+ runutil.generic_bailout("Problem creating signing_policy file.", exitcode, stdout, stderr)
+ pathutil.ensure_file_exists(signing1, "signing_policy file #1")
+ log.debug("file exists: %s" % signing1)
+
+ signing2 = pathutil.pathjoin(trustedcertdir, cacertfilehash + ".signing_policy")
+ shutil.copyfile(signing1, signing2)
+ pathutil.ensure_file_exists(signing2, "signing_policy file #2")
+ log.debug("file exists: %s" % signing2)
+
+ # CRL
+
+ crl1 = pathutil.pathjoin(cacertdir, cacertfilehash + ".r0")
+ args = [crl1, cacertfile, cakeyfile]
+ (exitcode, stdout, stderr) = javautil.run(basedir, log, EXE_CREATE_CRL, args=args)
+ runutil.generic_bailout("Problem creating revocation file.", exitcode, stdout, stderr)
+ pathutil.ensure_file_exists(crl1, "revocation file #1")
+ log.debug("file exists: %s" % crl1)
+
+ crl2 = pathutil.pathjoin(trustedcertdir, cacertfilehash + ".r0")
+ shutil.copyfile(crl1, crl2)
+ pathutil.ensure_file_exists(crl2, "revocation file #2")
+ log.debug("file exists: %s" % crl2)
View
0 ctx-broker/home/lib/pynimbusconfig/broker/__init__.py
No changes.
View
579 ctx-broker/home/lib/pynimbusconfig/broker/main.py
@@ -0,0 +1,579 @@
+#!/usr/bin/env python
+
+import logging
+import optparse
+import os
+import socket
+import sys
+import traceback
+import ConfigParser
+from StringIO import StringIO
+import readline
+import shutil
+import string
+import time
+from random import Random
+
+from pynimbusconfig import autoca
+from pynimbusconfig import checkssl
+from pynimbusconfig import gtcontainer
+from pynimbusconfig import javautil
+from pynimbusconfig import pathutil
+from pynimbusconfig.setuperrors import *
+
+
+CONFIGSECTION = 'nimbussetup'
+DEFAULTCONFIG = """
+[nimbussetup]
+
+# relative to base directory
+hostcert: var/hostcert.pem
+hostkey: var/hostkey.pem
+ca.dir: var/ca
+ca.trustedcerts.dir: var/ca/trusted-certs
+
+gridmap: services/etc/nimbus/nimbus-grid-mapfile
+
+keystore: var/keystore.jks
+keystore.pass: changeit
+
+services.enabled: True
+services.wait: 10
+"""
+CONFIG_STATE_PATH = 'nimbus-setup.conf'
+
+CONFIG_KEY_CA_DIR="ca.dir"
+CONFIG_KEY_HOSTCERT="hostcert"
+CONFIG_KEY_HOSTKEY="hostkey"
+CONFIG_KEY_KEYSTORE="keystore"
+CONFIG_KEY_GRIDMAP="gridmap"
+CONFIG_KEY_TRUSTED_CERTS="ca.trustedcerts.dir"
+CONFIG_KEY_ENVFILE="envfile"
+
+CA_NAME_QUESTION = """
+Nimbus uses an internal Certificate Authority (CA) for some services. This CA
+is also used to generate host and user certificates if you do not have your own.
+
+This CA will be created in %(ca.dir)s
+
+Please pick a unique, one word CA name or hit ENTER to use a UUID.
+
+For example, if you are installing this on the "Jupiter" cluster, you might use
+"JupiterNimbusCA" as the name.
+"""
+
+CONFIG_HEADER = """
+# Autogenerated at %(time)s
+#
+# This file contains configuration values used by the nimbus-configure program.
+# If you want to change any of these values, you may edit this file, but you
+# must run nimbus-configure before the change will take effect.
+
+"""
+
+ENVFILE_BODY = """
+# Autogenerated at %(time)s
+#
+# This file contains environment variables which are necessary to use some of
+# the Nimbus internal tools directly
+
+NIMBUS_HOME=%(NIMBUS_HOME)s
+export NIMBUS_HOME
+
+GLOBUS_LOCATION=%(GLOBUS_LOCATION)s
+export GLOBUS_LOCATION
+
+X509_CERT_DIR=%(X509_CERT_DIR)s
+export X509_CERT_DIR
+"""
+
+KEYSTORE_MISMATCH_MSG = """
+A Java keystore already exists at:
+ %(keystore)s
+However, it does not contain the host certificate and private key which are
+being configured.
+ Certificate: %(hostcert)s
+ Private key: %(hostkey)s
+This may be because you have switched certificates and the keystore contains
+the old version. If so, the best solution is to delete (or relocate) the
+keystore and rerun nimbus-configure to generate a new one.
+"""
+
+def getlog(override=None):
+ """Allow developer to replace logging mechanism, e.g. if this
+ module is incorporated into another program as an API.
+
+ Keyword arguments:
+
+ * override -- Custom logger (default None, uses global variable)
+
+ """
+ global _log
+ if override:
+ _log = override
+ try:
+ _log
+ except:
+ _log = logging.getLogger("nimbussetup")
+ _log.setLevel(logging.DEBUG)
+ return _log
+
+def configureLogging(level, formatstring=None, logger=None):
+ """Configure the logging format and mechanism. Sets global 'log' variable.
+
+ Required parameter:
+
+ * level -- log level
+
+ Keyword arguments:
+
+ * formatstring -- Custom logging format (default None, uses time+level+msg)
+
+ * logger -- Custom logger (default None)
+ """
+
+ global log
+
+ logger = getlog(override=logger)
+
+ if not formatstring:
+ formatstring = "%(asctime)s (%(filename)s:%(lineno)d): %(message)s"
+
+ formatter = logging.Formatter(formatstring)
+ ch = logging.StreamHandler()
+ ch.setLevel(level)
+ ch.setFormatter(formatter)
+ logger.addHandler(ch)
+
+ # set global variable
+ log = logger
+
+ log.debug("debug enabled")
+
+def getconfig(filepaths=None):
+ config = ConfigParser.SafeConfigParser()
+
+ fh = StringIO(DEFAULTCONFIG)
+ config.readfp(fh)
+ if filepaths:
+ for path in config.read(filepaths):
+ log.debug("Read config from: '%s'" % path)
+ return config
+
+class ARGS:
+ """Class for command-line argument constants"""
+
+ BASEDIR_LONG = "--basedir"
+ BASEDIR = "-b"
+ BASEDIR_HELP = "Path to base Nimbus directory"
+
+ CONFIGPATH_LONG = "--conf"
+ CONFIGPATH = "-c"
+ CONFIGPATH_HELP = "Path to configuration file"
+
+ DEBUG_LONG = "--debug"
+ DEBUG = "-d"
+ DEBUG_HELP = "Log debug messages"
+
+ HOSTNAME_LONG = "--hostname"
+ HOSTNAME = "-H"
+ HOSTNAME_HELP = "Fully qualified hostname of machine"
+
+ CANAME_LONG= "--caname"
+ CANAME = "-n"
+ CANAME_HELP = "Unique name to give CA"
+
+ HOSTKEY_LONG = "--hostkey"
+ HOSTKEY = "-k"
+ HOSTKEY_HELP = "Path to PEM-encoded host private key"
+
+ HOSTCERT_LONG = "--hostcert"
+ HOSTCERT = "-C"
+ HOSTCERT_HELP = "Path to PEM-encoded host certificate"
+
+ PRINT_HOSTNAME_LONG = "--print-hostname"
+ PRINT_HOSTNAME = "-Z"
+ PRINT_HOSTNAME_HELP = "Print chosen hostname or error if none chosen"
+
+def validateargs(opts):
+
+ seeh = "see help (-h)"
+
+ if not opts.basedir:
+ raise InvalidInput("%s required, %s." % (ARGS.BASEDIR_LONG, seeh))
+
+ if opts.configpath and not os.path.exists(opts.configpath):
+ raise InvalidInput("%s file specified does not exist: '%s'" %
+ (ARGS.CONFIGPATH_LONG, opts.configpath))
+
+ if opts.hostkey or opts.hostcert:
+ if not (opts.hostkey and opts.hostcert):
+ raise InvalidInput(
+ "You must specify both %s and %s paths, or neither" %
+ (ARGS.HOSTCERT_LONG, ARGS.HOSTKEY_LONG))
+ if not os.path.exists(opts.hostkey):
+ raise InvalidInput("The specified host key does not exist: %s" %
+ opts.hostkey)
+ if not os.path.exists(opts.hostcert):
+ raise InvalidInput("The specified host cert does not exist: %s" %
+ opts.hostcert)
+
+def parsersetup():
+ """Return configured command-line parser."""
+
+ ver = "Nimbus Context Broker setup"
+ usage = "see help (-h)."
+ parser = optparse.OptionParser(version=ver, usage=usage)
+
+ group = optparse.OptionGroup(parser, "Misc options", "-------------")
+
+ group.add_option(ARGS.PRINT_HOSTNAME, ARGS.PRINT_HOSTNAME_LONG,
+ action="store_true", dest="print_chosen_hostname",
+ default=False, help=ARGS.PRINT_HOSTNAME_HELP)
+
+ group.add_option(ARGS.DEBUG, ARGS.DEBUG_LONG,
+ action="store_true", dest="debug", default=False,
+ help=ARGS.DEBUG_HELP)
+
+ group.add_option(ARGS.CONFIGPATH, ARGS.CONFIGPATH_LONG,
+ dest="configpath", metavar="PATH",
+ help=ARGS.CONFIGPATH_HELP)
+
+ group.add_option(ARGS.BASEDIR, ARGS.BASEDIR_LONG,
+ dest="basedir", metavar="PATH",
+ help=ARGS.BASEDIR_HELP)
+
+ parser.add_option_group(group)
+
+ group = optparse.OptionGroup(parser, "Configuration options",
+ "-------------")
+
+ group.add_option(ARGS.HOSTNAME, ARGS.HOSTNAME_LONG,
+ dest="hostname", metavar="HOST", help=ARGS.HOSTNAME_HELP)
+
+ group.add_option(ARGS.CANAME, ARGS.CANAME_LONG,
+ dest="ca_name", metavar="NAME", help=ARGS.CANAME_HELP)
+
+ group.add_option(ARGS.HOSTKEY, ARGS.HOSTKEY_LONG,
+ dest="hostkey", metavar="PATH", help=ARGS.HOSTKEY_HELP)
+
+ group.add_option(ARGS.HOSTCERT, ARGS.HOSTCERT_LONG,
+ dest="hostcert", metavar="PATH", help=ARGS.HOSTCERT_HELP)
+ parser.add_option_group(group)
+ return parser
+
+def fold_opts_to_config(opts, config):
+ if opts.hostname:
+ config.set(CONFIGSECTION, 'hostname', opts.hostname)
+ if opts.ca_name:
+ config.set(CONFIGSECTION, 'ca.name', opts.ca_name)
+ if opts.hostkey:
+ config.set(CONFIGSECTION, CONFIG_KEY_HOSTKEY, opts.hostkey)
+ if opts.hostcert:
+ config.set(CONFIGSECTION, CONFIG_KEY_HOSTCERT, opts.hostcert)
+
+def get_user_input(valuename, default=None, required=True):
+ answer = None
+ question = valuename + (default and ("(%s): " % default) or ": ")
+ while not answer:
+ value = raw_input(valuename+": ")
+ if value:
+ answer = value.strip()
+ elif default:
+ answer = default
+ if not answer:
+ if required:
+ print "Invalid input. You must specify a value. Or hit Ctrl-C to give up."
+ else:
+ return None
+
+ return answer
+
+class NimbusSetup(object):
+ def __init__(self, basedir, config, interactive=True):
+ self.basedir = basedir
+ self.config = config
+ self.interactive = interactive
+
+ self.gtdir = self.resolve_path('services/')
+ self.cadir = self.resolve_config_path(CONFIG_KEY_CA_DIR)
+ self.trustedcertsdir = self.resolve_config_path(CONFIG_KEY_TRUSTED_CERTS)
+ self.hostcert_path = self.resolve_config_path(CONFIG_KEY_HOSTCERT)
+ self.hostkey_path = self.resolve_config_path(CONFIG_KEY_HOSTKEY)
+ self.keystore_path = self.resolve_config_path(CONFIG_KEY_KEYSTORE)
+ self.gridmap_path = self.resolve_config_path(CONFIG_KEY_GRIDMAP)
+ try:
+ self.envfile_path = self.resolve_config_path(CONFIG_KEY_ENVFILE)
+ except:
+ self.envfile_path = self.resolve_path('libexec/environment.sh')
+
+ def __getitem__(self, key):
+ try:
+ return self.config.get(CONFIGSECTION, key)
+ except ConfigParser.NoOptionError:
+ return None
+
+ def __setitem__(self, key, value):
+ return self.config.set(CONFIGSECTION, key, value)
+
+ def validate_environment(self):
+ if not pathutil.is_absolute_path(self.basedir):
+ raise IncompatibleEnvironment(
+ "Base directory setting is not absolute")
+ pathutil.ensure_dir_exists(self.basedir, "base")
+ pathutil.ensure_dir_exists(self.gtdir, "GT container")
+
+ # check that we have some java
+ javautil.check(self.basedir, log)
+
+ def resolve_path(self, path):
+ """
+ Resolves a path relative to base directory. If absolute, returns as-is.
+ If relative, joins with self.basedir and returns.
+ """
+ if os.path.isabs(path):
+ return path
+ return os.path.join(self.basedir, path)
+
+ def resolve_config_path(self, config):
+ """
+ Resolves a path, like resolve_path(), but from a config key.
+ """
+ path = self[config]
+ if path:
+ return self.resolve_path(path)
+ return None
+
+ def is_config_present(self, configkey):
+ path = self[configkey]
+ if path:
+ return True
+ else:
+ return False
+
+ def is_config_relative(self, configkey):
+ """
+ Resolves if a config is a relative path or not.
+ """
+ path = self[configkey]
+ if not path:
+ return False
+ return not os.path.isabs(path)
+
+ def ask_hostname(self):
+ hostguess = self['hostname']
+ if not hostguess:
+ hostguess = socket.getfqdn()
+
+ if self.interactive:
+ print "\nWhat is the fully qualified hostname of this machine?\n"
+ print "Press ENTER to use the detected value (%s)\n" % hostguess
+ hostname = get_user_input("Hostname", default=hostguess)
+ else:
+ print "Using hostname: '%s'" % hostguess
+ hostname = hostguess
+ return hostname
+
+ def ask_ca_name(self):
+ ca_name_config = self['ca.name']
+
+ if self.interactive:
+ print CA_NAME_QUESTION % {CONFIG_KEY_CA_DIR : self.cadir}
+ ca_name = get_user_input("CA Name", default=ca_name_config,
+ required=False)
+ if not ca_name:
+ ca_name = pathutil.uuidgen()
+ print "You did not enter a name, using '%s'" % ca_name
+ else:
+ ca_name = ca_name_config or pathutil.uuidgen()
+ print "Creating CA with name: '%s'" % ca_name
+ return ca_name
+
+ def write_env_file(self):
+ """Writes an environment file users can source."""
+ f = None
+ try:
+ f = open(self.envfile_path,'w')
+ text = ENVFILE_BODY % {
+ 'time' : time.strftime('%c'),
+ 'NIMBUS_HOME' : self.basedir,
+ 'GLOBUS_LOCATION' : self.gtdir,
+ 'X509_CERT_DIR' : self.trustedcertsdir
+ }
+ f.write(text)
+ finally:
+ if f:
+ f.close()
+
+ def get_hostname_or_ask(self):
+ if self['hostname']:
+ hostname = self['hostname']
+ log.debug('Using configured hostname: "%s". Run with %s to change.',
+ hostname, ARGS.HOSTNAME_LONG)
+ else:
+ hostname = self.ask_hostname()
+ self['hostname'] = hostname
+ return hostname
+
+ def get_hostname_no_asking(self):
+ # could be None
+ return self['hostname']
+
+ def get_repobucket_no_asking(self):
+ # at least get this to one exact place, can determine dynamically later
+ return "Repo"
+
+ def perform_setup(self):
+ # first, set up CA and host cert/key
+ ca_name = self["ca.name"]
+ if not os.path.exists(self.cadir):
+ ca_name = self.ask_ca_name()
+ self['ca.name'] = ca_name
+ autoca.createCA(ca_name, self.basedir, self.cadir, log)
+ if not ca_name:
+ raise InvalidConfig("CA name is unknown")
+
+ ca_cert = os.path.join(self.cadir, 'ca-certs/%s.pem' % ca_name)
+ ca_key = os.path.join(self.cadir, 'ca-certs/private-key-%s.pem' % ca_name)
+ pathutil.ensure_file_exists(ca_cert, "CA certificate")
+ pathutil.ensure_file_exists(ca_key, "CA private key")
+
+ hostname = self.get_hostname_or_ask()
+
+ #TODO the hostcert/key creation should be extracted from here
+ # right now it just does a bunch of redundant checks first
+ checkssl.run(self.basedir, self.hostcert_path, self.hostkey_path, log,
+ cadir=self.cadir, hostname=hostname)
+
+ password = self['keystore.pass']
+ if not password:
+ raise InvalidConfig("Keystore password is unknown")
+
+ try:
+ autoca.ensureKeystore(self.hostcert_path, self.hostkey_path,
+ self.keystore_path, password, self.basedir, log)
+ except autoca.KeystoreMismatchError:
+ raise IncompatibleEnvironment(KEYSTORE_MISMATCH_MSG % {
+ 'keystore' : self.keystore_path,
+ 'hostcert' : self.hostcert_path,
+ 'hostkey' : self.hostkey_path })
+ pathutil.make_path_rw_private(self.keystore_path)
+
+ # then setup GT container
+ gtcontainer.adjust_hostname(hostname, self.basedir, self.gtdir, log)
+ gtcontainer.adjust_secdesc_path(self.basedir, self.gtdir, log)
+ gtcontainer.adjust_host_cert(self.hostcert_path, self.hostkey_path,
+ self.basedir, self.gtdir, log)
+ gtcontainer.adjust_gridmap_file(self.gridmap_path, self.basedir,
+ self.gtdir, log)
+
+ # and context broker
+ gtcontainer.adjust_broker_config(ca_cert, ca_key, self.keystore_path,
+ password, self.basedir, self.gtdir, log)
+
+ # write an enviroment file
+ self.write_env_file()
+
+def main(argv=None):
+ if os.name != 'posix':
+ print >>sys.stderr, "\nERROR: Only runs on POSIX systems."
+ return 3
+
+ if sys.version_info < (2,4):
+ print >>sys.stderr, "\nERROR: Your system must have Python version 2.4 or later. "
+ print >>sys.stderr, 'Detected version: "'+sys.version+'"'
+ return 4
+
+ parser = parsersetup()
+
+ if argv:
+ (opts, args) = parser.parse_args(argv[1:])
+ else:
+ (opts, args) = parser.parse_args()
+
+ global log
+ log = None
+
+ try:
+ configureLogging(opts.debug and logging.DEBUG or logging.INFO)
+
+ validateargs(opts)
+
+ basedir = opts.basedir
+ log.debug("base directory: %s" % basedir)
+ config_state_path = os.path.join(basedir, CONFIG_STATE_PATH)
+ paths = [config_state_path]
+ if opts.configpath:
+ paths.append(opts.configpath)
+ config = getconfig(filepaths=paths)
+ #Some command line options are folded into the config object
+ fold_opts_to_config(opts, config)
+
+ setup = NimbusSetup(basedir, config)
+ setup.validate_environment()
+
+ if opts.print_chosen_hostname:
+ hostname = setup.get_hostname_no_asking()
+ if not hostname:
+ return 1
+ else:
+ print hostname
+ return 0
+ else:
+ setup.perform_setup()
+
+ log.debug("saving settings to %s" % config_state_path)
+ try:
+ f = None
+ try:
+ f = open(config_state_path, 'wb')
+ f.write(CONFIG_HEADER % {'time' : time.strftime('%c')})
+ config.write(f)
+ except:
+ log.info("Failed to save settings to %s!" % config_state_path)
+ finally:
+ if f:
+ f.close()
+
+ # using instead of 0 for now, as a special signal to the wrapper program
+ return 42
+
+ except InvalidInput, e:
+ msg = "\nProblem with input: %s" % e.msg
+ print >>sys.stderr, msg
+ return 1
+
+ except InvalidConfig, e:
+ msg = "\nProblem with configuration: %s" % e.msg
+ print >>sys.stderr, msg
+ return 2
+
+ except IncompatibleEnvironment, e:
+ msg = "\nCannot validate environment: %s" % e.msg
+ print >>sys.stderr, msg
+ if opts.debug:
+ print >>sys.stderr, "\n---------- stacktrace ----------"
+ traceback.print_tb(sys.exc_info()[2])
+ print >>sys.stderr, "--------------------------------"
+ return 3
+
+if __name__ == "__main__":
+ try:
+ sys.exit(main())
+ except SystemExit:
+ raise
+ except KeyboardInterrupt:
+ print "\n\nReceived keyboard interrupt. Aborting!\n"
+ sys.exit(5)
+ except:
+ exception_type = sys.exc_type
+ try:
+ exceptname = exception_type.__name__
+ except AttributeError:
+ exceptname = exception_type
+ name = str(exceptname)
+ err = str(sys.exc_value)
+ errmsg = "\n==> Uncaught problem, please report all following output:\n %s: %s" % (name, err)
+ print >>sys.stderr, errmsg
+ traceback.print_tb(sys.exc_info()[2])
+ sys.exit(97)
View
92 ctx-broker/home/lib/pynimbusconfig/checkssl.py
<
@@ -0,0 +1,92 @@
+import os
+import sys
+
+from pynimbusconfig import autoca
+from pynimbusconfig import pathutil
+from pynimbusconfig.setuperrors import *
+
+def run(basedir, certconf, keyconf, log, cadir=None, hostname=None):
+ log.debug("Checking SSL")
+
+ # If the configurations themselves are missing, we cannot continue.
+ if not certconf:
+ raise IncompatibleEnvironment("There is no 'ssl.cert' configuration")
+ if not keyconf:
+ raise IncompatibleEnvironment("There is no 'ssl.key' configuration")
+
+ # If the configurations are relative, they are assumed to be relative from
+ # the base directory.
+ if not pathutil.is_absolute_path(certconf):
+ certconf = pathutil.pathjoin(basedir, certconf)
+ log.debug("ssl.cert was a relative path, converted to '%s'" % certconf)
+ if not pathutil.is_absolute_path(keyconf):
+ keyconf = pathutil.pathjoin(basedir, keyconf)
+ log.debug("ssl.key was a relative path, converted to '%s'" % keyconf)
+
+ # If the configured certificate exists, check the key permissions, then
+ # exit.
+ missingcert = None
+ missingkey = None
+ if not pathutil.check_path_exists(certconf):
+ missingcert = "Configured 'ssl.cert' does not exist at '%s'" % certconf
+ if not pathutil.check_path_exists(keyconf):
+ missingkey = "Configured 'ssl.key' does not exist at '%s'" % keyconf
+
+ if not missingcert and not missingkey:
+ log.debug("cert and key confs exist already, checking key perms")
+ # check key permission
+ if pathutil.is_path_private(keyconf):
+ log.debug("key is owner-read only: %s" % keyconf)
+ else:
+ print >>sys.stderr, "***"
+ print >>sys.stderr, "*** WARNING ***"
+ print >>sys.stderr, "***"
+ print >>sys.stderr, "SSL key has bad permissions, should only be readable by the file owner. ssl.key: '%s'" % keyconf
+ return
+
+ # If only one of the cert/key files exists, we cannot reason about
+ # what to do: error.