root / lib / confd / server.py @ 6daf26a0
History | View | Annotate | Download (4.8 kB)
1 | 71f27d19 | Guido Trotter | #!/usr/bin/python
|
---|---|---|---|
2 | 71f27d19 | Guido Trotter | #
|
3 | 71f27d19 | Guido Trotter | |
4 | 71f27d19 | Guido Trotter | # Copyright (C) 2009, Google Inc.
|
5 | 71f27d19 | Guido Trotter | #
|
6 | 71f27d19 | Guido Trotter | # This program is free software; you can redistribute it and/or modify
|
7 | 71f27d19 | Guido Trotter | # it under the terms of the GNU General Public License as published by
|
8 | 71f27d19 | Guido Trotter | # the Free Software Foundation; either version 2 of the License, or
|
9 | 71f27d19 | Guido Trotter | # (at your option) any later version.
|
10 | 71f27d19 | Guido Trotter | #
|
11 | 71f27d19 | Guido Trotter | # This program is distributed in the hope that it will be useful, but
|
12 | 71f27d19 | Guido Trotter | # WITHOUT ANY WARRANTY; without even the implied warranty of
|
13 | 71f27d19 | Guido Trotter | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
14 | 71f27d19 | Guido Trotter | # General Public License for more details.
|
15 | 71f27d19 | Guido Trotter | #
|
16 | 71f27d19 | Guido Trotter | # You should have received a copy of the GNU General Public License
|
17 | 71f27d19 | Guido Trotter | # along with this program; if not, write to the Free Software
|
18 | 71f27d19 | Guido Trotter | # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
|
19 | 71f27d19 | Guido Trotter | # 02110-1301, USA.
|
20 | 71f27d19 | Guido Trotter | |
21 | 71f27d19 | Guido Trotter | |
22 | 71f27d19 | Guido Trotter | """Ganeti configuration daemon server library.
|
23 | 71f27d19 | Guido Trotter |
|
24 | 71f27d19 | Guido Trotter | Ganeti-confd is a daemon to query master candidates for configuration values.
|
25 | 71f27d19 | Guido Trotter | It uses UDP+HMAC for authentication with a global cluster key.
|
26 | 71f27d19 | Guido Trotter |
|
27 | 71f27d19 | Guido Trotter | """
|
28 | 71f27d19 | Guido Trotter | |
29 | 71f27d19 | Guido Trotter | import logging |
30 | 71f27d19 | Guido Trotter | import time |
31 | 71f27d19 | Guido Trotter | |
32 | 71f27d19 | Guido Trotter | from ganeti import constants |
33 | 71f27d19 | Guido Trotter | from ganeti import objects |
34 | 71f27d19 | Guido Trotter | from ganeti import errors |
35 | 71f27d19 | Guido Trotter | from ganeti import utils |
36 | 71f27d19 | Guido Trotter | from ganeti import serializer |
37 | 71f27d19 | Guido Trotter | |
38 | e16e4824 | Guido Trotter | from ganeti.confd import querylib |
39 | e16e4824 | Guido Trotter | |
40 | 71f27d19 | Guido Trotter | |
41 | 71f27d19 | Guido Trotter | class ConfdProcessor(object): |
42 | 71f27d19 | Guido Trotter | """A processor for confd requests.
|
43 | 71f27d19 | Guido Trotter |
|
44 | 71f27d19 | Guido Trotter | """
|
45 | 71f27d19 | Guido Trotter | DISPATCH_TABLE = { |
46 | e16e4824 | Guido Trotter | constants.CONFD_REQ_PING: querylib.PingQuery, |
47 | 6daf26a0 | Guido Trotter | constants.CONFD_REQ_NODE_ROLE_BYNAME: querylib.NodeRoleQuery, |
48 | e16e4824 | Guido Trotter | constants.CONFD_REQ_NODE_PIP_BY_INSTANCE_IP: querylib.ConfdQuery, |
49 | 71f27d19 | Guido Trotter | } |
50 | 71f27d19 | Guido Trotter | |
51 | 71f27d19 | Guido Trotter | def __init__(self, reader): |
52 | 12ce965f | Guido Trotter | """Constructor for ConfdProcessor
|
53 | 71f27d19 | Guido Trotter |
|
54 | 71f27d19 | Guido Trotter | @type reader: L{ssconf.SimpleConfigReader}
|
55 | 71f27d19 | Guido Trotter | @param reader: ConfigReader to use to access the config
|
56 | 71f27d19 | Guido Trotter |
|
57 | 71f27d19 | Guido Trotter | """
|
58 | 71f27d19 | Guido Trotter | self.reader = reader
|
59 | 71f27d19 | Guido Trotter | self.hmac_key = utils.ReadFile(constants.HMAC_CLUSTER_KEY)
|
60 | d21eda27 | Guido Trotter | assert \
|
61 | d21eda27 | Guido Trotter | not constants.CONFD_REQS.symmetric_difference(self.DISPATCH_TABLE), \ |
62 | d21eda27 | Guido Trotter | "DISPATCH_TABLE is unaligned with CONFD_REQS"
|
63 | 71f27d19 | Guido Trotter | |
64 | 71f27d19 | Guido Trotter | def ExecQuery(self, payload_in, ip, port): |
65 | 71f27d19 | Guido Trotter | """Process a single UDP request from a client.
|
66 | 71f27d19 | Guido Trotter |
|
67 | 71f27d19 | Guido Trotter | @type payload_in: string
|
68 | 71f27d19 | Guido Trotter | @param payload_in: request raw data
|
69 | 71f27d19 | Guido Trotter | @type ip: string
|
70 | 71f27d19 | Guido Trotter | @param ip: source ip address
|
71 | 71f27d19 | Guido Trotter | @param port: integer
|
72 | 71f27d19 | Guido Trotter | @type port: source port
|
73 | 71f27d19 | Guido Trotter |
|
74 | 71f27d19 | Guido Trotter | """
|
75 | 71f27d19 | Guido Trotter | try:
|
76 | 71f27d19 | Guido Trotter | request = self.ExtractRequest(payload_in)
|
77 | 71f27d19 | Guido Trotter | reply, rsalt = self.ProcessRequest(request)
|
78 | 71f27d19 | Guido Trotter | payload_out = self.PackReply(reply, rsalt)
|
79 | 71f27d19 | Guido Trotter | return payload_out
|
80 | 71f27d19 | Guido Trotter | except errors.ConfdRequestError, err:
|
81 | 71f27d19 | Guido Trotter | logging.info('Ignoring broken query from %s:%d: %s' % (ip, port, err))
|
82 | 71f27d19 | Guido Trotter | return None |
83 | 71f27d19 | Guido Trotter | |
84 | 71f27d19 | Guido Trotter | def ExtractRequest(self, payload): |
85 | 71f27d19 | Guido Trotter | """Extracts a ConfdRequest object from a serialized hmac signed string.
|
86 | 71f27d19 | Guido Trotter |
|
87 | 71f27d19 | Guido Trotter | This functions also performs signature/timestamp validation.
|
88 | 71f27d19 | Guido Trotter |
|
89 | 71f27d19 | Guido Trotter | """
|
90 | 71f27d19 | Guido Trotter | current_time = time.time() |
91 | 71f27d19 | Guido Trotter | logging.debug("Extracting request with size: %d" % (len(payload))) |
92 | 71f27d19 | Guido Trotter | try:
|
93 | 71f27d19 | Guido Trotter | (message, salt) = serializer.LoadSigned(payload, self.hmac_key)
|
94 | 71f27d19 | Guido Trotter | except errors.SignatureError, err:
|
95 | 71f27d19 | Guido Trotter | msg = "invalid signature: %s" % err
|
96 | 71f27d19 | Guido Trotter | raise errors.ConfdRequestError(msg)
|
97 | 71f27d19 | Guido Trotter | try:
|
98 | 71f27d19 | Guido Trotter | message_timestamp = int(salt)
|
99 | 71f27d19 | Guido Trotter | except (ValueError, TypeError): |
100 | 71f27d19 | Guido Trotter | msg = "non-integer timestamp: %s" % salt
|
101 | 71f27d19 | Guido Trotter | raise errors.ConfdRequestError(msg)
|
102 | 71f27d19 | Guido Trotter | |
103 | 71f27d19 | Guido Trotter | skew = abs(current_time - message_timestamp)
|
104 | 71f27d19 | Guido Trotter | if skew > constants.CONFD_MAX_CLOCK_SKEW:
|
105 | 71f27d19 | Guido Trotter | msg = "outside time range (skew: %d)" % skew
|
106 | 71f27d19 | Guido Trotter | raise errors.ConfdRequestError(msg)
|
107 | 71f27d19 | Guido Trotter | |
108 | 71f27d19 | Guido Trotter | try:
|
109 | 71f27d19 | Guido Trotter | request = objects.ConfdRequest.FromDict(message) |
110 | 71f27d19 | Guido Trotter | except AttributeError, err: |
111 | 71f27d19 | Guido Trotter | raise errors.ConfdRequestError('%s' % err) |
112 | 71f27d19 | Guido Trotter | |
113 | 71f27d19 | Guido Trotter | return request
|
114 | 71f27d19 | Guido Trotter | |
115 | 71f27d19 | Guido Trotter | def ProcessRequest(self, request): |
116 | 71f27d19 | Guido Trotter | """Process one ConfdRequest request, and produce an answer
|
117 | 71f27d19 | Guido Trotter |
|
118 | 71f27d19 | Guido Trotter | @type request: L{objects.ConfdRequest}
|
119 | 71f27d19 | Guido Trotter | @rtype: (L{objects.ConfdReply}, string)
|
120 | 71f27d19 | Guido Trotter | @return: tuple of reply and salt to add to the signature
|
121 | 71f27d19 | Guido Trotter |
|
122 | 71f27d19 | Guido Trotter | """
|
123 | 71f27d19 | Guido Trotter | logging.debug("Processing request: %s" % request)
|
124 | 71f27d19 | Guido Trotter | if request.protocol != constants.CONFD_PROTOCOL_VERSION:
|
125 | 71f27d19 | Guido Trotter | msg = "wrong protocol version %d" % request.protocol
|
126 | 71f27d19 | Guido Trotter | raise errors.ConfdRequestError(msg)
|
127 | 71f27d19 | Guido Trotter | |
128 | 71f27d19 | Guido Trotter | if request.type not in constants.CONFD_REQS: |
129 | 71f27d19 | Guido Trotter | msg = "wrong request type %d" % request.type
|
130 | 71f27d19 | Guido Trotter | raise errors.ConfdRequestError(msg)
|
131 | 71f27d19 | Guido Trotter | |
132 | 71f27d19 | Guido Trotter | rsalt = request.rsalt |
133 | 71f27d19 | Guido Trotter | if not rsalt: |
134 | 71f27d19 | Guido Trotter | msg = "missing requested salt"
|
135 | 71f27d19 | Guido Trotter | raise errors.ConfdRequestError(msg)
|
136 | 71f27d19 | Guido Trotter | |
137 | e16e4824 | Guido Trotter | query_object = self.DISPATCH_TABLE[request.type](self.reader) |
138 | e16e4824 | Guido Trotter | status, answer = query_object.Exec(request.query) |
139 | e16e4824 | Guido Trotter | reply = objects.ConfdReply( |
140 | e16e4824 | Guido Trotter | protocol=constants.CONFD_PROTOCOL_VERSION, |
141 | e16e4824 | Guido Trotter | status=status, |
142 | e16e4824 | Guido Trotter | answer=answer, |
143 | e16e4824 | Guido Trotter | serial=self.reader.GetConfigSerialNo(),
|
144 | e16e4824 | Guido Trotter | ) |
145 | 71f27d19 | Guido Trotter | |
146 | 71f27d19 | Guido Trotter | logging.debug("Sending reply: %s" % reply)
|
147 | 71f27d19 | Guido Trotter | |
148 | 71f27d19 | Guido Trotter | return (reply, rsalt)
|
149 | 71f27d19 | Guido Trotter | |
150 | 71f27d19 | Guido Trotter | def PackReply(self, reply, rsalt): |
151 | 71f27d19 | Guido Trotter | """Serialize and sign the given reply, with salt rsalt
|
152 | 71f27d19 | Guido Trotter |
|
153 | 71f27d19 | Guido Trotter | @type reply: L{objects.ConfdReply}
|
154 | 71f27d19 | Guido Trotter | @type rsalt: string
|
155 | 71f27d19 | Guido Trotter |
|
156 | 71f27d19 | Guido Trotter | """
|
157 | 71f27d19 | Guido Trotter | return serializer.DumpSigned(reply.ToDict(), self.hmac_key, rsalt) |