Synnefo » snf-occi

#!/usr/bin/env python

import re

import sys

from optparse import OptionParser, OptionValueError

import string

import sqlite3

from snfOCCI.registry import snfRegistry

from snfOCCI.compute import ComputeBackend

from snfOCCI.config import SERVER_CONFIG, KAMAKI_CONFIG

from kamaki.clients.compute import ComputeClient

from kamaki.clients.cyclades import CycladesClient

from kamaki.config  import Config

from occi.core_model import Mixin, Resource

from occi.backend import MixinBackend

from occi.extensions.infrastructure import COMPUTE, START, STOP, SUSPEND, RESTART, RESOURCE_TEMPLATE, OS_TEMPLATE

from occi.wsgi import Application

from occi.exceptions import HTTPError

from wsgiref.simple_server import make_server

from wsgiref.validate import validator

import voms

def parse_arguments(args):

    kw = {}

    kw["usage"] = "%prog [options]"

    kw["description"] = "OCCI interface to synnefo API"

    parser = OptionParser(**kw)

    parser.disable_interspersed_args()

    parser.add_option("--enable_voms", action="store_true", dest="enable_voms", default=False, help="Enable voms authorization")

    parser.add_option("--voms_db", action="store", type="string", dest="voms_db", help="Path to sqlite database file")

    (opts, args) = parser.parse_args(args)

    if opts.enable_voms and not opts.voms_db:

        print "--voms_db option required"

        parser.print_help()

    return (opts, args)

class MyAPP(Application):

    '''

    An OCCI WSGI application.

    '''

    def refresh_images(self, snf, client):

        images = snf.list_images()

        for image in images:

            IMAGE_ATTRIBUTES = {'occi.core.id': str(image['id'])}

            IMAGE = Mixin("http://schemas.ogf.org/occi/infrastructure#", str(image['name']), [OS_TEMPLATE], attributes = IMAGE_ATTRIBUTES)

            self.register_backend(IMAGE, MixinBackend())

    def refresh_flavors(self, snf, client):

        flavors = snf.list_flavors()

        for flavor in flavors:

            details = snf.get_flavor_details(flavor['id'])

            FLAVOR_ATTRIBUTES = {'occi.core.id': flavor['id'],

                                 'occi.compute.cores': details['cpu'],

                                 'occi.compute.memory': details['ram'],

                                 'occi.storage.size': details['disk'],

                                 }

            FLAVOR = Mixin("http://schemas.ogf.org/occi/infrastructure#", str(flavor['name']), [RESOURCE_TEMPLATE], attributes = FLAVOR_ATTRIBUTES)

            self.register_backend(FLAVOR, MixinBackend())

    def refresh_compute_instances(self, snf):

        '''Syncing registry with cyclades resources'''

        servers = snf.list_servers()

        snf_keys = []

        for server in servers:

            snf_keys.append(str(server['id']))

        resources = self.registry.resources

        occi_keys = resources.keys()

        #Compute instances in synnefo not available in registry

        diff = [x for x in snf_keys if '/compute/'+x not in occi_keys]

        for key in diff:

            details = snf.get_server_details(int(key))

            flavor = snf.get_flavor_details(details['flavorRef'])

            image = snf.get_image_details(details['imageRef'])

            for i in self.registry.backends:

                if i.term == str(image['name']):

                    rel_image = i

                if i.term == str(flavor['name']):

                    rel_flavor = i

            resource = Resource(key, COMPUTE, [rel_flavor, rel_image])

            resource.actions = [START]

            resource.attributes['occi.core.id'] = key

            resource.attributes['occi.compute.state'] = 'inactive'

            resource.attributes['occi.compute.architecture'] = SERVER_CONFIG['compute_arch']

            resource.attributes['occi.compute.cores'] = flavor['cpu']

            resource.attributes['occi.compute.memory'] = flavor['ram']

            resource.attributes['occi.compute.hostname'] = SERVER_CONFIG['hostname'] % {'id':int(key)}

            self.registry.add_resource(key, resource, None)

        #Compute instances in registry not available in synnefo

        diff = [x for x in occi_keys if x[9:] not in snf_keys]

        for key in diff:

            self.registry.delete_resource(key, None)

    def __call__(self, environ, response):

        #Authorization

        if ENABLE_VOMS:

            global VOMS_DB

            conn = sqlite3.connect(VOMS_DB)

            ssl_dict = dict()

            #Regular expression in HTTP headers

            #raw environ[HTTP_SSL] contains PEM certificates in wrong format

            pem_re = r'^(-----BEGIN CERTIFICATE----- )(.*|\s]*)( -----END CERTIFICATE-----)'

            client_cert = re.search(pem_re, environ["HTTP_SSL_CLIENT_CERT"])

            client_chain = re.search(pem_re, environ["HTTP_SSL_CLIENT_CERT_CHAIN_0"])

            client_cert_list=[]

            client_chain_list=[]

            for i in range(1,4):

                client_cert_list.append(string.strip(client_cert.group(i)))

            for i in range(1,4):

                client_chain_list.append(string.strip(client_chain.group(i)))

            cert = client_cert_list[0]+"\n"+client_cert_list[1].replace(" "," \n")+"\n"+client_cert_list[2]

            chain = client_chain_list[0]+"\n"+client_chain_list[1].replace(" "," \n")+"\n"+client_chain_list[2]

            ssl_dict["SSL_CLIENT_S_DN"] = environ["HTTP_SSL_CLIENT_S_DN"]

            ssl_dict["SSL_CLIENT_CERT"] = cert

            ssl_dict["SSL_CLIENT_CERT_CHAIN_0"] = chain

            (user_dn, user_vo, user_fqans) = voms.authenticate(ssl_dict)

            print (user_dn, user_vo, user_fqans)

            cursor = conn.cursor()

            query = "SELECT token FROM vo_map WHERE vo_name=?"

            cursor.execute(query,[(user_vo)])

            (token,) = cursor.fetchone()

            if token:

                compClient = ComputeClient(KAMAKI_CONFIG['compute_url'], token)

                cyclClient = CycladesClient(KAMAKI_CONFIG['compute_url'], token)

                self.refresh_images(compClient,cyclClient)

                self.refresh_flavors(compClient,cyclClient)

                self.refresh_compute_instances(compClient)

                return self._call_occi(environ, response, security = None, token = token, snf = compClient, client = cyclClient)

            else:

                raise HTTPError(404, "Unauthorized access")

        else:

            #Authorize with user token

            compClient = ComputeClient(KAMAKI_CONFIG['compute_url'], environ['HTTP_AUTH_TOKEN'])

            cyclClient = CycladesClient(KAMAKI_CONFIG['compute_url'], environ['HTTP_AUTH_TOKEN'])

            return self._call_occi(environ, response, security = None, token = environ['HTTP_AUTH_TOKEN'], snf = compClient, client = cyclClient)

def main():

    global ENABLE_VOMS, VOMS_DB

    (opts, args) = parse_arguments(sys.argv[1:])

    ENABLE_VOMS = opts.enable_voms

    VOMS_DB = opts.voms_db

    APP = MyAPP(registry = snfRegistry())

    COMPUTE_BACKEND = ComputeBackend()

    APP.register_backend(COMPUTE, COMPUTE_BACKEND)

    APP.register_backend(START, COMPUTE_BACKEND)

    APP.register_backend(STOP, COMPUTE_BACKEND)

    APP.register_backend(RESTART, COMPUTE_BACKEND)

    APP.register_backend(SUSPEND, COMPUTE_BACKEND)

    APP.register_backend(RESOURCE_TEMPLATE, MixinBackend())

    APP.register_backend(OS_TEMPLATE, MixinBackend())

    VALIDATOR_APP = validator(APP)

    HTTPD = make_server('', SERVER_CONFIG['port'], VALIDATOR_APP)

    HTTPD.serve_forever()