remove stroucki-accounting
merge other stroucki-* branches from trunk
git-svn-id: https://svn.apache.org/repos/asf/incubator/tashi/branches/stroucki-rpyc@1295398 13f79535-47bb-0310-9956-ffa450edef68
diff --git a/TODO b/TODO
new file mode 100644
index 0000000..78b966c
--- /dev/null
+++ b/TODO
@@ -0,0 +1 @@
+Make code compatible with rpyc-3.2
diff --git a/etc/NodeManager.cfg b/etc/NodeManager.cfg
index a47bccf..f92c50e 100644
--- a/etc/NodeManager.cfg
+++ b/etc/NodeManager.cfg
@@ -84,4 +84,5 @@
[Security]
authAndEncrypt = False
+certFile = /tmp/cert.pem
diff --git a/etc/TashiDefaults.cfg b/etc/TashiDefaults.cfg
index fd034eb..8ed6460 100644
--- a/etc/TashiDefaults.cfg
+++ b/etc/TashiDefaults.cfg
@@ -17,6 +17,7 @@
[Security]
authAndEncrypt = False
+certFile = /tmp/cert.pem
[AccessClusterManager]
#If username and password are left empty, user will be prompted for username and password on the command line.
diff --git a/src/tashi/clustermanager/clustermanager.py b/src/tashi/clustermanager/clustermanager.py
index db61194..2027fb5 100755
--- a/src/tashi/clustermanager/clustermanager.py
+++ b/src/tashi/clustermanager/clustermanager.py
@@ -26,7 +26,6 @@
from tashi.rpycservices import rpycservices
from rpyc.utils.server import ThreadedServer
-from rpyc.utils.authenticators import TlsliteVdbAuthenticator
log = None
@@ -45,7 +44,7 @@
users[user.name] = user.passwd
users[config.get('AllowedUsers', 'nodeManagerUser')] = config.get('AllowedUsers', 'nodeManagerPassword')
users[config.get('AllowedUsers', 'agentUser')] = config.get('AllowedUsers', 'agentPassword')
- authenticator = TlsliteVdbAuthenticator.from_dict(users)
+ authenticator = rpycservices.UsernamePasswordAuthenticator(config, users)
t = ThreadedServer(service=rpycservices.ManagerService, hostname='0.0.0.0', port=int(config.get('ClusterManagerService', 'port')), auto_register=False, authenticator=authenticator)
else:
t = ThreadedServer(service=rpycservices.ManagerService, hostname='0.0.0.0', port=int(config.get('ClusterManagerService', 'port')), auto_register=False)
diff --git a/src/tashi/nodemanager/nodemanager.py b/src/tashi/nodemanager/nodemanager.py
index 66d2d5b..c62d039 100755
--- a/src/tashi/nodemanager/nodemanager.py
+++ b/src/tashi/nodemanager/nodemanager.py
@@ -27,7 +27,6 @@
from tashi.rpycservices import rpycservices
from rpyc.utils.server import ThreadedServer
-from rpyc.utils.authenticators import TlsliteVdbAuthenticator
@signalHandler(signal.SIGTERM)
def handleSIGTERM(signalNumber, stackFrame):
@@ -50,7 +49,7 @@
if boolean(config.get("Security", "authAndEncrypt")):
users = {}
users[config.get('AllowedUsers', 'clusterManagerUser')] = config.get('AllowedUsers', 'clusterManagerPassword')
- authenticator = TlsliteVdbAuthenticator.from_dict(users)
+ authenticator = rpycservices.UsernamePasswordAuthenticator(config, users)
t = ThreadedServer(service=rpycservices.ManagerService, hostname='0.0.0.0', port=int(config.get('NodeManagerService', 'port')), auto_register=False, authenticator=authenticator)
else:
t = ThreadedServer(service=rpycservices.ManagerService, hostname='0.0.0.0', port=int(config.get('NodeManagerService', 'port')), auto_register=False)
diff --git a/src/tashi/rpycservices/rpycservices.py b/src/tashi/rpycservices/rpycservices.py
index c66a40e..fd4abf6 100644
--- a/src/tashi/rpycservices/rpycservices.py
+++ b/src/tashi/rpycservices/rpycservices.py
@@ -17,6 +17,10 @@
import rpyc
from tashi.rpycservices.rpyctypes import Instance, Host, User
+import ssl
+import hashlib
+import sys
+
import cPickle
clusterManagerRPCs = ['createVm', 'shutdownVm', 'destroyVm', 'suspendVm', 'resumeVm', 'migrateVm', 'pauseVm', 'unpauseVm', 'getHosts', 'getNetworks', 'getUsers', 'getInstances', 'vmmSpecificCall', 'registerNodeManager', 'vmUpdate', 'activateVm', 'registerHost', 'getImages', 'copyImage']
@@ -44,7 +48,7 @@
class client:
def __init__(self, host, port, username=None, password=None):
- """Client for ManagerService. If username and password are provided, rpyc.tlslite_connect will be used to connect, else rpyc.connect will be used."""
+ """Client for ManagerService. If username and password are provided, rpyc.ssl_connect will be used to connect, else rpyc.connect will be used."""
self.host = host
self.port = int(port)
self.username = username
@@ -54,7 +58,20 @@
def createConn(self):
"""Creates a rpyc connection."""
if self.username != None and self.password != None:
- return rpyc.tlslite_connect(host=self.host, port=self.port, username=self.username, password=self.password)
+ sock = rpyc.ssl_connect(host=self.host, port=self.port)
+ hello = sock.read()
+ print "XXXstroucki hello line %s" % (hello)
+ if hello != "tashi server sha1":
+ raise AuthenticationError("Wrong protocol version")
+ sock.write("%s|%s" % (self.username, hashlib.sha1(self.password).hexdigest()))
+ sock.flush()
+ result = sock.read()
+ print "XXXstroucki result line %s" % (result)
+ if result.startswith("200 "):
+ pass
+ else:
+ raise AuthenticationError("Wrong protocol version")
+ return sock
else:
return rpyc.connect(host=self.host, port=self.port)
@@ -77,6 +94,43 @@
return res
return connectWrap
+class AuthenticationError(Exception):
+ pass
+
+class UsernamePasswordAuthenticator(object):
+ def __init__(self, config, userdict):
+ self.userdict = {}
+ self.certfile = config.get("Security", "certFile")
+ if self.certfile is None:
+ raise AuthenticationError("SSL cert file must be defined")
+ for username, password in userdict.iteritems():
+ self.userdict[username] = hashlib.sha1(password).hexdigest()
+
+ def __call__(self, sock):
+ try:
+ sock2 = ssl.wrap_socket(sock, certfile=self.certfile, server_side = True)
+ except ssl.SSLError:
+ raise AuthenticationError(str(sys.exc_info()))
+
+ try:
+ sock2.write("tashi server sha1")
+ sock2.flush()
+ auth = sock2.read()
+ (username, password) = auth.split('|')
+
+ hash = self.userdict[username]
+ if (hashlib.sha1(password).hexdigest() == hash):
+ pass
+ else:
+ raise AuthenticationError("Authentication failed")
+ sock2.write("200 how are you gentlemen ././")
+ sock2.flush()
+ except:
+ raise AuthenticationError(str(sys.exc_info()))
+
+ return sock2, sock2.getpeercert()
+
+
class ManagerService(rpyc.Service):
"""Wrapper for rpyc service"""
# Note: self.service and self._type are set before rpyc.utils.server.ThreadedServer is started.