#!/usr/bin/python
#
# Copyright (C) 2006, 2007 Google Inc.
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful, but
# WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
# General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
# 02110-1301, USA.
""" Ganeti Remote API master script.
"""
import glob
import logging
import optparse
import sys
import os
import os.path
import signal
from ganeti import constants
from ganeti import errors
from ganeti import http
from ganeti import daemon
from ganeti import ssconf
from ganeti import utils
from ganeti.rapi import connector
import ganeti.http.auth
import ganeti.http.server
class RemoteApiRequestContext(object):
"""Data structure for Remote API requests.
"""
def __init__(self):
self.handler = None
self.handler_fn = None
self.handler_access = None
class RemoteApiHttpServer(http.auth.HttpServerRequestAuthentication,
http.server.HttpServer):
"""REST Request Handler Class.
"""
AUTH_REALM = "Ganeti Remote API"
def __init__(self, *args, **kwargs):
http.server.HttpServer.__init__(self, *args, **kwargs)
http.auth.HttpServerRequestAuthentication.__init__(self)
self._resmap = connector.Mapper()
# Load password file
if os.path.isfile(constants.RAPI_USERS_FILE):
self._users = http.auth.ReadPasswordFile(constants.RAPI_USERS_FILE)
else:
self._users = None
def _GetRequestContext(self, req):
"""Returns the context for a request.
The context is cached in the req.private variable.
"""
if req.private is None:
(HandlerClass, items, args) = self._resmap.getController(req.request_path)
ctx = RemoteApiRequestContext()
ctx.handler = HandlerClass(items, args, req)
method = req.request_method.upper()
try:
ctx.handler_fn = getattr(ctx.handler, method)
except AttributeError, err:
raise http.HttpBadRequest()
ctx.handler_access = getattr(ctx.handler, "%s_ACCESS" % method, None)
# Require permissions definition (usually in the base class)
if ctx.handler_access is None:
raise AssertionError("Permissions definition missing")
req.private = ctx
return req.private
def Authenticate(self, req, username, password):
"""Checks whether a user can access a resource.
"""
ctx = self._GetRequestContext(req)
# Check username and password
valid_user = False
if self._users:
user = self._users.get(username, None)
if user and user.password == password:
valid_user = True
if not valid_user:
# Unknown user or password wrong
return False
if (not ctx.handler_access or
set(user.options).intersection(ctx.handler_access)):
# Allow access
return True
# Access forbidden
raise http.HttpForbidden()
def HandleRequest(self, req):
"""Handles a request.
"""
ctx = self._GetRequestContext(req)
try:
result = ctx.handler_fn()
sn = ctx.handler.getSerialNumber()
if sn:
req.response_headers[http.HTTP_ETAG] = str(sn)
except:
method = req.request_method.upper()
logging.exception("Error while handling the %s request", method)
raise
return result
def ParseOptions():
"""Parse the command line options.
@return: (options, args) as from OptionParser.parse_args()
"""
parser = optparse.OptionParser(description="Ganeti Remote API",
usage="%prog [-d] [-p port]",
version="%%prog (ganeti) %s" %
constants.RAPI_VERSION)
parser.add_option("-d", "--debug", dest="debug",
help="Enable some debug messages",
default=False, action="store_true")
parser.add_option("-p", "--port", dest="port",
help="Port to run API (%s default)." %
constants.RAPI_PORT,
default=constants.RAPI_PORT, type="int")
parser.add_option("-S", "--https", dest="ssl",
help="Secure HTTP protocol with SSL",
default=False, action="store_true")
parser.add_option("-K", "--ssl-key", dest="ssl_key",
help="SSL key",
default=None, type="string")
parser.add_option("-C", "--ssl-cert", dest="ssl_cert",
help="SSL certificate",
default=None, type="string")
parser.add_option("-f", "--foreground", dest="fork",
help="Don't detach from the current terminal",
default=True, action="store_false")
options, args = parser.parse_args()
if len(args) != 0:
print >> sys.stderr, "Usage: %s [-d] [-p port]" % sys.argv[0]
sys.exit(1)
if options.ssl and not (options.ssl_cert and options.ssl_key):
print >> sys.stderr, ("For secure mode please provide "
"--ssl-key and --ssl-cert arguments")
sys.exit(1)
return options, args
def main():
"""Main function.
"""
options, args = ParseOptions()
ssconf.CheckMaster(options.debug)
if options.fork:
utils.Daemonize(logfile=constants.LOG_RAPISERVER)
utils.SetupLogging(constants.LOG_RAPISERVER, debug=options.debug,
stderr_logging=not options.fork)
utils.WritePidFile(constants.RAPI_PID)
try:
mainloop = daemon.Mainloop()
server = RemoteApiHttpServer(mainloop, "", options.port)
server.Start()
try:
mainloop.Run()
finally:
server.Stop()
finally:
utils.RemovePidFile(constants.RAPI_PID)
if __name__ == '__main__':
main()