[Saga-devel] saga SVN commit 3344: /trunk/adaptors/
amerzky at cct.lsu.edu
amerzky at cct.lsu.edu
Wed Jan 21 17:45:44 CST 2009
User: amerzky
Date: 2009/01/21 05:45 PM
Modified:
/trunk/adaptors/aws/aws_context/
aws_context_adaptor.cpp, aws_context_adaptor.hpp
/trunk/adaptors/aws/aws_job/
aws_job_service.cpp, aws_job_service.hpp
/trunk/adaptors/ssh/ssh_context/
ssh_context_adaptor.cpp
/trunk/adaptors/ssh/ssh_job/
ssh_job_adaptor.cpp, ssh_job_adaptor.hpp, ssh_job_service.cpp
Log:
improve context management
A
File Changes:
Directory: /trunk/adaptors/aws/aws_context/
===========================================
File [modified]: aws_context_adaptor.cpp
Delta lines: +6 -6
===================================================================
--- trunk/adaptors/aws/aws_context/aws_context_adaptor.cpp 2009-01-21 22:05:50 UTC (rev 3343)
+++ trunk/adaptors/aws/aws_context/aws_context_adaptor.cpp 2009-01-21 23:45:15 UTC (rev 3344)
@@ -176,9 +176,9 @@
if ( true == ci.success )
{
// found a valid cert, copy information over
- attr.set_attribute (saga::attributes::context_userproxy, ci.path);
- attr.set_attribute (saga::attributes::context_userid, ci.identity);
- // TODO: ...
+ attr.set_attribute (saga::attributes::context_userkey, ci.key);
+ attr.set_attribute (saga::attributes::context_usercert, ""); // lives in the cloud, only
+ attr.set_attribute (saga::attributes::context_userid, ci.userid);
}
else
{
@@ -194,7 +194,7 @@
///////////////////////////////////////////////////////////////////////////////
//
- // init a cert, either from a given path, or from a default location
+ // init a cert, either from a given key, or from a default location
//
context_cpi_impl::cert_info_t context_cpi_impl::get_cert_info (void)
{
@@ -245,8 +245,8 @@
// FIXME: that idendity key works only for EC2! For _my_ account!! ;-)
// Any way to retrieve that dynamically?
- ci.identity = "3PSC2BHR6HKG76S37P46KMNSZUCDRU22";
- ci.path = ini_["ec2_proxy"];
+ ci.userid = "root";
+ ci.key = ini_["ec2_proxy"];
ci.success = true;
return ci;
File [modified]: aws_context_adaptor.hpp
Delta lines: +2 -2
===================================================================
--- trunk/adaptors/aws/aws_context/aws_context_adaptor.hpp 2009-01-21 22:05:50 UTC (rev 3343)
+++ trunk/adaptors/aws/aws_context/aws_context_adaptor.hpp 2009-01-21 23:45:15 UTC (rev 3344)
@@ -74,8 +74,8 @@
struct cert_info_t {
bool success;
std::string errormessage;
- std::string identity;
- std::string path;
+ std::string userid;
+ std::string key;
};
cert_info_t get_cert_info (void);
Directory: /trunk/adaptors/aws/aws_job/
=======================================
File [modified]: aws_job_service.cpp
Delta lines: +51 -31
===================================================================
--- trunk/adaptors/aws/aws_job/aws_job_service.cpp 2009-01-21 22:05:50 UTC (rev 3343)
+++ trunk/adaptors/aws/aws_job/aws_job_service.cpp 2009-01-21 23:45:15 UTC (rev 3344)
@@ -7,6 +7,7 @@
// stl includes
#include <vector>
+#include <fstream>
// saga includes
#include <saga/saga.hpp>
@@ -63,7 +64,6 @@
for ( it = contexts.begin (); ! ok && it != contexts.end () ; it++ )
{
- dump_context (*it);
if ( (*it).get_attribute (saga::attributes::context_type) == types[i] )
{
ok = true;
@@ -83,9 +83,12 @@
saga::BadParameter);
}
+ user_ = ctx_.get_attribute (saga::attributes::context_userid);
+ userkey_ = ctx_.get_attribute (saga::attributes::context_userkey);
+
env_["JAVA_HOME"] = ini_["java_home"];
env_["EC2_HOME"] = ini_["ec2_home"];
- env_["EC2_GSG_KEY"] = ini_["ec2_proxy"];
+ env_["EC2_GSG_KEY"] = userkey_;
env_["EC2_PRIVATE_KEY"] = ini_["ec2_key"];
env_["EC2_CERT"] = ini_["ec2_cert"];
env_["EC2_URL"] = ini_["ec2_url"];
@@ -176,7 +179,7 @@
proc.add_args ("-o", "StrictHostKeyChecking=no");
proc.add_args ("-i", ini_["ec2_proxy"]);
- proc.add_arg ("root@" + vm_ip_);
+ proc.add_arg (user_ + "@" + vm_ip_);
proc.add_arg ("/bin/true");
(void) proc.run_sync ();
@@ -215,7 +218,7 @@
proc.add_args ("-o", "StrictHostKeyChecking=no");
proc.add_args ("-i", ini_["ec2_proxy"]);
proc.add_arg (ini_["ec2_image_prep"]);
- proc.add_arg ("root@" + vm_ip_ + ":/tmp/saga-ec2-image-prep");
+ proc.add_arg (user_ + "@" + vm_ip_ + ":/tmp/saga-ec2-image-prep");
proc.run_sync ();
@@ -230,7 +233,7 @@
proc.clear_args ();
proc.add_args ("-o", "StrictHostKeyChecking=no");
proc.add_args ("-i", ini_["ec2_proxy"]);
- proc.add_arg ("root@" + vm_ip_);
+ proc.add_arg (user_ + "@" + vm_ip_);
proc.add_arg ("/tmp/saga-ec2-image-prep");
proc.run_sync ();
@@ -347,35 +350,53 @@
}
}
+
// we do have a job service instance, either new started or old and running.
- // Now, copy over the ssh identity file of the context we used, so that jobs
- // running on that instance can use it to contact other instances using the
- // same context. Note that we do _not_ copy the identity files of other
- // contexts, as we don't want to spread credentials beyond their respective
- // universe.
+ // we used a valid private key for that, so that is ok. What we miss is the
+ // public key of the pair. So, if our context does not have such a public
+ // key, we grab it from the ~/.ssh/authorized_keys file on the remote host,
+ // store it locally, and 'fix' (aka complete) the context.
- SAGA_LOG_ALWAYS ("copying identity file");
+ if ( ! ctx_.attribute_exists (saga::attributes::context_usercert) ||
+ "" == ctx_.get_attribute (saga::attributes::context_usercert) )
+ {
+ SAGA_LOG_ALWAYS ("retrieving public key");
- proc.set_cmd ("/usr/bin/scp");
+ proc.set_cmd ("/usr/bin/ssh");
- proc.clear_args ();
- proc.add_args ("-o", "StrictHostKeyChecking=no");
- proc.add_args ("-i", ini_["ec2_proxy"]);
+ proc.clear_args ();
+ proc.add_args ("-o", "StrictHostKeyChecking=no");
+ proc.add_args ("-i", userkey_);
+ proc.add_arg (user_ + "@" + vm_ip_);
- // == file to stage
- proc.add_arg (ini_["ec2_proxy"]);
+ // we run a grep for the
+ proc.add_args ("grep", ini_["ec2_keypair_name"]);
- // FIXME: the target below SHOULD not exist *aehem*
- proc.add_arg ("root@" + vm_ip_ + ":.ssh/id_rsa");
+ // file to search
+ proc.add_arg (".ssh/authorized_keys");
- (void) proc.run_sync ();
+ (void) proc.run_sync ();
- if ( proc.fail () )
- {
- SAGA_LOG_ALWAYS ("could not copy ssh key");
- throw;
+ if ( proc.fail () )
+ {
+ SAGA_LOG_ALWAYS ("could not retrieve public ssh key");
+ throw;
+ }
+
+ std::string out = proc.get_out_s ();
+ std::string pub = ctx_.get_attribute (saga::attributes::context_userkey) + ".pub";
+
+ std::fstream pub_fs;
+
+ pub_fs.open (pub.c_str (), std::fstream::out);
+ pub_fs << out;
+ pub_fs.close ();
+
+ std::cout << "setting usercert " << pub << "\n";
+ ctx_.set_attribute (saga::attributes::context_usercert, pub);
}
+ usercert_ = ctx_.get_attribute (saga::attributes::context_usercert);
// we also propagate our HOME/.saga.ini file. This is kind of a hack
@@ -388,7 +409,7 @@
proc.clear_args ();
proc.add_args ("-o", "StrictHostKeyChecking=no");
- proc.add_args ("-i", ini_["ec2_proxy"]);
+ proc.add_args ("-i", userkey_);
char * home = ::getenv ("HOME");
@@ -403,7 +424,7 @@
}
// FIXME: the target below SHOULD not exist *aehem*
- proc.add_arg ("root@" + vm_ip_ + ":.saga.ini");
+ proc.add_arg (user_ + "@" + vm_ip_ + ":.saga.ini");
(void) proc.run_sync ();
@@ -418,11 +439,10 @@
// service for the instance now
ssh_url_ = std::string ("ssh://") + vm_ip_;
- // FIXME: point to correct cert
- ssh_context_.set_attribute (saga::attributes::context_type, "ssh");
- ssh_context_.set_defaults ();
- ssh_context_.set_attribute (saga::attributes::context_userid, "root");
- ssh_context_.set_attribute (saga::attributes::context_userkey, ini_["ec2_proxy"]);
+ ssh_context_.set_attribute (saga::attributes::context_type, "ssh");
+ ssh_context_.set_attribute (saga::attributes::context_userid, user_);
+ ssh_context_.set_attribute (saga::attributes::context_userkey, userkey_);
+ ssh_context_.set_attribute (saga::attributes::context_usercert, usercert_);
ssh_session_.add_context (ssh_context_);
File [modified]: aws_job_service.hpp
Delta lines: +3 -0
===================================================================
--- trunk/adaptors/aws/aws_job/aws_job_service.hpp 2009-01-21 22:05:50 UTC (rev 3343)
+++ trunk/adaptors/aws/aws_job/aws_job_service.hpp 2009-01-21 23:45:15 UTC (rev 3344)
@@ -52,6 +52,9 @@
saga::url ssh_url_; // rm url for ssh job service
saga::context ssh_context_; // context to use for ssh ops
saga::session ssh_session_; // session to use for ssh ops
+ std::string user_; // user id on the VN instance
+ std::string userkey_; // private key to access the VM instance
+ std::string usercert_; // public key to access the VM instance
TR1::shared_ptr <saga::job::service> js_; // ssh job service, does the real work
Directory: /trunk/adaptors/ssh/ssh_context/
===========================================
File [modified]: ssh_context_adaptor.cpp
Delta lines: +7 -5
===================================================================
--- trunk/adaptors/ssh/ssh_context/ssh_context_adaptor.cpp 2009-01-21 22:05:50 UTC (rev 3343)
+++ trunk/adaptors/ssh/ssh_context/ssh_context_adaptor.cpp 2009-01-21 23:45:15 UTC (rev 3344)
@@ -246,9 +246,10 @@
// default for public key
- if ( key_path_pub == "" )
+ if ( key_path_pub == "" &&
+ key_path != "" )
{
- ci.public_key = key_path + ".pub";
+ key_path_pub = key_path + ".pub";
}
ci.public_key = key_path_pub;
@@ -278,9 +279,10 @@
if ( 0 != ::stat (ci.public_key.c_str (), &buf) )
{
// FIXME: this should be a warning, not an error
- ci.errormessage = "Cannot access public ssh key";
- ci.success = false;
- return ci;
+ // ci.errormessage = "Cannot access public ssh key: ";
+ // ci.errormessage += ci.public_key;
+ // ci.success = false;
+ // return ci;
}
return ci;
Directory: /trunk/adaptors/ssh/ssh_job/
=======================================
File [modified]: ssh_job_adaptor.cpp
Delta lines: +32 -0
===================================================================
--- trunk/adaptors/ssh/ssh_job/ssh_job_adaptor.cpp 2009-01-21 22:05:50 UTC (rev 3343)
+++ trunk/adaptors/ssh/ssh_job/ssh_job_adaptor.cpp 2009-01-21 23:45:15 UTC (rev 3344)
@@ -43,6 +43,38 @@
return (list);
}
+ void adaptor::dump_context (saga::context c)
+ {
+ std::vector <std::string> attribs = c.list_attributes ();
+
+ std::cout << " ------------------------------ " << std::endl;
+
+ for ( unsigned int i = 0; i < attribs.size (); i++ )
+ {
+ std::cout << " " << attribs[i] << " \t: ";
+
+ if ( c.attribute_is_vector (attribs[i]) )
+ {
+ std::vector <std::string> vals = c.get_vector_attribute (attribs[i]);
+
+ for ( unsigned int j = 0; j < vals.size (); j++ )
+ {
+ std::cout << vals[j] << " ";
+ }
+ }
+ else
+ {
+ std::string val = c.get_attribute (attribs[i]);
+ std::cout << val << " ";
+ }
+
+ std::cout << std::endl;
+ }
+
+ std::cout << " ------------------------------ " << std::endl;
+ }
+
+
} // namespace ssh_job
////////////////////////////////////////////////////////////////////////
File [modified]: ssh_job_adaptor.hpp
Delta lines: +16 -13
===================================================================
--- trunk/adaptors/ssh/ssh_job/ssh_job_adaptor.hpp 2009-01-21 22:05:50 UTC (rev 3343)
+++ trunk/adaptors/ssh/ssh_job/ssh_job_adaptor.hpp 2009-01-21 23:45:15 UTC (rev 3344)
@@ -14,22 +14,25 @@
////////////////////////////////////////////////////////////////////////
namespace ssh_job
{
- struct adaptor : public saga::adaptor
+ class adaptor : public saga::adaptor
{
- typedef saga::impl::v1_0::op_info op_info;
- typedef saga::impl::v1_0::cpi_info cpi_info;
- typedef saga::impl::v1_0::preference_type preference_type;
+ public:
+ void dump_context (saga::context c);
- // This function registers the adaptor with the factory
- // @param factory the factory where the adaptor registers
- // its maker function and description table
- saga::impl::adaptor_selector::adaptor_info_list_type
- adaptor_register (saga::impl::session * s);
+ typedef saga::impl::v1_0::op_info op_info;
+ typedef saga::impl::v1_0::cpi_info cpi_info;
+ typedef saga::impl::v1_0::preference_type preference_type;
- std::string get_name (void) const
- {
- return BOOST_PP_STRINGIZE (SAGA_ADAPTOR_NAME);
- }
+ // This function registers the adaptor with the factory
+ // @param factory the factory where the adaptor registers
+ // its maker function and description table
+ saga::impl::adaptor_selector::adaptor_info_list_type
+ adaptor_register (saga::impl::session * s);
+
+ std::string get_name (void) const
+ {
+ return BOOST_PP_STRINGIZE (SAGA_ADAPTOR_NAME);
+ }
};
} // namespace ssh_job
File [modified]: ssh_job_service.cpp
Delta lines: +15 -17
===================================================================
--- trunk/adaptors/ssh/ssh_job/ssh_job_service.cpp 2009-01-21 22:05:50 UTC (rev 3343)
+++ trunk/adaptors/ssh/ssh_job/ssh_job_service.cpp 2009-01-21 23:45:15 UTC (rev 3344)
@@ -86,8 +86,6 @@
for ( int i = 0; i < contexts.size (); i++ )
{
- // dump_context (contexts[i]);
-
if ( contexts[i].attribute_exists ("Type") &&
contexts[i].get_attribute ("Type") == "ssh" )
{
@@ -124,16 +122,16 @@
for ( int j = 0; j < ssh_contexts.size (); j++ )
{
// try that context
- ctx_ = ssh_contexts[j];
+ ctx_ = ssh_contexts[j];
- // dump_context (ctx_);
-
// FIXME: check if attribs exist
- if ( ! ctx_.attribute_exists ("UserKey") ||
- ! ctx_.attribute_exists ("UserCert") )
+ if ( ! ctx_.attribute_exists ("UserKey") ||
+ "" == ctx_.get_attribute ("UserKey") ||
+ ! ctx_.attribute_exists ("UserCert") ||
+ "" == ctx_.get_attribute ("UserCert") )
{
- // _need_ key to be useful
+ // _need_ private and public key to be useful
break;
}
@@ -196,7 +194,7 @@
ini_["distribute_identity"] == "true" )
{
{
- SAGA_LOG_DEBUG (" copying private key");
+ SAGA_LOG_ALWAYS (" copying private key");
proc.set_cmd (scp_bin_);
proc.set_args (scp_opt_);
@@ -221,7 +219,7 @@
}
{
- SAGA_LOG_DEBUG (" copying public key");
+ SAGA_LOG_ALWAYS (" copying public key");
// if ok, copy public key
proc.set_args (scp_opt_);
@@ -245,13 +243,13 @@
}
{
- SAGA_LOG_DEBUG (" register public key");
- // FIXME: need to append public key to local authorized_keys
- // file, so that application can call back home. A key is
- // exactly one line: so we append the key, and then do
- // a sort|uniq on the authorized_keys file, to avoid
- // duplicates.
+ SAGA_LOG_ALWAYS (" register public key");
+ // append public key to local authorized_keys file, so that
+ // application can call back home. A key is exactly one line:
+ // so we append the key, and then do a sort|uniq on the
+ // authorized_keys file, to avoid duplicates.
+
char* home_tmp = ::getenv ("HOME");
if ( home_tmp == NULL )
@@ -296,7 +294,7 @@
}
else
{
- SAGA_LOG_DEBUG (" running ssh test");
+ SAGA_LOG_ALWAYS (" running ssh test");
proc.set_cmd (ssh_bin_);
proc.set_args (ssh_opt_);
More information about the saga-devel
mailing list