h'dWc@sdZddkZddkZddkZddkZddkZddkZddkZddk l Z ddk l Z l Z lZddklZlZlZlZlZlZlZlZlZlZlZlZlZlZlZlZl Z l!Z!l"Z"l#Z#l$Z$l%Z%l&Z&l'Z'l(Z(l)Z)l*Z*l+Z+ddk,l-Z-l.Z.l/Z0l1Z1l2Z3l4Z4l5Z5l6Z7l8Z9l:Z:l;Z;l<Z<ddk=l>Z>ddk?l@Z@lAZAd ZBd efd YZCd eDfd YZEdeDfdYZFdS(s AI Service Interface iN(t itemgetter(tCalledProcessErrortPopentsystem_temp_path(tEventsGeneratort AIServerErrort ERROR_TYPEtClienttManifesttProfilet IMAGE_TYPEtSERVICE_STATUSt ARCHITECTUREt MACAddresst IPv4AddresstObjectChangedEventt CreatedEventt DeletedEventtClientStatusEventt LoggingEventt CertificatetKeytFWt AUTH_NONEtFW_KEYStmake_credentialtSERVICE_SECURITY_POLICIESt check_authst SERVICE_AUTHt CLIENT_AUTHt MANIFEST_AUTHt PROFILE_AUTH( tlogtcachetservice_configtimagetsecurityt KNOWN_ARCHSt DEFAULT_ARCHt ai_databaset aiservicetget_server_instancetdhcptWEBSERVER_DOCROOT(tOPENSSL(tvalidate_service_nametcheck_imagepaths /usr/bin/filetServicec BsIeZdZeeeeeeeeeeed ZdZedZedZ edZ dZ edZ edZ eeed Zed Zed Zd Zd ZeeedZdZdZeeedZdZdZeedZedZdZdZdZdZdZ dZ!dZ"edZ#edZ$dZ%d Z&ed!Z'ed"Z(ed#Z)ed$Z*d%Z+d&Z,e-d'Z.e-d(Z/e-d)Z0e-d*Z1e-d+Z2e-d,Z3e-d-Z4e-d.Z5e-d/Z6e-d0Z7e-d1Z8e-d2Z9e-d3Z:e-d4Z;e-d5Z<e-d6Z=e-d7Z>e-d8Z?e-d9Z@e-d:ZAe-d;ZBe-d<ZCe-d=ZDe-d>ZEe-d?ZFe-d@ZGdAZHdBZIe-dCZJe-dDZKe-dEZLe-dFZMe-dGZNdHZOeedIZPedJZQdKZRdLZSdMZTdNZUe-dOZVe-dPZWedQZXedRZYRS(SsMA service defines what Automated Installer image, manifests and profiles are to be served out. It also defines what clients are to be served by this image. The following event types are possible for a Service: - ObjectChangedEvent - CreatedEvent - DeletedEvent - ClientStatusEvent - LoggingEvent c Cs*||_||_||_||_||_||_||_||_| |_d|_ d|_ t |_ d|_d|_d|_d|_||_d|_d|_|dj o|i|tid|o ttitd|n|i|o)|djottitdq8nti|_ |i!dj oQt"i#|i!jo:|i!t"i#t"i$joti%|_ qti&|_ qn|dj o>|t'jo ttitd|nt'||_n|dj o|i(||i)n|dj o:t*|t+p&ttitdt,|q\n|dj ot-i.|oV|dj ottitdn|dj ottitdqqt-i/|p ttitd|qn|dj ot*|t0p&ttitd t,|nyt1i2|i3|i4Wqt1i5j o} tti| qXn| dj o|i6| n|djo|idjp| o|i7t8i9j} |idj o |i:}nd}y:t;i<d |id |id |d | dt=\}}Wnt>j os}| o6t?i@d|ttitd|iqttitdh|id 6|d6nX|idjo ||_n|idjp|iAtBiCjot'||_q[|i:|jo1ttitdh|i:d 6|d 6q[n|dj otDiE||n|dj o~t*|tFp&ttitdt,|nyt1iG|iHWqt1i5j o} tti| qXn|djo'|iItijo|iJ|iKntLiMdt |_NtLiMdt |_OtLiMdt |_PtQ|_RtQ|_StQ|_TtQ|_UtQ|_VtQ|_Wd|_Xd|_Yd|_Z| dj o)t[|| dt=|_Z|iZi\nt]t-|i^t_t`tatbtcgdS(sThis method initializes a new Service object with the parameters provided, some parameters are optional depending on the intention. Parameters: name: String Optional: This is the name to be given to the service. If omitted, then a name will be automatically generated. alias_of: Service Optional: If provided, then this service will be created as an alias of an existing service. arch: Architecture Optional: This specifies which architecture variant this service should be. If omitted, then the variant will default to the variant of the ISO (if provided), or the variant of the server system. ips_settings: IPSSettings Optional: The IPS Settings, if provided, are used as the pkg(5) repository that the AI service image should be populated from. This is combined with the source option which should be the name of the IPS package to use. Optionally, IPSSettings can have the key and cert for the publisher. If omitted, then the first publisher in the system's publisher preference list is used. source: String Optional: If specified, the source can be one of two things: - An FMRI reference to a pkg(5) package, this is combined with the value of the ips_settings parameter. - A file path to an AI ISO image - when using the remote API, this path needs to be valid on the AI server machine. If this option is not specified, then the source will default to the install-image/solaris-auto-install FMRI. dhcp_ip_range: DHCPAddressRange Optional: If provided, then an ISC DHCP server will be started on the AI server with the specified DHCP configuration. boot_args: Dictionary Optional: This only applies to X86 clients. If provided, then these arguments are used to set the boot arguments in the GRUB configuration files menu.lst and/or grub.cfg, as appropriate. boot_file_server: IPv4Address Used to provide the IP address of the boot server from which clients should request boot-files. This is only required if this IP address cannot be determined by other means. image_path: String Optional: Specifies the path at which to create the net image. If not specified, the default location, as specified in the server's default_image_path_basedir property - usually /export/auto_install/ - is used. defer_source_validation: Boolean Optional: if False, it will check the source or ips_settings provided by unpacking the ISO or checking the FMRI contents. This operation may take several seconds. Deferring source validation for a service without a name is not possible, as the source needs to be checked to extract the service name. default_manifest_content: String This is the complete content of an XML manifest file. It will be validated against the service it's being added to and set as the default manifest. Return Value None Errors / Exceptions AIServerError The following error types can be raised by this method: - InsufficientArguments Insufficient arguments are provided to be able to complete the method successfully. - InvalidValue This signifies that an invalid value was passed as a parameter. tfilter_by_namesService already exists: '%s's+Default services must be created as aliasessInvalid architecture: '%s'sInvalid IPS settings: '%s's5Architecture option is invalid for ISO-based servicess2Publisher option is invalid for ISO-based servicessInvalid source: '%s'sInvalid DHCP value: '%s'tsourcet ips_settingstarchtisot fail_on_errorsCould not get name from ISO: %ssInvalid ISO: '%s'sThe specified data source, %(source)s, for the service is not a path to an existing ISO image. Attempting to create the service from pkg(5) package, %(source)s, failed for the following reasons: %(error)sterrorsNArchitecture provided '%(arch)s' does not match the source image: '%(source)s's$Invalid boot file server value: '%s'tvalidtdefaultN(dt_namet _alias_oft_archt _ips_settingst_sourcet_dhcp_ip_ranget _boot_argst_boot_file_servert _image_pathtNonet_security_policyt _databasetFalset_custom_grubcfgt_grubcfgt_default_xml_manifest_contentt_manifest_cli_datafile_contentt_dtdlistt _disk_namet_Service__service_propst_Service__aiservicet validate_nameR)t get_servicesRRtDUPLICATE_ENTRYt_tis_default_service_namet INVALID_VALUER tPENDINGt_statust_service_propstconfigt PROP_STATUSt STATUS_ONtONtOFFR%t_validate_alias_oft_validate_service_supportt isinstancet IPSSettingststrR/tis_isotis_fmritDHCPAddressRangeR*tvalidate_ip_rangetip_starttip_counttDHCPServerErrort_image_path_usablet image_typeR tISOtarch_strR#tget_default_service_nametTruet ValueErrorR tdebugR3R tUNKNOWNRtvalidate_boot_argsRtvalidate_bootservertjointstatustvalidate_image_patht image_pathR!tCachet_clientst _profilest _manifestsRt_keyt_certt _ca_certst_deleted_certst_aest_sha1t_has_credentialst _is_securet_default_manifestRtvalidatetsupert__init__RRRRR(tselftnametalias_ofR3R2R1t dhcp_ip_ranget boot_argstboot_file_serverRvtdefer_source_validationtdefault_manifest_contentR6t iso_basedtsvc_nametsvc_archt value_err((s ../service.pyRGsU                                                   #                    cCs1t|i}d|dReRfR@R?RARtcontentR)tappend_to_queuet _servicestaddRmRxR7RyRz(tclsRtinstanceRt class_patht class_nameRttask((s ../service.pyt_create_on_disknsP           c Cst}|d|d|iti}|id|}|o|d|_qqquqyn|iS(sThis is a read reference to the default manifest for the service. A new default can be selected with update_default_manifest. This is the manifest that is used if there are no other manifests with criteria that match. R0iN(RRBRVRWRR(Rt default_nameR((s ../service.pytdefault_manifest.scCs#|idj o |iiSdSdS(sName of the default manifest for the service. This is the manifest that is used if there are no other manifests with criteria that match. RN(RWRBR(R((s ../service.pytdefault_manifest_strBs cCs|iodS|iS(sThis is a read-only reference to the service boot arguments. Returns a dictionary with the service's default boot_args. R(RR?(R((s ../service.pyRNs cCs6|iotS|idj o|iotStSdS(sfReturn true if the client has custom boot_args, false if it uses the service default boot_argsN(RRER?RBRm(R((s ../service.pyRYs  c Cs|i o|itijo|itijo#tti t d|i nyEt |i idii}z|~}|i|_WdQXWqtj o%}ttit d|qXn|iS(s9Return the contents of the grub.cfg menu for this services\Cannot get grub.cfg menu for service '%s' because it is pending creation and not on disk yettrNs$Could not read the grub.cfg file: %s(RGR3R RRtR RTRRR'RQRtopenRt bootsourcet__exit__t __enter__treadtIOErrorR(Rt_[1]t grubcfg_fileR((s ../service.pytgrubcfggs  ,  cCs|iS(sReturn True if the grub.cfg menu for this service has been set to a custom one, in which case it is not possible to update the boot_args. (RF(R((s ../service.pyR|scCsFtt|idjo%ti}|i|i|_n|iS(s[Boolean defining whether this service has any security credentials or not. N(RRRRBR)R$tservice_has_credentialsR(Rtsecobj((s ../service.pythas_credentialss   cCstt|ipttitdn|idjoUt i }|i |i }|t i jot i |}n ti}||_n|iS(sThe security policy defines how this service should operate with respect to client authentication. Valid values for this are defined in the enumeration SERVICE_SECURITY_POLICIES, with the following meanings: - OPTIONAL Security can be switched on or off, optional - DISABLE This completely disables any requirement for authentication by clients. - REQUIRE_CLIENT_AUTH This value indicates that all clients must authenticate for installation. - REQUIRE_SERVER_AUTH This value indicates that authenticate must be done by the server. - ENCR_ONLY ? Return the currently set policy setting for service. s'Service image does not support securityN(RRtimage_supports_securityRRRSRQRCRBtsect AISecuritytget_svc_policyRtSEC_POLICY_ENUM_MAPRtOPTIONAL(RRdtsvc_sect sec_policy((s ../service.pytsecurity_policys      cCsti|iS(sBReturn the string version of the current security policy. As security policy is implemented as strings at the moment in internal/security.py, just return the policy directly. If this is changed to use ENUMS's then will need to match these enums to the relevant string. (RgtSEC_POLICY_STR_MAPRn(R((s ../service.pytsecurity_policy_strscCstt|itijotSti|i\}}|pt S|t i }y#t i |}|itijSWnt SXt S(swBoolean defining whether the image for this service is of a recent enough version to support security. (RRRtR RTRmRgtget_dealiased_service_propsRRERWRR#tInstalladmImagetversiontIMAGE_VERSION_SUPPORTS_SECURITY(Rt _base_svctpropsRvtimageobj((s ../service.pyRfs  cCsB|idjo+ti|i}ti|i|_n|iS(s4Return the criteria database object for this serviceN(RDRBtAIsvct AIServiceRtAIdbtDBt database_path(RR((s ../service.pytdatabasescCs|ipy|ii|_WnDtj o8}|itijottit dqgnX|iptti t dqn|iS(sDReturn the XML content of the image's default.xml manifest. s,Insufficient permission to perform operations(Could not read default.xml manifest file( RHRtget_image_default_manifestR_terrnotEACCESRRtINSUFFICIENT_AUTHORIZATIONRQR(RR6((s ../service.pytdefault_xml_manifest_contents    cCs|ipy|ii|_WnDtj o8}|itijottit dqgnX|iptti t dqn|iS(s"Obtain the contents of the service image manifest cli data file. Parameters None Return Value string containing content of mappings file Errors / Exceptions AIServerError if insufficient permissions or unable to read file s,Insufficient permission to perform operations+Could not read manifest editor cli datafile( RIRtget_manifest_cli_datafileR_RRRRRRQR(RR6((s ../service.pytmanifest_cli_datafile_contents    cCs|ipy|ii|_WnDtj o8}|itijottit dqgnX|iptti t dqn|iS(s&Obtain the list of DTD filenames and content for the AI DTD Parameters None Return Value list of tuples [(dtdname, dtdcontent)...for each dtd file] Errors / Exceptions AIServerError if insufficient permissions or no dtd files s,Insufficient permission to perform operationsNo AI DTD files for service( RJRtget_dtd_names_and_contentR_RRRRRRQR(RR6((s ../service.pytdtd_names_and_content s    cCsd|ig}|idj o|id|in|idj o|id|in|idj o|id|in|idj o|id|in|i dj o|id|i n|i dj o|id|i n|i dj o|id|i n|i dj o|id |i n|i dj o|id |i n|idj o|id |in|id |id i|S(s&Pretty print information for debug uses Service: %ss alias_of = %ss arch = %ss image_path = %ss ips_settings = %ss source = %ss dhcp_ip_range = %ss boot_args = %ss boot_file_server = %ss security_policy = %ss custom_grub = %ss default_manifest = %ss N(R9R:RBRRR;RkRAR<R=R>R?R@RCRFRXRs(Rtstr_list((s ../service.pyt__str__( s.c Cstt|i|tijo ttitd|nt }t }||d<|i |dAssigns CA certificates for the Service. Parameters ca_cert_contents A list of strings containing contents of user-specified files. Return Value String The task name that will be executed by this checkpoint. Errors / Exceptions AIServerError The following error types can be raised by this method: - DuplicateEntry The cert has already been removed or it's scheduled to be removed in the current queue. RRRs/solaris_install/ai/server/internal/set_securityRsupdate-service-ca-certificateRRR(RRR]RRRRgRRRRR)RR}( RRRRRRRRRR((s ../service.pytupdate_ca_cert{ s(         c Cstt|itj o0||ijo ttitd|nt}t }||d<|i |d<||ds8       RvC