diff options
| -rw-r--r-- | portal-gui/README | 22 | ||||
| -rw-r--r-- | portal-gui/rpkigui/django.wsgi | 18 | ||||
| -rw-r--r-- | portal-gui/rpkigui/myrpki/urls.py | 2 | ||||
| -rwxr-xr-x | portal-gui/scripts/list_resources.py | 90 | ||||
| -rwxr-xr-x | portal-gui/scripts/load_csv.py | 1 | ||||
| -rwxr-xr-x | portal-gui/scripts/roa_check.py | 1 |
6 files changed, 103 insertions, 31 deletions
diff --git a/portal-gui/README b/portal-gui/README index b2808cd8..2115a7c9 100644 --- a/portal-gui/README +++ b/portal-gui/README @@ -106,8 +106,20 @@ The portal-gui does not directly talk to the rpkid server. Instead, there is a command line script named "list_resources" which talks to rpkid and updates the portal-gui database with information that has changed. For testing purposes, this script can be run by hand. However, for deployment you will need to set up -a cron job to run this script periodically for *each* resource handle the -portal-gui is serving. +a cron job to run this script periodically. + +If you are only self-hosting a single resource handle, the script may be +invoked without any arguments. If in addition to a self-hosted resource handle +you are hosting other resource handles on the same rpkid instance, you must +specify the list of handles you want to query as arguments to the script. + + Example: single self-hosted resource holder + + $top/portal-gui/scripts/list_resources + + Example: self-hosted and two hosted resource handles + + $top/portal-gui/scripts/list_resources mom dad baby NOTE that "list_resources" *must* be run in the directory where the myrpki.conf for the resource handle that is self-hosting the rpkid. Alternatively, you can @@ -117,10 +129,8 @@ for the self-hosted resource handle. You may way to create a script which is invoked by cron: #!/bin/sh - cd /var/lib/myrpki/<self-hosted-handle> - $top/portal-gui/scripts/list_resources mom - $top/portal-gui/scripts/list_resources dad - $top/portal-gui/scripts/list_resources baby + cd /var/lib/myrpki/<handle> # where the myrpki.conf for rpkid lives + $top/portal-gui/scripts/list_resources mom dad baby This script probably only needs to be run infrequently. It's sole purpose is to query rpkid to ask what resources and children are configured for each resource diff --git a/portal-gui/rpkigui/django.wsgi b/portal-gui/rpkigui/django.wsgi new file mode 100644 index 00000000..1f77ef38 --- /dev/null +++ b/portal-gui/rpkigui/django.wsgi @@ -0,0 +1,18 @@ +# +# This is an example wsgi application for use with mod_wsgi and apache. +# + +# change this path to match where you have installed the portal-gui source +srcdir = '/home/me/src/rpki' + +import os +import sys + +os.environ['DJANGO_SETTINGS_MODULE'] = 'rpkigui.settings' + +sys.path.append(srcdir+'/portal-gui') +sys.path.append(srcdir+'/portal-gui/myrpki') +sys.path.append(srcdir+'/rpkid') + +import django.core.handlers.wsgi +application = django.core.handlers.wsgi.WSGIHandler() diff --git a/portal-gui/rpkigui/myrpki/urls.py b/portal-gui/rpkigui/myrpki/urls.py index f27bbc4b..1a671f01 100644 --- a/portal-gui/rpkigui/myrpki/urls.py +++ b/portal-gui/rpkigui/myrpki/urls.py @@ -2,7 +2,7 @@ from django.conf.urls.defaults import * from django.views.generic.list_detail import object_list -import views +from import rpkigui.myrpki import views urlpatterns = patterns('', (r'^$', views.dashboard), diff --git a/portal-gui/scripts/list_resources.py b/portal-gui/scripts/list_resources.py index acd97847..eb5d63ec 100755 --- a/portal-gui/scripts/list_resources.py +++ b/portal-gui/scripts/list_resources.py @@ -1,10 +1,21 @@ #!/usr/bin/env python +# $Id$ +# +# This script is reponsible for talking to rpkid and populating the +# portal-gui's sqlite database. It asks rpkid for the list of received +# resources, and the handle's of any children. +# +# This script takes optional arguments, which are the handles of the <self/> we +# are asking about. If rpkid is hosting several resource handles, this script +# should be invoked with an argument for each hosted handle. import sys import os from datetime import datetime +import getopt +from os.path import basename -from rpki.myrpki import EntityDB, CA +from rpki.myrpki import CA import rpki.config import rpki.x509 import rpki.https @@ -15,54 +26,83 @@ import rpki.ipaddrs from rpkigui.myrpki import models -def query_rpkid(handle=None): - """Fetch our received resources from the local rpkid using the myrpki.conf in the current directory.""" +verbose = False +version = '$Id$' + +def query_rpkid(*handles): + """Fetch our received resources from the local rpkid using the myrpki.conf + in the current directory.""" cfg_file = os.getenv("MYRPKI_CONF", "myrpki.conf") cfg = rpki.config.parser(cfg_file, "myrpki") - if handle is None: - handle = cfg.get('handle') - entitydb = EntityDB(cfg) - bpki_resources = CA(cfg_file, cfg.get("bpki_resources_directory")) + if not handles: + handles = [cfg.get('handle')] bpki_servers = CA(cfg_file, cfg.get("bpki_servers_directory")) rpkid_base = "https://%s:%s/" % (cfg.get("rpkid_server_host"), cfg.get("rpkid_server_port")) + if verbose: + print 'current directory is', os.getcwd() + print 'cfg_file=', cfg_file + print 'handles=', handles + print 'bpki_servers=', bpki_servers.dir + print 'rpkid_base=', rpkid_base + call_rpkid = rpki.async.sync_wrapper(rpki.https.caller( proto = rpki.left_right, - client_key = rpki.x509.RSA( PEM_file = bpki_servers.dir + "/irbe.key"), + client_key = rpki.x509.RSA(PEM_file = bpki_servers.dir + "/irbe.key"), client_cert = rpki.x509.X509(PEM_file = bpki_servers.dir + "/irbe.cer"), server_ta = rpki.x509.X509(PEM_file = bpki_servers.cer), server_cert = rpki.x509.X509(PEM_file = bpki_servers.dir + "/rpkid.cer"), url = rpkid_base + "left-right", debug = True)) - print 'calling rpkid... for self_handle=', handle - rpkid_reply = call_rpkid( - #rpki.left_right.parent_elt.make_pdu(action="list", tag="parents", self_handle=handle), - #rpki.left_right.list_roa_requests_elt.make_pdu(tag='roas', self_handle=handle), - rpki.left_right.child_elt.make_pdu(action="list", tag="children", - self_handle = handle), - rpki.left_right.list_received_resources_elt.make_pdu(tag = "resources", - self_handle = handle)) - print 'done' + pdus = [] + for h in handles: + pdus.extend( + [rpki.left_right.child_elt.make_pdu(action="list", tag="children", self_handle=h), + rpki.left_right.list_received_resources_elt.make_pdu(tag="resources", self_handle=h) + #rpki.left_right.parent_elt.make_pdu(action="list", tag="parents", self_handle=handle), + #rpki.left_right.list_roa_requests_elt.make_pdu(tag='roas', self_handle=handle), + ]) + + return call_rpkid(*pdus) - return rpkid_reply +def usage(rc): + print 'usage: %s [ -hvV ] [ --help ] [ --verbose ] [ --version ] [ HANDLE... ]' % basename(sys.argv[0]) + sys.exit(rc) -for pdu in query_rpkid(None if len(sys.argv) == 1 else sys.argv[1]): +try: + opts, args = getopt.getopt(sys.argv[1:], 'hvV', [ 'help', 'verbose', 'version']) +except getopt.GetoptError, err: + print str(err) + usage(1) + +for o,a in opts: + if o in ('-h', '--help'): + usage(0) + elif o in ('-v', '--verbose'): + verbose = True + elif o in ('-V', '--version'): + print basename(sys.argv[0]), version + sys.exit(0) + +for pdu in query_rpkid(*args): conf_set = models.Conf.objects.filter(handle=pdu.self_handle) if conf_set.count(): conf = conf_set[0] else: - print 'creating new conf for %s' % (pdu.self_handle,) + if verbose: + print 'creating new conf for %s' % (pdu.self_handle,) conf = models.Conf.objects.create(handle=pdu.self_handle) #if isinstance(pdu, rpki.left_right.parent_elt): # print x.parent_handle, x.sia_base, x.sender_name, x.recipient_name, \ # x.peer_contact_uri if isinstance(pdu, rpki.left_right.child_elt): - # have we seen this parent before? + # have we seen this child before? child_set = conf.children.filter(handle=pdu.child_handle) if not child_set: - print 'creating new child %s' % (pdu.child_handle,) + if verbose: + print 'creating new child %s' % (pdu.child_handle,) child = models.Child(conf=conf, handle=pdu.child_handle) child.save() #elif isinstance(x, rpki.left_right.list_roa_requests_elt): @@ -101,7 +141,8 @@ for pdu in query_rpkid(None if len(sys.argv) == 1 else sys.argv[1]): cert.asn.add(v) break else: - print 'could not find ASN %s in known set' % ( asn, ) + if verbose: + print 'could not find ASN %s in known set' % ( asn, ) cert.asn.create(lo=asn.min, hi=asn.max) cert.save() @@ -118,7 +159,8 @@ for pdu in query_rpkid(None if len(sys.argv) == 1 else sys.argv[1]): cert.address_range.add(v) break else: - print 'could not find address range %s in known set' % (ip,) + if verbose: + print 'could not find address range %s in known set' % (ip,) cert.address_range.create(lo=lo, hi=hi) cert.save() diff --git a/portal-gui/scripts/load_csv.py b/portal-gui/scripts/load_csv.py index e34039db..67141293 100755 --- a/portal-gui/scripts/load_csv.py +++ b/portal-gui/scripts/load_csv.py @@ -1,4 +1,5 @@ #!/usr/bin/env python +# $Id$ # # Helper script to load existing data from csv into the Django DB. # Primarly useful for the initial load, as the GUI does not sync changes diff --git a/portal-gui/scripts/roa_check.py b/portal-gui/scripts/roa_check.py index fd3adc36..b952c50f 100755 --- a/portal-gui/scripts/roa_check.py +++ b/portal-gui/scripts/roa_check.py @@ -1,4 +1,5 @@ #!/usr/bin/env python +# $Id$ # # Runs through all the published ROAs and updates the Django DB with the # current active status of each defined ROA. |