mirror of
https://gitea.publichub.eu/oscar.krause/fastapi-dls.git
synced 2024-12-29 17:08:55 +00:00
Merge branch 'dev' into 'main'
v0.3 See merge request oscar.krause/fastapi-dls!5
This commit is contained in:
commit
1173964643
1
.gitignore
vendored
1
.gitignore
vendored
@ -1,4 +1,5 @@
|
||||
.DS_Store
|
||||
venv/
|
||||
.idea/
|
||||
app/*.sqlite*
|
||||
app/cert/*.*
|
||||
|
@ -12,5 +12,5 @@ RUN apk update \
|
||||
|
||||
COPY app /app
|
||||
|
||||
HEALTHCHECK --start-period=30s --interval=10s --timeout=5s --retries=3 CMD curl --fail http://localhost/status || exit 1
|
||||
HEALTHCHECK --start-period=30s --interval=10s --timeout=5s --retries=3 CMD curl --insecure --fail https://localhost/status || exit 1
|
||||
CMD ["uvicorn", "main:app", "--host", "0.0.0.0", "--port", "443", "--app-dir", "/app", "--proxy-headers", "--ssl-keyfile", "/app/cert/webserver.key", "--ssl-certfile", "/app/cert/webserver.crt"]
|
||||
|
95
README.md
95
README.md
@ -2,6 +2,24 @@
|
||||
|
||||
Minimal Delegated License Service (DLS).
|
||||
|
||||
## Endpoints
|
||||
|
||||
### `GET /`
|
||||
|
||||
Just a simple *hello world* endpoint.
|
||||
|
||||
### `GET /status`
|
||||
|
||||
Status endpoint, used for *healthcheck*.
|
||||
|
||||
### `GET /-/origins`
|
||||
|
||||
List registered origins.
|
||||
|
||||
### `GET /-/leases`
|
||||
|
||||
List current leases.
|
||||
|
||||
# Setup (Docker)
|
||||
|
||||
**Run this on the Docker-Host**
|
||||
@ -18,11 +36,12 @@ docker run -e DLS_URL=`hostname -i` -e DLS_PORT=443 -p 443:443 -v $WORKING_DIR:/
|
||||
|
||||
# Configuration
|
||||
|
||||
| Variable | Default | Usage |
|
||||
|---------------------|-------------|---------------------------------------------------------------------------|
|
||||
| `DLS_URL` | `localhost` | Used in client-token to tell guest driver where dls instance is reachable |
|
||||
| `DLS_PORT` | `443` | Used in client-token to tell guest driver where dls instance is reachable |
|
||||
| `LEASE_EXPIRE_DAYS` | `90` | Lease time in days |
|
||||
| Variable | Default | Usage |
|
||||
|---------------------|-----------------------|---------------------------------------------------------------------------------------|
|
||||
| `DLS_URL` | `localhost` | Used in client-token to tell guest driver where dls instance is reachable |
|
||||
| `DLS_PORT` | `443` | Used in client-token to tell guest driver where dls instance is reachable |
|
||||
| `LEASE_EXPIRE_DAYS` | `90` | Lease time in days |
|
||||
| `DATABASE` | `sqlite:///db.sqlite` | See [official dataset docs](https://dataset.readthedocs.io/en/latest/quickstart.html) |
|
||||
|
||||
# Installation
|
||||
|
||||
@ -59,28 +78,60 @@ Currently, there are no known issues.
|
||||
|
||||
## Windows
|
||||
|
||||
On Windows there is currently a problem returning the license. As you can see the license is installed successfully
|
||||
after
|
||||
a few minutes. About the time of the first *lease period* the driver gets a *Mismatch between client and server with
|
||||
respect to licenses held*.
|
||||
On Windows on some machines there are running two or more instances of `NVIDIA Display Container LS`. This causes a
|
||||
problem on licensing flow. As you can see in the logs below, there are two lines with `NLS initialized`, each prefixed
|
||||
with `<1>` and `<2>`. So it is possible, that *daemon 1* fetches a valid license through dls-service, and *daemon 2*
|
||||
only
|
||||
gets a valid local license.
|
||||
|
||||
<details>
|
||||
<summary>Log</summary>
|
||||
|
||||
**Display-Container-LS**
|
||||
|
||||
```
|
||||
Tue Dec 20 05:55:52 2022:<2>:NLS initialized
|
||||
Tue Dec 20 05:55:57 2022:<2>:Mismatch between client and server with respect to licenses held. Returning the licenses
|
||||
Tue Dec 20 05:55:58 2022:<2>:License returned successfully. (Info: 192.168.178.33)
|
||||
Tue Dec 20 05:56:20 2022:<2>:Mismatch between client and server with respect to licenses held. Returning the licenses
|
||||
Tue Dec 20 05:56:21 2022:<2>:License returned successfully. (Info: 192.168.178.33)
|
||||
Tue Dec 20 05:56:46 2022:<2>:Mismatch between client and server with respect to licenses held. Returning the licenses
|
||||
Tue Dec 20 05:56:47 2022:<2>:License returned successfully. (Info: 192.168.178.33)
|
||||
Tue Dec 20 05:56:54 2022:<1>:License renewed successfully. (Info: 192.168.178.33, NVIDIA RTX Virtual Workstation; Expiry: 2022-12-20 5:11:54 GMT)
|
||||
Tue Dec 20 05:57:17 2022:<2>:Mismatch between client and server with respect to licenses held. Returning the licenses
|
||||
Tue Dec 20 05:57:18 2022:<2>:License returned successfully. (Info: 192.168.178.33)
|
||||
Tue Dec 20 05:59:20 2022:<1>:License renewed successfully. (Info: 192.168.178.33, NVIDIA RTX Virtual Workstation; Expiry: 2022-12-20 5:14:20 GMT)
|
||||
Tue Dec 20 06:01:45 2022:<1>:License renewed successfully. (Info: 192.168.178.33, NVIDIA RTX Virtual Workstation; Expiry: 2022-12-20 5:16:45 GMT)
|
||||
Tue Dec 20 06:04:10 2022:<1>:License renewed successfully. (Info: 192.168.178.33, NVIDIA RTX Virtual Workstation; Expiry: 2022-12-20 5:19:10 GMT)
|
||||
Tue Dec 20 17:25:11 2022:<1>:NLS initialized
|
||||
Tue Dec 20 17:25:12 2022:<2>:NLS initialized
|
||||
Tue Dec 20 17:25:16 2022:<1>:Valid GRID license not found. GPU features and performance will be restricted. To enable full functionality please configure licensing details.
|
||||
Tue Dec 20 17:25:17 2022:<1>:License acquired successfully. (Info: 192.168.178.110, NVIDIA RTX Virtual Workstation; Expiry: 2022-12-21 16:25:16 GMT)
|
||||
Tue Dec 20 17:25:17 2022:<2>:Valid GRID license not found. GPU features and performance will be restricted. To enable full functionality please configure licensing details.
|
||||
Tue Dec 20 17:25:38 2022:<2>:License acquired successfully from local trusted store. (Info: 192.168.178.110, NVIDIA RTX Virtual Workstation; Expiry: 2022-12-21 16:25:16 GMT)
|
||||
```
|
||||
|
||||
**fastapi-dls**
|
||||
|
||||
```
|
||||
> [ origin ]: 41720000-FA43-4000-9472-0000E8660000: {'candidate_origin_ref': '41720000-FA43-4000-9472-0000E8660000', 'environment': {'fingerprint': {'mac_address_list': ['5E:F0:79:E6:DE:E1']}, 'hostname': 'PC-Windows', 'ip_address_list': ['2003:a:142e:c800::1cc', 'fdfe:7fcd:e30f:40f5:ad5c:e67b:49a6:cfb3', 'fdfe:7fcd:e30f:40f5:6409:db1c:442b:f90b', 'fe80::a32e:f736:8988:fe45', '192.168.178.110'], 'guest_driver_version': '527.41', 'os_platform': 'Windows 10 Pro', 'os_version': '10.0.19045', 'host_driver_version': '525.60.12', 'gpu_id_list': ['1E3010DE-133210DE'], 'client_platform_id': '00000000-0000-0000-0000-000000000113', 'hv_platform': 'Unknown', 'cpu_sockets': 1, 'physical_cores': 8}, 'registration_pending': False, 'update_pending': False}
|
||||
> [ origin ]: 41720000-FA43-4000-9472-0000E8660000: {'candidate_origin_ref': '41720000-FA43-4000-9472-0000E8660000', 'environment': {'fingerprint': {'mac_address_list': ['5E:F0:79:E6:DE:E1']}, 'hostname': 'PC-Windows', 'ip_address_list': ['2003:a:142e:c800::1cc', 'fdfe:7fcd:e30f:40f5:ad5c:e67b:49a6:cfb3', 'fdfe:7fcd:e30f:40f5:6409:db1c:442b:f90b', 'fe80::a32e:f736:8988:fe45', '192.168.178.110'], 'guest_driver_version': '527.41', 'os_platform': 'Windows 10 Pro', 'os_version': '10.0.19045', 'host_driver_version': '525.60.12', 'gpu_id_list': ['1E3010DE-133210DE'], 'client_platform_id': '00000000-0000-0000-0000-000000000113', 'hv_platform': 'Unknown', 'cpu_sockets': 1, 'physical_cores': 8}, 'registration_pending': False, 'update_pending': False}
|
||||
> [ code ]: 41720000-FA43-4000-9472-0000E8660000: {'code_challenge': 'bTwcOn17SD5mtwmFdKDgufnceGXeGYcnFfMHqmjtReo', 'origin_ref': '41720000-FA43-4000-9472-0000E8660000'}
|
||||
> [ code ]: 41720000-FA43-4000-9472-0000E8660000: {'code_challenge': 'FCVDfgKmgr+lyvSpOxr4fZnDZv8VrNtNEAZPUuLAr7A', 'origin_ref': '41720000-FA43-4000-9472-0000E8660000'}
|
||||
> [ auth ]: 41720000-FA43-4000-9472-0000E8660000 (bTwcOn17SD5mtwmFdKDgufnceGXeGYcnFfMHqmjtReo): {'auth_code': 'eyJhbGciOiJSUzI1NiIsImtpZCI6IjAwMDAwMDAwLTAwMDAtMDAwMC0wMDAwLTAwMDAwMDAwMDAwMCIsInR5cCI6IkpXVCJ9.eyJpYXQiOjE2NzE1NTcwMzMsImV4cCI6MTY3MTU1NzkzMywiY2hhbGxlbmdlIjoiYlR3Y09uMTdTRDVtdHdtRmRLRGd1Zm5jZUdYZUdZY25GZk1IcW1qdFJlbyIsIm9yaWdpbl9yZWYiOiJiVHdjT24xN1NENW10d21GZEtEZ3VmbmNlR1hlR1ljbkZmTUhxbWp0UmVvIiwia2V5X3JlZiI6IjAwMDAwMDAwLTAwMDAtMDAwMC0wMDAwLTAwMDAwMDAwMDAwMCIsImtpZCI6IjAwMDAwMDAwLTAwMDAtMDAwMC0wMDAwLTAwMDAwMDAwMDAwMCJ9.m5M4h9HRYWkItHEdYGApJVM7TgBH0qyDXCxPkaG2-Km5SviRMk0_3er5Myjq3rYGlr88JBviA07Pc3cr7fV-tDAXaSGalxLNfFtVRcnzqbtgnkodep1PHRUXYkiQgfaJ36m02zZucu4qMyYfQTpZ_-x67eycFKyN9T9cRJ4PYFe5W_6_zjzz6D0qeLACDhXt4ns980URttKfn2vACE8gPP5-EC-7lSY1g1mAWJKB_X9OlYRFE2mkCxnde6z5I2qmCXE_awimkigjo5LYvDcjCz60QDsOD2Ojgz4Y9xgjPbKnup4c2orKTWLUfT8_o4toKbaSfuLzPtD-41b3E8NqHQ', 'code_verifier': 'NCkAAB0+AACEHAAAIAAAAEoWAACAGAAArGwAAOkkAABfTgAAK0oAADFiAAANXAAAHzwAAKg4AAC/GwAAkxsAAEJHAABiDwAAaC8AAFMYAAAOLAAAFUkAAEheAAALOwAAHmwAAIJtAABpKwAArmsAAGM8AABnVwAA5FkAAP8mAAA'}
|
||||
> [ auth ]: 41720000-FA43-4000-9472-0000E8660000 (FCVDfgKmgr+lyvSpOxr4fZnDZv8VrNtNEAZPUuLAr7A): {'auth_code': 'eyJhbGciOiJSUzI1NiIsImtpZCI6IjAwMDAwMDAwLTAwMDAtMDAwMC0wMDAwLTAwMDAwMDAwMDAwMCIsInR5cCI6IkpXVCJ9.eyJpYXQiOjE2NzE1NTcwMzQsImV4cCI6MTY3MTU1NzkzNCwiY2hhbGxlbmdlIjoiRkNWRGZnS21ncitseXZTcE94cjRmWm5EWnY4VnJOdE5FQVpQVXVMQXI3QSIsIm9yaWdpbl9yZWYiOiJGQ1ZEZmdLbWdyK2x5dlNwT3hyNGZabkRadjhWck50TkVBWlBVdUxBcjdBIiwia2V5X3JlZiI6IjAwMDAwMDAwLTAwMDAtMDAwMC0wMDAwLTAwMDAwMDAwMDAwMCIsImtpZCI6IjAwMDAwMDAwLTAwMDAtMDAwMC0wMDAwLTAwMDAwMDAwMDAwMCJ9.it_UKCHLLd25g19zqryZ6_ePrkHljXJ3uX-hNdu-pcmnYD9ODOVl2u5bRxOrP6S2EUO4WLZIuvLOhbFBUHfZfXFRmmCv4NDJoZx36Qn6zszePK9Bngej40Qf8Wu3JGXMVrwfC6WNW6WFeUT-s9jos5e1glFk_E3ZhOYQjXljWOcfcNvZ-PVJFBi5OzyQqLuL43GQH_PSF66N2gq0OyKgxTvg2q6SzGD3YAxsbjy2mD0YOUv8pW8Dr_9L4hmnNHg2DdM_lCwmy4qIBaDkAQDq8VCw1-4RcXROiLlYwhvHRalsXnmREPXaOUiUrr8rrCX8jgc7Fcd1uhY5jnouWbwEAg', 'code_verifier': 'tFAAAKQSAAAqOQAAhykAANJxAAA9PQAAyFwAALNsAAB/VQAA4GQAAB5fAAA2JgAApWIAAKMeAAB3YwAAggQAAPsEAAAuAgAAblIAABR/AAAfAgAAenoAAKZ3AABUTQAA5CQAANkTAAC8JwAAvUQAAO0yAAA3awAAegIAAD1iAAA'}
|
||||
> [ leases ]: 41720000-FA43-4000-9472-0000E8660000 (bTwcOn17SD5mtwmFdKDgufnceGXeGYcnFfMHqmjtReo): found 0 active leases
|
||||
> [ leases ]: 41720000-FA43-4000-9472-0000E8660000 (FCVDfgKmgr+lyvSpOxr4fZnDZv8VrNtNEAZPUuLAr7A): found 0 active leases
|
||||
> [ create ]: 41720000-FA43-4000-9472-0000E8660000 (bTwcOn17SD5mtwmFdKDgufnceGXeGYcnFfMHqmjtReo): create leases for scope_ref_list ['1e9335d0-049d-48b2-b719-e551c859f9f9']
|
||||
```
|
||||
|
||||
in comparison to linux
|
||||
|
||||
**nvidia-grid.service**
|
||||
|
||||
```
|
||||
Dec 20 17:53:32 ubuntu-grid-server nvidia-gridd[10354]: vGPU Software package (0)
|
||||
Dec 20 17:53:32 ubuntu-grid-server nvidia-gridd[10354]: Ignore service provider and node-locked licensing
|
||||
Dec 20 17:53:32 ubuntu-grid-server nvidia-gridd[10354]: NLS initialized
|
||||
Dec 20 17:53:32 ubuntu-grid-server nvidia-gridd[10354]: Acquiring license. (Info: 192.168.178.110; NVIDIA RTX Virtual Workstation)
|
||||
Dec 20 17:53:34 ubuntu-grid-server nvidia-gridd[10354]: License acquired successfully. (Info: 192.168.178.110, NVIDIA RTX Virtual Workstation; Expiry: 2022-12-21 16:53:33 GMT)
|
||||
```
|
||||
|
||||
**fastapi-dls**
|
||||
|
||||
```
|
||||
> [ origin ]: B210CF72-FEC7-4440-9499-1156D1ACD13A: {'candidate_origin_ref': 'B210CF72-FEC7-4440-9499-1156D1ACD13A', 'environment': {'fingerprint': {'mac_address_list': ['d6:30:d8:de:46:a7']}, 'hostname': 'ubuntu-grid-server', 'ip_address_list': ['192.168.178.114', 'fdfe:7fcd:e30f:40f5:d430:d8ff:fede:46a7', '2003:a:142e:c800::642', 'fe80::d430:d8ff:fede:46a7%ens18'], 'guest_driver_version': '525.60.13', 'os_platform': 'Ubuntu 20.04', 'os_version': '20.04.5 LTS (Focal Fossa)', 'host_driver_version': '525.60.12', 'gpu_id_list': ['1E3010DE-133210DE'], 'client_platform_id': '00000000-0000-0000-0000-000000000105', 'hv_platform': 'LINUX_KVM', 'cpu_sockets': 1, 'physical_cores': 16}, 'registration_pending': False, 'update_pending': False}
|
||||
> [ code ]: B210CF72-FEC7-4440-9499-1156D1ACD13A: {'code_challenge': 'hYSKI4kpZcWqPatM5Sc9RSCuzMeyz2piTmrRQKnnHro', 'origin_ref': 'B210CF72-FEC7-4440-9499-1156D1ACD13A'}
|
||||
> [ auth ]: B210CF72-FEC7-4440-9499-1156D1ACD13A (hYSKI4kpZcWqPatM5Sc9RSCuzMeyz2piTmrRQKnnHro): {'auth_code': 'eyJhbGciOiJSUzI1NiIsImtpZCI6IjAwMDAwMDAwLTAwMDAtMDAwMC0wMDAwLTAwMDAwMDAwMDAwMCIsInR5cCI6IkpXVCJ9.eyJpYXQiOjE2NzE1NTUyMTIsImV4cCI6MTY3MTU1NjExMiwiY2hhbGxlbmdlIjoiaFlTS0k0a3BaY1dxUGF0TTVTYzlSU0N1ek1leXoycGlUbXJSUUtubkhybyIsIm9yaWdpbl9yZWYiOiJoWVNLSTRrcFpjV3FQYXRNNVNjOVJTQ3V6TWV5ejJwaVRtclJRS25uSHJvIiwia2V5X3JlZiI6IjAwMDAwMDAwLTAwMDAtMDAwMC0wMDAwLTAwMDAwMDAwMDAwMCIsImtpZCI6IjAwMDAwMDAwLTAwMDAtMDAwMC0wMDAwLTAwMDAwMDAwMDAwMCJ9.G5GvGEBNMUga25EeaJeAbDk9yZuLBLyj5e0OzVfIjS70UOvDb-SvLSEhBv9vZ_rxjTtaWGQGK0iK8VnLce8KfqsxZzael6B5WqfwyQiok3WWIaQarrZZXKihWhgF49zYAIZx_0js1iSjoF9-vNSj8zan7j-miOCOssfPzGgfJqvWNnhR6_2YkCQgJssHMjGT1QxaJBZDVOuvY0ND7r6jxlS_Xze1nWtau1mtC6bu2hM8cxbYUtM-XOC8welCZ8ZOCKkutmVix0weV3TVNfR5vuBUz1QS6B9YC8R-eVVBhN2hl4j7kGZLmZ4TpyLViYEUVZsqGBayVIPeN2BhtqTO9g', 'code_verifier': 'IDiWUb62sjsNYuU/YtZ5YJdvvxE70gR9vEPOQo9+lh/DjMt1c6egVQRyXB0FAaASNB4/ME8YQjGQ1xUOS7ZwI4tjHDBbUXFBvt2DVu8jOlkDmZsNeI2IfQx5HRkz1nRIUlpqUC/m01gAQRYAuR6dbUyrkW8bq9B9cOLSbWzjJ0E'}
|
||||
> [ leases ]: B210CF72-FEC7-4440-9499-1156D1ACD13A (hYSKI4kpZcWqPatM5Sc9RSCuzMeyz2piTmrRQKnnHro): found 0 active leases
|
||||
> [ create ]: B210CF72-FEC7-4440-9499-1156D1ACD13A (hYSKI4kpZcWqPatM5Sc9RSCuzMeyz2piTmrRQKnnHro): create leases for scope_ref_list ['f27e8e79-a662-4e35-a728-7ea14341f0cb']
|
||||
```
|
||||
|
||||
</details>
|
||||
|
122
app/main.py
122
app/main.py
@ -5,6 +5,7 @@ from os.path import join, dirname
|
||||
from os import getenv
|
||||
from fastapi import FastAPI, HTTPException
|
||||
from fastapi.requests import Request
|
||||
from fastapi.encoders import jsonable_encoder
|
||||
import json
|
||||
from datetime import datetime
|
||||
from dateutil.relativedelta import relativedelta
|
||||
@ -29,8 +30,9 @@ def load_key(filename) -> RsaKey:
|
||||
|
||||
# todo: initialize certificate (or should be done by user, and passed through "volumes"?)
|
||||
|
||||
app, db = FastAPI(), dataset.connect('sqlite:///db.sqlite')
|
||||
app, db = FastAPI(), dataset.connect(str(getenv('DATABASE', 'sqlite:///db.sqlite')))
|
||||
|
||||
TOKEN_EXPIRE_DELTA = relativedelta(hours=1) # days=1
|
||||
LEASE_EXPIRE_DELTA = relativedelta(days=int(getenv('LEASE_EXPIRE_DAYS', 90)))
|
||||
|
||||
DLS_URL = str(getenv('DLS_URL', 'localhost'))
|
||||
@ -43,6 +45,12 @@ jwt_encode_key = jwk.construct(INSTANCE_KEY_RSA.export_key().decode('utf-8'), al
|
||||
jwt_decode_key = jwk.construct(INSTANCE_KEY_PUB.export_key().decode('utf-8'), algorithm=ALGORITHMS.RS512)
|
||||
|
||||
|
||||
def get_token(request: Request) -> dict:
|
||||
authorization_header = request.headers['authorization']
|
||||
token = authorization_header.split(' ')[1]
|
||||
return jwt.decode(token=token, key=jwt_decode_key, algorithms='RS256', options={'verify_aud': False})
|
||||
|
||||
|
||||
@app.get('/')
|
||||
async def index():
|
||||
return JSONResponse({'hello': 'world'})
|
||||
@ -53,6 +61,18 @@ async def status(request: Request):
|
||||
return JSONResponse({'status': 'up'})
|
||||
|
||||
|
||||
@app.get('/-/origins')
|
||||
async def _origins(request: Request):
|
||||
response = list(map(lambda x: jsonable_encoder(x), db['origin'].all()))
|
||||
return JSONResponse(response)
|
||||
|
||||
|
||||
@app.get('/-/leases')
|
||||
async def _leases(request: Request):
|
||||
response = list(map(lambda x: jsonable_encoder(x), db['lease'].all()))
|
||||
return JSONResponse(response)
|
||||
|
||||
|
||||
# venv/lib/python3.9/site-packages/nls_core_service_instance/service_instance_token_manager.py
|
||||
@app.get('/client-token')
|
||||
async def client_token():
|
||||
@ -84,10 +104,7 @@ async def client_token():
|
||||
{
|
||||
"idx": 0,
|
||||
"d_name": "DLS",
|
||||
"svc_port_map": [
|
||||
{"service": "auth", "port": DLS_PORT},
|
||||
{"service": "lease", "port": DLS_PORT}
|
||||
]
|
||||
"svc_port_map": [{"service": "auth", "port": DLS_PORT}, {"service": "lease", "port": DLS_PORT}]
|
||||
}
|
||||
],
|
||||
"node_url_list": [{"idx": 0, "url": DLS_URL, "url_qr": DLS_URL, "svc_port_set_idx": 0}]
|
||||
@ -95,11 +112,12 @@ async def client_token():
|
||||
"service_instance_public_key_configuration": service_instance_public_key_configuration,
|
||||
}
|
||||
|
||||
data = jws.sign(payload, key=jwt_encode_key, headers=None, algorithm='RS256')
|
||||
content = jws.sign(payload, key=jwt_encode_key, headers=None, algorithm='RS256')
|
||||
|
||||
response = StreamingResponse(iter([data]), media_type="text/plain")
|
||||
response = StreamingResponse(iter([content]), media_type="text/plain")
|
||||
filename = f'client_configuration_token_{datetime.now().strftime("%d-%m-%y-%H-%M-%S")}'
|
||||
response.headers["Content-Disposition"] = f'attachment; filename={filename}'
|
||||
|
||||
return response
|
||||
|
||||
|
||||
@ -109,20 +127,21 @@ async def client_token():
|
||||
async def auth_origin(request: Request):
|
||||
j = json.loads((await request.body()).decode('utf-8'))
|
||||
|
||||
candidate_origin_ref = j['candidate_origin_ref']
|
||||
print(f'> [ origin ]: {candidate_origin_ref}: {j}')
|
||||
origin_ref = j['candidate_origin_ref']
|
||||
print(f'> [ origin ]: {origin_ref}: {j}')
|
||||
|
||||
data = dict(
|
||||
candidate_origin_ref=candidate_origin_ref,
|
||||
origin_ref=origin_ref,
|
||||
hostname=j['environment']['hostname'],
|
||||
guest_driver_version=j['environment']['guest_driver_version'],
|
||||
os_platform=j['environment']['os_platform'], os_version=j['environment']['os_version']
|
||||
os_platform=j['environment']['os_platform'], os_version=j['environment']['os_version'],
|
||||
)
|
||||
db['origin'].insert_ignore(data, ['candidate_origin_ref'])
|
||||
|
||||
db['origin'].upsert(data, ['origin_ref'])
|
||||
|
||||
cur_time = datetime.utcnow()
|
||||
response = {
|
||||
"origin_ref": candidate_origin_ref,
|
||||
"origin_ref": origin_ref,
|
||||
"environment": j['environment'],
|
||||
"svc_port_set_list": None,
|
||||
"node_url_list": None,
|
||||
@ -130,6 +149,7 @@ async def auth_origin(request: Request):
|
||||
"prompts": None,
|
||||
"sync_timestamp": cur_time.isoformat()
|
||||
}
|
||||
|
||||
return JSONResponse(response)
|
||||
|
||||
|
||||
@ -144,7 +164,8 @@ async def auth_code(request: Request):
|
||||
print(f'> [ code ]: {origin_ref}: {j}')
|
||||
|
||||
cur_time = datetime.utcnow()
|
||||
expires = cur_time + relativedelta(days=1)
|
||||
delta = relativedelta(minutes=15)
|
||||
expires = cur_time + delta
|
||||
|
||||
payload = {
|
||||
'iat': timegm(cur_time.timetuple()),
|
||||
@ -157,11 +178,15 @@ async def auth_code(request: Request):
|
||||
|
||||
auth_code = jws.sign(payload, key=jwt_encode_key, headers={'kid': payload.get('kid')}, algorithm='RS256')
|
||||
|
||||
db['auth'].delete(origin_ref=origin_ref, expires={'<=': cur_time - delta})
|
||||
db['auth'].insert(dict(origin_ref=origin_ref, code_challenge=j['code_challenge'], expires=expires))
|
||||
|
||||
response = {
|
||||
"auth_code": auth_code,
|
||||
"sync_timestamp": cur_time.isoformat(),
|
||||
"prompts": None
|
||||
}
|
||||
|
||||
return JSONResponse(response)
|
||||
|
||||
|
||||
@ -173,15 +198,17 @@ async def auth_token(request: Request):
|
||||
j = json.loads((await request.body()).decode('utf-8'))
|
||||
payload = jwt.decode(token=j['auth_code'], key=jwt_decode_key)
|
||||
|
||||
origin_ref = payload['origin_ref']
|
||||
print(f'> [ auth ]: {origin_ref}: {j}')
|
||||
code_challenge = payload['origin_ref']
|
||||
|
||||
origin_ref = db['auth'].find_one(code_challenge=code_challenge)['origin_ref']
|
||||
print(f'> [ auth ]: {origin_ref} ({code_challenge}): {j}')
|
||||
|
||||
# validate the code challenge
|
||||
if payload['challenge'] != b64enc(sha256(j['code_verifier'].encode('utf-8')).digest()).rstrip(b'=').decode('utf-8'):
|
||||
raise HTTPException(status_code=403, detail='expected challenge did not match verifier')
|
||||
raise HTTPException(status_code=401, detail='expected challenge did not match verifier')
|
||||
|
||||
cur_time = datetime.utcnow()
|
||||
access_expires_on = cur_time + relativedelta(days=1)
|
||||
access_expires_on = cur_time + TOKEN_EXPIRE_DELTA
|
||||
|
||||
new_payload = {
|
||||
'iat': timegm(cur_time.timetuple()),
|
||||
@ -208,30 +235,35 @@ async def auth_token(request: Request):
|
||||
# {'fulfillment_context': {'fulfillment_class_ref_list': []}, 'lease_proposal_list': [{'license_type_qualifiers': {'count': 1}, 'product': {'name': 'NVIDIA RTX Virtual Workstation'}}], 'proposal_evaluation_mode': 'ALL_OF', 'scope_ref_list': ['00112233-4455-6677-8899-aabbccddeeff']}
|
||||
@app.post('/leasing/v1/lessor')
|
||||
async def leasing_lessor(request: Request):
|
||||
j = json.loads((await request.body()).decode('utf-8'))
|
||||
token = jwt.decode(request.headers['authorization'].split(' ')[1], key=jwt_decode_key, algorithms='RS256', options={'verify_aud': False})
|
||||
j, token = json.loads((await request.body()).decode('utf-8')), get_token(request)
|
||||
|
||||
code_challenge = token['origin_ref']
|
||||
scope_ref_list = j['scope_ref_list']
|
||||
print(f'> [ lessor ]: {code_challenge}: {j}')
|
||||
print(f'> {code_challenge}: create leases for scope_ref_list {scope_ref_list}')
|
||||
|
||||
origin_ref = db['auth'].find_one(code_challenge=code_challenge)['origin_ref']
|
||||
|
||||
print(f'> [ create ]: {origin_ref} ({code_challenge}): create leases for scope_ref_list {scope_ref_list}')
|
||||
|
||||
cur_time = datetime.utcnow()
|
||||
lease_result_list = []
|
||||
for scope_ref in scope_ref_list:
|
||||
expires = cur_time + LEASE_EXPIRE_DELTA
|
||||
lease_result_list.append({
|
||||
"ordinal": 0,
|
||||
# https://docs.nvidia.com/license-system/latest/nvidia-license-system-user-guide/index.html
|
||||
"lease": {
|
||||
"ref": scope_ref,
|
||||
"created": cur_time.isoformat(),
|
||||
"expires": (cur_time + LEASE_EXPIRE_DELTA).isoformat(),
|
||||
"expires": expires.isoformat(),
|
||||
# The percentage of the lease period that must elapse before a licensed client can renew a license
|
||||
"recommended_lease_renewal": 0.15,
|
||||
"offline_lease": "true",
|
||||
"license_type": "CONCURRENT_COUNTED_SINGLE"
|
||||
}
|
||||
})
|
||||
data = dict(origin_ref=code_challenge, lease_ref=scope_ref, expires=None, last_update=None)
|
||||
db['leases'].insert_ignore(data, ['origin_ref', 'lease_ref'])
|
||||
|
||||
data = dict(origin_ref=origin_ref, lease_ref=scope_ref, lease_created=cur_time, lease_expires=expires)
|
||||
db['lease'].insert_ignore(data, ['origin_ref', 'lease_ref']) # todo: handle update
|
||||
|
||||
response = {
|
||||
"lease_result_list": lease_result_list,
|
||||
@ -244,24 +276,19 @@ async def leasing_lessor(request: Request):
|
||||
|
||||
|
||||
# venv/lib/python3.9/site-packages/nls_services_lease/test/test_lease_multi_controller.py
|
||||
# venv/lib/python3.9/site-packages/nls_dal_service_instance_dls/schema/service_instance/V1_0_21__product_mapping.sql
|
||||
@app.get('/leasing/v1/lessor/leases')
|
||||
async def leasing_lessor_lease(request: Request):
|
||||
token = jwt.decode(request.headers['authorization'].split(' ')[1], key=key, algorithms='RS256', options={'verify_aud': False})
|
||||
token = get_token(request)
|
||||
|
||||
code_challenge = token['origin_ref']
|
||||
active_lease_list = list(map(lambda x: x['lease_ref'], db['leases'].find(origin_ref=code_challenge)))
|
||||
print(f'> {code_challenge}: found {len(active_lease_list)} active leases')
|
||||
|
||||
if len(active_lease_list) == 0:
|
||||
raise HTTPException(status_code=400, detail="No leases available")
|
||||
origin_ref = db['auth'].find_one(code_challenge=code_challenge)['origin_ref']
|
||||
active_lease_list = list(map(lambda x: x['lease_ref'], db['lease'].find(origin_ref=origin_ref)))
|
||||
print(f'> [ leases ]: {origin_ref} ({code_challenge}): found {len(active_lease_list)} active leases')
|
||||
|
||||
cur_time = datetime.utcnow()
|
||||
# venv/lib/python3.9/site-packages/nls_dal_service_instance_dls/schema/service_instance/V1_0_21__product_mapping.sql
|
||||
response = {
|
||||
# "active_lease_list": [
|
||||
# # "BE276D7B-2CDB-11EC-9838-061A22468B59" # (works on Linux) GRID-Virtual-WS 2.0 CONCURRENT_COUNTED_SINGLE // 'NVIDIA Virtual PC','NVIDIA Virtual PC'
|
||||
# "BE276EFE-2CDB-11EC-9838-061A22468B59" # GRID-Virtual-WS 2.0 CONCURRENT_COUNTED_SINGLE // 'NVIDIA RTX Virtual Workstation','NVIDIA RTX Virtual Workstation
|
||||
# ],
|
||||
"active_lease_list": active_lease_list,
|
||||
"sync_timestamp": cur_time.isoformat(),
|
||||
"prompts": None
|
||||
@ -273,13 +300,15 @@ async def leasing_lessor_lease(request: Request):
|
||||
# venv/lib/python3.9/site-packages/nls_core_lease/lease_single.py
|
||||
@app.put('/leasing/v1/lease/{lease_ref}')
|
||||
async def leasing_lease_renew(request: Request, lease_ref: str):
|
||||
token = jwt.decode(request.headers['authorization'].split(' ')[1], key=jwt_decode_key, algorithms='RS256', options={'verify_aud': False})
|
||||
token = get_token(request)
|
||||
|
||||
code_challenge = token['origin_ref']
|
||||
print(f'> {code_challenge}: renew {lease_ref}')
|
||||
|
||||
if db['leases'].count(lease_ref=lease_ref) == 0:
|
||||
raise HTTPException(status_code=400, detail="No leases available")
|
||||
origin_ref = db['auth'].find_one(code_challenge=code_challenge)['origin_ref']
|
||||
print(f'> [ renew ]: {origin_ref} ({code_challenge}): renew {lease_ref}')
|
||||
|
||||
if db['lease'].count(origin_ref=origin_ref, lease_ref=lease_ref) == 0:
|
||||
raise HTTPException(status_code=404, detail='requested lease not available')
|
||||
|
||||
cur_time = datetime.utcnow()
|
||||
expires = cur_time + LEASE_EXPIRE_DELTA
|
||||
@ -287,26 +316,27 @@ async def leasing_lease_renew(request: Request, lease_ref: str):
|
||||
"lease_ref": lease_ref,
|
||||
"expires": expires.isoformat(),
|
||||
"recommended_lease_renewal": 0.16,
|
||||
# 0.16 = 10 min, 0.25 = 15 min, 0.33 = 20 min, 0.5 = 30 min (should be lower than "LEASE_EXPIRE_DELTA")
|
||||
"offline_lease": True,
|
||||
"prompts": None,
|
||||
"sync_timestamp": cur_time.isoformat(),
|
||||
}
|
||||
|
||||
data = dict(lease_ref=lease_ref, origin_ref=code_challenge, expires=expires, last_update=cur_time)
|
||||
db['leases'].update(data, ['lease_ref'])
|
||||
data = dict(origin_ref=origin_ref, lease_ref=lease_ref, lease_expires=expires, lease_last_update=cur_time)
|
||||
db['lease'].update(data, ['origin_ref', 'lease_ref'])
|
||||
|
||||
return JSONResponse(response)
|
||||
|
||||
|
||||
@app.delete('/leasing/v1/lessor/leases')
|
||||
async def leasing_lessor_lease_remove(request: Request):
|
||||
token = jwt.decode(request.headers['authorization'].split(' ')[1], key=jwt_decode_key, algorithms='RS256', options={'verify_aud': False})
|
||||
token = get_token(request)
|
||||
|
||||
code_challenge = token['origin_ref']
|
||||
released_lease_list = list(map(lambda x: x['lease_ref'], db['leases'].find(origin_ref=code_challenge)))
|
||||
deletions = db['leases'].delete(origin_ref=code_challenge)
|
||||
print(f'> {code_challenge}: removed {deletions} leases')
|
||||
|
||||
origin_ref = db['auth'].find_one(code_challenge=code_challenge)['origin_ref']
|
||||
released_lease_list = list(map(lambda x: x['lease_ref'], db['lease'].find(origin_ref=origin_ref)))
|
||||
deletions = db['lease'].delete(origin_ref=origin_ref)
|
||||
print(f'> [ remove ]: {origin_ref} ({code_challenge}): removed {deletions} leases')
|
||||
|
||||
cur_time = datetime.utcnow()
|
||||
response = {
|
||||
|
Loading…
Reference in New Issue
Block a user