nvidia/nls
2
0
Fork 0
Code Issues Pull Requests Projects Activity

refactorings

Browse Source
This commit is contained in:
Oscar Krause 2025-03-27 08:17:52 +01:00
parent a923e7e321
commit bf34bf30ec
6 changed files with 153 additions and 239 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

154
doc/LATEST.md
View File

@ -1,154 +0,0 @@
# Latest
> For information how to get at a point to reproduce this, please read
> - [README](README.md) or
> - [Setup.md](Setup.md)
[TOC]
# Config-Token
See [config-token.md](config-token.md).
# Certificate and CA-Chain
Certificate has a `public_key` which is not present in any database.
# `master_pwd.bin` and `master_pwd_v100.bin`
There are two files in `/var/lib/docker/overlay2/<nls-container-id>/merged/etc/dls/config`.
When *base64-decoded* both files have a length of **256 bytes**.
If these files are renamed (adding `.bak`) NLS stack will come up normally.
> These files are static and don't change after resetting NLS-Instance
- `master_pwd.bin`
```
RdX1Fng5fYUEq+hSvQcDPdZmKkLfEfVd9k6OU6BG0UpFz1s9fbT5H2fqPBcxFogg
yFNvJnLizyGi0nSLEQQL/+wmYcTnFj0TI5svrKMXLLM2gED8ZozvTyKQNpVZssad
QkLz7Y3qaSFG90OEXD0MU48SgUkfUF4jnyU2jxph72AuI5djjWV+fjfNM60q/nOb
RUrn5hWm4qczga8N6eK6J8hOXNRm+9k2tT4PG+MuqhwdHxfdY9eCnNWVZWfqg3e9
OnRDt/ZZvBg8po4aP21Nobqr0UDkIrwbBa+b/gC6BTF/1/MwoLPmFFNlnnB8yJXs
Gn0aj+WXNuH+Syt+BiNUcQ==
```
- `master_pwd_v100.bin`
```
mht1iKDDsWrp/AVs2h5wpO14FKbIwAQW4yVKEYaDaPIgWQmapRqsm2gqIYgZ8nqb
emRg51JtCdPRzKXFFKswae2wzLj1ldc4ksrVGRFyyh6Kn4bmtZs30tgwIRnuh2PT
XbhVZTQVD2SbiWTBl7SjgVpuUnUdhJWVGnF/0ksMaB3GVlgnVULJnomaUlvgdeL0
NE4PacjTQsfXoRdbjAeE390PcK+Ax8OQATXA9AezXV3EnjRAapOBCRqCb3S+lOVJ
oL0050bYWC85Ijb+SDR3fl1UxQf2XgaKKx2E0/gUy0EtCLtpwT4L0iS2hzKENxgd
B0kFriXRTxdejBmBPl36jQ==
```
# `site_key_uri.bin`
This file also can be found in `/var/lib/docker/overlay2/<nls-container-id>/merged/etc/dls/config`.
When *base64-decoded* this file has a length of **256 bytes**.
If this file is renamed (adding `.bak`) NLS stack will come up normally.
> This file is static and don't change after resetting NLS-Instance
```
0a3MZny/w+hEduuSakCLM5ADlr9oKapdjIrZIM5A7mzq3e8I0UPVb9m6DOXlzJe8
wu+X+gWdIMjPED0GqqyNUQ3MlklaXE1jIvA7NBUeskSdSAACYEX6IZRNVQvSs2Yn
CFKijSQi1d33EmTmVKLwTEqEgD+SR494yDn6AEUZRqNuTMYyNhDYJoIdLons4RG6
m56oy1WRGSdHRiBt/6Mbb2I7BQ+YNsPrq9pI9wdPxbCbyT8UbEPM0/Qo4RSH77lx
+rtqhXsNqrciBxg9iCfYTDBKW7gG8+3U+7OFkPfN7nAYfxEAKKO0z/vPih0KIF12
ipX9bJaK63sIplYtPSBB2A==
```
# Other Code
Interesting is that for encryption the `service_instance.deployment` **Public-Key** is used. For that one, we have no
private key.
see
```diff
public_key_string=si_deployment_public_key.value
```
<details>
<summary>`return_file_export_manager.py`</summary>
```python
class ReturnFileExportManager:
def return_file_export_handler(self, event_args, params, dal):
if 'file_timestamp' not in event_args:
# file_timestamp not in event_args means original request on primary,
# so we get current time as file_timestamp
license_allocation_file_timestamp = datetime.utcnow()
# modify incoming event_args parameter to add file_timestamp,
# so broadcaster to sends file_timestamp to secondary
event_args['file_timestamp'] = license_allocation_file_timestamp
else:
# file_timestamp in event_args means replication call on secondary
# so we use file_timestamp from event_args
license_allocation_file_timestamp = event_args['file_timestamp']
license_allocation_file_xid = self.processor.get_license_file_xid()
log.info(f'Generating license allocation return file: {license_allocation_file_xid}')
# Generate license allocation data
license_allocation = LicenseAllocation()
license_allocation.header = LicenseAllocationHeader(params.license_allotment_xid)
log.info(f'Generating return for license allocation: {params.license_allotment_xid}')
license_allocation.object_list = self._get_object_list(params, dal)
try:
si_deployment_public_key = dal.get_si_artifact_for_license_allotment(
params.license_allotment_xid, si_constants.SERVICE_INSTANCE_DEPLOYMENT_NAMESPACE,
si_constants.ARTIFACT_NAME_PUBLIC_KEY
)
except NotFoundError as ex:
log.error(f'Error fetching artifacts for SI attached to this license allocation return file', ex)
raise BadRequestError("Failed to return license allocation file")
# Build license file payload string
encrypted_payload_str = self.processor.build_license_payload(
license_allocation_file_xid=license_allocation_file_xid,
license_allocation_file_timestamp=license_allocation_file_timestamp,
license_allocation_list=[license_allocation],
public_key_string=si_deployment_public_key.value,
deployment_token="")
# insert LAF record
dal.insert_file_creation_record(license_allocation_file_xid, license_allocation_file_timestamp,
params.license_allotment_xid, encrypted_payload_str)
response = ReturnFileResponse(return_license=encrypted_payload_str)
return response
```
</details>
<details>
<summary>`dls_license_file_installation_dal.py`</summary>
```python
class DlsLicenseFileInstallationDal:
def insert_file_creation_record(self, schema, license_file_xid, license_file_timestamp, license_allotment_xid, license_allocation_file, session=None):
insert_file_creation_record_query = f"""
insert into {schema}.license_allotment_file_publication (xid, license_allotment_xid, publication_detail)
values (:xid, :la_xid, :publication_detail)
on conflict (xid) do update
set license_allotment_xid = :la_xid, publication_detail = :publication_detail
"""
publication_detail_dict = {
'timestamp': license_file_timestamp.isoformat(),
'license': license_allocation_file,
}
publication_detail = json_dumps(publication_detail_dict)
session.execute(insert_file_creation_record_query, {'xid': license_file_xid, 'la_xid': license_allotment_xid, 'publication_detail': publication_detail})
```
</details>

90
doc/LicensingFlow.md
View File

File diff suppressed because one or more lines are too long

6
doc/README.md
View File

@ -1,7 +1,5 @@
# Doc # Doc
> Current status / questions / is in [doc/LATEST.md](LATEST.md)
## My Setup documentation ## My Setup documentation
In [Setup.md](Setup.md) I wrote down every step with each file on my setup. In [Setup.md](Setup.md) I wrote down every step with each file on my setup.
@ -13,4 +11,6 @@ With this detailed guide I hope to understand licensing process and how data and
- [Installation / Docker Setup](DockerSetup.md) - [Installation / Docker Setup](DockerSetup.md)
- [Reverse Engineering Notes](ReverseEngineeringNotes.md) - [Reverse Engineering Notes](ReverseEngineeringNotes.md)
- [Licensing Flow / Process](LicensingFlow.md) - [Licensing Flow / Process](LicensingFlow.md)
- [Instance Token](InstanceToken.md) - [Instance Token](dls_instance_token.md)
- [License File](license.md)
- [Config Token](config-token.md)

140
doc/ReverseEngineeringNotes.md
View File

@ -59,7 +59,7 @@ Valid users are `dls_writer` and `postgres`.
## Table Structure ## Table Structure
Some information about Database / Table structure can be found [here](DatabaseStructure.md). Some information about Database / Table structure can be found [database/Layout.md](database/Layout.md).
# Logging / Stack Trace # Logging / Stack Trace
@ -73,6 +73,52 @@ Some information about Database / Table structure can be found [here](DatabaseSt
Other tools / files which may can helpful, but not known for what they are used. Other tools / files which may can helpful, but not known for what they are used.
## Appliance - `master_pwd.bin` and `master_pwd_v100.bin`
There are two files in `/var/lib/docker/overlay2/<nls-container-id>/merged/etc/dls/config`.
When *base64-decoded* both files have a length of **256 bytes**.
If these files are renamed (adding `.bak`) NLS stack will come up normally.
> These files are static and don't change after resetting NLS-Instance
- `master_pwd.bin`
```
RdX1Fng5fYUEq+hSvQcDPdZmKkLfEfVd9k6OU6BG0UpFz1s9fbT5H2fqPBcxFogg
yFNvJnLizyGi0nSLEQQL/+wmYcTnFj0TI5svrKMXLLM2gED8ZozvTyKQNpVZssad
QkLz7Y3qaSFG90OEXD0MU48SgUkfUF4jnyU2jxph72AuI5djjWV+fjfNM60q/nOb
RUrn5hWm4qczga8N6eK6J8hOXNRm+9k2tT4PG+MuqhwdHxfdY9eCnNWVZWfqg3e9
OnRDt/ZZvBg8po4aP21Nobqr0UDkIrwbBa+b/gC6BTF/1/MwoLPmFFNlnnB8yJXs
Gn0aj+WXNuH+Syt+BiNUcQ==
```
- `master_pwd_v100.bin`
```
mht1iKDDsWrp/AVs2h5wpO14FKbIwAQW4yVKEYaDaPIgWQmapRqsm2gqIYgZ8nqb
emRg51JtCdPRzKXFFKswae2wzLj1ldc4ksrVGRFyyh6Kn4bmtZs30tgwIRnuh2PT
XbhVZTQVD2SbiWTBl7SjgVpuUnUdhJWVGnF/0ksMaB3GVlgnVULJnomaUlvgdeL0
NE4PacjTQsfXoRdbjAeE390PcK+Ax8OQATXA9AezXV3EnjRAapOBCRqCb3S+lOVJ
oL0050bYWC85Ijb+SDR3fl1UxQf2XgaKKx2E0/gUy0EtCLtpwT4L0iS2hzKENxgd
B0kFriXRTxdejBmBPl36jQ==
```
## Appliance - `site_key_uri.bin`
This file also can be found in `/var/lib/docker/overlay2/<nls-container-id>/merged/etc/dls/config`.
When *base64-decoded* this file has a length of **256 bytes**.
If this file is renamed (adding `.bak`) NLS stack will come up normally.
> This file is static and don't change after resetting NLS-Instance
```
0a3MZny/w+hEduuSakCLM5ADlr9oKapdjIrZIM5A7mzq3e8I0UPVb9m6DOXlzJe8
wu+X+gWdIMjPED0GqqyNUQ3MlklaXE1jIvA7NBUeskSdSAACYEX6IZRNVQvSs2Yn
CFKijSQi1d33EmTmVKLwTEqEgD+SR494yDn6AEUZRqNuTMYyNhDYJoIdLons4RG6
m56oy1WRGSdHRiBt/6Mbb2I7BQ+YNsPrq9pI9wdPxbCbyT8UbEPM0/Qo4RSH77lx
+rtqhXsNqrciBxg9iCfYTDBKW7gG8+3U+7OFkPfN7nAYfxEAKKO0z/vPih0KIF12
ipX9bJaK63sIplYtPSBB2A==
```
**Appliance** **Appliance**
- `/etc/dls/config/site_key_uri.bin` - `/etc/dls/config/site_key_uri.bin`
@ -82,6 +128,98 @@ Other tools / files which may can helpful, but not known for what they are used.
- `/etc/dls/config/decryptor/decryptor` - `/etc/dls/config/decryptor/decryptor`
# Other Code
Interesting is that for encryption the `service_instance.deployment` **Public-Key** is used. For that one, we have no
private key.
see
```diff
public_key_string=si_deployment_public_key.value
```
<details>
<summary>`return_file_export_manager.py`</summary>
```python
class ReturnFileExportManager:
def return_file_export_handler(self, event_args, params, dal):
if 'file_timestamp' not in event_args:
# file_timestamp not in event_args means original request on primary,
# so we get current time as file_timestamp
license_allocation_file_timestamp = datetime.utcnow()
# modify incoming event_args parameter to add file_timestamp,
# so broadcaster to sends file_timestamp to secondary
event_args['file_timestamp'] = license_allocation_file_timestamp
else:
# file_timestamp in event_args means replication call on secondary
# so we use file_timestamp from event_args
license_allocation_file_timestamp = event_args['file_timestamp']
license_allocation_file_xid = self.processor.get_license_file_xid()
log.info(f'Generating license allocation return file: {license_allocation_file_xid}')
# Generate license allocation data
license_allocation = LicenseAllocation()
license_allocation.header = LicenseAllocationHeader(params.license_allotment_xid)
log.info(f'Generating return for license allocation: {params.license_allotment_xid}')
license_allocation.object_list = self._get_object_list(params, dal)
try:
si_deployment_public_key = dal.get_si_artifact_for_license_allotment(
params.license_allotment_xid, si_constants.SERVICE_INSTANCE_DEPLOYMENT_NAMESPACE,
si_constants.ARTIFACT_NAME_PUBLIC_KEY
)
except NotFoundError as ex:
log.error(f'Error fetching artifacts for SI attached to this license allocation return file', ex)
raise BadRequestError("Failed to return license allocation file")
# Build license file payload string
encrypted_payload_str = self.processor.build_license_payload(
license_allocation_file_xid=license_allocation_file_xid,
license_allocation_file_timestamp=license_allocation_file_timestamp,
license_allocation_list=[license_allocation],
public_key_string=si_deployment_public_key.value,
deployment_token="")
# insert LAF record
dal.insert_file_creation_record(license_allocation_file_xid, license_allocation_file_timestamp,
params.license_allotment_xid, encrypted_payload_str)
response = ReturnFileResponse(return_license=encrypted_payload_str)
return response
```
</details>
<details>
<summary>`dls_license_file_installation_dal.py`</summary>
```python
class DlsLicenseFileInstallationDal:
def insert_file_creation_record(self, schema, license_file_xid, license_file_timestamp, license_allotment_xid,
license_allocation_file, session=None):
insert_file_creation_record_query = f"""
insert into {schema}.license_allotment_file_publication (xid, license_allotment_xid, publication_detail)
values (:xid, :la_xid, :publication_detail)
on conflict (xid) do update
set license_allotment_xid = :la_xid, publication_detail = :publication_detail
"""
publication_detail_dict = {
'timestamp': license_file_timestamp.isoformat(),
'license': license_allocation_file,
}
publication_detail = json_dumps(publication_detail_dict)
session.execute(insert_file_creation_record_query, {'xid': license_file_xid, 'la_xid': license_allotment_xid,
'publication_detail': publication_detail})
```
</details>
# Usefully commands on Client # Usefully commands on Client
## Check licensing status ## Check licensing status

2
doc/Setup.md
View File

@ -19,7 +19,7 @@ database access.
postgres-nls-si-0: postgres-nls-si-0:
image: dls:pgsql_3.4.1 image: dls:pgsql_3.4.1
restart: always restart: always
+ ports: [ '5432:5432' ] + ports: [ '5432:5432' ]
``` ```
Now you can connect with `<your-instance-ip>:5432` with any Database-Client you want. Now you can connect with `<your-instance-ip>:5432` with any Database-Client you want.

0
doc/DatabaseStructure.md → doc/database/Layout.md
View File