Skip to content

Commit

Permalink
fix: sets the security env variables as first
Browse files Browse the repository at this point in the history
  • Loading branch information
fstagni committed Oct 31, 2023
1 parent 88c63e0 commit ab41787
Show file tree
Hide file tree
Showing 2 changed files with 48 additions and 43 deletions.
45 changes: 3 additions & 42 deletions Pilot/pilotCommands.py
Original file line number Diff line number Diff line change
Expand Up @@ -206,6 +206,7 @@ def execute(self):
)
self.exitWithError(1)


class InstallDIRAC(CommandBase):
""" Source from CVMFS, or install locally
"""
Expand Down Expand Up @@ -525,7 +526,7 @@ class ConfigureBasics(CommandBase):
It calls dirac-configure to:
* download, by default, the CAs
* (maybe) download the CAs
* creates a standard or custom (defined by self.pp.localConfigFile) cfg file
(by default 'pilot.cfg') to be used where all the pilot configuration is to be set, e.g.:
* adds to it basic info like the version
Expand Down Expand Up @@ -604,37 +605,6 @@ def _getBasicsCFG(self):
if self.pp.wnVO:
self.cfg.append('-o "/Resources/Computing/CEDefaults/VirtualOrganization=%s"' % self.pp.wnVO)

def __checkSecurityDir(self, envName, dirName):

if envName in os.environ and safe_listdir(os.environ[envName]):
self.log.debug(
"%s is set in the host environment as %s, aligning installEnv to it"
% (envName, os.environ[envName])
)
self.pp.installEnv[envName] = os.environ[envName]
else:
self.log.debug("%s is not set in the host environment" % envName)
# try and find it
for candidate in self.pp.CVMFS_locations:
candidateDir = os.path.join(candidate,
'etc/grid-security',
dirName)
self.log.debug(
"Candidate directory for %s is %s"
% (envName, candidateDir)
)
if safe_listdir(candidateDir):

self.log.debug("Setting %s=%s" % (envName, candidateDir))
self.pp.installEnv[envName] = candidateDir
os.environ[envName] = candidateDir
break
self.log.debug("%s not found or not a directory" % candidateDir)

if envName not in self.pp.installEnv:
self.log.error("Could not find/set %s" % envName)
sys.exit(1)

def _getSecurityCFG(self):
""" Sets security-related env variables, if needed
"""
Expand All @@ -644,17 +614,8 @@ def _getSecurityCFG(self):
self.cfg.append("-o /DIRAC/Security/CertFile=%s/hostcert.pem" % self.pp.certsLocation)
self.cfg.append("-o /DIRAC/Security/KeyFile=%s/hostkey.pem" % self.pp.certsLocation)

# If DIRAC (or its extension) is installed in CVMFS:
# If DIRAC (or its extension) is installed in CVMFS do not download VOMS and CAs
if self.pp.preinstalledEnv:

self.__checkSecurityDir("X509_CERT_DIR", "certificates")
self.__checkSecurityDir("X509_VOMS_DIR", "vomsdir")
self.__checkSecurityDir("X509_VOMSES", "vomses")
# This is needed for the integration tests
self.pp.installEnv["DIRAC_VOMSES"] = self.pp.installEnv["X509_VOMSES"]
os.environ["DIRAC_VOMSES"] = os.environ["X509_VOMSES"]

# In any case do not download VOMS and CAs
self.cfg.append("-DMH")


Expand Down
46 changes: 45 additions & 1 deletion Pilot/pilotTools.py
Original file line number Diff line number Diff line change
Expand Up @@ -939,6 +939,50 @@ def __init__(self):
# Command line can override options from JSON
self.__initCommandLine2()

# If DIRAC (or its extension) is installed in CVMFS:
if self.preinstalledEnv or self.preinstalledEnvPrefix:
self.__checkSecurityDir("X509_CERT_DIR", "certificates")
self.__checkSecurityDir("X509_VOMS_DIR", "vomsdir")
self.__checkSecurityDir("X509_VOMSES", "vomses")
# This is needed for the integration tests
self.installEnv["DIRAC_VOMSES"] = self.installEnv["X509_VOMSES"]
os.environ["DIRAC_VOMSES"] = os.environ["X509_VOMSES"]

if self.useServerCertificate:
self.installEnv["X509_USER_PROXY"] = os.path.join(self.certsLocation, "hostcert.pem")
os.environ["X509_USER_PROXY"] = os.path.join(self.certsLocation, "hostcert.pem")

def __checkSecurityDir(self, envName, dirName):

if envName in os.environ and safe_listdir(os.environ[envName]):
self.log.debug(
"%s is set in the host environment as %s, aligning installEnv to it"
% (envName, os.environ[envName])
)
self.installEnv[envName] = os.environ[envName]
else:
self.log.debug("%s is not set in the host environment" % envName)
# try and find it
for candidate in self.CVMFS_locations:
candidateDir = os.path.join(candidate,
'etc/grid-security',
dirName)
self.log.debug(
"Candidate directory for %s is %s"
% (envName, candidateDir)
)
if safe_listdir(candidateDir):
self.log.debug("Setting %s=%s" % (envName, candidateDir))
self.installEnv[envName] = candidateDir
os.environ[envName] = candidateDir
break
self.log.debug("%s not found or not a directory" % candidateDir)

if envName not in self.installEnv:
self.log.error("Could not find/set %s" % envName)
sys.exit(1)


def __initCommandLine1(self):
"""Parses and interpret options on the command line: first pass (essential things)"""

Expand Down Expand Up @@ -1184,7 +1228,7 @@ def __getVO(self):
except IOError as err:
self.log.error("Could not read a proxy, setting vo to 'unknown': ", os.strerror(err.errno))
else:
self.log.error("Could not locate a proxy via X509_USER_PROXY, setting vo to 'unknown' ")
self.log.error("Could not locate a proxy via X509_USER_PROXY")

# is there a token, and can we get a VO from the token?
# TBD
Expand Down

0 comments on commit ab41787

Please sign in to comment.