def test_05_start_tomcat(self):
core.skip_ok_unless_installed(tomcat.pkgname())
core.state['tomcat.started'] = False
catalina_log = tomcat.catalinafile()
initial_stat = core.get_stat(catalina_log)
tomcat_sentinel = r'Server startup in \d+ ms'
# Bump log level
core.config['tomcat.logging-conf'] = os.path.join(tomcat.sysconfdir(), 'logging.properties')
files.append(core.config['tomcat.logging-conf'], 'org.apache.catalina.level = %s\n' % 'FINER',
owner='tomcat', backup=True)
old_str = "1catalina.org.apache.juli.FileHandler.prefix = catalina."
repl_str = ("1catalina.org.apache.juli.FileHandler.prefix = catalina\n"
"1catalina.org.apache.juli.FileHandler.rotatable = false")
files.replace(core.config['tomcat.logging-conf'], old_str, repl_str,
owner='tomcat', backup=False)
service.check_start(tomcat.pkgname())
if core.options.nightly:
timeout = 3600.0
else:
timeout = 1200.0
line, gap = core.monitor_file(catalina_log, initial_stat, tomcat_sentinel, timeout)
self.assert_(line is not None, 'Tomcat did not start within the %d min window' % int(timeout/60))
core.state['tomcat.started'] = True
core.log_message('Tomcat started after %.1f seconds' % gap)
def test_01_cvmfs_probe(self):
default_local = '/etc/cvmfs/default.local'
probe_repos = ",".join(
['atlas.cern.ch', 'cms.cern.ch', 'oasis.opensciencegrid.org'])
# Test depends on oasis-config to access the oasis.opensciencegrid.org
# repo. This is an external service, so the requirement should be
# removed as part of SOFTWARE-1108.
core.skip_ok_unless_installed('cvmfs')
core.skip_ok_unless_installed('cvmfs-keys',
'oasis-config',
by_dependency=True)
command = ('cat', default_local)
status, stdout, stderr = core.system(command, False)
# Dave Dykstra suggested running cvmfs probe against a different
# set of repositories than are currently set up, so we modify them
# just for this test. (See SOFTWARE-1097)
# In the future, this test might be removed since we do not want
# to depend on external services, and it's redundant to probe the
# repos that we have already mounted.
files.replace(default_local,
'CVMFS_REPOSITORIES=cms.cern.ch',
'CVMFS_REPOSITORIES=' + probe_repos,
owner='cvmfsprobe')
try:
command = ('cvmfs_config', 'probe')
status, stdout, stderr = core.system(command, False)
self.assertEqual(
status, 0,
core.diagnose('cvmfs probe', command, status, stdout, stderr))
finally:
files.restore(default_local, 'cvmfsprobe')
def test_01_cvmfs_probe(self):
default_local = '/etc/cvmfs/default.local'
probe_repos = ",".join([
'atlas.cern.ch',
'cms.cern.ch',
'oasis.opensciencegrid.org'])
# Test depends on oasis-config to access the oasis.opensciencegrid.org
# repo. This is an external service, so the requirement should be
# removed as part of SOFTWARE-1108.
core.skip_ok_unless_installed('cvmfs')
core.skip_ok_unless_installed('cvmfs-keys', 'oasis-config', by_dependency=True)
command = ('cat', default_local)
status, stdout, stderr = core.system(command, False)
# Dave Dykstra suggested running cvmfs probe against a different
# set of repositories than are currently set up, so we modify them
# just for this test. (See SOFTWARE-1097)
# In the future, this test might be removed since we do not want
# to depend on external services, and it's redundant to probe the
# repos that we have already mounted.
files.replace(
default_local,
'CVMFS_REPOSITORIES=cms.cern.ch',
'CVMFS_REPOSITORIES=' + probe_repos,
owner='cvmfsprobe')
try:
command = ('cvmfs_config', 'probe')
status, stdout, stderr = core.system(command, False)
self.assertEqual(status, 0, core.diagnose('cvmfs probe', command, status, stdout, stderr))
finally:
files.restore(default_local, 'cvmfsprobe')
def test_06_config_misc_file(self):
core.skip_ok_unless_installed('osg-info-services')
core.skip_ok_unless_one_installed(*self.possible_rpms)
core.config['osg-info-services.misc-file'] = '/etc/osg/config.d/10-misc.ini'
files.replace(core.config['osg-info-services.misc-file'],
'gums_host = DEFAULT',
'gums_host = ' + core.get_hostname(),
owner='root')
def test_05_gums_configuration(self):
core.skip_ok_unless_installed('gums-service')
core.config['gums.config-file'] = '/etc/gums/gums.config'
files.replace(core.config['gums.config-file'],
' accountName=\'GumsTestUserMappingSuccessful\'/>',
" accountName=\'" + core.options.username + "\'/>",
owner='gums')
def test_04_modify_bestman_conf(self):
core.skip_ok_unless_installed('bestman2-server', 'bestman2-client',
'gums-service')
bestman_rc_path = '/etc/bestman2/conf/bestman2.rc'
old_port = 'securePort=8443'
new_port = 'securePort=10443'
files.replace(bestman_rc_path, old_port, new_port, backup=False)
old_gridmap = 'GridMapFileName=/etc/bestman2/conf/grid-mapfile.empty'
new_gridmap = 'GridMapFileName=/etc/grid-security/grid-mapfile'
files.replace(bestman_rc_path, old_gridmap, new_gridmap, backup=False)
files.replace(bestman_rc_path,
'eventLogLevel=INFO',
'eventLogLevel=DEBUG',
backup=False)
core.system(('cat', bestman_rc_path))
env_file = '/etc/sysconfig/bestman2'
old_auth = 'BESTMAN_GUMS_ENABLED=yes'
new_auth = 'BESTMAN_GUMS_ENABLED=no'
files.replace(env_file, old_auth, new_auth, backup=False)
log4j_path = '/etc/bestman2/properties/log4j.properties'
log4j_contents = files.read(log4j_path, as_single_string=True)
log4j_contents = log4j_contents.replace('FATAL', 'INFO')
files.write(log4j_path, log4j_contents, backup=False)
def test_05_start_tomcat(self):
core.skip_ok_unless_installed(tomcat.pkgname())
core.state['tomcat.started'] = False
catalina_log = tomcat.catalinafile()
initial_stat = core.get_stat(catalina_log)
tomcat_sentinel = r'Server startup in \d+ ms'
# Bump log level
core.config['tomcat.logging-conf'] = os.path.join(
tomcat.sysconfdir(), 'logging.properties')
files.append(core.config['tomcat.logging-conf'],
'org.apache.catalina.level = %s\n' % 'FINER',
owner='tomcat',
backup=True)
old_str = "1catalina.org.apache.juli.FileHandler.prefix = catalina."
repl_str = ("1catalina.org.apache.juli.FileHandler.prefix = catalina\n"
"1catalina.org.apache.juli.FileHandler.rotatable = false")
files.replace(core.config['tomcat.logging-conf'],
old_str,
repl_str,
owner='tomcat',
backup=False)
service.check_start(tomcat.pkgname())
if core.options.nightly:
timeout = 3600.0
else:
timeout = 1200.0
line, gap = core.monitor_file(catalina_log, initial_stat,
tomcat_sentinel, timeout)
self.assert_(
line is not None, 'Tomcat did not start within the %d min window' %
int(timeout / 60))
core.state['tomcat.started'] = True
core.log_message('Tomcat started after %.1f seconds' % gap)
def test_04_modify_bestman_conf(self):
core.skip_ok_unless_installed('bestman2-server', 'bestman2-client')
bestman_rc_path = '/etc/bestman2/conf/bestman2.rc'
old_port = 'securePort=8443'
new_port = 'securePort=10443'
files.replace(bestman_rc_path, old_port, new_port, backup=False)
old_gridmap = 'GridMapFileName=/etc/bestman2/conf/grid-mapfile.empty'
new_gridmap = 'GridMapFileName=/etc/grid-security/grid-mapfile'
files.replace(bestman_rc_path, old_gridmap, new_gridmap, backup=False)
files.replace(bestman_rc_path, 'eventLogLevel=INFO', 'eventLogLevel=DEBUG', backup=False)
core.system(('cat', bestman_rc_path))
env_file = '/etc/sysconfig/bestman2'
old_auth = 'BESTMAN_GUMS_ENABLED=yes'
new_auth = 'BESTMAN_GUMS_ENABLED=no'
files.replace(env_file, old_auth, new_auth, backup=False)
log4j_path = '/etc/bestman2/properties/log4j.properties'
log4j_contents = files.read(log4j_path, as_single_string=True)
log4j_contents = log4j_contents.replace('FATAL', 'INFO')
files.write(log4j_path, log4j_contents, backup=False)
def test_04_modify_bestman_conf(self):
if core.missing_rpm('bestman2-server', 'bestman2-client',
'voms-clients'):
core.skip('Bestman not installed')
return
bestman_rc_path = '/etc/bestman2/conf/bestman2.rc'
env_file = '/etc/sysconfig/bestman2'
old_port = 'securePort=8443'
new_port = 'securePort=10443'
old_gridmap = 'GridMapFileName=/etc/bestman2/conf/grid-mapfile.empty'
new_gridmap = 'GridMapFileName=/etc/grid-security/grid-mapfile'
old_auth = 'BESTMAN_GUMS_ENABLED=yes'
new_auth = 'BESTMAN_GUMS_ENABLED=no'
files.replace(bestman_rc_path, old_port, new_port, backup=False)
files.replace(bestman_rc_path, old_gridmap, new_gridmap, backup=False)
files.replace(env_file, old_auth, new_auth, backup=False)
def test_08_config_site_info_file(self):
core.skip_ok_unless_installed('osg-info-services')
core.skip_ok_unless_one_installed(*self.possible_rpms)
core.config['osg-info-services.siteinfo-file'] = '/etc/osg/config.d/40-siteinfo.ini'
files.replace(core.config['osg-info-services.siteinfo-file'],
'group = OSG',
'group = OSG-ITB',
owner='root')
files.replace_regexpr(core.config['osg-info-services.siteinfo-file'],
'host_name = *',
'host_name = ' + core.get_hostname(),
backup=False)
files.replace(core.config['osg-info-services.siteinfo-file'],
'sponsor = UNAVAILABLE',
'sponsor = mis:100',
backup=False)
files.replace(core.config['osg-info-services.siteinfo-file'],
'contact = UNAVAILABLE',
'contact = Lando Calrissian',
backup=False)
files.replace(core.config['osg-info-services.siteinfo-file'],
'email = UNAVAILABLE',
'email = [email protected]',
backup=False)
files.replace(core.config['osg-info-services.siteinfo-file'],
'city = UNAVAILABLE',
'city = Cloud City',
backup=False)
files.replace(core.config['osg-info-services.siteinfo-file'],
'country = UNAVAILABLE',
'country = Bespin',
backup=False)
files.replace_regexpr(core.config['osg-info-services.siteinfo-file'],
'longitude =*',
'longitude = -1',
backup=False)
files.replace(core.config['osg-info-services.siteinfo-file'],
'latitude = UNAVAILABLE',
'latitude = 45',
backup=False)
def test_07_ping_with_gums(self):
core.state['condor-ce.gums-auth'] = False
self.general_requirements()
core.skip_ok_unless_installed('gums-service')
# Setting up GUMS auth using the instructions here:
# https://opensciencegrid.github.io/docs/compute-element/install-htcondor-ce/#authentication-with-gums
hostname = core.get_hostname()
lcmaps_contents = '''gumsclient = "lcmaps_gums_client.mod"
"-resourcetype ce"
"-actiontype execute-now"
"-capath /etc/grid-security/certificates"
"-cert /etc/grid-security/hostcert.pem"
"-key /etc/grid-security/hostkey.pem"
"--cert-owner root"
# Change this URL to your GUMS server
"--endpoint https://%s:8443/gums/services/GUMSXACMLAuthorizationServicePort"
verifyproxy = "lcmaps_verify_proxy.mod"
"--allow-limited-proxy"
" -certdir /etc/grid-security/certificates"
# lcmaps policies require at least two modules, so these are here to
# fill in if only one module is needed. "good | bad" has no effect.
good = "lcmaps_dummy_good.mod"
bad = "lcmaps_dummy_bad.mod"
authorize_only:
## Policy 1: GUMS but not SAZ (most common, default)
gumsclient -> good | bad
''' % hostname
gums_properties_contents = '''gums.location=https://%s:8443/gums/services/GUMSAdmin
gums.authz=https://%s:8443/gums/services/GUMSXACMLAuthorizationServicePort
''' % (hostname, hostname)
core.config['condor-ce.lcmapsdb'] = '/etc/lcmaps.db'
core.config['condor-ce.gums-properties'] = '/etc/gums/gums-client.properties'
core.config['condor-ce.gsi-authz'] = '/etc/grid-security/gsi-authz.conf'
files.write(core.config['condor-ce.lcmapsdb'], lcmaps_contents, owner='condor-ce.gums')
files.write(core.config['condor-ce.gums-properties'], gums_properties_contents, owner='condor-ce')
files.replace(core.config['condor-ce.gsi-authz'],
'# globus_mapping liblcas_lcmaps_gt4_mapping.so lcmaps_callout',
'globus_mapping liblcas_lcmaps_gt4_mapping.so lcmaps_callout',
owner='condor-ce')
try:
core.state['condor-ce.gums-auth'] = True
service.check_stop('condor-ce')
stat = core.get_stat(core.config['condor-ce.collectorlog'])
service.check_start('condor-ce')
# Wait for the schedd to come back up
self.failUnless(condor.wait_for_daemon(core.config['condor-ce.collectorlog'], stat, 'Schedd', 300.0),
'Schedd failed to restart within the 1 min window')
command = ('condor_ce_ping', 'WRITE', '-verbose')
stdout, _, _ = core.check_system(command, 'ping using GSI and gridmap', user=True)
self.assert_(re.search(r'Authorized:\s*TRUE', stdout), 'could not authorize with GSI')
finally:
files.restore(core.config['condor-ce.lcmapsdb'], 'condor-ce.gums')
files.restore(core.config['condor-ce.gsi-authz'], 'condor-ce')
files.restore(core.config['condor-ce.gums-properties'], 'condor-ce')
def test_07_ping_with_gums(self):
core.state['condor-ce.gums-auth'] = False
self.general_requirements()
core.skip_ok_unless_installed('gums-service')
# Setting up GUMS auth using the instructions here:
# https://opensciencegrid.github.io/docs/compute-element/install-htcondor-ce/#authentication-with-gums
hostname = core.get_hostname()
lcmaps_contents = '''gumsclient = "lcmaps_gums_client.mod"
"-resourcetype ce"
"-actiontype execute-now"
"-capath /etc/grid-security/certificates"
"-cert /etc/grid-security/hostcert.pem"
"-key /etc/grid-security/hostkey.pem"
"--cert-owner root"
# Change this URL to your GUMS server
"--endpoint https://%s:8443/gums/services/GUMSXACMLAuthorizationServicePort"
verifyproxy = "lcmaps_verify_proxy.mod"
"--allow-limited-proxy"
" -certdir /etc/grid-security/certificates"
# lcmaps policies require at least two modules, so these are here to
# fill in if only one module is needed. "good | bad" has no effect.
good = "lcmaps_dummy_good.mod"
bad = "lcmaps_dummy_bad.mod"
authorize_only:
## Policy 1: GUMS but not SAZ (most common, default)
gumsclient -> good | bad
''' % hostname
gums_properties_contents = '''gums.location=https://%s:8443/gums/services/GUMSAdmin
gums.authz=https://%s:8443/gums/services/GUMSXACMLAuthorizationServicePort
''' % (hostname, hostname)
core.config['condor-ce.lcmapsdb'] = '/etc/lcmaps.db'
core.config['condor-ce.gums-properties'] = '/etc/gums/gums-client.properties'
core.config['condor-ce.gsi-authz'] = '/etc/grid-security/gsi-authz.conf'
files.write(core.config['condor-ce.lcmapsdb'], lcmaps_contents, owner='condor-ce.gums')
files.write(core.config['condor-ce.gums-properties'], gums_properties_contents, owner='condor-ce')
files.replace(core.config['condor-ce.gsi-authz'],
'# globus_mapping liblcas_lcmaps_gt4_mapping.so lcmaps_callout',
'globus_mapping liblcas_lcmaps_gt4_mapping.so lcmaps_callout',
owner='condor-ce')
try:
core.state['condor-ce.gums-auth'] = True
service.check_stop('condor-ce')
stat = core.get_stat(core.config['condor-ce.collectorlog'])
service.check_start('condor-ce')
# Wait for the schedd to come back up
self.failUnless(condor.wait_for_daemon(core.config['condor-ce.collectorlog'], stat, 'Schedd', 300.0),
'Schedd failed to restart within the 1 min window')
command = ('condor_ce_ping', 'WRITE', '-verbose')
stdout, _, _ = core.check_system(command, 'ping using GSI and gridmap', user=True)
self.assert_(re.search(r'Authorized:\s*TRUE', stdout), 'could not authorize with GSI')
finally:
files.restore(core.config['condor-ce.lcmapsdb'], 'condor-ce.gums')
files.restore(core.config['condor-ce.gsi-authz'], 'condor-ce')
files.restore(core.config['condor-ce.gums-properties'], 'condor-ce')