def test_02_scitoken_mapping(self):
core.state['condor-ce.wrote-mapfile'] = False
core.skip_ok_unless_installed('condor', 'htcondor-ce')
self.skip_ok_if(
core.PackageVersion('condor') <= '8.9.4',
'HTCondor version does not support SciToken submission')
condorce_version = core.PackageVersion('htcondor-ce')
scitoken_mapping = 'SCITOKENS {issuer} {local_user}\n'
# Write the mapfile to the admin mapfile directory with the regex format for the issuer
# required by 'CERTIFICATE_MAPFILE_ASSUME_HASH_KEYS = True'
# https://github.com/htcondor/htcondor-ce/pull/425
if condorce_version >= '5.1.0':
match_str = r'/https:\/\/demo.scitokens.org,.*/'
core.config[
'condor-ce.mapfile'] = '/etc/condor-ce/mapfiles.d/01-osg-test.conf'
else:
match_str = '"https://demo.scitokens.org"'
core.config['condor-ce.mapfile'] = '/etc/condor-ce/condor_mapfile'
mapfile_contents = files.read(core.config['condor-ce.mapfile'],
as_single_string=True)
scitoken_mapping += mapfile_contents
files.write(core.config['condor-ce.mapfile'],
scitoken_mapping.format(issuer=match_str,
local_user=core.options.username),
owner='condor-ce',
chmod=0o644)
core.state['condor-ce.wrote-mapfile'] = True
def test_02_condor_ce_run_condor(self):
core.skip_ok_unless_installed('htcondor-ce', 'htcondor-ce-client',
'htcondor-ce-condor', 'condor')
self.skip_bad_unless(service.is_running('condor-ce'), 'ce not running')
self.skip_bad_unless(service.is_running('condor'),
'condor not running')
self.skip_bad_unless(core.state['jobs.env-set'],
'job environment not set')
token_file = core.config['token.condor_write']
self.skip_bad_unless(
core.state['proxy.valid'] or os.path.exists(token_file),
'requires a scitoken or a proxy')
command = [
'condor_ce_run', '--debug', '-r',
'%s:9619' % core.get_hostname(), '/bin/env'
]
if os.path.exists(token_file):
# FIXME: After HTCONDOR-636 is released (targeted for HTCondor-CE 5.1.2),
# we can stop setting _condor_SCITOKENS_FILE
for token_var in ('_condor_SCITOKENS_FILE', 'BEARER_TOKEN_FILE'):
os.environ[token_var] = token_file
else:
core.log_message(
'condor WRITE token not found; skipping SCITOKENS auth')
if core.osg_release() == "3.6" and \
core.PackageVersion('condor') >= '9.0.0' and \
core.PackageVersion('condor') < '9.0.8':
with core.no_x509(core.options.username):
self.run_job_in_tmp_dir(command, 'condor_ce_run a Condor job')
else:
self.run_job_in_tmp_dir(command, 'condor_ce_run a Condor job')
def run_trace(self, *args):
"""Run condor_ce_trace along with any additional *args. If trace completes with a held job, also return output
from 'condor_ce_q -held'.
"""
cwd = os.getcwd()
os.chdir('/tmp')
self.command += ['condor_ce_trace', '--debug'
] + list(args) + [core.get_hostname()]
if core.osg_release() == "3.6" and \
core.PackageVersion('condor') >= '9.0.0' and \
core.PackageVersion('condor') < '9.0.8':
with core.no_x509(core.options.username):
trace_rc, trace_out, trace_err = core.system(self.command,
user=True)
else:
trace_rc, trace_out, trace_err = core.system(self.command,
user=True)
os.chdir(cwd)
if trace_rc:
msg = 'condor_ce_trace failed'
if trace_out.find(', was held'):
msg = 'condor_ce_trace job held'
_, hold_out, hold_err = core.system(('condor_ce_q', '-held'))
self.fail(
core.diagnose(msg, self.command, trace_rc,
str(trace_out) + str(hold_out),
str(trace_err) + str(hold_err)))
return trace_out, trace_err
def test_01_condor_run_pbs(self):
core.skip_ok_unless_installed('condor', 'blahp')
core.skip_ok_unless_installed('torque-mom',
'torque-server',
'torque-scheduler',
by_dependency=True)
self.skip_bad_unless(core.state['jobs.env-set'],
'job environment not set')
self.skip_bad_unless(service.is_running('condor'),
'condor not running')
self.skip_bad_unless(service.is_running('pbs_server'),
'pbs not running')
command = ('condor_run', '-u', 'grid', '-a', 'grid_resource=pbs', '-a',
'periodic_remove=JobStatus==5', '/bin/env')
# Figure out whether the installed BLAHP package is the same as or later
# than "blahp-1.18.11.bosco-4.osg*" (in the RPM sense), because it's the
# first build in which the job environments are correctly passed to PBS.
blahp_pbs_has_env_vars = core.PackageVersion(
'blahp') >= '1.18.11.bosco-4.osg'
self.run_job_in_tmp_dir(command,
'condor_run a Condor job',
verify_environment=blahp_pbs_has_env_vars)
def test_01_slurm_config(self):
self.slurm_reqs()
if core.PackageVersion('slurm') >= '19.05.2':
core.config['slurm.config-dir'] = '/etc'
else:
core.config['slurm.config-dir'] = '/etc/slurm'
core.config['slurm.config'] = os.path.join(
core.config['slurm.config-dir'], 'slurm.conf')
files.write(core.config['slurm.config'],
SLURM_CONFIG % {
'short_hostname': SHORT_HOSTNAME,
'cluster': CLUSTER_NAME,
'ctld_log': CTLD_LOG
},
owner='slurm',
chmod=0o644)
core.config['cgroup.config'] = os.path.join(
core.config['slurm.config-dir'], 'cgroup.conf')
config = SLURM_CGROUPS_CONFIG
if core.el_release() == 6:
config += "\nCgroupMountpoint=/cgroup"
files.write(core.config['cgroup.config'],
config,
owner='slurm',
chmod=0o644)
core.config['cgroup_allowed_devices_file.conf'] = os.path.join(
core.config['slurm.config-dir'],
'cgroup_allowed_devices_file.conf')
files.write(core.config['cgroup_allowed_devices_file.conf'],
SLURM_CGROUPS_DEVICE_CONFIG,
owner='slurm',
chmod=0o644)
def setUp(self):
core.skip_ok_unless_installed("osg-xrootd-standalone",
by_dependency=True)
if core.rpm_is_installed("xcache"):
self.skip_ok_if(
core.PackageVersion("xcache") >= "1.0.2",
"xcache 1.0.2+ configs conflict with xrootd tests")
def test_01_configure_xrootd(self):
core.state['xrootd.is-configured'] = False
core.config['xrootd.security'] = set()
core.config['certs.xrootdcert'] = '/etc/grid-security/xrd/xrdcert.pem'
core.config['certs.xrootdkey'] = '/etc/grid-security/xrd/xrdkey.pem'
# rootdir and resourcename needs to be set early for the default osg-xrootd config
core.config['xrootd.config'] = '/etc/xrootd/config.d/10-osg-test.cfg'
core.config['xrootd.logging-config'] = '/etc/xrootd/config.d/99-logging.cfg'
core.config['xrootd.service-defaults'] = '/etc/sysconfig/xrootd'
core.config['xrootd.multiuser'] = False
core.state['xrootd.backups-exist'] = False
core.state['xrootd.had-failures'] = False
core.config['xrootd.public_subdir'] = "public"
core.config['xrootd.user_subdir'] = core.options.username
core.config['xrootd.vo_subdir'] = voms.VONAME
core.config['xrootd.authfile'] = '/etc/xrootd/Authfile'
self.skip_ok_unless(core.state['user.verified'], "Test user not available")
xrootd_user = pwd.getpwnam("xrootd")
xrootd_config = STANDALONE_XROOTD_CFG_TEXT
if core.dependency_is_installed("voms-clients"):
core.config['xrootd.security'].add("GSI")
if core.PackageVersion("xrootd-scitokens") >= "5":
core.config['xrootd.security'].add("SCITOKENS")
if voms.can_make_proxy():
core.config['xrootd.security'].add("VOMS")
self.skip_ok_unless(core.config['xrootd.security'], "No xrootd security available")
core.install_cert('certs.xrootdcert', 'certs.hostcert', 'xrootd', 0o644)
core.install_cert('certs.xrootdkey', 'certs.hostkey', 'xrootd', 0o400)
files.write(core.config['xrootd.logging-config'], XROOTD_LOGGING_CFG_TEXT, owner='xrootd', backup=True, chmod=0o644)
files.write(core.config['xrootd.config'], xrootd_config, owner='xrootd', backup=True, chmod=0o644)
files.write(core.config['xrootd.authfile'], AUTHFILE_TEXT, owner="xrootd", chown=(xrootd_user.pw_uid, xrootd_user.pw_gid), chmod=0o644)
try:
shutil.rmtree(xrootd.ROOTDIR)
except FileNotFoundError:
pass
public_dir = f"{xrootd.ROOTDIR}/{core.config['xrootd.public_subdir']}"
files.safe_makedirs(xrootd.ROOTDIR)
os.chmod(xrootd.ROOTDIR, 0o755)
files.safe_makedirs(public_dir)
os.chmod(public_dir, 0o1777)
user_dir = f"{xrootd.ROOTDIR}/{core.config['xrootd.user_subdir']}"
files.safe_makedirs(user_dir)
os.chmod(user_dir, 0o770)
vo_dir = f"{xrootd.ROOTDIR}/{core.config['xrootd.vo_subdir']}"
files.safe_makedirs(vo_dir)
os.chmod(vo_dir, 0o1777)
core.system(["chown", "-R", "xrootd:xrootd", xrootd.ROOTDIR])
os.chown(user_dir, core.state["user.uid"], xrootd_user.pw_gid)
core.check_system(["find", xrootd.ROOTDIR, "-ls"], f"Couldn't dump contents of {xrootd.ROOTDIR}")
core.state['xrootd.backups-exist'] = True
core.state['xrootd.is-configured'] = True
def test_01_request_condor_write_scitoken(self):
core.state['token.condor_write_created'] = False
core.config['token.condor_write'] = '/tmp/condor_write.scitoken'
core.skip_ok_unless_installed('htcondor-ce', 'condor')
self.skip_ok_if(
core.PackageVersion('condor') <= '8.9.4',
'HTCondor version does not support SciToken submission')
self.skip_ok_if(os.path.exists(core.config['token.condor_write']),
'SciToken with HTCondor WRITE already exists')
hostname = core.get_hostname()
try:
token = request_demo_scitoken('condor:/READ condor:/WRITE',
audience=f'{hostname}:9619')
except error.URLError as exc:
self.fail(
f"Failed to request token from demo.scitokens.org:\n{exc}")
ids = (0, 0)
if core.state['user.verified']:
user = pwd.getpwnam(core.options.username)
ids = (user.pw_uid, user.pw_gid)
files.write(core.config['token.condor_write'],
core.to_str(token),
backup=False,
chown=ids)
core.state['token.condor_write_created'] = True
def setUp(self):
core.skip_ok_unless_installed("stash-origin",
"stash-cache",
"stashcache-client",
by_dependency=True)
if core.rpm_is_installed("xcache"):
self.skip_ok_if(
core.PackageVersion("xcache") < "1.0.2", "needs xcache 1.0.2+")
def test_05_stashcp(self):
command = ["stashcp", "-d"]
if core.PackageVersion('stashcache-client') < '5.1.0-5':
command.append("--cache=root://localhost")
name, contents = self.testfiles[3]
path = os.path.join(getcfg("OriginExport"), name)
with tempfile.NamedTemporaryFile(mode="r+b") as tf:
core.check_system(command + [path, tf.name], "Checking stashcp")
result = tf.read()
self.assertEqualVerbose(core.to_str(result), contents,
"stashcp'ed file mismatch")
self.assertCached(name, contents)
def test_03_configure_multiuser(self):
core.skip_ok_unless_installed('xrootd-multiuser',
'globus-proxy-utils',
by_dependency=True)
if core.PackageVersion("xrootd-multiuser") < "1.0.0-0":
xrootd_multiuser_conf = "xrootd.fslib libXrdMultiuser.so default"
else:
xrootd_multiuser_conf = "ofs.osslib ++ libXrdMultiuser.so\n" \
"ofs.ckslib ++ libXrdMultiuser.so"
files.append(core.config['xrootd.config'],
xrootd_multiuser_conf,
owner='xrootd',
backup=False)
core.config['xrootd.multiuser'] = True
def test_02_old_xrootd_policy(self):
core.skip_ok_unless_installed('xrootd-lcmaps', *self.required_rpms)
self.skip_ok_if(core.PackageVersion('xrootd-lcmaps') >= '1.4.0')
files.append(core.config['lcmaps.db'],
'''xrootd_policy:
verifyproxynokey -> banfile
banfile -> banvomsfile | bad
banvomsfile -> gridmapfile | bad
gridmapfile -> good | vomsmapfile
vomsmapfile -> good | defaultmapfile
defaultmapfile -> good | bad
''',
backup=False)
def test_03b_xrdcp_upload_scitoken_authenticated(self):
self.skip_unless_security("SCITOKENS")
xrootd_url = xroot_url(TestXrootd.user_copied_file_scitoken)
command = ('xrdcp', '--force', '--debug', '2', TestXrootd.__data_path,
xrootd_url)
with core.no_x509(core.options.username):
# TODO: Passing token contents with $BEARER_TOKEN or having the token be in /tmp/bt_u$UID is currently
# broken (token is not found/not used). Using $BEARER_TOKEN_FILE or having the token be in
# $X509_RUNTIME_DIR/bt_u$UID works. Bug report forthcoming.
with core.environ_context({
"BEARER_TOKEN":
core.state['token.xrootd_contents'],
"BEARER_TOKEN_FILE":
None
}):
message = "xrdcp upload to user dir with scitoken in BEARER_TOKEN"
expected_exit = 0
if core.PackageVersion("xrootd-libs") <= "5.3.2":
message += " (expected failure)"
expected_exit = ERR_AUTH_FAIL
core.check_system(command,
message,
exit=expected_exit,
user=True)
with core.environ_context({
"BEARER_TOKEN_FILE":
core.config['token.xrootd'],
"BEARER_TOKEN":
None
}):
message = "xrdcp upload to user dir with scitoken file in BEARER_TOKEN_FILE"
expected_exit = 0
core.check_system(command,
message,
exit=expected_exit,
user=True)
# TODO: Test token discovery at $X509_RUNTIME_DIR/bt_u$UID and /tmp/bt_u$UID
self.assert_(os.path.exists(TestXrootd.user_copied_file_scitoken),
"Uploaded file missing")
def setUp(self):
if core.rpm_is_installed("xcache"):
self.skip_ok_if(
core.PackageVersion("xcache") >= "1.0.2",
"xcache 1.0.2+ configs conflict with xrootd tests")
def test_01_configure(self):
if core.PackageVersion('stash-cache') >= '1.1.0':
caching_plugin_cfg_path = "/etc/xrootd/config.d/40-stash-cache-plugin.cfg"
http_cfg_path = "/etc/xrootd/config.d/50-osg-http.cfg"
else:
caching_plugin_cfg_path = "/etc/xrootd/config.d/40-osg-caching-plugin.cfg"
http_cfg_path = "/etc/xrootd/config.d/40-osg-http.cfg"
for key, val in PARAMS.items():
setcfg(key, val)
# Create dirs
for d in [
PARAMS["OriginRootdir"], PARAMS["CacheRootdir"],
os.path.join(PARAMS["OriginRootdir"],
PARAMS["OriginExport"].lstrip("/")),
os.path.join(PARAMS["OriginRootdir"],
PARAMS["OriginAuthExport"].lstrip("/")),
os.path.join(PARAMS["CacheRootdir"],
PARAMS["OriginDummyExport"].lstrip("/")),
os.path.dirname(CACHES_JSON_PATH)
]:
files.safe_makedirs(d)
core.system([
"chown", "-R", "xrootd:xrootd", PARAMS["OriginRootdir"],
PARAMS["CacheRootdir"]
])
filelist = []
setcfg("filelist", filelist)
# Modify filelist in-place with .append so changes get into core.config too
# Delete the lines we can't override
for path, regexp in [
(XROOTD_ORIGIN_CFG_PATH, "^\s*all.manager.+$"),
(http_cfg_path, "^\s*xrd.protocol.+$"),
(caching_plugin_cfg_path,
"^\s*(ofs.osslib|pss.cachelib|pss.origin).+$"),
]:
files.replace_regexpr(path, regexp, "", owner=NAMESPACE)
filelist.append(path)
# Write our new files
for path, contents in [
(PARAMS_CFG_PATH, PARAMS_CFG_CONTENTS),
(PRE_CFG_PATH, PRE_CFG_CONTENTS),
(ORIGIN_AUTHFILE_PATH, ORIGIN_AUTHFILE_CONTENTS),
(ORIGIN_PUBLIC_AUTHFILE_PATH, ORIGIN_PUBLIC_AUTHFILE_CONTENTS),
(CACHE_AUTHFILE_PATH, CACHE_AUTHFILE_CONTENTS),
(CACHE_PUBLIC_AUTHFILE_PATH, CACHE_PUBLIC_AUTHFILE_CONTENTS),
(CACHES_JSON_PATH, CACHES_JSON_CONTENTS)
]:
files.write(path, contents, owner=NAMESPACE, chmod=0o644)
filelist.append(path)
# Install certs. Normally done in the xrootd tests but they conflict with the StashCache tests
# (both use the same config dir)
core.config['certs.xrootdcert'] = '/etc/grid-security/xrd/xrdcert.pem'
core.config['certs.xrootdkey'] = '/etc/grid-security/xrd/xrdkey.pem'
core.install_cert('certs.xrootdcert', 'certs.hostcert', 'xrootd',
0o644)
core.install_cert('certs.xrootdkey', 'certs.hostkey', 'xrootd', 0o400)
