Example #1
0
    def __call__(self):
        """execute RPC stub"""
        # # decode arguments
        try:
            decode, length = DEncode.decode(self.operation.Arguments)
            self.log.debug("decoded len=%s val=%s" % (length, decode))
        except ValueError as error:
            self.log.exception(error)
            self.operation.Error = str(error)
            self.operation.Status = "Failed"
            return S_ERROR(str(error))

        # Ensure the forwarded request is done on behalf of the request owner
        decode[0][1]["delegatedDN"] = self.request.OwnerDN
        decode[0][1]["delegatedGroup"] = self.request.OwnerGroup

        # ForwardDiset is supposed to be used with a host certificate
        useServerCertificate = gConfig.useServerCertificate()
        gConfigurationData.setOptionInCFG(
            "/DIRAC/Security/UseServerCertificate", "true")
        forward = executeRPCStub(decode)
        if not useServerCertificate:
            gConfigurationData.setOptionInCFG(
                "/DIRAC/Security/UseServerCertificate", "false")

        if not forward["OK"]:
            self.log.error(
                "unable to execute operation",
                "'%s' : %s" % (self.operation.Type, forward["Message"]))
            self.operation.Error = forward["Message"]
            return forward
        self.log.info("DISET forwarding done")
        self.operation.Status = "Done"
        return S_OK()
Example #2
0
 def getLFCRegisteredDNs(self):
     #Request a proxy
     if gConfig.useServerCertificate():
         if not self.__generateProxy():
             return False
     #Execute the call
     cmdEnv = dict(os.environ)
     cmdEnv['LFC_HOST'] = 'lfc-egee.in2p3.fr'
     if os.path.isfile(self.proxyLocation):
         cmdEnv['X509_USER_PROXY'] = self.proxyLocation
     lfcDNs = []
     try:
         retlfc = Subprocess.systemCall(30, ('lfc-listusrmap', ),
                                        env=cmdEnv)
         if not retlfc['OK']:
             self.log.fatal('Can not get LFC User List', retlfc['Message'])
             return retlfc
         if retlfc['Value'][0]:
             self.log.fatal('Can not get LFC User List', retlfc['Value'][2])
             return S_ERROR("lfc-listusrmap failed")
         else:
             for item in List.fromChar(retlfc['Value'][1], '\n'):
                 dn = item.split(' ', 1)[1]
                 lfcDNs.append(dn)
         return S_OK(lfcDNs)
     finally:
         if os.path.isfile(self.proxyLocation):
             self.log.info("Destroying proxy...")
             os.unlink(self.proxyLocation)
Example #3
0
 def initialize(self):
     if self.__initialized['OK']:
         return self.__initialized
     if not gConfig.useServerCertificate():
         res = self.__getProxyID()
     else:
         res = self.__getCertificateID()
     if not res:
         self.__initialized = S_ERROR("Cannot locate client credentials")
         return self.__initialized
     retVal = gConfig.getOption("/DIRAC/Configuration/MasterServer")
     if not retVal['OK']:
         self.__initialized = S_ERROR(
             "Master server is not known. Is everything initialized?")
         return self.__initialized
     self.__rpcClient = RPCClient(
         gConfig.getValue("/DIRAC/Configuration/MasterServer", ""))
     self.__csMod = Modificator(
         self.__rpcClient,
         "%s - %s - %s" % (self.__userGroup, self.__userDN,
                           Time.dateTime().strftime("%Y-%m-%d %H:%M:%S")))
     retVal = self.downloadCSData()
     if not retVal['OK']:
         self.__initialized = S_ERROR(
             "Can not download the remote cfg. Is everything initialized?")
         return self.__initialized
     self.__initialized = S_OK()
     return self.__initialized
Example #4
0
    def wrapped_fcn(*args, **kwargs):

        # Get the lock and acquire it
        executionLock = LockRing().getLock("_UseUserProxy_", recursive=True)
        executionLock.acquire()

        # Check if the caller is executing with the host certificate
        useServerCertificate = gConfig.useServerCertificate()
        if useServerCertificate:
            gConfigurationData.setOptionInCFG(
                "/DIRAC/Security/UseServerCertificate", "false")

        try:
            return fcn(*args, **kwargs)
        except Exception as lException:  # pylint: disable=broad-except
            value = ",".join([str(arg) for arg in lException.args])
            exceptType = lException.__class__.__name__
            return S_ERROR("Exception - %s: %s" % (exceptType, value))
        finally:
            # Restore the default host certificate usage if necessary
            if useServerCertificate:
                gConfigurationData.setOptionInCFG(
                    "/DIRAC/Security/UseServerCertificate", "true")
            # release the lock
            executionLock.release()
Example #5
0
    def initialize(self):
        """API initialization

        :return: S_OK()/S_ERROR()
        """
        if self.__initialized["OK"]:
            return self.__initialized
        res = self.__getCertificateID() if gConfig.useServerCertificate(
        ) else self.__getProxyID()
        if not res["OK"]:
            gLogger.error(res["Message"])
            self.__initialized = S_ERROR("Cannot locate client credentials")
            return self.__initialized
        retVal = gConfig.getOption("/DIRAC/Configuration/MasterServer")
        if not retVal["OK"]:
            self.__initialized = S_ERROR(
                "Master server is not known. Is everything initialized?")
            return self.__initialized
        self.__rpcClient = ConfigurationClient(
            url=gConfig.getValue("/DIRAC/Configuration/MasterServer", ""))
        self.__csMod = Modificator(
            self.__rpcClient,
            "%s - %s - %s" %
            (self.__userGroup, self.__userDN,
             datetime.datetime.utcnow().strftime("%Y-%m-%d %H:%M:%S")),
        )
        retVal = self.downloadCSData()
        if not retVal["OK"]:
            self.__initialized = S_ERROR(
                "Can not download the remote cfg. Is everything initialized?")
            return self.__initialized
        self.__initialized = S_OK()
        return self.__initialized
Example #6
0
 def getLFCRegisteredDNs( self ):
   #Request a proxy
   if gConfig.useServerCertificate():
     if not self.__generateProxy():
       return False
   #Execute the call
   cmdEnv = dict( os.environ )
   cmdEnv['LFC_HOST'] = 'lfc-egee.in2p3.fr'
   if os.path.isfile( self.proxyLocation ):
     cmdEnv[ 'X509_USER_PROXY' ] = self.proxyLocation
   lfcDNs = []
   try:
     retlfc = Subprocess.systemCall( 30, ( 'lfc-listusrmap', ), env = cmdEnv )
     if not retlfc['OK']:
       self.log.fatal( 'Can not get LFC User List', retlfc['Message'] )
       return retlfc
     if retlfc['Value'][0]:
       self.log.fatal( 'Can not get LFC User List', retlfc['Value'][2] )
       return S_ERROR( "lfc-listusrmap failed" )
     else:
       for item in List.fromChar( retlfc['Value'][1], '\n' ):
         dn = item.split( ' ', 1 )[1]
         lfcDNs.append( dn )
     return S_OK( lfcDNs )
   finally:
     if os.path.isfile( self.proxyLocation ):
       self.log.info( "Destroying proxy..." )
       os.unlink( self.proxyLocation )
Example #7
0
  def wrapped_fcn( *args, **kwargs ):

    userName = kwargs.pop( 'proxyUserName', '' )
    userDN = kwargs.pop( 'proxyUserDN', '' )
    userGroup = kwargs.pop( 'proxyUserGroup', '' )
    vomsFlag = kwargs.pop( 'proxyWithVOMS', True )
    proxyFilePath = kwargs.pop( 'proxyFilePath', False )

    if ( userName or userDN ) and userGroup:

      # Setup user proxy
      originalUserProxy = os.environ.get( 'X509_USER_PROXY' )
      if not userDN:
        result = getDNForUsername( userName )
        if not result[ 'OK' ]:
          return result
        userDN = result[ 'Value' ][0]
      vomsAttr = ''
      if vomsFlag:
        vomsAttr = getVOMSAttributeForGroup( userGroup )

      if vomsAttr:
        result = gProxyManager.downloadVOMSProxyToFile( userDN, userGroup,
                                                        requiredVOMSAttribute = vomsAttr,
                                                        filePath = proxyFilePath,
                                                        requiredTimeLeft = 3600,
                                                        cacheTime =  3600 )
      else:
        result = gProxyManager.downloadProxyToFile( userDN, userGroup,
                                                    filePath = proxyFilePath,
                                                    requiredTimeLeft = 3600,
                                                    cacheTime =  3600 )

      if not result['OK']:
        gLogger.warn( "Can't download proxy to file", result['Message'] )
        return result

      proxyFile = result['Value']
      os.environ['X509_USER_PROXY'] = proxyFile

      # Check if the caller is executing with the host certificate
      useServerCertificate = gConfig.useServerCertificate()
      if useServerCertificate:
        gConfigurationData.setOptionInCFG( '/DIRAC/Security/UseServerCertificate', 'false' )

      try:
        resultFcn = fcn( *args, **kwargs )
      except Exception, x:
        resultFcn = S_ERROR( "Exception: %s" % str( x ) )

      # Restore the default host certificate usage if necessary
      if useServerCertificate:
        gConfigurationData.setOptionInCFG( '/DIRAC/Security/UseServerCertificate', 'true' )
      if originalUserProxy:
        os.environ['X509_USER_PROXY'] = originalUserProxy
      else:
        os.environ.pop( 'X509_USER_PROXY' )

      return resultFcn
Example #8
0
    def wrapped_fcn(*args, **kwargs):

        userName = kwargs.pop("proxyUserName", "")
        userGroup = kwargs.pop("proxyUserGroup", "")
        vomsFlag = kwargs.pop("proxyWithVOMS", True)
        proxyFilePath = kwargs.pop("proxyFilePath", False)

        if userName and userGroup:

            # Setup user proxy
            originalUserProxy = os.environ.get("X509_USER_PROXY")
            result = getDNForUsername(userName)
            if not result["OK"]:
                return result
            userDN = result["Value"][0]
            vomsAttr = ""
            if vomsFlag:
                vomsAttr = getVOMSAttributeForGroup(userGroup)

            if vomsAttr:
                result = gProxyManager.downloadVOMSProxyToFile(
                    userDN,
                    userGroup,
                    requiredVOMSAttribute=vomsAttr,
                    filePath=proxyFilePath,
                    requiredTimeLeft=3600,
                    cacheTime=3600,
                )
            else:
                result = gProxyManager.downloadProxyToFile(
                    userDN, userGroup, filePath=proxyFilePath, requiredTimeLeft=3600, cacheTime=3600
                )

            if not result["OK"]:
                return result

            proxyFile = result["Value"]
            os.environ["X509_USER_PROXY"] = proxyFile

            # Check if the caller is executing with the host certificate
            useServerCertificate = gConfig.useServerCertificate()
            if useServerCertificate:
                gConfigurationData.setOptionInCFG("/DIRAC/Security/UseServerCertificate", "false")

            try:
                resultFcn = fcn(*args, **kwargs)
            except Exception, x:
                resultFcn = S_ERROR("Exception: %s" % str(x))

            # Restore the default host certificate usage if necessary
            if useServerCertificate:
                gConfigurationData.setOptionInCFG("/DIRAC/Security/UseServerCertificate", "true")
            if originalUserProxy:
                os.environ["X509_USER_PROXY"] = originalUserProxy
            else:
                os.environ.pop("X509_USER_PROXY")

            return resultFcn
Example #9
0
    def wrapped_fcn(*args, **kwargs):

        userName = kwargs.pop('proxyUserName', '')
        userDN = kwargs.pop('proxyUserDN', '')
        userGroup = kwargs.pop('proxyUserGroup', '')
        vomsFlag = kwargs.pop('proxyWithVOMS', True)
        proxyFilePath = kwargs.pop('proxyFilePath', False)

        if (userName or userDN) and userGroup:

            # Setup user proxy
            originalUserProxy = os.environ.get('X509_USER_PROXY')
            if userDN:
                userDNs = [userDN]
            else:
                result = getDNForUsername(userName)
                if not result['OK']:
                    return result
                userDNs = result[
                    'Value']  # a same user may have more than one DN
            vomsAttr = ''
            if vomsFlag:
                vomsAttr = getVOMSAttributeForGroup(userGroup)

            result = getProxy(userDNs, userGroup, vomsAttr, proxyFilePath)

            if not result['OK']:
                return result

            proxyFile = result['Value']
            os.environ['X509_USER_PROXY'] = proxyFile

            # Check if the caller is executing with the host certificate
            useServerCertificate = gConfig.useServerCertificate()
            if useServerCertificate:
                gConfigurationData.setOptionInCFG(
                    '/DIRAC/Security/UseServerCertificate', 'false')

            try:
                return fcn(*args, **kwargs)
            except Exception as lException:  #pylint: disable=broad-except
                value = ','.join([str(arg) for arg in lException.args])
                exceptType = lException.__class__.__name__
                return S_ERROR("Exception - %s: %s" % (exceptType, value))
            finally:
                # Restore the default host certificate usage if necessary
                if useServerCertificate:
                    gConfigurationData.setOptionInCFG(
                        '/DIRAC/Security/UseServerCertificate', 'true')
                if originalUserProxy:
                    os.environ['X509_USER_PROXY'] = originalUserProxy
                else:
                    os.environ.pop('X509_USER_PROXY')

        else:
            # No proxy substitution requested
            return fcn(*args, **kwargs)
Example #10
0
  def wrapped_fcn( *args, **kwargs ):

    userName = kwargs.pop( 'proxyUserName', '' )
    userGroup = kwargs.pop( 'proxyUserGroup', '' )
    vomsFlag = kwargs.pop( 'proxyWithVOMS', True )
    proxyFilePath = kwargs.pop( 'proxyFilePath', False )

    if userName and userGroup:

      # Setup user proxy
      originalUserProxy = os.environ.get( 'X509_USER_PROXY' )
      result = getDNForUsername( userName )
      if not result[ 'OK' ]:
        return result
      userDN = result[ 'Value' ][0]
      vomsAttr = ''
      if vomsFlag:
        vomsAttr = getVOMSAttributeForGroup( userGroup )

      if vomsAttr:
        result = gProxyManager.downloadVOMSProxyToFile( userDN, userGroup,
                                                        requiredVOMSAttribute = vomsAttr,
                                                        filePath = proxyFilePath,
                                                        requiredTimeLeft = 3600,
                                                        cacheTime =  3600 )
      else:
        result = gProxyManager.downloadProxyToFile( userDN, userGroup,
                                                    filePath = proxyFilePath,
                                                    requiredTimeLeft = 3600,
                                                    cacheTime =  3600 )

      if not result['OK']:
        return result

      proxyFile = result['Value']
      os.environ['X509_USER_PROXY'] = proxyFile

      # Check if the caller is executing with the host certificate
      useServerCertificate = gConfig.useServerCertificate()
      if useServerCertificate:
        gConfigurationData.setOptionInCFG( '/DIRAC/Security/UseServerCertificate', 'false' )

      try:
        resultFcn = fcn( *args, **kwargs )
      except Exception, x:
        resultFcn = S_ERROR( "Exception: %s" % str( x ) )

      # Restore the default host certificate usage if necessary
      if useServerCertificate:
        gConfigurationData.setOptionInCFG( '/DIRAC/Security/UseServerCertificate', 'true' )
      if originalUserProxy:
        os.environ['X509_USER_PROXY'] = originalUserProxy
      else:
        os.environ.pop( 'X509_USER_PROXY' )

      return resultFcn
Example #11
0
  def wrapped_fcn( *args, **kwargs ):

    userName = kwargs.pop( 'proxyUserName', '' )
    userDN = kwargs.pop( 'proxyUserDN', '' )
    userGroup = kwargs.pop( 'proxyUserGroup', '' )
    vomsFlag = kwargs.pop( 'proxyWithVOMS', True )
    proxyFilePath = kwargs.pop( 'proxyFilePath', False )

    if ( userName or userDN ) and userGroup:

      # Setup user proxy
      originalUserProxy = os.environ.get( 'X509_USER_PROXY' )
      if userDN:
        userDNs = [userDN]
      else:
        result = getDNForUsername( userName )
        if not result[ 'OK' ]:
          return result
        userDNs = result['Value'] # a same user may have more than one DN
      vomsAttr = ''
      if vomsFlag:
        vomsAttr = getVOMSAttributeForGroup( userGroup )

      result = getProxy(userDNs, userGroup, vomsAttr, proxyFilePath)

      if not result['OK']:
        return result

      proxyFile = result['Value']
      os.environ['X509_USER_PROXY'] = proxyFile

      # Check if the caller is executing with the host certificate
      useServerCertificate = gConfig.useServerCertificate()
      if useServerCertificate:
        gConfigurationData.setOptionInCFG( '/DIRAC/Security/UseServerCertificate', 'false' )

      try:
        return fcn( *args, **kwargs )
      except Exception as lException:
        value = ','.join( [str( arg ) for arg in lException.args] )
        exceptType = lException.__class__.__name__
        return S_ERROR( "Exception - %s: %s" % ( exceptType, value ) )
      finally:
        # Restore the default host certificate usage if necessary
        if useServerCertificate:
          gConfigurationData.setOptionInCFG( '/DIRAC/Security/UseServerCertificate', 'true' )
        if originalUserProxy:
          os.environ['X509_USER_PROXY'] = originalUserProxy
        else:
          os.environ.pop( 'X509_USER_PROXY' )

    else:
      # No proxy substitution requested
      return fcn( *args, **kwargs )
Example #12
0
class ForwardDISET(OperationHandlerBase):
    """
  .. class:: ForwardDISET

  functor forwarding DISET operations
  """
    def __init__(self, operation=None, csPath=None):
        """ c'tor

    :param Operation operation: an Operation instance
    :param str csPath: CS path for this handler
    """
        # # call base class c'tor
        OperationHandlerBase.__init__(self, operation, csPath)

    def __call__(self):
        """ execute RPC stub """
        # # decode arguments
        try:
            decode, length = DEncode.decode(self.operation.Arguments)
            self.log.debug("decoded len=%s val=%s" % (length, decode))
        except ValueError, error:
            self.log.exception(error)
            self.operation.Error = str(error)
            self.operation.Status = "Failed"
            return S_ERROR(str(error))

        # ForwardDiset is supposed to be used with a host certificate
        useServerCertificate = gConfig.useServerCertificate()
        gConfigurationData.setOptionInCFG(
            '/DIRAC/Security/UseServerCertificate', 'true')
        forward = executeRPCStub(decode)
        if not useServerCertificate:
            gConfigurationData.setOptionInCFG(
                '/DIRAC/Security/UseServerCertificate', 'false')

        if not forward["OK"]:
            self.log.error(
                "unable to execute operation",
                "'%s' : %s" % (self.operation.Type, forward["Message"]))
            self.operation.Error = forward["Message"]
            return forward
        self.log.info("DISET forwarding done")
        self.operation.Status = "Done"
        return S_OK()
Example #13
0
 def initialize( self ):
   if not gConfig.useServerCertificate():
     res = self.__getProxyID()
   else:
     res = self.__getCertificateID()
   if not res:
     return False
   retVal = gConfig.getOption( "/DIRAC/Configuration/MasterServer" )
   if not retVal[ 'OK' ]:
     gLogger.warn( "Master server is not known. Is everything initialized?" )
     return False
   self.__rpcClient = RPCClient( gConfig.getValue( "/DIRAC/Configuration/MasterServer", "" ) )
   self.__csMod = Modificator( self.__rpcClient, "%s - %s" % ( self.__userGroup, self.__userDN ) )
   retVal = self.downloadCSData()
   if not retVal[ 'OK' ]:
     gLogger.error( "Can not download the remote cfg. Is everything initialized?" )
     return False
   return True
Example #14
0
def _putProxy(userDN=None,
              userName=None,
              userGroup=None,
              vomsFlag=None,
              proxyFilePath=None,
              executionLockFlag=False):
    """Download proxy, place in a file and populate X509_USER_PROXY environment variable.

    Parameters like `userProxy` or `executeWithUserProxy`.
    :returns: Tuple of originalUserProxy, useServerCertificate, executionLock
    """
    # Setup user proxy
    if userDN:
        userDNs = [userDN]
    else:
        result = getDNForUsername(userName)
        if not result["OK"]:
            return result
        userDNs = result["Value"]  # a same user may have more than one DN

    vomsAttr = ""
    if vomsFlag:
        vomsAttr = getVOMSAttributeForGroup(userGroup)

    result = getProxy(userDNs, userGroup, vomsAttr, proxyFilePath)

    if not result["OK"]:
        return result

    executionLock = LockRing().getLock(
        "_UseUserProxy_", recursive=True) if executionLockFlag else None
    if executionLockFlag:
        executionLock.acquire()

    os.environ["X509_USER_PROXY"], originalUserProxy = result[
        "Value"], os.environ.get("X509_USER_PROXY")

    # Check if the caller is executing with the host certificate
    useServerCertificate = gConfig.useServerCertificate()
    if useServerCertificate:
        gConfigurationData.setOptionInCFG(
            "/DIRAC/Security/UseServerCertificate", "false")

    return S_OK((originalUserProxy, useServerCertificate, executionLock))
Example #15
0
 def initialize( self ):
   if self.__initialized[ 'OK' ]:
     return self.__initialized
   if not gConfig.useServerCertificate():
     res = self.__getProxyID()
   else:
     res = self.__getCertificateID()
   if not res:
     self.__initialized = S_ERROR( "Cannot locate client credentials" )
     return self.__initialized
   retVal = gConfig.getOption( "/DIRAC/Configuration/MasterServer" )
   if not retVal[ 'OK' ]:
     self.__initialized = S_ERROR( "Master server is not known. Is everything initialized?" )
     return self.__initialized
   self.__rpcClient = RPCClient( gConfig.getValue( "/DIRAC/Configuration/MasterServer", "" ) )
   self.__csMod = Modificator( self.__rpcClient, "%s - %s" % ( self.__userGroup, self.__userDN ) )
   retVal = self.downloadCSData()
   if not retVal[ 'OK' ]:
     self.__initialized = S_ERROR( "Can not download the remote cfg. Is everything initialized?" )
     return self.__initialized
   self.__initialized = S_OK()
   return self.__initialized
Example #16
0
def main():
    userParams = Params()
    userParams.registerCLISwitches()

    # Check time
    deviation = getClockDeviation()
    if not deviation["OK"]:
        gLogger.warn(deviation["Message"])
    elif deviation["Value"] > 60:
        gLogger.fatal(f"Your host's clock seems to deviate by {(int(deviation['Value']) / 60):.0f} minutes!")
        sys.exit(1)

    Script.disableCS()
    Script.parseCommandLine(ignoreErrors=True)
    # It's server installation?
    if gConfig.useServerCertificate():
        # In this case you do not need to login.
        gLogger.notice("You should not need to run this command in a DIRAC server. Exiting.")
        DIRAC.exit(1)

    userParams.group, userParams.scopes = Script.getPositionalArgs(group=True)
    # If you have chosen to use a certificate then a proxy will be generated locally using the specified certificate
    if userParams.authWith == "certificate":
        result = userParams.loginWithCertificate()

    # Otherwise, you must log in to the authorization server to gain access
    else:
        result = userParams.doOAuthMagic()

    # Print authorization status
    if result["OK"] and userParams.enableCS:
        result = userParams.getAuthStatus()

    if not result["OK"]:
        print(HTML(f"<red>{result['Message']}</red>"))
        sys.exit(1)

    userParams.howToSwitch()
    sys.exit(0)
Example #17
0
 def initialize(self):
     if not gConfig.useServerCertificate():
         res = self.__getProxyID()
     else:
         res = self.__getCertificateID()
     if not res:
         return False
     retVal = gConfig.getOption("/DIRAC/Configuration/MasterServer")
     if not retVal['OK']:
         gLogger.warn(
             "Master server is not known. Is everything initialized?")
         return False
     self.__rpcClient = RPCClient(
         gConfig.getValue("/DIRAC/Configuration/MasterServer", ""))
     self.__csMod = Modificator(
         self.__rpcClient, "%s - %s" % (self.__userGroup, self.__userDN))
     retVal = self.downloadCSData()
     if not retVal['OK']:
         gLogger.error(
             "Can not download the remote cfg. Is everything initialized?")
         return False
     return True
Example #18
0
  def wrapped_fcn( *args, **kwargs ):

    # Get the lock and acquire it
    executionLock = LockRing().getLock( '_UseUserProxy_', recursive = True )
    executionLock.acquire()

    # Check if the caller is executing with the host certificate
    useServerCertificate = gConfig.useServerCertificate()
    if useServerCertificate:
      gConfigurationData.setOptionInCFG( '/DIRAC/Security/UseServerCertificate', 'false' )

    try:
      return fcn( *args, **kwargs )
    except Exception as lException:  # pylint: disable=broad-except
      value = ','.join( [str( arg ) for arg in lException.args] )
      exceptType = lException.__class__.__name__
      return S_ERROR( "Exception - %s: %s" % ( exceptType, value ) )
    finally:
      # Restore the default host certificate usage if necessary
      if useServerCertificate:
        gConfigurationData.setOptionInCFG( '/DIRAC/Security/UseServerCertificate', 'true' )
      # release the lock
      executionLock.release()
Example #19
0
def _putProxy(userDN=None, userName=None, userGroup=None, vomsFlag=None, proxyFilePath=None, executionLockFlag=False):
  """Download proxy, place in a file and populate X509_USER_PROXY environment variable.

  Parameters like `userProxy` or `executeWithUserProxy`.
  :returns: Tuple of originalUserProxy, useServerCertificate, executionLock
  """
  # Setup user proxy
  if userDN:
    userDNs = [userDN]
  else:
    result = getDNForUsername(userName)
    if not result['OK']:
      return result
    userDNs = result['Value']  # a same user may have more than one DN

  vomsAttr = ''
  if vomsFlag:
    vomsAttr = getVOMSAttributeForGroup(userGroup)

  result = getProxy(userDNs, userGroup, vomsAttr, proxyFilePath)

  if not result['OK']:
    return result

  executionLock = LockRing().getLock('_UseUserProxy_', recursive=True) if executionLockFlag else None
  if executionLockFlag:
    executionLock.acquire()

  os.environ['X509_USER_PROXY'], originalUserProxy = result['Value'], os.environ.get('X509_USER_PROXY')

  # Check if the caller is executing with the host certificate
  useServerCertificate = gConfig.useServerCertificate()
  if useServerCertificate:
    gConfigurationData.setOptionInCFG('/DIRAC/Security/UseServerCertificate', 'false')

  return S_OK((originalUserProxy, useServerCertificate, executionLock))
Example #20
0
    def __call__(self):
        """ request processing """

        self.log.debug("about to execute request")
        gMonitor.addMark("RequestAtt", 1)

        # # setup proxy for request owner
        setupProxy = self.setupProxy()
        if not setupProxy["OK"]:
            self.request.Error = setupProxy["Message"]
            if 'has no proxy registered' in setupProxy["Message"]:
                self.log.error('Request set to Failed:', setupProxy["Message"])
                # If user is no longer registered, fail the request
                for operation in self.request:
                    for opFile in operation:
                        opFile.Status = 'Failed'
                    operation.Status = 'Failed'
            else:
                self.log.error(setupProxy["Message"])
            return S_OK(self.request)
        shifter = setupProxy["Value"]["Shifter"]
        proxyFile = setupProxy["Value"]["ProxyFile"]

        error = None
        while self.request.Status == "Waiting":

            # # get waiting operation
            operation = self.request.getWaiting()
            if not operation["OK"]:
                self.log.error(operation["Message"])
                return operation
            operation = operation["Value"]
            self.log.info("executing operation #%s '%s'" %
                          (operation.Order, operation.Type))

            # # and handler for it
            handler = self.getHandler(operation)
            if not handler["OK"]:
                self.log.error("unable to process operation %s: %s" %
                               (operation.Type, handler["Message"]))
                # gMonitor.addMark( "%s%s" % ( operation.Type, "Fail" ), 1 )
                operation.Error = handler["Message"]
                break

            handler = handler["Value"]
            # # set shifters list in the handler
            handler.shifter = shifter
            # # and execute
            pluginName = self.getPluginName(
                self.handlersDict.get(operation.Type))
            if self.standalone:
                useServerCertificate = gConfig.useServerCertificate()
            else:
                # Always use server certificates if executed within an agent
                useServerCertificate = True
            try:
                if pluginName:
                    gMonitor.addMark("%s%s" % (pluginName, "Att"), 1)
                # Always use request owner proxy
                if useServerCertificate:
                    gConfigurationData.setOptionInCFG(
                        '/DIRAC/Security/UseServerCertificate', 'false')
                exe = handler()
                if useServerCertificate:
                    gConfigurationData.setOptionInCFG(
                        '/DIRAC/Security/UseServerCertificate', 'true')
                if not exe["OK"]:
                    self.log.error("unable to process operation %s: %s" %
                                   (operation.Type, exe["Message"]))
                    if pluginName:
                        gMonitor.addMark("%s%s" % (pluginName, "Fail"), 1)
                    gMonitor.addMark("RequestFail", 1)
                    if self.request.JobID:
                        # Check if the job exists
                        monitorServer = RPCClient(
                            "WorkloadManagement/JobMonitoring",
                            useCertificates=True)
                        res = monitorServer.getJobPrimarySummary(
                            int(self.request.JobID))
                        if not res["OK"]:
                            self.log.error(
                                "RequestTask: Failed to get job %d status" %
                                self.request.JobID)
                        elif not res['Value']:
                            self.log.warn(
                                "RequestTask: job %d does not exist (anymore): failed request"
                                % self.request.JobID)
                            for opFile in operation:
                                opFile.Status = 'Failed'
                            if operation.Status != 'Failed':
                                operation.Status = 'Failed'
                            self.request.Error = 'Job no longer exists'
            except Exception as error:
                self.log.exception("hit by exception: %s" % str(error))
                if pluginName:
                    gMonitor.addMark("%s%s" % (pluginName, "Fail"), 1)
                gMonitor.addMark("RequestFail", 1)
                if useServerCertificate:
                    gConfigurationData.setOptionInCFG(
                        '/DIRAC/Security/UseServerCertificate', 'true')
                break

            # # operation status check
            if operation.Status == "Done" and pluginName:
                gMonitor.addMark("%s%s" % (pluginName, "OK"), 1)
            elif operation.Status == "Failed" and pluginName:
                gMonitor.addMark("%s%s" % (pluginName, "Fail"), 1)
            elif operation.Status in ("Waiting", "Scheduled"):
                # # no update for waiting or all files scheduled
                break

        gMonitor.flush()

        if error:
            return S_ERROR(error)

        # # request done?
        if self.request.Status == "Done":
            # # update request to the RequestDB
            self.log.info('updating request with status %s' %
                          self.request.Status)
            update = self.updateRequest()
            if not update["OK"]:
                self.log.error(update["Message"])
                return update
            self.log.info("request '%s' is done" % self.request.RequestName)
            gMonitor.addMark("RequestOK", 1)
            # # and there is a job waiting for it? finalize!
            if self.request.JobID:
                attempts = 0
                while True:
                    finalizeRequest = self.requestClient.finalizeRequest(
                        self.request.RequestID, self.request.JobID)  # pylint: disable=no-member
                    if not finalizeRequest["OK"]:
                        if not attempts:
                            self.log.error(
                                "unable to finalize request %s: %s, will retry"
                                % (self.request.RequestName,
                                   finalizeRequest["Message"]))
                        self.log.verbose("Waiting 10 seconds")
                        attempts += 1
                        if attempts == 10:
                            self.log.error(
                                "giving up finalize request after %d attempts"
                                % attempts)
                            return S_ERROR('Could not finalize request')

                        time.sleep(10)

                    else:
                        self.log.info("request '%s' is finalized%s" %
                                      (self.request.RequestName,
                                       (' after %d attempts' %
                                        attempts) if attempts else ''))
                        break

        # Request will be updated by the callBack method
        self.log.verbose("RequestTasks exiting, request %s" %
                         self.request.Status)
        return S_OK(self.request)
Example #21
0
    def __call__(self):
        """request processing"""

        self.log.debug("about to execute request")
        if not self.rmsMonitoring:
            gMonitor.addMark("RequestAtt", 1)

        # # setup proxy for request owner
        setupProxy = self.setupProxy()
        if not setupProxy["OK"]:
            userSuspended = "User is currently suspended"
            self.request.Error = setupProxy["Message"]
            # In case the user does not have proxy
            if DErrno.cmpError(setupProxy, DErrno.EPROXYFIND):
                self.log.error("Error setting proxy. Request set to Failed:",
                               setupProxy["Message"])
                # If user is no longer registered, fail the request
                for operation in self.request:
                    for opFile in operation:
                        opFile.Status = "Failed"
                    operation.Status = "Failed"
            elif userSuspended in setupProxy["Message"]:
                # If user is suspended, wait for a long time
                self.request.delayNextExecution(6 * 60)
                self.request.Error = userSuspended
                self.log.error("Error setting proxy: " + userSuspended,
                               self.request.OwnerDN)
            else:
                self.log.error("Error setting proxy", setupProxy["Message"])
            return S_OK(self.request)
        shifter = setupProxy["Value"]["Shifter"]

        error = None

        while self.request.Status == "Waiting":

            # # get waiting operation
            operation = self.request.getWaiting()
            if not operation["OK"]:
                self.log.error("Cannot get waiting operation",
                               operation["Message"])
                return operation
            operation = operation["Value"]
            self.log.info("executing operation", "%s" % operation.Type)

            # # and handler for it
            handler = self.getHandler(operation)
            if not handler["OK"]:
                self.log.error("Unable to process operation",
                               "%s: %s" % (operation.Type, handler["Message"]))
                # gMonitor.addMark( "%s%s" % ( operation.Type, "Fail" ), 1 )
                operation.Error = handler["Message"]
                break

            handler = handler["Value"]
            # # set shifters list in the handler
            handler.shifter = shifter
            # set rmsMonitoring flag for the RequestOperation
            handler.rmsMonitoring = self.rmsMonitoring
            # # and execute
            pluginName = self.getPluginName(
                self.handlersDict.get(operation.Type))
            if self.standalone:
                useServerCertificate = gConfig.useServerCertificate()
            else:
                # Always use server certificates if executed within an agent
                useServerCertificate = True
            try:
                if pluginName:
                    if self.rmsMonitoring:
                        self.rmsMonitoringReporter.addRecord({
                            "timestamp":
                            int(Time.toEpoch()),
                            "host":
                            Network.getFQDN(),
                            "objectType":
                            "Operation",
                            "operationType":
                            pluginName,
                            "objectID":
                            operation.OperationID,
                            "parentID":
                            operation.RequestID,
                            "status":
                            "Attempted",
                            "nbObject":
                            1,
                        })
                    else:
                        gMonitor.addMark("%s%s" % (pluginName, "Att"), 1)
                # Always use request owner proxy
                if useServerCertificate:
                    gConfigurationData.setOptionInCFG(
                        "/DIRAC/Security/UseServerCertificate", "false")
                exe = handler()
                if useServerCertificate:
                    gConfigurationData.setOptionInCFG(
                        "/DIRAC/Security/UseServerCertificate", "true")
                if not exe["OK"]:
                    self.log.error("unable to process operation",
                                   "%s: %s" % (operation.Type, exe["Message"]))
                    if pluginName:
                        if self.rmsMonitoring:
                            self.rmsMonitoringReporter.addRecord({
                                "timestamp":
                                int(Time.toEpoch()),
                                "host":
                                Network.getFQDN(),
                                "objectType":
                                "Operation",
                                "operationType":
                                pluginName,
                                "objectID":
                                operation.OperationID,
                                "parentID":
                                operation.RequestID,
                                "status":
                                "Failed",
                                "nbObject":
                                1,
                            })
                        else:
                            gMonitor.addMark("%s%s" % (pluginName, "Fail"), 1)
                    if self.rmsMonitoring:
                        self.rmsMonitoringReporter.addRecord({
                            "timestamp":
                            int(Time.toEpoch()),
                            "host":
                            Network.getFQDN(),
                            "objectType":
                            "Request",
                            "objectID":
                            operation.RequestID,
                            "status":
                            "Failed",
                            "nbObject":
                            1,
                        })
                    else:
                        gMonitor.addMark("RequestFail", 1)

                    if self.request.JobID:
                        # Check if the job exists
                        monitorServer = JobMonitoringClient(
                            useCertificates=True)
                        res = monitorServer.getJobSummary(
                            int(self.request.JobID))
                        if not res["OK"]:
                            self.log.error(
                                "RequestTask: Failed to get job status",
                                "%d" % self.request.JobID)
                        elif not res["Value"]:
                            self.log.warn(
                                "RequestTask: job does not exist (anymore): failed request",
                                "JobID: %d" % self.request.JobID,
                            )
                            for opFile in operation:
                                opFile.Status = "Failed"
                            if operation.Status != "Failed":
                                operation.Status = "Failed"
                            self.request.Error = "Job no longer exists"
            except Exception as e:
                error = str(e)
                self.log.exception("hit by exception:", "%s" % error)
                if pluginName:
                    if self.rmsMonitoring:
                        self.rmsMonitoringReporter.addRecord({
                            "timestamp":
                            int(Time.toEpoch()),
                            "host":
                            Network.getFQDN(),
                            "objectType":
                            "Operation",
                            "operationType":
                            pluginName,
                            "objectID":
                            operation.OperationID,
                            "parentID":
                            operation.RequestID,
                            "status":
                            "Failed",
                            "nbObject":
                            1,
                        })
                    else:
                        gMonitor.addMark("%s%s" % (pluginName, "Fail"), 1)
                if self.rmsMonitoring:
                    self.rmsMonitoringReporter.addRecord({
                        "timestamp":
                        int(Time.toEpoch()),
                        "host":
                        Network.getFQDN(),
                        "objectType":
                        "Request",
                        "objectID":
                        operation.RequestID,
                        "status":
                        "Failed",
                        "nbObject":
                        1,
                    })
                else:
                    gMonitor.addMark("RequestFail", 1)

                if useServerCertificate:
                    gConfigurationData.setOptionInCFG(
                        "/DIRAC/Security/UseServerCertificate", "true")
                break

            # # operation status check
            if operation.Status == "Done" and pluginName:
                if self.rmsMonitoring:
                    self.rmsMonitoringReporter.addRecord({
                        "timestamp":
                        int(Time.toEpoch()),
                        "host":
                        Network.getFQDN(),
                        "objectType":
                        "Operation",
                        "operationType":
                        pluginName,
                        "objectID":
                        operation.OperationID,
                        "parentID":
                        operation.RequestID,
                        "status":
                        "Successful",
                        "nbObject":
                        1,
                    })
                else:
                    gMonitor.addMark("%s%s" % (pluginName, "OK"), 1)
            elif operation.Status == "Failed" and pluginName:
                if self.rmsMonitoring:
                    self.rmsMonitoringReporter.addRecord({
                        "timestamp":
                        int(Time.toEpoch()),
                        "host":
                        Network.getFQDN(),
                        "objectType":
                        "Operation",
                        "operationType":
                        pluginName,
                        "objectID":
                        operation.OperationID,
                        "parentID":
                        operation.RequestID,
                        "status":
                        "Failed",
                        "nbObject":
                        1,
                    })
                else:
                    gMonitor.addMark("%s%s" % (pluginName, "Fail"), 1)
            elif operation.Status in ("Waiting", "Scheduled"):
                # # no update for waiting or all files scheduled
                break

        if not self.rmsMonitoring:
            gMonitor.flush()

        if error:
            return S_ERROR(error)

        # # request done?
        if self.request.Status == "Done":
            # # update request to the RequestDB
            self.log.info("Updating request status:",
                          "%s" % self.request.Status)
            update = self.updateRequest()
            if not update["OK"]:
                self.log.error("Cannot update request status",
                               update["Message"])
                return update
            self.log.info("request is done", "%s" % self.request.RequestName)
            if self.rmsMonitoring:
                self.rmsMonitoringReporter.addRecord({
                    "timestamp":
                    int(Time.toEpoch()),
                    "host":
                    Network.getFQDN(),
                    "objectType":
                    "Request",
                    "objectID":
                    getattr(self.request, "RequestID", 0),
                    "status":
                    "Successful",
                    "nbObject":
                    1,
                })
            else:
                gMonitor.addMark("RequestOK", 1)
            # # and there is a job waiting for it? finalize!
            if self.request.JobID:
                attempts = 0
                while True:
                    finalizeRequest = self.requestClient.finalizeRequest(
                        self.request.RequestID,
                        self.request.JobID  # pylint: disable=no-member
                    )
                    if not finalizeRequest["OK"]:
                        if not attempts:
                            self.log.error(
                                "unable to finalize request, will retry",
                                "ReqName %s:%s" % (self.request.RequestName,
                                                   finalizeRequest["Message"]),
                            )
                        self.log.debug("Waiting 10 seconds")
                        attempts += 1
                        if attempts == 10:
                            self.log.error("Giving up finalize request")
                            return S_ERROR("Could not finalize request")

                        time.sleep(10)

                    else:
                        self.log.info(
                            "request is finalized",
                            "ReqName %s %s" % (self.request.RequestName,
                                               (" after %d attempts" %
                                                attempts) if attempts else ""),
                        )
                        break

        # Commit all the data to the ES Backend
        if self.rmsMonitoring:
            self.rmsMonitoringReporter.commit()
        # Request will be updated by the callBack method
        self.log.verbose("RequestTasks exiting",
                         "request %s" % self.request.Status)
        return S_OK(self.request)
Example #22
0
    def __call__(self):
        """ request processing """

        self.log.debug("about to execute request")
        gMonitor.addMark("RequestAtt", 1)

        # # setup proxy for request owner
        setupProxy = self.setupProxy()
        if not setupProxy["OK"]:
            self.request.Error = setupProxy["Message"]
            if 'has no proxy registered' in setupProxy["Message"]:
                self.log.error('Request set to Failed:', setupProxy["Message"])
                # If user is no longer registered, fail the request
                for operation in self.request:
                    for opFile in operation:
                        opFile.Status = 'Failed'
                    operation.Status = 'Failed'
            else:
                self.log.error(setupProxy["Message"])
            return S_OK(self.request)
        shifter = setupProxy["Value"]["Shifter"]
        proxyFile = setupProxy["Value"]["ProxyFile"]

        error = None
        while self.request.Status == "Waiting":

            # # get waiting operation
            operation = self.request.getWaiting()
            if not operation["OK"]:
                self.log.error(operation["Message"])
                return operation
            operation = operation["Value"]
            self.log.info("executing operation #%s '%s'" %
                          (operation.Order, operation.Type))

            # # and handler for it
            handler = self.getHandler(operation)
            if not handler["OK"]:
                self.log.error("unable to process operation %s: %s" %
                               (operation.Type, handler["Message"]))
                # gMonitor.addMark( "%s%s" % ( operation.Type, "Fail" ), 1 )
                operation.Error = handler["Message"]
                break

            handler = handler["Value"]
            # # set shifters list in the handler
            handler.shifter = shifter
            # # and execute
            pluginName = self.getPluginName(
                self.handlersDict.get(operation.Type))
            if self.standalone:
                useServerCertificate = gConfig.useServerCertificate()
            else:
                # Always use server certificates if executed within an agent
                useServerCertificate = True
            try:
                if pluginName:
                    gMonitor.addMark("%s%s" % (pluginName, "Att"), 1)
                # Always use request owner proxy
                if useServerCertificate:
                    gConfigurationData.setOptionInCFG(
                        '/DIRAC/Security/UseServerCertificate', 'false')
                exe = handler()
                if useServerCertificate:
                    gConfigurationData.setOptionInCFG(
                        '/DIRAC/Security/UseServerCertificate', 'true')
                if not exe["OK"]:
                    self.log.error("unable to process operation %s: %s" %
                                   (operation.Type, exe["Message"]))
                    if pluginName:
                        gMonitor.addMark("%s%s" % (pluginName, "Fail"), 1)
                    gMonitor.addMark("RequestFail", 1)
                    if self.request.JobID:
                        # Check if the job exists
                        monitorServer = RPCClient(
                            "WorkloadManagement/JobMonitoring",
                            useCertificates=True)
                        res = monitorServer.getJobPrimarySummary(
                            int(self.request.JobID))
                        if not res["OK"]:
                            self.log.error(
                                "RequestTask: Failed to get job %d status" %
                                self.request.JobID)
                        elif not res['Value']:
                            self.log.warn(
                                "RequestTask: job %d does not exist (anymore): failed request"
                                % self.request.JobID)
                            for opFile in operation:
                                opFile.Status = 'Failed'
                            if operation.Status != 'Failed':
                                operation.Status = 'Failed'
                            self.request.Error = 'Job no longer exists'
            except Exception, error:
                self.log.exception("hit by exception: %s" % str(error))
                if pluginName:
                    gMonitor.addMark("%s%s" % (pluginName, "Fail"), 1)
                gMonitor.addMark("RequestFail", 1)
                if useServerCertificate:
                    gConfigurationData.setOptionInCFG(
                        '/DIRAC/Security/UseServerCertificate', 'true')
                break

            # # operation status check
            if operation.Status == "Done" and pluginName:
                gMonitor.addMark("%s%s" % (pluginName, "OK"), 1)
            elif operation.Status == "Failed" and pluginName:
                gMonitor.addMark("%s%s" % (pluginName, "Fail"), 1)
            elif operation.Status in ("Waiting", "Scheduled"):
                # # no update for waiting or all files scheduled
                break
Example #23
0
  def wrapped_fcn( *args, **kwargs ):

    userName = kwargs.pop( 'proxyUserName', '' )
    userDN = kwargs.pop( 'proxyUserDN', '' )
    userGroup = kwargs.pop( 'proxyUserGroup', '' )
    vomsFlag = kwargs.pop( 'proxyWithVOMS', True )
    proxyFilePath = kwargs.pop( 'proxyFilePath', False )

    if ( userName or userDN ) and userGroup:

      # Setup user proxy
      originalUserProxy = os.environ.get( 'X509_USER_PROXY' )
      if not userDN:
        result = getDNForUsername( userName )
        if not result[ 'OK' ]:
          return result
        userDN = result[ 'Value' ][0]
      vomsAttr = ''
      if vomsFlag:
        vomsAttr = getVOMSAttributeForGroup( userGroup )

      if vomsAttr:
        result = gProxyManager.downloadVOMSProxyToFile( userDN, userGroup,
                                                        requiredVOMSAttribute = vomsAttr,
                                                        filePath = proxyFilePath,
                                                        requiredTimeLeft = 3600,
                                                        cacheTime = 3600 )
      else:
        result = gProxyManager.downloadProxyToFile( userDN, userGroup,
                                                    filePath = proxyFilePath,
                                                    requiredTimeLeft = 3600,
                                                    cacheTime = 3600 )

      if not result['OK']:
        gLogger.warn( "Can't download proxy to file", result['Message'] )
        return result

      proxyFile = result['Value']
      os.environ['X509_USER_PROXY'] = proxyFile

      # Check if the caller is executing with the host certificate
      useServerCertificate = gConfig.useServerCertificate()
      if useServerCertificate:
        gConfigurationData.setOptionInCFG( '/DIRAC/Security/UseServerCertificate', 'false' )

      try:
        return fcn( *args, **kwargs )
      except Exception as lException:
        value = ','.join( [str( arg ) for arg in lException.args] )
        exceptType = lException.__class__.__name__
        return S_ERROR( "Exception - %s: %s" % ( exceptType, value ) )
      finally:
        # Restore the default host certificate usage if necessary
        if useServerCertificate:
          gConfigurationData.setOptionInCFG( '/DIRAC/Security/UseServerCertificate', 'true' )
        if originalUserProxy:
          os.environ['X509_USER_PROXY'] = originalUserProxy
        else:
          os.environ.pop( 'X509_USER_PROXY' )

    else:
      # No proxy substitution requested
      return fcn( *args, **kwargs )
Example #24
0
  def __call__( self ):
    """ request processing """

    self.log.debug( "about to execute request" )
    gMonitor.addMark( "RequestAtt", 1 )

    # # setup proxy for request owner
    setupProxy = self.setupProxy()
    if not setupProxy["OK"]:
      self.log.error( setupProxy["Message"] )
      self.request.Error = setupProxy["Message"]
      return S_ERROR( 'Change proxy error' )
    shifter = setupProxy["Value"]["Shifter"]
    proxyFile = setupProxy["Value"]["ProxyFile"]

    error = None
    while self.request.Status == "Waiting":

      # # get waiting operation
      operation = self.request.getWaiting()
      if not operation["OK"]:
        self.log.error( operation["Message"] )
        return operation
      operation = operation["Value"]
      self.log.info( "executing operation #%s '%s'" % ( operation.Order, operation.Type ) )

      # # and handler for it
      handler = self.getHandler( operation )
      if not handler["OK"]:
        self.log.error( "unable to process operation %s: %s" % ( operation.Type, handler["Message"] ) )
        # gMonitor.addMark( "%s%s" % ( operation.Type, "Fail" ), 1 )
        operation.Error = handler["Message"]
        break

      handler = handler["Value"]
      # # set shifters list in the handler
      handler.shifter = shifter
      # # and execute
      pluginName = self.getPluginName( self.handlersDict.get( operation.Type ) )
      if self.standalone:
        useServerCertificate = gConfig.useServerCertificate()
      else:
        # Always use server certificates if executed within an agent
        useServerCertificate = True
      try:
        if pluginName:
          gMonitor.addMark( "%s%s" % ( pluginName, "Att" ), 1 )
        # Always use request owner proxy
        if useServerCertificate:
          gConfigurationData.setOptionInCFG( '/DIRAC/Security/UseServerCertificate', 'false' )
        exe = handler()
        if useServerCertificate:
          gConfigurationData.setOptionInCFG( '/DIRAC/Security/UseServerCertificate', 'true' )
        if not exe["OK"]:
          self.log.error( "unable to process operation %s: %s" % ( operation.Type, exe["Message"] ) )
          if pluginName:
            gMonitor.addMark( "%s%s" % ( pluginName, "Fail" ), 1 )
          gMonitor.addMark( "RequestFail", 1 )
          if self.request.JobID:
            # Check if the job exists
            monitorServer = RPCClient( "WorkloadManagement/JobMonitoring", useCertificates = True )
            res = monitorServer.getJobPrimarySummary( int( self.request.JobID ) )
            if not res["OK"]:
              self.log.error( "RequestTask: Failed to get job %d status" % self.request.JobID )
            elif not res['Value']:
              self.log.warn( "RequestTask: job %d does not exist (anymore): failed request" % self.request.JobID )
              for opFile in operation:
                opFile.Status = 'Failed'
              if operation.Status != 'Failed':
                operation.Status = 'Failed'
              self.request.Error = 'Job no longer exists'
      except Exception, error:
        self.log.exception( "hit by exception: %s" % str( error ) )
        if pluginName:
          gMonitor.addMark( "%s%s" % ( pluginName, "Fail" ), 1 )
        gMonitor.addMark( "RequestFail", 1 )
        if useServerCertificate:
          gConfigurationData.setOptionInCFG( '/DIRAC/Security/UseServerCertificate', 'true' )
        break

      # # operation status check
      if operation.Status == "Done" and pluginName:
        gMonitor.addMark( "%s%s" % ( pluginName, "OK" ), 1 )
      elif operation.Status == "Failed" and pluginName:
        gMonitor.addMark( "%s%s" % ( pluginName, "Fail" ), 1 )
      elif operation.Status in ( "Waiting", "Scheduled" ):
        # # no update for waiting or all files scheduled
        break
Example #25
0
  def __call__(self):
    """ request processing """

    self.log.debug("about to execute request")
    gMonitor.addMark("RequestAtt", 1)

    # # setup proxy for request owner
    setupProxy = self.setupProxy()
    if not setupProxy["OK"]:
      self.request.Error = setupProxy["Message"]
      if 'has no proxy registered' in setupProxy["Message"]:
        self.log.error('Request set to Failed:', setupProxy["Message"])
        # If user is no longer registered, fail the request
        for operation in self.request:
          for opFile in operation:
            opFile.Status = 'Failed'
          operation.Status = 'Failed'
      else:
        self.log.error(setupProxy["Message"])
      return S_OK(self.request)
    shifter = setupProxy["Value"]["Shifter"]
    proxyFile = setupProxy["Value"]["ProxyFile"]

    error = None
    while self.request.Status == "Waiting":

      # # get waiting operation
      operation = self.request.getWaiting()
      if not operation["OK"]:
        self.log.error(operation["Message"])
        return operation
      operation = operation["Value"]
      self.log.info("executing operation #%s '%s'" % (operation.Order, operation.Type))

      # # and handler for it
      handler = self.getHandler(operation)
      if not handler["OK"]:
        self.log.error("unable to process operation %s: %s" % (operation.Type, handler["Message"]))
        # gMonitor.addMark( "%s%s" % ( operation.Type, "Fail" ), 1 )
        operation.Error = handler["Message"]
        break

      handler = handler["Value"]
      # # set shifters list in the handler
      handler.shifter = shifter
      # # and execute
      pluginName = self.getPluginName(self.handlersDict.get(operation.Type))
      if self.standalone:
        useServerCertificate = gConfig.useServerCertificate()
      else:
        # Always use server certificates if executed within an agent
        useServerCertificate = True
      try:
        if pluginName:
          gMonitor.addMark("%s%s" % (pluginName, "Att"), 1)
        # Always use request owner proxy
        if useServerCertificate:
          gConfigurationData.setOptionInCFG('/DIRAC/Security/UseServerCertificate', 'false')
        exe = handler()
        if useServerCertificate:
          gConfigurationData.setOptionInCFG('/DIRAC/Security/UseServerCertificate', 'true')
        if not exe["OK"]:
          self.log.error("unable to process operation %s: %s" % (operation.Type, exe["Message"]))
          if pluginName:
            gMonitor.addMark("%s%s" % (pluginName, "Fail"), 1)
          gMonitor.addMark("RequestFail", 1)
          if self.request.JobID:
            # Check if the job exists
            monitorServer = RPCClient("WorkloadManagement/JobMonitoring", useCertificates=True)
            res = monitorServer.getJobPrimarySummary(int(self.request.JobID))
            if not res["OK"]:
              self.log.error("RequestTask: Failed to get job %d status" % self.request.JobID)
            elif not res['Value']:
              self.log.warn(
                  "RequestTask: job %d does not exist (anymore): failed request" %
                  self.request.JobID)
              for opFile in operation:
                opFile.Status = 'Failed'
              if operation.Status != 'Failed':
                operation.Status = 'Failed'
              self.request.Error = 'Job no longer exists'
      except Exception as error:
        self.log.exception("hit by exception: %s" % str(error))
        if pluginName:
          gMonitor.addMark("%s%s" % (pluginName, "Fail"), 1)
        gMonitor.addMark("RequestFail", 1)
        if useServerCertificate:
          gConfigurationData.setOptionInCFG('/DIRAC/Security/UseServerCertificate', 'true')
        break

      # # operation status check
      if operation.Status == "Done" and pluginName:
        gMonitor.addMark("%s%s" % (pluginName, "OK"), 1)
      elif operation.Status == "Failed" and pluginName:
        gMonitor.addMark("%s%s" % (pluginName, "Fail"), 1)
      elif operation.Status in ("Waiting", "Scheduled"):
        # # no update for waiting or all files scheduled
        break

    gMonitor.flush()

    if error:
      return S_ERROR(error)

    # # request done?
    if self.request.Status == "Done":
      # # update request to the RequestDB
      self.log.info('updating request with status %s' % self.request.Status)
      update = self.updateRequest()
      if not update["OK"]:
        self.log.error(update["Message"])
        return update
      self.log.info("request '%s' is done" % self.request.RequestName)
      gMonitor.addMark("RequestOK", 1)
      # # and there is a job waiting for it? finalize!
      if self.request.JobID:
        attempts = 0
        while True:
          finalizeRequest = self.requestClient.finalizeRequest(
              self.request.RequestID, self.request.JobID)  # pylint: disable=no-member
          if not finalizeRequest["OK"]:
            if not attempts:
              self.log.error(
                  "unable to finalize request %s: %s, will retry" %
                  (self.request.RequestName, finalizeRequest["Message"]))
            self.log.verbose("Waiting 10 seconds")
            attempts += 1
            if attempts == 10:
              self.log.error("giving up finalize request after %d attempts" % attempts)
              return S_ERROR('Could not finalize request')

            time.sleep(10)

          else:
            self.log.info(
                "request '%s' is finalized%s" %
                (self.request.RequestName,
                 (' after %d attempts' %
                  attempts) if attempts else ''))
            break

    # Request will be updated by the callBack method
    self.log.verbose("RequestTasks exiting, request %s" % self.request.Status)
    return S_OK(self.request)
Example #26
0
  def __call__( self ):
    """ request processing """

    self.log.debug( "about to execute request" )
    gMonitor.addMark( "RequestAtt", 1 )

    # # setup proxy for request owner
    setupProxy = self.setupProxy()
    if not setupProxy["OK"]:
      self.log.error( setupProxy["Message"] )
      self.request.Error = setupProxy["Message"]
      return S_ERROR( 'Change proxy error' )
    shifter = setupProxy["Value"]["Shifter"]
    proxyFile = setupProxy["Value"]["ProxyFile"]

    error = None
    while self.request.Status == "Waiting":

      # # get waiting operation
      operation = self.request.getWaiting()
      if not operation["OK"]:
        self.log.error( operation["Message"] )
        return operation
      operation = operation["Value"]
      self.log.info( "executing operation #%s '%s'" % ( operation.Order, operation.Type ) )

      # # and handler for it
      handler = self.getHandler( operation )
      if not handler["OK"]:
        self.log.error( "unable to process operation %s: %s" % ( operation.Type, handler["Message"] ) )
        # gMonitor.addMark( "%s%s" % ( operation.Type, "Fail" ), 1 )
        operation.Error = handler["Message"]
        break

      handler = handler["Value"]
      # # set shifters list in the handler
      handler.shifter = shifter
      # # and execute
      pluginName = self.getPluginName( self.handlersDict.get( operation.Type ) )
      useServerCertificate = gConfig.useServerCertificate()
      try:
        if pluginName:
          gMonitor.addMark( "%s%s" % ( pluginName, "Att" ), 1 )
        # Always use request owner proxy
        if useServerCertificate:
          gConfigurationData.setOptionInCFG( '/DIRAC/Security/UseServerCertificate', 'false' )
        exe = handler()
        if useServerCertificate:
          gConfigurationData.setOptionInCFG( '/DIRAC/Security/UseServerCertificate', 'true' )
        if not exe["OK"]:
          self.log.error( "unable to process operation %s: %s" % ( operation.Type, exe["Message"] ) )
          if pluginName:
            gMonitor.addMark( "%s%s" % ( pluginName, "Fail" ), 1 )
          gMonitor.addMark( "RequestFail", 1 )
      except Exception, error:
        self.log.exception( "hit by exception: %s" % str( error ) )
        if pluginName:
          gMonitor.addMark( "%s%s" % ( pluginName, "Fail" ), 1 )
        gMonitor.addMark( "RequestFail", 1 )
        if useServerCertificate:
          gConfigurationData.setOptionInCFG( '/DIRAC/Security/UseServerCertificate', 'false' )
        break

      # # operation status check
      if operation.Status == "Done" and pluginName:
        gMonitor.addMark( "%s%s" % ( pluginName, "OK" ), 1 )
      elif operation.Status == "Failed" and pluginName:
        gMonitor.addMark( "%s%s" % ( pluginName, "Fail" ), 1 )
      elif operation.Status in ( "Waiting", "Scheduled" ):
        # # no update for waiting or all files scheduled
        break