def delete_ps_directories(self,dirs):
""" Delete the contents of directories with privilege separation in effect."""
for type in dirs.keys():
if type not in ["client logs", "client proxies",]:
common.remove_dir_path(dirs[type])
continue
#-- Factory create requires client logs/proxies directories be empty
#-- when privspep is in effect
condor_sbin = "%s/sbin" % self.wms.condor_location()
condor_bin = "%s/bin" % self.wms.condor_location()
condorExe.set_path(condor_bin,condor_sbin)
parent_dir = dirs[type]
subdirs = os.listdir(parent_dir)
for base_dir in subdirs:
if os.path.isdir("%s/%s" % (parent_dir,base_dir)):
try:
condorPrivsep.rmtree(parent_dir,base_dir)
except Exception,e:
common.logerr("""Encountered a problem in executing condor_root_switchboard
to remove this client's sub-directories:
%(dir)s
%(error)s
Check your /etc/condor/privsep.conf file to verify.
You may need to configure/install your WMS Collector to resolve or correct
the ini file for the %(type)s attribute. Be careful now.
""" % { "dir" : parent_dir,
"type" : type,
"error" : e, } )
common.logit("Files in %s deleted" % parent_dir)
def local_config_dir(self):
if self.install_type() == "tarball":
return "%s/%s" % (self.condor_location(),"config.d")
elif self.install_type() == "rpm":
return "/etc/condor/config.d"
else:
common.logerr("Invalid install_type option in ini file.")
def certificates_exist(self):
""" Returns true if certificates already exist.
This is determined by loooking for *.r0 and *.0 files in the
directory.
"""
ca_files = glob.glob(os.path.join(self.x509_cert_dir(), '*.0'))
crl_files = glob.glob(os.path.join(self.x509_cert_dir(), '*.r0'))
if len(ca_files) > 0:
if len(crl_files) > 0:
return True
common.logerr("""The %(option)s directory contains CA (*.0) files but
no CRL (*.r0) files. This is not a satifactory condition.
Suggest you check this out before proceeding:
%(dir)s""" % \
{ "option" : self.option,
"dir" : self.x509_cert_dir(),})
#-- checking for other files to insure we are in the correct directory
files = glob.glob(os.path.join(self.x509_cert_dir(), '*'))
if len(files) > 0:
common.logerr("""CA Certificates (%(option)s) files (*.0) do not exist in
certificates directory BUT some other files do exist. This does not make sense.
Suggest you check this out before proceeding:
%(dir)s""" % \
{ "option" : self.option,
"dir" : self.x509_cert_dir(),})
#-- looks good.. we can proceed with an install
return False
def get_config_entries_data(self):
common.logit("\nCollecting configuration file data. It will be question/answer time.")
os.environ["PATH"] = "%s/bin:%s" %(self.wms.condor_location(),os.environ["PATH"])
os.environ["CONDOR_CONFIG"] = self.wms.condor_config()
common.logit("Using %s" % (os.environ["CONDOR_CONFIG"]))
self.config_entries_list = {} # config files entries elements
while 1:
yn = common.ask_yn("Do you want to fetch entries from RESS")
if yn == 'y':
ress_data = self.get_ress_data()
filtered_data = self.apply_filters_to_ress(ress_data)
self.ask_user(filtered_data)
## - tmp/permanent removal of BDII query as too may results occur 12/14/10 -
## yn = common.ask_yn("Do you want to fetch entries from BDII")
## if yn == 'y':
## bdii_data = self.get_bdii_data()
## filtered_data = self.apply_filters_to_bdii(bdii_data)
## self.ask_user(filtered_data)
yn = common.ask_yn("Do you want to add manual entries")
if yn == 'y':
self.additional_entry_points()
if len(self.config_entries_list) > 0:
break
common.logerr("You have no entry points. You need at least 1. Check your ini file's entry_vos and entry_filters attributes..")
common.logit("Configuration file questioning complete.\n")
def condor_mapfile(self):
if self.install_type() == "tarball":
return "%s/certs/condor_mapfile" % self.condor_location()
elif self.install_type() == "rpm" :
return "%s/certs/condor_mapfile" % self.condor_config_dir()
else:
common.logerr("Invalid install_type option in ini file.")
def get_python_filter(self,filter):
obj = None
try:
if len(filter) > 0:
obj=compile(filter,"<string>","eval")
except Exception, e:
common.logerr("Syntax error in filters")
def install(self):
""" Installs the VDT CA package if X509 CA certiificates do not already
exist.
"""
common.logit("\nVerifying CA Certificates installation")
if self.certificates_exist():
common.logit("... CA Certificates (%(option)s) exist: %(dir)s" % \
{ "option" : self.option,
"dir" : self.x509_cert_dir()})
return
common.ask_continue("""... CA Certificates (%(option)s) not found:
%(dir)s
This script is checking for the presence of CA (*.0) and CRL (*.r0) files.
Is it OK to install it in this location""" % \
{ "option" : self.option,
"dir" : self.x509_cert_dir(),})
if common.not_writeable(os.path.dirname(self.x509_cert_dir())):
common.logerr("""You do not have permissions to write in the directory specified
by the %(option)s: %(dir)s""" % \
{ "option" : self.option,
"dir" : self.x509_cert_dir(),})
common.logit(""" CA certificates install starting. The packages that will be installed are:
%(package)s""" % { "package" : self.package,})
self.install_vdt_package(self.package)
common.logit("... retrieving certificates")
common.run_script("source %(vdt_location)s/setup.sh; %(vdt_location)s/vdt/bin/vdt-ca-manage setupca --location %(dir)s --url osg" % \
{ "vdt_location" : self.vdt_location(),
"dir" : os.path.dirname(self.x509_cert_dir())})
self.create_crontab()
if self.certificates_exist():
common.logit("... certificate installation looks good")
common.logit("\nCA certificates install complete\n")
common.ask_continue("Continue installation")
def syntax_check(self):
""" Checks for some syntax errors in ini config file. """
for section in self.sections():
for option in self.options(section):
value = self.option_value(section,option)
if "\n" in value:
line = string.split(value,"\n")
common.logerr("Section [%s]: this line starts with whitespace ( %s)\n Please remove the leading space or comment (;) the line." % (section,line[1]))
def condor_config_privsep_data(self):
if self.privilege_separation() == "n":
return # no privilege separation in effect
if self.privsep == None:
common.logerr("""System error: privilege separation is in effect but there
the PrivilegeSeparation class has not been instantiated""")
type = "00_gwms_general"
self.condor_config_data[type] += self.privsep.condor_config_data()
def collector_port(self):
option = "collector_port"
if not self.has_option(self.ini_section,option):
return int(9618)
value = self.option_value(self.ini_section,option)
if common.not_an_integer(value):
common.logerr("%s option is not a number: %s" % (option,value))
return int(value)
def verify_no_conflicts(self):
self.get_usercollector()
if self.hostname() <> self.usercollector.hostname():
return # -- no problem, on separate nodes --
if self.collector_port() == self.usercollector.collector_port():
common.logerr("The WMS collector and User collector are being installed \non the same node. They both are trying to use the same port: %s." % self.collector_port())
if int(self.collector_port()) in self.usercollector.secondary_collector_ports():
common.logerr("The WMS collector and User collector are being installed \non the same node. The WMS collector port (%s) conflicts with one of the\nsecondary User collector ports that will be assigned: %s." % (self.collector_port(),self.usercollector.secondary_collector_ports()))
def validate_before_condor_install(self):
common.logit("Privilege separation validation starting")
if os.getuid() != 0:
common.logerr("You must install as root user to use privilege separation.")
self.validate_frontends()
self.validate_users()
self.validate_client_files()
common.logit("Privilege separation validation complete\n")
def secondary_collectors(self):
option = "number_of_secondary_collectors"
if not self.has_option(self.ini_section,option):
return int(0)
value = self.option_value(self.ini_section,option)
if common.not_an_integer(value):
common.logerr("%s option is not a number: %s" % (option,value))
return int(value)
def remove(self):
if not os.path.isfile(self.config_file()):
return
if os.getuid() != 0:
common.logit("\nA privilege separation config file exists but you are not root user\n so we cannot remove it at this time.")
yn = common.ask_yn("Do you want to proceed")
if yn == "n":
common.logerr("Terminating at your request")
def verify_python_module(self,module):
msg = "... validating %s: " % module
if common.module_exists(module):
msg += "available"
common.logit(msg)
else:
common.logit(msg)
common.logerr("This python module is required and not available.")
def validate_condor_installation(self):
file = "%s/condor.sh" % self.condor_location()
if not os.path.isfile(file):
common.logerr(
"""Condor does not appear to be installed. Cannot locate:
%s"""
% file
)
def passed_python_filter(self,filter_obj,site):
if filter_obj is None: # no filters
return True
try:
if eval(filter_obj,site):
return True
except Exception, e:
common.logerr("Problem applying filters - %s" % e)
def number_of_schedds(self):
option = "number_of_schedds"
if self.daemon_list.find("SCHEDD") > 0:
if not self.has_option(self.ini_section,option):
return int(1)
value = self.option_value(self.ini_section,option)
if common.not_an_integer(value):
common.logerr("%s option is not a number: %s" % (option,value))
return int(value)
def validate_section(self,section,valid_option_list):
if not self.has_section(section):
common.logerr("Section (%s) does not exist in ini file (%s)" % (section,self.inifile))
errors = []
for option in valid_option_list:
if self.has_option(section,option):
continue
errors.append(option)
if len(errors) > 0:
common.logerr("These options are not defined in the %s section of the ini file: %s" % (section,errors))
def validate_client_proxy_dir(self):
common.logit("... validating client_proxy_dir: %s" % self.client_proxy_dir())
if self.wms.privilege_separation() == "y":
#-- done in WMS collector install if privilege separation is used --
if not os.path.isdir(self.client_proxy_dir()):
common.logerr("""Privilege separation is in effect. This should have been
created by the WMS Collector installation or you did not start the service
or you changed the ini file and did not reinstall that service.""")
else:
common.make_directory(self.client_proxy_dir(),self.username(),0755)
def stop_condor(self):
if self.client_only_install == True:
common.logerr( "This is a client only install. Nothing to stop.")
if self.install_type() == 'rpm':
common.run_script("service condor stop")
else:
if os.path.isfile(self.initd_script()):
common.logit( "... stopping condor as user %s" % self.username())
common.run_script("%s stop" % self.initd_script())
common.run_script("sleep 2")
def __validate_schedd_shared_port__(self):
if self.daemon_list.find("SCHEDD") < 0:
common.logit("... no SCHEDD daemon")
return # no schedd deamons
if self.schedd_shared_port() == 0:
common.logit("... validating schedd_shared_port: %s" % "not used")
return
common.logit("... validating schedd_shared_port: %s" % self.schedd_shared_port())
if self.condor_version < "7.5.3":
common.logerr("the schedd_shared_port option can only be used in Condor 7.5.3+")
self.__validate_port_value__(self.schedd_shared_port(),"schedd_shared_port")
def schedd_shared_port(self):
""" Returns the shared port number if specified, else zero."""
option = "schedd_shared_port"
if not self.has_option(self.ini_section,option):
return int(0)
value = self.option_value(self.ini_section,option)
if len(value) == 0:
return int(0)
if common.not_an_integer(value):
common.logerr("%s option is not a number: %s" % (option,value))
return int(value)
def set_javascriptrrd_dir(self,filename):
msg = "... validating javascriptrrd_location for %s: " % filename
fullpath = common.find_fullpath(self.javascriptrrd_location(), filename)
if fullpath == None:
common.logit(msg)
common.logerr("""%s not found in %s path
Did you install the correct javascriptrrd rpm?
""" % (filename,self.javascriptrrd_location()))
dir = os.path.dirname(fullpath)
msg +="available"
common.logit(msg)
return dir
def __validate_secondary_collectors__(self):
if self.daemon_list.find("COLLECTOR") < 0:
common.logit("... no secondary collectors")
return # no collector daemon
common.logit("... validating number_of_secondary_collectors: %s" % self.secondary_collectors())
nbr = self.secondary_collectors()
min = 0
max = 399
if nbr < min:
common.logerr("nbr of secondary collectors is negative: %s" % (nbr))
if nbr > max:
common.logerr("nbr of secondary collectors exceeds maximum allowed value: %s" % (nbr))
def __validate_schedds__(self):
if self.daemon_list.find("SCHEDD") < 0:
common.logit("... no schedds")
return # no schedd daemon
common.logit("... validating number_of_schedds: %s" % self.number_of_schedds())
nbr = self.number_of_schedds()
min = 1
max = 99
if nbr < min:
common.logerr("You must have at least 1 schedd")
if nbr > max:
common.logerr("Number of schedds exceeds maximum allowed value: %s" % (nbr))
def restart_condor(self):
if self.client_only_install == True:
common.logerr( "This is a client only install. Nothing to restart.")
if self.install_type() == 'rpm':
common.run_script("service condor restart")
else:
if os.path.isfile(self.initd_script()):
common.logit( "... restarting condor as user %s" % self.username())
common.run_script("%s restart" % self.initd_script())
else:
common.logerr("Condor startup script does not exist: " % self.initd_script())
common.run_script("sleep 10")
def validate_use_vofrontend_proxy(self):
option = self.use_vofrontend_proxy()
common.logit("... validating use_vofrontend_proxy: %s" % option)
if option not in ("y",):
common.logerr("use_vofrontend_proxy must be 'y'. This option will be depreated fully in V3.")
if option == "y": # using vofrontend
if len(self.x509_proxy()) > 0 or \
len(self.x509_gsi_dn()) > 0:
common.logerr("""You have said you want to use the Frontend proxies only.
The x509_proxy and x509_gsi_dn option must be empty.""")
else: # use factory proxy if no vofrontend proxy provided
self.validate_factory_proxy()
def create_crontab(self):
""" Using the vdt-control script, enable and activate the crontab entries.
"""
common.logit("... creating crontab entries using vdt-control script")
#-- if not root, VDT requires a special arg to enable or activate a service
if os.getuid() == 0:
non_root_arg = ""
else:
non_root_arg = " --non-root"
for service in self.vdt_services:
common.logit("\n...... %(service)s" % { "service" :service,})
common.run_script(". %(vdt_location)s/setup.sh;vdt-control %(non_root_arg)s --enable %(service)s;vdt-control %(non_root_arg)s --on %(service)s" % \
{ "vdt_location" : self.vdt_location(),
"non_root_arg" : non_root_arg,
"service" : service,} )
common.logit("\nvdt-control --list")
cmd = ". %(vdt_location)s/setup.sh;vdt-control --list" % \
{ "vdt_location" : self.vdt_location(),}
stdout = glideinwms.lib.subprocessSupport.iexe_cmd(cmd,useShell=True)
common.logit(stdout)
#-- show the cron entries added - extract the lines put in cron
common.logit("\n... %(user)s crontab entries:" % \
{ "user" : pwd.getpwuid(os.getuid())[0],})
services_file = "%(vdt_location)s/vdt/services/state" % \
{ "vdt_location" : self.vdt_location(),}
try:
fd = open(services_file,'r')
lines = fd.readlines()
except:
common.logerr("Unable to read VDT services file: %(services_file)s" %
{ "services_file" : services_file,})
fd.close()
fetch_crl_script = None
for line in lines:
els = line.split("\t")
if (els[1] != 'cron'):
continue # not a cron line
if els[0] in self.vdt_services:
common.logit(" %(cron_time)s %(cron_process)s" % \
{ "cron_time" : els[4],
"cron_process" : els[5].rstrip(),})
if els[0] == "fetch-crl":
fetch_crl_script = els[5].rstrip()
common.ask_continue("""\n... the glidein services require that CRL files (*.r0) be present
in the certificates directory. Is it OK to run the script now?""")
if fetch_crl_script == None:
common.logerr("We have a problem. There does not appear to be a cron entry for the CRL retrieval")
common.run_script(fetch_crl_script)
common.logit("")
def clean_directories(self):
""" This method attempts to clean up all directories so a fresh install
can be accomplished successfully.
It is consoldiated in a single check so as to only ask once and
not for each directory.
When privilege separation is in effect, the condor_root_switchboard
must be used to clean out the client log and proxy files
as the owners are different and permissions problems will occur.
"""
instance_dir = "glidein_%(instance)s" % \
{ "instance" : self.glidein.instance_name(), }
dirs = {}
dirs["logs"] = os.path.join(self.logs_dir(),instance_dir)
dirs["install"] = os.path.join(self.install_location(),instance_dir)
# dirs["config"] = self.config_dir()
for frontend in self.wms.frontend_users().keys():
dirs["client logs"] = self.client_log_dir()
dirs["client proxies"] = self.client_proxy_dir()
for subdir in ["monitor","stage"]:
dirs["web %s" % subdir] = os.path.join(self.glidein.web_location(),subdir,instance_dir)
#--- check them --
dirs = self.verify_directories_empty(dirs)
#--- if all are empty, return
if len(dirs) == 0:
time.sleep(3)
return # all directories are empty
#--- See if we can remove them ---
common.logit("""The following directories must be empty for the install to succeed: """)
types = dirs.keys()
types.sort()
for type in types:
common.logit(""" %(type)s: %(dir)s""" % \
{ "type" : type, "dir" : dirs[type] })
common.ask_continue("... can we remove their contents")
if self.wms.privilege_separation() == "y":
self.delete_ps_directories(dirs)
else:
self.delete_nps_directories(dirs)
#--- double check them --
dirs = self.verify_directories_empty(dirs)
if len(dirs) > 0:
common.logerr("""We seem to have had a problems deleting the contents of these directories:
%s """ % dirs)
time.sleep(3)
return # all directories are empty
