def test_01_configure_xrootd(self):
core.state['xrootd.is-configured'] = False
core.config['xrootd.security'] = set()
core.config['certs.xrootdcert'] = '/etc/grid-security/xrd/xrdcert.pem'
core.config['certs.xrootdkey'] = '/etc/grid-security/xrd/xrdkey.pem'
# rootdir and resourcename needs to be set early for the default osg-xrootd config
core.config['xrootd.config'] = '/etc/xrootd/config.d/10-osg-test.cfg'
core.config['xrootd.logging-config'] = '/etc/xrootd/config.d/99-logging.cfg'
core.config['xrootd.service-defaults'] = '/etc/sysconfig/xrootd'
core.config['xrootd.multiuser'] = False
core.state['xrootd.backups-exist'] = False
core.state['xrootd.had-failures'] = False
core.config['xrootd.public_subdir'] = "public"
core.config['xrootd.user_subdir'] = core.options.username
core.config['xrootd.vo_subdir'] = voms.VONAME
core.config['xrootd.authfile'] = '/etc/xrootd/Authfile'
self.skip_ok_unless(core.state['user.verified'], "Test user not available")
xrootd_user = pwd.getpwnam("xrootd")
xrootd_config = STANDALONE_XROOTD_CFG_TEXT
if core.dependency_is_installed("voms-clients"):
core.config['xrootd.security'].add("GSI")
if core.PackageVersion("xrootd-scitokens") >= "5":
core.config['xrootd.security'].add("SCITOKENS")
if voms.can_make_proxy():
core.config['xrootd.security'].add("VOMS")
self.skip_ok_unless(core.config['xrootd.security'], "No xrootd security available")
core.install_cert('certs.xrootdcert', 'certs.hostcert', 'xrootd', 0o644)
core.install_cert('certs.xrootdkey', 'certs.hostkey', 'xrootd', 0o400)
files.write(core.config['xrootd.logging-config'], XROOTD_LOGGING_CFG_TEXT, owner='xrootd', backup=True, chmod=0o644)
files.write(core.config['xrootd.config'], xrootd_config, owner='xrootd', backup=True, chmod=0o644)
files.write(core.config['xrootd.authfile'], AUTHFILE_TEXT, owner="xrootd", chown=(xrootd_user.pw_uid, xrootd_user.pw_gid), chmod=0o644)
try:
shutil.rmtree(xrootd.ROOTDIR)
except FileNotFoundError:
pass
public_dir = f"{xrootd.ROOTDIR}/{core.config['xrootd.public_subdir']}"
files.safe_makedirs(xrootd.ROOTDIR)
os.chmod(xrootd.ROOTDIR, 0o755)
files.safe_makedirs(public_dir)
os.chmod(public_dir, 0o1777)
user_dir = f"{xrootd.ROOTDIR}/{core.config['xrootd.user_subdir']}"
files.safe_makedirs(user_dir)
os.chmod(user_dir, 0o770)
vo_dir = f"{xrootd.ROOTDIR}/{core.config['xrootd.vo_subdir']}"
files.safe_makedirs(vo_dir)
os.chmod(vo_dir, 0o1777)
core.system(["chown", "-R", "xrootd:xrootd", xrootd.ROOTDIR])
os.chown(user_dir, core.state["user.uid"], xrootd_user.pw_gid)
core.check_system(["find", xrootd.ROOTDIR, "-ls"], f"Couldn't dump contents of {xrootd.ROOTDIR}")
core.state['xrootd.backups-exist'] = True
core.state['xrootd.is-configured'] = True
def test_08_install_http_certs(self):
core.skip_ok_unless_installed('gratia-service')
httpcert = core.config['certs.httpcert']
httpkey = core.config['certs.httpkey']
self.skip_ok_if(core.check_file_and_perms(httpcert, 'tomcat', 0o644) and
core.check_file_and_perms(httpkey, 'tomcat', 0o400),
'HTTP cert exists and has proper permissions')
core.install_cert('certs.httpcert', 'certs.hostcert', 'tomcat', 0o644)
core.install_cert('certs.httpkey', 'certs.hostkey', 'tomcat', 0o400)
def test_02_install_voms_certs(self):
voms.skip_ok_unless_installed()
vomscert = core.config['certs.vomscert']
vomskey = core.config['certs.vomskey']
self.skip_ok_if(core.check_file_and_perms(vomscert, 'voms', 0o644) and
core.check_file_and_perms(vomskey, 'voms', 0o400),
'VOMS cert exists and has proper permissions')
core.install_cert('certs.vomscert', 'certs.hostcert', 'voms', 0o644)
core.install_cert('certs.vomskey', 'certs.hostkey', 'voms', 0o400)
def test_03_install_http_certs(self):
core.skip_ok_unless_installed('voms-admin-server')
httpcert = core.config['certs.httpcert']
httpkey = core.config['certs.httpkey']
self.skip_ok_if(core.check_file_and_perms(httpcert, 'tomcat', 0o644) and
core.check_file_and_perms(httpkey, 'tomcat', 0o400),
'HTTP cert exists and has proper permissions')
core.install_cert('certs.httpcert', 'certs.hostcert', 'tomcat', 0o644)
core.install_cert('certs.httpkey', 'certs.hostkey', 'tomcat', 0o400)
def test_02_install_voms_certs(self):
voms.skip_ok_unless_installed()
vomscert = core.config['certs.vomscert']
vomskey = core.config['certs.vomskey']
self.skip_ok_if(core.check_file_and_perms(vomscert, 'voms', 0o644) and
core.check_file_and_perms(vomskey, 'voms', 0o400),
'VOMS cert exists and has proper permissions')
core.install_cert('certs.vomscert', 'certs.hostcert', 'voms', 0o644)
core.install_cert('certs.vomskey', 'certs.hostkey', 'voms', 0o400)
def test_02_install_myproxy_certs(self):
core.skip_ok_unless_installed('myproxy-server')
myproxycert = core.config['certs.myproxycert']
myproxykey = core.config['certs.myproxykey']
self.skip_ok_if(core.check_file_and_perms(myproxycert, 'myproxy', 0644) and
core.check_file_and_perms(myproxykey, 'myproxy', 0400),
'myproxy cert exists and has proper permissions')
core.install_cert('certs.myproxycert', 'certs.hostcert', 'myproxy', 0644)
core.install_cert('certs.myproxykey', 'certs.hostkey', 'myproxy', 0400)
def test_02_install_myproxy_certs(self):
core.skip_ok_unless_installed('myproxy-server')
myproxycert = core.config['certs.myproxycert']
myproxykey = core.config['certs.myproxykey']
self.skip_ok_if(core.check_file_and_perms(myproxycert, 'myproxy', 0o644) and
core.check_file_and_perms(myproxykey, 'myproxy', 0o400),
'myproxy cert exists and has proper permissions')
core.install_cert('certs.myproxycert', 'certs.hostcert', 'myproxy', 0o644)
core.install_cert('certs.myproxykey', 'certs.hostkey', 'myproxy', 0o400)
def test_02_install_http_certs(self):
core.skip_ok_unless_installed('osg-info-services')
core.skip_ok_unless_one_installed(*self.possible_rpms)
httpcert = core.config['certs.httpcert']
httpkey = core.config['certs.httpkey']
self.skip_ok_if(core.check_file_and_perms(httpcert, 'tomcat', 0644) and
core.check_file_and_perms(httpkey, 'tomcat', 0400),
'HTTP cert exists and has proper permissions')
core.install_cert('certs.httpcert', 'certs.hostcert', 'tomcat', 0644)
core.install_cert('certs.httpkey', 'certs.hostkey', 'tomcat', 0400)
def test_02_install_voms_certs(self):
voms.skip_ok_unless_server_is_installed()
# ^^ we use the host cert, not the voms cert for voms-proxy-direct
vomscert = core.config['certs.vomscert']
vomskey = core.config['certs.vomskey']
self.skip_ok_if(core.check_file_and_perms(vomscert, 'voms', 0o644) and
core.check_file_and_perms(vomskey, 'voms', 0o400),
'VOMS cert exists and has proper permissions')
core.install_cert('certs.vomscert', 'certs.hostcert', 'voms', 0o644)
core.install_cert('certs.vomskey', 'certs.hostkey', 'voms', 0o400)
def test_02_install_bestman_certs(self):
core.skip_ok_unless_installed('bestman2-server', 'bestman2-client',
'gums-service')
if os.path.exists(core.config['certs.bestmancert']) and os.path.exists(
core.config['certs.bestmankey']):
return
core.install_cert('certs.bestmancert', 'certs.hostcert', 'bestman',
0o644)
core.install_cert('certs.bestmankey', 'certs.hostkey', 'bestman',
0o400)
def test_01_start_xrootd(self):
core.config['xrootd.pid-file'] = '/var/run/xrootd/xrootd-default.pid'
core.config['certs.xrootdcert'] = '/etc/grid-security/xrd/xrdcert.pem'
core.config['certs.xrootdkey'] = '/etc/grid-security/xrd/xrdkey.pem'
core.config['xrootd.config'] = '/etc/xrootd/xrootd-clustered.cfg'
core.config['xrootd.gsi'] = "ON"
core.state['xrootd.started-server'] = False
core.state['xrootd.backups-exist'] = False
self.skip_ok_unless(core.options.adduser, 'user not created')
core.skip_ok_unless_installed('xrootd', by_dependency=True)
user = pwd.getpwnam("xrootd")
if core.config['xrootd.gsi'] == "ON":
core.skip_ok_unless_installed('globus-proxy-utils')
core.install_cert('certs.xrootdcert', 'certs.hostcert', 'xrootd',
0o644)
core.install_cert('certs.xrootdkey', 'certs.hostkey', 'xrootd',
0o400)
lcmaps_packages = ('lcmaps', 'lcmaps-db-templates',
'xrootd-lcmaps', 'vo-client',
'vo-client-lcmaps-voms')
if all([core.rpm_is_installed(x) for x in lcmaps_packages]):
core.log_message("Using xrootd-lcmaps authentication")
sec_protocol = '-authzfun:libXrdLcmaps.so -authzfunparms:--loglevel,5'
if core.package_version_compare('xrootd-lcmaps', '1.4.0') >= 0:
sec_protocol += ',--policy,authorize_only'
else:
core.log_message("Using XRootD mapfile authentication")
sec_protocol = '-gridmap:/etc/grid-security/xrd/xrdmapfile'
files.write("/etc/grid-security/xrd/xrdmapfile",
"\"%s\" vdttest" %
core.config['user.cert_subject'],
owner="xrootd",
chown=(user.pw_uid, user.pw_gid))
files.append(core.config['xrootd.config'],
XROOTD_CFG_TEXT % sec_protocol,
owner='xrootd',
backup=True)
authfile = '/etc/xrootd/auth_file'
files.write(authfile,
AUTHFILE_TEXT,
owner="xrootd",
chown=(user.pw_uid, user.pw_gid))
core.state['xrootd.backups-exist'] = True
def test_01_configure_xrootd(self):
core.config['xrootd.pid-file'] = '/var/run/xrootd/xrootd-default.pid'
core.config['certs.xrootdcert'] = '/etc/grid-security/xrd/xrdcert.pem'
core.config['certs.xrootdkey'] = '/etc/grid-security/xrd/xrdkey.pem'
if core.rpm_is_installed('osg-xrootd-standalone'):
# rootdir and resourcename needs to be set early for the default osg-xrootd config
core.config['xrootd.config'] = '/etc/xrootd/config.d/10-osg-test.cfg'
else:
core.config['xrootd.config'] = '/etc/xrootd/config.d/99-osg-test.cfg'
core.config['xrootd.service-defaults'] = '/etc/sysconfig/xrootd'
core.config['xrootd.multiuser'] = False
core.state['xrootd.started-server'] = False
core.state['xrootd.backups-exist'] = False
self.skip_ok_unless(core.options.adduser, 'user not created')
core.skip_ok_unless_installed('xrootd', 'globus-proxy-utils', by_dependency=True)
user = pwd.getpwnam("xrootd")
core.install_cert('certs.xrootdcert', 'certs.hostcert', 'xrootd', 0o644)
core.install_cert('certs.xrootdkey', 'certs.hostkey', 'xrootd', 0o400)
if core.rpm_is_installed('osg-xrootd-standalone'):
core.log_message("Using osg-xrootd configuration")
xrootd_config = META_XROOTD_CFG_TEXT
else:
lcmaps_packages = ('lcmaps', 'lcmaps-db-templates', 'xrootd-lcmaps', 'vo-client', 'vo-client-lcmaps-voms')
if all([core.rpm_is_installed(x) for x in lcmaps_packages]):
core.log_message("Using xrootd-lcmaps authentication")
sec_protocol = '-authzfun:libXrdLcmaps.so -authzfunparms:loglevel=5,policy=authorize_only'
else:
core.log_message("Using XRootD mapfile authentication")
sec_protocol = '-gridmap:/etc/grid-security/xrd/xrdmapfile'
files.write("/etc/grid-security/xrd/xrdmapfile", "\"%s\" vdttest" % core.config['user.cert_subject'],
owner="xrootd",
chown=(user.pw_uid, user.pw_gid))
xrootd_config = XROOTD_CFG_TEXT % sec_protocol
files.write(core.config['xrootd.config'], xrootd_config, owner='xrootd', backup=True, chmod=0o644)
if core.el_release() < 7:
files.write(core.config['xrootd.service-defaults'], SYSCONFIG_TEXT,
owner="xrootd", chown=(user.pw_uid, user.pw_gid), chmod=0o644)
authfile = '/etc/xrootd/auth_file'
files.write(authfile, AUTHFILE_TEXT, owner="xrootd", chown=(user.pw_uid, user.pw_gid))
core.state['xrootd.backups-exist'] = True
def test_01_start_xrootd(self):
core.config['xrootd.pid-file'] = '/var/run/xrootd/xrootd-default.pid'
core.config['certs.xrootdcert'] = '/etc/grid-security/xrd/xrdcert.pem'
core.config['certs.xrootdkey'] = '/etc/grid-security/xrd/xrdkey.pem'
core.config['xrootd.gsi'] = "ON"
core.state['xrootd.started-server'] = False
core.state['xrootd.backups-exist'] = False
self.skip_ok_unless(core.options.adduser, 'user not created')
vdt_pw = pwd.getpwnam(core.options.username)
core.config['certs.usercert'] = os.path.join(vdt_pw.pw_dir, '.globus', 'usercert.pem')
core.skip_ok_unless_installed('xrootd', by_dependency=True)
# Determine xrootd package name
if core.rpm_is_installed('xrootd4'):
core.config['xrootd.package'] = 'xrootd4'
elif core.rpm_is_installed('xrootd'):
core.config['xrootd.package'] = 'xrootd'
user = pwd.getpwnam("xrootd")
if core.config['xrootd.gsi'] == "ON":
core.skip_ok_unless_installed('globus-proxy-utils')
core.install_cert('certs.xrootdcert', 'certs.hostcert', 'xrootd', 0644)
core.install_cert('certs.xrootdkey', 'certs.hostkey', 'xrootd', 0400)
cfgfile = '/etc/xrootd/xrootd-clustered.cfg'
files.append(cfgfile, XROOTD_CFG_TEXT, owner='xrootd', backup=True)
authfile = '/etc/xrootd/auth_file'
files.write(authfile, AUTHFILE_TEXT, owner="xrootd", chown=(user.pw_uid, user.pw_gid))
files.write("/etc/grid-security/xrd/xrdmapfile", "\"%s\" vdttest" % core.config['user.cert_subject'],
owner="xrootd",
chown=(user.pw_uid, user.pw_gid))
core.state['xrootd.backups-exist'] = True
if core.el_release() < 7:
stdout, _, fail = core.check_system(('service', 'xrootd', 'start'), 'Start Xrootd server')
self.assert_('FAILED' not in stdout, fail)
self.assert_(os.path.exists(core.config['xrootd.pid-file']), 'Xrootd server PID file missing')
else:
core.check_system(('systemctl', 'start', 'xrootd@clustered'), 'Start Xrootd server')
core.check_system(('systemctl', 'status', 'xrootd@clustered'), 'Verify status of Xrootd server')
core.state['xrootd.started-server'] = True
def test_01_start_xrootd(self):
core.config['xrootd.pid-file'] = '/var/run/xrootd/xrootd-default.pid'
core.config['certs.xrootdcert'] = '/etc/grid-security/xrd/xrdcert.pem'
core.config['certs.xrootdkey'] = '/etc/grid-security/xrd/xrdkey.pem'
core.config['xrootd.config'] = '/etc/xrootd/xrootd-clustered.cfg'
core.config['xrootd.config-extra'] = '/etc/xrootd/config.d/99-osg-test.cfg'
core.config['xrootd.port'] = XROOTD_PORT
core.config['xrootd.multiuser'] = False
core.state['xrootd.started-server'] = False
core.state['xrootd.backups-exist'] = False
self.skip_ok_unless(core.options.adduser, 'user not created')
core.skip_ok_unless_installed('xrootd', by_dependency=True)
user = pwd.getpwnam("xrootd")
core.skip_ok_unless_installed('globus-proxy-utils')
core.install_cert('certs.xrootdcert', 'certs.hostcert', 'xrootd', 0o644)
core.install_cert('certs.xrootdkey', 'certs.hostkey', 'xrootd', 0o400)
lcmaps_packages = ('lcmaps', 'lcmaps-db-templates', 'xrootd-lcmaps', 'vo-client', 'vo-client-lcmaps-voms')
if all([core.rpm_is_installed(x) for x in lcmaps_packages]):
core.log_message("Using xrootd-lcmaps authentication")
sec_protocol = '-authzfun:libXrdLcmaps.so -authzfunparms:--loglevel,5'
if core.PackageVersion('xrootd-lcmaps') >= '1.4.0':
sec_protocol += ',--policy,authorize_only'
else:
core.log_message("Using XRootD mapfile authentication")
sec_protocol = '-gridmap:/etc/grid-security/xrd/xrdmapfile'
files.write("/etc/grid-security/xrd/xrdmapfile", "\"%s\" vdttest" % core.config['user.cert_subject'],
owner="xrootd",
chown=(user.pw_uid, user.pw_gid))
if core.PackageVersion('xrootd') < '1:4.9.0':
files.append(core.config['xrootd.config'],
XROOTD_CFG_TEXT % (sec_protocol, core.config['xrootd.port']),
owner='xrootd', backup=True)
else:
files.write(core.config['xrootd.config-extra'],
XROOTD_CFG_TEXT % (sec_protocol, core.config['xrootd.port']),
owner='xrootd', backup=True, chmod=0o644)
authfile = '/etc/xrootd/auth_file'
files.write(authfile, AUTHFILE_TEXT, owner="xrootd", chown=(user.pw_uid, user.pw_gid))
core.state['xrootd.backups-exist'] = True
def test_02_install_bestman_certs(self):
core.skip_ok_unless_installed('bestman2-server', 'bestman2-client')
if os.path.exists(core.config['certs.bestmancert']) and os.path.exists(core.config['certs.bestmankey']):
return
core.install_cert('certs.bestmancert', 'certs.hostcert', 'bestman', 0644)
core.install_cert('certs.bestmankey', 'certs.hostkey', 'bestman', 0400)
def test_01_configure(self):
if core.PackageVersion('stash-cache') >= '1.1.0':
caching_plugin_cfg_path = "/etc/xrootd/config.d/40-stash-cache-plugin.cfg"
http_cfg_path = "/etc/xrootd/config.d/50-osg-http.cfg"
else:
caching_plugin_cfg_path = "/etc/xrootd/config.d/40-osg-caching-plugin.cfg"
http_cfg_path = "/etc/xrootd/config.d/40-osg-http.cfg"
for key, val in PARAMS.items():
setcfg(key, val)
# Create dirs
for d in [
PARAMS["OriginRootdir"], PARAMS["CacheRootdir"],
os.path.join(PARAMS["OriginRootdir"],
PARAMS["OriginExport"].lstrip("/")),
os.path.join(PARAMS["OriginRootdir"],
PARAMS["OriginAuthExport"].lstrip("/")),
os.path.join(PARAMS["CacheRootdir"],
PARAMS["OriginDummyExport"].lstrip("/")),
os.path.dirname(CACHES_JSON_PATH)
]:
files.safe_makedirs(d)
core.system([
"chown", "-R", "xrootd:xrootd", PARAMS["OriginRootdir"],
PARAMS["CacheRootdir"]
])
filelist = []
setcfg("filelist", filelist)
# Modify filelist in-place with .append so changes get into core.config too
# Delete the lines we can't override
for path, regexp in [
(XROOTD_ORIGIN_CFG_PATH, "^\s*all.manager.+$"),
(http_cfg_path, "^\s*xrd.protocol.+$"),
(caching_plugin_cfg_path,
"^\s*(ofs.osslib|pss.cachelib|pss.origin).+$"),
]:
files.replace_regexpr(path, regexp, "", owner=NAMESPACE)
filelist.append(path)
# Write our new files
for path, contents in [
(PARAMS_CFG_PATH, PARAMS_CFG_CONTENTS),
(PRE_CFG_PATH, PRE_CFG_CONTENTS),
(ORIGIN_AUTHFILE_PATH, ORIGIN_AUTHFILE_CONTENTS),
(ORIGIN_PUBLIC_AUTHFILE_PATH, ORIGIN_PUBLIC_AUTHFILE_CONTENTS),
(CACHE_AUTHFILE_PATH, CACHE_AUTHFILE_CONTENTS),
(CACHE_PUBLIC_AUTHFILE_PATH, CACHE_PUBLIC_AUTHFILE_CONTENTS),
(CACHES_JSON_PATH, CACHES_JSON_CONTENTS)
]:
files.write(path, contents, owner=NAMESPACE, chmod=0o644)
filelist.append(path)
# Install certs. Normally done in the xrootd tests but they conflict with the StashCache tests
# (both use the same config dir)
core.config['certs.xrootdcert'] = '/etc/grid-security/xrd/xrdcert.pem'
core.config['certs.xrootdkey'] = '/etc/grid-security/xrd/xrdkey.pem'
core.install_cert('certs.xrootdcert', 'certs.hostcert', 'xrootd',
0o644)
core.install_cert('certs.xrootdkey', 'certs.hostkey', 'xrootd', 0o400)