def test_02_scitoken_mapping(self): core.state['condor-ce.wrote-mapfile'] = False core.skip_ok_unless_installed('condor', 'htcondor-ce') self.skip_ok_if( core.PackageVersion('condor') <= '8.9.4', 'HTCondor version does not support SciToken submission') condorce_version = core.PackageVersion('htcondor-ce') scitoken_mapping = 'SCITOKENS {issuer} {local_user}\n' # Write the mapfile to the admin mapfile directory with the regex format for the issuer # required by 'CERTIFICATE_MAPFILE_ASSUME_HASH_KEYS = True' # https://github.com/htcondor/htcondor-ce/pull/425 if condorce_version >= '5.1.0': match_str = r'/https:\/\/demo.scitokens.org,.*/' core.config[ 'condor-ce.mapfile'] = '/etc/condor-ce/mapfiles.d/01-osg-test.conf' else: match_str = '"https://demo.scitokens.org"' core.config['condor-ce.mapfile'] = '/etc/condor-ce/condor_mapfile' mapfile_contents = files.read(core.config['condor-ce.mapfile'], as_single_string=True) scitoken_mapping += mapfile_contents files.write(core.config['condor-ce.mapfile'], scitoken_mapping.format(issuer=match_str, local_user=core.options.username), owner='condor-ce', chmod=0o644) core.state['condor-ce.wrote-mapfile'] = True
def test_02_condor_ce_run_condor(self): core.skip_ok_unless_installed('htcondor-ce', 'htcondor-ce-client', 'htcondor-ce-condor', 'condor') self.skip_bad_unless(service.is_running('condor-ce'), 'ce not running') self.skip_bad_unless(service.is_running('condor'), 'condor not running') self.skip_bad_unless(core.state['jobs.env-set'], 'job environment not set') token_file = core.config['token.condor_write'] self.skip_bad_unless( core.state['proxy.valid'] or os.path.exists(token_file), 'requires a scitoken or a proxy') command = [ 'condor_ce_run', '--debug', '-r', '%s:9619' % core.get_hostname(), '/bin/env' ] if os.path.exists(token_file): # FIXME: After HTCONDOR-636 is released (targeted for HTCondor-CE 5.1.2), # we can stop setting _condor_SCITOKENS_FILE for token_var in ('_condor_SCITOKENS_FILE', 'BEARER_TOKEN_FILE'): os.environ[token_var] = token_file else: core.log_message( 'condor WRITE token not found; skipping SCITOKENS auth') if core.osg_release() == "3.6" and \ core.PackageVersion('condor') >= '9.0.0' and \ core.PackageVersion('condor') < '9.0.8': with core.no_x509(core.options.username): self.run_job_in_tmp_dir(command, 'condor_ce_run a Condor job') else: self.run_job_in_tmp_dir(command, 'condor_ce_run a Condor job')
def run_trace(self, *args): """Run condor_ce_trace along with any additional *args. If trace completes with a held job, also return output from 'condor_ce_q -held'. """ cwd = os.getcwd() os.chdir('/tmp') self.command += ['condor_ce_trace', '--debug' ] + list(args) + [core.get_hostname()] if core.osg_release() == "3.6" and \ core.PackageVersion('condor') >= '9.0.0' and \ core.PackageVersion('condor') < '9.0.8': with core.no_x509(core.options.username): trace_rc, trace_out, trace_err = core.system(self.command, user=True) else: trace_rc, trace_out, trace_err = core.system(self.command, user=True) os.chdir(cwd) if trace_rc: msg = 'condor_ce_trace failed' if trace_out.find(', was held'): msg = 'condor_ce_trace job held' _, hold_out, hold_err = core.system(('condor_ce_q', '-held')) self.fail( core.diagnose(msg, self.command, trace_rc, str(trace_out) + str(hold_out), str(trace_err) + str(hold_err))) return trace_out, trace_err
def test_01_condor_run_pbs(self): core.skip_ok_unless_installed('condor', 'blahp') core.skip_ok_unless_installed('torque-mom', 'torque-server', 'torque-scheduler', by_dependency=True) self.skip_bad_unless(core.state['jobs.env-set'], 'job environment not set') self.skip_bad_unless(service.is_running('condor'), 'condor not running') self.skip_bad_unless(service.is_running('pbs_server'), 'pbs not running') command = ('condor_run', '-u', 'grid', '-a', 'grid_resource=pbs', '-a', 'periodic_remove=JobStatus==5', '/bin/env') # Figure out whether the installed BLAHP package is the same as or later # than "blahp-1.18.11.bosco-4.osg*" (in the RPM sense), because it's the # first build in which the job environments are correctly passed to PBS. blahp_pbs_has_env_vars = core.PackageVersion( 'blahp') >= '1.18.11.bosco-4.osg' self.run_job_in_tmp_dir(command, 'condor_run a Condor job', verify_environment=blahp_pbs_has_env_vars)
def test_01_slurm_config(self): self.slurm_reqs() if core.PackageVersion('slurm') >= '19.05.2': core.config['slurm.config-dir'] = '/etc' else: core.config['slurm.config-dir'] = '/etc/slurm' core.config['slurm.config'] = os.path.join( core.config['slurm.config-dir'], 'slurm.conf') files.write(core.config['slurm.config'], SLURM_CONFIG % { 'short_hostname': SHORT_HOSTNAME, 'cluster': CLUSTER_NAME, 'ctld_log': CTLD_LOG }, owner='slurm', chmod=0o644) core.config['cgroup.config'] = os.path.join( core.config['slurm.config-dir'], 'cgroup.conf') config = SLURM_CGROUPS_CONFIG if core.el_release() == 6: config += "\nCgroupMountpoint=/cgroup" files.write(core.config['cgroup.config'], config, owner='slurm', chmod=0o644) core.config['cgroup_allowed_devices_file.conf'] = os.path.join( core.config['slurm.config-dir'], 'cgroup_allowed_devices_file.conf') files.write(core.config['cgroup_allowed_devices_file.conf'], SLURM_CGROUPS_DEVICE_CONFIG, owner='slurm', chmod=0o644)
def setUp(self): core.skip_ok_unless_installed("osg-xrootd-standalone", by_dependency=True) if core.rpm_is_installed("xcache"): self.skip_ok_if( core.PackageVersion("xcache") >= "1.0.2", "xcache 1.0.2+ configs conflict with xrootd tests")
def test_01_configure_xrootd(self): core.state['xrootd.is-configured'] = False core.config['xrootd.security'] = set() core.config['certs.xrootdcert'] = '/etc/grid-security/xrd/xrdcert.pem' core.config['certs.xrootdkey'] = '/etc/grid-security/xrd/xrdkey.pem' # rootdir and resourcename needs to be set early for the default osg-xrootd config core.config['xrootd.config'] = '/etc/xrootd/config.d/10-osg-test.cfg' core.config['xrootd.logging-config'] = '/etc/xrootd/config.d/99-logging.cfg' core.config['xrootd.service-defaults'] = '/etc/sysconfig/xrootd' core.config['xrootd.multiuser'] = False core.state['xrootd.backups-exist'] = False core.state['xrootd.had-failures'] = False core.config['xrootd.public_subdir'] = "public" core.config['xrootd.user_subdir'] = core.options.username core.config['xrootd.vo_subdir'] = voms.VONAME core.config['xrootd.authfile'] = '/etc/xrootd/Authfile' self.skip_ok_unless(core.state['user.verified'], "Test user not available") xrootd_user = pwd.getpwnam("xrootd") xrootd_config = STANDALONE_XROOTD_CFG_TEXT if core.dependency_is_installed("voms-clients"): core.config['xrootd.security'].add("GSI") if core.PackageVersion("xrootd-scitokens") >= "5": core.config['xrootd.security'].add("SCITOKENS") if voms.can_make_proxy(): core.config['xrootd.security'].add("VOMS") self.skip_ok_unless(core.config['xrootd.security'], "No xrootd security available") core.install_cert('certs.xrootdcert', 'certs.hostcert', 'xrootd', 0o644) core.install_cert('certs.xrootdkey', 'certs.hostkey', 'xrootd', 0o400) files.write(core.config['xrootd.logging-config'], XROOTD_LOGGING_CFG_TEXT, owner='xrootd', backup=True, chmod=0o644) files.write(core.config['xrootd.config'], xrootd_config, owner='xrootd', backup=True, chmod=0o644) files.write(core.config['xrootd.authfile'], AUTHFILE_TEXT, owner="xrootd", chown=(xrootd_user.pw_uid, xrootd_user.pw_gid), chmod=0o644) try: shutil.rmtree(xrootd.ROOTDIR) except FileNotFoundError: pass public_dir = f"{xrootd.ROOTDIR}/{core.config['xrootd.public_subdir']}" files.safe_makedirs(xrootd.ROOTDIR) os.chmod(xrootd.ROOTDIR, 0o755) files.safe_makedirs(public_dir) os.chmod(public_dir, 0o1777) user_dir = f"{xrootd.ROOTDIR}/{core.config['xrootd.user_subdir']}" files.safe_makedirs(user_dir) os.chmod(user_dir, 0o770) vo_dir = f"{xrootd.ROOTDIR}/{core.config['xrootd.vo_subdir']}" files.safe_makedirs(vo_dir) os.chmod(vo_dir, 0o1777) core.system(["chown", "-R", "xrootd:xrootd", xrootd.ROOTDIR]) os.chown(user_dir, core.state["user.uid"], xrootd_user.pw_gid) core.check_system(["find", xrootd.ROOTDIR, "-ls"], f"Couldn't dump contents of {xrootd.ROOTDIR}") core.state['xrootd.backups-exist'] = True core.state['xrootd.is-configured'] = True
def test_01_request_condor_write_scitoken(self): core.state['token.condor_write_created'] = False core.config['token.condor_write'] = '/tmp/condor_write.scitoken' core.skip_ok_unless_installed('htcondor-ce', 'condor') self.skip_ok_if( core.PackageVersion('condor') <= '8.9.4', 'HTCondor version does not support SciToken submission') self.skip_ok_if(os.path.exists(core.config['token.condor_write']), 'SciToken with HTCondor WRITE already exists') hostname = core.get_hostname() try: token = request_demo_scitoken('condor:/READ condor:/WRITE', audience=f'{hostname}:9619') except error.URLError as exc: self.fail( f"Failed to request token from demo.scitokens.org:\n{exc}") ids = (0, 0) if core.state['user.verified']: user = pwd.getpwnam(core.options.username) ids = (user.pw_uid, user.pw_gid) files.write(core.config['token.condor_write'], core.to_str(token), backup=False, chown=ids) core.state['token.condor_write_created'] = True
def setUp(self): core.skip_ok_unless_installed("stash-origin", "stash-cache", "stashcache-client", by_dependency=True) if core.rpm_is_installed("xcache"): self.skip_ok_if( core.PackageVersion("xcache") < "1.0.2", "needs xcache 1.0.2+")
def test_05_stashcp(self): command = ["stashcp", "-d"] if core.PackageVersion('stashcache-client') < '5.1.0-5': command.append("--cache=root://localhost") name, contents = self.testfiles[3] path = os.path.join(getcfg("OriginExport"), name) with tempfile.NamedTemporaryFile(mode="r+b") as tf: core.check_system(command + [path, tf.name], "Checking stashcp") result = tf.read() self.assertEqualVerbose(core.to_str(result), contents, "stashcp'ed file mismatch") self.assertCached(name, contents)
def test_03_configure_multiuser(self): core.skip_ok_unless_installed('xrootd-multiuser', 'globus-proxy-utils', by_dependency=True) if core.PackageVersion("xrootd-multiuser") < "1.0.0-0": xrootd_multiuser_conf = "xrootd.fslib libXrdMultiuser.so default" else: xrootd_multiuser_conf = "ofs.osslib ++ libXrdMultiuser.so\n" \ "ofs.ckslib ++ libXrdMultiuser.so" files.append(core.config['xrootd.config'], xrootd_multiuser_conf, owner='xrootd', backup=False) core.config['xrootd.multiuser'] = True
def test_02_old_xrootd_policy(self): core.skip_ok_unless_installed('xrootd-lcmaps', *self.required_rpms) self.skip_ok_if(core.PackageVersion('xrootd-lcmaps') >= '1.4.0') files.append(core.config['lcmaps.db'], '''xrootd_policy: verifyproxynokey -> banfile banfile -> banvomsfile | bad banvomsfile -> gridmapfile | bad gridmapfile -> good | vomsmapfile vomsmapfile -> good | defaultmapfile defaultmapfile -> good | bad ''', backup=False)
def test_03b_xrdcp_upload_scitoken_authenticated(self): self.skip_unless_security("SCITOKENS") xrootd_url = xroot_url(TestXrootd.user_copied_file_scitoken) command = ('xrdcp', '--force', '--debug', '2', TestXrootd.__data_path, xrootd_url) with core.no_x509(core.options.username): # TODO: Passing token contents with $BEARER_TOKEN or having the token be in /tmp/bt_u$UID is currently # broken (token is not found/not used). Using $BEARER_TOKEN_FILE or having the token be in # $X509_RUNTIME_DIR/bt_u$UID works. Bug report forthcoming. with core.environ_context({ "BEARER_TOKEN": core.state['token.xrootd_contents'], "BEARER_TOKEN_FILE": None }): message = "xrdcp upload to user dir with scitoken in BEARER_TOKEN" expected_exit = 0 if core.PackageVersion("xrootd-libs") <= "5.3.2": message += " (expected failure)" expected_exit = ERR_AUTH_FAIL core.check_system(command, message, exit=expected_exit, user=True) with core.environ_context({ "BEARER_TOKEN_FILE": core.config['token.xrootd'], "BEARER_TOKEN": None }): message = "xrdcp upload to user dir with scitoken file in BEARER_TOKEN_FILE" expected_exit = 0 core.check_system(command, message, exit=expected_exit, user=True) # TODO: Test token discovery at $X509_RUNTIME_DIR/bt_u$UID and /tmp/bt_u$UID self.assert_(os.path.exists(TestXrootd.user_copied_file_scitoken), "Uploaded file missing")
def setUp(self): if core.rpm_is_installed("xcache"): self.skip_ok_if( core.PackageVersion("xcache") >= "1.0.2", "xcache 1.0.2+ configs conflict with xrootd tests")
def test_01_configure(self): if core.PackageVersion('stash-cache') >= '1.1.0': caching_plugin_cfg_path = "/etc/xrootd/config.d/40-stash-cache-plugin.cfg" http_cfg_path = "/etc/xrootd/config.d/50-osg-http.cfg" else: caching_plugin_cfg_path = "/etc/xrootd/config.d/40-osg-caching-plugin.cfg" http_cfg_path = "/etc/xrootd/config.d/40-osg-http.cfg" for key, val in PARAMS.items(): setcfg(key, val) # Create dirs for d in [ PARAMS["OriginRootdir"], PARAMS["CacheRootdir"], os.path.join(PARAMS["OriginRootdir"], PARAMS["OriginExport"].lstrip("/")), os.path.join(PARAMS["OriginRootdir"], PARAMS["OriginAuthExport"].lstrip("/")), os.path.join(PARAMS["CacheRootdir"], PARAMS["OriginDummyExport"].lstrip("/")), os.path.dirname(CACHES_JSON_PATH) ]: files.safe_makedirs(d) core.system([ "chown", "-R", "xrootd:xrootd", PARAMS["OriginRootdir"], PARAMS["CacheRootdir"] ]) filelist = [] setcfg("filelist", filelist) # Modify filelist in-place with .append so changes get into core.config too # Delete the lines we can't override for path, regexp in [ (XROOTD_ORIGIN_CFG_PATH, "^\s*all.manager.+$"), (http_cfg_path, "^\s*xrd.protocol.+$"), (caching_plugin_cfg_path, "^\s*(ofs.osslib|pss.cachelib|pss.origin).+$"), ]: files.replace_regexpr(path, regexp, "", owner=NAMESPACE) filelist.append(path) # Write our new files for path, contents in [ (PARAMS_CFG_PATH, PARAMS_CFG_CONTENTS), (PRE_CFG_PATH, PRE_CFG_CONTENTS), (ORIGIN_AUTHFILE_PATH, ORIGIN_AUTHFILE_CONTENTS), (ORIGIN_PUBLIC_AUTHFILE_PATH, ORIGIN_PUBLIC_AUTHFILE_CONTENTS), (CACHE_AUTHFILE_PATH, CACHE_AUTHFILE_CONTENTS), (CACHE_PUBLIC_AUTHFILE_PATH, CACHE_PUBLIC_AUTHFILE_CONTENTS), (CACHES_JSON_PATH, CACHES_JSON_CONTENTS) ]: files.write(path, contents, owner=NAMESPACE, chmod=0o644) filelist.append(path) # Install certs. Normally done in the xrootd tests but they conflict with the StashCache tests # (both use the same config dir) core.config['certs.xrootdcert'] = '/etc/grid-security/xrd/xrdcert.pem' core.config['certs.xrootdkey'] = '/etc/grid-security/xrd/xrdkey.pem' core.install_cert('certs.xrootdcert', 'certs.hostcert', 'xrootd', 0o644) core.install_cert('certs.xrootdkey', 'certs.hostkey', 'xrootd', 0o400)