class LogStatusAction(BaseAction): ''' Action that registers on the database a new entry on the <element>Status table. It adds or modifies if the record exists on the table. ''' def __init__(self, name, decisionParams, enforcementResult, singlePolicyResults, clients=None): super(LogStatusAction, self).__init__(name, decisionParams, enforcementResult, singlePolicyResults, clients) if clients is not None and 'ResourceStatusClient' in clients: self.rsClient = clients['ResourceStatusClient'] else: self.rsClient = ResourceStatusClient() def run(self): ''' Checks it has the parameters it needs and tries to addOrModify in the database. ''' # Minor security checks element = self.decisionParams['element'] if element is None: return S_ERROR('element should not be None') name = self.decisionParams['name'] if name is None: return S_ERROR('name should not be None') statusType = self.decisionParams['statusType'] if statusType is None: return S_ERROR('statusType should not be None') status = self.enforcementResult['Status'] if status is None: return S_ERROR('status should not be None') elementType = self.decisionParams['elementType'] if elementType is None: return S_ERROR('elementType should not be None') reason = self.enforcementResult['Reason'] if reason is None: return S_ERROR('reason should not be None') # Truncate reason to fit in database column reason = (reason[:508] + '..') if len(reason) > 508 else reason resLogUpdate = self.rsClient.addOrModifyStatusElement(element, 'Status', name=name, statusType=statusType, status=status, elementType=elementType, reason=reason ) return resLogUpdate
class LogStatusAction(BaseAction): """ Action that registers on the database a new entry on the <element>Status table. It adds or modifies if the record exists on the table. """ def __init__(self, name, decisionParams, enforcementResult, singlePolicyResults, clients=None): super(LogStatusAction, self).__init__(name, decisionParams, enforcementResult, singlePolicyResults, clients) if clients is not None and "ResourceStatusClient" in clients: self.rsClient = clients["ResourceStatusClient"] else: self.rsClient = ResourceStatusClient() def run(self): """ Checks it has the parameters it needs and tries to addOrModify in the database. """ # Minor security checks element = self.decisionParams["element"] if element is None: return S_ERROR("element should not be None") name = self.decisionParams["name"] if name is None: return S_ERROR("name should not be None") statusType = self.decisionParams["statusType"] if statusType is None: return S_ERROR("statusType should not be None") status = self.enforcementResult["Status"] if status is None: return S_ERROR("status should not be None") elementType = self.decisionParams["elementType"] if elementType is None: return S_ERROR("elementType should not be None") reason = self.enforcementResult["Reason"] if reason is None: return S_ERROR("reason should not be None") # Truncate reason to fit in database column reason = (reason[:508] + "..") if len(reason) > 508 else reason resLogUpdate = self.rsClient.addOrModifyStatusElement( element, "Status", name=name, statusType=statusType, status=status, elementType=elementType, reason=reason ) return resLogUpdate
class TokenAgent( AgentModule ): ''' TokenAgent is in charge of checking tokens assigned on resources. Notifications are sent to those users owning expiring tokens. ''' # Rss token __rssToken = 'rs_svc' def __init__( self, *args, **kwargs ): ''' c'tor ''' AgentModule.__init__( self, *args, **kwargs ) self.notifyHours = 12 self.adminMail = '' self.rsClient = None self.tokenDict = {} self.diracAdmin = None def initialize( self ): ''' TokenAgent initialization ''' self.notifyHours = self.am_getOption( 'notifyHours', self.notifyHours ) self.adminMail = self.am_getOption( 'adminMail', self.adminMail ) self.rsClient = ResourceStatusClient() self.diracAdmin = DiracAdmin() return S_OK() def execute( self ): ''' Looks for user tokens. If they are expired, or expiring, it notifies users. ''' # Initialized here, as it is needed empty at the beginning of the execution self.tokenDict = {} elements = ( 'Site', 'Resource', 'Node' ) for element in elements: self.log.info( 'Processing %s' % element ) interestingTokens = self._getInterestingTokens( element ) if not interestingTokens[ 'OK' ]: self.log.error( interestingTokens[ 'Message' ] ) continue interestingTokens = interestingTokens[ 'Value' ] processTokens = self._processTokens( element, interestingTokens ) if not processTokens[ 'OK' ]: self.log.error( processTokens[ 'Message' ] ) continue notificationResult = self._notifyOfTokens() if not notificationResult[ 'OK' ]: self.log.error( notificationResult[ 'Message' ] ) return S_OK() def _getInterestingTokens( self, element ): ''' Given an element, picks all the entries with TokenExpiration < now + X<hours> If the TokenOwner is not the rssToken ( rs_svc ), it is selected. ''' tokenExpLimit = datetime.utcnow() + timedelta( hours = self.notifyHours ) tokenElements = self.rsClient.selectStatusElement( element, 'Status', meta = { 'older' : ( 'TokenExpiration', tokenExpLimit ) } ) if not tokenElements[ 'OK' ]: return tokenElements tokenColumns = tokenElements[ 'Columns' ] tokenElements = tokenElements[ 'Value' ] interestingTokens = [] for tokenElement in tokenElements: tokenElement = dict( zip( tokenColumns, tokenElement ) ) if tokenElement[ 'TokenOwner' ] != self.__rssToken: interestingTokens.append( tokenElement ) return S_OK( interestingTokens ) def _processTokens( self, element, tokenElements ): ''' Given an element and a list of interesting token elements, updates the database if the token is expired, logs a message and adds ''' never = datetime.max for tokenElement in tokenElements: try: name = tokenElement[ 'Name' ] statusType = tokenElement[ 'StatusType' ] status = tokenElement[ 'Status' ] tokenOwner = tokenElement[ 'TokenOwner' ] tokenExpiration = tokenElement[ 'TokenExpiration' ] except KeyError as e: return S_ERROR( e ) # If token has already expired if tokenExpiration < datetime.utcnow(): _msg = '%s with statusType "%s" and owner %s EXPIRED' self.log.info( _msg % ( name, statusType, tokenOwner ) ) result = self.rsClient.addOrModifyStatusElement( element, 'Status', name = name, statusType = statusType, tokenOwner = self.__rssToken, tokenExpiration = never ) if not result[ 'OK' ]: return result else: _msg = '%s with statusType "%s" and owner %s -> %s' self.log.info( _msg % ( name, statusType, tokenOwner, tokenExpiration ) ) if tokenOwner not in self.tokenDict: self.tokenDict[ tokenOwner ] = [] self.tokenDict[ tokenOwner ].append( [ tokenOwner, element, name, statusType, status, tokenExpiration ] ) return S_OK() def _notifyOfTokens( self ): ''' Splits interesing tokens between expired and expiring. Also splits them among users. It ends sending notifications to the users. ''' now = datetime.utcnow() adminExpired = [] adminExpiring = [] for tokenOwner, tokenLists in self.tokenDict.items(): expired = [] expiring = [] for tokenList in tokenLists: if tokenList[ 5 ] < now: expired.append( tokenList ) adminExpired.append( tokenList ) else: expiring.append( tokenList ) adminExpiring.append( tokenList ) resNotify = self._notify( tokenOwner, expired, expiring ) if not resNotify[ 'OK' ]: self.log.error( 'Failed to notify token owner', resNotify[ 'Message' ] ) if (adminExpired or adminExpiring) and self.adminMail: return self._notify(self.adminMail, adminExpired, adminExpiring) return S_OK() def _notify( self, tokenOwner, expired, expiring ): ''' Given a token owner and a list of expired and expiring tokens, sends an email to the user. ''' subject = 'RSS token summary for tokenOwner %s' % tokenOwner mail = '\nEXPIRED tokens ( RSS has taken control of them )\n' for tokenList in expired: mail += ' '.join( [ str(x) for x in tokenList ] ) mail += '\n' mail = '\nEXPIRING tokens ( RSS will take control of them )\n' for tokenList in expiring: mail += ' '.join( [ str(x) for x in tokenList ] ) mail += '\n' mail += "\n\n You can extend for another 24 hours using the web interface (Set token -> Acquire)\n" mail += " Or you can use the dirac-rss-set-token script\n\n" mail += "Through the same interfaces you can release the token any time\n" # FIXME: you can re-take control of them using this or that... resEmail = self.diracAdmin.sendMail( tokenOwner, subject, mail ) if not resEmail[ 'OK' ]: return S_ERROR( 'Cannot send email to user "%s"' % tokenOwner ) return resEmail
class TokenAgent( AgentModule ): ''' TokenAgent is in charge of checking tokens assigned on resources. Notifications are sent to those users owning expiring tokens. ''' # Hours to notify a user __notifyHours = 12 # Rss token __rssToken = 'rs_svc' # Admin mail __adminMail = None def __init__( self, *args, **kwargs ): ''' c'tor ''' AgentModule.__init__( self, *args, **kwargs ) self.notifyHours = self.__notifyHours self.adminMail = self.__adminMail self.rsClient = None self.rmClient = None self.noClient = None self.tokenDict = None self.diracAdmin = None def initialize( self ): ''' TokenAgent initialization Uses the ProductionManager shifterProxy to modify the ResourceStatus DB ''' self.am_setOption( 'shifterProxy', 'ProductionManager' ) self.notifyHours = self.am_getOption( 'notifyHours', self.notifyHours ) self.rsClient = ResourceStatusClient() self.rmClient = ResourceManagementClient() self.noClient = NotificationClient() self.diracAdmin = DiracAdmin() return S_OK() def execute( self ): ''' Looks for user tokens. If they are expired, or expiring, it notifies users. ''' # Initialized here, as it is needed empty at the beginning of the execution self.tokenDict = {} # FIXME: probably this can be obtained from RssConfiguration instead elements = ( 'Site', 'Resource', 'Node' ) for element in elements: self.log.info( 'Processing %s' % element ) interestingTokens = self._getInterestingTokens( element ) if not interestingTokens[ 'OK' ]: self.log.error( interestingTokens[ 'Message' ] ) continue interestingTokens = interestingTokens[ 'Value' ] processTokens = self._processTokens( element, interestingTokens ) if not processTokens[ 'OK' ]: self.log.error( processTokens[ 'Message' ] ) continue notificationResult = self._notifyOfTokens() if not notificationResult[ 'OK' ]: self.log.error( notificationResult[ 'Message' ] ) return S_OK() ## Protected methods ######################################################### def _getInterestingTokens( self, element ): ''' Given an element, picks all the entries with TokenExpiration < now + X<hours> If the TokenOwner is not the rssToken ( rs_svc ), it is selected. ''' tokenExpLimit = datetime.utcnow() + timedelta( hours = self.notifyHours ) tokenElements = self.rsClient.selectStatusElement( element, 'Status', meta = { 'older' : ( 'TokenExpiration', tokenExpLimit ) } ) if not tokenElements[ 'OK' ]: return tokenElements tokenColumns = tokenElements[ 'Columns' ] tokenElements = tokenElements[ 'Value' ] interestingTokens = [] for tokenElement in tokenElements: tokenElement = dict( zip( tokenColumns, tokenElement ) ) if tokenElement[ 'TokenOwner' ] != self.__rssToken: interestingTokens.append( tokenElement ) return S_OK( interestingTokens ) def _processTokens( self, element, tokenElements ): ''' Given an element and a list of interesting token elements, updates the database if the token is expired, logs a message and adds ''' never = datetime.max for tokenElement in tokenElements: try: name = tokenElement[ 'Name' ] statusType = tokenElement[ 'StatusType' ] status = tokenElement[ 'Status' ] tokenOwner = tokenElement[ 'TokenOwner' ] tokenExpiration = tokenElement[ 'TokenExpiration' ] except KeyError, e: return S_ERROR( e ) # If token has already expired if tokenExpiration < datetime.utcnow(): _msg = '%s with statusType "%s" and owner %s EXPIRED' self.log.info( _msg % ( name, statusType, tokenOwner ) ) result = self.rsClient.addOrModifyStatusElement( element, 'Status', name = name, statusType = statusType, tokenOwner = self.__rssToken, tokenExpiration = never ) if not result[ 'OK' ]: return result else: _msg = '%s with statusType "%s" and owner %s -> %s' self.log.info( _msg % ( name, statusType, tokenOwner, tokenExpiration ) ) if not tokenOwner in self.tokenDict: self.tokenDict[ tokenOwner ] = [] self.tokenDict[ tokenOwner ].append( [ tokenOwner, element, name, statusType, status, tokenExpiration ] ) return S_OK()
class TokenAgent(AgentModule): """ TokenAgent is in charge of checking tokens assigned on resources. Notifications are sent to those users owning expiring tokens. """ # Hours to notify a user __notifyHours = 12 # Rss token __rssToken = "rs_svc" # Admin mail __adminMail = None def __init__(self, *args, **kwargs): """ c'tor """ AgentModule.__init__(self, *args, **kwargs) self.notifyHours = self.__notifyHours self.adminMail = self.__adminMail self.rsClient = None self.tokenDict = None self.diracAdmin = None def initialize(self): """ TokenAgent initialization """ self.notifyHours = self.am_getOption("notifyHours", self.notifyHours) self.adminMail = self.am_getOption("adminMail", self.adminMail) self.rsClient = ResourceStatusClient() self.diracAdmin = DiracAdmin() return S_OK() def execute(self): """ Looks for user tokens. If they are expired, or expiring, it notifies users. """ # Initialized here, as it is needed empty at the beginning of the execution self.tokenDict = {} # FIXME: probably this can be obtained from RssConfiguration instead elements = ("Site", "Resource", "Node") for element in elements: self.log.info("Processing %s" % element) interestingTokens = self._getInterestingTokens(element) if not interestingTokens["OK"]: self.log.error(interestingTokens["Message"]) continue interestingTokens = interestingTokens["Value"] processTokens = self._processTokens(element, interestingTokens) if not processTokens["OK"]: self.log.error(processTokens["Message"]) continue notificationResult = self._notifyOfTokens() if not notificationResult["OK"]: self.log.error(notificationResult["Message"]) return S_OK() ## Protected methods ######################################################### def _getInterestingTokens(self, element): """ Given an element, picks all the entries with TokenExpiration < now + X<hours> If the TokenOwner is not the rssToken ( rs_svc ), it is selected. """ tokenExpLimit = datetime.utcnow() + timedelta(hours=self.notifyHours) tokenElements = self.rsClient.selectStatusElement( element, "Status", meta={"older": ("TokenExpiration", tokenExpLimit)} ) if not tokenElements["OK"]: return tokenElements tokenColumns = tokenElements["Columns"] tokenElements = tokenElements["Value"] interestingTokens = [] for tokenElement in tokenElements: tokenElement = dict(zip(tokenColumns, tokenElement)) if tokenElement["TokenOwner"] != self.__rssToken: interestingTokens.append(tokenElement) return S_OK(interestingTokens) def _processTokens(self, element, tokenElements): """ Given an element and a list of interesting token elements, updates the database if the token is expired, logs a message and adds """ never = datetime.max for tokenElement in tokenElements: try: name = tokenElement["Name"] statusType = tokenElement["StatusType"] status = tokenElement["Status"] tokenOwner = tokenElement["TokenOwner"] tokenExpiration = tokenElement["TokenExpiration"] except KeyError, e: return S_ERROR(e) # If token has already expired if tokenExpiration < datetime.utcnow(): _msg = '%s with statusType "%s" and owner %s EXPIRED' self.log.info(_msg % (name, statusType, tokenOwner)) result = self.rsClient.addOrModifyStatusElement( element, "Status", name=name, statusType=statusType, tokenOwner=self.__rssToken, tokenExpiration=never, ) if not result["OK"]: return result else: _msg = '%s with statusType "%s" and owner %s -> %s' self.log.info(_msg % (name, statusType, tokenOwner, tokenExpiration)) if not tokenOwner in self.tokenDict: self.tokenDict[tokenOwner] = [] self.tokenDict[tokenOwner].append([tokenOwner, element, name, statusType, status, tokenExpiration]) return S_OK()
class ResourceStatus( object ): """ ResourceStatus helper that connects to CS if RSS flag is not Active. It keeps the connection to the db / server as an object member, to avoid creating a new one massively. """ __metaclass__ = DIRACSingleton def __init__( self, rssFlag = None ): """ Constructor, initializes the rssClient. """ self.log = gLogger.getSubLogger( self.__class__.__name__ ) self.rssConfig = RssConfiguration() self.__opHelper = Operations() self.rssClient = ResourceStatusClient() self.rssFlag = rssFlag if rssFlag is None: self.rssFlag = self.__getMode() # We can set CacheLifetime and CacheHistory from CS, so that we can tune them. cacheLifeTime = int( self.rssConfig.getConfigCache() ) # RSSCache only affects the calls directed to RSS, if using the CS it is not used. self.rssCache = RSSCache( cacheLifeTime, self.__updateRssCache ) def getElementStatus( self, elementName, elementType, statusType = None, default = None ): """ Helper function, tries to get information from the RSS for the given Element, otherwise, it gets it from the CS. :param elementName: name of the element :type elementName: str :param elementType: type of the element (StorageElement, ComputingElement, FTS, Catalog) :type elementType: str :param statusType: type of the status (meaningful only when elementType==StorageElement) :type statusType: None, str, list :param default: defult value (meaningful only when rss is InActive) :type default: str :return: S_OK/S_ERROR :rtype: dict :Example: >>> getElementStatus('CE42', 'ComputingElement') S_OK( { 'CE42': { 'all': 'Active' } } } ) >>> getElementStatus('SE1', 'StorageElement', 'ReadAccess') S_OK( { 'SE1': { 'ReadAccess': 'Banned' } } } ) >>> getElementStatus('SE1', 'ThisIsAWrongElementType', 'ReadAccess') S_ERROR( xyz.. ) >>> getElementStatus('ThisIsAWrongName', 'StorageElement', 'WriteAccess') S_ERROR( xyz.. ) >>> getElementStatus('A_file_catalog', 'FileCatalog') S_OK( { 'A_file_catalog': { 'all': 'Active' } } } ) >>> getElementStatus('SE1', 'StorageElement', ['ReadAccess', 'WriteAccess']) S_OK( { 'SE1': { 'ReadAccess': 'Banned' , 'WriteAccess': 'Active'} } } ) >>> getElementStatus('SE1', 'StorageElement') S_OK( { 'SE1': { 'ReadAccess': 'Probing' , 'WriteAccess': 'Active', 'CheckAccess': 'Degraded', 'RemoveAccess': 'Banned'} } } ) """ allowedParameters = ["StorageElement", "ComputingElement", "FTS", "Catalog"] if elementType not in allowedParameters: return S_ERROR("%s in not in the list of the allowed parameters: %s" % (elementType, allowedParameters)) # Apply defaults if not statusType: if elementType == "StorageElement": statusType = ['ReadAccess', 'WriteAccess', 'CheckAccess', 'RemoveAccess'] elif elementType == "ComputingElement": statusType = ['all'] elif elementType == "FTS": statusType = ['all'] elif elementType == "Catalog": statusType = ['all'] if self.rssFlag: return self.__getRSSElementStatus( elementName, elementType, statusType ) else: return self.__getCSElementStatus( elementName, elementType, statusType, default ) def setElementStatus( self, elementName, elementType, statusType, status, reason = None, tokenOwner = None ): """ Tries set information in RSS and in CS. :param elementName: name of the element :type elementName: str :param elementType: type of the element (StorageElement, ComputingElement, FTS, Catalog) :type elementType: str :param statusType: type of the status (meaningful only when elementType==StorageElement) :type statusType: str :param reason: reason for setting the status :type reason: str :param tokenOwner: owner of the token (meaningful only when rss is Active) :type tokenOwner: str :return: S_OK/S_ERROR :rtype: dict :Example: >>> setElementStatus('CE42', 'ComputingElement', 'all', 'Active') S_OK( xyz.. ) >>> setElementStatus('SE1', 'StorageElement', 'ReadAccess', 'Banned') S_OK( xyz.. ) """ if self.rssFlag: return self.__setRSSElementStatus( elementName, elementType, statusType, status, reason, tokenOwner ) else: return self.__setCSElementStatus( elementName, elementType, statusType, status ) ################################################################################ def __updateRssCache( self ): """ Method used to update the rssCache. It will try 5 times to contact the RSS before giving up """ meta = { 'columns' : [ 'Name', 'ElementType', 'StatusType', 'Status' ] } for ti in range( 5 ): rawCache = self.rssClient.selectStatusElement( 'Resource', 'Status', meta = meta ) if rawCache['OK']: break self.log.warn( "Can't get resource's status", rawCache['Message'] + "; trial %d" % ti ) sleep( math.pow( ti, 2 ) ) self.rssClient = ResourceStatusClient() if not rawCache[ 'OK' ]: return rawCache return S_OK( getCacheDictFromRawData( rawCache[ 'Value' ] ) ) ################################################################################ def __getRSSElementStatus( self, elementName, elementType, statusType ): """ Gets from the cache or the RSS the Elements status. The cache is a copy of the DB table. If it is not on the cache, most likely is not going to be on the DB. There is one exception: item just added to the CS, e.g. new Element. The period between it is added to the DB and the changes are propagated to the cache will be inconsistent, but not dangerous. Just wait <cacheLifeTime> minutes. :param elementName: name of the element :type elementName: str :param elementType: type of the element (StorageElement, ComputingElement, FTS, Catalog) :type elementType: str :param statusType: type of the status (meaningful only when elementType==StorageElement, otherwise it is 'all' or ['all']) :type statusType: str, list """ cacheMatch = self.rssCache.match( elementName, elementType, statusType ) self.log.debug( '__getRSSElementStatus' ) self.log.debug( cacheMatch ) return cacheMatch def __getCSElementStatus( self, elementName, elementType, statusType, default ): """ Gets from the CS the Element status :param elementName: name of the element :type elementName: str :param elementType: type of the element (StorageElement, ComputingElement, FTS, Catalog) :type elementType: str :param statusType: type of the status (meaningful only when elementType==StorageElement) :type statusType: str, list :param default: defult value :type default: None, str """ # DIRAC doesn't store the status of ComputingElements nor FTS in the CS, so here we can just return 'Active' if elementType in ('ComputingElement', 'FTS'): return S_OK( { elementName: { 'all': 'Active'} } ) # If we are here it is because elementType is either 'StorageElement' or 'Catalog' if elementType == 'StorageElement': cs_path = "/Resources/StorageElements" elif elementType == 'Catalog': cs_path = "/Resources/FileCatalogs" statusType = ['Status'] if not isinstance( elementName, list ): elementName = [ elementName ] if not isinstance( statusType, list ): statusType = [ statusType ] result = {} for element in elementName: for sType in statusType: # Look in standard location, 'Active' by default res = gConfig.getValue( "%s/%s/%s" % ( cs_path, element, sType ), 'Active' ) result.setdefault( element, {} )[sType] = res if result: return S_OK( result ) if default is not None: defList = [ [ el, statusType, default ] for el in elementName ] return S_OK( getDictFromList( defList ) ) _msg = "Element '%s', with statusType '%s' is unknown for CS." return S_ERROR( DErrno.ERESUNK, _msg % ( elementName, statusType ) ) def __setRSSElementStatus( self, elementName, elementType, statusType, status, reason, tokenOwner ): """ Sets on the RSS the Elements status """ expiration = datetime.utcnow() + timedelta( days = 1 ) self.rssCache.acquireLock() try: res = self.rssClient.addOrModifyStatusElement( 'Resource', 'Status', name = elementName, elementType = elementType, status = status, statusType = statusType, reason = reason, tokenOwner = tokenOwner, tokenExpiration = expiration ) if res[ 'OK' ]: self.rssCache.refreshCache() if not res[ 'OK' ]: _msg = 'Error updating Element (%s,%s,%s)' % ( elementName, statusType, status ) gLogger.warn( 'RSS: %s' % _msg ) return res finally: # Release lock, no matter what. self.rssCache.releaseLock() def __setCSElementStatus( self, elementName, elementType, statusType, status ): """ Sets on the CS the Elements status """ # DIRAC doesn't store the status of ComputingElements nor FTS in the CS, so here we can just do nothing if elementType in ('ComputingElement', 'FTS'): return S_OK() # If we are here it is because elementType is either 'StorageElement' or 'Catalog' statuses = self.rssConfig.getConfigStatusType( elementType ) if statusType not in statuses: gLogger.error( "%s is not a valid statusType" % statusType ) return S_ERROR( "%s is not a valid statusType: %s" % ( statusType, statuses ) ) if elementType == 'StorageElement': cs_path = "/Resources/StorageElements" elif elementType == 'Catalog': cs_path = "/Resources/FileCatalogs" #FIXME: This a probably outdated location (new one is in /Operations/[]/Services/Catalogs) # but needs to be VO-aware statusType = 'Status' csAPI = CSAPI() csAPI.setOption( "%s/%s/%s/%s" % ( cs_path, elementName, elementType, statusType ), status ) res = csAPI.commitChanges() if not res[ 'OK' ]: gLogger.warn( 'CS: %s' % res[ 'Message' ] ) return res def __getMode( self ): """ Get's flag defined ( or not ) on the RSSConfiguration. If defined as 1, we use RSS, if not, we use CS. """ res = self.rssConfig.getConfigState() if res == 'Active': if self.rssClient is None: self.rssClient = ResourceStatusClient() return True self.rssClient = None return False def isStorageElementAlwaysBanned( self, seName, statusType ): """ Checks if the AlwaysBanned policy is applied to the SE given as parameter :param seName : string, name of the SE :param statusType : ReadAcces, WriteAccess, RemoveAccess, CheckAccess :returns: S_OK(True/False) """ res = getPoliciesThatApply( {'name' : seName, 'statusType' : statusType} ) if not res['OK']: self.log.error( "isStorageElementAlwaysBanned: unable to get the information", res['Message'] ) return res isAlwaysBanned = 'AlwaysBanned' in [policy['type'] for policy in res['Value']] return S_OK( isAlwaysBanned )
class TokenAgent(AgentModule): ''' TokenAgent is in charge of checking tokens assigned on resources. Notifications are sent to those users owning expiring tokens. ''' # Hours to notify a user __notifyHours = 12 # Rss token __rssToken = 'rs_svc' # Admin mail __adminMail = None def __init__(self, *args, **kwargs): ''' c'tor ''' AgentModule.__init__(self, *args, **kwargs) self.notifyHours = self.__notifyHours self.adminMail = self.__adminMail self.rsClient = None self.tokenDict = None self.diracAdmin = None def initialize(self): ''' TokenAgent initialization ''' self.notifyHours = self.am_getOption('notifyHours', self.notifyHours) self.adminMail = self.am_getOption('adminMail', self.adminMail) self.rsClient = ResourceStatusClient() self.diracAdmin = DiracAdmin() return S_OK() def execute(self): ''' Looks for user tokens. If they are expired, or expiring, it notifies users. ''' # Initialized here, as it is needed empty at the beginning of the execution self.tokenDict = {} # FIXME: probably this can be obtained from RssConfiguration instead elements = ('Site', 'Resource', 'Node') for element in elements: self.log.info('Processing %s' % element) interestingTokens = self._getInterestingTokens(element) if not interestingTokens['OK']: self.log.error(interestingTokens['Message']) continue interestingTokens = interestingTokens['Value'] processTokens = self._processTokens(element, interestingTokens) if not processTokens['OK']: self.log.error(processTokens['Message']) continue notificationResult = self._notifyOfTokens() if not notificationResult['OK']: self.log.error(notificationResult['Message']) return S_OK() ## Protected methods ######################################################### def _getInterestingTokens(self, element): ''' Given an element, picks all the entries with TokenExpiration < now + X<hours> If the TokenOwner is not the rssToken ( rs_svc ), it is selected. ''' tokenExpLimit = datetime.utcnow() + timedelta(hours=self.notifyHours) tokenElements = self.rsClient.selectStatusElement( element, 'Status', meta={'older': ('TokenExpiration', tokenExpLimit)}) if not tokenElements['OK']: return tokenElements tokenColumns = tokenElements['Columns'] tokenElements = tokenElements['Value'] interestingTokens = [] for tokenElement in tokenElements: tokenElement = dict(zip(tokenColumns, tokenElement)) if tokenElement['TokenOwner'] != self.__rssToken: interestingTokens.append(tokenElement) return S_OK(interestingTokens) def _processTokens(self, element, tokenElements): ''' Given an element and a list of interesting token elements, updates the database if the token is expired, logs a message and adds ''' never = datetime.max for tokenElement in tokenElements: try: name = tokenElement['Name'] statusType = tokenElement['StatusType'] status = tokenElement['Status'] tokenOwner = tokenElement['TokenOwner'] tokenExpiration = tokenElement['TokenExpiration'] except KeyError, e: return S_ERROR(e) # If token has already expired if tokenExpiration < datetime.utcnow(): _msg = '%s with statusType "%s" and owner %s EXPIRED' self.log.info(_msg % (name, statusType, tokenOwner)) result = self.rsClient.addOrModifyStatusElement( element, 'Status', name=name, statusType=statusType, tokenOwner=self.__rssToken, tokenExpiration=never) if not result['OK']: return result else: _msg = '%s with statusType "%s" and owner %s -> %s' self.log.info(_msg % (name, statusType, tokenOwner, tokenExpiration)) if not tokenOwner in self.tokenDict: self.tokenDict[tokenOwner] = [] self.tokenDict[tokenOwner].append([ tokenOwner, element, name, statusType, status, tokenExpiration ]) return S_OK()
class LogStatusAction(BaseAction): """ Action that registers on the database a new entry on the <element>Status table. It adds or modifies if the record exists on the table. """ def __init__(self, name, decisionParams, enforcementResult, singlePolicyResults, clients=None): super(LogStatusAction, self).__init__(name, decisionParams, enforcementResult, singlePolicyResults, clients) if clients is not None and "ResourceStatusClient" in clients: self.rsClient = clients["ResourceStatusClient"] else: self.rsClient = ResourceStatusClient() def run(self): """ Checks it has the parameters it needs and tries to addOrModify in the database. """ # Minor security checks element = self.decisionParams["element"] if element is None: return S_ERROR("element should not be None") name = self.decisionParams["name"] if name is None: return S_ERROR("name should not be None") statusType = self.decisionParams["statusType"] if statusType is None: return S_ERROR("statusType should not be None") status = self.enforcementResult["Status"] if status is None: return S_ERROR("status should not be None") elementType = self.decisionParams["elementType"] if elementType is None: return S_ERROR("elementType should not be None") reason = self.enforcementResult["Reason"] if reason is None: return S_ERROR("reason should not be None") vo = self.enforcementResult.get("VO") # Truncate reason to fit in database column reason = (reason[:508] + "..") if len(reason) > 508 else reason # VO = 'all' (non-VO aware policy) for a combined policy affects all VOs for a given site or resource, if vo == "all": resSelect = self.rsClient.selectStatusElement( element, "Status", name=name, statusType=None, vO=None, status=None, elementType=None, reason=None, dateEffective=None, lastCheckTime=None, tokenOwner="rs_svc", tokenExpiration=None, meta=None, ) if not resSelect["OK"]: self.log.error("Could not obtain all VO rows for element: %s" % element) return resSelect voColumnIndex = resSelect["Columns"].index("VO") for row in resSelect["Value"]: vo = row[voColumnIndex] resLogUpdate = self.rsClient.addOrModifyStatusElement( element, "Status", name=name, statusType=statusType, vO=vo, status=status, elementType=elementType, reason=reason, ) self.log.debug("Update result", resLogUpdate) else: resLogUpdate = self.rsClient.addOrModifyStatusElement( element, "Status", name=name, statusType=statusType, vO=vo, status=status, elementType=elementType, reason=reason, ) return resLogUpdate
class TokenAgent(AgentModule): """ TokenAgent is in charge of checking tokens assigned on resources. Notifications are sent to those users owning expiring tokens. """ # Rss token __rssToken = "rs_svc" def __init__(self, *args, **kwargs): """c'tor""" AgentModule.__init__(self, *args, **kwargs) self.notifyHours = 12 self.adminMail = "" self.rsClient = None self.tokenDict = {} self.diracAdmin = None def initialize(self): """TokenAgent initialization""" self.notifyHours = self.am_getOption("notifyHours", self.notifyHours) self.adminMail = self.am_getOption("adminMail", self.adminMail) self.rsClient = ResourceStatusClient() self.diracAdmin = DiracAdmin() return S_OK() def execute(self): """ Looks for user tokens. If they are expired, or expiring, it notifies users. """ # Initialized here, as it is needed empty at the beginning of the execution self.tokenDict = {} elements = ("Site", "Resource", "Node") for element in elements: self.log.info("Processing %s" % element) interestingTokens = self._getInterestingTokens(element) if not interestingTokens["OK"]: self.log.error(interestingTokens["Message"]) continue interestingTokens = interestingTokens["Value"] processTokens = self._processTokens(element, interestingTokens) if not processTokens["OK"]: self.log.error(processTokens["Message"]) continue notificationResult = self._notifyOfTokens() if not notificationResult["OK"]: self.log.error(notificationResult["Message"]) return S_OK() def _getInterestingTokens(self, element): """ Given an element, picks all the entries with TokenExpiration < now + X<hours> If the TokenOwner is not the rssToken ( rs_svc ), it is selected. """ tokenExpLimit = datetime.utcnow() + timedelta(hours=self.notifyHours) tokenElements = self.rsClient.selectStatusElement( element, "Status", meta={"older": ["TokenExpiration", tokenExpLimit]}) if not tokenElements["OK"]: return tokenElements tokenColumns = tokenElements["Columns"] tokenElements = tokenElements["Value"] interestingTokens = [] for tokenElement in tokenElements: tokenElement = dict(zip(tokenColumns, tokenElement)) if tokenElement["TokenOwner"] != self.__rssToken: interestingTokens.append(tokenElement) return S_OK(interestingTokens) def _processTokens(self, element, tokenElements): """ Given an element and a list of interesting token elements, updates the database if the token is expired, logs a message and adds """ never = datetime.max for tokenElement in tokenElements: try: name = tokenElement["Name"] statusType = tokenElement["StatusType"] status = tokenElement["Status"] tokenOwner = tokenElement["TokenOwner"] tokenExpiration = tokenElement["TokenExpiration"] except KeyError as e: return S_ERROR(e) # If token has already expired if tokenExpiration < datetime.utcnow(): _msg = '%s with statusType "%s" and owner %s EXPIRED' self.log.info(_msg % (name, statusType, tokenOwner)) result = self.rsClient.addOrModifyStatusElement( element, "Status", name=name, statusType=statusType, tokenOwner=self.__rssToken, tokenExpiration=never, ) if not result["OK"]: return result else: _msg = '%s with statusType "%s" and owner %s -> %s' self.log.info(_msg % (name, statusType, tokenOwner, tokenExpiration)) if tokenOwner not in self.tokenDict: self.tokenDict[tokenOwner] = [] self.tokenDict[tokenOwner].append([ tokenOwner, element, name, statusType, status, tokenExpiration ]) return S_OK() def _notifyOfTokens(self): """ Splits interesing tokens between expired and expiring. Also splits them among users. It ends sending notifications to the users. """ now = datetime.utcnow() adminExpired = [] adminExpiring = [] for tokenOwner, tokenLists in self.tokenDict.items(): expired = [] expiring = [] for tokenList in tokenLists: if tokenList[5] < now: expired.append(tokenList) adminExpired.append(tokenList) else: expiring.append(tokenList) adminExpiring.append(tokenList) resNotify = self._notify(tokenOwner, expired, expiring) if not resNotify["OK"]: self.log.error("Failed to notify token owner", resNotify["Message"]) if (adminExpired or adminExpiring) and self.adminMail: return self._notify(self.adminMail, adminExpired, adminExpiring) return S_OK() def _notify(self, tokenOwner, expired, expiring): """ Given a token owner and a list of expired and expiring tokens, sends an email to the user. """ subject = "RSS token summary for tokenOwner %s" % tokenOwner mail = "\nEXPIRED tokens ( RSS has taken control of them )\n" for tokenList in expired: mail += " ".join([str(x) for x in tokenList]) mail += "\n" mail = "\nEXPIRING tokens ( RSS will take control of them )\n" for tokenList in expiring: mail += " ".join([str(x) for x in tokenList]) mail += "\n" mail += "\n\n You can extend for another 24 hours using the web interface (Set token -> Acquire)\n" mail += " Or you can use the dirac-rss-set-token script\n\n" mail += "Through the same interfaces you can release the token any time\n" resEmail = self.diracAdmin.sendMail(tokenOwner, subject, mail) if not resEmail["OK"]: return S_ERROR('Cannot send email to user "%s"' % tokenOwner) return resEmail
class ResourceStatus(object): """ ResourceStatus helper that connects to CS if RSS flag is not Active. It keeps the connection to the db / server as an object member, to avoid creating a new one massively. """ __metaclass__ = DIRACSingleton def __init__(self, rssFlag=None): """ Constructor, initializes the rssClient. """ self.log = gLogger.getSubLogger(self.__class__.__name__) self.rssConfig = RssConfiguration() self.__opHelper = Operations() self.rssClient = ResourceStatusClient() self.rssFlag = rssFlag if rssFlag is None: self.rssFlag = self.__getMode() cacheLifeTime = int(self.rssConfig.getConfigCache()) # RSSCache only affects the calls directed to RSS, if using the CS it is not used. self.rssCache = RSSCache(cacheLifeTime, self.__updateRssCache) def getElementStatus(self, elementName, elementType, statusType=None, default=None): """ Helper function, tries to get information from the RSS for the given Element, otherwise, it gets it from the CS. :param elementName: name of the element or list of element names :type elementName: str, list :param elementType: type of the element (StorageElement, ComputingElement, FTS, Catalog) :type elementType: str :param statusType: type of the status (meaningful only when elementType==StorageElement) :type statusType: None, str, list :param default: defult value (meaningful only when rss is InActive) :type default: str :return: S_OK/S_ERROR :rtype: dict :Example: >>> getElementStatus('CE42', 'ComputingElement') S_OK( { 'CE42': { 'all': 'Active' } } } ) >>> getElementStatus('SE1', 'StorageElement', 'ReadAccess') S_OK( { 'SE1': { 'ReadAccess': 'Banned' } } } ) >>> getElementStatus('SE1', 'ThisIsAWrongElementType', 'ReadAccess') S_ERROR( xyz.. ) >>> getElementStatus('ThisIsAWrongName', 'StorageElement', 'WriteAccess') S_ERROR( xyz.. ) >>> getElementStatus('A_file_catalog', 'FileCatalog') S_OK( { 'A_file_catalog': { 'all': 'Active' } } } ) >>> getElementStatus('SE1', 'StorageElement', ['ReadAccess', 'WriteAccess']) S_OK( { 'SE1': { 'ReadAccess': 'Banned' , 'WriteAccess': 'Active'} } } ) >>> getElementStatus('SE1', 'StorageElement') S_OK( { 'SE1': { 'ReadAccess': 'Probing' , 'WriteAccess': 'Active', 'CheckAccess': 'Degraded', 'RemoveAccess': 'Banned'} } } ) >>> getElementStatus(['CE1', 'CE2'], 'ComputingElement') S_OK( {'CE1': {'all': 'Active'}, 'CE2': {'all': 'Probing'}}} """ allowedParameters = ["StorageElement", "ComputingElement", "FTS", "Catalog"] if elementType not in allowedParameters: return S_ERROR("%s in not in the list of the allowed parameters: %s" % (elementType, allowedParameters)) # Apply defaults if not statusType: if elementType == "StorageElement": statusType = ['ReadAccess', 'WriteAccess', 'CheckAccess', 'RemoveAccess'] elif elementType == "ComputingElement": statusType = ['all'] elif elementType == "FTS": statusType = ['all'] elif elementType == "Catalog": statusType = ['all'] if self.rssFlag: return self.__getRSSElementStatus(elementName, elementType, statusType) else: return self.__getCSElementStatus(elementName, elementType, statusType, default) def setElementStatus(self, elementName, elementType, statusType, status, reason=None, tokenOwner=None): """ Tries set information in RSS and in CS. :param elementName: name of the element :type elementName: str :param elementType: type of the element (StorageElement, ComputingElement, FTS, Catalog) :type elementType: str :param statusType: type of the status (meaningful only when elementType==StorageElement) :type statusType: str :param reason: reason for setting the status :type reason: str :param tokenOwner: owner of the token (meaningful only when rss is Active) :type tokenOwner: str :return: S_OK/S_ERROR :rtype: dict :Example: >>> setElementStatus('CE42', 'ComputingElement', 'all', 'Active') S_OK( xyz.. ) >>> setElementStatus('SE1', 'StorageElement', 'ReadAccess', 'Banned') S_OK( xyz.. ) """ if self.rssFlag: return self.__setRSSElementStatus(elementName, elementType, statusType, status, reason, tokenOwner) else: return self.__setCSElementStatus(elementName, elementType, statusType, status) ################################################################################ def __updateRssCache(self): """ Method used to update the rssCache. It will try 5 times to contact the RSS before giving up """ meta = {'columns': ['Name', 'ElementType', 'StatusType', 'Status']} for ti in range(5): rawCache = self.rssClient.selectStatusElement('Resource', 'Status', meta=meta) if rawCache['OK']: break self.log.warn("Can't get resource's status", rawCache['Message'] + "; trial %d" % ti) sleep(math.pow(ti, 2)) self.rssClient = ResourceStatusClient() if not rawCache['OK']: return rawCache return S_OK(getCacheDictFromRawData(rawCache['Value'])) ################################################################################ def __getRSSElementStatus(self, elementName, elementType, statusType): """ Gets from the cache or the RSS the Elements status. The cache is a copy of the DB table. If it is not on the cache, most likely is not going to be on the DB. There is one exception: item just added to the CS, e.g. new Element. The period between it is added to the DB and the changes are propagated to the cache will be inconsistent, but not dangerous. Just wait <cacheLifeTime> minutes. :param elementName: name of the element or list of element names :type elementName: str, list :param elementType: type of the element (StorageElement, ComputingElement, FTS, Catalog) :type elementType: str :param statusType: type of the status (meaningful only when elementType==StorageElement, otherwise it is 'all' or ['all']) :type statusType: str, list """ cacheMatch = self.rssCache.match(elementName, elementType, statusType) self.log.debug('__getRSSElementStatus') self.log.debug(cacheMatch) return cacheMatch def __getCSElementStatus(self, elementName, elementType, statusType, default): """ Gets from the CS the Element status :param elementName: name of the element :type elementName: str :param elementType: type of the element (StorageElement, ComputingElement, FTS, Catalog) :type elementType: str :param statusType: type of the status (meaningful only when elementType==StorageElement) :type statusType: str, list :param default: defult value :type default: None, str """ # DIRAC doesn't store the status of ComputingElements nor FTS in the CS, so here we can just return 'Active' if elementType in ('ComputingElement', 'FTS'): return S_OK({elementName: {'all': 'Active'}}) # If we are here it is because elementType is either 'StorageElement' or 'Catalog' if elementType == 'StorageElement': cs_path = "/Resources/StorageElements" elif elementType == 'Catalog': cs_path = "/Resources/FileCatalogs" statusType = ['Status'] if not isinstance(elementName, list): elementName = [elementName] if not isinstance(statusType, list): statusType = [statusType] result = {} for element in elementName: for sType in statusType: # Look in standard location, 'Active' by default res = gConfig.getValue("%s/%s/%s" % (cs_path, element, sType), 'Active') result.setdefault(element, {})[sType] = res if result: return S_OK(result) if default is not None: defList = [[el, statusType, default] for el in elementName] return S_OK(getDictFromList(defList)) _msg = "Element '%s', with statusType '%s' is unknown for CS." return S_ERROR(DErrno.ERESUNK, _msg % (elementName, statusType)) def __setRSSElementStatus(self, elementName, elementType, statusType, status, reason, tokenOwner): """ Sets on the RSS the Elements status """ expiration = datetime.utcnow() + timedelta(days=1) self.rssCache.acquireLock() try: res = self.rssClient.addOrModifyStatusElement('Resource', 'Status', name=elementName, elementType=elementType, status=status, statusType=statusType, reason=reason, tokenOwner=tokenOwner, tokenExpiration=expiration) if res['OK']: self.rssCache.refreshCache() if not res['OK']: _msg = 'Error updating Element (%s,%s,%s)' % (elementName, statusType, status) gLogger.warn('RSS: %s' % _msg) return res finally: # Release lock, no matter what. self.rssCache.releaseLock() def __setCSElementStatus(self, elementName, elementType, statusType, status): """ Sets on the CS the Elements status """ # DIRAC doesn't store the status of ComputingElements nor FTS in the CS, so here we can just do nothing if elementType in ('ComputingElement', 'FTS'): return S_OK() # If we are here it is because elementType is either 'StorageElement' or 'Catalog' statuses = self.rssConfig.getConfigStatusType(elementType) if statusType not in statuses: gLogger.error("%s is not a valid statusType" % statusType) return S_ERROR("%s is not a valid statusType: %s" % (statusType, statuses)) if elementType == 'StorageElement': cs_path = "/Resources/StorageElements" elif elementType == 'Catalog': cs_path = "/Resources/FileCatalogs" # FIXME: This a probably outdated location (new one is in /Operations/[]/Services/Catalogs) # but needs to be VO-aware statusType = 'Status' csAPI = CSAPI() csAPI.setOption("%s/%s/%s/%s" % (cs_path, elementName, elementType, statusType), status) res = csAPI.commitChanges() if not res['OK']: gLogger.warn('CS: %s' % res['Message']) return res def __getMode(self): """ Gets flag defined (or not) on the RSSConfiguration. If defined as 'Active', we use RSS, if not, we use the CS when possible (and WMS for Sites). """ res = self.rssConfig.getConfigState() if res == 'Active': if self.rssClient is None: self.rssClient = ResourceStatusClient() return True self.rssClient = None return False def isStorageElementAlwaysBanned(self, seName, statusType): """ Checks if the AlwaysBanned policy is applied to the SE given as parameter :param seName: string, name of the SE :param statusType: ReadAcces, WriteAccess, RemoveAccess, CheckAccess :returns: S_OK(True/False) """ res = getPoliciesThatApply({'name': seName, 'statusType': statusType}) if not res['OK']: self.log.error("isStorageElementAlwaysBanned: unable to get the information", res['Message']) return res isAlwaysBanned = 'AlwaysBanned' in [policy['type'] for policy in res['Value']] return S_OK(isAlwaysBanned)