def add_user(vo, usercert, use_voms_admin=False):
"""Add the user identified by the given cert to the specified VO. May use voms-admin or direct MySQL statements.
The CA cert that issued the user cert must already be in the database's 'ca' table - this happens automatically if
the CA cert is in /etc/grid-security/certificates when the VOMS database is created.
"""
usercert_dn, usercert_issuer = cagen.certificate_info(usercert)
if use_voms_admin:
hostname = socket.getfqdn()
command = ('voms-admin', '--vo', core.config['voms.vo'], '--host', hostname, '--nousercert', 'create-user',
usercert_dn, usercert_issuer, 'OSG Test User', 'root@localhost')
core.check_system(command, 'Add VO user')
else:
dbname = 'voms_' + vo
# Find the index in the "ca" table ("cid") for the OSG Test CA that gets created by voms_install_db.
output, _, _, = mysql.check_execute(r'''SELECT cid FROM ca WHERE ca='%(usercert_issuer)s';''' % locals(),
'Get ID of user cert issuer from database', dbname)
output = output.strip()
assert output, "User cert issuer not found in database"
ca = int(output)
mysql.check_execute(r'''
INSERT INTO `usr` VALUES (1,'%(usercert_dn)s',%(ca)d,NULL,'root@localhost',NULL);
INSERT INTO `m` VALUES (1,1,1,NULL,NULL);''' % locals(),
'Add VO user', dbname)
def test_06_add_local_admin(self):
core.skip_ok_unless_installed('voms-admin-server', 'voms-mysql-plugin')
host_dn, host_issuer = \
cagen.certificate_info(core.config['certs.hostcert'])
command = ('voms-db-deploy.py', 'add-admin',
'--vo', core.config['voms.vo'],
'--dn', host_dn, '--ca', host_issuer)
core.check_system(command, 'Add VO admin')
def advertise_lsc(vo, hostcert='/etc/grid-security/hostcert.pem'):
"""Create the VO directory and .lsc file under /etc/grid-security/vomsdir for the given VO"""
host_dn, host_issuer = cagen.certificate_info(hostcert)
hostname = socket.getfqdn()
lsc_dir = os.path.join('/etc/grid-security/vomsdir', vo)
if not os.path.isdir(lsc_dir):
os.makedirs(lsc_dir)
vo_lsc_path = os.path.join(lsc_dir, hostname + '.lsc')
files.write(vo_lsc_path, (host_dn + '\n', host_issuer + '\n'), backup=False, chmod=0o644)
def test_03_configure_ce(self):
core.skip_ok_unless_installed('condor', 'htcondor-ce', 'htcondor-ce-client')
# Set up Condor, PBS, and Slurm routes
# Leave the GRIDMAP knob in tact to verify that it works with the LCMAPS VOMS plugin
core.config['condor-ce.condor-ce-cfg'] = '/etc/condor-ce/config.d/99-osgtest.condor-ce.conf'
# Add host DN to condor_mapfile
if core.options.hostcert:
core.config['condor-ce.condorce_mapfile'] = '/etc/condor-ce/condor_mapfile.osg-test'
hostcert_dn, _ = cagen.certificate_info(core.config['certs.hostcert'])
mapfile_contents = files.read('/etc/condor-ce/condor_mapfile')
mapfile_contents.insert(0, re.sub(r'([/=\.])', r'\\\1', "GSI \"^%s$\" " % hostcert_dn) + \
"%[email protected]\n" % core.get_hostname())
files.write(core.config['condor-ce.condorce_mapfile'],
mapfile_contents,
owner='condor-ce',
chmod=0o644)
else:
core.config['condor-ce.condorce_mapfile'] = '/etc/condor-ce/condor_mapfile'
condor_contents = """GRIDMAP = /etc/grid-security/grid-mapfile
CERTIFICATE_MAPFILE = %s
ALL_DEBUG=D_FULLDEBUG
JOB_ROUTER_DEFAULTS = $(JOB_ROUTER_DEFAULTS) [set_default_maxMemory = 128;]
JOB_ROUTER_ENTRIES = \\
[ \\
GridResource = "batch pbs"; \\
TargetUniverse = 9; \\
name = "Local_PBS"; \\
Requirements = target.osgTestBatchSystem =?= "pbs"; \\
] \\
[ \\
GridResource = "batch slurm"; \\
TargetUniverse = 9; \\
name = "Local_Slurm"; \\
Requirements = target.osgTestBatchSystem =?= "slurm"; \\
] \\
[ \\
TargetUniverse = 5; \\
name = "Local_Condor"; \\
Requirements = (target.osgTestBatchSystem =!= "pbs" && target.osgTestBatchSystem =!= "slurm"); \\
]
JOB_ROUTER_SCHEDD2_SPOOL=/var/lib/condor/spool
JOB_ROUTER_SCHEDD2_NAME=$(FULL_HOSTNAME)
JOB_ROUTER_SCHEDD2_POOL=$(FULL_HOSTNAME):9618
""" % core.config['condor-ce.condorce_mapfile']
if core.rpm_is_installed('htcondor-ce-view'):
condor_contents += "\nDAEMON_LIST = $(DAEMON_LIST), CEVIEW, GANGLIAD, SCHEDD"
core.config['condor-ce.view-port'] = condor.ce_config_val('HTCONDORCE_VIEW_PORT')
files.write(core.config['condor-ce.condor-ce-cfg'],
condor_contents,
owner='condor-ce',
chmod=0o644)
def advertise_vomses(vo, hostcert='/etc/grid-security/hostcert.pem'):
"""Edit /etc/vomses to advertise the current host as the VOMS server for the given VO.
Caller is responsible for preserving and restoring /etc/vomses.
"""
host_dn, _ = cagen.certificate_info(hostcert)
hostname = core.get_hostname()
vomses_path = '/etc/vomses'
contents = ('"%s" "%s" "%d" "%s" "%s"\n' %
(vo, hostname, VOPORT, host_dn, vo))
files.write(vomses_path, contents, backup=False, chmod=0o644)
def advertise_vomses(vo, hostcert='/etc/grid-security/hostcert.pem'):
"""Edit /etc/vomses to advertise the current host as the VOMS server for the given VO.
Caller is responsible for preserving and restoring /etc/vomses.
"""
host_dn, _ = cagen.certificate_info(hostcert)
hostname = socket.getfqdn()
vomses_path = '/etc/vomses'
contents = ('"%s" "%s" "%d" "%s" "%s"\n' %
(vo, hostname, 15151, host_dn, vo))
files.write(vomses_path, contents, backup=False, chmod=0o644)
def advertise_lsc(vo, hostcert='/etc/grid-security/hostcert.pem'):
"""Create the VO directory and .lsc file under /etc/grid-security/vomsdir for the given VO"""
host_dn, host_issuer = cagen.certificate_info(hostcert)
hostname = core.get_hostname()
lsc_dir = os.path.join('/etc/grid-security/vomsdir', vo)
if not os.path.isdir(lsc_dir):
os.makedirs(lsc_dir)
vo_lsc_path = os.path.join(lsc_dir, hostname + '.lsc')
files.write(vo_lsc_path, (host_dn + '\n', host_issuer + '\n'),
backup=False,
chmod=0o644)
def test_01_add_user(self):
core.state['voms.added-user'] = False
core.skip_ok_unless_installed('voms-admin-server', 'voms-admin-client')
self.skip_bad_unless(core.state['voms.started-webapp'])
pwd_entry = pwd.getpwnam(core.options.username)
cert_path = os.path.join(pwd_entry.pw_dir, '.globus', 'usercert.pem')
user_cert_dn, user_cert_issuer = cagen.certificate_info(cert_path)
hostname = socket.getfqdn()
command = ('voms-admin', '--vo', core.config['voms.vo'], '--host', hostname, '--nousercert', 'create-user',
user_cert_dn, user_cert_issuer, 'OSG Test User', 'root@localhost')
core.check_system(command, 'Add VO user')
core.state['voms.added-user'] = True
def test_04_add_mysql_admin(self):
core.skip_ok_unless_installed('gums-service')
host_dn, _ = cagen.certificate_info(core.config['certs.hostcert'])
mysql_template_path = '/usr/lib/gums/sql/addAdmin.mysql'
self.assert_(os.path.exists(mysql_template_path),
'GUMS MySQL template exists')
mysql_template = files.read(mysql_template_path,
as_single_string=True).strip()
core.log_message(mysql_template)
mysql_command = re.sub(r'@ADMINDN@', host_dn, mysql_template)
core.log_message(mysql_command)
command = ('mysql', '--user=gums', '-p' + core.config['gums.password'],
'--execute=' + mysql_command)
core.check_system(command, 'Could not add GUMS MySQL admin')
def add_user(vo, usercert):
"""Add the user identified by the given cert to the specified VO. Uses direct MySQL statements instead of voms-admin.
The CA cert that issued the user cert must already be in the database's 'ca' table - this happens automatically if
the CA cert is in /etc/grid-security/certificates when the VOMS database is created.
"""
usercert_dn, usercert_issuer = cagen.certificate_info(usercert)
dbname = 'voms_' + vo
# Find the index in the "ca" table ("cid") for the OSG Test CA that gets created by voms_install_db.
output, _, _, = mysql.check_execute(
r'''SELECT cid FROM ca WHERE ca='%(usercert_issuer)s';''' % locals(),
'Get ID of user cert issuer from database', dbname)
output = output.strip()
assert output, "User cert issuer not found in database"
ca = int(output)
mysql.check_execute(
r'''
INSERT INTO `usr` VALUES (1,'%(usercert_dn)s',%(ca)d,NULL,'root@localhost',NULL);
INSERT INTO `m` VALUES (1,1,1,NULL,NULL);''' % locals(), 'Add VO user',
dbname)
def test_02_edg_mkgridmap(self):
core.skip_ok_unless_installed('edg-mkgridmap', 'voms-server')
command = ('edg-mkgridmap', '--conf', core.config['edg.conf'])
os.environ['GRIDMAP'] = '/usr/share/osg-test/grid-mapfile'
os.environ['USER_VO_MAP'] = '/usr/share/osg-test/user-vo-map'
os.environ['EDG_MKGRIDMAP_LOG'] = \
'/usr/share/osg-test/edg-mkgridmap.log'
os.environ['VO_LIST_FILE'] = '/usr/share/osg-test/vo-list-file'
os.environ['UNDEFINED_ACCTS_FILE'] = '/usr/share/osg-test/undef-ids'
core.check_system(command, 'Run edg-mkgridmap')
core.system(('cat', os.environ['GRIDMAP']))
core.system(('cat', os.environ['EDG_MKGRIDMAP_LOG']))
pwd_entry = pwd.getpwnam(core.options.username)
cert_path = os.path.join(pwd_entry.pw_dir, '.globus', 'usercert.pem')
user_cert_dn, _ = cagen.certificate_info(cert_path)
expected = '"%s" %s' % (user_cert_dn, core.options.username)
contents = files.read(os.environ['GRIDMAP'], True)
self.assert_(expected in contents, 'Expected grid-mapfile contents')
def test_02_user(self):
core.state['system.wrote_mapfile'] = False
if core.options.skiptests:
core.skip('no user needed')
return
try:
password_entry = pwd.getpwnam(core.options.username)
except KeyError as e:
self.fail("User '%s' should exist but does not" % core.options.username)
self.assert_(password_entry.pw_dir != '/', "User '%s' has home directory at '/'" % (core.options.username))
self.assert_(os.path.isdir(password_entry.pw_dir),
"User '%s' missing a home directory at '%s'" % (core.options.username, password_entry.pw_dir))
cert_path = os.path.join(password_entry.pw_dir, '.globus', 'usercert.pem')
core.config['user.cert_subject'], core.config['user.cert_issuer'] = certificate_info(cert_path)
# Add user to mapfile
files.append(core.config['system.mapfile'], '"%s" %s\n' %
(core.config['user.cert_subject'], password_entry.pw_name),
owner='user')
core.state['system.wrote_mapfile'] = True
os.chmod(core.config['system.mapfile'], 0o644)
def test_003_setup_grid_mapfile(self):
core.skip_ok_unless_installed('rsv')
# Register the cert in the gridmap file
cert_subject = cagen.certificate_info(core.config['rsv.certfile'])[0]
files.append(core.config['system.mapfile'], '"%s" rsv\n' % (cert_subject), owner='rsv')
def test_003_setup_grid_mapfile(self):
core.skip_ok_unless_installed('rsv')
# Register the cert in the gridmap file
cert_subject = cagen.certificate_info(core.config['rsv.certfile'])[0]
files.append(core.config['system.mapfile'], '"%s" rsv\n' % (cert_subject), owner='rsv')
class TestUser(osgunittest.OSGTestCase):
def test_01_add_user(self):
core.state['general.user_added'] = False
core.state['general.user_cert_created'] = False
# Bail out if this step is not needed
if not core.options.adduser:
core.skip('not requested')
return
try:
pwd.getpwnam(core.options.username)
except KeyError:
pass # expected
else:
core.skip('user exists')
return
# Add
home_dir = core.config['user.home']
if not os.path.isdir(home_dir):
os.mkdir(home_dir)
# SSH requires that the user have a password - even if password
# auth is disabled. Set a random password for the vdttest user
password = encrypted_password(random_string(16))
command = ('useradd', '--base-dir', home_dir, '--password', password,
'--shell', '/bin/sh', core.options.username)
core.check_system(command, 'Add user %s' % core.options.username)
core.state['general.user_added'] = True
# Set up directories
user = pwd.getpwnam(core.options.username)
os.chown(user.pw_dir, user.pw_uid, user.pw_gid)
os.chmod(user.pw_dir, 0755)
# Set up certificate
globus_dir = os.path.join(user.pw_dir, '.globus')
user_cert = os.path.join(globus_dir, 'usercert.pem')
test_ca = CA.load(core.config['certs.test-ca'])
if not os.path.exists(user_cert):
test_ca.usercert(core.options.username, core.options.password)
core.state['general.user_cert_created'] = True
def test_02_user(self):
core.state['system.wrote_mapfile'] = False
if core.options.skiptests:
core.skip('no user needed')
return
try:
password_entry = pwd.getpwnam(core.options.username)
except KeyError, e:
self.fail("User '%s' should exist but does not" %
core.options.username)
self.assert_(
password_entry.pw_dir != '/',
"User '%s' has home directory at '/'" % (core.options.username))
self.assert_(
os.path.isdir(password_entry.pw_dir),
"User '%s' missing a home directory at '%s'" %
(core.options.username, password_entry.pw_dir))
cert_path = os.path.join(password_entry.pw_dir, '.globus',
'usercert.pem')
core.config['user.cert_subject'], core.config[
'user.cert_issuer'] = certificate_info(cert_path)
# Add user to mapfile
files.append(
core.config['system.mapfile'],
'"%s" %s\n' %
(core.config['user.cert_subject'], password_entry.pw_name),
owner='user')
core.state['system.wrote_mapfile'] = True
os.chmod(core.config['system.mapfile'], 0644)
