Exemplo n.º 1
0
    def test_04_start_condorce(self):
        if core.el_release() >= 7:
            core.config[
                'condor-ce.lockfile'] = '/var/lock/condor-ce/htcondor-ceLock'
        else:
            core.config['condor-ce.lockfile'] = '/var/lock/subsys/condor-ce'
        core.state['condor-ce.started-service'] = False
        core.state['condor-ce.schedd-ready'] = False

        core.skip_ok_unless_installed('condor', 'htcondor-ce',
                                      'htcondor-ce-client')
        core.config['condor-ce.collectorlog'] = condor.ce_config_val(
            'COLLECTOR_LOG')

        if service.is_running('condor-ce'):
            core.state['condor-ce.schedd-ready'] = True
            self.skip_ok('already running')

        stat = core.get_stat(core.config['condor-ce.collectorlog'])

        service.check_start('condor-ce', timeout=20)

        if condor.wait_for_daemon(core.config['condor-ce.collectorlog'], stat,
                                  'Schedd', 300.0):
            core.state['condor-ce.schedd-ready'] = True
Exemplo n.º 2
0
    def test_02_reconfigure_condor(self):
        core.skip_ok_unless_installed('condor', 'htcondor-ce', 'htcondor-ce-client')
        self.skip_bad_unless(core.state['condor.running-service'], 'Condor not running')

        # Ensure that the Condor master is available for reconfig
        self.failUnless(condor.wait_for_daemon(core.config['condor.collectorlog'],
                                               core.config['condor.collectorlog_stat'],
                                               'Master',
                                               300.0),
                        'Condor Master not available for reconfig')

        command = ('condor_reconfig', '-debug')
        core.check_system(command, 'Reconfigure Condor')
        self.assert_(service.is_running('condor', timeout=10), 'Condor not running after reconfig')
Exemplo n.º 3
0
    def test_04_start_condorce(self):
        if core.el_release() >= 7:
            core.config['condor-ce.lockfile'] = '/var/lock/condor-ce/htcondor-ceLock'
        else:
            core.config['condor-ce.lockfile'] = '/var/lock/subsys/condor-ce'
        core.state['condor-ce.started-service'] = False
        core.state['condor-ce.schedd-ready'] = False

        core.skip_ok_unless_installed('condor', 'htcondor-ce', 'htcondor-ce-client')
        core.config['condor-ce.collectorlog'] = condor.ce_config_val('COLLECTOR_LOG')

        if service.is_running('condor-ce'):
            core.state['condor-ce.schedd-ready'] = True
            self.skip_ok('already running')

        service.check_start('condor-ce')

        stat = core.get_stat(core.config['condor-ce.collectorlog'])
        if condor.wait_for_daemon(core.config['condor-ce.collectorlog'], stat, 'Schedd', 300.0):
            core.state['condor-ce.schedd-ready'] = True
Exemplo n.º 4
0
    def test_07_ping_with_gums(self):
        core.state['condor-ce.gums-auth'] = False
        self.general_requirements()
        core.skip_ok_unless_installed('gums-service')

        # Setting up GUMS auth using the instructions here:
        # https://opensciencegrid.github.io/docs/compute-element/install-htcondor-ce/#authentication-with-gums
        hostname = core.get_hostname()

        lcmaps_contents = '''gumsclient = "lcmaps_gums_client.mod"
             "-resourcetype ce"
             "-actiontype execute-now"
             "-capath /etc/grid-security/certificates"
             "-cert   /etc/grid-security/hostcert.pem"
             "-key    /etc/grid-security/hostkey.pem"
             "--cert-owner root"
# Change this URL to your GUMS server
             "--endpoint https://%s:8443/gums/services/GUMSXACMLAuthorizationServicePort"

verifyproxy = "lcmaps_verify_proxy.mod"
          "--allow-limited-proxy"
          " -certdir /etc/grid-security/certificates"

# lcmaps policies require at least two modules, so these are here to
#   fill in if only one module is needed.  "good | bad" has no effect.
good        = "lcmaps_dummy_good.mod"
bad         = "lcmaps_dummy_bad.mod"

authorize_only:
## Policy 1: GUMS but not SAZ (most common, default)
gumsclient -> good | bad
''' % hostname

        gums_properties_contents = '''gums.location=https://%s:8443/gums/services/GUMSAdmin
gums.authz=https://%s:8443/gums/services/GUMSXACMLAuthorizationServicePort
''' % (hostname, hostname)

        core.config['condor-ce.lcmapsdb'] = '/etc/lcmaps.db'
        core.config['condor-ce.gums-properties'] = '/etc/gums/gums-client.properties'
        core.config['condor-ce.gsi-authz'] = '/etc/grid-security/gsi-authz.conf'

        files.write(core.config['condor-ce.lcmapsdb'], lcmaps_contents, owner='condor-ce.gums')
        files.write(core.config['condor-ce.gums-properties'], gums_properties_contents, owner='condor-ce')
        files.replace(core.config['condor-ce.gsi-authz'],
                      '# globus_mapping liblcas_lcmaps_gt4_mapping.so lcmaps_callout',
                      'globus_mapping liblcas_lcmaps_gt4_mapping.so lcmaps_callout',
                      owner='condor-ce')
        try:
            core.state['condor-ce.gums-auth'] = True

            service.check_stop('condor-ce')

            stat = core.get_stat(core.config['condor-ce.collectorlog'])

            service.check_start('condor-ce')
            # Wait for the schedd to come back up
            self.failUnless(condor.wait_for_daemon(core.config['condor-ce.collectorlog'], stat, 'Schedd', 300.0),
                            'Schedd failed to restart within the 1 min window')
            command = ('condor_ce_ping', 'WRITE', '-verbose')
            stdout, _, _ = core.check_system(command, 'ping using GSI and gridmap', user=True)
            self.assert_(re.search(r'Authorized:\s*TRUE', stdout), 'could not authorize with GSI')

        finally:
            files.restore(core.config['condor-ce.lcmapsdb'], 'condor-ce.gums')
            files.restore(core.config['condor-ce.gsi-authz'], 'condor-ce')
            files.restore(core.config['condor-ce.gums-properties'], 'condor-ce')
Exemplo n.º 5
0
    def test_07_ping_with_gums(self):
        core.state['condor-ce.gums-auth'] = False
        self.general_requirements()
        core.skip_ok_unless_installed('gums-service')

        # Setting up GUMS auth using the instructions here:
        # https://opensciencegrid.github.io/docs/compute-element/install-htcondor-ce/#authentication-with-gums
        hostname = core.get_hostname()

        lcmaps_contents = '''gumsclient = "lcmaps_gums_client.mod"
             "-resourcetype ce"
             "-actiontype execute-now"
             "-capath /etc/grid-security/certificates"
             "-cert   /etc/grid-security/hostcert.pem"
             "-key    /etc/grid-security/hostkey.pem"
             "--cert-owner root"
# Change this URL to your GUMS server
             "--endpoint https://%s:8443/gums/services/GUMSXACMLAuthorizationServicePort"

verifyproxy = "lcmaps_verify_proxy.mod"
          "--allow-limited-proxy"
          " -certdir /etc/grid-security/certificates"

# lcmaps policies require at least two modules, so these are here to
#   fill in if only one module is needed.  "good | bad" has no effect.
good        = "lcmaps_dummy_good.mod"
bad         = "lcmaps_dummy_bad.mod"

authorize_only:
## Policy 1: GUMS but not SAZ (most common, default)
gumsclient -> good | bad
''' % hostname

        gums_properties_contents = '''gums.location=https://%s:8443/gums/services/GUMSAdmin
gums.authz=https://%s:8443/gums/services/GUMSXACMLAuthorizationServicePort
''' % (hostname, hostname)

        core.config['condor-ce.lcmapsdb'] = '/etc/lcmaps.db'
        core.config['condor-ce.gums-properties'] = '/etc/gums/gums-client.properties'
        core.config['condor-ce.gsi-authz'] = '/etc/grid-security/gsi-authz.conf'

        files.write(core.config['condor-ce.lcmapsdb'], lcmaps_contents, owner='condor-ce.gums')
        files.write(core.config['condor-ce.gums-properties'], gums_properties_contents, owner='condor-ce')
        files.replace(core.config['condor-ce.gsi-authz'],
                      '# globus_mapping liblcas_lcmaps_gt4_mapping.so lcmaps_callout',
                      'globus_mapping liblcas_lcmaps_gt4_mapping.so lcmaps_callout',
                      owner='condor-ce')
        try:
            core.state['condor-ce.gums-auth'] = True

            service.check_stop('condor-ce')

            stat = core.get_stat(core.config['condor-ce.collectorlog'])

            service.check_start('condor-ce')
            # Wait for the schedd to come back up
            self.failUnless(condor.wait_for_daemon(core.config['condor-ce.collectorlog'], stat, 'Schedd', 300.0),
                            'Schedd failed to restart within the 1 min window')
            command = ('condor_ce_ping', 'WRITE', '-verbose')
            stdout, _, _ = core.check_system(command, 'ping using GSI and gridmap', user=True)
            self.assert_(re.search(r'Authorized:\s*TRUE', stdout), 'could not authorize with GSI')

        finally:
            files.restore(core.config['condor-ce.lcmapsdb'], 'condor-ce.gums')
            files.restore(core.config['condor-ce.gsi-authz'], 'condor-ce')
            files.restore(core.config['condor-ce.gums-properties'], 'condor-ce')