fix: added security locations config

DIRACGrid · Oct 6, 2023 · 1d483a1 · 1d483a1
1 parent 2d4ebd4
commit 1d483a1
Show file tree

Hide file tree

Showing 2 changed files with 105 additions and 27 deletions.
diff --git a/.github/workflows/integration.yml b/.github/workflows/integration.yml
@@ -31,7 +31,6 @@ jobs:
           echo "$HOSTKEY_BASE64" | base64 --decode > etc/grid-security/hostkey.pem
           chmod 440 etc/grid-security/hostcert.pem
           chmod 400 etc/grid-security/hostkey.pem
-          ls -l etc/grid-security
       - name: tests
         run: |
           cd Pilot
@@ -68,8 +67,11 @@ jobs:
           echo "$HOSTKEY_BASE64" | base64 --decode > etc/grid-security/hostkey.pem
           chmod 440 etc/grid-security/hostcert.pem
           chmod 400 etc/grid-security/hostkey.pem
-          ls -l etc/grid-security
       - name: tests
+        env:
+          X509_CERT_DIR: /cvmfs/grid.cern.ch/etc/grid-security/certificates
+          X509_VOMS_DIR: /cvmfs/grid.cern.ch/etc/grid-security/vomsdir
+          DIRAC_VOMSES: /cvmfs/grid.cern.ch/etc/grid-security/vomses
         run: |
           cd Pilot
           cp ../tests/CI/pilot_oldSchema.json pilot.json
@@ -84,7 +86,6 @@ jobs:
           cat pilot.cfg
 
 
-
   matching:
     runs-on: ubuntu-latest
 
@@ -155,6 +156,10 @@ jobs:
           chmod 440 etc/grid-security/hostcert.pem
           chmod 400 etc/grid-security/hostkey.pem
       - name: tests
+        env:
+          X509_CERT_DIR: /cvmfs/lhcb.cern.ch/etc/grid-security/certificates
+          X509_VOMS_DIR: /cvmfs/lhcb.cern.ch/etc/grid-security/vomsdir
+          DIRAC_VOMSES: /cvmfs/lhcb.cern.ch/etc/grid-security/vomses
         run: |
           cd Pilot
           export VO_LHCB_SW_DIR=${GITHUB_WORKSPACE}/Pilot
@@ -193,6 +198,10 @@ jobs:
           chmod 440 etc/grid-security/hostcert.pem
           chmod 400 etc/grid-security/hostkey.pem
       - name: tests
+        env:
+          X509_CERT_DIR: /cvmfs/lhcb.cern.ch/etc/grid-security/certificates
+          X509_VOMS_DIR: /cvmfs/lhcb.cern.ch/etc/grid-security/vomsdir
+          DIRAC_VOMSES: /cvmfs/lhcb.cern.ch/etc/grid-security/vomses
         run: |
           cd Pilot
           export VO_LHCB_SW_DIR=${GITHUB_WORKSPACE}/Pilot
@@ -205,4 +214,4 @@ jobs:
           sed -i "s#VAR_CS#https://lbcertifdirac70.cern.ch:9135/Configuration/Server#g" pilot.json
           sed -i "s#VAR_USERDN#/DC=ch/DC=cern/OU=Organic Units/OU=Users/CN=alboyer/CN=819281/CN=Alexandre Franck Boyer#g" pilot.json
           sed -i "s#VAR_USERDN_GRIDPP#${DIRACUSERDN_GRIDPP}#g" pilot.json
-          python dirac-pilot.py -M 1 -S DIRAC-Certification -N jenkins-lhcb_d.cern.ch -Q jenkins-queue_not_important -n DIRAC.Jenkins.ch -e LHCb -l LHCb -E LHCbPilot --preinstalledEnvPrefix=/cvmfs/lhcb.cern.ch/lhcbdirac/ --cert --certLocation=${GITHUB_WORKSPACE}/Pilot/etc/grid-security --debug
+          python dirac-pilot.py -M 1 -S DIRAC-Certification -N jenkins-lhcb-d.cern.ch -Q jenkins-queue_not_important -n DIRAC.Jenkins.ch -e LHCb -l LHCb -E LHCbPilot --preinstalledEnvPrefix=/cvmfs/lhcb.cern.ch/lhcbdirac/ --cert --certLocation=${GITHUB_WORKSPACE}/Pilot/etc/grid-security --debug
diff --git a/Pilot/pilotCommands.py b/Pilot/pilotCommands.py
@@ -196,18 +196,14 @@ def execute(self):
             self.exitWithError(1)
 
 class InstallDIRAC(CommandBase):
-    """Basically, this is used to call dirac-install with the passed parameters.
-
-    It requires dirac-install script to be sitting in the same directory.
+    """ Source from CVMFS, or install locally
     """
 
     def __init__(self, pilotParams):
         """c'tor"""
         super(InstallDIRAC, self).__init__(pilotParams)
         self.installOpts = []
         self.pp.rootPath = self.pp.pilotRootPath
-        self.installScriptName = "dirac-install.py"
-        self.installScript = ""
 
     def _sourceEnvironmentFile(self):
         """source the $DIRAC_RC_FILE and save the created environment in self.pp.installEnv
@@ -325,6 +321,9 @@ def _getPreinstalledEnvScript(self):
     def _installDIRACpy2(self):
         """ Install python2 DIRAC or its extension,
             then parse the environment file created, and use it for subsequent calls
+
+            Basically, this is used to call dirac-install with the passed parameters.
+            It requires dirac-install script to be sitting in the same directory.
         """
 
         # Installing
@@ -458,6 +457,8 @@ def _installDIRACpy3(self):
     def _localInstallDIRAC(self):
         self.log.info("Installing DIRAC locally")
         if self.pp.pythonVersion == "27":
+            self.installScriptName = "dirac-install.py"
+            self.installScript = ""
             self._setInstallOptions()
             self._locateInstallationScript()
             self._installDIRACpy2()
@@ -525,21 +526,6 @@ class ConfigureBasics(CommandBase):
     .. note:: Further commands should always call dirac-configure using the options -FDMH
     .. note:: If custom cfg file is created further commands should call dirac-configure with
                "-O %s %s" % ( self.pp.localConfigFile, self.pp.localConfigFile )
-
-    From here on, we have to pay attention to the paths. Specifically, we need to know where to look for
-
-        * executables (scripts)
-        * DIRAC python code
-
-    If the pilot has installed DIRAC (and extensions) in the traditional way, so using the dirac-install.py script,
-    simply the current directory is used, and:
-
-        * scripts will be in $CWD/scripts.
-        * DIRAC python code will be all sitting in $CWD
-        * the local dirac.cfg file will be found in $CWD/etc
-
-    For a more general case of non-traditional installations, we should use the PATH and PYTHONPATH as set by the
-    installation phase. Executables and code will be searched there.
     """
 
     def __init__(self, pilotParams):
@@ -609,14 +595,97 @@ def _getBasicsCFG(self):
             self.cfg.append('-o "/Resources/Computing/CEDefaults/VirtualOrganization=%s"' % self.pp.wnVO)
 
     def _getSecurityCFG(self):
-        """Nothing specific by default, but need to know host cert and key location in case they are needed"""
+        """ Sets security-related env variables, if needed
+        """
+        # Need to know host cert and key location in case they are needed
         if self.pp.useServerCertificate:
             self.cfg.append("--UseServerCertificate")
             self.cfg.append("-o /DIRAC/Security/CertFile=%s/hostcert.pem" % self.pp.certsLocation)
             self.cfg.append("-o /DIRAC/Security/KeyFile=%s/hostkey.pem" % self.pp.certsLocation)
+
+        # If DIRAC (or its extension) is installed in CVMFS:
         if self.pp.preinstalledEnv:
-            # Skip CAs download for preinstalled DIRAC
-            self.cfg.append("-D")
+
+            if "X509_CERT_DIR" in os.environ:
+                self.log.debug(
+                    "X509_CERT_DIR is set in the host environment as %s, aligning installEnv to it"
+                    % os.environ["X509_CERT_DIR"]
+                )
+                self.pp.installEnv["X509_CERT_DIR"] = os.environ["X509_CERT_DIR"]
+            else:
+                self.log.debug("X509_CERT_DIR is not set in the host environment")
+                # try and find it
+                candidates = [
+                    "/cvmfs/grid.cern.ch/etc/grid-security/certificates/",
+                    "/cvmfs/dirac.egi.eu/dirac/etc/grid-security/certificates",
+                ]
+                for candidate in candidates:
+                    self.log.debug("Candidate directory for X509_CERT_DIR is %s" % candidate)
+                    if os.path.isdir(os.path.expandvars(candidate)):
+                        self.log.debug("Setting X509_CERT_DIR=%s" % candidate)
+                        self.pp.installEnv["X509_CERT_DIR"] = candidate
+                        os.environ["X509_CERT_DIR"] = candidate
+                        break
+                    self.log.debug("%s not found or not a directory" % candidate)
+
+            if "X509_CERT_DIR" not in self.pp.installEnv:
+                self.log.error("Could not find/set X509_CERT_DIR")
+                sys.exit(1)
+
+            if "X509_VOMS_DIR" in os.environ:
+                self.log.debug(
+                    "X509_VOMS_DIR is set in the host environment as %s, aligning installEnv to it"
+                    % os.environ["X509_VOMS_DIR"]
+                )
+                self.pp.installEnv["X509_VOMS_DIR"] = os.environ["X509_VOMS_DIR"]
+            else:
+                self.log.debug("X509_VOMS_DIR is not set in the host environment")
+                # try and find it
+                candidates = [
+                    "/cvmfs/grid.cern.ch/etc/grid-security/vomsdir/",
+                    "/cvmfs/dirac.egi.eu/dirac/etc/grid-security/vomsdir",
+                ]
+                for candidate in candidates:
+                    self.log.debug("Candidate directory for X509_VOMS_DIR is %s" % candidate)
+                    if os.path.isdir(os.path.expandvars(candidate)):
+                        self.log.debug("Setting X509_VOMS_DIR=%s" % candidate)
+                        self.pp.installEnv["X509_VOMS_DIR"] = candidate
+                        os.environ["X509_VOMS_DIR"] = candidate
+                        break
+                    self.log.debug("%s not found" % candidate)
+
+            if "X509_VOMS_DIR" not in self.pp.installEnv:
+                self.log.error("Could not find/set X509_VOMS_DIR")
+                sys.exit(1)
+
+            if "DIRAC_VOMSES" in os.environ:
+                self.log.debug(
+                    "DIRAC_VOMSES is set in the host environment as %s, aligning installEnv to it"
+                    % os.environ["DIRAC_VOMSES"]
+                )
+                self.pp.installEnv["DIRAC_VOMSES"] = os.environ["DIRAC_VOMSES"]
+            else:
+                self.log.debug("DIRAC_VOMSES is not set in the host environment")
+                # try and find it
+                candidates = [
+                    "/cvmfs/grid.cern.ch/etc/grid-security/vomses/",
+                    "/cvmfs/dirac.egi.eu/dirac/etc/grid-security/vomses/",
+                ]
+                for candidate in candidates:
+                    self.log.debug("Candidate directory for DIRAC_VOMSES is %s" % candidate)
+                    if os.path.isdir(os.path.expandvars(candidate)):
+                        self.log.debug("Setting DIRAC_VOMSES=%s" % candidate)
+                        self.pp.installEnv["DIRAC_VOMSES"] = candidate
+                        os.environ["DIRAC_VOMSES"] = candidate
+                        break
+                    self.log.debug("%s not found" % candidate)
+
+            if "DIRAC_VOMSES" not in self.pp.installEnv:
+                self.log.error("Could not find/set DIRAC_VOMSES")
+                sys.exit(1)
+
+            # In any case do not download VOMS and CAs
+            self.cfg.append("-DMH")
 
 
 class RegisterPilot(CommandBase):