Snapshot including testca call

2ef13978 · Maiken · f83f39d7 · 2ef13978 · 2ef13978
Commit 2ef13978 authored Sep 10, 2018 by Maiken
--- a/src/utils/python/arc/control/InstallationWizard.py
+++ b/src/utils/python/arc/control/InstallationWizard.py
@@ -70,7 +70,6 @@ class InstallationWizardControl(ComponentControl):
        self.confdict['hostname'] = self.defaults['common']['hostname']
    
        logdir = '/'.join(self.defaults['arex']['logfile'].split('/')[:-1])
-        print logdir
        self.confdict['log_rootdir'] = logdir
        self.confdict['controldir'] = self.defaults['arex']['controldir']
        self.confdict['sessiondir'] = self.defaults['arex']['sessiondir']
@@ -95,14 +94,20 @@ class InstallationWizardControl(ComponentControl):
        self.confdict['enable_emies'] = False
        self.confdict['enable_gridftpd'] = False

+        self.confdict['queue'] = None

+        self.confdict['auth_groups'] = []


-
+    def print_notice(self,text):
+        print('\n')
+        print '='*90
+        print(text)
+        print '='*90
+        print('\n')

    def print_summary(self,prepend_txt='',append_txt=''):
-        print_order = ['conf_path',
-                       'host_cert',
+        print_order = ['host_cert',
                       'host_key',
                       'log_rootdir',
                       'controldir',
@@ -128,7 +133,7 @@ class InstallationWizardControl(ComponentControl):


    @staticmethod
-    def _true_false(ask, default_val=''):
+    def true_false(ask, default_val=''):
        if default_val:
            ask = '\n' + ask + ' (ENTER for default value: ' + default_val + ')'
        else:
@@ -228,29 +233,64 @@ class InstallationWizardControl(ComponentControl):
        
    def get_user_input(self):

-        use_all_defaults = self.true_false('Use all defaults? [y/n]: ')
+        #use_all_defaults = self.true_false('Use all defaults? (If yes, you might as well just use the zero-conf shipped with ARC which is placed at /tmp/arc.conf)  [y/n]: ')
+        use_all_defaults=False
        if not use_all_defaults:
+            non_default = self.text_answ('Full path to arc.conf',self.confdict['conf_path'])
+            if non_default:
+                self.confdict['conf_path'] = non_default
+
+
+            """ Authorization groups """
+            print('The recommended way of authorizing groups of users is by using authorization groups. \nA group can be identified either by voms, by a userlist produced by the nordugridmap utility or by pointing to a grid-mapfile.')
+
+
+            if(self.true_false('Use voms identification [y/n]')):
+                vomses = self.text_answ('Enter a comma-separated list of vomses like: atlas * * * *, atlas * lcgadmin *')
+                vomses = (vomses).split(',')
+                
+                print 'vomses: ', vomses
+                for vo  in vomses:
+                    vo = vo.strip()
+                    print 'vo: ', vo
+                    txt = 'Which (custom-named) authgroup does the vo:  ' + vo + ' belong to'
+                    auth_group = self.text_answ(txt)
+                    try:
+                        self.confdict[auth_group].append(vo)
+                    except KeyError:
+                        self.confdict[auth_group] = [vo]
+
+                    try:
+                        self.confdict['auth_groups'][auth_group].append(vo)
+                    except TypeError:
+                        self.confdict['auth_groups']={}
+                        self.confdict['auth_groups'][auth_group]=[]
+                        self.confdict['auth_groups'][auth_group].append(vo)
+                    except KeyError:
+                        self.confdict['auth_groups'][auth_group]=[]
+                        self.confdict['auth_groups'][auth_group].append(vo)
+
+

            """ HOSTCERTIFICATE
            For a production server a host certificate should actually exist. 
            However, for quick  testing, before a real host certificate is installed, a test host certificate can be generated."""
            self.create_host_cert = self.true_false('Do you need to create a test host certificate? [y/n]')
            if not self.create_host_cert:
-                non_default  = self.text_answ('Full path to your host certificate',self.confdict['host_cert'])
+                non_default  = self.text_answ('Full path to your existing host certificate',self.confdict['host_cert'])
                if non_default:
                    self.confdict['host_cert'] = non_default
-                non_default = self.text_answ('Full  path to your host key',self.confdict['host_key'])
+                non_default = self.text_answ('Full  path to your existing host key',self.confdict['host_key'])
                if non_default:
                    self.confdict['host_key'] = non_default

+
+
+
            non_default = self.text_answ('Path to log dir',self.confdict['log_rootdir'])
            if non_default:
                self.confdict['log_rootdir'] = non_default
                
-
-            non_default = self.text_answ('Full path to arc.conf',self.confdict['conf_path'])
-            if non_default:
-                self.confdict['conf_path'] = non_default
                
            non_default = self.text_answ('Path to sessiondir',self.confdict['sessiondir'])
            if non_default:
@@ -262,8 +302,7 @@ class InstallationWizardControl(ComponentControl):
                self.confdict['controldir'] = non_default
        

-
-            lrms_type = self.text_answ('Which lrms %s : ',self.confdict['lrms_type'])
+            self.confdict['lrms_type'] = self.text_answ('Which lrms : ',self.confdict['lrms_type'])

            if 'fork' not in self.confdict['lrms_type']:
                non_default =  self.text_answ('LRMS bin path',self.confdict['lrms_path'])
@@ -307,21 +346,19 @@ class InstallationWizardControl(ComponentControl):
                print('==> Using port ranges 9000-10000, change in arc.conf if you want other port ranges.\n')


+            """ How many queues to allow? Multiple?  """
+            self.confdict['queue'] = self.text_answ('What is your default job queue')
+            

-
+    
        """ Print out a summary of values selected by  user """
-        prepend_txt='Your chosen configuration values are:'
+        prepend_txt='Your chosen configuration values for ' +  self.confdict['conf_path'] + ' are:'
        append_txt=''
-        #if self.create_host_cert:
-        #   append_txt='\n* A test host certificate will be created and placed in: ' \
-        #      + self.confdict['grid_security_path'] \
-        #     + '\n* Please copy the CA and softlinks to your client machines grid-security folder (ignore if client and server are same machine).'
        self.print_summary(prepend_txt,append_txt)




-
    def create_conf(self,args):
        j2_env = Environment(loader=FileSystemLoader('./arc/control/templates'), trim_blocks=True)
        template = j2_env.get_template('arc.conf.j2')
@@ -332,14 +369,14 @@ class InstallationWizardControl(ComponentControl):
        try:
            with open(conf_path, 'w') as f:
                f.write(rendered)
-                print(rendered)
+                #print(rendered)
        except IOError as e:
            if e.errno == errno.EACCES: 
                logger.debug('***** You do not have permission to write to %s Instead writing it to /tmp/arc.conf - please copy it manually to %s *****', conf_path,conf_path)
-                print '='*90
-                print'====>>> IMPORTANT MESSAGE'
-                print '====>>> You do not have permission to write to ' + conf_path + '. File is temporarily stored in /tmp/arc.conf - please copy file manually to ' + conf_path
-                print '='*90
+                print_str = '====>>> IMPORTANT MESSAGE'
+                print_str += '====>>> You do not have permission to write to ' + conf_path + '. File is temporarily stored in /tmp/arc.conf - please copy file manually to ' + conf_path
+                self.print_notice(print_str)
+
                with open('/tmp/arc.conf','w') as f:
                    f.write(rendered)
        except Exception as e:
@@ -384,7 +421,7 @@ class InstallationWizardControl(ComponentControl):


    @staticmethod
-    def get_config(args):
+    def get_config(args=None):
        print config
        __runconfig = '/tmp/.arcctl.arc.run.conf'
        try:
@@ -410,16 +447,17 @@ class InstallationWizardControl(ComponentControl):
    def control(self,args):


+
        """ Ask user for custom values for arc.conf """
        if args.action == 'dump':
            """ save the configuration options in json format, and dump to screen"""
            self.dump(args)


-        if args.action == 'create_conf' or 'runall':
-
+        if args.action == 'create_conf' or args.action == 'runall':
+            
            """  Print out some general info """
-            prepend_txt = 'A minimal configuration setup.\nYou can choose to use the default values requiring root priveleges. Default values are:'
+            prepend_txt = 'This program requires root priveleges and helps set up a minimal configuration.\nYou can choose to use the default values which are:'
            append_txt =  '\n\n[NOTE:]: sudo rights is required to check that linux user and group exists or should be created.\n' \
                          'Will:\n' \
                          '* Construct an arc.conf placed in default location or location you specify with some minimum required contents.\n' \
@@ -442,7 +480,7 @@ class InstallationWizardControl(ComponentControl):

            """  Create arc.conf """
            self.create_conf(args)
-            
+
            """ Ensure logdirs exist """
            self.create_dir(self.confdict['log_rootdir'],args)

@@ -451,12 +489,13 @@ class InstallationWizardControl(ComponentControl):

            """  Ensure users exist """
            self.create_griduser(self.confdict['grid_group'],self.confdict['grid_user'],args)
-
-
+        
+            """  Information to create host certificate """
+            if self.create_host_cert:
+                self.print_notice('====>>  To create a test host certificate please run \narcctl test-ca init\nto create a self-signed TestCA, followed by \narcctl test-ca hostcert\nand optionally \narcctl test-ca usercert\n if you need both a test host certificate and test user certificate')

        if args.action == 'testhostcert' or args.action == 'runall':
            """  Create test-CA and host certificate """
-
            if args.action == 'testhostcert':
                self.arcconfig = self.get_config(args)
            cactrl = TestCAControl(self.arcconfig)
@@ -472,6 +511,21 @@ class InstallationWizardControl(ComponentControl):
    @staticmethod
    def register_parser(root_parser):

+        help_arcconf = 'Your path to the resulting arc.conf file. Defaults to /etc/arc.conf'
+        help_hostkey = 'Your path to your existing host certificate key. If you have no host certificate, ignore this option.'
+        help_hostcert = 'Your path to your existing host certificate. If you have no host certificate, ignore this option. '
+        help_logdir = 'Your base path of all your ARC logfiles.'
+        help_controldir = 'Your path to ARC controldir'
+        help_sessiondir = 'Your path to ARC sessiondir'
+        help_gridsecurity = 'Your path to the grid-security folder'
+
+        help_lrmstype = 'Please specify which LRMS you are using.'
+        help_lrmspath = 'Your path to the lrsm binary.'
+
+        help_condor = 'Must be set if condor lrms is chosen'
+        help_sge = 'Must be set if sge lrms is chosen'
+        help_boinc = 'Must be set if boinc lrms is chosen'
+
        installwiz_ctl = root_parser.add_parser('install-wiz', help='ARC Installation Wizard control')
        installwiz_ctl.set_defaults(handler_class=InstallationWizardControl)
        installwiz_actions = installwiz_ctl.add_subparsers(title='Installation Wizard Actions', dest='action',
@@ -479,23 +533,29 @@ class InstallationWizardControl(ComponentControl):


        installwiz_conf = installwiz_actions.add_parser('create_conf', help='Generate arc.conf file',formatter_class=argparse.ArgumentDefaultsHelpFormatter)
-        installwiz_conf.add_argument('--conf_path', help='')
-        installwiz_conf.add_argument('--host_key', help='')
-        installwiz_conf.add_argument('--host_cert', help='')
-        installwiz_conf.add_argument('--log_rootdir', help='')
-        installwiz_conf.add_argument('--controldir', help='')
-        installwiz_conf.add_argument('--sessiondir', help='')
-        installwiz_conf.add_argument('--grid_security_path', help='')
+        installwiz_conf.add_argument('--conf_path', help=help_arcconf)
+        installwiz_conf.add_argument('--host_key', help=help_hostkey)
+        installwiz_conf.add_argument('--host_cert', help=help_hostcert)
+        installwiz_conf.add_argument('--log_rootdir', help=help_logdir)
+        installwiz_conf.add_argument('--controldir', help=help_controldir)
+        installwiz_conf.add_argument('--sessiondir', help=help_sessiondir)
+        installwiz_conf.add_argument('--grid_security_path', help=help_gridsecurity)

-        installwiz_conf.add_argument('--lrms_type', choices=lrmses,help='')
-        installwiz_conf.add_argument('--lrms_path', help='')

-        installwiz_conf.add_argument('--lrms_condor_config', default='etc/condor/condor_config',help='Must be set if condor lrms is chosen')
-        installwiz_conf.add_argument('--lrms_sge_root', default='/gridware/sge',help='Must be set if sge lrms is chosen')
-        installwiz_conf.add_argument('--lrms_boinc_db_host', default='localhost', help='Must be set if boinc lrms is chosen')
-        installwiz_conf.add_argument('--lrms_boinc_db_port', default='3306', help='Must be set if boinc lrms is chosen')
-        installwiz_conf.add_argument('--lrms_boin_db_user', help='Must be set if boinc lrms is chosen')
-        installwiz_conf.add_argument('--lrms_boinc_db_pass',help='Must be set if boinc lrms is chosen')
+        installwiz_conf.add_argument('--validity', default=90,help='Number of days the certificates will be valid.')
+        installwiz_conf.add_argument('--digest', default='sha256',help='')
+        installwiz_conf.add_argument('--force', action='store_true',default=False,help='If the TestCA or host key and/or cert already exists, the generation of the CA and/or host certificate will fail. Select --force if you want to delete the old files and create new ones.')
+        installwiz_conf.add_argument('--hostname', action='store',help='')
+
+        installwiz_conf.add_argument('--lrms_type', choices=lrmses,help=help_lrmstype)
+        installwiz_conf.add_argument('--lrms_path', help=help_lrmspath)
+
+        installwiz_conf.add_argument('--lrms_condor_config', default='etc/condor/condor_config',help=help_condor)
+        installwiz_conf.add_argument('--lrms_sge_root', default='/gridware/sge',help=help_sge)
+        installwiz_conf.add_argument('--lrms_boinc_db_host', default='localhost', help=help_boinc)
+        installwiz_conf.add_argument('--lrms_boinc_db_port', default='3306', help=help_boinc)
+        installwiz_conf.add_argument('--lrms_boin_db_user', help=help_boinc)
+        installwiz_conf.add_argument('--lrms_boinc_db_pass',help=help_boinc)


        installwiz_conf.add_argument('-u', '--user', help='')
@@ -521,23 +581,23 @@ class InstallationWizardControl(ComponentControl):
                                                        * Create linux users for mapping grid jobs
                                                        * Create test CA and host certificate if required
                                                        * Run validator and start services''')
-        installwiz_runall.add_argument('--conf_path', help='')
-        installwiz_runall.add_argument('--host_key', help='')
-        installwiz_runall.add_argument('--host_cert', help='')
-        installwiz_runall.add_argument('--log_rootdir', help='')
-        installwiz_runall.add_argument('--controldir', help='')
-        installwiz_runall.add_argument('--sessiondir', help='')
-        installwiz_runall.add_argument('--grid_security_path', help='')
+        installwiz_runall.add_argument('--conf_path', help=help_arcconf)
+        installwiz_runall.add_argument('--host_key', help=help_hostkey)
+        installwiz_runall.add_argument('--host_cert', help=help_hostcert)
+        installwiz_runall.add_argument('--log_rootdir', help=help_logdir)
+        installwiz_runall.add_argument('--controldir', help=help_controldir)
+        installwiz_runall.add_argument('--sessiondir', help=help_sessiondir)
+        installwiz_runall.add_argument('--grid_security_path', help=help_gridsecurity)

-        installwiz_runall.add_argument('--lrms_type', choices=lrmses,help='')
-        installwiz_runall.add_argument('--lrms_path', help='')
+        installwiz_runall.add_argument('--lrms_type', choices=lrmses,help=help_lrmstype)
+        installwiz_runall.add_argument('--lrms_path', help=help_lrmspath)

-        installwiz_runall.add_argument('--lrms_condor_config', default='etc/condor/condor_config',help='Must be set if condor lrms is chosen')
-        installwiz_runall.add_argument('--lrms_sge_root', default='/gridware/sge',help='Must be set if sge lrms is chosen')
-        installwiz_runall.add_argument('--lrms_boinc_db_host', default='localhost', help='Must be set if boinc lrms is chosen')
-        installwiz_runall.add_argument('--lrms_boinc_db_port', default='3306', help='Must be set if boinc lrms is chosen')
-        installwiz_runall.add_argument('--lrms_boin_db_user', help='Must be set if boinc lrms is chosen')
-        installwiz_runall.add_argument('--lrms_boinc_db_pass',help='Must be set if boinc lrms is chosen')
+        installwiz_runall.add_argument('--lrms_condor_config', default='etc/condor/condor_config',help=help_condor)
+        installwiz_runall.add_argument('--lrms_sge_root', default='/gridware/sge',help=help_sge)
+        installwiz_runall.add_argument('--lrms_boinc_db_host', default='localhost', help=help_boinc)
+        installwiz_runall.add_argument('--lrms_boinc_db_port', default='3306', help=help_boinc)
+        installwiz_runall.add_argument('--lrms_boin_db_user', help=help_boinc)
+        installwiz_runall.add_argument('--lrms_boinc_db_pass',help=help_boinc)


        installwiz_runall.add_argument('-u', '--user', help='')
@@ -555,9 +615,6 @@ class InstallationWizardControl(ComponentControl):
                                         help='Use one-line multiport filter instead of per-service entries')


-
-
-
        installwiz_ipconfig = installwiz_actions.add_parser('iptables-config',
                                                            help='Generate iptables config to allow ARC CE configured services')
        installwiz_ipconfig.add_argument('--any-state', default=False,action='store_true',

--- a/src/utils/python/arc/control/templates/arc.conf.j2
+++ b/src/utils/python/arc/control/templates/arc.conf.j2
@@ -20,6 +20,15 @@ x509_host_key = {{ host_key}}
 {% endif %}


+
+{% for group in auth_groups %}
+[authgroup:{{group}}]
+{% for vo in auth_groups[group] %}
+vomses={{vo}}
+{% endfor %}
+{% endfor %}
+
+
 [mapping]
 unixmap={{ grid_user }}:{{ grid_group }} all

@@ -69,17 +78,17 @@ logfile={{ log_rootdir }}/ws-interface.log

 {% if enable_gridftpd  %}
 [gridftpd]
-globus_tcp_port_range={{ globus_tcp_port_range }}
-globus_udp_port_range={{ globus_udp_port_range }}
+globus_tcp_port_range=9000-10000
+globus_udp_port_range=9000-10000

 {% if log_rootdir != '/var/log/arc' %}
 logfile={{ log_rootdir }}/gridftpd.log
 {% endif %}

-
 [gridftpd/jobs]
 {% endif %}

+
 [infosys]
 loglevel=3

@@ -88,6 +97,6 @@ loglevel=3
 [infosys/cluster]


-[queue:{{ arc_frontend_grid_queue }}]
+[queue:{{ queue }}]