Commit f73c6c91 authored by Maiken's avatar Maiken
Browse files

Merge branch 'slowdown_hunting' into 'next'

Slowdown hunting. Fixes BUGZ-4020

See merge request !1216
parents ffd9b19b 184cbea6
Pipeline #9787 passed with stages
in 136 minutes and 33 seconds
......@@ -2258,6 +2258,9 @@ AC_CONFIG_FILES([Makefile
src/services/a-rex/arc-arex
src/services/a-rex/arc-arex.service
src/services/a-rex/arc-arex-start
src/services/a-rex/arc-arex-ws
src/services/a-rex/arc-arex-ws.service
src/services/a-rex/arc-arex-ws-start
src/services/a-rex/a-rex-backtrace-collect
src/services/a-rex/a-rex-backtrace-collect.8
src/services/a-rex/perferator
......
......@@ -256,10 +256,48 @@ Description: ARC Control Tool - service control modules
This package contains the service control modules for ARC Contol Tool
that allow working with server-side config and manage ARC services.
Package: nordugrid-arc-arex
Package: nordugrid-arc-arex-ws
Provides:
nordugrid-arc-cache-service,
nordugrid-arc-candypond
Replaces:
nordugrid-arc-arex (<< 6.13.0~),
nordugrid-arc-cache-service (<< 6.0.0~),
nordugrid-arc-candypond (<< 6.0.0~),
nordugrid-arc-aris (<< 6.0.0~),
nordugrid-arc-infosys-ldap (<< 6.3.0~),
libarccommon3 (<< 6.5.0~)
Conflicts:
nordugrid-arc-arex (<< 6.13.0~),
nordugrid-arc-cache-service (<< 6.0.0~),
nordugrid-arc-candypond (<< 6.0.0~)
Breaks:
nordugrid-arc-aris (<< 6.0.0~),
nordugrid-arc-infosys-ldap (<< 6.3.0~),
libarccommon3 (<< 6.5.0~)
Architecture: any
Depends:
${shlibs:Depends},
${misc:Depends},
${perl:Depends},
${python:Depends},
${python3:Depends},
libarccommon3 (= ${binary:Version}),
nordugrid-arc-hed (= ${binary:Version}),
nordugrid-arc-arex (= ${binary:Version}),
nordugrid-arc-arcctl (= ${source:Version}),
nordugrid-arc-arcctl-service (= ${source:Version}),
nordugrid-arc-plugins-needed (= ${binary:Version}),
libjson-xs-perl,
libxml-simple-perl,
${pydeps:Depends},
lsb-base (>= 3.0-6)
XB-Python-Version: ${python:Versions}
Description: A-REX WS interface provides HTTP based job submission
and control interfaces for ARC Resource-coupled EXecution service.
Package: nordugrid-arc-arex
Provides:
Replaces:
nordugrid-arc-cache-service (<< 6.0.0~),
nordugrid-arc-candypond (<< 6.0.0~),
......
# To enable arc-arex-ws, i.e. to indicate that a readily usable
# configuration is in place, comment out or delete the
# following line.
RUN=no
debian/tmp/usr/share/arc/arc-arex-ws-start
rm_conffile /etc/default/arc-arex-ws 6.7.0
#!/bin/sh
set -e
if [ "$1" = "configure" ] ; then
# check hostcert is already generated (update vs install)
if [ ! -f /etc/grid-security/testCA-hostcert.pem ] ; then
arcctl test-ca init
arcctl test-ca hostcert
fi
fi
#DEBHELPER#
#!/bin/sh
set -e
#DEBHELPER#
if [ "$1" = "remove" ] ; then
arcctl test-ca cleanup
rmdir /etc/grid-security/certificates 2>/dev/null || :
rmdir /etc/grid-security 2>/dev/null || :
fi
......@@ -79,6 +79,7 @@ override_dh_auto_clean:
dh_auto_clean
rm -f debian/nordugrid-arc-arex.arc-arex.init
rm -f debian/nordugrid-arc-arex.arc-arex-ws.init
rm -f debian/nordugrid-arc-hed.arched.init
rm -f debian/nordugrid-arc-datadelivery-service.arc-datadelivery-service.init
rm -f debian/nordugrid-arc-gridftpd.arc-gridftpd.init
......@@ -87,6 +88,7 @@ override_dh_auto_clean:
rm -f debian/nordugrid-arc-acix-index.arc-acix-index.init
rm -f debian/nordugrid-arc-arex.arc-arex.service
rm -f debian/nordugrid-arc-arex.arc-arex-ws.service
rm -f debian/nordugrid-arc-hed.arched.service
rm -f debian/nordugrid-arc-datadelivery-service.arc-datadelivery-service.service
rm -f debian/nordugrid-arc-gridftpd.arc-gridftpd.service
......@@ -138,6 +140,8 @@ override_dh_auto_install:
mv debian/tmp/etc/init.d/arc-arex \
debian/nordugrid-arc-arex.arc-arex.init
mv debian/tmp/etc/init.d/arc-arex-ws \
debian/nordugrid-arc-arex.arc-arex-ws.init
mv debian/tmp/etc/init.d/arched \
debian/nordugrid-arc-hed.arched.init
mv debian/tmp/etc/init.d/arc-datadelivery-service \
......@@ -153,6 +157,8 @@ override_dh_auto_install:
mv debian/tmp/lib/systemd/system/arc-arex.service \
debian/nordugrid-arc-arex.arc-arex.service
mv debian/tmp/lib/systemd/system/arc-arex-ws.service \
debian/nordugrid-arc-arex.arc-arex-ws.service
mv debian/tmp/lib/systemd/system/arched.service \
debian/nordugrid-arc-hed.arched.service
mv debian/tmp/lib/systemd/system/arc-datadelivery-service.service \
......@@ -182,6 +188,7 @@ override_dh_install:
override_dh_installinit:
dh_installinit $(SYSVNOENBL) -p nordugrid-arc-hed --name arched
dh_installinit $(SYSVNOENBL) -p nordugrid-arc-arex --name arc-arex
dh_installinit $(SYSVNOENBL) -p nordugrid-arc-arex-ws --name arc-arex-ws
dh_installinit $(SYSVNOENBL) -p nordugrid-arc-datadelivery-service --name arc-datadelivery-service
dh_installinit $(SYSVNOENBL) -p nordugrid-arc-gridftpd --name arc-gridftpd
dh_installinit $(SYSVNOENBL) -p nordugrid-arc-infosys-ldap --name arc-infosys-ldap
......@@ -191,6 +198,7 @@ override_dh_installinit:
override_dh_systemd_enable:
dh_systemd_enable $(SYSDNOENBL) -p nordugrid-arc-hed --name arched
dh_systemd_enable $(SYSDNOENBL) -p nordugrid-arc-arex --name arc-arex
dh_systemd_enable $(SYSDNOENBL) -p nordugrid-arc-arex-ws --name arc-arex-ws
dh_systemd_enable $(SYSDNOENBL) -p nordugrid-arc-datadelivery-service --name arc-datadelivery-service
dh_systemd_enable $(SYSDNOENBL) -p nordugrid-arc-gridftpd --name arc-gridftpd
dh_systemd_enable $(SYSDNOENBL) -p nordugrid-arc-infosys-ldap --name arc-infosys-ldap
......@@ -201,6 +209,7 @@ override_dh_systemd_enable:
override_dh_systemd_start:
dh_systemd_start -p nordugrid-arc-hed --name arched
dh_systemd_start -p nordugrid-arc-arex --name arc-arex
dh_systemd_start -p nordugrid-arc-arex-ws --name arc-arex-ws
dh_systemd_start -p nordugrid-arc-datadelivery-service --name arc-datadelivery-service
dh_systemd_start -p nordugrid-arc-gridftpd --name arc-gridftpd
dh_systemd_start -p nordugrid-arc-infosys-ldap --name arc-infosys-ldap
......@@ -217,6 +226,8 @@ override_dh_python2:
echo "pydeps:Depends=python-ldap, python-isodate" \
>> debian/nordugrid-arc-arex.substvars
echo "pydeps:Depends=python-ldap, python-isodate" \
>> debian/nordugrid-arc-arex-ws.substvars
echo "pydeps:Depends=python-dns" \
>> debian/nordugrid-arc-community-rtes.substvars
echo "pydeps:Depends=python-twisted, python-openssl" \
......@@ -235,6 +246,8 @@ override_dh_python3:
echo "pydeps:Depends=python3-ldap, python3-isodate" \
>> debian/nordugrid-arc-arex.substvars
echo "pydeps:Depends=python3-ldap, python3-isodate" \
>> debian/nordugrid-arc-arex-ws.substvars
echo "pydeps:Depends=python3-dns" \
>> debian/nordugrid-arc-community-rtes.substvars
echo "pydeps:Depends=python3-twisted, python3-openssl" \
......
......@@ -1107,6 +1107,7 @@ rm -rf $RPM_BUILD_ROOT
%post arex
%enable_service arc-arex
%enable_service arc-arex-ws
# out-of-package testing host certificate
if [ $1 -eq 1 ]; then
......@@ -1116,6 +1117,7 @@ fi
%preun arex
%stop_on_removal arc-arex
%stop_on_removal arc-arex-ws
if [ $1 -eq 0 ]; then
arcctl test-ca cleanup
......@@ -1123,6 +1125,7 @@ fi
%postun arex
%condrestart_on_update arc-arex
%condrestart_on_update arc-arex-ws
%post gridftpd
%enable_service arc-gridftpd
......@@ -1429,8 +1432,10 @@ service arc-infosys-ldap condrestart > /dev/null 2>&1 || :
%defattr(-,root,root,-)
%if %{use_systemd}
%{_unitdir}/arc-arex.service
%{_unitdir}/arc-arex-ws.service
%else
%{_initrddir}/arc-arex
%{_initrddir}/arc-arex-ws
%endif
%{_libexecdir}/%{pkgdir}/cache-clean
%{_libexecdir}/%{pkgdir}/cache-list
......@@ -1490,6 +1495,7 @@ service arc-infosys-ldap condrestart > /dev/null 2>&1 || :
%{_datadir}/%{pkgdir}/perferator
%{_datadir}/%{pkgdir}/PerfData.pl
%{_datadir}/%{pkgdir}/arc-arex-start
%{_datadir}/%{pkgdir}/arc-arex-ws-start
%{_datadir}/%{pkgdir}/sql-schema/arex_accounting_db_schema_v1.sql
%doc %{_mandir}/man1/arc-config-check.1*
%doc %{_mandir}/man1/cache-clean.1*
......
......@@ -1334,6 +1334,11 @@
#logfile=/var/log/arc/ws-interface.log
## CHANGE: RENAMED in 6.0.0.
## pidfile = path - Specify location of file containing PID of daemon process.
## default: /run/arched-arex-ws.pid
#pidfile=/run/arched-arex-ws.pid
## CHANGE: INTRODUCED in 6.13.0.
## max_job_control_requests = number - The max number of simultaneously processed job management
## requests over WS interface - like job submission, cancel, status check etc.
## default: 100
......
......@@ -38,13 +38,14 @@ namespace Arc {
public:
StringData();
virtual ~StringData();
void Assign(std::string& str);
void Assign(std::string& str, int content_max_size = 0);
virtual void Append(char const* data, unsigned int size);
virtual void Remove(unsigned int size);
virtual char const* Get() const;
virtual unsigned int Size() const;
private:
std::string* content_;
int content_max_size_;
};
// working directory
......@@ -164,12 +165,12 @@ namespace Arc {
/// Associate stdout pipe of executable with string.
/** This method must be called before Start(). str object
must be valid as long as this object exists. */
void AssignStdout(std::string& str);
void AssignStdout(std::string& str, int max_size = 102400);
void AssignStdout(Data& str);
/// Associate stderr pipe of executable with string.
/** This method must be called before Start(). str object
must be valid as long as this object exists. */
void AssignStderr(std::string& str);
void AssignStderr(std::string& str, int max_size = 102400);
void AssignStderr(Data& str);
/// Associate stdin pipe of executable with string.
/** This method must be called before Start(). str object
......
......@@ -802,9 +802,9 @@ namespace Arc {
return (!running_);
}
void Run::AssignStdout(std::string& str) {
void Run::AssignStdout(std::string& str, int max_size) {
if (!running_) {
stdout_str_wrap_.Assign(str);
stdout_str_wrap_.Assign(str,max_size);
stdout_str_ = &stdout_str_wrap_;
}
}
......@@ -815,9 +815,9 @@ namespace Arc {
}
}
void Run::AssignStderr(std::string& str) {
void Run::AssignStderr(std::string& str, int max_size) {
if (!running_) {
stderr_str_wrap_.Assign(str);
stderr_str_wrap_.Assign(str,max_size);
stderr_str_ = &stderr_str_wrap_;
}
}
......@@ -872,18 +872,23 @@ namespace Arc {
}
Run::StringData::StringData(): content_(NULL) {
Run::StringData::StringData(): content_(NULL),content_max_size_(0) {
}
Run::StringData::~StringData() {
}
void Run::StringData::Assign(std::string& str) {
void Run::StringData::Assign(std::string& str, int content_max_size) {
content_max_size_ = content_max_size;
content_ = &str;
}
void Run::StringData::Append(char const* data, unsigned int size) {
if(content_) content_->append(data, size);
if(content_) {
if((content_max_size_ > 0) && (content_->length() < content_max_size_)) {
content_->append(data, size);
}
}
}
void Run::StringData::Remove(unsigned int size) {
......
......@@ -5,6 +5,7 @@
#endif
#define USE_THREAD_POOL
#define USE_THREAD_DATA
#define USE_SEQUENTIAL_THREAD_ID
#ifdef HAVE_STDINT_H
#include <stdint.h>
......@@ -279,7 +280,9 @@ namespace Arc {
#endif
void ThreadArgument::thread(void) {
#ifdef USE_SEQUENTIAL_THREAD_ID
ThreadId::getInstance().add();
#endif
#ifdef USE_THREAD_DATA
ThreadData* tdata = ThreadData::Get();
if(tdata) {
......@@ -313,32 +316,42 @@ namespace Arc {
#ifdef USE_THREAD_DATA
ThreadData::Remove();
#endif
#ifdef USE_SEQUENTIAL_THREAD_ID
ThreadId::getInstance().remove();
#endif
}
ThreadId& ThreadId::getInstance() {
static ThreadId* id = new ThreadId();
return *id;
static ThreadId id;
return id;
}
ThreadId::ThreadId(): thread_no(0) {}
void ThreadId::add() {
#ifdef USE_SEQUENTIAL_THREAD_ID
Glib::Mutex::Lock lock(mutex);
if (thread_no == ULONG_MAX) thread_no = 0;
thread_ids[(size_t)(void*)Glib::Thread::self()] = ++thread_no;
#endif
}
void ThreadId::remove() {
#ifdef USE_SEQUENTIAL_THREAD_ID
Glib::Mutex::Lock lock(mutex);
thread_ids.erase((size_t)(void*)Glib::Thread::self());
#endif
}
unsigned long int ThreadId::get() {
#ifdef USE_SEQUENTIAL_THREAD_ID
Glib::Mutex::Lock lock(mutex);
size_t id = (size_t)(void*)Glib::Thread::self();
if (thread_ids.count(id) == 0) return id;
return thread_ids[id];
#else
return (unsigned long int)(void*)Glib::Thread::self();
#endif
}
bool CreateThreadFunction(void (*func)(void*), void *arg, SimpleCounter* count
......
......@@ -2,6 +2,9 @@
#include <config.h>
#endif
#include <sys/types.h>
#include <sys/stat.h>
#include <fcntl.h>
#include <unistd.h>
#include <arc/ArcLocation.h>
......@@ -102,11 +105,11 @@ std::string ModuleManager::findLocation(const std::string& name)
for (; i != plugin_dir.end(); i++) {
path = Glib::Module::build_path(*i, name);
// Loader::logger.msg(VERBOSE, "Try load %s", path);
FILE *file = fopen(path.c_str(), "r");
if (file == NULL) {
int file = open(path.c_str(), O_RDONLY);
if (file == -1) {
continue;
} else {
fclose(file);
close(file);
break;
}
}
......
......@@ -18,20 +18,20 @@ endif
pkglibexec_SCRIPTS = $(PYTHON_LRMS_PKGLIBEXEC_FILES)
if SYSV_SCRIPTS_ENABLED
AREX_SCRIPT = arc-arex
AREX_SCRIPT = arc-arex arc-arex-ws
else
AREX_SCRIPT =
endif
initd_SCRIPTS = $(AREX_SCRIPT)
if SYSTEMD_UNITS_ENABLED
AREX_UNIT = arc-arex.service
AREX_UNIT = arc-arex.service arc-arex-ws.service
else
AREX_UNIT =
endif
units_DATA = $(AREX_UNIT)
pkgdata_SCRIPTS = arc-arex-start perferator
pkgdata_SCRIPTS = arc-arex-start arc-arex-ws-start perferator
sbin_SCRIPTS = a-rex-backtrace-collect
......
......@@ -217,13 +217,6 @@ prepare() {
X509_CERT_DIR=`readconfigvar "$ARC_RUNTIME_CONFIG" x509_cert_dir common`
GLOBUS_TCP_PORT_RANGE=`readconfigvar "$ARC_RUNTIME_CONFIG" globus_tcp_port_range arex/data-staging`
GLOBUS_UDP_PORT_RANGE=`readconfigvar "$ARC_RUNTIME_CONFIG" globus_udp_port_range arex/data-staging`
VOMS_PROCESSING=`readconfigvar "$ARC_RUNTIME_CONFIG" voms_processing common`
mapping_present=`testconfigblock "$ARC_RUNTIME_CONFIG" mapping`
authtokens_present=`testconfigblock "$ARC_RUNTIME_CONFIG" authtokens`
USERMAP_BLOCK=''
if [ "$mapping_present" = 'true' ] ; then
USERMAP_BLOCK='mapping'
fi
HOSTNAME=`readconfigvar "$ARC_RUNTIME_CONFIG" hostname common`
SERVICEMAIL=`readconfigvar "$ARC_RUNTIME_CONFIG" mail arex`
# It is easier to handle root user through empty value.
......@@ -246,167 +239,17 @@ prepare() {
# Web Service configuration
arex_endpoint=""
arex_mount_point=""
arex_proto=""
arex_host=""
arex_port=""
arex_path=""
arex_service_plexer=""
ws_present=`testconfigblock "$ARC_RUNTIME_CONFIG" arex/ws`
arex_present=`testconfigblock "$ARC_RUNTIME_CONFIG" arex/ws/jobs`
if [ "$ws_present" = 'true' ] ; then
WSLOGFILE=`readconfigvar "$ARC_RUNTIME_CONFIG" logfile arex/ws`
MAX_JOB_CONTROL_REQUESTS=`readconfigvar "$ARC_RUNTIME_CONFIG" max_job_control_requests arex/ws`
MAX_INFOSYS_REQUESTS=`readconfigvar "$ARC_RUNTIME_CONFIG" max_infosys_requests arex/ws`
MAX_DATA_TRANSFER_REQUESTS=`readconfigvar "$ARC_RUNTIME_CONFIG" max_data_transfer_requests arex/ws`
USERAUTH_BLOCK='arex/ws/jobs'
arex_mount_point=`readconfigvar "$ARC_RUNTIME_CONFIG" wsurl arex/ws`
arex_proto=`echo "$arex_mount_point" | sed 's/^\([^:]*\):\/\/.*/\1/;t;s/.*//'`
arex_host=`echo "$arex_mount_point" | sed 's/^[^:]*:\/\/\([^:\/]*\).*/\1/;t;s/.*//'`
arex_port=`echo "$arex_mount_point" | sed 's/^[^:]*:\/\/[^:]*:\([^\/]*\)\(.*\)/\1/;t;s/.*//'`
arex_path=`echo "$arex_mount_point" | sed 's/^[^:]*:\/\/[^\/]*\/\(.*\)/\1/;t;s/.*//'`
if [ "$arex_proto" = "https" ] ; then
if [ -z "$arex_port" ] ; then
arex_port="443"
fi
elif [ "$arex_proto" = "http" ] ; then
if [ -z "$arex_port" ] ; then
arex_port="80"
fi
else
log_failure_msg "Unsupported protocol '$arex_proto' for WS interface URL"
exit 1
fi
arex_endpoint="<arex:endpoint>$arex_mount_point</arex:endpoint>"
arex_path="/$arex_path"
mkdir_for_user `dirname "$WSLOGFILE"` "$USERNAME" "$GROUPNAME"
mkfile_for_user "$WSLOGFILE" "$USERNAME" "$GROUPNAME"
fi
if [ "$arex_present" = 'true' ] ; then
if [ "$ws_present" != 'true' ] ; then
log_failure_msg "WS interface must be turned on to use A-REX/EMIES WS service"
exit 1
else
if [ "$mapping_present" != 'true' ] ; then
log_failure_msg "For A-REX/EMIES WS interface to work mapping must be enabled"
exit 1
fi
fi
arex_service_plexer="<next id=\"a-rex\">^$arex_path</next>"
fi
argus_shc=""
argus_plugin=""
arguspep_endpoint=`readconfigvar "$ARC_RUNTIME_CONFIG" arguspep_endpoint arex/ws/argus`
if [ ! -z "$arguspep_endpoint" ]; then
argus_plugin="${argus_plugin}<Plugins><Name>arguspepclient</Name></Plugins>"
if [ ! -f "$ARC_LOCATION/lib/arc/libarguspepclient.so" ] && [ ! -f "$ARC_LOCATION/lib64/arc/libarguspepclient.so" ]; then
log_failure_msg "Plugin arguspepclient(libarguspepclient.so) not found. You may need to install corresponding package"
exit 1
fi
arguspep_profile=`readconfigvar "$ARC_RUNTIME_CONFIG" arguspep_profile arex/ws/argus`
if [ -z "$arguspep_profile" ]; then arguspep_profile="emi"; fi
arguspep_usermap=`readconfigvar "$ARC_RUNTIME_CONFIG" arguspep_usermap arex/ws/argus`
if [ -z "$arguspep_usermap" ]; then arguspep_usermap="false"; fi
if [ "$arguspep_usermap" = "yes" ]; then arguspep_usermap="true"; fi
if [ "$arguspep_usermap" = "no" ]; then arguspep_usermap="false"; fi
if [ "$mapping_present" != 'true' ]; then
if [ "$arguspep_usermap" = 'true' ]; then
log_failure_msg "Can't map user identity through Argus PEP because mapping is disabled for the service."
exit 1
fi
fi
argus_shc="${argus_shc}
<!-- Perform client authorization and mapping according to Argus through PEP service -->
<SecHandler name=\"arguspepclient.map\" id=\"arguspep\" event=\"incoming\">
<PEPD>$arguspep_endpoint</PEPD>
<Conversion>$arguspep_profile</Conversion>
<KeyPath>$X509_USER_KEY</KeyPath>
<CertificatePath>$X509_USER_CERT</CertificatePath>
<CACertificatesDir>$X509_CERT_DIR</CACertificatesDir>
<AcceptMapping>$arguspep_usermap</AcceptMapping>
</SecHandler>"
fi
arguspdp_endpoint=`readconfigvar "$ARC_RUNTIME_CONFIG" arguspdp_endpoint arex/ws/argus`
if [ ! -z "$arguspdp_endpoint" ]; then
argus_plugin="${argus_plugin}<Plugins><Name>arguspdpclient</Name></Plugins>"
if [ ! -f "$ARC_LOCATION/lib/arc/libarguspdpclient.so" ] && [ ! -f "$ARC_LOCATION/lib64/arc/libarguspdpclient.so" ]; then
log_failure_msg "Plugin arguspdpclient(libarguspdpclient.so) not found. You may need to install corresponding package"
exit 1
fi
arguspdp_profile=`readconfigvar "$ARC_RUNTIME_CONFIG" arguspdp_profile arex/ws/argus`
if [ -z "$arguspdp_profile" ]; then arguspdp_profile="emi"; fi
arguspdp_usermap=`readconfigvar "$ARC_RUNTIME_CONFIG" arguspdp_usermap arex/ws/argus`
if [ -z "$arguspdp_usermap" ]; then arguspdp_usermap="false"; fi
if [ "$arguspdp_usermap" = "yes" ]; then arguspdp_usermap="true"; fi
if [ "$arguspdp_usermap" = "no" ]; then arguspdp_usermap="false"; fi
if [ "$mapping_present" != 'true' ]; then
if [ "$arguspdp_usermap" = 'true' ]; then
log_failure_msg "Can't map user identity through Argus PDP because mapping is disabled for the service."
exit 1
fi
fi
arguspdp_acceptnotapplicable=`readconfigvar "$ARC_RUNTIME_CONFIG" arguspdp_acceptnotapplicable arex/ws/argus`
if [ -z "$arguspdp_acceptnotapplicable" ]; then arguspdp_acceptnotapplicable="false"; fi
if [ "$arguspdp_acceptnotapplicable" = "yes" ]; then arguspdp_acceptnotapplicable="true"; fi
if [ "$arguspdp_acceptnotapplicable" = "no" ]; then arguspdp_acceptnotapplicable="false"; fi
argus_shc="${argus_shc}
<!-- Perform echoclient authorization and mapping according to Argus through PDP service -->
<SecHandler name=\"arguspdpclient.map\" id=\"arguspdp\" event=\"incoming\">
<PDPD>$arguspdp_endpoint</PDPD>
<Conversion>$arguspdp_profile</Conversion>
<KeyPath>$X509_USER_KEY</KeyPath>
<CertificatePath>$X509_USER_CERT</CertificatePath>
<CACertificatesDir>$X509_CERT_DIR</CACertificatesDir>
<AcceptMapping>$arguspdp_usermap</AcceptMapping>
<AcceptNotApplicable>$arguspdp_acceptnotapplicable</AcceptNotApplicable>
</SecHandler>"
fi
# candypond
candypond_plexer=""
candypond=""
use_candypond=`testconfigblock "$ARC_RUNTIME_CONFIG" arex/ws/candypond`
if [ "$use_candypond" = "true" ]; then
if [ "$ws_present" != 'true' ] ; then
log_failure_msg "WS interface must be turned on to use candypond"
exit 1
fi
candypond_plexer="<next id=\"candypond\">^$arex_path/candypond</next>"
candypond_shc="
<!-- Beware of hardcoded block name -->
<SecHandler name=\"arc.authz\" event=\"incoming\">
<PDP name=\"arclegacy.pdp\">
<ConfigBlock>
<ConfigFile>$ARC_RUNTIME_CONFIG</ConfigFile>
<BlockName>arex/ws/candypond</BlockName>
</ConfigBlock>
</PDP>
</SecHandler>
"
if [ "$mapping_present" = 'true' ]; then
candypond_shc="$candypond_shc
<!-- Perform client mapping -->
<SecHandler name=\"arclegacy.map\" event=\"incoming\">
<ConfigBlock>
<ConfigFile>$ARC_RUNTIME_CONFIG</ConfigFile>
<BlockName>$USERMAP_BLOCK</BlockName>
</ConfigBlock>
</SecHandler>
<candypond:service>
<candypond:config>$ARC_RUNTIME_CONFIG</candypond:config>
<candypond:witharex>true</candypond:witharex>
</candypond:service>
"
fi
candypond="
<Service name=\"candypond\" id=\"candypond\">
$candypond_shc
</Service>"
fi