fix: sets the security env variables as first

DIRACGrid · Nov 1, 2023 · 5a4cba1 · 5a4cba1
1 parent 88c63e0
commit 5a4cba1
Show file tree

Hide file tree

Showing 4 changed files with 62 additions and 62 deletions.
diff --git a/Pilot/pilotCommands.py b/Pilot/pilotCommands.py
@@ -206,6 +206,7 @@ def execute(self):
             )
             self.exitWithError(1)
 
+
 class InstallDIRAC(CommandBase):
     """ Source from CVMFS, or install locally
     """
@@ -525,7 +526,7 @@ class ConfigureBasics(CommandBase):
 
     It calls dirac-configure to:
 
-        * download, by default, the CAs
+        * (maybe) download the CAs
         * creates a standard or custom (defined by self.pp.localConfigFile) cfg file
           (by default 'pilot.cfg') to be used where all the pilot configuration is to be set, e.g.:
         * adds to it basic info like the version
@@ -604,37 +605,6 @@ def _getBasicsCFG(self):
         if self.pp.wnVO:
             self.cfg.append('-o "/Resources/Computing/CEDefaults/VirtualOrganization=%s"' % self.pp.wnVO)
 
-    def __checkSecurityDir(self, envName, dirName):
-
-        if envName in os.environ and safe_listdir(os.environ[envName]):
-            self.log.debug(
-                "%s is set in the host environment as %s, aligning installEnv to it"
-                % (envName, os.environ[envName])
-            )               
-            self.pp.installEnv[envName] = os.environ[envName]
-        else:
-            self.log.debug("%s is not set in the host environment" % envName)
-            # try and find it
-            for candidate in self.pp.CVMFS_locations:
-                candidateDir = os.path.join(candidate,
-                                            'etc/grid-security',
-                                            dirName)
-                self.log.debug(
-                    "Candidate directory for %s is %s"
-                    % (envName, candidateDir)
-                )
-                if safe_listdir(candidateDir):
-
-                    self.log.debug("Setting %s=%s" % (envName, candidateDir))
-                    self.pp.installEnv[envName] = candidateDir
-                    os.environ[envName] = candidateDir
-                    break
-                self.log.debug("%s not found or not a directory" % candidateDir)
-
-        if envName not in self.pp.installEnv:
-            self.log.error("Could not find/set %s" % envName)
-            sys.exit(1)
-
     def _getSecurityCFG(self):
         """ Sets security-related env variables, if needed
         """
@@ -644,17 +614,8 @@ def _getSecurityCFG(self):
             self.cfg.append("-o /DIRAC/Security/CertFile=%s/hostcert.pem" % self.pp.certsLocation)
             self.cfg.append("-o /DIRAC/Security/KeyFile=%s/hostkey.pem" % self.pp.certsLocation)
 
-        # If DIRAC (or its extension) is installed in CVMFS:
+        # If DIRAC (or its extension) is installed in CVMFS do not download VOMS and CAs
         if self.pp.preinstalledEnv:
-
-            self.__checkSecurityDir("X509_CERT_DIR", "certificates")
-            self.__checkSecurityDir("X509_VOMS_DIR", "vomsdir")
-            self.__checkSecurityDir("X509_VOMSES", "vomses")
-            # This is needed for the integration tests
-            self.pp.installEnv["DIRAC_VOMSES"] = self.pp.installEnv["X509_VOMSES"]
-            os.environ["DIRAC_VOMSES"] = os.environ["X509_VOMSES"]
-
-            # In any case do not download VOMS and CAs
             self.cfg.append("-DMH")
 
 

diff --git a/Pilot/pilotTools.py b/Pilot/pilotTools.py
@@ -8,7 +8,6 @@
 import imp
 import json
 import os
-import pickle
 import re
 import select
 import signal
@@ -17,7 +16,6 @@
 import sys
 import threading
 from datetime import datetime
-from distutils.version import LooseVersion
 from functools import partial, wraps
 from threading import RLock
 
@@ -89,15 +87,6 @@ def parseVersion(releaseVersion, useLegacyStyle):
     return version
 
 
-def printVersion(log):
-    log.info("Running %s" % " ".join(sys.argv))
-    try:
-        with open("%s.run" % sys.argv[0], "w") as fd:
-            pickle.dump(sys.argv[1:], fd)
-    except OSError:
-        pass
-
-
 def pythonPathCheck():
     try:
         os.umask(18)  # 022
@@ -632,7 +621,13 @@ def sendMessage(url, pilotUUID, method, rawMessage):
 
     context = ssl.create_default_context()
     context.load_verify_locations(capath=caPath)
-    context.load_cert_chain(cert)
+    try:
+        context.load_cert_chain(cert)
+    except IsADirectoryError:
+        context.load_cert_chain(
+            os.path.join(cert, "hostcert.pem"),
+            os.path.join(cert, "hostkey.pem")
+        )
     res = urlopen(url, data, context=context)
     res.close()
 
@@ -939,6 +934,50 @@ def __init__(self):
         # Command line can override options from JSON
         self.__initCommandLine2()
 
+        # If DIRAC (or its extension) is installed in CVMFS:
+        if self.preinstalledEnv or self.preinstalledEnvPrefix:
+            self.__checkSecurityDir("X509_CERT_DIR", "certificates")
+            self.__checkSecurityDir("X509_VOMS_DIR", "vomsdir")
+            self.__checkSecurityDir("X509_VOMSES", "vomses")
+            # This is needed for the integration tests
+            self.installEnv["DIRAC_VOMSES"] = self.installEnv["X509_VOMSES"]
+            os.environ["DIRAC_VOMSES"] = os.environ["X509_VOMSES"]
+
+        if self.useServerCertificate:
+            self.installEnv["X509_USER_PROXY"] = self.certsLocation
+            os.environ["X509_USER_PROXY"] = self.certsLocation
+
+    def __checkSecurityDir(self, envName, dirName):
+
+        if envName in os.environ and safe_listdir(os.environ[envName]):
+            self.log.debug(
+                "%s is set in the host environment as %s, aligning installEnv to it"
+                % (envName, os.environ[envName])
+            )               
+            self.installEnv[envName] = os.environ[envName]
+        else:
+            self.log.debug("%s is not set in the host environment" % envName)
+            # try and find it
+            for candidate in self.CVMFS_locations:
+                candidateDir = os.path.join(candidate,
+                                            'etc/grid-security',
+                                            dirName)
+                self.log.debug(
+                    "Candidate directory for %s is %s"
+                    % (envName, candidateDir)
+                )
+                if safe_listdir(candidateDir):
+                    self.log.debug("Setting %s=%s" % (envName, candidateDir))
+                    self.installEnv[envName] = candidateDir
+                    os.environ[envName] = candidateDir
+                    break
+                self.log.debug("%s not found or not a directory" % candidateDir)
+
+        if envName not in self.installEnv:
+            self.log.error("Could not find/set %s" % envName)
+            sys.exit(1)
+
+
     def __initCommandLine1(self):
         """Parses and interpret options on the command line: first pass (essential things)"""
 
@@ -1184,7 +1223,7 @@ def __getVO(self):
             except IOError as err:
                 self.log.error("Could not read a proxy, setting vo to 'unknown': ", os.strerror(err.errno))
         else:
-            self.log.error("Could not locate a proxy via X509_USER_PROXY, setting vo to 'unknown' ")
+            self.log.error("Could not locate a proxy via X509_USER_PROXY")
 
         # is there a token, and can we get a VO from the token?
         # TBD

diff --git a/Pilot/tests/Test_simplePilotLogger.py b/Pilot/tests/Test_simplePilotLogger.py
@@ -95,7 +95,7 @@ def test_pilotOptions(self, argvmock, mockPaths):
         pp.gridCEType = "TEST"
 
         res = pp.getPilotOptionsDict()
-        logURL = "https://lbvobox70.cern.ch:8443/WorkloadManagement/TornadoPilotLogging"
+        logURL = "https://lbcertifdirac70.cern.ch:8443/WorkloadManagement/TornadoPilotLogging"
         self.assertEqual(res.get("RemoteLoggerURL"), logURL)
         self.assertEqual(pp.loggerURL, logURL)
         self.assertEqual(res.get("RemoteLogging"), "False")

diff --git a/tests/CI/pilot_newSchema.json b/tests/CI/pilot_newSchema.json
@@ -101,13 +101,13 @@
 			"Version": "VAR_DIRAC_VERSION",
 			"Extensions": "None",
 			"CheckVersion": "False",
-			"pilotFileServer": "lbvobox70.cern.ch:8443",
+			"pilotFileServer": "lbcertifdirac70.cern.ch:8443",
 			"pilotRepoBranch": "does_not_matter",
 			"pilotRepo": "https://github.com/does_not_matter/Pilot.git",
 			"GenericPilotGroup": "gridpp_pilot",
 			"GenericPilotDN": "VAR_USERDN_GRIDPP",
 			"RemoteLogging": "False",
-			"RemoteLoggerURL": "https://lbvobox70.cern.ch:8443/WorkloadManagement/TornadoPilotLogging",
+			"RemoteLoggerURL": "https://lbcertifdirac70.cern.ch:8443/WorkloadManagement/TornadoPilotLogging",
 			"UploadSE": "UKI-LT2-IC-HEP-disk",
 			"UploadPath": "/gridpp/pilotlogs/",
 			"LoggingShifterName": "GridPPLogManager",
@@ -118,25 +118,25 @@
 		"Pilot": {
 			"Version": "VAR_DIRAC_VERSION",
 			"CheckVersion": "True",
-			"pilotFileServer": "lbvobox70.cern.ch:8443",
+			"pilotFileServer": "lbcertifdirac70.cern.ch:8443",
 			"pilotRepoBranch": "should_not_matter",
 			"pilotRepo": "https://github.com/should_not_matter/Pilot.git",
 			"GenericPilotGroup": "dteam_pilot",
 			"GenericPilotDN": "VAR_USERDN",
 			"RemoteLogging": "True",
-			"RemoteLoggerURL": "https://lbvobox70.cern.ch:8443/WorkloadManagement/TornadoPilotLogging",
+			"RemoteLoggerURL": "https://lbcertifdirac70.cern.ch:8443/WorkloadManagement/TornadoPilotLogging",
 			"PilotLogLevel": "DEBUG"
 		}
 	},
 	"LHCb": {
 		"Pilot": {
 			"Version": "VAR_DIRAC_VERSION",
 			"CheckVersion": "True",
-			"pilotFileServer": "lbvobox70.cern.ch:8443",
+			"pilotFileServer": "lbcertifdirac70.cern.ch:8443",
 			"GenericPilotGroup": "dteam_pilot",
 			"GenericPilotDN": "VAR_USERDN",
 			"RemoteLogging": "False",
-			"RemoteLoggerURL": "https://lbvobox70.cern.ch:8443/WorkloadManagement/TornadoPilotLogging",
+			"RemoteLoggerURL": "https://lbcertifdirac70.cern.ch:8443/WorkloadManagement/TornadoPilotLogging",
 			"PilotLogLevel": "DEBUG"
 		}
 	},