library/roles/smartgears/smartgears/templates/get-scopes.j2: Heavily refactor to manage all the scenarios correctly. See https://support.d4science.org/issues/11169
This commit is contained in:
parent
b7c3a03709
commit
36852c7e98
|
@ -43,6 +43,7 @@ smartgears_production_vo:
|
||||||
|
|
||||||
# Set to 'true' or 'false'. Pay attention to the case
|
# Set to 'true' or 'false'. Pay attention to the case
|
||||||
smartgears_authorized_on_all_scopes: 'false'
|
smartgears_authorized_on_all_scopes: 'false'
|
||||||
|
smartgears_merge_scopes: True
|
||||||
smartgears_scopes:
|
smartgears_scopes:
|
||||||
- '/{{ smartgears_infrastructure_name }}'
|
- '/{{ smartgears_infrastructure_name }}'
|
||||||
smartgears_hostname: '{{ ansible_fqdn }}'
|
smartgears_hostname: '{{ ansible_fqdn }}'
|
||||||
|
|
|
@ -1,4 +1,15 @@
|
||||||
#!/bin/bash
|
#!/bin/bash
|
||||||
|
#
|
||||||
|
# get-scopes: get smartgears scopes using an authorization token or getting them from the current smartgears state. Or both.
|
||||||
|
#
|
||||||
|
# Set the ansible 'smartgears_merge_scopes' variable to 'False' in the playbook run if you do not want to merge the scopes
|
||||||
|
#
|
||||||
|
#######################
|
||||||
|
#
|
||||||
|
# * token + SMARTGEARS_MERGE_SCOPES boolean set to true (default): we merge the scopes
|
||||||
|
# - if it is a first install there is no state to merge. Do not fail, only get the playbook scopes
|
||||||
|
# * token + SMARTGEARS_MERGE_SCOPES boolean set to false: we only use the playbook scopes
|
||||||
|
# * no token, SMARTGEARS_MERGE_SCOPES boolean set to false: we do nothing
|
||||||
|
|
||||||
CONTAINER_XML_HEAD={{ smartgears_user_home }}/.containerxml/1-container.xml
|
CONTAINER_XML_HEAD={{ smartgears_user_home }}/.containerxml/1-container.xml
|
||||||
SCOPES_FILE={{ smartgears_user_home }}/.containerxml/2-container.xml
|
SCOPES_FILE={{ smartgears_user_home }}/.containerxml/2-container.xml
|
||||||
|
@ -7,50 +18,11 @@ LOCAL_LIB=/usr/local/lib
|
||||||
LOCAL_ETC=/usr/local/etc
|
LOCAL_ETC=/usr/local/etc
|
||||||
LOG_PREFIX="get-scopes: "
|
LOG_PREFIX="get-scopes: "
|
||||||
GHN_ENV_FILE=/etc/default/tomcat-instance-{{ item.http_port }}.local
|
GHN_ENV_FILE=/etc/default/tomcat-instance-{{ item.http_port }}.local
|
||||||
SMARTGEARS_VO_AUTH={{ smartgears_authorized_on_all_scopes }}
|
|
||||||
SMARTGEARS_SAVED_STATE_F=saved_scopes_list.xml
|
SMARTGEARS_SAVED_STATE_F=saved_scopes_list.xml
|
||||||
SMARTGEARS_SAVED_STATE_PATH={{ smartgears_user_home }}/SmartGears/$SMARTGEARS_SAVED_STATE_F
|
SMARTGEARS_SAVED_STATE_PATH={{ smartgears_user_home }}/SmartGears/$SMARTGEARS_SAVED_STATE_F
|
||||||
SMARTGEARS_SCRIPTS_DIR={{ smartgears_user_home }}/SmartGears/scripts
|
SMARTGEARS_SCRIPTS_DIR={{ smartgears_user_home }}/SmartGears/scripts
|
||||||
SMARTGEARS_RUNNING_STATE_FILE={{ smartgears_install_path }}/state/ghn.xml
|
SMARTGEARS_RUNNING_STATE_FILE={{ smartgears_install_path }}/state/ghn.xml
|
||||||
|
|
||||||
CONTAINER_XML_FILE={{ smartgears_install_path }}/container.xml
|
|
||||||
|
|
||||||
# 0: True, 1: False
|
|
||||||
USE_SAVED_STATE=1
|
|
||||||
TOKEN=
|
|
||||||
RETVAL=
|
|
||||||
|
|
||||||
if [ $# -eq 0 ] ; then
|
|
||||||
if [ -f $SMARTGEARS_RUNNING_STATE_FILE ] ; then
|
|
||||||
if [ "$SMARTGEARS_VO_AUTH" == 'true' ] ; then
|
|
||||||
# - The node must run on all VOs
|
|
||||||
logger "$LOG_PREFIX When the node must run on all the VOs a valid token is mandatory, aborting without doing anything"
|
|
||||||
exit 0
|
|
||||||
fi
|
|
||||||
USE_SAVED_STATE=0
|
|
||||||
echo "No token, assuming that we can use the local state"
|
|
||||||
logger "$LOG_PREFIX No token, assuming that we can use the local state"
|
|
||||||
else
|
|
||||||
# - First installation, no upgrade.
|
|
||||||
logger "$LOG_PREFIX No token was passed and not working state available, aborting"
|
|
||||||
exit 1
|
|
||||||
fi
|
|
||||||
elif [ $# -eq 1 ] ; then
|
|
||||||
logger "$LOG_PREFIX We have an authorization token"
|
|
||||||
TOKEN=$1
|
|
||||||
else
|
|
||||||
logger "$LOG_PREFIX More than one parameter was passed, aborting"
|
|
||||||
exit 1
|
|
||||||
fi
|
|
||||||
|
|
||||||
SCOPES_LIST=""
|
|
||||||
if [ -f $LOCAL_ETC/scopes.list ] ; then
|
|
||||||
. $LOCAL_ETC/scopes.list
|
|
||||||
else
|
|
||||||
logger "$LOG_PREFIX There is no token list, aborting"
|
|
||||||
exit 1
|
|
||||||
fi
|
|
||||||
|
|
||||||
{%if setup_nginx %}
|
{%if setup_nginx %}
|
||||||
HTTP_PORT={{ http_port }}
|
HTTP_PORT={{ http_port }}
|
||||||
{% else %}
|
{% else %}
|
||||||
|
@ -61,7 +33,79 @@ HTTP_PORT={{ item.http_port }}
|
||||||
{% endif %}
|
{% endif %}
|
||||||
{% endif %}
|
{% endif %}
|
||||||
|
|
||||||
function get_scopes_from_auth() {
|
# True (defaul): merge the scopes. False: do not merge
|
||||||
|
SMARTGEARS_MERGE_SCOPES="{{ smartgears_merge_scopes }}"
|
||||||
|
# If true, all the VRE associated to the listed VOs are authorized
|
||||||
|
SMARTGEARS_VO_AUTH={{ smartgears_authorized_on_all_scopes }}
|
||||||
|
|
||||||
|
CONTAINER_XML_FILE={{ smartgears_install_path }}/container.xml
|
||||||
|
|
||||||
|
TOKEN=
|
||||||
|
RETVAL=
|
||||||
|
USE_SAVED_STATE=
|
||||||
|
CREATE_CONTAINER_XML_RES=0
|
||||||
|
|
||||||
|
#######################
|
||||||
|
|
||||||
|
check_merge_scopes_behaviour() {
|
||||||
|
# 0: True, 1: False
|
||||||
|
USE_SAVED_STATE=0
|
||||||
|
if [ $SMARTGEARS_MERGE_SCOPES == 'True' ] ; then
|
||||||
|
USE_SAVED_STATE=0
|
||||||
|
logger "$LOG_PREFIX smartgears_merge_scopes set to True by the caller."
|
||||||
|
elif [ $SMARTGEARS_MERGE_SCOPES == 'False' ] ; then
|
||||||
|
USE_SAVED_STATE=1
|
||||||
|
logger "$LOG_PREFIX smartgears_merge_scopes set to False by the caller."
|
||||||
|
else
|
||||||
|
logger "$LOG_PREFIX smartgears_merge_scopes set to a not correct value. Assuming True"
|
||||||
|
fi
|
||||||
|
}
|
||||||
|
|
||||||
|
check_token_presence() {
|
||||||
|
if [ $# -ge 1 ] ; then
|
||||||
|
# Ignore anything other than the first parameter
|
||||||
|
logger "$LOG_PREFIX We have an authorization token"
|
||||||
|
TOKEN=$1
|
||||||
|
fi
|
||||||
|
}
|
||||||
|
|
||||||
|
check_smartgears_state_presence() {
|
||||||
|
if [ ! -f $SMARTGEARS_RUNNING_STATE_FILE ] ; then
|
||||||
|
USE_SAVED_STATE=1
|
||||||
|
logger "$LOG_PREFIX No state file, it was removed or it is a first installation. We need a token to proceed successfully from now on."
|
||||||
|
fi
|
||||||
|
}
|
||||||
|
|
||||||
|
decide_how_to_proceed() {
|
||||||
|
if [ -z $TOKEN ] ; then
|
||||||
|
if [ ! -f $SMARTGEARS_RUNNING_STATE_FILE ] ; then
|
||||||
|
logger "$LOG_PREFIX No token no local state. Maybe a first installation. Aborting."
|
||||||
|
exit 1
|
||||||
|
elif [ USE_SAVED_STATE -eq 1 ] ; then
|
||||||
|
logger "$LOG_PREFIX No token and we do not want to merge the local state. Doing nothing."
|
||||||
|
exit 0
|
||||||
|
fi
|
||||||
|
fi
|
||||||
|
}
|
||||||
|
|
||||||
|
load_the_scopes_list_from_file() {
|
||||||
|
if [ ! -z $TOKEN ] ; then
|
||||||
|
SCOPES_LIST=""
|
||||||
|
if [ -f $LOCAL_ETC/scopes.list ] ; then
|
||||||
|
. $LOCAL_ETC/scopes.list
|
||||||
|
else
|
||||||
|
logger "$LOG_PREFIX There is no scopes list file, this should never happen. Aborting."
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
else
|
||||||
|
# If no token was provided, we cannot use the file with the list of provided scopes
|
||||||
|
logger "$LOG_PREFIX load_the_scopes_list_from_file. No token was provided, not loading the scopes list file"
|
||||||
|
fi
|
||||||
|
}
|
||||||
|
|
||||||
|
get_scopes_from_auth() {
|
||||||
|
# We have a token and a list of scopes names. Get the scope tokens for them.
|
||||||
|
logger "$LOG_PREFIX get_scopes_from_auth. We have a token and a list of scopes names. Get the scope tokens for them."
|
||||||
for jar in $( ls -1 /home/gcube/tomcat/lib/ ) ; do
|
for jar in $( ls -1 /home/gcube/tomcat/lib/ ) ; do
|
||||||
export CLASSPATH="/home/gcube/SmartGears/lib/${jar}:$CLASSPATH"
|
export CLASSPATH="/home/gcube/SmartGears/lib/${jar}:$CLASSPATH"
|
||||||
done
|
done
|
||||||
|
@ -73,43 +117,70 @@ function get_scopes_from_auth() {
|
||||||
{% endif %}
|
{% endif %}
|
||||||
RETVAL=$?
|
RETVAL=$?
|
||||||
if [ $RETVAL -eq 0 ] ; then
|
if [ $RETVAL -eq 0 ] ; then
|
||||||
logger "$LOG_PREFIX We got the scope tokens"
|
logger "$LOG_PREFIX get_scopes_from_auth. We got the scope tokens."
|
||||||
else
|
else
|
||||||
logger "$LOG_PREFIX Unable to obtain the scope tokens, aborting"
|
logger "$LOG_PREFIX get_scopes_from_auth. Unable to obtain the scope tokens, aborting."
|
||||||
exit 1
|
exit 1
|
||||||
fi
|
fi
|
||||||
}
|
}
|
||||||
|
|
||||||
if [ $USE_SAVED_STATE -ne 0 ] ; then
|
get_scopes_from_local_state() {
|
||||||
logger "$LOG_PREFIX First installation or moving avay to a configuration that needs to be present on all the VREs. Using our scopes list and not the state memorized one"
|
if [ ! -f $SMARTGEARS_RUNNING_STATE_FILE ] ; then
|
||||||
get_scopes_from_auth
|
USE_SAVED_STATE=1
|
||||||
else
|
logger "$LOG_PREFIX No state file, it was removed or it is a first installation. Skip the request for the local state, do not merge the local state."
|
||||||
logger "$LOG_PREFIX We are going to use the scopes memorized into the state"
|
return 0
|
||||||
SCOPES_FILE=$SMARTGEARS_SAVED_STATE_PATH
|
fi
|
||||||
fi
|
# Get the scopes from the local state
|
||||||
|
cd $SMARTGEARS_SCRIPTS_DIR
|
||||||
|
. $GHN_ENV_FILE
|
||||||
|
./clean-container-state -s $SMARTGEARS_SAVED_STATE_F
|
||||||
|
RETVAL=$?
|
||||||
|
if [ $RETVAL -ne 0 ] ; then
|
||||||
|
# We were not able to get the running state from the IS. Try to get new scope tokens
|
||||||
|
logger "$LOG_PREFIX We were not able to get the running state from the IS."
|
||||||
|
fi
|
||||||
|
}
|
||||||
|
|
||||||
# We always remove the current state
|
get_scopes() {
|
||||||
cd $SMARTGEARS_SCRIPTS_DIR
|
if [ ! -z $TOKEN ] ; then
|
||||||
. $GHN_ENV_FILE
|
# We have a token, let's use it
|
||||||
./clean-container-state -s $SMARTGEARS_SAVED_STATE_F
|
load_the_scopes_list_from_file
|
||||||
RETVAL=$?
|
get_scopes_from_auth
|
||||||
if [ $RETVAL -ne 0 ] ; then
|
fi
|
||||||
# We were not able to get the running state from the IS. Try to get new scope tokens
|
# We try to get the scopes from the local state unconditionally, so that we always cleanup the state.
|
||||||
logger "$LOG_PREFIX We were not able to get the running state from the IS. Try to get new scope tokens from the authorization service"
|
get_scopes_from_local_state
|
||||||
SCOPES_FILE={{ smartgears_user_home }}/.containerxml/2-container.xml
|
}
|
||||||
get_scopes_from_auth
|
|
||||||
fi
|
|
||||||
|
|
||||||
# Now that we have the tokens, we can assemble the container.xml file
|
assemble_the_container_xml_file() {
|
||||||
chmod 640 $CONTAINER_XML_FILE
|
# Now that we have the tokens, we can assemble the container.xml file
|
||||||
CREATE_CONTAINER_XML_RES=0
|
chmod 640 $CONTAINER_XML_FILE
|
||||||
CREATE_CONTAINER_XML=$( cat $CONTAINER_XML_HEAD $SCOPES_FILE $CONTAINER_XML_TAIL > $CONTAINER_XML_FILE )
|
if [ ! -z $TOKEN ] && [ $USE_SAVED_STATE -eq 0 ] ; then
|
||||||
CREATE_CONTAINER_XML_RES=$?
|
CREATE_CONTAINER_XML=$( cat $CONTAINER_XML_HEAD $SCOPES_FILE $SMARTGEARS_SAVED_STATE_PATH $CONTAINER_XML_TAIL > $CONTAINER_XML_FILE )
|
||||||
if [ $CREATE_CONTAINER_XML_RES -ne 0 ] ; then
|
CREATE_CONTAINER_XML_RES=$?
|
||||||
logger "$LOG_PREFIX $CONTAINER_XML_FILE cannot be updated. Error is $CREATE_CONTAINER_XML"
|
elif [ ! -z $TOKEN ] && [ $USE_SAVED_STATE -eq 1 ] ; then
|
||||||
exit $CREATE_CONTAINER_XML_RES
|
CREATE_CONTAINER_XML=$( cat $CONTAINER_XML_HEAD $SCOPES_FILE $CONTAINER_XML_TAIL > $CONTAINER_XML_FILE )
|
||||||
fi
|
CREATE_CONTAINER_XML_RES=$?
|
||||||
chmod 440 $CONTAINER_XML_FILE
|
elif [ -z $TOKEN ] && [ $USE_SAVED_STATE -eq 0 ] ; then
|
||||||
logger "$LOG_PREFIX $CONTAINER_XML_FILE updated"
|
CREATE_CONTAINER_XML=$( cat $CONTAINER_XML_HEAD $SMARTGEARS_SAVED_STATE_PATH $CONTAINER_XML_TAIL > $CONTAINER_XML_FILE )
|
||||||
|
CREATE_CONTAINER_XML_RES=$?
|
||||||
|
fi
|
||||||
|
if [ $CREATE_CONTAINER_XML_RES -ne 0 ] ; then
|
||||||
|
logger "$LOG_PREFIX $CONTAINER_XML_FILE cannot be updated. Error is $CREATE_CONTAINER_XML"
|
||||||
|
exit $CREATE_CONTAINER_XML_RES
|
||||||
|
fi
|
||||||
|
chmod 440 $CONTAINER_XML_FILE
|
||||||
|
logger "$LOG_PREFIX $CONTAINER_XML_FILE updated"
|
||||||
|
}
|
||||||
|
|
||||||
|
############
|
||||||
|
#
|
||||||
|
# Main
|
||||||
|
#
|
||||||
|
check_merge_scopes_behaviour
|
||||||
|
check_token_presence
|
||||||
|
check_smartgears_state_presence
|
||||||
|
decide_how_to_proceed
|
||||||
|
get_scopes
|
||||||
|
assemble_the_container_xml_file
|
||||||
|
|
||||||
exit 0
|
exit 0
|
||||||
|
|
Loading…
Reference in New Issue