library/roles/smartgears/smartgears/templates/get-scopes.j2: Heavily refactor to manage all the scenarios correctly. See https://support.d4science.org/issues/11169

This commit is contained in:
Andrea Dell'Amico 2018-03-15 19:12:37 +01:00
parent b7c3a03709
commit 36852c7e98
2 changed files with 143 additions and 71 deletions

View File

@ -43,6 +43,7 @@ smartgears_production_vo:
# Set to 'true' or 'false'. Pay attention to the case # Set to 'true' or 'false'. Pay attention to the case
smartgears_authorized_on_all_scopes: 'false' smartgears_authorized_on_all_scopes: 'false'
smartgears_merge_scopes: True
smartgears_scopes: smartgears_scopes:
- '/{{ smartgears_infrastructure_name }}' - '/{{ smartgears_infrastructure_name }}'
smartgears_hostname: '{{ ansible_fqdn }}' smartgears_hostname: '{{ ansible_fqdn }}'

View File

@ -1,4 +1,15 @@
#!/bin/bash #!/bin/bash
#
# get-scopes: get smartgears scopes using an authorization token or getting them from the current smartgears state. Or both.
#
# Set the ansible 'smartgears_merge_scopes' variable to 'False' in the playbook run if you do not want to merge the scopes
#
#######################
#
# * token + SMARTGEARS_MERGE_SCOPES boolean set to true (default): we merge the scopes
# - if it is a first install there is no state to merge. Do not fail, only get the playbook scopes
# * token + SMARTGEARS_MERGE_SCOPES boolean set to false: we only use the playbook scopes
# * no token, SMARTGEARS_MERGE_SCOPES boolean set to false: we do nothing
CONTAINER_XML_HEAD={{ smartgears_user_home }}/.containerxml/1-container.xml CONTAINER_XML_HEAD={{ smartgears_user_home }}/.containerxml/1-container.xml
SCOPES_FILE={{ smartgears_user_home }}/.containerxml/2-container.xml SCOPES_FILE={{ smartgears_user_home }}/.containerxml/2-container.xml
@ -7,50 +18,11 @@ LOCAL_LIB=/usr/local/lib
LOCAL_ETC=/usr/local/etc LOCAL_ETC=/usr/local/etc
LOG_PREFIX="get-scopes: " LOG_PREFIX="get-scopes: "
GHN_ENV_FILE=/etc/default/tomcat-instance-{{ item.http_port }}.local GHN_ENV_FILE=/etc/default/tomcat-instance-{{ item.http_port }}.local
SMARTGEARS_VO_AUTH={{ smartgears_authorized_on_all_scopes }}
SMARTGEARS_SAVED_STATE_F=saved_scopes_list.xml SMARTGEARS_SAVED_STATE_F=saved_scopes_list.xml
SMARTGEARS_SAVED_STATE_PATH={{ smartgears_user_home }}/SmartGears/$SMARTGEARS_SAVED_STATE_F SMARTGEARS_SAVED_STATE_PATH={{ smartgears_user_home }}/SmartGears/$SMARTGEARS_SAVED_STATE_F
SMARTGEARS_SCRIPTS_DIR={{ smartgears_user_home }}/SmartGears/scripts SMARTGEARS_SCRIPTS_DIR={{ smartgears_user_home }}/SmartGears/scripts
SMARTGEARS_RUNNING_STATE_FILE={{ smartgears_install_path }}/state/ghn.xml SMARTGEARS_RUNNING_STATE_FILE={{ smartgears_install_path }}/state/ghn.xml
CONTAINER_XML_FILE={{ smartgears_install_path }}/container.xml
# 0: True, 1: False
USE_SAVED_STATE=1
TOKEN=
RETVAL=
if [ $# -eq 0 ] ; then
if [ -f $SMARTGEARS_RUNNING_STATE_FILE ] ; then
if [ "$SMARTGEARS_VO_AUTH" == 'true' ] ; then
# - The node must run on all VOs
logger "$LOG_PREFIX When the node must run on all the VOs a valid token is mandatory, aborting without doing anything"
exit 0
fi
USE_SAVED_STATE=0
echo "No token, assuming that we can use the local state"
logger "$LOG_PREFIX No token, assuming that we can use the local state"
else
# - First installation, no upgrade.
logger "$LOG_PREFIX No token was passed and not working state available, aborting"
exit 1
fi
elif [ $# -eq 1 ] ; then
logger "$LOG_PREFIX We have an authorization token"
TOKEN=$1
else
logger "$LOG_PREFIX More than one parameter was passed, aborting"
exit 1
fi
SCOPES_LIST=""
if [ -f $LOCAL_ETC/scopes.list ] ; then
. $LOCAL_ETC/scopes.list
else
logger "$LOG_PREFIX There is no token list, aborting"
exit 1
fi
{%if setup_nginx %} {%if setup_nginx %}
HTTP_PORT={{ http_port }} HTTP_PORT={{ http_port }}
{% else %} {% else %}
@ -61,7 +33,79 @@ HTTP_PORT={{ item.http_port }}
{% endif %} {% endif %}
{% endif %} {% endif %}
function get_scopes_from_auth() { # True (defaul): merge the scopes. False: do not merge
SMARTGEARS_MERGE_SCOPES="{{ smartgears_merge_scopes }}"
# If true, all the VRE associated to the listed VOs are authorized
SMARTGEARS_VO_AUTH={{ smartgears_authorized_on_all_scopes }}
CONTAINER_XML_FILE={{ smartgears_install_path }}/container.xml
TOKEN=
RETVAL=
USE_SAVED_STATE=
CREATE_CONTAINER_XML_RES=0
#######################
check_merge_scopes_behaviour() {
# 0: True, 1: False
USE_SAVED_STATE=0
if [ $SMARTGEARS_MERGE_SCOPES == 'True' ] ; then
USE_SAVED_STATE=0
logger "$LOG_PREFIX smartgears_merge_scopes set to True by the caller."
elif [ $SMARTGEARS_MERGE_SCOPES == 'False' ] ; then
USE_SAVED_STATE=1
logger "$LOG_PREFIX smartgears_merge_scopes set to False by the caller."
else
logger "$LOG_PREFIX smartgears_merge_scopes set to a not correct value. Assuming True"
fi
}
check_token_presence() {
if [ $# -ge 1 ] ; then
# Ignore anything other than the first parameter
logger "$LOG_PREFIX We have an authorization token"
TOKEN=$1
fi
}
check_smartgears_state_presence() {
if [ ! -f $SMARTGEARS_RUNNING_STATE_FILE ] ; then
USE_SAVED_STATE=1
logger "$LOG_PREFIX No state file, it was removed or it is a first installation. We need a token to proceed successfully from now on."
fi
}
decide_how_to_proceed() {
if [ -z $TOKEN ] ; then
if [ ! -f $SMARTGEARS_RUNNING_STATE_FILE ] ; then
logger "$LOG_PREFIX No token no local state. Maybe a first installation. Aborting."
exit 1
elif [ USE_SAVED_STATE -eq 1 ] ; then
logger "$LOG_PREFIX No token and we do not want to merge the local state. Doing nothing."
exit 0
fi
fi
}
load_the_scopes_list_from_file() {
if [ ! -z $TOKEN ] ; then
SCOPES_LIST=""
if [ -f $LOCAL_ETC/scopes.list ] ; then
. $LOCAL_ETC/scopes.list
else
logger "$LOG_PREFIX There is no scopes list file, this should never happen. Aborting."
exit 1
fi
else
# If no token was provided, we cannot use the file with the list of provided scopes
logger "$LOG_PREFIX load_the_scopes_list_from_file. No token was provided, not loading the scopes list file"
fi
}
get_scopes_from_auth() {
# We have a token and a list of scopes names. Get the scope tokens for them.
logger "$LOG_PREFIX get_scopes_from_auth. We have a token and a list of scopes names. Get the scope tokens for them."
for jar in $( ls -1 /home/gcube/tomcat/lib/ ) ; do for jar in $( ls -1 /home/gcube/tomcat/lib/ ) ; do
export CLASSPATH="/home/gcube/SmartGears/lib/${jar}:$CLASSPATH" export CLASSPATH="/home/gcube/SmartGears/lib/${jar}:$CLASSPATH"
done done
@ -73,43 +117,70 @@ function get_scopes_from_auth() {
{% endif %} {% endif %}
RETVAL=$? RETVAL=$?
if [ $RETVAL -eq 0 ] ; then if [ $RETVAL -eq 0 ] ; then
logger "$LOG_PREFIX We got the scope tokens" logger "$LOG_PREFIX get_scopes_from_auth. We got the scope tokens."
else else
logger "$LOG_PREFIX Unable to obtain the scope tokens, aborting" logger "$LOG_PREFIX get_scopes_from_auth. Unable to obtain the scope tokens, aborting."
exit 1 exit 1
fi fi
} }
if [ $USE_SAVED_STATE -ne 0 ] ; then get_scopes_from_local_state() {
logger "$LOG_PREFIX First installation or moving avay to a configuration that needs to be present on all the VREs. Using our scopes list and not the state memorized one" if [ ! -f $SMARTGEARS_RUNNING_STATE_FILE ] ; then
get_scopes_from_auth USE_SAVED_STATE=1
else logger "$LOG_PREFIX No state file, it was removed or it is a first installation. Skip the request for the local state, do not merge the local state."
logger "$LOG_PREFIX We are going to use the scopes memorized into the state" return 0
SCOPES_FILE=$SMARTGEARS_SAVED_STATE_PATH fi
fi # Get the scopes from the local state
cd $SMARTGEARS_SCRIPTS_DIR
. $GHN_ENV_FILE
./clean-container-state -s $SMARTGEARS_SAVED_STATE_F
RETVAL=$?
if [ $RETVAL -ne 0 ] ; then
# We were not able to get the running state from the IS. Try to get new scope tokens
logger "$LOG_PREFIX We were not able to get the running state from the IS."
fi
}
# We always remove the current state get_scopes() {
cd $SMARTGEARS_SCRIPTS_DIR if [ ! -z $TOKEN ] ; then
. $GHN_ENV_FILE # We have a token, let's use it
./clean-container-state -s $SMARTGEARS_SAVED_STATE_F load_the_scopes_list_from_file
RETVAL=$? get_scopes_from_auth
if [ $RETVAL -ne 0 ] ; then fi
# We were not able to get the running state from the IS. Try to get new scope tokens # We try to get the scopes from the local state unconditionally, so that we always cleanup the state.
logger "$LOG_PREFIX We were not able to get the running state from the IS. Try to get new scope tokens from the authorization service" get_scopes_from_local_state
SCOPES_FILE={{ smartgears_user_home }}/.containerxml/2-container.xml }
get_scopes_from_auth
fi
# Now that we have the tokens, we can assemble the container.xml file assemble_the_container_xml_file() {
chmod 640 $CONTAINER_XML_FILE # Now that we have the tokens, we can assemble the container.xml file
CREATE_CONTAINER_XML_RES=0 chmod 640 $CONTAINER_XML_FILE
CREATE_CONTAINER_XML=$( cat $CONTAINER_XML_HEAD $SCOPES_FILE $CONTAINER_XML_TAIL > $CONTAINER_XML_FILE ) if [ ! -z $TOKEN ] && [ $USE_SAVED_STATE -eq 0 ] ; then
CREATE_CONTAINER_XML_RES=$? CREATE_CONTAINER_XML=$( cat $CONTAINER_XML_HEAD $SCOPES_FILE $SMARTGEARS_SAVED_STATE_PATH $CONTAINER_XML_TAIL > $CONTAINER_XML_FILE )
if [ $CREATE_CONTAINER_XML_RES -ne 0 ] ; then CREATE_CONTAINER_XML_RES=$?
logger "$LOG_PREFIX $CONTAINER_XML_FILE cannot be updated. Error is $CREATE_CONTAINER_XML" elif [ ! -z $TOKEN ] && [ $USE_SAVED_STATE -eq 1 ] ; then
exit $CREATE_CONTAINER_XML_RES CREATE_CONTAINER_XML=$( cat $CONTAINER_XML_HEAD $SCOPES_FILE $CONTAINER_XML_TAIL > $CONTAINER_XML_FILE )
fi CREATE_CONTAINER_XML_RES=$?
chmod 440 $CONTAINER_XML_FILE elif [ -z $TOKEN ] && [ $USE_SAVED_STATE -eq 0 ] ; then
logger "$LOG_PREFIX $CONTAINER_XML_FILE updated" CREATE_CONTAINER_XML=$( cat $CONTAINER_XML_HEAD $SMARTGEARS_SAVED_STATE_PATH $CONTAINER_XML_TAIL > $CONTAINER_XML_FILE )
CREATE_CONTAINER_XML_RES=$?
fi
if [ $CREATE_CONTAINER_XML_RES -ne 0 ] ; then
logger "$LOG_PREFIX $CONTAINER_XML_FILE cannot be updated. Error is $CREATE_CONTAINER_XML"
exit $CREATE_CONTAINER_XML_RES
fi
chmod 440 $CONTAINER_XML_FILE
logger "$LOG_PREFIX $CONTAINER_XML_FILE updated"
}
############
#
# Main
#
check_merge_scopes_behaviour
check_token_presence
check_smartgears_state_presence
decide_how_to_proceed
get_scopes
assemble_the_container_xml_file
exit 0 exit 0