From c9a63a63306e5ffd1f98bc6f7eea6ca780c71955 Mon Sep 17 00:00:00 2001 From: Andrea Dell'Amico Date: Tue, 28 Mar 2017 20:19:36 +0200 Subject: [PATCH] library/roles/smartgears: Handle the case when we need VO level authorization. Use the locally saved scopes instead of the provided ones. See https://support.d4science.org/issues/7880 --- smartgears/smartgears/defaults/main.yml | 5 +- .../smartgears/tasks/smartgears-app.yml | 52 +++++++------- smartgears/smartgears/templates/get-scopes.j2 | 70 +++++++++++++++---- 3 files changed, 85 insertions(+), 42 deletions(-) diff --git a/smartgears/smartgears/defaults/main.yml b/smartgears/smartgears/defaults/main.yml index 0b7d240..95f1b6d 100644 --- a/smartgears/smartgears/defaults/main.yml +++ b/smartgears/smartgears/defaults/main.yml @@ -16,7 +16,8 @@ smartgears_user: '{{ d4science_user }}' smartgears_user_home: '{{ d4science_user_home }}' smartgears_instance_path: '{{ smartgears_user_home }}/tomcat' smartgears_install_path: '{{ smartgears_user_home }}/SmartGears' -smartgears_distribution_version: 2.1.0-4.3.0-142337 +#smartgears_distribution_version: 2.1.0-4.3.0-142337 +smartgears_distribution_version: 2.1.2-4.4.0-146408 smartgears_file: 'smartgears-distribution-{{ smartgears_distribution_version }}.tar.gz' smartgears_url: 'http://maven.research-infrastructures.eu/nexus/content/repositories/{{ gcube_repository }}/org/gcube/distribution/smartgears-distribution/{{ smartgears_distribution_version }}/{{ smartgears_file }}' smartgears_mode: online @@ -40,7 +41,7 @@ smartgears_country: it smartgears_location: pisa smartgears_latitude: 41.9000 smartgears_longitude: 12.5000 -smartgears_publication_frequency: 180 +smartgears_publication_frequency: 300 smartgears_http_port: 9000 smartgears_service_name: 'tomcat-instance-{{ smartgears_http_port }}' diff --git a/smartgears/smartgears/tasks/smartgears-app.yml b/smartgears/smartgears/tasks/smartgears-app.yml index 3af684e..da2c239 100644 --- a/smartgears/smartgears/tasks/smartgears-app.yml +++ b/smartgears/smartgears/tasks/smartgears-app.yml @@ -58,6 +58,26 @@ copy: src=TokenGenerator.class dest=/usr/local/lib/TokenGenerator.class owner=root group=root mode=0644 tags: [ 'smartgears', 'smartgears_conf', 'tomcat' ] +- name: Install the script that manages the smartgears loglevel + template: src=change-logback-loglevel.sh.j2 dest=/usr/local/bin/change-logback-loglevel owner=root group=root mode=0755 + with_items: '{{ tomcat_m_instances }}' + when: not item.skip_smartgears + tags: [ 'smartgears', 'smartgears_loglevel', 'tomcat' ] + +- name: Change the smartgears log level + become: True + become_user: '{{ smartgears_user }}' + shell: /usr/local/bin/change-logback-loglevel + tags: [ 'smartgears', 'tomcat', 'smartgears_loglevel' ] + +- name: Remove some wrong symbolic links created by the install/upgrade script + file: dest={{ item }} state=absent + with_items: + - '{{ smartgears_install_path }}/lib/lib' + - '{{ smartgears_install_path }}/apps/webapps' + when: smartgears_upgrade + tags: [ 'smartgears', 'smartgears_conf', 'tomcat' ] + - name: Install the script that fetches the scope tokens template: src=get-scopes.j2 dest=/usr/local/bin/get-scopes owner=root group={{ smartgears_user }} mode=0750 with_items: '{{ tomcat_m_instances }}' @@ -81,38 +101,20 @@ with_items: '{{ tomcat_m_instances }}' tags: [ 'smartgears', 'smartgears_conf', 'tomcat' ] -- name: Get the scope tokens from the authorization service and assemble the container.xml file +- name: Get the scope tokens from the authorization service and assemble the container.xml file when whe have an authorization token or we are upgrading become: True become_user: '{{ smartgears_user }}' - shell: /usr/local/bin/get-scopes {{ gcube_admin_token | default(omit) }} - when: gcube_admin_token is defined + shell: /usr/local/bin/get-scopes {{ gcube_admin_token | default('') }} + when: gcube_admin_token is defined or smartgears_upgrade + notify: Restart smartgears tags: [ 'smartgears', 'smartgears_conf', 'tomcat' ] - name: Remove the smartgears application state if requested - #file: dest={{ smartgears_install_path }}/state state=absent - file: dest=/home/gcube/SmartGears/state state=absent - when: smartgears_remove_state - notify: Restart smartgears - tags: [ 'smartgears', 'smartgears_conf', 'tomcat' ] - -- name: Install the script that manages the smartgears loglevel - template: src=change-logback-loglevel.sh.j2 dest=/usr/local/bin/change-logback-loglevel owner=root group=root mode=0755 - with_items: '{{ tomcat_m_instances }}' - when: not item.skip_smartgears - tags: [ 'smartgears', 'smartgears_loglevel', 'tomcat' ] - -- name: Change the smartgears log level become: True become_user: '{{ smartgears_user }}' - shell: /usr/local/bin/change-logback-loglevel - tags: [ 'smartgears', 'tomcat', 'smartgears_loglevel' ] - -- name: Remove some wrong symbolic links created by the install/upgrade script - file: dest={{ item }} state=absent - with_items: - - '{{ smartgears_install_path }}/lib/lib' - - '{{ smartgears_install_path }}/apps/webapps' - when: smartgears_upgrade + shell: . {{ smartgears_user_home }}/.bashrc ; cd {{ smartgears_user_home }}/SmartGears/scripts ; ./clean-container-state -s old_saved_scopes.xml + when: smartgears_remove_state and not smartgears_upgrade + notify: Restart smartgears tags: [ 'smartgears', 'smartgears_conf', 'tomcat' ] - name: Force a smartgears restart diff --git a/smartgears/smartgears/templates/get-scopes.j2 b/smartgears/smartgears/templates/get-scopes.j2 index 5f835fb..70a74d1 100644 --- a/smartgears/smartgears/templates/get-scopes.j2 +++ b/smartgears/smartgears/templates/get-scopes.j2 @@ -6,11 +6,37 @@ CONTAINER_XML_TAIL={{ smartgears_user_home }}/.containerxml/3-container.xml LOCAL_LIB=/usr/local/lib LOCAL_ETC=/usr/local/etc LOG_PREFIX="get-scopes: " +GHN_ENV_FILE=/etc/default/tomcat-instance-{{ item.http_port }}.local +SMARTGEARS_VO_AUTH={{ smartgears_authorized_on_all_scopes }} +SMARTGEARS_UPGRADE={{ smartgears_upgrade }} +SMARTGEARS_SAVED_STATE_F=saved_scopes_list.xml +SMARTGEARS_SAVED_STATE_PATH={{ smartgears_user_home }}/SmartGears/$SMARTGEARS_SAVED_STATE_F +SMARTGEARS_SCRIPTS_DIR={{ smartgears_user_home }}/SmartGears/scripts + CONTAINER_XML_FILE={{ smartgears_install_path }}/container.xml +# 0: True, 1: False +USE_SAVED_STATE=1 + RETVAL= +# Scenario: +# - First installation, no upgrade. +# - The node must run on all VOs +# In these cases we use our scopes list + +if [ "$SMARTGEARS_VO_AUTH" == 'false' ] ; then + if [ "$SMARTGEARS_UPGRADE" == 'True' ] ; then + USE_SAVED_STATE=0 + logger "$LOG_PREFIX setting the correct variables so that we are going to use the local scopes" + else + logger "$LOG_PREFIX We are going to use our scopes list. A valid token is mandatory" + fi +else + logger "$LOG_PREFIX We are going to use our scopes list. A valid token is mandatory" +fi + SCOPES_LIST="" if [ -f $LOCAL_ETC/scopes.list ] ; then . $LOCAL_ETC/scopes.list @@ -18,14 +44,16 @@ else logger "$LOG_PREFIX There is no token list, aborting" exit 1 fi - -if [ $# -ne 1 ] ; then - echo "The token must be passed as the sole argument" - logger "$LOG_PREFIX The token must be passed as the sole argument" + +if [ $# -ne 1 -a $USE_SAVED_STATE -ne 0 ] ; then + echo "The token must be passed as the sole argument when we are not using the local state" + logger "$LOG_PREFIX The token must be passed as the sole argument when we are not using the local state" exit 1 +elif [ $# -eq 1 ] ; then + logger "$LOG_PREFIX We have an authorization token" + TOKEN=$1 fi -TOKEN=$1 {%if setup_nginx %} {%if https_port is defined %} @@ -43,21 +71,33 @@ HTTP_PORT={{ http_port }} HTTP_PORT={{ item.http_port }} {% endif %} -for jar in $( ls -1 /home/gcube/tomcat/lib/ ) ; do - export CLASSPATH="/home/gcube/SmartGears/lib/${jar}:$CLASSPATH" -done +if [ $USE_SAVED_STATE -ne 0 ] ; then + logger "$LOG_PREFIX First installation or moving avay to a configuration that needs to be present on all the VREs. Using our scopes list and not the state memorized one" + for jar in $( ls -1 /home/gcube/tomcat/lib/ ) ; do + export CLASSPATH="/home/gcube/SmartGears/lib/${jar}:$CLASSPATH" + done -cd $LOCAL_LIB + cd $LOCAL_LIB -java TokenGenerator {{ smartgears_hostname }} $TOKEN $HTTP_PORT $SCOPES_FILE $SCOPES_LIST -RETVAL=$? -if [ $RETVAL -eq 0 ] ; then - logger "$LOG_PREFIX We got the scope tokens" + java TokenGenerator {{ smartgears_hostname }} $TOKEN $HTTP_PORT $SCOPES_FILE $SCOPES_LIST >/dev/null 2>&1 + RETVAL=$? + if [ $RETVAL -eq 0 ] ; then + logger "$LOG_PREFIX We got the scope tokens" + else + logger "$LOG_PREFIX Unable to obtain the scope tokens, aborting" + exit 1 + fi else - logger "$LOG_PREFIX Unable to obtain the scope tokens, aborting" - exit 1 + logger "$LOG_PREFIX We are going to use the scopes memorized into the state" + SCOPES_FILE=$SMARTGEARS_SAVED_STATE_PATH fi +# We always remove the current state +cd $SMARTGEARS_SCRIPTS_DIR +. $GHN_ENV_FILE +./clean-container-state -s $SMARTGEARS_SAVED_STATE_F + + # Now that we have the tokens, we can assemble the container.xml file chmod 640 $CONTAINER_XML_FILE CREATE_CONTAINER_XML_RES=0