From 36852c7e984f8b317a36c86adab2e1ef44cffb5b Mon Sep 17 00:00:00 2001 From: Andrea Dell'Amico Date: Thu, 15 Mar 2018 19:12:37 +0100 Subject: [PATCH] library/roles/smartgears/smartgears/templates/get-scopes.j2: Heavily refactor to manage all the scenarios correctly. See https://support.d4science.org/issues/11169 --- smartgears/smartgears/defaults/main.yml | 1 + smartgears/smartgears/templates/get-scopes.j2 | 213 ++++++++++++------ 2 files changed, 143 insertions(+), 71 deletions(-) diff --git a/smartgears/smartgears/defaults/main.yml b/smartgears/smartgears/defaults/main.yml index 77794cde..9d0bbd69 100644 --- a/smartgears/smartgears/defaults/main.yml +++ b/smartgears/smartgears/defaults/main.yml @@ -43,6 +43,7 @@ smartgears_production_vo: # Set to 'true' or 'false'. Pay attention to the case smartgears_authorized_on_all_scopes: 'false' +smartgears_merge_scopes: True smartgears_scopes: - '/{{ smartgears_infrastructure_name }}' smartgears_hostname: '{{ ansible_fqdn }}' diff --git a/smartgears/smartgears/templates/get-scopes.j2 b/smartgears/smartgears/templates/get-scopes.j2 index 35b76042..bf427956 100644 --- a/smartgears/smartgears/templates/get-scopes.j2 +++ b/smartgears/smartgears/templates/get-scopes.j2 @@ -1,4 +1,15 @@ #!/bin/bash +# +# get-scopes: get smartgears scopes using an authorization token or getting them from the current smartgears state. Or both. +# +# Set the ansible 'smartgears_merge_scopes' variable to 'False' in the playbook run if you do not want to merge the scopes +# +####################### +# +# * token + SMARTGEARS_MERGE_SCOPES boolean set to true (default): we merge the scopes +# - if it is a first install there is no state to merge. Do not fail, only get the playbook scopes +# * token + SMARTGEARS_MERGE_SCOPES boolean set to false: we only use the playbook scopes +# * no token, SMARTGEARS_MERGE_SCOPES boolean set to false: we do nothing CONTAINER_XML_HEAD={{ smartgears_user_home }}/.containerxml/1-container.xml SCOPES_FILE={{ smartgears_user_home }}/.containerxml/2-container.xml @@ -7,50 +18,11 @@ LOCAL_LIB=/usr/local/lib LOCAL_ETC=/usr/local/etc LOG_PREFIX="get-scopes: " GHN_ENV_FILE=/etc/default/tomcat-instance-{{ item.http_port }}.local -SMARTGEARS_VO_AUTH={{ smartgears_authorized_on_all_scopes }} SMARTGEARS_SAVED_STATE_F=saved_scopes_list.xml SMARTGEARS_SAVED_STATE_PATH={{ smartgears_user_home }}/SmartGears/$SMARTGEARS_SAVED_STATE_F SMARTGEARS_SCRIPTS_DIR={{ smartgears_user_home }}/SmartGears/scripts SMARTGEARS_RUNNING_STATE_FILE={{ smartgears_install_path }}/state/ghn.xml -CONTAINER_XML_FILE={{ smartgears_install_path }}/container.xml - -# 0: True, 1: False -USE_SAVED_STATE=1 -TOKEN= -RETVAL= - -if [ $# -eq 0 ] ; then - if [ -f $SMARTGEARS_RUNNING_STATE_FILE ] ; then - if [ "$SMARTGEARS_VO_AUTH" == 'true' ] ; then - # - The node must run on all VOs - logger "$LOG_PREFIX When the node must run on all the VOs a valid token is mandatory, aborting without doing anything" - exit 0 - fi - USE_SAVED_STATE=0 - echo "No token, assuming that we can use the local state" - logger "$LOG_PREFIX No token, assuming that we can use the local state" - else - # - First installation, no upgrade. - logger "$LOG_PREFIX No token was passed and not working state available, aborting" - exit 1 - fi -elif [ $# -eq 1 ] ; then - logger "$LOG_PREFIX We have an authorization token" - TOKEN=$1 -else - logger "$LOG_PREFIX More than one parameter was passed, aborting" - exit 1 -fi - -SCOPES_LIST="" -if [ -f $LOCAL_ETC/scopes.list ] ; then - . $LOCAL_ETC/scopes.list -else - logger "$LOG_PREFIX There is no token list, aborting" - exit 1 -fi - {%if setup_nginx %} HTTP_PORT={{ http_port }} {% else %} @@ -61,7 +33,79 @@ HTTP_PORT={{ item.http_port }} {% endif %} {% endif %} -function get_scopes_from_auth() { +# True (defaul): merge the scopes. False: do not merge +SMARTGEARS_MERGE_SCOPES="{{ smartgears_merge_scopes }}" +# If true, all the VRE associated to the listed VOs are authorized +SMARTGEARS_VO_AUTH={{ smartgears_authorized_on_all_scopes }} + +CONTAINER_XML_FILE={{ smartgears_install_path }}/container.xml + +TOKEN= +RETVAL= +USE_SAVED_STATE= +CREATE_CONTAINER_XML_RES=0 + +####################### + +check_merge_scopes_behaviour() { + # 0: True, 1: False + USE_SAVED_STATE=0 + if [ $SMARTGEARS_MERGE_SCOPES == 'True' ] ; then + USE_SAVED_STATE=0 + logger "$LOG_PREFIX smartgears_merge_scopes set to True by the caller." + elif [ $SMARTGEARS_MERGE_SCOPES == 'False' ] ; then + USE_SAVED_STATE=1 + logger "$LOG_PREFIX smartgears_merge_scopes set to False by the caller." + else + logger "$LOG_PREFIX smartgears_merge_scopes set to a not correct value. Assuming True" + fi +} + +check_token_presence() { + if [ $# -ge 1 ] ; then + # Ignore anything other than the first parameter + logger "$LOG_PREFIX We have an authorization token" + TOKEN=$1 + fi +} + +check_smartgears_state_presence() { + if [ ! -f $SMARTGEARS_RUNNING_STATE_FILE ] ; then + USE_SAVED_STATE=1 + logger "$LOG_PREFIX No state file, it was removed or it is a first installation. We need a token to proceed successfully from now on." + fi +} + +decide_how_to_proceed() { + if [ -z $TOKEN ] ; then + if [ ! -f $SMARTGEARS_RUNNING_STATE_FILE ] ; then + logger "$LOG_PREFIX No token no local state. Maybe a first installation. Aborting." + exit 1 + elif [ USE_SAVED_STATE -eq 1 ] ; then + logger "$LOG_PREFIX No token and we do not want to merge the local state. Doing nothing." + exit 0 + fi + fi +} + +load_the_scopes_list_from_file() { + if [ ! -z $TOKEN ] ; then + SCOPES_LIST="" + if [ -f $LOCAL_ETC/scopes.list ] ; then + . $LOCAL_ETC/scopes.list + else + logger "$LOG_PREFIX There is no scopes list file, this should never happen. Aborting." + exit 1 + fi + else + # If no token was provided, we cannot use the file with the list of provided scopes + logger "$LOG_PREFIX load_the_scopes_list_from_file. No token was provided, not loading the scopes list file" + fi +} + +get_scopes_from_auth() { + # We have a token and a list of scopes names. Get the scope tokens for them. + logger "$LOG_PREFIX get_scopes_from_auth. We have a token and a list of scopes names. Get the scope tokens for them." for jar in $( ls -1 /home/gcube/tomcat/lib/ ) ; do export CLASSPATH="/home/gcube/SmartGears/lib/${jar}:$CLASSPATH" done @@ -73,43 +117,70 @@ function get_scopes_from_auth() { {% endif %} RETVAL=$? if [ $RETVAL -eq 0 ] ; then - logger "$LOG_PREFIX We got the scope tokens" + logger "$LOG_PREFIX get_scopes_from_auth. We got the scope tokens." else - logger "$LOG_PREFIX Unable to obtain the scope tokens, aborting" + logger "$LOG_PREFIX get_scopes_from_auth. Unable to obtain the scope tokens, aborting." exit 1 fi } -if [ $USE_SAVED_STATE -ne 0 ] ; then - logger "$LOG_PREFIX First installation or moving avay to a configuration that needs to be present on all the VREs. Using our scopes list and not the state memorized one" - get_scopes_from_auth -else - logger "$LOG_PREFIX We are going to use the scopes memorized into the state" - SCOPES_FILE=$SMARTGEARS_SAVED_STATE_PATH -fi +get_scopes_from_local_state() { + if [ ! -f $SMARTGEARS_RUNNING_STATE_FILE ] ; then + USE_SAVED_STATE=1 + logger "$LOG_PREFIX No state file, it was removed or it is a first installation. Skip the request for the local state, do not merge the local state." + return 0 + fi + # Get the scopes from the local state + cd $SMARTGEARS_SCRIPTS_DIR + . $GHN_ENV_FILE + ./clean-container-state -s $SMARTGEARS_SAVED_STATE_F + RETVAL=$? + if [ $RETVAL -ne 0 ] ; then + # We were not able to get the running state from the IS. Try to get new scope tokens + logger "$LOG_PREFIX We were not able to get the running state from the IS." + fi +} -# We always remove the current state -cd $SMARTGEARS_SCRIPTS_DIR -. $GHN_ENV_FILE -./clean-container-state -s $SMARTGEARS_SAVED_STATE_F -RETVAL=$? -if [ $RETVAL -ne 0 ] ; then - # We were not able to get the running state from the IS. Try to get new scope tokens - logger "$LOG_PREFIX We were not able to get the running state from the IS. Try to get new scope tokens from the authorization service" - SCOPES_FILE={{ smartgears_user_home }}/.containerxml/2-container.xml - get_scopes_from_auth -fi +get_scopes() { + if [ ! -z $TOKEN ] ; then + # We have a token, let's use it + load_the_scopes_list_from_file + get_scopes_from_auth + fi + # We try to get the scopes from the local state unconditionally, so that we always cleanup the state. + get_scopes_from_local_state +} -# Now that we have the tokens, we can assemble the container.xml file -chmod 640 $CONTAINER_XML_FILE -CREATE_CONTAINER_XML_RES=0 -CREATE_CONTAINER_XML=$( cat $CONTAINER_XML_HEAD $SCOPES_FILE $CONTAINER_XML_TAIL > $CONTAINER_XML_FILE ) -CREATE_CONTAINER_XML_RES=$? -if [ $CREATE_CONTAINER_XML_RES -ne 0 ] ; then - logger "$LOG_PREFIX $CONTAINER_XML_FILE cannot be updated. Error is $CREATE_CONTAINER_XML" - exit $CREATE_CONTAINER_XML_RES -fi -chmod 440 $CONTAINER_XML_FILE -logger "$LOG_PREFIX $CONTAINER_XML_FILE updated" +assemble_the_container_xml_file() { + # Now that we have the tokens, we can assemble the container.xml file + chmod 640 $CONTAINER_XML_FILE + if [ ! -z $TOKEN ] && [ $USE_SAVED_STATE -eq 0 ] ; then + CREATE_CONTAINER_XML=$( cat $CONTAINER_XML_HEAD $SCOPES_FILE $SMARTGEARS_SAVED_STATE_PATH $CONTAINER_XML_TAIL > $CONTAINER_XML_FILE ) + CREATE_CONTAINER_XML_RES=$? + elif [ ! -z $TOKEN ] && [ $USE_SAVED_STATE -eq 1 ] ; then + CREATE_CONTAINER_XML=$( cat $CONTAINER_XML_HEAD $SCOPES_FILE $CONTAINER_XML_TAIL > $CONTAINER_XML_FILE ) + CREATE_CONTAINER_XML_RES=$? + elif [ -z $TOKEN ] && [ $USE_SAVED_STATE -eq 0 ] ; then + CREATE_CONTAINER_XML=$( cat $CONTAINER_XML_HEAD $SMARTGEARS_SAVED_STATE_PATH $CONTAINER_XML_TAIL > $CONTAINER_XML_FILE ) + CREATE_CONTAINER_XML_RES=$? + fi + if [ $CREATE_CONTAINER_XML_RES -ne 0 ] ; then + logger "$LOG_PREFIX $CONTAINER_XML_FILE cannot be updated. Error is $CREATE_CONTAINER_XML" + exit $CREATE_CONTAINER_XML_RES + fi + chmod 440 $CONTAINER_XML_FILE + logger "$LOG_PREFIX $CONTAINER_XML_FILE updated" +} + +############ +# +# Main +# +check_merge_scopes_behaviour +check_token_presence +check_smartgears_state_presence +decide_how_to_proceed +get_scopes +assemble_the_container_xml_file exit 0