Commit 43ba93de authored by Andrea Sciaba's avatar Andrea Sciaba
Browse files

First version

parent 7f5138eb
define command{
command_name check_pyver
command_line $USER3$/org.sam/check_pyver $ARG1$
}
define command{
command_name samtest-run-file
command_line $USER3$/org.sam/samtest-run -w <wnjobWorkDir>/.gridprobes -f $ARG1$ -o "$ARG2$"
}
define command{
command_name check_wrap
command_line $USER3$/org.sam/check_wrap $ARG1$
}
define command{
command_name WN-probe
command_line $USER3$/org.sam/WN-probe $ARG1$
}
define command{
command_name WN-passive
command_line $USER1$/check_dummy
}
define command{
command_name samtest-run-sensor
command_line $USER3$/org.sam/samtest-run -w <wnjobWorkDir>/.gridprobes -d $USER3$/org.cms.glexec -s testjob -m $ARG1$
}
define command{
command_name nagtest-run-sensor
command_line $USER3$/org.sam/nagtest-run -w <wnjobWorkDir>/.gridprobes -H localhost -m $USER3$/org.cms.glexec/testjob/tests/$ARG1$ -o "$ARG2$"
}
define service{
name sam-generic-wn
register 0
host_name <nodeName>
is_volatile 0
initial_state u
max_check_attempts 1
check_interval 60
retry_interval 1
active_checks_enabled 0
passive_checks_enabled 0
obsess_over_service 1
check_period 24x7
check_freshness 0
event_handler_enabled 0
flap_detection_enabled 0
process_perf_data 0
retain_status_information 1
retain_nonstatus_information 0
notifications_enabled 0
notification_interval 120
notification_period 24x7
contacts admin
contact_groups admins
_vo <VO>
_vo_fqan <VOMS>
_service_flavour CE
_server <nodeName>
_site_name <siteName>
_service_uri <ceName>
_metric_set org.sam.WN
notes <siteName> CE <ceName> <VO>
}
# active template
define service{
use sam-generic-wn
name sam-generic-wn-active
register 0
active_checks_enabled 1
passive_checks_enabled 0
}
# passive template
define service{
use sam-generic-wn
name sam-generic-wn-passive
register 0
check_command WN-passive
active_checks_enabled 0
passive_checks_enabled 1
}
define service {
use sam-generic-wn-active
service_description org.cms.glexec.WN-gLExec-<VOMS>
check_command nagtest-run-sensor!glprobe.sh!-v 1
}
#!/usr/bin/perl -w
# $Id: glexec_unwrapenv.pl,v 1.1 2012/04/02 16:09:31 asciaba Exp $
#
# Helper script to restore the environment variables previously
# wrapped into the environment variable GLEXEC_ENV using the
# glexec_wrapenv.pl script.
#
# Intended usage:
# export GLEXEC_ENV=`glexec_wrapenv.pl`
# /opt/glite/sbin/glexec glexec_unwrapenv.pl -- <YOUR-COMMAND>
#
# By default the following environment variables are NOT unwrapped:
# HOME LOGNAME USER X509_USER_PROXY _ (yes that's '_' !)
# A user can add more env vars to be excluded using either
# --exclude=A --exclude=B
# or
# --exclude=A,B,...
#
# Copyright (c) 2009 by
# Jan Just Keijser (janjust@nikhef.nl)
# Nikhef
# Amsterdam
# The Netherlands
use strict;
use warnings;
use Compress::Zlib qw(inflateInit Z_STREAM_END Z_OK);
use Getopt::Long qw(GetOptions);
use MIME::Base64 qw(decode_base64);
# These variables are excluded by default
my @env_blacklist = ( "HOME", "LOGNAME", "USER", "X509_USER_PROXY", "_" );
my @exclude_env;
GetOptions ("exclude=s" => \@exclude_env);
@exclude_env = split( /,/, join( ',', @exclude_env, @env_blacklist) );
$ENV{GLEXEC_ENV}
or die "GLEXEC_ENV not set. No environment to pass on";
# First, unwrap the Base64 encoded blob
my $decoded_buf = decode_base64( $ENV{GLEXEC_ENV} );
# Then, decompress it into it's original space-separated set of Base64 blobs
my $x = inflateInit()
or die "Cannot create a inflation stream\n" ;
my ($output, $status) = $x->inflate( \$decoded_buf );
die "inflation failed\n"
unless $status == Z_STREAM_END or $status == Z_OK;
# Split the space-separated set of Base64 blobs again into an array
my @vars = split / /, $output;
for (my $i = 0; $i <= $#vars; $i++)
{
# Decode each Base64 encoded blob into a key=value pair
my $keyvalue_pair = decode_base64( $vars[$i] );
my $pos = -1;
# Look for the first '=' sign
if (($pos = index( $keyvalue_pair, '=' )) > -1 )
{
# NOTE: using tricks like (\w+) (\w+) will NOT work
# when environment variables span multiple lines
# the "key" is everything before the first '=' sign
my $key = substr( $keyvalue_pair, 0, $pos );
# the "value" is everything after the first '=' sign
my $value = substr( $keyvalue_pair, $pos+1 );
# if the variable is not on our exclusion list, set it
if ( ! grep { /$key/ } @exclude_env )
{
$ENV{$key} = $value;
}
}
else
{
# this should never happen, really
printf STDERR "no = sign found in [$keyvalue_pair]!\n";
}
}
# Finally, execute the user payload command
exec ( @ARGV );
#!/usr/bin/perl -w
# $Id: glexec_wrapenv.pl,v 1.1 2012/04/02 16:09:32 asciaba Exp $
#
# Wrapper script to wrap the current environment into a single
# environment variable GLEXEC_ENV. This variable is passed
# onto the glexec child process, where it can be unpacked to
# restore the environment variables that were lost when the
# set-uid glexec was invoked.
#
# Intended usage:
# export GLEXEC_ENV=`glexec_wrapenv.pl`
# /opt/glite/sbin/glexec glexec_unwrapenv.pl -- <YOUR-COMMAND>
#
# By default the following environment variables are NOT wrapped:
# HOME LOGNAME USER X509_USER_PROXY _ (yes that's '_' !)
# A user can add more env vars to be excluded using either
# --exclude=A --exclude=B
# or
# --exclude=A,B,...
#
# Copyright (c) 2009 by
# Jan Just Keijser (janjust@nikhef.nl)
# Nikhef
# Amsterdam
# The Netherlands
use strict;
use warnings;
use Compress::Zlib qw(deflateInit Z_OK);
use Getopt::Long qw(GetOptions);
use MIME::Base64 qw(encode_base64);
# These variables are excluded by default
my @env_blacklist = ( "HOME", "LOGNAME", "USER", "X509_USER_PROXY", "_" );
my @exclude_env;
my $key;
my $buf;
my $encoded_buf = '';
my $output = '';
GetOptions ("exclude=s" => \@exclude_env);
@exclude_env = split( /,/, join( ',', @exclude_env, @env_blacklist) );
# go through all environment variables and encode them as separate
# key-value pair entities. This will enable us to later unpack them.
foreach $key (keys(%ENV))
{
if ( ! grep { /$key/ } @exclude_env )
{
$buf = $key . "=" . $ENV{$key};
$encoded_buf .= encode_base64($buf, '') . " ";
}
else
{
printf STDERR "Skipping $key\n";
}
}
# Compress the encoded env vars to save some memory
my $x = deflateInit()
or die "Cannot create a deflation stream\n" ;
my ($deflated_buf, $status) = $x->deflate( $encoded_buf );
$status == Z_OK or die "deflation failed\n";
$output = $deflated_buf;
($deflated_buf, $status) = $x->flush();
$status == Z_OK or die "deflation failed\n";
$output .= $deflated_buf;
# Finally, encode the compressed stream again and print it out
print encode_base64( $output, '' );
#! /bin/bash
function add2buffer {
echo $1
}
function do_print {
echo "summary: $1"
}
# Change to test directory
cd `dirname $0`
# parse arguments
verbosity="1"
while getopts "v:H:t:" flag
do
case "$flag" in
v) verbosity=$OPTARG;;
H) host=$OPTARG;;
t) timeout=$OPTARG;;
esac
done
exitcode=$NAG_OK
# Print environment information
now="`date -u +'%F %T'` UTC"
currdir=$PWD
host=`uname -n`
pilotid=`/usr/bin/id`
add2buffer "Ran at $now on host $host as user:"
add2buffer "$pilotid"
# Check that $X509_USER_PROXY points to an existing file
if [ -z "$X509_USER_PROXY" ]; then
do_print "Error: X509_USER_PROXY is not defined"
exit $NAG_CRITICAL
fi
if [ -f "$X509_USER_PROXY" ]; then
add2buffer "X509_USER_PROXY=$X509_USER_PROXY"
else
do_print "Error: X509_USER_PROXY points to a non existing location"
exit $NAG_CRITICAL
fi
# workaround to suppress voms errors on OSG
export VOMS_PROXY_INFO_DONT_VERIFY_AC="1"
dn=`voms-proxy-info --identity`
fqan=`voms-proxy-info --fqan | head -1`
add2buffer "DN: $dn"
add2buffer "Primary FQAN: $fqan"
# Set the CMS environment
if [ -n "$OSG_APP" ] ; then
SW_DIR=$OSG_APP/cmssoft/cms
[ -f $OSG_GRID/setup.sh ] && source $OSG_GRID/setup.sh
add2buffer "OSG_APP/cmssoft/cms=$OSG_APP/cmssoft/cms"
elif [ -n "$VO_CMS_SW_DIR" ]; then
SW_DIR=$VO_CMS_SW_DIR
add2buffer "VO_CMS_SW_DIR=$VO_CMS_SW_DIR"
else
do_print "Error: Neither VO_CMS_SW_DIR nor OSG_APP defined"
exit $NAG_CRITICAL
fi
if [ ! -f $SW_DIR/cmsset_default.sh ]; then
do_print "Error: cmssw setup file $SW_DIR/cmsset_default.sh not existing"
exit $NAG_CRITICAL
fi
add2buffer "CMS configuration file: $SW_DIR/cmsset_default.sh"
export SCRAM_ARCH=slc5_amd64_gcc434
source $SW_DIR/cmsset_default.sh
err=$?
if [ $err != 0 ]; then
do_print "Error: CMS software initialisation script cmsset_default.sh failed"
exit $NAG_CRITICAL
fi
if [ -z $CMS_PATH ]; then
do_print "Error: CMS_PATH not defined"
exit $NAG_CRITICAL
fi
if [ ! -d $CMS_PATH ] ; then
do_print "Error: CMS_PATH directory $CMS_PATH not existing"
exit $NAG_CRITICAL
fi
# Parse the local config file and find site name
if [ ! -d $CMS_PATH/SITECONF/local/JobConfig ] ; then
do_print "Error: JobConfig directory $CMS_PATH/SITECONF/local/JobConfig not existing"
exit $NAG_CRITICAL
fi
ConfigFile=${CMS_PATH}/SITECONF/local/JobConfig/site-local-config.xml
if [ ! -f $ConfigFile ] ; then
do_print "Error: Local Configuration file site-local-config.xml not existing"
exit $NAG_CRITICAL
fi
add2buffer "Local configuration file: $ConfigFile"
grep -q "site name" $ConfigFile
err=$?
if [ $err != 0 ] ; then
do_print "Error: site name string missing in config file"
exit $NAG_CRITICAL
fi
siteName=`grep "site name" $ConfigFile | grep -v "subsite name" | cut -d'"' -f2`
add2buffer "Site name: $siteName"
tier=`grep "site name" $ConfigFile | grep -v "subsite name" | cut -d'"' -f2 | cut -d '_' -f1`
if [ "x$tier" == "xT1" ]; then
mv -f $currdir/payloadproxy-t1 $currdir/payloadproxy
rm -f $currdir/payloadproxy-t2
add2buffer "Using t1access role for the payload"
else
mv -f $currdir/payloadproxy-t2 $currdir/payloadproxy
rm -f $currdir/payloadproxy-t1
add2buffer "Using standard cms proxy for the payload"
fi
# Check that the payload proxy is available
if [ -f "$currdir/payloadproxy" ]; then
chmod 600 $currdir/payloadproxy
export GLEXEC_CLIENT_CERT=$currdir/payloadproxy
add2buffer "GLEXEC_CLIENT_CERT: $GLEXEC_CLIENT_CERT"
else
do_print "Error: payloadproxy not found"
exit $NAG_CRITICAL
fi
# finding the glexec environment
glexec=${OSG_GLEXEC_LOCATION:-${GLEXEC_LOCATION:-${GLITE_LOCATION:-/usr}}/sbin/glexec}
if [ -f "$glexec" ]; then
add2buffer "Using glexec at $glexec"
glexec_ver=`$glexec -v`
add2buffer "$glexec_ver"
else
do_print "Error: No files found at $glexec"
exit $NAG_CRITICAL
fi
glexecdir=`dirname $glexec`
# workaround for glexev older than 0.7
export GLEXEC_SOURCE_PROXY=${GLEXEC_CLIENT_CERT}
add2buffer "GLEXEC_SOURCE_PROXY: $GLEXEC_SOURCE_PROXY"
export GLEXEC_TARGET_PROXY="/tmp/x509up_u`id -u`.glexec.${RANDOM}"
add2buffer "GLEXEC_TARGET_PROXY: $GLEXEC_TARGET_PROXY"
# run a bare glexec test and verify that the uid/gid is changed
payloadid=`$glexec /usr/bin/id`
err=$?
if [ $err -ne 0 ]; then
do_print "Error: error $err executing $glexec getting payload uid/gid"
exit $NAG_CRITICAL
fi
if [ -z "$payloadid" ]; then
do_print "Error: /usr/bin/id returned an empty string for the payload"
exit $NAG_CRITICAL
fi
if [ "X$payloadid" == "X$pilotid" ]; then
add2buffer "Warning: Same /usr/bin/id for payload and pilot"
exitcode=$NAG_WARNING
fi
add2buffer "Payload id: $payloadid"
# find mkgltempdir and create a termporary directory for payload execution
if [ -f "$glexecdir/mkgltempdir" ]; then
mkgltempdir=$glexecdir/mkgltempdir
else
mkgltempdir=$currdir/mkgltempdir
fi
add2buffer "Using mkgltempdir at $mkgltempdir"
stickydir=`$mkgltempdir`
err=$?
if [ $err -ne 0 ]; then
do_print "Warning: error $err executing $mkgltempdir"
exit $NAG_WARNING
fi
add2buffer "stickydir: $stickydir"
tmpdir=`dirname $stickydir`
# find glexec_wrapenv.pl and define GLEXEC_ENV
if [ -f "$glexecdir/glexec_wrapenv.pl" ]; then
glexec_wrapenv=$glexecdir/glexec_wrapenv.pl
else
glexec_wrapenv=$currdir/glexec_wrapenv.pl
fi
add2buffer "Using glexec_wrapenv.pl at $glexec_wrapenv"
export GLEXEC_ENV=`$glexec_wrapenv`
err=$?
if [ $err -ne 0 ]; then
add2buffer "Warning: error $err executing $glexec_wrapenv"
exitcode=$NAG_WARNING
fi
# find glexec_unwrapenv.pl
if [ -f $glexecdir/glexec_unwrapenv.pl ]; then
glexec_unwrapenv=$glexecdir/glexec_unwrapenv.pl
else
cp $currdir/glexec_unwrapenv.pl $tmpdir
$glexec /bin/cp $tmpdir/glexec_unwrapenv.pl $stickydir
rm $tmpdir/glexec_unwrapenv.pl
$glexec_unwrapenv=$stickydir/glexec_unwrapenv.pl
fi
add2buffer "using glexec_unwrapenv.pl at $glexec_unwrapenv"
# run glexec and verify that the proxy is changed
payloaddn=`$glexec $glexec_unwrapenv -- voms-proxy-info -subject`
err=$?
if [ $err -ne 0 ]; then
add2buffer "Warning: error $err executing $glexec getting payload DN"
exitcode=$NAG_WARNING
fi
add2buffer "Payload proxy info - DN: $payloaddn"
if [ -z "$payloaddn" ]; then
do_print "Error: voms-proxy-info returned an empty string for the subject"
exitcode=$NAG_WARNING
fi
payloadfqan=`$glexec $glexec_unwrapenv -- voms-proxy-info -fqan | head -1`
err=$?
if [ $err -ne 0 ]; then
add2buffer "Warning: error $err executing $glexec getting payload fqan"
exitcode=$NAG_WARNING
fi
if [ -z "$payloadfqan" ]; then
add2buffer "Warning: voms-proxy-info returned an empty string for the primary fqan"
exitcode=$NAG_WARNING
fi
add2buffer "Primary FQAN: $payloadfqan"
if [ "X$payloaddn$payloadfqan" == "X$dn$fqan" ]; then
add2buffer "Warning: Same DN/FQAN for pilot and payload"
exitcode=$NAG_WARNING
fi
# copy the payload executable to the payload execution directory
cp $currdir/payload.sh $tmpdir
chmod 755 $tmpdir/payload.sh
$glexec /bin/cp $tmpdir/payload.sh $stickydir
rm $tmpdir/payload.sh
# create a job wrapper and copy it to the payload execution directory
cat > $tmpdir/wrapper.sh << EOF
#! /bin/bash
cd $stickydir
./payload.sh > payload.out 2> payload.err
# Make the output readable by the pilot
chmod a+rx .
chmod a+r ./*
EOF
chmod 755 $tmpdir/wrapper.sh
$glexec /bin/cp $tmpdir/wrapper.sh $stickydir
rm $tmpdir/wrapper.sh
# execute the payload (payload identity) and move the output to the current directory
$glexec $glexec_unwrapenv -- $stickydir/wrapper.sh
err=$?
if [ $err -eq 0 ]; then
cp $stickydir/payload.out $currdir
cp $stickydir/payload.err $currdir
else
add2buffer "Warning: error $err executing the payload"
exitcode=$NAG_WARNING
fi
# cleanup the execution directory tree
$glexec /bin/rm $stickydir/*
$mkgltempdir -r $stickydir
# Print payload output
add2buffer "payload.out:"
cat $currdir/payload.out
add2buffer "payload.err:"
cat $currdir/payload.err
add2buffer "Test finished"
# exit
if [ $exitcode -ne 0 ]; then
do_print "Warning: execution contains warnings"
else
do_print "Success"
fi
exit $exitcode
#!/bin/sh
# Copyright (c) Members of the EGEE Collaboration. 2008.
# See http://www.eu-egee.org/partners/ for details on the copyright
# holders.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
# Authors: David Groep
# NIKHEF Amsterdam, the Netherlands
# grid-mw-security@nikhef.nl
#
# @(#)$Id: mkgltempdir,v 1.1 2012/04/02 16:09:33 asciaba Exp $
#
version=0.0.2
glexec=${OSG_GLEXEC_LOCATION:-${GLEXEC_LOCATION:-${GLITE_LOCATION:-/usr}}/sbin/glexec}
#glexec=${GLEXEC_LOCATION:-${GLITE_LOCATION:-/usr}}/sbin/glexec
export PATH=$PATH:/bin:/usr/bin
mktemp=`which mktemp`
chmod=`which chmod`
basename=`which basename`
id=`which id`
sed=`which sed`
awk=`which awk`
rm=`which rm`
rmdir=`which rmdir`
error() {
echo "$@" >&2