Fix ZeroTimeWindow for renew_proxy && Fix missing cronjobs (#1476)

* Fix ZeroTimeWindow for renew_proxy && Fix missing cronjobs * Add myproxyLifetimHoursas * Typo * Do not wipeout old cronjobs when creating the new ones && set cron interval to 1 hour && set proxy minimal lenght to 156 hours before renew set myproxyMinLifetimeHours=156 * oversimplifying everything * Export WMA_CONFIG_FILE && Add wmagent-couchapp-init to set_cronjob()
dmwm · May 17, 2024 · cd75bf2 · cd75bf2
1 parent 511dd27
commit cd75bf2
Show file tree

Hide file tree

Showing 5 changed files with 19 additions and 43 deletions.
diff --git a/docker/pypi/wmagent/Dockerfile b/docker/pypi/wmagent/Dockerfile
@@ -19,6 +19,7 @@ ENV WMA_AUTH_DIR=$WMA_CURRENT_DIR/auth/
 ENV WMA_INSTALL_DIR=$WMA_CURRENT_DIR/install
 ENV WMA_STATE_DIR=$WMA_CURRENT_DIR/state
 ENV WMA_CONFIG_DIR=$WMA_CURRENT_DIR/config
+ENV WMA_CONFIG_FILE=$WMA_CONFIG_DIR/config.py
 ENV WMA_MANAGE_DIR=$WMA_CONFIG_DIR
 ENV WMA_LOG_DIR=$WMA_CURRENT_DIR/logs
 ENV WMA_DEPLOY_DIR=/usr/local

diff --git a/docker/pypi/wmagent/bin/manage b/docker/pypi/wmagent/bin/manage
@@ -149,10 +149,9 @@ init_wmagent(){
 
  wmcore-db-init --config $WMA_CONFIG_DIR/config.py --create --modules=WMCore.WMBS,WMCore.Agent.Database,WMComponent.DBS3Buffer,WMCore.BossAir,WMCore.ResourceControl;
  let errVal+=$?
- export WMAGENT_CONFIG=$WMA_CONFIG_DIR/config.py
+
  wmagent-couchapp-init
  let errVal+=$?
- unset WMAGENT_CONFIG
 
  return $errVal
 }

diff --git a/docker/pypi/wmagent/bin/manage-common.sh b/docker/pypi/wmagent/bin/manage-common.sh
@@ -286,44 +286,8 @@ _renew_proxy(){
  -key $WMA_CERTS_DIR/mynewproxy.pem \
  -out $WMA_CERTS_DIR/myproxy.pem"
 
- # Here to check certificates and proxy lifetime and update myproxy if needed:
- local certMinLifetimeHours=168
- local certMinLifetimeSec=$(($certMinLifetimeHours*60*60))
-
- if [[ -f $WMA_CERTS_DIR/servicecert.pem ]] && [[ -f $WMA_CERTS_DIR/servicekey.pem ]]; then
-
- echo "$FUNCNAME: Checking Certificate lifetime:"
- local now=$(date +%s)
- local certEndDate=$(openssl x509 -in $WMA_CERTS_DIR/servicecert.pem -noout -enddate)
- certEndDate=${certEndDate##*=}
- echo "$FUNCNAME: Certificate end date: $certEndDate"
- [[ -z $certEndDate ]] && {
- echo "$FUNCNAME: ERROR: Failed to determine certificate end date!"; return $(false) ;}
- certEndDate=$(date --date="$certEndDate" +%s)
- [[ $certEndDate -le $now ]] && {
- echo "$FUNCNAME: ERROR: Expired certificate at $WMA_CERTS_DIR/servicecert.pem!"; return $(false) ;}
- [[ $(($certEndDate -$now)) -le $certMinLifetimeSec ]] && {
- echo "$FUNCNAME: WARNING: The service certificate lifetime is less than certMinLifetimeHours: $certMinLifetimeHours! Please update it ASAP!" ;}
-
- # Renew myproxy if needed:
- echo "$FUNCNAME: Checking myproxy lifetime:"
- local myproxyEndDate=$(openssl x509 -in $WMA_CERTS_DIR/myproxy.pem -noout -enddate)
- myproxyEndDate=${myproxyEndDate##*=}
- echo "$FUNCNAME: myproxy end date: $myproxyEndDate"
- [[ -n $myproxyEndDate ]] || ($myproxyCmd && $vomsproxyCmd) || {
- echo "$FUNCNAME: ERROR: Failed to renew invalid myproxy"; return $(false) ;}
- myproxyEndDate=$(date --date="$myproxyEndDate" +%s)
- [[ $myproxyEndDate -gt $(($now + 7*24*60*60)) ]] || ($myproxyCmd && $vomsproxyCmd) || {
- echo "$FUNCNAME: ERROR: Failed to renew expired myproxy"; return $(false) ;}
-
- # Stay safe and always change the service {cert,key} and myproxy mode here:
- chmod 400 $WMA_CERTS_DIR/*
- echo "$FUNCNAME: OK"
- else
- echo "$FUNCNAME: ERROR: We found no service certificate installed at $WMA_CERTS_DIR!"
- echo "$FUNCNAME: ERROR: Please install proper cert and key files before restarting the WMAgent container!"
- return $(false)
- fi
+ $myproxyCmd && $vomsproxyCmd
+ return $?
 }
 
 

diff --git a/docker/pypi/wmagent/init.sh b/docker/pypi/wmagent/init.sh
@@ -24,6 +24,8 @@ HOSTIP=`hostname -i`
  WMA_TAG=$WMCoreVersion
 }
 
+[[ -z $WMA_USER ]] && export WMA_USER=$(id -un)
+
 TEAMNAME=testbed-${HOSTNAME%%.*}
 AGENT_NUMBER=0
 AGENT_FLAVOR=mysql
@@ -296,18 +298,27 @@ check_databases() {
 }
 
 set_cronjob() {
- stepMsg="Populating cronjob with utilitarian scripts for the $WMA_USER"
+ stepMsg="Populating cronjob with utilitarian scripts for user: $WMA_USER"
  echo "-----------------------------------------------------------------------"
  echo "Start: $stepMsg"
+ local errVal=0
 
- chmod +x $WMA_DEPLOY_DIR/deploy/renew_proxy.sh $WMA_DEPLOY_DIR/deploy/restartComponent.sh
-
+ # Populating proxy related cronjobs
  crontab -u $WMA_USER - <<EOF
 55 */12 * * * $WMA_MANAGE_DIR/manage renew-proxy
 58 */12 * * * python $WMA_DEPLOY_DIR/deploy/checkProxy.py --proxy /data/certs/myproxy.pem --time 120 --send-mail True --mail [email protected]
 */15 * * * * source $WMA_DEPLOY_DIR/deploy/restartComponent.sh > /dev/null
 EOF
+ let errVal+=$?
 
+ # Populating CouchDB related cronjobs
+ wmagent-couchapp-init
+ let errVal+=$?
+
+ [[ $errVal -eq 0 ]] || {
+ echo "$FUNCNAME: ERROR: Failed to populate WMAgent's cron jobs for user: $WMA_USER"
+ return $errVal
+ }
  echo "Done: $stepMsg!" && echo
  echo "-----------------------------------------------------------------------"
 }

diff --git a/docker/pypi/wmagent/install.sh b/docker/pypi/wmagent/install.sh
@@ -137,6 +137,7 @@ tweakEnv(){
 
 export WMA_BUILD_ID=\$(cat \$WMA_ROOT_DIR/.dockerBuildId)
 export WMCORE_ROOT=\$WMA_DEPLOY_DIR
+export WMAGENT_CONFIG=\$WMA_CONFIG_FILE
 export WMAGENTPY3_ROOT=\$WMA_INSTALL_DIR
 export WMAGENTPY3_VERSION=\$WMA_TAG
 export CRYPTOGRAPHY_ALLOW_OPENSSL_102=true