diff --git a/src/DIRAC/FrameworkSystem/Client/ComponentInstaller.py b/src/DIRAC/FrameworkSystem/Client/ComponentInstaller.py index 35bd675c7b2..0e173e38190 100644 --- a/src/DIRAC/FrameworkSystem/Client/ComponentInstaller.py +++ b/src/DIRAC/FrameworkSystem/Client/ComponentInstaller.py @@ -69,7 +69,6 @@ from DIRAC.ConfigurationSystem.Client import PathFinder from DIRAC.ConfigurationSystem.Client.CSAPI import CSAPI from DIRAC.ConfigurationSystem.Client.Helpers import ( - CSGlobals, cfgInstallPath, cfgInstallSection, cfgPath, @@ -85,6 +84,7 @@ PRODUCTION_MANAGEMENT, PROXY_MANAGEMENT, SERVICE_ADMINISTRATOR, + SITE_MANAGER, TRUSTED_HOST, ) from DIRAC.Core.Utilities.Extensions import ( @@ -432,6 +432,8 @@ def _getCentralCfg(self, installCfg): defaultHostProperties = [ TRUSTED_HOST, CS_ADMINISTRATOR, + SERVICE_ADMINISTRATOR, + SITE_MANAGER, JOB_ADMINISTRATOR, FULL_DELEGATION, PROXY_MANAGEMENT, diff --git a/src/DIRAC/FrameworkSystem/ConfigTemplate.cfg b/src/DIRAC/FrameworkSystem/ConfigTemplate.cfg index a47f2b84d33..5a3111fbd5f 100644 --- a/src/DIRAC/FrameworkSystem/ConfigTemplate.cfg +++ b/src/DIRAC/FrameworkSystem/ConfigTemplate.cfg @@ -167,6 +167,7 @@ Services componentExists = authenticated getComponents = authenticated hostExists = authenticated + installationExists = authenticated getHosts = authenticated installationExists = authenticated getInstallations = authenticated @@ -184,6 +185,7 @@ Services componentExists = authenticated getComponents = authenticated hostExists = authenticated + installationExists = authenticated getHosts = authenticated installationExists = authenticated getInstallations = authenticated diff --git a/tests/CI/install_client.sh b/tests/CI/install_client.sh index fa21f03453f..a83b95ded7b 100755 --- a/tests/CI/install_client.sh +++ b/tests/CI/install_client.sh @@ -61,7 +61,7 @@ echo -e "*** $(date -u) **** Client INSTALLATION START ****\n" installDIRAC echo -e "*** $(date -u) Getting a non privileged user\n" |& tee -a clientTestOutputs.txt -dirac-proxy-init -C "${SERVERINSTALLDIR}/user/client.pem" -K "${SERVERINSTALLDIR}/user/client.key" "${DEBUG}" |& tee -a clientTestOutputs.txt +dirac-proxy-init "${DEBUG}" |& tee -a clientTestOutputs.txt #-------------------------------------------------------------------------------# echo -e "*** $(date -u) **** Submit a job ****\n" diff --git a/tests/Jenkins/dirac-cfg-update-server.py b/tests/Jenkins/dirac-cfg-update-server.py index 39d4956afe3..d10fdd2bfac 100644 --- a/tests/Jenkins/dirac-cfg-update-server.py +++ b/tests/Jenkins/dirac-cfg-update-server.py @@ -548,7 +548,7 @@ csAPI.setOption( "Registry/Hosts/server/Properties", - "TrustedHost,CSAdministrator,JobAdministrator,FullDelegation,ProxyManagement,Operator,ProductionManagement,GenericPilot", + "TrustedHost,SiteManager,CSAdministrator,ServiceAdministrator,JobAdministrator,FullDelegation,ProxyManagement,Operator,ProductionManagement,GenericPilot", ) # Setting Systems/WorkloadManagement/Executors/Optimizers/JobScheduling/RescheduleDelays diff --git a/tests/Jenkins/dirac_ci.sh b/tests/Jenkins/dirac_ci.sh index f8119340fdb..ff845c296a4 100644 --- a/tests/Jenkins/dirac_ci.sh +++ b/tests/Jenkins/dirac_ci.sh @@ -144,9 +144,9 @@ installSite() { # will be wrong on the client ln -s "${SERVERINSTALLDIR}/diracos/etc/grid-security/certificates/ca.cert.pem" "${SERVERINSTALLDIR}/diracos/etc/grid-security/certificates/$caHash.0" - # Copy the user cert and key to the correct directory - cp /ca/certs/client.pem "${SERVERINSTALLDIR}/user/" - cp /ca/certs/client.key "${SERVERINSTALLDIR}/user/" + # # Copy the user cert and key to the correct directory + # cp /ca/certs/client.pem "${SERVERINSTALLDIR}/user/" + # cp /ca/certs/client.key "${SERVERINSTALLDIR}/user/" rm -rf "${SERVERINSTALLDIR}/etc" ln -s "${SERVERINSTALLDIR}/diracos/etc" "${SERVERINSTALLDIR}/etc" @@ -231,10 +231,10 @@ fullInstallDIRAC() { cat "${SERVERINSTALLDIR}/diracos/etc/Production.cfg" fi - if ! diracCredentials; then - echo "ERROR: diracCredentials failed" >&2 - exit 1 - fi + # if ! diracCredentials; then + # echo "ERROR: diracCredentials failed" >&2 + # exit 1 + # fi #just add a site if ! diracAddSite; then @@ -243,7 +243,8 @@ fullInstallDIRAC() { fi echo "==> Restarting Configuration Server" - dirac-restart-component Configuration Server ${DEBUG} + dirac-restart-component Configuration Server -o /DIRAC/Security/UseServerCertificate=True ${DEBUG} + # dirac-restart-component Tornado Tornado -o /DIRAC/Security/UseServerCertificate=True ${DEBUG} #Install the Framework findDatabases 'FrameworkSystem' @@ -253,7 +254,6 @@ fullInstallDIRAC() { exit 1 fi - dirac-restart-component Tornado Tornado ${DEBUG} findServices 'FrameworkSystem' grep -v 'Tornado' services > disetServices @@ -288,14 +288,14 @@ fullInstallDIRAC() { cat "${SERVERINSTALLDIR}/etc/Production.cfg" echo "==> Restarting Framework services" - dirac-restart-component Framework '*' ${DEBUG} - dirac-restart-component Tornado Tornado ${DEBUG} + dirac-restart-component Framework '*' -o /DIRAC/Security/UseServerCertificate=True ${DEBUG} + # dirac-restart-component Tornado Tornado -o /DIRAC/Security/UseServerCertificate=True ${DEBUG} #Now all the rest # slave CS if [[ "${TEST_HTTPS:-Yes}" = "No" ]]; then - if ! dirac-install-component Configuration TornadoConfiguration "${DEBUG}"; then + if ! dirac-install-component Configuration TornadoConfiguration -o /DIRAC/Security/UseServerCertificate=True "${DEBUG}"; then echo 'ERROR: dirac-install-component failed' >&2 exit 1 fi @@ -309,16 +309,10 @@ fullInstallDIRAC() { exit 1 fi - #upload proxies - if ! diracProxies; then - echo "ERROR: diracProxies failed" >&2 - exit 1 - fi - #fix the DBs (for the FileCatalog and MultiVOFileCatalog) diracDFCDB diracMVDFCDB - python "${TESTCODE}/DIRAC/tests/Jenkins/dirac-cfg-update-dbs.py" "${DEBUG}" + python "${TESTCODE}/DIRAC/tests/Jenkins/dirac-cfg-update-dbs.py" -o /DIRAC/Security/UseServerCertificate=True "${DEBUG}" # services (not looking for FrameworkSystem already installed) findServices 'exclude' 'FrameworkSystem' @@ -341,14 +335,14 @@ fullInstallDIRAC() { # install an additional FileCatalog service for multi VO metadata tests if [[ "${TEST_HTTPS:-Yes}" = "No" ]]; then - echo "==> calling dirac-install-component DataManagement MultiVOFileCatalog -m FileCatalog -p Port=9198 -p Database=MultiVOFileCatalogDB ${DEBUG}" - if ! dirac-install-component DataManagement MultiVOFileCatalog -m FileCatalog -p Port=9198 -p Database=MultiVOFileCatalogDB "${DEBUG}"; then + echo "==> calling dirac-install-component DataManagement MultiVOFileCatalog -m FileCatalog -p Port=9198 -p Database=MultiVOFileCatalogDB -o /DIRAC/Security/UseServerCertificate=True ${DEBUG}" + if ! dirac-install-component DataManagement MultiVOFileCatalog -m FileCatalog -p Port=9198 -p Database=MultiVOFileCatalogDB -o /DIRAC/Security/UseServerCertificate=True "${DEBUG}"; then echo 'ERROR: dirac-install-component failed' >&2 exit 1 fi else - echo "==> calling dirac-install-component DataManagement TornadoMultiVOFileCatalog -m TornadoFileCatalog -p Port=9198 -p Protocol=https -p Database=MultiVOFileCatalogDB ${DEBUG}" - if ! dirac-install-component DataManagement TornadoMultiVOFileCatalog -m TornadoFileCatalog -p Port=9198 -p Protocol=https -p Database=MultiVOFileCatalogDB "${DEBUG}"; then + echo "==> calling dirac-install-component DataManagement TornadoMultiVOFileCatalog -m TornadoFileCatalog -p Port=9198 -p Protocol=https -p Database=MultiVOFileCatalogDB -o /DIRAC/Security/UseServerCertificate=True ${DEBUG}" + if ! dirac-install-component DataManagement TornadoMultiVOFileCatalog -m TornadoFileCatalog -p Port=9198 -p Protocol=https -p Database=MultiVOFileCatalogDB -o /DIRAC/Security/UseServerCertificate=True "${DEBUG}"; then echo 'ERROR: dirac-install-component failed' >&2 exit 1 fi @@ -356,51 +350,51 @@ fullInstallDIRAC() { dirac-restart-component Tornado Tornado ${DEBUG} fi #fix the DFC services options - python "${TESTCODE}/DIRAC/tests/Jenkins/dirac-cfg-update-services.py" "${DEBUG}" + python "${TESTCODE}/DIRAC/tests/Jenkins/dirac-cfg-update-services.py" -o /DIRAC/Security/UseServerCertificate=True "${DEBUG}" #fix the SandboxStore and other stuff - python "${TESTCODE}/DIRAC/tests/Jenkins/dirac-cfg-update-server.py" "${DEBUG}" + python "${TESTCODE}/DIRAC/tests/Jenkins/dirac-cfg-update-server.py" -o /DIRAC/Security/UseServerCertificate=True "${DEBUG}" echo "==> Restarting Tornado Tornado" - dirac-restart-component Tornado Tornado ${DEBUG} + # dirac-restart-component Tornado Tornado -o /DIRAC/Security/UseServerCertificate=True ${DEBUG} if [[ "${TEST_HTTPS:-Yes}" = "No" ]]; then echo "==> Restarting WorkloadManagement SandboxStore" - dirac-restart-component WorkloadManagement SandboxStore ${DEBUG} + dirac-restart-component WorkloadManagement SandboxStore -o /DIRAC/Security/UseServerCertificate=True ${DEBUG} echo "==> Restarting DataManagement FileCatalog" - dirac-restart-component DataManagement FileCatalog ${DEBUG} + dirac-restart-component DataManagement FileCatalog -o /DIRAC/Security/UseServerCertificate=True ${DEBUG} echo "==> Restarting DataManagement MultiVOFileCatalog" - dirac-restart-component DataManagement MultiVOFileCatalog ${DEBUG} + dirac-restart-component DataManagement MultiVOFileCatalog -o /DIRAC/Security/UseServerCertificate=True ${DEBUG} echo "==> Restarting ResourceStatus *" - dirac-restart-component ResourceStatus ResourceStatus ${DEBUG} - dirac-restart-component ResourceStatus ResourceManagement ${DEBUG} - dirac-restart-component ResourceStatus Publisher ${DEBUG} + dirac-restart-component ResourceStatus ResourceStatus -o /DIRAC/Security/UseServerCertificate=True ${DEBUG} + dirac-restart-component ResourceStatus ResourceManagement -o /DIRAC/Security/UseServerCertificate=True ${DEBUG} + dirac-restart-component ResourceStatus Publisher -o /DIRAC/Security/UseServerCertificate=True ${DEBUG} fi echo "==> Restarting WorkloadManagement Matcher" - dirac-restart-component WorkloadManagement Matcher ${DEBUG} + dirac-restart-component WorkloadManagement Matcher -o /DIRAC/Security/UseServerCertificate=True ${DEBUG} echo "==> Restarting Configuration Server" - dirac-restart-component Configuration Server ${DEBUG} + dirac-restart-component Configuration Server -o /DIRAC/Security/UseServerCertificate=True ${DEBUG} echo "==> Restarting DataManagement StorageElement(s)" - dirac-restart-component DataManagement SE-1 ${DEBUG} - dirac-restart-component DataManagement SE-2 ${DEBUG} + dirac-restart-component DataManagement SE-1 -o /DIRAC/Security/UseServerCertificate=True ${DEBUG} + dirac-restart-component DataManagement SE-2 -o /DIRAC/Security/UseServerCertificate=True ${DEBUG} # populate RSS echo "==> Populating RSS DB" - dirac-rss-sync --element Site --defaultStatus Banned -o LogLevel=VERBOSE - dirac-rss-sync --element Resource --defaultStatus Banned -o LogLevel=VERBOSE + dirac-rss-sync --element Site --defaultStatus Banned -o LogLevel=VERBOSE -o /DIRAC/Security/UseServerCertificate=True + dirac-rss-sync --element Resource --defaultStatus Banned -o LogLevel=VERBOSE -o /DIRAC/Security/UseServerCertificate=True # init RSS echo "==> Initializing status of sites and resources in RSS" - dirac-rss-sync --init --defaultStatus Banned -o LogLevel=VERBOSE + dirac-rss-sync --init --defaultStatus Banned -o LogLevel=VERBOSE -o /DIRAC/Security/UseServerCertificate=True # Setting by hand - dirac-rss-set-status --element Resource --name ProductionSandboxSE --status Active --reason "Why not?" - dirac-rss-set-status --element Resource --name jenkins.cern.ch --status Active --reason "Why not?" - dirac-rss-set-status --element Resource --name JENKINS-FTS3 --status Active --reason "Why not?" - dirac-rss-set-status --element Resource --name FileCatalog --status Active --reason "Why not?" - dirac-rss-set-status --element Site --name DIRAC.Jenkins.ch --status Active --reason "Why not?" - dirac-admin-allow-se SE-1 SE-2 S3-DIRECT S3-INDIRECT --All + dirac-rss-set-status --element Resource --name ProductionSandboxSE --status Active --reason "Why not?" -o /DIRAC/Security/UseServerCertificate=True + dirac-rss-set-status --element Resource --name jenkins.cern.ch --status Active --reason "Why not?" -o /DIRAC/Security/UseServerCertificate=True + dirac-rss-set-status --element Resource --name JENKINS-FTS3 --status Active --reason "Why not?" -o /DIRAC/Security/UseServerCertificate=True + dirac-rss-set-status --element Resource --name FileCatalog --status Active --reason "Why not?" -o /DIRAC/Security/UseServerCertificate=True + dirac-rss-set-status --element Site --name DIRAC.Jenkins.ch --status Active --reason "Why not?" -o /DIRAC/Security/UseServerCertificate=True + dirac-admin-allow-se SE-1 SE-2 S3-DIRECT S3-INDIRECT --All -o /DIRAC/Security/UseServerCertificate=True #agents findAgents @@ -418,20 +412,20 @@ fullInstallDIRAC() { if [[ "${TEST_HTTPS:-Yes}" = "No" ]]; then echo "==> Restarting WorkloadManagement JobManager" - dirac-restart-component WorkloadManagement JobManager ${DEBUG} + dirac-restart-component WorkloadManagement JobManager -o /DIRAC/Security/UseServerCertificate=True ${DEBUG} else echo "==> Restarting Tornado Tornado" - dirac-restart-component Tornado Tornado ${DEBUG} + dirac-restart-component Tornado Tornado -o /DIRAC/Security/UseServerCertificate=True ${DEBUG} fi echo 'Content of etc/Production.cfg:' cat "${SERVERINSTALLDIR}/etc/Production.cfg" echo "==> Restarting Configuration Server" - dirac-restart-component Configuration Server ${DEBUG} + dirac-restart-component Configuration Server -o /DIRAC/Security/UseServerCertificate=True ${DEBUG} echo "==> Restarting Tornado Tornado" - dirac-restart-component Tornado Tornado ${DEBUG} + # dirac-restart-component Tornado Tornado -o /DIRAC/Security/UseServerCertificate=True ${DEBUG} } diff --git a/tests/Jenkins/install.cfg b/tests/Jenkins/install.cfg index 080bdf3ef16..a189987ee4d 100644 --- a/tests/Jenkins/install.cfg +++ b/tests/Jenkins/install.cfg @@ -44,9 +44,9 @@ LocalInstallation Databases += ResourceStatusDB # List of Services to be installed - minimal list for a running base server Services = Configuration/Server - Services += Framework/TornadoComponentMonitoring + Services += Framework/ComponentMonitoring Services += Framework/SystemAdministrator - Services += ResourceStatus/TornadoResourceStatus + Services += ResourceStatus/ResourceStatus Database { User = VAR_DB_User diff --git a/tests/Jenkins/utilities.sh b/tests/Jenkins/utilities.sh index b6bced37bd7..2e1c077887b 100644 --- a/tests/Jenkins/utilities.sh +++ b/tests/Jenkins/utilities.sh @@ -249,8 +249,8 @@ installDIRAC() { source diracos/diracosrc # Copy the user cert and key to the correct directory - cp /ca/certs/client.pem "${SERVERINSTALLDIR}/user/" - cp /ca/certs/client.key "${SERVERINSTALLDIR}/user/" + # cp /ca/certs/client.pem "${SERVERINSTALLDIR}/user/" + # cp /ca/certs/client.key "${SERVERINSTALLDIR}/user/" cp /ca/certs/client.pem /home/dirac/.globus/usercert.pem cp /ca/certs/client.key /home/dirac/.globus/userkey.pem @@ -390,7 +390,8 @@ diracCredentials() { echo '==> [diracCredentials]' sed -i 's/commitNewData = CSAdministrator/commitNewData = authenticated/g' "${SERVERINSTALLDIR}/etc/Configuration_Server.cfg" - if ! dirac-proxy-init dirac_admin --nocs -C "${SERVERINSTALLDIR}/user/client.pem" -K "${SERVERINSTALLDIR}/user/client.key" "${DEBUG}"; then + if ! dirac-proxy-init dirac_admin --nocs -C "${SERVERINSTALLDIR}/user/client.pem" -K "${SERVERINSTALLDIR}/user/client.key" "${DEBUG}" --valid 72:00; then + # if ! dirac-login dirac_admin --nocs -C "${SERVERINSTALLDIR}/user/client.pem" -K "${SERVERINSTALLDIR}/user/client.key" "${DEBUG}" -T 72; then echo 'ERROR: dirac-proxy-init failed' >&2 exit 1 fi @@ -410,47 +411,47 @@ diracCredentials() { diracUserAndGroup() { echo '==> [diracUserAndGroup]' - if ! dirac-admin-add-user -N ciuser -D /C=ch/O=DIRAC/OU=DIRAC\ CI/CN=ciuser -M lhcb-dirac-ci@cern.ch -G dirac_user "${DEBUG}"; then + if ! dirac-admin-add-user -N ciuser -D /C=ch/O=DIRAC/OU=DIRAC\ CI/CN=ciuser -M lhcb-dirac-ci@cern.ch -G dirac_user -o /DIRAC/Security/UseServerCertificate=True "${DEBUG}"; then echo 'ERROR: dirac-admin-add-user failed' >&2 exit 1 fi - if ! dirac-admin-add-user -N trialUser -D /C=ch/O=DIRAC/OU=DIRAC\ CI/CN=trialUser -M lhcb-dirac-ci@cern.ch -G dirac_user "${DEBUG}"; then + if ! dirac-admin-add-user -N trialUser -D /C=ch/O=DIRAC/OU=DIRAC\ CI/CN=trialUser -M lhcb-dirac-ci@cern.ch -G dirac_user -o /DIRAC/Security/UseServerCertificate=True "${DEBUG}"; then echo 'ERROR: dirac-admin-add-user failed' >&2 exit 1 fi - if ! dirac-admin-add-group -G prod -U adminusername,ciuser,trialUser -P Operator,FullDelegation,ProxyManagement,ServiceAdministrator,JobAdministrator,CSAdministrator,FileCatalogManagement,SiteManager,NormalUser,ProductionManagement VO=vo "${DEBUG}"; then + if ! dirac-admin-add-group -G prod -U adminusername,ciuser,trialUser -P Operator,FullDelegation,ProxyManagement,ServiceAdministrator,JobAdministrator,CSAdministrator,FileCatalogManagement,SiteManager,NormalUser,ProductionManagement VO=vo -o /DIRAC/Security/UseServerCertificate=True "${DEBUG}"; then echo 'ERROR: dirac-admin-add-group failed' >&2 exit 1 fi - if ! dirac-admin-add-group -G jenkins_fcadmin -U adminusername,ciuser,trialUser -P FileCatalogManagement,NormalUser VO=vo "${DEBUG}"; then + if ! dirac-admin-add-group -G jenkins_fcadmin -U adminusername,ciuser,trialUser -P FileCatalogManagement,NormalUser -o /DIRAC/Security/UseServerCertificate=True VO=vo "${DEBUG}"; then echo 'ERROR: dirac-admin-add-group failed' >&2 exit 1 fi - if ! dirac-admin-add-group -G jenkins_user -U adminusername,ciuser,trialUser -P NormalUser VO=vo "${DEBUG}"; then + if ! dirac-admin-add-group -G jenkins_user -U adminusername,ciuser,trialUser -P NormalUser VO=vo -o /DIRAC/Security/UseServerCertificate=True "${DEBUG}"; then echo 'ERROR: dirac-admin-add-group failed' >&2 exit 1 fi - if ! dirac-admin-add-shifter DataManager adminusername prod "${DEBUG}"; then + if ! dirac-admin-add-shifter DataManager adminusername prod -o /DIRAC/Security/UseServerCertificate=True "${DEBUG}"; then echo 'ERROR: dirac-admin-add-shifter failed' >&2 exit 1 fi - if ! dirac-admin-add-shifter TestManager adminusername prod "${DEBUG}"; then + if ! dirac-admin-add-shifter TestManager adminusername prod -o /DIRAC/Security/UseServerCertificate=True "${DEBUG}"; then echo 'ERROR: dirac-admin-add-shifter failed' >&2 exit 1 fi - if ! dirac-admin-add-shifter ProductionManager adminusername prod "${DEBUG}"; then + if ! dirac-admin-add-shifter ProductionManager adminusername prod -o /DIRAC/Security/UseServerCertificate=True "${DEBUG}"; then echo 'ERROR: dirac-admin-add-shifter failed' >&2 exit 1 fi - if ! dirac-admin-add-shifter LHCbPR adminusername prod "${DEBUG}"; then + if ! dirac-admin-add-shifter LHCbPR adminusername prod -o /DIRAC/Security/UseServerCertificate=True "${DEBUG}"; then echo 'ERROR: dirac-admin-add-shifter failed' >&2 exit 1 fi @@ -465,32 +466,27 @@ diracUserAndGroup() { # #............................................................................. -diracProxies() { - echo '==> [diracProxies]' - - # Make sure DiracX is running - # And make sure it was synced - if [[ -n $TEST_DIRACX ]]; then - echo "Waiting for for DiracX to be available" >&2 - for i in {1..10}; do - if dirac-proxy-init -C "${SERVERINSTALLDIR}/user/client.pem" -K "${SERVERINSTALLDIR}/user/client.key" "${DEBUG}"; then - break - fi - sleep 5 - done - fi - - # User proxy - if ! dirac-proxy-init -C "${SERVERINSTALLDIR}/user/client.pem" -K "${SERVERINSTALLDIR}/user/client.key" "${DEBUG}"; then - echo 'ERROR: dirac-init failed' >&2 - exit 1 - fi - # group proxy - if ! dirac-proxy-init prod -C "${SERVERINSTALLDIR}/user/client.pem" -K "${SERVERINSTALLDIR}/user/client.key" "${DEBUG}"; then - echo 'ERROR: dirac-init failed' >&2 - exit 1 - fi -} +# diracProxies() { +# echo '==> [diracProxies]' + +# # Make sure DiracX is running +# # And make sure it was synced +# if [[ -n $TEST_DIRACX ]]; then +# echo "Waiting for DiracX to be available" >&2 +# for i in {1..10}; do +# if dirac-proxy-init "${DEBUG}"; then +# break +# fi +# sleep 5 +# done +# fi + +# # group proxy +# if ! dirac-proxy-init prod "${DEBUG}"; then +# echo 'ERROR: dirac-init failed' >&2 +# exit 1 +# fi +# } #............................................................................. # @@ -502,7 +498,7 @@ diracProxies() { diracRefreshCS() { echo '==> [diracRefreshCS]' - if ! python "${TESTCODE}/DIRAC/tests/Jenkins/dirac-refresh-cs.py" "${DEBUG}"; then + if ! python "${TESTCODE}/DIRAC/tests/Jenkins/dirac-refresh-cs.py" -o /DIRAC/Security/UseServerCertificate=True "${DEBUG}"; then echo 'ERROR: dirac-refresh-cs failed' >&2 exit 1 fi @@ -522,7 +518,7 @@ diracRefreshCS() { diracAddSite() { echo '==> [diracAddSite]' - if ! dirac-admin-add-site DIRAC.Jenkins.ch aNameWhatSoEver jenkins.cern.ch "${DEBUG}"; then + if ! dirac-admin-add-site DIRAC.Jenkins.ch aNameWhatSoEver jenkins.cern.ch -o /DIRAC/Security/UseServerCertificate=yes "${DEBUG}"; then echo 'ERROR: dirac-admin-add-site failed' >&2 exit 1 fi @@ -545,15 +541,15 @@ diracServices(){ # dirac-proxy-init -U -g prod -C ${SERVERINSTALLDIR}/user/client.pem -K ${SERVERINSTALLDIR}/user/client.key "${DEBUG}" for serv in $services; do - echo "==> calling dirac-install-component $serv ${DEBUG}" - if ! dirac-install-component "$serv" "${DEBUG}"; then + echo "==> calling dirac-install-component $serv -o /DIRAC/Security/UseServerCertificate=True ${DEBUG}" + if ! dirac-install-component "$serv" -o /DIRAC/Security/UseServerCertificate=True "${DEBUG}"; then echo 'ERROR: dirac-install-component failed' >&2 exit 1 fi - if ! dirac-restart-component Tornado Tornado "${DEBUG}"; then - echo 'ERROR: could not restart Tornado' >&2 - exit 1 - fi + # if ! dirac-restart-component Tornado Tornado -o /DIRAC/Security/UseServerCertificate=True "${DEBUG}"; then + # echo 'ERROR: could not restart Tornado' >&2 + # exit 1 + # fi done } @@ -564,7 +560,7 @@ diracSEs(){ echo "==> Installing SE-1" seDir=${SERVERINSTALLDIR}/Storage/SE-1 mkdir -p "${seDir}" - if ! dirac-install-component DataManagement SE-1 -m StorageElement -p BasePath="${seDir}" -p Port=9148 "${DEBUG}"; then + if ! dirac-install-component DataManagement SE-1 -m StorageElement -p BasePath="${seDir}" -p Port=9148 -o /DIRAC/Security/UseServerCertificate=True "${DEBUG}"; then echo 'ERROR: dirac-install-component failed' >&2 exit 1 fi @@ -572,7 +568,7 @@ diracSEs(){ echo "==> Installing SE-2" seDir=${SERVERINSTALLDIR}/Storage/SE-2 mkdir -p "${seDir}" - if ! dirac-install-component DataManagement SE-2 -m StorageElement -p BasePath="${seDir}" -p Port=9147 "${DEBUG}"; then + if ! dirac-install-component DataManagement SE-2 -m StorageElement -p BasePath="${seDir}" -p Port=9147 -o /DIRAC/Security/UseServerCertificate=True "${DEBUG}"; then echo 'ERROR: dirac-install-component failed' >&2 exit 1 fi @@ -606,8 +602,8 @@ diracUninstallServices(){ fi for serv in $services; do - echo '==> calling dirac-uninstall-component' "$serv" "${DEBUG}" - dirac-uninstall-component -f "$serv" "${DEBUG}" + echo '==> calling dirac-uninstall-component' "$serv" -o /DIRAC/Security/UseServerCertificate=True "${DEBUG}" + dirac-uninstall-component -f "$serv" -o /DIRAC/Security/UseServerCertificate=True "${DEBUG}" done if [[ $save =~ e ]]; then @@ -633,10 +629,10 @@ diracAgents(){ if [[ $agent == *" JobAgent"* ]]; then echo '==> ' else - echo "==> calling dirac-cfg-add-option agent $agent" - python "${TESTCODE}/DIRAC/tests/Jenkins/dirac-cfg-add-option.py" "agent" "$agent" - echo "==> calling dirac-agent $agent -o MaxCycles=1 ${DEBUG}" - if ! dirac-agent "$agent" -o MaxCycles=1 "${DEBUG}"; then + echo "==> calling dirac-cfg-add-option agent $agent -o /DIRAC/Security/UseServerCertificate=True " + python "${TESTCODE}/DIRAC/tests/Jenkins/dirac-cfg-add-option.py" "agent" "$agent" -o /DIRAC/Security/UseServerCertificate=True "${DEBUG}" + echo "==> calling dirac-agent $agent -o MaxCycles=1 -o /DIRAC/Security/UseServerCertificate=True ${DEBUG}" + if ! dirac-agent "$agent" -o MaxCycles=1 -o /DIRAC/Security/UseServerCertificate=True "${DEBUG}"; then echo 'ERROR: dirac-agent failed' >&2 exit 1 fi @@ -657,7 +653,7 @@ diracDBs(){ local dbs=$(cut -d ' ' -f 2 < databases | cut -d '.' -f 1 | grep -v ^RequestDB | grep -v ^FileCatalogDB | grep -v ^InstalledComponentsDB) for db in $dbs; do - if ! dirac-install-db "$db" "${DEBUG}"; then + if ! dirac-install-db "$db" -o /DIRAC/Security/UseServerCertificate=True "${DEBUG}"; then echo 'ERROR: dirac-install-db failed' >&2 exit 1 fi @@ -690,7 +686,7 @@ dropDBs(){ # make dbs a real array to avoid future mistake with escaping mapfile -t dbs < <(cut -d ' ' -f 2 < databases | cut -d '.' -f 1 | grep -v ^RequestDB | grep -v ^FileCatalogDB) - python "${TESTCODE}/DIRAC/tests/Jenkins/dirac-drop-db.py" "${dbs[@]}" "${DEBUG}" + python "${TESTCODE}/DIRAC/tests/Jenkins/dirac-drop-db.py" "${dbs[@]}" -o /DIRAC/Security/UseServerCertificate=True "${DEBUG}" } #------------------------------------------------------------------------------- @@ -707,8 +703,7 @@ diracOptimizers(){ for executor in $executors do echo "==> calling dirac-install-component WorkloadManagement/$executor" - if ! dirac-install-component "WorkloadManagement/$executor" - then + if ! dirac-install-component "WorkloadManagement/$executor" -o /DIRAC/Security/UseServerCertificate=True "${DEBUG}"; then echo 'ERROR: dirac-install-component failed' >&2 exit 1 fi