Merge pull request #314 from brianhlin/SOFTWARE-3939.ssl-advertise

Fix central collector SSL advertising (SOFTWARE-3939); remove config generator
htcondor · Mar 19, 2020 · c3db2bb · c3db2bb
2 parents 37288c9 + 2ff4815
commit c3db2bb
Show file tree

Hide file tree

Showing 12 changed files with 18 additions and 466 deletions.
diff --git a/CMakeLists.txt b/CMakeLists.txt
@@ -3,7 +3,7 @@ project(condor-ce)
 
 cmake_minimum_required(VERSION 2.6)
 
-set( HTCONDORCE_VERSION "4.2.0" CACHE INTERNAL "Version of the HTCondor-CE" )
+set( HTCONDORCE_VERSION "4.2.1" CACHE INTERNAL "Version of the HTCondor-CE" )
 
 set( CMAKE_MODULE_PATH ${PROJECT_SOURCE_DIR}/cmake )
 
@@ -57,7 +57,6 @@ install(PROGRAMS
   DESTINATION ${SHARE_INSTALL_PREFIX}/condor-ce)
 
 install(PROGRAMS
-  src/condor_ce_config_generator
   src/condor_ce_config_val
   src/condor_ce_history
   src/condor_ce_hold
@@ -113,7 +112,6 @@ install(FILES
   config/02-ce-slurm.conf
   config/02-ce-bosco.conf
   config/03-managed-fork.conf
-  config/04-ce-collector-auth.conf
   config/05-ce-view.conf
   config/05-ce-health.conf
   contrib/apelscripts/50-ce-apel.conf
@@ -127,7 +125,6 @@ install(FILES
   config/01-common-collector-defaults.conf
   ${CMAKE_CURRENT_BINARY_DIR}/config/01-ce-router-defaults.conf
   config/01-pilot-env-defaults.conf
-  config/02-ce-collector-auth-generated.conf
   config/02-ce-condor-defaults.conf
   config/02-ce-pbs-defaults.conf
   config/02-ce-lsf-defaults.conf
@@ -170,13 +167,10 @@ install(FILES config/ce-status.cpf config/pilot-status.cpf DESTINATION ${SHARE_I
 install(FILES templates/index.html templates/vos.html templates/metrics.html
 	templates/health.html templates/header.html templates/pilots.html DESTINATION ${SHARE_INSTALL_PREFIX}/condor-ce/templates)
 install(FILES config/condor-ce config/condor-ce-collector DESTINATION ${SYSCONF_INSTALL_DIR}/sysconfig)
-install(FILES config/condor-ce-collector.logrotate  RENAME condor-ce-collector  DESTINATION ${SYSCONF_INSTALL_DIR}/logrotate.d)
 
 install(FILES
   config/condor-ce.service
   config/condor-ce-collector.service
-  config/condor-ce-collector-config.service
-  config/condor-ce-collector-config.timer
   DESTINATION ${CMAKE_INSTALL_PREFIX}/lib/systemd/system)
 
 install(FILES config/condor-ce.conf config/condor-ce-collector.conf DESTINATION ${CMAKE_INSTALL_PREFIX}/lib/tmpfiles.d)
diff --git a/config/01-ce-collector-defaults.conf b/config/01-ce-collector-defaults.conf
@@ -23,3 +23,11 @@ EXPIRE_INVALIDATED_ADS = true
 COLLECTOR_PERSISTENT_AD_LOG = $(SPOOL)/collector_ads.log
 VALID_SPOOL_FILES=collector_ads.log $(VALID_SPOOL_FILES)
 
+# Allow site CEs to advertise to the central collector via SSL (SOFTWARE-3939)
+COLLECTOR.SEC_ADVERTISE_SCHEDD_AUTHENTICATION_METHODS = SSL, GSI
+COLLECTOR.SEC_ADVERTISE_MASTER_AUTHENTICATION_METHODS = SSL, GSI
+
+# Allow CEs and XCache hosts not in the grid-mapfile to advertise to the central collector
+COLLECTOR.ALLOW_ADVERTISE_SCHEDD = $(COLLECTOR.ALLOW_ADVERTISE_SCHEDD), $(UNMAPPED_USERS), $(USERS)
+COLLECTOR.ALLOW_ADVERTISE_STARTD = $(COLLECTOR.ALLOW_ADVERTISE_STARTD), $(UNMAPPED_USERS), $(USERS)
+COLLECTOR.ALLOW_ADVERTISE_MASTER = $(COLLECTOR.ALLOW_ADVERTISE_MASTER), $(USERS)
diff --git a/config/01-ce-collector.conf b/config/01-ce-collector.conf
@@ -7,24 +7,8 @@
 #
 ###############################################################################
 
-MYOSG_HOST = my.opensciencegrid.org
-MYOSG_URL = http://$(MYOSG_HOST)/rgsummary/xml?gridtype=on&gridtype_1=on&service=on&service_sel%5B%5D=1&active=on&active_value=1&disable=on&disable_value=0
-
-# Should the config generator issue a "condor_ce_reconfig" afterward?
-GENERATOR_RECONFIG = true
-
 # To BAN a host, add a line of the form:
 #
 #   DENY_ADVERTISE_SCHEDD = $(DENY_ADVERTISE_SCHEDD), [email protected]
 #
 # You can have multiple comma-separated hosts in the DENY listing.
-
-# To ADD a custom host, add a line of the form:
-#
-#   COLLECTOR.ALLOW_ADVERTISE_SCHEDD = $(COLLECTOR.ALLOW_ADVERTISE_SCHEDD), [email protected]/ce.example.com
-#
-# You can have multiple comma-separated hosts in the ALLOW listing.
-
-# The COLLECTOR.ALLOW_ADVERTISE_SCHEDD lines should be of the form:
-#
-#   COLLECTOR.ALLOW_ADVERTISE_SCHEDD = [email protected]/foo.example.com, [email protected]/bar.example.com
diff --git a/config/02-ce-collector-auth-generated.conf b/config/02-ce-collector-auth-generated.conf
diff --git a/config/04-ce-collector-auth.conf b/config/04-ce-collector-auth.conf
diff --git a/config/condor-ce-collector-config.service b/config/condor-ce-collector-config.service
diff --git a/config/condor-ce-collector-config.timer b/config/condor-ce-collector-config.timer
diff --git a/config/condor-ce-collector.logrotate b/config/condor-ce-collector.logrotate
diff --git a/config/condor-ce-collector.service b/config/condor-ce-collector.service
@@ -1,7 +1,7 @@
 [Unit]
 Description=HTCondor CE Collector
-After=syslog.target network-online.target condor-ce-collector-config.service
-Wants=network-online.target condor-ce-collector-config.service
+After=syslog.target network-online.target
+Wants=network-online.target
 
 [Service]
 Type=forking

diff --git a/config/condor_mapfile.osg b/config/condor_mapfile.osg
@@ -1,6 +1,6 @@
 GSI (.*) GSS_ASSIST_GRIDMAP
-GSI "/CN=([-.A-Za-z0-9/= ]+)" \[email protected]
-SSL "/CN=([-.A-Za-z0-9/= ]+)" \[email protected]
+GSI "[-.A-Za-z0-9/= ]*/CN=([-.A-Za-z0-9/= ]+)" \[email protected]
+SSL "[-.A-Za-z0-9/= ]*/CN=([-.A-Za-z0-9/= ]+)" \[email protected]
 CLAIMTOBE .* anonymous@claimtobe
 FS "^(root|condor)$" \[email protected]
 FS "(.*)" \1
diff --git a/rpm/htcondor-ce.spec b/rpm/htcondor-ce.spec
@@ -2,7 +2,7 @@
 #define gitrev osg
 
 Name: htcondor-ce
-Version: 4.2.0
+Version: 4.2.1
 Release: 1%{?gitrev:.%{gitrev}git}%{?dist}
 Summary: A framework to run HTCondor as a CE
 BuildArch: noarch
@@ -422,21 +422,15 @@ install -m 0755 -d -p $RPM_BUILD_ROOT/%{_sysconfdir}/condor-ce/bosco_override
 
 %files collector
 
-%{_bindir}/condor_ce_config_generator
 %{_datadir}/condor-ce/config.d/01-ce-collector-defaults.conf
 %{_datadir}/condor-ce/config.d/01-ce-auth-defaults.conf
 
 %{_unitdir}/condor-ce-collector.service
-%{_unitdir}/condor-ce-collector-config.service
-%{_unitdir}/condor-ce-collector-config.timer
 %{_tmpfilesdir}/condor-ce-collector.conf
 
 %config %{_datadir}/condor-ce/config.d/01-ce-collector-requirements.conf
-%config(noreplace) %{_datadir}/condor-ce/config.d/02-ce-collector-auth-generated.conf
 %config(noreplace) %{_sysconfdir}/sysconfig/condor-ce-collector
 %config(noreplace) %{_sysconfdir}/condor-ce/config.d/01-ce-collector.conf
-%config %{_sysconfdir}/condor-ce/config.d/04-ce-collector-auth.conf
-%config(noreplace) %{_sysconfdir}/logrotate.d/condor-ce-collector
 
 %attr(-,condor,condor) %dir %{_localstatedir}/run/condor-ce
 %attr(-,condor,condor) %dir %{_localstatedir}/log/condor-ce
@@ -449,6 +443,10 @@ install -m 0755 -d -p $RPM_BUILD_ROOT/%{_sysconfdir}/condor-ce/bosco_override
 %attr(1777,root,root) %dir %{_localstatedir}/lib/gratia/condorce_data
 
 %changelog
+* Wed Mar 18 2020 Brian Lin <[email protected]> - 4.2.1-1
+- Drop vestigial central collector config generator
+- Fix unmapped GSI/SSL regexps and allow unmapped enttities to advertise to the central ceollector (SOFTWARE-3939)
+
 * Thu Mar 12 2020 Brian Lin <[email protected]> - 4.2.0-1
 - Add SSL support for reporting to central collectors (SOFTWARE-3939)
 - GLUE2 validation improvements for the BDII provider (#308)