From: František Dvořák Date: Mon, 22 Mar 2010 15:55:52 +0000 (+0000) Subject: Policy config file deployment. X-Git-Tag: glite-jobid-api-c_R_1_0_2_1~12 X-Git-Url: http://scientific.zcu.cz/git/?a=commitdiff_plain;h=b2c5851b6c2f2afadfc13254ba51353d20bdc231;p=jra1mw.git Policy config file deployment. --- diff --git a/org.glite.lb.server/config/startup b/org.glite.lb.server/config/startup index affd4b7..f8dcb9e 100755 --- a/org.glite.lb.server/config/startup +++ b/org.glite.lb.server/config/startup @@ -129,12 +129,19 @@ start() log4c="$GLITE_LOCATION/etc/glite-lb-log4crc" if test -f "$log4c"; then - log4c="LOG4C_RCPATH='$log4c'"; + log4c="LOG4C_RCPATH='$log4c'" else echo "$0: WARNING: config file '$log4c' not found." >&2 unset log4c fi + policy="$GLITE_LOCATION/etc/glite-lb-authz.conf" + if test -f "$policy"; then + policy="--policy '$policy'" + else + unset policy + fi + [ -z "$GLITE_LB_EXPORT_DUMPDIR" ] && GLITE_LB_EXPORT_DUMPDIR=$GLITE_LOCATION_VAR/dump dumpdir="--dump-prefix $GLITE_LB_EXPORT_DUMPDIR" [ -d "$GLITE_LB_EXPORT_DUMPDIR" ] || mkdir -p "$GLITE_LB_EXPORT_DUMPDIR" && chown $GLITE_USER:$GLITE_GROUP -R "$GLITE_LB_EXPORT_DUMPDIR" @@ -202,7 +209,7 @@ start() start_daemon glite-lb-bkserver "$BK_PIDFILE" "$GLITE_LOCATION/bin/glite-lb-bkserverd \ --notif-il-sock=$GLITE_LB_NOTIF_SOCK \ --notif-il-fprefix=$GLITE_LB_NOTIF_FPREFIX \ - $super $creds -i $BK_PIDFILE $port $wport $dumpdir $purgedir $lbreg_maildir $proxy\ + $super $creds -i $BK_PIDFILE $port $wport $dumpdir $purgedir $lbreg_maildir $proxy $policy\ $GLITE_LB_SERVER_OTHER_OPTIONS" if test -x $GLITE_LOCATION/bin/glite-lb-notif-interlogd; then diff --git a/org.glite.lb.yaim/config/functions/config_glite_lb b/org.glite.lb.yaim/config/functions/config_glite_lb index d999714..d3f920f 100644 --- a/org.glite.lb.yaim/config/functions/config_glite_lb +++ b/org.glite.lb.yaim/config/functions/config_glite_lb @@ -43,6 +43,57 @@ function config_glite_lb_setenv(){ yaimgridpath_append LD_LIBRARY_PATH $classads_prefix/${classads_libarch:-lib} } +function config_glite_lb_authz() { + superusers="$1" + rtm="$2" + + superusers="`echo \"$superusers\"| grep -v ^$ | sed 's/\(.*\)/\trule permit {\n\t\tsubject = \"\1\" }\n\t}\n/'`" + rtm="`echo \"$rtm\"| grep -v ^$ | sed 's/\(.*\)/\trule permit {\n\t\tsubject = \"\1\" }\n\t}\n/'`" + + cat < "$GLITE_LOCATION/etc/glite-lb-authz.conf.new" +resource "LB" { + +action "ADMIN_ACCESS" { +$superusers +} + +action "STATUS_FOR_MONITORING" { +$rtm +} + +action "LOG_WMS_EVENTS" { + rule permit { + subject = ".*" + fqan = "/VO/Role=WMS" + } +} + +action "LOG_GENERAL_EVENTS" { + rule permit { + subject = ".*" + } +} + +} +EOF + # something changed + if test -f "$GLITE_LOCATION/etc/glite-lb-authz.conf"; then + diff -w "$GLITE_LOCATION/etc/glite-lb-authz.conf" "$GLITE_LOCATION/etc/glite-lb-authz.conf.new" >/dev/null + if test "$?" != "0"; then + yaimlog WARNING "Original authz configuration moved to '$GLITE_LOCATION/etc/glite-lb-authz.conf.yaimorig'" + mv "$GLITE_LOCATION/etc/glite-lb-authz.conf" "$GLITE_LOCATION/etc/glite-lb-authz.conf.yaimorig" + fi + fi + + # superusers file deprecated + if test -s "${GLITE_LOCATION}/etc/LB-super-users"; then + yaimlog WARNING "Found old superusers file '${GLITE_LOCATION}/etc/LB-super-users', check 'ADMIN_ACCESS' section in glite-lb-authz.conf" + mv "${GLITE_LOCATION}/etc/LB-super-users" "${GLITE_LOCATION}/etc/LB-super-users.old" + fi + + mv "$GLITE_LOCATION/etc/glite-lb-authz.conf.new" "$GLITE_LOCATION/etc/glite-lb-authz.conf" +} + function config_glite_lb() { ############################################# @@ -217,14 +268,7 @@ EOF echo "${GLITE_LOCATION}/etc/init.d/glite-lb-bkserverd" >> ${GLITE_LOCATION}/etc/gLiteservices fi - if [ -z "$GLITE_LB_SUPER_USERS" ]; then - touch ${GLITE_LOCATION}/etc/LB-super-users - else - echo "$GLITE_LB_SUPER_USERS" > ${GLITE_LOCATION}/etc/LB-super-users - fi - if [ x"$GLITE_LB_RTM_ENABLED" = x"true" ]; then - echo "$GLITE_LB_RTM_DN" >> ${GLITE_LOCATION}/etc/LB-super-users - fi + config_glite_lb_authz "$GLITE_LB_SUPER_USERS" "$GLITE_LB_RTM_DN" if [ ! -f ${GLITE_LOCATION}/etc/glite-lb-harvester.conf ]; then echo $HOSTNAME > ${GLITE_LOCATION}/etc/glite-lb-harvester.conf