From 3fc31e58302e3097d03c7de9ac04066577967b72 Mon Sep 17 00:00:00 2001 From: Andre Sailer Date: Mon, 17 Jun 2024 13:24:44 +0200 Subject: [PATCH 1/2] fix(SecureLocations): not everyone has a HOME fix exception when running without HOME variable --- src/DIRAC/Core/Security/Locations.py | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/src/DIRAC/Core/Security/Locations.py b/src/DIRAC/Core/Security/Locations.py index 3c9fa6cdeb9..d89450e8a61 100644 --- a/src/DIRAC/Core/Security/Locations.py +++ b/src/DIRAC/Core/Security/Locations.py @@ -140,9 +140,9 @@ def getCertificateAndKeyLocation(): if "X509_USER_CERT" in os.environ: if os.path.exists(os.environ["X509_USER_CERT"]): certfile = os.environ["X509_USER_CERT"] - if not certfile: - if os.path.exists(os.environ["HOME"] + "/.globus/usercert.pem"): - certfile = os.environ["HOME"] + "/.globus/usercert.pem" + if not certfile and (home := os.environ.get("HOME")): + if os.path.exists(home + "/.globus/usercert.pem"): + certfile = home + "/.globus/usercert.pem" if not certfile: return False @@ -151,9 +151,9 @@ def getCertificateAndKeyLocation(): if "X509_USER_KEY" in os.environ: if os.path.exists(os.environ["X509_USER_KEY"]): keyfile = os.environ["X509_USER_KEY"] - if not keyfile: - if os.path.exists(os.environ["HOME"] + "/.globus/userkey.pem"): - keyfile = os.environ["HOME"] + "/.globus/userkey.pem" + if not keyfile and (home := os.environ.get("HOME")): + if os.path.exists(home + "/.globus/userkey.pem"): + keyfile = home + "/.globus/userkey.pem" if not keyfile: return False From bb1210be72b5ee4833621e6793f5ce4a07e36973 Mon Sep 17 00:00:00 2001 From: Andre Sailer Date: Mon, 17 Jun 2024 13:30:59 +0200 Subject: [PATCH 2/2] fix(HTCondorCE): fix issue when running with UseSLL that SiteDirector does not have HOME environment variable This prevents an exception. Alternatively could give a default value for getCertificateAndKeyLocation, but that ends up just hardcoding it as well. Using SSL is only a temporary solution (and other lies we tell ourselves) --- .../Computing/HTCondorCEComputingElement.py | 14 +++++++++----- 1 file changed, 9 insertions(+), 5 deletions(-) diff --git a/src/DIRAC/Resources/Computing/HTCondorCEComputingElement.py b/src/DIRAC/Resources/Computing/HTCondorCEComputingElement.py index d83fe2a9294..e7f012bfaa3 100644 --- a/src/DIRAC/Resources/Computing/HTCondorCEComputingElement.py +++ b/src/DIRAC/Resources/Computing/HTCondorCEComputingElement.py @@ -66,7 +66,7 @@ from DIRAC.WorkloadManagementSystem.Client import PilotStatus from DIRAC.WorkloadManagementSystem.Client.PilotManagerClient import PilotManagerClient from DIRAC.FrameworkSystem.private.authorization.utils.Tokens import writeToTokenFile -from DIRAC.Core.Security.Locations import getCAsLocation, getCertificateAndKeyLocation +from DIRAC.Core.Security.Locations import getCAsLocation from DIRAC.Resources.Computing.BatchSystems.Condor import HOLD_REASON_SUBCODE, subTemplate, parseCondorStatus MANDATORY_PARAMETERS = ["Queue"] @@ -250,14 +250,18 @@ def _executeCondorCommand(self, cmd, keepTokenFile=False): } if self.useSSLSubmission: - if not (certAndKey := getCertificateAndKeyLocation()): - return S_ERROR("You want to use SSL Submission, but no certificate and key are present") + certFile = "/home/dirac/.globus/usercert.pem" + keyFile = "/home/dirac/.globus/userkey.pem" + if not (os.path.exists(certFile) and os.path.exists(keyFile)): + return S_ERROR( + "You want to use SSL Submission, but certificate and key are not present in /home/dirac/.globus/" + ) if not (caFiles := getCAsLocation()): return S_ERROR("You want to use SSL Submission, but no CA files are present") htcEnv = { "_condor_SEC_CLIENT_AUTHENTICATION_METHODS": "SSL", - "_condor_AUTH_SSL_CLIENT_CERTFILE": certAndKey[0], - "_condor_AUTH_SSL_CLIENT_KEYFILE": certAndKey[1], + "_condor_AUTH_SSL_CLIENT_CERTFILE": certFile, + "_condor_AUTH_SSL_CLIENT_KEYFILE": keyFile, "_condor_AUTH_SSL_CLIENT_CADIR": caFiles, "_condor_AUTH_SSL_SERVER_CADIR": caFiles, "_condor_AUTH_SSL_USE_CLIENT_PROXY_ENV_VAR": "false",