Skip to content

Commit

Permalink
fix(HTCondorCE): fix issue when running with UseSLL that SiteDirector…
Browse files Browse the repository at this point in the history
… does not have HOME environment variable

This prevents an exception.

Alternatively could give a default value for getCertificateAndKeyLocation, but that ends up just hardcoding it as well.
Using SSL is only a temporary solution (and other lies we tell ourselves)
  • Loading branch information
andresailer committed Jun 17, 2024
1 parent 3fc31e5 commit 474727f
Showing 1 changed file with 8 additions and 5 deletions.
13 changes: 8 additions & 5 deletions src/DIRAC/Resources/Computing/HTCondorCEComputingElement.py
Original file line number Diff line number Diff line change
Expand Up @@ -66,7 +66,6 @@
from DIRAC.WorkloadManagementSystem.Client import PilotStatus
from DIRAC.WorkloadManagementSystem.Client.PilotManagerClient import PilotManagerClient
from DIRAC.FrameworkSystem.private.authorization.utils.Tokens import writeToTokenFile
from DIRAC.Core.Security.Locations import getCAsLocation, getCertificateAndKeyLocation
from DIRAC.Resources.Computing.BatchSystems.Condor import HOLD_REASON_SUBCODE, subTemplate, parseCondorStatus

MANDATORY_PARAMETERS = ["Queue"]
Expand Down Expand Up @@ -250,14 +249,18 @@ def _executeCondorCommand(self, cmd, keepTokenFile=False):
}

if self.useSSLSubmission:
if not (certAndKey := getCertificateAndKeyLocation()):
return S_ERROR("You want to use SSL Submission, but no certificate and key are present")
certfile = "/home/dirac/.globus/usercert.pem"
keyfile = "/home/dirac/.globus/userkey.pem"
if not (os.path.exists(certFile) and os.path.exists(keyFile)):
return S_ERROR(
"You want to use SSL Submission, but certificate and key are not present in /home/dirac/.globus/"
)
if not (caFiles := getCAsLocation()):
return S_ERROR("You want to use SSL Submission, but no CA files are present")
htcEnv = {
"_condor_SEC_CLIENT_AUTHENTICATION_METHODS": "SSL",
"_condor_AUTH_SSL_CLIENT_CERTFILE": certAndKey[0],
"_condor_AUTH_SSL_CLIENT_KEYFILE": certAndKey[1],
"_condor_AUTH_SSL_CLIENT_CERTFILE": certFile,
"_condor_AUTH_SSL_CLIENT_KEYFILE": keyFile,
"_condor_AUTH_SSL_CLIENT_CADIR": caFiles,
"_condor_AUTH_SSL_SERVER_CADIR": caFiles,
"_condor_AUTH_SSL_USE_CLIENT_PROXY_ENV_VAR": "false",
Expand Down

0 comments on commit 474727f

Please sign in to comment.