> Date: Thu, 18 Oct 2007 17:52:53 -0500
> From: Gabriele Garzoglio <garzogli@fnal.gov>
> Subject: Minor bug fix in the GUMS probe
> To: William Law <law@cac.cornell.edu>
> Cc: Alain Roy <roy@cs.wisc.edu>,
> Anand Padmanabhan <anand-padmanabhan-1@uiowa.edu>
>
> Hi Will,
> I've fixed a bug in the probe. In case of error, the message was asking
> the admin to check the tomcat logfile, pointing her to the CE machine,
> instead of the GUMS machine.
> Please, update the GIP release with the attached script.
>
> Alain,
> this is really minor. It should go to VDT, at some point, but no rush.
>
> Thanks
> Gabriele
>
>
> ###Assumptions
> # This script assumes to be running in a functional VDT environment
> # (e.g. grid-cert-info and VDT_LOCATION are defined).
> # The use case is that the script uses the http server certificate
> # for securing the connection to GUMS and for testing the mapping
service.
> # Modified: GG Aug 17. Adding check if PRIMA is enabled. Updating
probe for new GUMS dir structure.
>
>
> #Source VDT's setup.sh
> VDT_INSTALLATION_DIR=$1
> . ${VDT_INSTALLATION_DIR}/setup.sh
>
> ###Configuration
>
X509_USER_CERT=${X509_USER_CERT-"/etc/grid-security/http/httpcert.pem"};
export X509_USER_CERT
> X509_USER_KEY=${X509_USER_KEY-"/etc/grid-security/http/httpkey.pem"};
export X509_USER_KEY
> GUMS_CLIENT_CONFIG_FILE=${VDT_LOCATION}/gums/config/gums-client.properties
> BAD_UID_MAPPING="null"
> #Prima configuration parameters
> PRIMA_CALLOUT=/etc/grid-security/gsi-authz.conf
> PRIMA_CALLOUT_STRING="libprima_authz_module_gcc"
>
>
> ###Inline utility functions
> prog=`basename $0`
> die () { echo "$prog: ERROR: $*" >&2; exit 1; }
> warn () { echo "$prog: WARNING: $*" >&2; }
>
>
> ###Derive Configuration Parameters and Validate
> [ -n "$VDT_LOCATION" ] || die "VDT_LOCATION variable not defined.
Aborting..."
> [ -r "$X509_USER_CERT" ] || die "Cannot read certificate file at
$X509_USER_CERT. Aborting..."
> [ -r "$X509_USER_KEY" ] || die "Cannot read certificate key file at
$X509_USER_KEY. Aborting..."
> [ -r "$GUMS_CLIENT_CONFIG_FILE" ] || die "Cannot read GUMS client
configuration file at $GUMS_CLIENT_CONFIG_FILE. Aborting..."
> GUMS_SERVICE_ENDPOINT=`grep "gums.authz" $GUMS_CLIENT_CONFIG_FILE |
sed 's/.*=//g'`
> [ -n "$GUMS_SERVICE_ENDPOINT" ] || warn "Cannot read GUMS service
endpoint. Continuing..."
> GUMS_SERVICE_HOST=`echo $GUMS_SERVICE_ENDPOINT | sed -e
's/https:\/\///g' -e 's/:.*//g'`
> # The identity of the probe. This cert is used to secure the
communication with GUMS
> PROBE_IDENTITY_SUBJECT=`grid-cert-info -subject` || die "Cannot read
certificate subject from file $X509_USER_CERT. Aborting..."
> # The subject used to do the test mapping. This script uses the probe
identity as defined at GUMS v1.2 installation time.
> PROBE_IDENTITY_MAPPING_SUBJECT="/GIP-GUMS-Probe-Identity"
>
> ###Check if using gridmap-file
> GRID_MAP_USED=no
> if [ ! -f $PRIMA_CALLOUT ];then
> GRID_MAP_USED=yes
> else
> rtn=$(grep -v "^#" $PRIMA_CALLOUT | grep -q
"$PRIMA_CALLOUT_STRING";echo $?)
> if [ $rtn -ne 0 ];then
> GRID_MAP_USED=yes
> fi
> fi
> if [ "x$GRID_MAP_USED" = "xyes" ]; then
> # Defines the the attributes in the GLUE Service Entity
> UniqueID="`hostname -f`:gridmap-file"
> Name="Authorization"
> Type="gridmap-file"
> Version="UNDEFINED"
> Status="UNDEFINED"
> StatusInfo="Node is configured to use gridmap-file. Did not check
if gridmap-file is properly configured."
> Endpoint="Not Applicable"
> WSDL="Not Applicable"
> Semantics="http://www.globus.org/toolkit/docs/4.0/security/prewsaa/"
> StartTime="Not Applicable"
> Owner="UNDEFINED"
> fi
>
> ###Probe GUMS
> if [ "x$GRID_MAP_USED" = "xno" ]; then
> #echo " "$PROBE_IDENTITY_SUBJECT" "$PROBE_IDENTITY_MAPPING_SUBJECT" "
> #echo "gums-service mapUser -s "$PROBE_IDENTITY_SUBJECT"
"$PROBE_IDENTITY_MAPPING_SUBJECT""
> GUMS_OUTPUT=`${VDT_LOCATION}/gums/scripts/gums-service mapUser -s
"$PROBE_IDENTITY_SUBJECT" "$PROBE_IDENTITY_MAPPING_SUBJECT" `
> if [ $? != 0 ]; then
> Status="Warning"
> StatusInfo="Failed executing GUMS client command"
> else
> UID_MAPPING=`echo "$GUMS_OUTPUT" | sed -e "s/.*userName: //g"
-e s/]$//g` || die "Cannot extract userName from GUMS output"
> if [ "$UID_MAPPING" != "$BAD_UID_MAPPING" -a "$UID_MAPPING" !=
"" ]; then
> # The test $UID_MAPPING != "" is redundant i.e. this error
condition should not happen at this point
> Status="OK"
> StatusInfo="Test mapping successful: user id = $UID_MAPPING"
> else
> Status="Warning"
> StatusInfo="Test mapping failed: if GUMS was not down,
check logs at ${GUMS_SERVICE_HOST}:${VDT_LOCATION}/tomcat/v55/logs/"
> fi
> fi
>
> # Defines the rest of the attributes in the GLUE Service Entity
> UniqueID="$GUMS_SERVICE_ENDPOINT"
> Name="Authorization"
> Type="GUMS"
> Version="UNDEFINED"
> Endpoint="$GUMS_SERVICE_ENDPOINT"
> WSDL="Not Applicable"
> Semantics="https://www.racf.bnl.gov/Facility/GUMS/"
> StartTime="UNDEFINED"
> Owner="UNDEFINED"
> fi
>
>
> ### Printout Results
>
> #Glue Output
> echo "dn: GlueServiceUniqueID=$UniqueID,Mds-vo-name=local,o=grid"
> echo "objectClass: GlueTop"
> echo "objectClass: GlueService"
> echo "objectClass: GlueKey"
> echo "objectClass: GlueSchemaVersion"
> echo "GlueServiceUniqueID: $UniqueID"
> echo "GlueServiceName: $Name"
> echo "GlueServiceType: $Type"
> echo "GlueServiceEndpoint: $Endpoint"
> echo "GlueServiceSemantics: $Semantics"
> echo "GlueServiceWSDL: $WSDL"
> echo "GlueServiceStatus: $Status"
> echo "GlueServiceStatusInfo: $StatusInfo"
> echo "GlueServiceStartTime: $StartTime"
> echo "GlueServiceOwner: $Owner"
> echo "GlueServiceVersion: $Version"
> echo ""
RT for crt.cs.wisc.edu
