Permalink
Browse files

Add support for configurable accounting strings

  • Loading branch information...
oldpatricka committed Feb 23, 2011
1 parent 0711600 commit bb0df0d0e553ce0c079098827eefba48e801418a
@@ -50,4 +50,10 @@ public int getAliasType() {
public String getAliasTypeData() {
return aliasTypeData;
}
+
+ public String toString() {
+
+ return "userID: '" + userId + "' aliasName: '" + aliasName + "' friendlyName: '" + friendlyName
+ + "' aliasType: '" + aliasType + "' aliasTypeData: '" + aliasTypeData + "'";
+ }
}
@@ -6,7 +6,27 @@
http://www.springframework.org/schema/beans/spring-beans-2.0.xsd">
<import resource="main.conflocator.xml" />
+ <import resource="authz-callout-ACTIVE.xml" />
+ <bean id="other.AuthzDataSource"
+ class="org.apache.commons.dbcp.BasicDataSource">
+ <property name="driverClassName" value="org.sqlite.JDBC" />
+ <property name="maxActive" value="10" />
+ <property name="maxIdle" value="4" />
+ <property name="maxWait" value="2000" />
+ <property name="poolPreparedStatements" value="true" />
+
+ <property name="url"
+ value="jdbc:sqlite://$CUMULUS{cumulus.authz.db}" />
+ <property name="username" value="nimbus"/>
+ <property name="password" value="nimbus"/>
+ </bean>
+
+
+ <bean id="other.authzDBAdapter" class="org.nimbus.authz.AuthzDBAdapter">
+ <constructor-arg ref="other.AuthzDataSource"/>
+ </bean>
+
<bean id="nimbus-rm.scheduler.SlotManagement"
class="org.globus.workspace.scheduler.defaults.pilot.PilotSlotManagement"
init-method="validate">
@@ -100,13 +120,16 @@
<property name="extraProperties" value="$PILOT{pbs.extra.properties}" />
<property name="destination" value="$PILOT{pbs.destination}" />
<property name="grace" value="$PILOT{pbs.grace}" />
+ <property name="accounting" value="$PILOT{pbs.accounting.type}" />
<!-- Needed workspace service modules -->
<constructor-arg ref="nimbus-rm.home.instance" />
<constructor-arg ref="nimbus-rm.loglevels" />
<constructor-arg ref="other.MainDataSource" />
<constructor-arg ref="other.timerManager" />
+ <constructor-arg ref="other.authzDBAdapter" />
+ <constructor-arg ref="nimbus-rm.service.binding.AuthorizationCallout" />
<!-- set after object creation time to avoid circular dep with home -->
<property name="instHome" ref="nimbus-rm.home.instance" />
@@ -118,6 +118,14 @@ pbs.grace=8
pbs.extra.properties=
+# Optional, if you would like to append an accounting string to your qsub
+# invokation, you can use either the user's certificate DN, the user's display
+# name as shown by nimbus-list-users, or the user's authz DB accounting group.
+#
+# You can select these with 'dn', 'displayname', or 'group'
+
+pbs.accounting.type=
+
# Optional, if configured this is prepended to the pilot exe invocation if
# nodes needed are greater than one. Torque uses pbsdsh for this.
@@ -370,6 +370,21 @@ public Integer isRootPartitionUnpropTargetPermitted(URI target,
throw new AuthorizationException(NO_POLICIES_MESSAGE);
}
+ public String getGroupName(String caller) {
+
+
+ for (int i = 0; i < this.groups.length; i++) {
+
+ final GroupRights rights = getRights(caller, this.groups[i]);
+ // only first inclusion of DN is considered
+ if (rights != null) {
+ return this.groups[i].getName();
+ }
+ }
+
+ return null;
+ }
+
// -------------------------------------------------------------------------
// FOR CLOUD AUTOCONFIG
@@ -20,12 +20,16 @@
import edu.emory.mathcs.backport.java.util.concurrent.ExecutorService;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
+import org.globus.workspace.groupauthz.GroupAuthz;
import org.globus.workspace.scheduler.NodeExistsException;
import org.globus.workspace.scheduler.NodeInUseException;
import org.globus.workspace.scheduler.NodeManagement;
import org.globus.workspace.scheduler.NodeManagementDisabled;
import org.globus.workspace.scheduler.NodeNotFoundException;
import org.globus.workspace.scheduler.defaults.ResourcepoolEntry;
+import org.globus.workspace.service.binding.authorization.CreationAuthorizationCallout;
+import org.nimbus.authz.AuthzDBAdapter;
+import org.nimbus.authz.UserAlias;
import org.nimbustools.api.services.rm.DoesNotExistException;
import org.nimbustools.api.services.rm.ResourceRequestDeniedException;
import org.nimbustools.api.services.rm.ManageException;
@@ -118,6 +122,8 @@
private TorqueUtil torque;
+ private AuthzDBAdapter authzDBAdapter;
+ private CreationAuthorizationCallout authzCallout;
// set from config
private String contactPort;
@@ -138,6 +144,7 @@
private String destination = null; // only one for now
private String extraProperties = null;
private String multiJobPrefix = null;
+ private String accounting;
// -------------------------------------------------------------------------
// CONSTRUCTOR
@@ -146,7 +153,9 @@
public PilotSlotManagement(WorkspaceHome home,
Lager lager,
DataSource dataSource,
- TimerManager timerManager) {
+ TimerManager timerManager,
+ AuthzDBAdapter authz,
+ CreationAuthorizationCallout authzCall) {
if (home == null) {
throw new IllegalArgumentException("home may not be null");
@@ -168,6 +177,9 @@ public PilotSlotManagement(WorkspaceHome home,
throw new IllegalArgumentException("lager may not be null");
}
this.lager = lager;
+
+ this.authzDBAdapter = authz;
+ this.authzCallout = authzCall;
}
@@ -268,6 +280,20 @@ public void setLogdirResource(Resource logdirResource) throws IOException {
this.logdirPath = logdirResource.getFile().getAbsolutePath();
}
+ public AuthzDBAdapter getAuthzDBAdapter() {
+ return authzDBAdapter;
+ }
+
+ public void setAuthzDBAdapter(AuthzDBAdapter authzDBAdapter) {
+ this.authzDBAdapter = authzDBAdapter;
+ }
+
+ public void setAccounting(String accounting) {
+ if (accounting != null && accounting.trim().length() != 0) {
+ this.accounting = accounting;
+ }
+ }
+
// -------------------------------------------------------------------------
// IoC INIT METHOD
// -------------------------------------------------------------------------
@@ -669,6 +695,8 @@ private void reserveSpaceImpl(final int memory,
ppnRequested = this.ppn;
}
+ String account = getAccountString(creatorDN, this.accounting);
+
// we know it's torque for now, no casing
final ArrayList torquecmd;
try {
@@ -681,7 +709,7 @@ private void reserveSpaceImpl(final int memory,
outputFile,
false,
false,
- creatorDN);
+ account);
} catch (WorkspaceException e) {
final String msg = "Problem with Torque argument construction";
@@ -1693,4 +1721,52 @@ public boolean removeNode(String hostname)
public String getVMMReport() {
return "No VMM report when pilot is configured.";
}
+
+ public String getAccountString(String userDN, String accountingType) {
+
+ String accountString = null;
+ if (accountingType == null) {
+ accountString = null;
+ }
+ else if (accountingType.equalsIgnoreCase("dn")) {
+
+ accountString = userDN;
+ }
+ else if (accountingType.equalsIgnoreCase("displayname")) {
+
+ try {
+ String userID = authzDBAdapter.getCanonicalUserIdFromDn(userDN);
+ final List<UserAlias> aliasList = authzDBAdapter.getUserAliases(userID);
+ for (UserAlias alias : aliasList) {
+ if (alias.getAliasType() == AuthzDBAdapter.ALIAS_TYPE_DN) {
+
+ accountString = alias.getFriendlyName();
+ }
+ }
+ logger.error("Can't find display name for '" + userDN + "'. "
+ + "No accounting string will be sent to PBS.");
+ }
+ catch (Exception e) {
+ logger.error("Can't connect to authzdb db. No accounting string will be sent to PBS.");
+ }
+ }
+ else if (accountingType.equalsIgnoreCase("group")) {
+
+ try {
+ GroupAuthz groupAuthz = (GroupAuthz)this.authzCallout;
+ accountString = groupAuthz.getGroupName(userDN);
+ }
+ catch (Exception e) {
+ logger.error("Problem getting group string. Are you sure you're using Group or SQL authz?");
+ logger.debug("full error: " + e);
+ }
+ }
+ else {
+
+ logger.error("'" + accountingType + "' isn't a valid accounting string type. "
+ + "No accounting string will be sent to PBS.");
+ }
+
+ return accountString;
+ }
}

0 comments on commit bb0df0d

Please sign in to comment.