From c5591473fd2f9099b9d95f6888bb7872c650e609 Mon Sep 17 00:00:00 2001 From: Matyas Selmeci Date: Mon, 18 Mar 2024 16:23:32 -0500 Subject: [PATCH 1/3] Prepend /etc/grid-security/grid-mapfile to the grid-mapfile downloaded from Topology (SOFTWARE-5468) This lets us change the default grid-mapfile location in the xrootd config while preserving backward compatibility. --- src/authfile-update | 15 +++++++++++---- 1 file changed, 11 insertions(+), 4 deletions(-) diff --git a/src/authfile-update b/src/authfile-update index 33d5a23..886d63c 100755 --- a/src/authfile-update +++ b/src/authfile-update @@ -89,13 +89,20 @@ class Download: self.full_destdir = f"{self.destdir}/{self.instance}" self.dest_file = f"{self.full_destdir}/{self.config_file}" - self.local_files = [ + self.local_files = [] + if config_file == "grid-mapfile": + # Local additions to the grid-mapfile are prepended, not appended + # to what's downloaded from topology because we want them to "win" + self.prepend_local = True + + # Backward compat: also read /etc/grid-security/grid-mapfile + self.local_files.append("/etc/grid-security/grid-mapfile") + else: + self.prepend_local = False + self.local_files += [ f"{self.destdir}/{self.instance}/{self.config_file}.local", f"/etc/xrootd/{self.instance}-{self.config_file}.local", ] - self.prepend_local = config_file == "grid-mapfile" - # ^^ local additions to the grid-mapfile are prepended, not appended - # to what's downloaded from topology def fetch(self) -> Tuple[Optional[str], bool]: """Download the data for this config file from Topology and return From 2fe841b73697f05611824bfaa0fcb5bf06ee53b1 Mon Sep 17 00:00:00 2001 From: Matyas Selmeci Date: Mon, 18 Mar 2024 16:53:21 -0500 Subject: [PATCH 2/3] Set `GridMapfile` and `GmapOpt` in the XRootD config (SOFTWARE-5468) These are variables that an upcoming version of osg-xrootd will use to define where the grid-mapfile is (instead of hardcoding `/etc/grid-security/grid-mapfile`) and what the behavior should be if there's no mapping (instead of hardcoding `trymap`). It has no effect with previous versions of osg-xrootd. It has to come before 50-osg-http.cfg and 50-osg-xrdvoms.cfg. --- configs/xcache/config.d/40-xcache-auth.cfg | 22 ++++++++++++++++++++++ 1 file changed, 22 insertions(+) diff --git a/configs/xcache/config.d/40-xcache-auth.cfg b/configs/xcache/config.d/40-xcache-auth.cfg index 68050a6..166d56e 100644 --- a/configs/xcache/config.d/40-xcache-auth.cfg +++ b/configs/xcache/config.d/40-xcache-auth.cfg @@ -14,3 +14,25 @@ if named stash-cache else setenv X509_USER_PROXY = /run/xcache-auth/x509_proxy fi + + +if defined ?GridMapfile + # pass +else if named stash-cache-auth + set GridMapfile = /run/stash-cache-auth/grid-mapfile +else if named stash-origin-auth + set GridMapfile = /run/stash-origin-auth/grid-mapfile +else + set GridMapfile = /etc/grid-security/grid-mapfile +fi + +if defined ?GmapOpt + # pass +else if named stash-cache-auth + set GmapOpt = usemap +else if named stash-origin-auth + set GmapOpt = usemap +else + set GmapOpt = trymap +fi + From 5ac168888db89925f3e998ff98e072830770d7dc Mon Sep 17 00:00:00 2001 From: Matyas Selmeci Date: Mon, 18 Mar 2024 18:24:32 -0500 Subject: [PATCH 3/3] Skip a local file if it's the same file as the destination file --- src/authfile-update | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/src/authfile-update b/src/authfile-update index 886d63c..c3f30e9 100755 --- a/src/authfile-update +++ b/src/authfile-update @@ -144,6 +144,10 @@ class Download: new_text = "" for local_file in self.local_files: try: + if os.path.samefile(os.path.realpath(local_file), os.path.realpath(self.dest_file)): + # The local file is a symlink to the destination file or something similar. + # Skip it to avoid a loop. + continue with open(local_file, "rt", encoding="utf-8", errors="replace") as fh: new_text += ( f"## The following lines are from {local_file}:\n"