bool
DCStartd::locateStarter( const char* global_job_id,
const char *claimId,
const char *schedd_public_addr,
ClassAd* reply,
int timeout )
{
setCmdStr( "locateStarter" );
ClassAd req;
// Add our own attributes to the request ad we're sending
req.Assign(ATTR_COMMAND,getCommandString( CA_LOCATE_STARTER ));
req.Assign(ATTR_GLOBAL_JOB_ID,global_job_id);
req.Assign(ATTR_CLAIM_ID, claimId);
if ( schedd_public_addr ) {
req.Assign(ATTR_SCHEDD_IP_ADDR,schedd_public_addr);
}
// if this claim is associated with a security session
ClaimIdParser cidp( claimId );
return sendCACmd( &req, reply, false, timeout, cidp.secSessionId() );
}
bool
DCStartd::_suspendClaim( )
{
setCmdStr( "suspendClaim" );
if( ! checkClaimId() ) {
return false;
}
if( ! checkAddr() ) {
return false;
}
// if this claim is associated with a security session
ClaimIdParser cidp(claim_id);
char const *sec_session = cidp.secSessionId();
if (IsDebugLevel(D_COMMAND)) {
int cmd = SUSPEND_CLAIM;
dprintf (D_COMMAND, "DCStartd::_suspendClaim(%s,...) making connection to %s\n", getCommandStringSafe(cmd), _addr ? _addr : "NULL");
}
bool result;
ReliSock reli_sock;
reli_sock.timeout(20); // years of research... :)
if( ! reli_sock.connect(_addr) ) {
std::string err = "DCStartd::_suspendClaim: ";
err += "Failed to connect to startd (";
err += _addr ? _addr : "NULL";
err += ')';
newError( CA_CONNECT_FAILED, err.c_str() );
return false;
}
int cmd = SUSPEND_CLAIM;
result = startCommand( cmd, (Sock*)&reli_sock, 20, NULL, NULL, false, sec_session );
if( ! result ) {
newError( CA_COMMUNICATION_ERROR,
"DCStartd::_suspendClaim: Failed to send command " );
return false;
}
// Now, send the ClaimId
if( ! reli_sock.put_secret(claim_id) ) {
newError( CA_COMMUNICATION_ERROR,
"DCStartd::_suspendClaim: Failed to send ClaimId to the startd" );
return false;
}
if( ! reli_sock.end_of_message() ) {
newError( CA_COMMUNICATION_ERROR,
"DCStartd::_suspendClaim: Failed to send EOM to the startd" );
return false;
}
return true;
}
int
DCStartd::delegateX509Proxy( const char* proxy, time_t expiration_time, time_t *result_expiration_time )
{
dprintf( D_FULLDEBUG, "Entering DCStartd::delegateX509Proxy()\n" );
setCmdStr( "delegateX509Proxy" );
if( ! claim_id ) {
newError( CA_INVALID_REQUEST,
"DCStartd::delegateX509Proxy: Called with NULL claim_id" );
return CONDOR_ERROR;
}
// if this claim is associated with a security session
ClaimIdParser cidp(claim_id);
//
// 1) begin the DELEGATE_GSI_CRED_STARTD command
//
ReliSock* tmp = (ReliSock*)startCommand( DELEGATE_GSI_CRED_STARTD,
Stream::reli_sock,
20, NULL, NULL, false,
cidp.secSessionId() );
if( ! tmp ) {
newError( CA_COMMUNICATION_ERROR,
"DCStartd::delegateX509Proxy: Failed to send command DELEGATE_GSI_CRED_STARTD to the startd" );
return CONDOR_ERROR;
}
//
// 2) get reply from startd - OK means continue, NOT_OK means
// don't bother (the startd doesn't require a delegated
// proxy
//
tmp->decode();
int reply;
if( !tmp->code(reply) ) {
newError( CA_COMMUNICATION_ERROR,
"DCStartd::delegateX509Proxy: failed to receive reply from startd (1)" );
delete tmp;
return CONDOR_ERROR;
}
if ( !tmp->end_of_message() ) {
newError( CA_COMMUNICATION_ERROR,
"DCStartd::delegateX509Proxy: end of message error from startd (1)" );
delete tmp;
return CONDOR_ERROR;
}
if( reply == NOT_OK ) {
delete tmp;
return NOT_OK;
}
//
// 3) send over the claim id and delegate (or copy) the given proxy
//
tmp->encode();
int use_delegation =
param_boolean( "DELEGATE_JOB_GSI_CREDENTIALS", true ) ? 1 : 0;
if( !tmp->code( claim_id ) ) {
newError( CA_COMMUNICATION_ERROR,
"DCStartd::delegateX509Proxy: Failed to send claim id to the startd" );
delete tmp;
return CONDOR_ERROR;
}
if ( !tmp->code( use_delegation ) ) {
newError( CA_COMMUNICATION_ERROR,
"DCStartd::delegateX509Proxy: Failed to send use_delegation flag to the startd" );
delete tmp;
return CONDOR_ERROR;
}
int rv;
filesize_t dont_care;
if( use_delegation ) {
rv = tmp->put_x509_delegation( &dont_care, proxy, expiration_time, result_expiration_time );
}
else {
dprintf( D_FULLDEBUG,
"DELEGATE_JOB_GSI_CREDENTIALS is False; using direct copy\n");
if( ! tmp->get_encryption() ) {
newError( CA_COMMUNICATION_ERROR,
"DCStartd::delegateX509Proxy: Cannot copy: channel does not have encryption enabled" );
delete tmp;
return CONDOR_ERROR;
}
rv = tmp->put_file( &dont_care, proxy );
}
if( rv == -1 ) {
newError( CA_FAILURE,
"DCStartd::delegateX509Proxy: Failed to delegate proxy" );
delete tmp;
return CONDOR_ERROR;
}
if ( !tmp->end_of_message() ) {
newError( CA_FAILURE,
"DCStartd::delegateX509Proxy: end of message error to startd" );
delete tmp;
return CONDOR_ERROR;
}
// command successfully sent; now get the reply
tmp->decode();
if( !tmp->code(reply) ) {
newError( CA_COMMUNICATION_ERROR,
"DCStartd::delegateX509Proxy: failed to receive reply from startd (2)" );
delete tmp;
return CONDOR_ERROR;
}
if ( !tmp->end_of_message() ) {
newError( CA_COMMUNICATION_ERROR,
"DCStartd::delegateX509Proxy: end of message error from startd (2)" );
delete tmp;
return CONDOR_ERROR;
}
delete tmp;
dprintf( D_FULLDEBUG,
"DCStartd::delegateX509Proxy: successfully sent command, reply is: %d\n",
reply );
return reply;
}
int
DCStartd::activateClaim( ClassAd* job_ad, int starter_version,
ReliSock** claim_sock_ptr )
{
int reply;
dprintf( D_FULLDEBUG, "Entering DCStartd::activateClaim()\n" );
setCmdStr( "activateClaim" );
if( claim_sock_ptr ) {
// our caller wants a pointer to the socket we used to
// successfully activate the claim. right now, set it to
// NULL to signify error, and if everything works out,
// we'll give them a pointer to the real object.
*claim_sock_ptr = NULL;
}
if( ! claim_id ) {
newError( CA_INVALID_REQUEST,
"DCStartd::activateClaim: called with NULL claim_id, failing" );
return CONDOR_ERROR;
}
// if this claim is associated with a security session
ClaimIdParser cidp(claim_id);
char const *sec_session = cidp.secSessionId();
Sock* tmp;
tmp = startCommand( ACTIVATE_CLAIM, Stream::reli_sock, 20, NULL, NULL, false, sec_session );
if( ! tmp ) {
newError( CA_COMMUNICATION_ERROR,
"DCStartd::activateClaim: Failed to send command ACTIVATE_CLAIM to the startd" );
return CONDOR_ERROR;
}
if( ! tmp->put_secret(claim_id) ) {
newError( CA_COMMUNICATION_ERROR,
"DCStartd::activateClaim: Failed to send ClaimId to the startd" );
delete tmp;
return CONDOR_ERROR;
}
if( ! tmp->code(starter_version) ) {
newError( CA_COMMUNICATION_ERROR,
"DCStartd::activateClaim: Failed to send starter_version to the startd" );
delete tmp;
return CONDOR_ERROR;
}
if( ! putClassAd(tmp, *job_ad) ) {
newError( CA_COMMUNICATION_ERROR,
"DCStartd::activateClaim: Failed to send job ClassAd to the startd" );
delete tmp;
return CONDOR_ERROR;
}
if( ! tmp->end_of_message() ) {
newError( CA_COMMUNICATION_ERROR,
"DCStartd::activateClaim: Failed to send EOM to the startd" );
delete tmp;
return CONDOR_ERROR;
}
// Now, try to get the reply
tmp->decode();
if( !tmp->code(reply) || !tmp->end_of_message()) {
std::string err = "DCStartd::activateClaim: ";
err += "Failed to receive reply from ";
err += _addr ? _addr : "NULL";
newError( CA_COMMUNICATION_ERROR, err.c_str() );
delete tmp;
return CONDOR_ERROR;
}
dprintf( D_FULLDEBUG, "DCStartd::activateClaim: "
"successfully sent command, reply is: %d\n", reply );
if( reply == OK && claim_sock_ptr ) {
*claim_sock_ptr = (ReliSock*)tmp;
} else {
// in any other case, we're going to leak this ReliSock
// object if we don't delete it here...
delete tmp;
}
return reply;
}
bool
DCStartd::deactivateClaim( bool graceful, bool *claim_is_closing )
{
dprintf( D_FULLDEBUG, "Entering DCStartd::deactivateClaim(%s)\n",
graceful ? "graceful" : "forceful" );
if( claim_is_closing ) {
*claim_is_closing = false;
}
setCmdStr( "deactivateClaim" );
if( ! checkClaimId() ) {
return false;
}
if( ! checkAddr() ) {
return false;
}
// if this claim is associated with a security session
ClaimIdParser cidp(claim_id);
char const *sec_session = cidp.secSessionId();
if (IsDebugLevel(D_COMMAND)) {
int cmd = graceful ? DEACTIVATE_CLAIM : DEACTIVATE_CLAIM_FORCIBLY;
dprintf (D_COMMAND, "DCStartd::deactivateClaim(%s,...) making connection to %s\n", getCommandStringSafe(cmd), _addr ? _addr : "NULL");
}
bool result;
ReliSock reli_sock;
reli_sock.timeout(20); // years of research... :)
if( ! reli_sock.connect(_addr) ) {
std::string err = "DCStartd::deactivateClaim: ";
err += "Failed to connect to startd (";
err += _addr ? _addr : "NULL";
err += ')';
newError( CA_CONNECT_FAILED, err.c_str() );
return false;
}
int cmd;
if( graceful ) {
cmd = DEACTIVATE_CLAIM;
} else {
cmd = DEACTIVATE_CLAIM_FORCIBLY;
}
result = startCommand( cmd, (Sock*)&reli_sock, 20, NULL, NULL, false, sec_session );
if( ! result ) {
std::string err = "DCStartd::deactivateClaim: ";
err += "Failed to send command ";
if( graceful ) {
err += "DEACTIVATE_CLAIM";
} else {
err += "DEACTIVATE_CLAIM_FORCIBLY";
}
err += " to the startd";
newError( CA_COMMUNICATION_ERROR, err.c_str() );
return false;
}
// Now, send the ClaimId
if( ! reli_sock.put_secret(claim_id) ) {
newError( CA_COMMUNICATION_ERROR,
"DCStartd::deactivateClaim: Failed to send ClaimId to the startd" );
return false;
}
if( ! reli_sock.end_of_message() ) {
newError( CA_COMMUNICATION_ERROR,
"DCStartd::deactivateClaim: Failed to send EOM to the startd" );
return false;
}
reli_sock.decode();
ClassAd response_ad;
if( !getClassAd(&reli_sock, response_ad) || !reli_sock.end_of_message() ) {
dprintf( D_FULLDEBUG, "DCStartd::deactivateClaim: failed to read response ad.\n");
// The response ad is not critical and is expected to be missing
// if the startd is from before 7.0.5.
}
else {
bool start = true;
response_ad.LookupBool(ATTR_START,start);
if( claim_is_closing ) {
*claim_is_closing = !start;
}
}
// we're done
dprintf( D_FULLDEBUG, "DCStartd::deactivateClaim: "
"successfully sent command\n" );
return true;
}
bool
HTCondorPeek::create_session()
{
m_retry_sensible = false;
DCSchedd schedd(m_name.size() ? m_name.c_str() : NULL,
m_pool.size() ? m_pool.c_str() : NULL);
dprintf(D_FULLDEBUG,"Locating daemon process\n");
if(!schedd.locate())
{
if (!m_name.size()) {
std::cerr << "Can't find address of local schedd" << std::endl;
return false;
}
if (!m_pool.size()) {
std::cerr << "No such schedd named " << m_name << " in local pool" << std::endl;
} else {
std::cerr << "No such schedd named " << m_name << " in pool " << m_pool << std::endl;
}
return false;
}
m_xfer_q = new DCTransferQueue( schedd );
MyString starter_claim_id;
MyString slot_name;
MyString error_msg;
CondorError error_stack;
int timeout = 300;
// We want encryption because we will be transferring an ssh key.
// must be in format expected by SecMan::ImportSecSessionInfo()
char const *session_info = "[Encryption=\"YES\";Integrity=\"YES\";]";
int job_status;
MyString hold_reason;
bool success = schedd.getJobConnectInfo(m_id,-1,session_info,timeout,&error_stack,m_starter_addr,starter_claim_id,m_starter_version,slot_name,error_msg,m_retry_sensible,job_status,hold_reason);
// turn the ssh claim id into a security session so we can use it
// to authenticate ourselves to the starter
SecMan secman;
ClaimIdParser cidp(starter_claim_id.Value());
if( success ) {
success = secman.CreateNonNegotiatedSecuritySession(
DAEMON,
cidp.secSessionId(),
cidp.secSessionKey(),
cidp.secSessionInfo(),
EXECUTE_SIDE_MATCHSESSION_FQU,
m_starter_addr.Value(),
0 );
if( !success ) {
error_msg = "Failed to create security session to connect to starter.";
}
else {
m_sec_session_id = cidp.secSessionId();
}
}
CondorVersionInfo vi(m_starter_version.Value());
if (vi.is_valid() && !vi.built_since_version(7, 9, 5))
{
std::cerr << "Remote starter (version " << m_starter_version.Value() << ") is too old for condor_peek" << std::endl;
return false;
}
if( !success ) {
if ( !m_retry_sensible ) {
std::cerr << error_msg.Value() << std::endl;
}
return false;
}
dprintf(D_FULLDEBUG,"Got connect info for starter %s\n",
m_starter_addr.Value());
return true;
}
