Skip to content

Commit

Permalink
Add certificates handling to Tier0Handler
Browse files Browse the repository at this point in the history
  • Loading branch information
JanChyczynski committed Aug 23, 2024
1 parent f6e0fc4 commit d18d64d
Showing 1 changed file with 38 additions and 21 deletions.
59 changes: 38 additions & 21 deletions CondCore/Utilities/python/tier0.py
Original file line number Diff line number Diff line change
Expand Up @@ -23,7 +23,7 @@ def __init__(self, message):

def unique(seq, keepstr=True):
t = type(seq)
if t in (unicode, str):
if t is str:
t = (list, t('').join)[bool(keepstr)]
try:
remaining = set(seq)
Expand Down Expand Up @@ -90,43 +90,60 @@ def unsetDebug( self ):
def setProxy( self, proxy ):
self._proxy = proxy

def _queryTier0DataSvc( self, url ):
"""
Queries Tier0DataSvc.
url: Tier0DataSvc URL.
@returns: dictionary, from whence the required information must be retrieved according to the API call.
Raises if connection error, bad response, or timeout after retries occur.
"""
def _getCerts( self ) -> str:
cert_path = os.getenv('X509_USER_CERT', '')
key_path = os.getenv('X509_USER_KEY', '')

userAgent = "User-Agent: ConditionWebServices/1.0 python/%d.%d.%d PycURL/%s" % ( sys.version_info[ :3 ] + ( pycurl.version_info()[ 1 ], ) )
certs = ""
if cert_path:
certs += f' --cert {cert_path}'
else:
logging.warning("No certificate, nor proxy provided for Tier0 access")
if key_path:
certs += f' --key {key_path}'
return certs

def _curlQueryTier0( self, url:str, force_debug:bool = False):
userAgent = "User-Agent: ConditionWebServices/1.0 python/%d.%d.%d PycURL/%s" \
% ( sys.version_info[ :3 ] + ( pycurl.version_info()[ 1 ], ) )
debug = "-v" if self._debug or force_debug else "-s -S"

proxy = ""
if self._proxy: proxy = ' --proxy=%s ' % self._proxy

debug = " -s -S "
if self._debug: debug = " -v "

cmd = '/usr/bin/curl -k -L --user-agent "%s" %s --connect-timeout %i --retry %i %s %s ' % (userAgent, proxy, self._timeOut, self._retries, debug, url)
certs = ""
if self._proxy:
proxy = f"--proxy {self._proxy}"
else:
certs = self._getCerts()

cmd = '/usr/bin/curl -k -L --user-agent "%s" %s --connect-timeout %i --retry %i %s %s %s' \
% (userAgent, proxy, self._timeOut, self._retries, debug, url, certs)

# time the curl to understand if re-tries have been carried out
start = time.time()
process = subprocess.Popen(cmd, shell=True, stdout=subprocess.PIPE, stderr=subprocess.PIPE)
(stdoutdata, stderrdata) = process.communicate()
retcode = process.returncode
end = time.time()
return process.returncode, stdoutdata, stderrdata, end-start

def _queryTier0DataSvc( self, url ):
"""
Queries Tier0DataSvc.
url: Tier0DataSvc URL.
@returns: dictionary, from whence the required information must be retrieved according to the API call.
Raises if connection error, bad response, or timeout after retries occur.
"""

retcode, stdoutdata, stderrdata, query_time = self._curlQueryTier0(url)

if retcode != 0 or stderrdata:

# if the first curl has failed, logg its stderror and prepare and independent retry
msg = "looks like curl returned an error: retcode=%s and took %s seconds" % (retcode,(end-start),)
msg = "looks like curl returned an error: retcode=%s and took %s seconds" % (retcode, query_time,)
msg += ' msg = "'+str(stderrdata)+'"'
logging.error(msg)

time.sleep(10)
cmd = '/usr/bin/curl -k -L --user-agent "%s" %s --connect-timeout %i --retry %i %s %s ' % (userAgent, proxy, self._timeOut, self._retries, "-v", url)
process = subprocess.Popen(cmd, shell=True, stdout=subprocess.PIPE, stderr=subprocess.PIPE)
(stdoutdata, stderrdata) = process.communicate()
retcode = process.returncode
retcode, stdoutdata, stderrdata, query_time = self._curlQueryTier0(url, force_debug=True)
if retcode != 0:
msg = "looks like curl returned an error for the second time: retcode=%s" % (retcode,)
msg += ' msg = "'+str(stderrdata)+'"'
Expand Down

0 comments on commit d18d64d

Please sign in to comment.