[14.0.X] Add certificates handling to Tier0Handler

[JanChyczynski]

PR description:

This PR adds providing certificates for curl requests done to https://cmsweb.cern.ch/t0wmadatasvc/prod/.
The paths to the certificate and the key are meant to be specified in X509_USER_CERT and X509_USER_KEY.

The certs became obligatory for accessing this API after migration of cmsweb from CC7 and this functionality is required by the conddb command and some O2Os (EcalLaser_prompt_run3, SiStripDetVOff_prompt, possibly also EcalLaser_prompt_hlt, ESGain_prompt, SIntercalibConstants_prompt, SRecHitRatioCuts_prompt, STimeSampleWeights_prompt)

The PR also introduces a way of overriding the hardcoded T0 API URL by setting the TIER0_API_URL env variable (eg. for test purposes).

PR validation:

Tested by running python3 tier0.py which is running the test for it.

Backport

This is the backport to CMSSW_14_0_X of the main PR: #45779

FYI @perrotta @francescobrivio @PonIlya

[cmsbuild]

A new Pull Request was created by @JanChyczynski for CMSSW_14_0_X.

It involves the following packages:

• CondCore/Utilities (db)

@cmsbuild, @consuegs, @francescobrivio, @perrotta, @saumyaphor4252 can you please review it and eventually sign? Thanks.
@JanChyczynski, @PonIlya, @mmusich, @rsreds, @yuanchao this is something you requested to watch as well.
@antoniovilela, @mandrenguyen, @rappoccio, @sextonkennedy you are the release manager for this.

cms-bot commands are listed here

• Backported from Add certificates handling to Tier0Handler #45779

[cmsbuild]

cms-bot internal usage

[cmsbuild]

Pull request #45780 was updated. @cmsbuild, @consuegs, @francescobrivio, @perrotta, @saumyaphor4252 can you please check and sign again.

[perrotta]

backport of #45779

[perrotta]

@JanChyczynski please update this PR as you did for its master and 14_1_X versions

[cmsbuild]

Pull request #45780 was updated. @cmsbuild, @consuegs, @francescobrivio, @perrotta, @saumyaphor4252 can you please check and sign again.

[JanChyczynski]

Updated, ready for the tests @perrotta

[perrotta]

please test

[cmsbuild]

+1

Size: This PR adds an extra 16KB to repository
Summary: https://cmssdt.cern.ch/SDT/jenkins-artifacts/pull-request-integration/PR-da6dc8/41192/summary.html
COMMIT: 8e62041
CMSSW: CMSSW_14_0_X_2024-08-29-1100/el8_amd64_gcc12
User test area: For local testing, you can use /cvmfs/cms-ci.cern.ch/week0/cms-sw/cmssw/45780/41192/install.sh to create a dev area with all the needed externals and cmssw changes.

Comparison Summary

Summary:

• You potentially added 93 lines to the logs
• Reco comparison results: 66 differences found in the comparisons
• DQMHistoTests: Total files compared: 48
• DQMHistoTests: Total histograms compared: 3346748
• DQMHistoTests: Total failures: 1391
• DQMHistoTests: Total nulls: 0
• DQMHistoTests: Total successes: 3345337
• DQMHistoTests: Total skipped: 20
• DQMHistoTests: Total Missing objects: 0
• DQMHistoSizes: Histogram memory added: 0.0 KiB( 47 files compared)
• Checked 202 log files, 165 edm output root files, 48 DQM output files
• TriggerResults: no differences found

[JanChyczynski]

@perrotta @mandrenguyen Can you take a look and sign? I ping you mandrenguyen 'cause you've signed the main PR so maybe you can sign the backport too

[mandrenguyen]

@perrotta @mandrenguyen Can you take a look and sign? I ping you mandrenguyen 'cause you've signed the main PR so maybe you can sign the backport too

I only sign after everyone else does. @perrotta can you have a look please?

[perrotta]

+db

• Verbatim backport of the PR merged in the master
• To be merged in the next patch so that it can be tested in the O2O machines

[cmsbuild]

This pull request is fully signed and it will be integrated in one of the next CMSSW_14_0_X IBs (tests are also fine) and once validation in the development release cycle CMSSW_14_2_X is complete. This pull request will now be reviewed by the release team before it's merged. @antoniovilela, @rappoccio, @mandrenguyen, @sextonkennedy (and backports should be raised in the release meeting by the corresponding L2)

[mandrenguyen]

+1