add filterfunction to speedup things

cernops · Apr 12, 2013 · 664682f · 664682f
1 parent a10944a
commit 664682f
Show file tree

Hide file tree

Showing 11 changed files with 99 additions and 40 deletions.
diff --git a/lib/puppet/parser/functions/uidfilterbygid.rb b/lib/puppet/parser/functions/uidfilterbygid.rb
@@ -0,0 +1,28 @@
+#
+#
+#
+module Puppet::Parser::Functions
+  newfunction(:uidfilterbygid, :type => :rvalue, :doc =><<-EOS
+This function queries the password file and filters for grid pool accounts.
+it returns a two dimensional hash containing uids and gids for these accounts
+
+EOS
+              ) do |args|
+    uidmap=args[0]
+    gid=args[1]
+
+    filtered = Hash.new()
+    filtered["uid"] = Hash.new()
+    filtered["gid"] = Hash.new()
+
+    uidmap["uid"].each { |key, value|
+      thisgid = uidmap["gid"][key]
+      if  thisgid == gid.to_s
+        filtered["uid"][key] = value
+        # to be removed later once the additional defaultgid parameter works
+        filtered["gid"][key] = gid
+      end
+    }
+    return filtered
+  end
+end
diff --git a/lib/puppet/provider/poolhome/poolhome.rb b/lib/puppet/provider/poolhome/poolhome.rb
@@ -4,14 +4,12 @@
   def create
     expand(resource[:start],resource[:number],resource[:prefix],resource[:digits]).each { |accountname|
       homedir = resource[:homeroot] + '/' + accountname
-      #notice("Creating "+homedir)
       if (! File.directory?(homedir) ) 
         uid = getUID(accountname)
         gid = getGID(accountname)
         if (uid > 0 && gid > 0)
-          Dir.mkdir(homedir,0700)
+          Dir.mkdir(homedir,0750)
           File.chown(uid,gid,homedir)
-          #notice("created "+homedir+" with uid="+uid.to_s()+" and gid="+gid.to_s())
         else
           fail("Cannot create directory")
         end
@@ -22,7 +20,6 @@ def create
   def getUID(name)
     poolUidGids = resource[:uidmap]
     lookup = poolUidGids["uid"][name]
-    #notice(lookup)
     if (lookup != "") 
       uid = lookup.to_i()
     else 
@@ -34,11 +31,14 @@ def getUID(name)
   def getGID(name)
     poolUidGids = resource[:uidmap]
     lookup = poolUidGids["gid"][name]
-    #notice(lookup)
     if (lookup != "")
       gid = lookup.to_i()
     else 
-      gid = 0
+      if (resource[:defaultgid]) 
+        gid = resource[:defaultgid]
+      else
+        gid = 0
+      end
     end
     return gid
   end
@@ -48,20 +48,19 @@ def destroy
   end
 
   def exists?
-    #notice("checking pool accounts")
     exists = true
     expand(resource[:start],resource[:number],resource[:prefix],resource[:digits]).each { |accountname|
       homedir = resource[:homeroot] + '/' + accountname
-      if (! File.directory?(homedir) )
-        #notice("Directory "+homedir+" is missing")
+      if (File.exists?(homedir) && File.directory?(homedir))
+        # ensure that the permissions are correct. This is needed for glExec to work
+        if (sprintf("%o", File.stat(homedir).mode) != "40750")
+          notice "Warning: \"" + homedir+ "\" has wrong permission settings. Correcting them to 0750\n"
+          File.chmod(0750,homedir)
+        end
+      else 
         exists = false
       end
     }
-    #if (exists)
-    #  notice("All home directories exist")
-    #else
-    #  notice("Some pool account home directories are missing. Will try to create them.")
-    #end
     return exists
   end
 

diff --git a/lib/puppet/type/poolhome.rb b/lib/puppet/type/poolhome.rb
@@ -53,11 +53,21 @@
     end
   end
 
+  newparam(:defaultgid) do 
+    desc "default gid to be used if no gid set in the above array"
+    defaultto "0"
+    validate do |value|
+      unless  value.to_s =~ /^[\d]+$/
+        raise ArgumentError , "default gid must be an integer if specified: \"%s\"" % value
+      end
+    end
+  end
+
   newparam(:uidmap) do 
-    desc "..."
+    desc "map of pool account names to uid/gid pairs"
     defaultto [ "uid" => ["cms001" => "123"],
                 "gid" => ["cms001" => "234"], 
               ] 
   end
-
 end
+
diff --git a/manifests/enable_vo.pp b/manifests/enable_vo.pp
@@ -6,9 +6,7 @@
    $enable_environment = true,
    $enable_voms = true
 )
-{
-    notice "vosupport: enabling VO ${voname}"
-    
+{    
     if ($enable_voms) {
       #lookup table for VO names in voms module, when the name of the voms module is different from the VO name
       $voms_module_name= $voname? {
@@ -24,24 +22,20 @@
          'vo.aleph.cern.ch' => 'aleph',
         default => $voname
       }
-      notice "vosupport: configuring VOMS for VO ${voname}"
       include "voms::${voms_module_name}"      
     }
 
     if ($enable_poolaccounts) {
-      notice "vosupport: enabling pool accounts  for VO ${voname}"
       include vosupport::vo_poolaccounts      
       Setuphome <| voname == $voname |>
     }
 
     if ($enable_environment) {
-      notice "vosupport: completing environment for VO ${voname}"
       include vosupport::vo_environment
       Voenv  <| voname == $voname |>
     }
 
     if $enable_mappings_for_service != undef {
-      notice "vosupport: setup mappings for VO ${voname}"
       include vosupport::vo_mappings
 
       #create file fragments for the specified VO and service

diff --git a/manifests/setuphome.pp b/manifests/setuphome.pp
@@ -5,19 +5,33 @@
   $digits=3,
   $homeroot='/pool/grid',
   $voname='',
-  $uids=undef,
 )
 {
-  #notice ($uids)
   if ($prefix){
-    poolhome {$prefix:
-      ensure => present,
-      number => $number,
-      start  => $start,
-      digits => $digits,
-      homeroot => $homeroot,
-      uidmap => $uids,
-      require => File[$homeroot],
+    if ($vosupport::uidmap::vo2gidmap){
+      $gid = $vosupport::uidmap::vo2gidmap[$voname]
+      poolhome {$prefix:
+        ensure => present,
+        number => $number,
+        start  => $start,
+        digits => $digits,
+        homeroot => $homeroot,
+        uidmap => uidfilterbygid($vosupport::uidmap::uidmap,$gid),
+        # defaultgid => $gid,
+        require => File[$homeroot],
+      }
+    }
+    else
+    {
+      poolhome {$prefix:
+        ensure => present,
+        number => $number,
+        start  => $start,
+        digits => $digits,
+        homeroot => $homeroot,
+        uidmap => $vosupport::uidmap::uidmap,
+        require => File[$homeroot],
+      }
     }
   }
 }
diff --git a/manifests/uidmap.pp b/manifests/uidmap.pp
@@ -0,0 +1,4 @@
+class vosupport::uidmap {
+  $uidmap    = getuids([])
+  $vo2gidmap = hiera("vo2gidmap", undef)
+}
diff --git a/manifests/virtual_setuphome.pp b/manifests/virtual_setuphome.pp
@@ -5,16 +5,13 @@
   $digits=3,
   $homeroot='/pool/grid',
   $voname='',
-  $uids=undef,
 )
 {
-  #notice("Loading account data for ${voname}")
   @vosupport::setuphome{$name:
     number   => $number,
     start    => $start,
     digits   => $digits,
     homeroot => $homeroot,
     voname => $voname,
-    uids => $uids,
   }
 }
diff --git a/manifests/virtual_voenv.pp b/manifests/virtual_voenv.pp
@@ -5,7 +5,6 @@
   $voname = $name,
 )
 {
-  notice("Loading environment data for $voname") 
   @vosupport::voenv{"env_${voshortname}":
     vo_sw_dir => $vo_sw_dir,
     vo_default_se => $vo_default_se,

diff --git a/manifests/vo_poolaccounts.pp b/manifests/vo_poolaccounts.pp
@@ -1,5 +1,5 @@
 #initialize VO poolaccount virtual resources
-class vosupport::vo_poolaccounts()
+class vosupport::vo_poolaccounts() inherits vosupport::uidmap
 {
   package {'rubygem-ruby-net-ldap':
     ensure => present,
@@ -31,7 +31,6 @@
     target => "/pool/grid"
   }
 
-  $uidmap = getuids([])
   $poolaccounts = hiera_hash('vosupport::poolaccounts',undef)
-  create_resources('vosupport::virtual_setuphome',$poolaccounts,{uids=>$uids})
+  create_resources('vosupport::virtual_setuphome',$poolaccounts)
 }
diff --git a/manifests/vos/atlas.pp b/manifests/vos/atlas.pp
@@ -0,0 +1,7 @@
+  class vosupport::vos::atlas()
+  {
+   vosupport::enable_vo {
+     'atlas':
+       enable_mappings_for_service => "ARGUS"
+   }
+  }
diff --git a/manifests/vos/dteam.pp b/manifests/vos/dteam.pp
@@ -0,0 +1,8 @@
+  class vosupport::vos::dteam()
+  {
+     vosupport::enable_vo {
+    'dteam':
+       enable_mappings_for_service => "ARGUS"
+   }
+
+  }