add features needed to support more grid services

lib/puppet/parser/functions/expandpoollist.rb

@@ -0,0 +1,26 @@
+#
+#
+#
+module Puppet::Parser::Functions
+  newfunction(:expandpoollist, :type => :rvalue, :doc =><<-EOS
+This function returns the expanded list of pool accounts. Use with care ...
+
+EOS
+              ) do |args|
+    from=args[0]
+    number=args[1]
+    prefix=args[2]
+    digits=args[3]
+    expanded = []
+    if ("0" == digits.to_s) 
+      expanded.push(prefix)
+    else
+      (from.to_s.to_i() .. (from.to_s.to_i()+number.to_s.to_i()-1)).each { |c|
+        format = '%.'+digits.to_s()+'d'
+        name=prefix + (format % c).to_s()
+        expanded.push(name)
+      }
+    end
+    return expanded   
+  end
+end

manifests/enable_vo.pp

@@ -1,12 +1,14 @@
 #enables vosupport features (accounts, mappings, environment)
 define vosupport::enable_vo (
-   $voname=$name,
-   $enable_poolaccounts = true,
-   $enable_mappings_for_service = undef,
-   $enable_mkgridmap_for_service = undef,
-   $enable_environment = true,
-   $enable_voms = true,
-   $enable_gridmapdir = false
+  $voname=$name,
+  $enable_poolaccounts = true,
+  $enable_mappings_for_service = undef,
+  $enable_mkgridmap_for_service = undef,
+  $enable_environment = true,
+  $enable_voms = true,
+  $enable_gridmapdir = false,
+  $enable_sudoers = false,
+  $enable_sandboxdir = false,
 )
 {    
     if ($enable_voms) {
@@ -76,6 +78,16 @@
       include vosupport::vo_gridmapdir
       Setupgridmapdir <| voname == $voname |>
     }
+
+    if $enable_sudoers {
+      include vosupport::vo_sudoers
+      Setupsudoers <| voname == $voname |>
+    }
+
+    if $enable_sandboxdir {
+      include vosupport::vo_sandboxdir
+      Setupsandbox  <| voname == $voname |>
+    }
 }
 
 

manifests/init.pp

@@ -6,6 +6,8 @@
   $enable_environment = hiera("vosupport_enable_environment",True), #whether to set up the gridenv for these VOs
   $enable_voms = hiera("vosupport_enable_voms",True), #whether to enable VOMS client for these VOs
   $enable_gridmapdir_for_group = hiera("vosupport_enable_gridmapdir_for_group",undef), #if specified, create and populate gridmapdir with pool accounts and sets the ownership of the gridmapdir to the specified group name
+  $enable_sudoers = hiera("vosupport_enable_sudoers",false), # if specified, create and populate /etc/
+  $enable_sandboxdir = hiera("vosupport_enable_sandboxdir",false), # if specified, create and populate /etc/
 )  
 {
 
@@ -61,7 +63,9 @@
     enable_mkgridmap_for_service => $enable_mkgridmap_for_service,
     enable_environment => $enable_environment,
     enable_voms => $enable_voms,
-    enable_gridmapdir => $enable_gridmapdir_for_group? { undef => false, default => true}
+    enable_gridmapdir => $enable_gridmapdir_for_group? { undef => false, default => true},
+    enable_sudoers => $enable_sudoers,
+    enable_sandboxdir => $enable_sandboxdir
   }
   create_resources("vosupport::enable_vo", $supported_vos_hash, $supported_vos_params)
 }

manifests/setupsandbox.pp

@@ -0,0 +1,16 @@
+define vosupport::setupsandbox (
+  $prefix=$name,
+  $group='',
+  $voname='',
+)
+{
+  if ! defined(File["/var/cream_sandbox/$group"]) {
+    file{"/var/cream_sandbox/$group": 
+      ensure => 'directory',
+      owner => 'tomcat',
+      group => $group,
+      mode => 0770,
+    }  
+  }
+}
+

manifests/setupsudoers.pp

@@ -0,0 +1,18 @@
+define vosupport::setupsudoers (
+  $prefix=$name,
+  $number,
+  $start=1,
+  $digits=3,
+  $voname='',
+)
+{
+  $list=expandpoollist($start,$number,$prefix,$digits)
+  file{"/etc/sudoers.d/glexec_${prefix}": 
+    content => template('vosupport/sudoers_forcecream.erb'),
+    ensure => present,
+    owner => "root",
+    group => "root",
+    mode => 0640,
+  }  
+}
+

manifests/virtual_setupsandbox.pp

@@ -0,0 +1,14 @@
+define vosupport::virtual_setupsandbox (
+  $prefix=$name,
+  $group='',
+  $prefix='',
+  $services='',
+  $static='',
+  $voname='',
+)
+{
+  @vosupport::setupsandbox {$name:
+    group => $group,
+    voname => $voname,
+  }
+}

manifests/virtual_setupsudoers.pp

@@ -0,0 +1,16 @@
+define vosupport::virtual_setupsudoers (
+  $prefix=$name,
+  $number,
+  $start=1,
+  $digits=3,
+  $voname='',
+)
+{
+  @vosupport::setupsudoers {$name:
+    prefix => $prefix,
+    number => $number,
+    start  => $start,
+    digits => $digits,
+    voname => $voname,
+  }
+}

manifests/vo_sandboxdir.pp

@@ -0,0 +1,17 @@
+class vosupport::vo_sandboxdir {
+
+  if ! defined(File['/var/cream_sandbox']) {
+    file{'/var/cream_sandbox':
+      ensure => 'directory',
+      owner => 'tomcat',
+      group => 'tomcat',
+      mode => 0775
+    }
+  }
+  #
+  # we only need the group ID here for each vo name
+  # just loop over the mappings hash which has all the information which we need
+
+  $mappings = hiera_hash('vosupport::mappings',undef)
+  create_resources('vosupport::virtual_setupsandbox',$mappings)
+}

manifests/vo_sudoers.pp

@@ -0,0 +1,4 @@
+class vosupport::vo_sudoers {
+  $poolaccounts = hiera_hash('vosupport::poolaccounts',undef)
+  create_resources('vosupport::virtual_setupsudoers',$poolaccounts)
+}

templates/sudoers_forcecream.erb

@@ -0,0 +1,16 @@
+Runas_Alias GLEXEC_<%=prefix.upcase%> = \
+<%= list.join(", ")%>
+
+Cmnd_Alias GLEXEC_CMDS_<%=prefix.upcase%> = /bin/echo, /bin/mkdir, /bin/cp, /bin/cat, /usr/bin/groups, /usr/bin/whoami, /bin/dd, /bin/mv, /usr/bin/id, /bin/kill, /usr/libexec/lsf_submit.sh, /usr/libexec/lsf_status.sh, /usr/libexec/lsf_cancel.sh, /usr/libexec/lsf_hold.sh, /usr/libexec/lsf_resume.sh, /usr/bin/glite-cream-copyProxyToSandboxDir.sh, /usr/bin/glite-cream-createsandboxdir, /usr/bin/glite-ce-cream-purge-sandbox, /usr/bin/glite-ce-cream-purge-proxy,  /usr/bin/glite-ce-cream-create-wrapper, /bin/ls 
+
+
+# Defaults specification (for cream)
+
+
+Defaults>GLEXEC_<%=prefix.upcase%> !requiretty # Added for cream
+Defaults>GLEXEC_<%=prefix.upcase%> env_keep += "BLAHPD_LOCATION BLAHPD_CONFIG_LOCATION"
+
+
+# User privilege specification (for cream)
+root    ALL=(ALL) ALL  # Added for cream
+tomcat  ALL=(GLEXEC_<%=prefix.upcase%>) NOPASSWD: GLEXEC_CMDS_<%=prefix.upcase%>  # Added for cream