You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@airavata.apache.org by la...@apache.org on 2014/06/27 23:31:11 UTC
git commit: Adding credential store support for gsi-ssh plugins
Repository: airavata
Updated Branches:
refs/heads/master e565ae493 -> 33a6d8b78
Adding credential store support for gsi-ssh plugins
Project: http://git-wip-us.apache.org/repos/asf/airavata/repo
Commit: http://git-wip-us.apache.org/repos/asf/airavata/commit/33a6d8b7
Tree: http://git-wip-us.apache.org/repos/asf/airavata/tree/33a6d8b7
Diff: http://git-wip-us.apache.org/repos/asf/airavata/diff/33a6d8b7
Branch: refs/heads/master
Commit: 33a6d8b78b99e535df34cf5108ec85a041f702c9
Parents: e565ae4
Author: lahiru <la...@apache.org>
Authored: Fri Jun 27 17:30:56 2014 -0400
Committer: lahiru <la...@apache.org>
Committed: Fri Jun 27 17:30:56 2014 -0400
----------------------------------------------------------------------
.../airavata/common/utils/AiravataZKUtils.java | 9 +
.../gfac/core/context/JobExecutionContext.java | 11 +
.../airavata/gfac/core/cpi/BetterGfacImpl.java | 1 +
.../core/handler/AppDescriptorCheckHandler.java | 1 -
.../airavata/gfac/core/utils/GFacUtils.java | 29 +-
modules/gfac/gfac-gsissh/pom.xml | 5 +
.../gsissh/security/GSISecurityContext.java | 206 +------------
.../security/TokenizedMyProxyAuthInfo.java | 291 +++++++++++++++++++
.../gfac/gsissh/util/GFACGSISSHUtils.java | 41 ++-
.../GSISecurityContextTestWithMyProxyAuth.java | 14 +-
.../server/OrchestratorServerHandler.java | 4 +-
.../core/impl/GFACEmbeddedJobSubmitter.java | 13 +-
.../core/impl/GFACServiceJobSubmitter.java | 16 +-
.../orchestrator/core/job/JobSubmitter.java | 11 +
.../airavata/orchestrator/cpi/Orchestrator.java | 2 +-
.../cpi/impl/SimpleOrchestratorImpl.java | 4 +-
16 files changed, 405 insertions(+), 253 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/airavata/blob/33a6d8b7/modules/commons/utils/src/main/java/org/apache/airavata/common/utils/AiravataZKUtils.java
----------------------------------------------------------------------
diff --git a/modules/commons/utils/src/main/java/org/apache/airavata/common/utils/AiravataZKUtils.java b/modules/commons/utils/src/main/java/org/apache/airavata/common/utils/AiravataZKUtils.java
index e782ba4..1426e67 100644
--- a/modules/commons/utils/src/main/java/org/apache/airavata/common/utils/AiravataZKUtils.java
+++ b/modules/commons/utils/src/main/java/org/apache/airavata/common/utils/AiravataZKUtils.java
@@ -58,6 +58,15 @@ public class AiravataZKUtils {
"state";
}
+ public static String getExpTokenId(ZooKeeper zk, String expId, String tId) throws ApplicationSettingsException,
+ KeeperException, InterruptedException {
+ Stat exists = zk.exists(getExpZnodePath(expId, tId), false);
+ if (exists != null) {
+ return new String(zk.getData(getExpZnodePath(expId, tId), false, exists));
+ }
+ return null;
+ }
+
public static String getExpState(ZooKeeper zk, String expId, String tId) throws ApplicationSettingsException,
KeeperException, InterruptedException {
Stat exists = zk.exists(getExpStatePath(expId, tId), false);
http://git-wip-us.apache.org/repos/asf/airavata/blob/33a6d8b7/modules/gfac/gfac-core/src/main/java/org/apache/airavata/gfac/core/context/JobExecutionContext.java
----------------------------------------------------------------------
diff --git a/modules/gfac/gfac-core/src/main/java/org/apache/airavata/gfac/core/context/JobExecutionContext.java b/modules/gfac/gfac-core/src/main/java/org/apache/airavata/gfac/core/context/JobExecutionContext.java
index 3c469d4..a533804 100644
--- a/modules/gfac/gfac-core/src/main/java/org/apache/airavata/gfac/core/context/JobExecutionContext.java
+++ b/modules/gfac/gfac-core/src/main/java/org/apache/airavata/gfac/core/context/JobExecutionContext.java
@@ -64,6 +64,8 @@ public class JobExecutionContext extends AbstractContext implements Serializable
private ZooKeeper zk;
+ private String credentialStoreToken;
+
// private ContextHeaderDocument.ContextHeader contextHeader;
// Keep track of the current path of the message. Before hitting provider its in-path.
@@ -295,5 +297,14 @@ public class JobExecutionContext extends AbstractContext implements Serializable
public void setZk(ZooKeeper zk) {
this.zk = zk;
+
+ }
+
+ public String getCredentialStoreToken() {
+ return credentialStoreToken;
+ }
+
+ public void setCredentialStoreToken(String credentialStoreToken) {
+ this.credentialStoreToken = credentialStoreToken;
}
}
http://git-wip-us.apache.org/repos/asf/airavata/blob/33a6d8b7/modules/gfac/gfac-core/src/main/java/org/apache/airavata/gfac/core/cpi/BetterGfacImpl.java
----------------------------------------------------------------------
diff --git a/modules/gfac/gfac-core/src/main/java/org/apache/airavata/gfac/core/cpi/BetterGfacImpl.java b/modules/gfac/gfac-core/src/main/java/org/apache/airavata/gfac/core/cpi/BetterGfacImpl.java
index d90e1df..67c7193 100644
--- a/modules/gfac/gfac-core/src/main/java/org/apache/airavata/gfac/core/cpi/BetterGfacImpl.java
+++ b/modules/gfac/gfac-core/src/main/java/org/apache/airavata/gfac/core/cpi/BetterGfacImpl.java
@@ -282,6 +282,7 @@ public class BetterGfacImpl implements GFac {
jobExecutionContext.setProperty(Constants.PROP_TOPIC, experimentID);
jobExecutionContext.setGfac(this);
jobExecutionContext.setZk(zk);
+ jobExecutionContext.setCredentialStoreToken(AiravataZKUtils.getExpTokenId(zk,experimentID,taskID));
return jobExecutionContext;
}
http://git-wip-us.apache.org/repos/asf/airavata/blob/33a6d8b7/modules/gfac/gfac-core/src/main/java/org/apache/airavata/gfac/core/handler/AppDescriptorCheckHandler.java
----------------------------------------------------------------------
diff --git a/modules/gfac/gfac-core/src/main/java/org/apache/airavata/gfac/core/handler/AppDescriptorCheckHandler.java b/modules/gfac/gfac-core/src/main/java/org/apache/airavata/gfac/core/handler/AppDescriptorCheckHandler.java
index b47bb8e..2237d2a 100644
--- a/modules/gfac/gfac-core/src/main/java/org/apache/airavata/gfac/core/handler/AppDescriptorCheckHandler.java
+++ b/modules/gfac/gfac-core/src/main/java/org/apache/airavata/gfac/core/handler/AppDescriptorCheckHandler.java
@@ -49,7 +49,6 @@ public class AppDescriptorCheckHandler implements GFacRecoverableHandler {
} catch (Exception e) {
logger.info("Error saving plugin status to ZK");
}
-
StringBuffer data = new StringBuffer();
ApplicationDescription app = jobExecutionContext.getApplicationContext().getApplicationDeploymentDescription();
ApplicationDeploymentDescriptionType appDesc = app.getType();
http://git-wip-us.apache.org/repos/asf/airavata/blob/33a6d8b7/modules/gfac/gfac-core/src/main/java/org/apache/airavata/gfac/core/utils/GFacUtils.java
----------------------------------------------------------------------
diff --git a/modules/gfac/gfac-core/src/main/java/org/apache/airavata/gfac/core/utils/GFacUtils.java b/modules/gfac/gfac-core/src/main/java/org/apache/airavata/gfac/core/utils/GFacUtils.java
index e2594bf..3aa7c55 100644
--- a/modules/gfac/gfac-core/src/main/java/org/apache/airavata/gfac/core/utils/GFacUtils.java
+++ b/modules/gfac/gfac-core/src/main/java/org/apache/airavata/gfac/core/utils/GFacUtils.java
@@ -30,12 +30,13 @@ import org.apache.airavata.client.api.AiravataAPI;
import org.apache.airavata.client.api.exception.AiravataAPIInvocationException;
import org.apache.airavata.common.exception.ApplicationSettingsException;
import org.apache.airavata.common.utils.AiravataZKUtils;
+import org.apache.airavata.common.utils.DBUtil;
+import org.apache.airavata.common.utils.ServerSettings;
import org.apache.airavata.common.utils.StringUtil;
import org.apache.airavata.commons.gfac.type.ActualParameter;
-import org.apache.airavata.gfac.Constants;
-import org.apache.airavata.gfac.ExecutionMode;
-import org.apache.airavata.gfac.GFacConfiguration;
-import org.apache.airavata.gfac.GFacException;
+import org.apache.airavata.credential.store.store.CredentialReader;
+import org.apache.airavata.credential.store.store.impl.CredentialReaderImpl;
+import org.apache.airavata.gfac.*;
import org.apache.airavata.gfac.core.context.JobExecutionContext;
import org.apache.airavata.gfac.core.handler.GFacHandlerException;
import org.apache.airavata.gfac.core.states.GfacExperimentState;
@@ -773,7 +774,7 @@ public class GFacUtils {
}
// This method is dangerous because of moving the experiment data
- public static boolean createExperimentEntry(String experimentID, String taskID, ZooKeeper zk, String experimentNode, String pickedChild) throws KeeperException, InterruptedException {
+ public static boolean createExperimentEntry(String experimentID, String taskID, ZooKeeper zk, String experimentNode, String pickedChild,String tokenId) throws KeeperException, InterruptedException {
String experimentPath = experimentNode + File.separator + pickedChild;
String newExpNode = experimentPath + File.separator + experimentID + "+" + taskID;
Stat exists1 = zk.exists(newExpNode, false);
@@ -785,7 +786,7 @@ public class GFacUtils {
foundExperimentPath = experimentNode + File.separator + gfacServerNode +
File.separator + experimentID + "+" + taskID;
exists1 = zk.exists(foundExperimentPath, false);
- if(exists1 != null) { // when the experiment is found we break the loop
+ if (exists1 != null) { // when the experiment is found we break the loop
break;
}
}
@@ -795,6 +796,10 @@ public class GFacUtils {
zk.create(newExpNode, new byte[0], ZooDefs.Ids.OPEN_ACL_UNSAFE,
CreateMode.PERSISTENT);
+ Stat expParent = zk.exists(newExpNode, false);
+ if(tokenId != null && expParent != null) {
+ zk.setData(newExpNode, tokenId.getBytes(),expParent.getVersion());
+ }
zk.create(newExpNode + File.separator + "state", String.valueOf(GfacExperimentState.LAUNCHED.getValue()).getBytes(),
ZooDefs.Ids.OPEN_ACL_UNSAFE, CreateMode.PERSISTENT);
@@ -827,7 +832,7 @@ public class GFacUtils {
// not delete a single file
log.info("After a successful copying of experiment data for an old experiment we delete the old data");
log.info("Deleting experiment data: " + foundExperimentPath);
- ZKUtil.deleteRecursive(zk,foundExperimentPath);
+ ZKUtil.deleteRecursive(zk, foundExperimentPath);
}
} else {
log.error("ExperimentID: " + experimentID + " taskID: " + taskID + " is already running by this Gfac instance");
@@ -862,7 +867,7 @@ public class GFacUtils {
public static String getPluginData(JobExecutionContext jobExecutionContext, String className) throws ApplicationSettingsException, KeeperException, InterruptedException {
ZooKeeper zk = jobExecutionContext.getZk();
if (zk != null) {
- String expZnodeHandlerPath = AiravataZKUtils.getExpZnodeHandlerPath(jobExecutionContext.getExperimentID(),
+ String expZnodeHandlerPath = AiravataZKUtils.getExpZnodeHandlerPath(jobExecutionContext.getExperimentID(),
jobExecutionContext.getTaskData().getTaskID(), className);
Stat exists = zk.exists(expZnodeHandlerPath, false);
return new String(jobExecutionContext.getZk().getData(expZnodeHandlerPath, false, exists));
@@ -870,4 +875,12 @@ public class GFacUtils {
return null;
}
+ public static CredentialReader getCredentialReader() throws ApplicationSettingsException, IllegalAccessException, ClassNotFoundException, InstantiationException {
+ String jdbcUrl = ServerSettings.getCredentialStoreDBDriver();
+ String jdbcUsr = ServerSettings.getCredentialStoreDBUser();
+ String jdbcPass = ServerSettings.getCredentialStoreDBPassword();
+ String driver = ServerSettings.getCredentialStoreDBDriver();
+ return new CredentialReaderImpl(new DBUtil(jdbcUrl, jdbcUsr, jdbcPass, driver));
+ }
+
}
http://git-wip-us.apache.org/repos/asf/airavata/blob/33a6d8b7/modules/gfac/gfac-gsissh/pom.xml
----------------------------------------------------------------------
diff --git a/modules/gfac/gfac-gsissh/pom.xml b/modules/gfac/gfac-gsissh/pom.xml
index e9acfbf..d129a5d 100644
--- a/modules/gfac/gfac-gsissh/pom.xml
+++ b/modules/gfac/gfac-gsissh/pom.xml
@@ -107,5 +107,10 @@
<artifactId>sshj</artifactId>
<version>0.6.1</version>
</dependency>
+ <dependency>
+ <groupId>mysql</groupId>
+ <artifactId>mysql-connector-java</artifactId>
+ <version>5.1.31</version>
+ </dependency>
</dependencies>
</project>
http://git-wip-us.apache.org/repos/asf/airavata/blob/33a6d8b7/modules/gfac/gfac-gsissh/src/main/java/org/apache/airavata/gfac/gsissh/security/GSISecurityContext.java
----------------------------------------------------------------------
diff --git a/modules/gfac/gfac-gsissh/src/main/java/org/apache/airavata/gfac/gsissh/security/GSISecurityContext.java b/modules/gfac/gfac-gsissh/src/main/java/org/apache/airavata/gfac/gsissh/security/GSISecurityContext.java
index a09b72e..aee6b02 100644
--- a/modules/gfac/gfac-gsissh/src/main/java/org/apache/airavata/gfac/gsissh/security/GSISecurityContext.java
+++ b/modules/gfac/gfac-gsissh/src/main/java/org/apache/airavata/gfac/gsissh/security/GSISecurityContext.java
@@ -57,49 +57,13 @@ public class GSISecurityContext extends AbstractSecurityContext {
*/
public static final String GSI_SECURITY_CONTEXT = "gsi";
- public static int CREDENTIAL_RENEWING_THRESH_HOLD = 10 * 90;
-
- private GSSCredential gssCredentials = null;
private Cluster pbsCluster = null;
- // Set trusted cert path and add provider
- static {
- Security.addProvider(new GlobusProvider());
- try {
- setUpTrustedCertificatePath();
- } catch (ApplicationSettingsException e) {
- log.error(e.getLocalizedMessage(), e);
- }
- }
-
- public static void setUpTrustedCertificatePath(String trustedCertificatePath) {
-
- File file = new File(trustedCertificatePath);
-
- if (!file.exists() || !file.canRead()) {
- File f = new File(".");
- log.info("Current directory " + f.getAbsolutePath());
- throw new RuntimeException("Cannot read trusted certificate path " + trustedCertificatePath);
- } else {
- System.setProperty(Constants.TRUSTED_CERTIFICATE_SYSTEM_PROPERTY, file.getAbsolutePath());
- }
- }
-
- private static void setUpTrustedCertificatePath() throws ApplicationSettingsException {
-
- String trustedCertificatePath = ServerSettings.getSetting(Constants.TRUSTED_CERT_LOCATION);
-
- setUpTrustedCertificatePath(trustedCertificatePath);
- }
- /**
- * Gets the trusted certificate path. Trusted certificate path is stored in "X509_CERT_DIR"
- * system property.
- * @return The trusted certificate path as a string.
- */
- public static String getTrustedCertificatePath() {
- return System.getProperty(Constants.TRUSTED_CERTIFICATE_SYSTEM_PROPERTY);
+ public GSISecurityContext(CredentialReader credentialReader, RequestData requestData, Cluster pbsCluster) {
+ super(credentialReader, requestData);
+ this.pbsCluster = pbsCluster;
}
@@ -112,171 +76,7 @@ public class GSISecurityContext extends AbstractSecurityContext {
this.setPbsCluster(pbsCluster);
}
- /**
- * Gets GSSCredentials. The process is as follows;
- * If credentials were queried for the first time create credentials.
- * 1. Try creating credentials using certificates stored in the credential store
- * 2. If 1 fails use user name and password to create credentials
- * If credentials are already created check the remaining life time of the credential. If
- * remaining life time is less than CREDENTIAL_RENEWING_THRESH_HOLD, then renew credentials.
- * @return GSSCredentials to be used.
- * @throws org.apache.airavata.gfac.GFacException If an error occurred while creating credentials.
- * @throws org.apache.airavata.common.exception.ApplicationSettingsException
- */
- public GSSCredential getGssCredentials() throws GFacException, ApplicationSettingsException {
-
- if (gssCredentials == null) {
-
- try {
- gssCredentials = getCredentialsFromStore();
- } catch (Exception e) {
- log.error("An exception occurred while retrieving credentials from the credential store. " +
- "Will continue with my proxy user name and password.", e);
- }
-
- // If store does not have credentials try to get from user name and password
- if (gssCredentials == null) {
- gssCredentials = getDefaultCredentials();
- }
-
- // if still null, throw an exception
- if (gssCredentials == null) {
- throw new GFacException("Unable to retrieve my proxy credentials to continue operation.");
- }
- } else {
- try {
- if (gssCredentials.getRemainingLifetime() < CREDENTIAL_RENEWING_THRESH_HOLD) {
- return renewCredentials();
- }
- } catch (GSSException e) {
- throw new GFacException("Unable to retrieve remaining life time from credentials.", e);
- }
- }
-
- return gssCredentials;
- }
-
- /**
- * Renews credentials. First try to renew credentials as a trusted renewer. If that failed
- * use user name and password to renew credentials.
- * @return Renewed credentials.
- * @throws org.apache.airavata.gfac.GFacException If an error occurred while renewing credentials.
- * @throws org.apache.airavata.common.exception.ApplicationSettingsException
- */
- public GSSCredential renewCredentials() throws GFacException, ApplicationSettingsException {
-
- // First try to renew credentials as a trusted renewer
- try {
- gssCredentials = renewCredentialsAsATrustedHost();
- } catch (Exception e) {
- log.warn("Renewing credentials as a trusted renewer failed", e);
- gssCredentials = getProxyCredentials();
- }
- return gssCredentials;
- }
-
- /**
- * Reads the credentials from credential store.
- * @return If token is found in the credential store, will return a valid credential. Else returns null.
- * @throws Exception If an error occurred while retrieving credentials.
- */
- public GSSCredential getCredentialsFromStore() throws Exception {
-
- if (getCredentialReader() == null) {
- return null;
- }
-
- Credential credential = getCredentialReader().getCredential(getRequestData().getGatewayId(),
- getRequestData().getTokenId());
-
- if (credential != null) {
- if (credential instanceof CertificateCredential) {
-
- log.info("Successfully found credentials for token id - " + getRequestData().getTokenId() +
- " gateway id - " + getRequestData().getGatewayId());
-
- CertificateCredential certificateCredential = (CertificateCredential) credential;
-
- X509Certificate[] certificates = certificateCredential.getCertificates();
- X509Credential newCredential = new X509Credential(certificateCredential.getPrivateKey(), certificates);
-
- GlobusGSSCredentialImpl cred = new GlobusGSSCredentialImpl(newCredential, GSSCredential.INITIATE_AND_ACCEPT);
- System.out.print(cred.export(ExtendedGSSCredential.IMPEXP_OPAQUE));
- return cred;
- //return new GlobusGSSCredentialImpl(newCredential,
- // GSSCredential.INITIATE_AND_ACCEPT);
- } else {
- log.info("Credential type is not CertificateCredential. Cannot create mapping globus credentials. " +
- "Credential type - " + credential.getClass().getName());
- }
- } else {
- log.info("Could not find credentials for token - " + getRequestData().getTokenId() + " and "
- + "gateway id - " + getRequestData().getGatewayId());
- }
-
- return null;
- }
-
- /**
- * Gets the default proxy certificate.
- * @return Default my proxy credentials.
- * @throws org.apache.airavata.gfac.GFacException If an error occurred while retrieving credentials.
- * @throws org.apache.airavata.common.exception.ApplicationSettingsException
- */
- public GSSCredential getDefaultCredentials() throws GFacException, ApplicationSettingsException{
- MyProxy myproxy = new MyProxy(getRequestData().getMyProxyServerUrl(), getRequestData().getMyProxyPort());
- try {
- return myproxy.get(getRequestData().getMyProxyUserName(), getRequestData().getMyProxyPassword(),
- getRequestData().getMyProxyLifeTime());
- } catch (MyProxyException e) {
- throw new GFacException("An error occurred while retrieving default security credentials.", e);
- }
- }
-
- /**
- * Gets a new proxy certificate given current credentials.
- * @return The short lived GSSCredentials
- * @throws org.apache.airavata.gfac.GFacException If an error is occurred while retrieving credentials.
- * @throws org.apache.airavata.common.exception.ApplicationSettingsException
- */
- public GSSCredential getProxyCredentials() throws GFacException, ApplicationSettingsException {
-
- MyProxy myproxy = new MyProxy(getRequestData().getMyProxyServerUrl(), getRequestData().getMyProxyPort());
- try {
- return myproxy.get(gssCredentials, getRequestData().getMyProxyUserName(), getRequestData().getMyProxyPassword(),
- getRequestData().getMyProxyLifeTime());
- } catch (MyProxyException e) {
- throw new GFacException("An error occurred while renewing security credentials using user/password.", e);
- }
- }
-
- /**
- * Renew GSSCredentials.
- * Before executing we need to add current host as a trusted renewer. Note to renew credentials
- * we dont need user name and password.
- * To do that execute following command
- * > myproxy-logon -t <LIFETIME></LIFETIME> -s <MY PROXY SERVER> -l <USER NAME>
- * E.g :- > myproxy-logon -t 264 -s myproxy.teragrid.org -l us3
- * Enter MyProxy pass phrase:
- * A credential has been received for user us3 in /tmp/x509up_u501.
- * > myproxy-init -A --cert /tmp/x509up_u501 --key /tmp/x509up_u501 -l ogce -s myproxy.teragrid.org
- * @return Renewed credentials.
- * @throws org.apache.airavata.gfac.GFacException If an error occurred while renewing credentials.
- * @throws org.apache.airavata.common.exception.ApplicationSettingsException
- */
- public GSSCredential renewCredentialsAsATrustedHost() throws GFacException, ApplicationSettingsException {
- MyProxy myproxy = new MyProxy(getRequestData().getMyProxyServerUrl(), getRequestData().getMyProxyPort());
- GetParams getParams = new GetParams();
- getParams.setAuthzCreds(gssCredentials);
- getParams.setUserName(getRequestData().getMyProxyUserName());
- getParams.setLifetime(getRequestData().getMyProxyLifeTime());
- try {
- return myproxy.get(gssCredentials, getParams);
- } catch (MyProxyException e) {
- throw new GFacException("An error occurred while renewing security credentials.", e);
- }
- }
public Cluster getPbsCluster() {
return pbsCluster;
http://git-wip-us.apache.org/repos/asf/airavata/blob/33a6d8b7/modules/gfac/gfac-gsissh/src/main/java/org/apache/airavata/gfac/gsissh/security/TokenizedMyProxyAuthInfo.java
----------------------------------------------------------------------
diff --git a/modules/gfac/gfac-gsissh/src/main/java/org/apache/airavata/gfac/gsissh/security/TokenizedMyProxyAuthInfo.java b/modules/gfac/gfac-gsissh/src/main/java/org/apache/airavata/gfac/gsissh/security/TokenizedMyProxyAuthInfo.java
new file mode 100644
index 0000000..0fb1c41
--- /dev/null
+++ b/modules/gfac/gfac-gsissh/src/main/java/org/apache/airavata/gfac/gsissh/security/TokenizedMyProxyAuthInfo.java
@@ -0,0 +1,291 @@
+/*
+ *
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+*/
+package org.apache.airavata.gfac.gsissh.security;
+
+import org.apache.airavata.common.exception.ApplicationSettingsException;
+import org.apache.airavata.common.utils.ServerSettings;
+import org.apache.airavata.credential.store.credential.Credential;
+import org.apache.airavata.credential.store.credential.impl.certificate.CertificateCredential;
+import org.apache.airavata.credential.store.store.CredentialReader;
+import org.apache.airavata.gfac.Constants;
+import org.apache.airavata.gfac.GFacException;
+import org.apache.airavata.gfac.RequestData;
+import org.apache.airavata.gsi.ssh.api.authentication.AuthenticationInfo;
+import org.apache.airavata.gsi.ssh.api.authentication.GSIAuthenticationInfo;
+import org.globus.gsi.X509Credential;
+import org.globus.gsi.gssapi.GlobusGSSCredentialImpl;
+import org.globus.gsi.provider.GlobusProvider;
+import org.globus.myproxy.GetParams;
+import org.globus.myproxy.MyProxy;
+import org.globus.myproxy.MyProxyException;
+import org.gridforum.jgss.ExtendedGSSCredential;
+import org.ietf.jgss.GSSCredential;
+import org.ietf.jgss.GSSException;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+import java.io.File;
+import java.security.Security;
+import java.security.cert.X509Certificate;
+
+public class TokenizedMyProxyAuthInfo extends GSIAuthenticationInfo {
+ protected static final Logger log = LoggerFactory.getLogger(TokenizedMyProxyAuthInfo.class);
+
+ public static int CREDENTIAL_RENEWING_THRESH_HOLD = 10 * 90;
+
+ private GSSCredential gssCredentials = null;
+
+
+ private CredentialReader credentialReader;
+
+ private RequestData requestData;
+
+ public static final String X509_CERT_DIR = "X509_CERT_DIR";
+
+
+ static {
+ Security.addProvider(new GlobusProvider());
+ try {
+ setUpTrustedCertificatePath();
+ } catch (ApplicationSettingsException e) {
+ log.error(e.getLocalizedMessage(), e);
+ }
+ }
+
+ public static void setUpTrustedCertificatePath(String trustedCertificatePath) {
+
+ File file = new File(trustedCertificatePath);
+
+ if (!file.exists() || !file.canRead()) {
+ File f = new File(".");
+ log.info("Current directory " + f.getAbsolutePath());
+ throw new RuntimeException("Cannot read trusted certificate path " + trustedCertificatePath);
+ } else {
+ System.setProperty(Constants.TRUSTED_CERTIFICATE_SYSTEM_PROPERTY, file.getAbsolutePath());
+ }
+ }
+
+ private static void setUpTrustedCertificatePath() throws ApplicationSettingsException {
+
+ String trustedCertificatePath = ServerSettings.getSetting(Constants.TRUSTED_CERT_LOCATION);
+
+ setUpTrustedCertificatePath(trustedCertificatePath);
+ }
+
+ public TokenizedMyProxyAuthInfo(CredentialReader credentialReader, RequestData requestData) {
+ this.credentialReader = credentialReader;
+ this.requestData = requestData;
+ try {
+ properties.setProperty(X509_CERT_DIR, ServerSettings.getSetting(Constants.TRUSTED_CERT_LOCATION));
+ } catch (ApplicationSettingsException e) {
+ e.printStackTrace();
+ };
+ }
+
+ public GSSCredential getCredentials() throws SecurityException {
+
+ if (gssCredentials == null) {
+
+ try {
+ gssCredentials = getCredentialsFromStore();
+ } catch (Exception e) {
+ log.error("An exception occurred while retrieving credentials from the credential store. " +
+ "Will continue with my proxy user name and password. Provided TokenId:" + requestData.getTokenId(), e);
+ }
+
+ if(gssCredentials == null){
+ try {
+ gssCredentials = getDefaultCredentials();
+ } catch (Exception e) {
+ throw new SecurityException("Error retrieving my proxy using username password");
+ }
+ }
+ // if still null, throw an exception
+ if (gssCredentials == null) {
+ throw new SecurityException("Unable to retrieve my proxy credentials to continue operation.");
+ }
+ } else {
+ try {
+ if (gssCredentials.getRemainingLifetime() < CREDENTIAL_RENEWING_THRESH_HOLD) {
+ try {
+ return renewCredentials();
+ } catch (Exception e) {
+ throw new SecurityException("Error renewing credentials", e);
+ }
+ }
+ } catch (GSSException e) {
+ throw new SecurityException("Unable to retrieve remaining life time from credentials.", e);
+ }
+ }
+
+ return gssCredentials;
+ }
+
+
+ /**
+ * Reads the credentials from credential store.
+ *
+ * @return If token is found in the credential store, will return a valid credential. Else returns null.
+ * @throws Exception If an error occurred while retrieving credentials.
+ */
+ public GSSCredential getCredentialsFromStore() throws Exception {
+
+ if (getCredentialReader() == null) {
+ return null;
+ }
+
+ Credential credential = getCredentialReader().getCredential(getRequestData().getGatewayId(),
+ getRequestData().getTokenId());
+
+ if (credential != null) {
+ if (credential instanceof CertificateCredential) {
+
+ log.info("Successfully found credentials for token id - " + getRequestData().getTokenId() +
+ " gateway id - " + getRequestData().getGatewayId());
+
+ CertificateCredential certificateCredential = (CertificateCredential) credential;
+
+ X509Certificate[] certificates = certificateCredential.getCertificates();
+ X509Credential newCredential = new X509Credential(certificateCredential.getPrivateKey(), certificates);
+
+ GlobusGSSCredentialImpl cred = new GlobusGSSCredentialImpl(newCredential, GSSCredential.INITIATE_AND_ACCEPT);
+ System.out.print(cred.export(ExtendedGSSCredential.IMPEXP_OPAQUE));
+ return cred;
+ //return new GlobusGSSCredentialImpl(newCredential,
+ // GSSCredential.INITIATE_AND_ACCEPT);
+ } else {
+ log.info("Credential type is not CertificateCredential. Cannot create mapping globus credentials. " +
+ "Credential type - " + credential.getClass().getName());
+ }
+ } else {
+ log.info("Could not find credentials for token - " + getRequestData().getTokenId() + " and "
+ + "gateway id - " + getRequestData().getGatewayId());
+ }
+
+ return null;
+ }
+
+ /**
+ * Renew GSSCredentials.
+ * Before executing we need to add current host as a trusted renewer. Note to renew credentials
+ * we dont need user name and password.
+ * To do that execute following command
+ * > myproxy-logon -t <LIFETIME></LIFETIME> -s <MY PROXY SERVER> -l <USER NAME>
+ * E.g :- > myproxy-logon -t 264 -s myproxy.teragrid.org -l us3
+ * Enter MyProxy pass phrase:
+ * A credential has been received for user us3 in /tmp/x509up_u501.
+ * > myproxy-init -A --cert /tmp/x509up_u501 --key /tmp/x509up_u501 -l ogce -s myproxy.teragrid.org
+ *
+ * @return Renewed credentials.
+ * @throws org.apache.airavata.gfac.GFacException If an error occurred while renewing credentials.
+ * @throws org.apache.airavata.common.exception.ApplicationSettingsException
+ */
+ public GSSCredential renewCredentialsAsATrustedHost() throws GFacException, ApplicationSettingsException {
+ MyProxy myproxy = new MyProxy(getRequestData().getMyProxyServerUrl(), getRequestData().getMyProxyPort());
+ GetParams getParams = new GetParams();
+ getParams.setAuthzCreds(gssCredentials);
+ getParams.setUserName(getRequestData().getMyProxyUserName());
+ getParams.setLifetime(getRequestData().getMyProxyLifeTime());
+ try {
+ return myproxy.get(gssCredentials, getParams);
+ } catch (MyProxyException e) {
+ throw new GFacException("An error occurred while renewing security credentials.", e);
+ }
+ }
+
+
+ /**
+ * Gets the default proxy certificate.
+ *
+ * @return Default my proxy credentials.
+ * @throws org.apache.airavata.gfac.GFacException If an error occurred while retrieving credentials.
+ * @throws org.apache.airavata.common.exception.ApplicationSettingsException
+ */
+ public GSSCredential getDefaultCredentials() throws GFacException, ApplicationSettingsException {
+ MyProxy myproxy = new MyProxy(getRequestData().getMyProxyServerUrl(), getRequestData().getMyProxyPort());
+ try {
+ return myproxy.get(getRequestData().getMyProxyUserName(), getRequestData().getMyProxyPassword(),
+ getRequestData().getMyProxyLifeTime());
+ } catch (MyProxyException e) {
+ throw new GFacException("An error occurred while retrieving default security credentials.", e);
+ }
+ }
+
+
+ /**
+ * Renews credentials. First try to renew credentials as a trusted renewer. If that failed
+ * use user name and password to renew credentials.
+ *
+ * @return Renewed credentials.
+ * @throws org.apache.airavata.gfac.GFacException If an error occurred while renewing credentials.
+ * @throws org.apache.airavata.common.exception.ApplicationSettingsException
+ */
+ public GSSCredential renewCredentials() throws GFacException, ApplicationSettingsException {
+
+ // First try to renew credentials as a trusted renewer
+ try {
+ gssCredentials = renewCredentialsAsATrustedHost();
+ } catch (Exception e) {
+ log.warn("Renewing credentials as a trusted renewer failed", e);
+ gssCredentials = getProxyCredentials();
+ }
+
+ return gssCredentials;
+ }
+
+ /**
+ * Gets a new proxy certificate given current credentials.
+ *
+ * @return The short lived GSSCredentials
+ * @throws org.apache.airavata.gfac.GFacException If an error is occurred while retrieving credentials.
+ * @throws org.apache.airavata.common.exception.ApplicationSettingsException
+ */
+ public GSSCredential getProxyCredentials() throws GFacException, ApplicationSettingsException {
+
+ MyProxy myproxy = new MyProxy(getRequestData().getMyProxyServerUrl(), getRequestData().getMyProxyPort());
+ try {
+ return myproxy.get(gssCredentials, getRequestData().getMyProxyUserName(), getRequestData().getMyProxyPassword(),
+ getRequestData().getMyProxyLifeTime());
+ } catch (MyProxyException e) {
+ throw new GFacException("An error occurred while renewing security credentials using user/password.", e);
+ }
+ }
+
+ public void setGssCredentials(GSSCredential gssCredentials) {
+ this.gssCredentials = gssCredentials;
+ }
+
+ public CredentialReader getCredentialReader() {
+ return credentialReader;
+ }
+
+ public void setCredentialReader(CredentialReader credentialReader) {
+ this.credentialReader = credentialReader;
+ }
+
+ public RequestData getRequestData() {
+ return requestData;
+ }
+
+ public void setRequestData(RequestData requestData) {
+ this.requestData = requestData;
+ }
+}
http://git-wip-us.apache.org/repos/asf/airavata/blob/33a6d8b7/modules/gfac/gfac-gsissh/src/main/java/org/apache/airavata/gfac/gsissh/util/GFACGSISSHUtils.java
----------------------------------------------------------------------
diff --git a/modules/gfac/gfac-gsissh/src/main/java/org/apache/airavata/gfac/gsissh/util/GFACGSISSHUtils.java b/modules/gfac/gfac-gsissh/src/main/java/org/apache/airavata/gfac/gsissh/util/GFACGSISSHUtils.java
index 86bf3dd..7db98e4 100644
--- a/modules/gfac/gfac-gsissh/src/main/java/org/apache/airavata/gfac/gsissh/util/GFACGSISSHUtils.java
+++ b/modules/gfac/gfac-gsissh/src/main/java/org/apache/airavata/gfac/gsissh/util/GFACGSISSHUtils.java
@@ -21,6 +21,7 @@
package org.apache.airavata.gfac.gsissh.util;
import org.apache.airavata.common.exception.ApplicationSettingsException;
+import org.apache.airavata.common.utils.ServerSettings;
import org.apache.airavata.common.utils.StringUtil;
import org.apache.airavata.commons.gfac.type.ActualParameter;
import org.apache.airavata.commons.gfac.type.HostDescription;
@@ -30,7 +31,9 @@ import org.apache.airavata.gfac.GFacException;
import org.apache.airavata.gfac.RequestData;
import org.apache.airavata.gfac.core.context.JobExecutionContext;
import org.apache.airavata.gfac.core.context.MessageContext;
+import org.apache.airavata.gfac.core.utils.GFacUtils;
import org.apache.airavata.gfac.gsissh.security.GSISecurityContext;
+import org.apache.airavata.gfac.gsissh.security.TokenizedMyProxyAuthInfo;
import org.apache.airavata.gsi.ssh.api.Cluster;
import org.apache.airavata.gsi.ssh.api.SSHApiException;
import org.apache.airavata.gsi.ssh.api.ServerInfo;
@@ -57,28 +60,22 @@ public class GFACGSISSHUtils {
public static final String SUN_GRID_ENGINE_JOB_MANAGER = "sge";
public static void addSecurityContext(JobExecutionContext jobExecutionContext) throws GFacException, ApplicationSettingsException {
- RequestData requestData = new RequestData("default");
- GSISecurityContext context = null;
- try {
- //todo fix this
- context = new GSISecurityContext(null, requestData);
- } catch (Exception e) {
- throw new GFacException("An error occurred while creating GSI security context", e);
- }
HostDescription registeredHost = jobExecutionContext.getApplicationContext().getHostDescription();
if (registeredHost.getType() instanceof GlobusHostType || registeredHost.getType() instanceof UnicoreHostType
|| registeredHost.getType() instanceof SSHHostType) {
logger.error("This is a wrong method to invoke to non ssh host types,please check your gfac-config.xml");
} else if (registeredHost.getType() instanceof GsisshHostType) {
- GSIAuthenticationInfo authenticationInfo
- = new MyProxyAuthenticationInfo(requestData.getMyProxyUserName(), requestData.getMyProxyPassword(), requestData.getMyProxyServerUrl(),
- requestData.getMyProxyPort(), requestData.getMyProxyLifeTime(), System.getProperty(Constants.TRUSTED_CERTIFICATE_SYSTEM_PROPERTY));
- GsisshHostType gsisshHostType = (GsisshHostType) registeredHost.getType();
- ServerInfo serverInfo = new ServerInfo(requestData.getMyProxyUserName(), registeredHost.getType().getHostAddress(),
- gsisshHostType.getPort());
-
- Cluster pbsCluster = null;
+ String credentialStoreToken = jobExecutionContext.getCredentialStoreToken(); // this is set by the framework
+ RequestData requestData = new RequestData(ServerSettings.getDefaultUserGateway());
+ requestData.setTokenId(credentialStoreToken);
+ PBSCluster pbsCluster = null;
+ GSISecurityContext context = null;
try {
+ TokenizedMyProxyAuthInfo tokenizedMyProxyAuthInfo = new TokenizedMyProxyAuthInfo(GFacUtils.getCredentialReader(), requestData);
+ GsisshHostType gsisshHostType = (GsisshHostType) registeredHost.getType();
+ ServerInfo serverInfo = new ServerInfo(requestData.getMyProxyUserName(), registeredHost.getType().getHostAddress(),
+ gsisshHostType.getPort());
+
JobManagerConfiguration jConfig = null;
String installedParentPath = ((HpcApplicationDeploymentType)
jobExecutionContext.getApplicationContext().getApplicationDeploymentDescription().getType()).getInstalledParentPath();
@@ -95,15 +92,15 @@ public class GFACGSISSHUtils {
jConfig = CommonUtils.getSGEJobManager(installedParentPath);
}
}
- pbsCluster = new PBSCluster(serverInfo, authenticationInfo, jConfig);
- } catch (SSHApiException e) {
- throw new GFacException("An error occurred while creating GSI security context", e);
+ pbsCluster = new PBSCluster(serverInfo, tokenizedMyProxyAuthInfo, jConfig);
+ context = new GSISecurityContext(GFacUtils.getCredentialReader(), requestData,pbsCluster);
+ } catch (Exception e) {
+ throw new GFacException("An error occurred while creating GSI security context", e);
}
-
- context.setPbsCluster(pbsCluster);
+ jobExecutionContext.addSecurityContext(GSISecurityContext.GSI_SECURITY_CONTEXT, context);
}
- jobExecutionContext.addSecurityContext(GSISecurityContext.GSI_SECURITY_CONTEXT,context);
}
+
public static JobDescriptor createJobDescriptor(JobExecutionContext jobExecutionContext,
ApplicationDeploymentDescriptionType app, Cluster cluster) {
JobDescriptor jobDescriptor = new JobDescriptor();
http://git-wip-us.apache.org/repos/asf/airavata/blob/33a6d8b7/modules/gfac/gfac-gsissh/src/test/java/org/apache/airavata/core/gfac/services/impl/security/GSISecurityContextTestWithMyProxyAuth.java
----------------------------------------------------------------------
diff --git a/modules/gfac/gfac-gsissh/src/test/java/org/apache/airavata/core/gfac/services/impl/security/GSISecurityContextTestWithMyProxyAuth.java b/modules/gfac/gfac-gsissh/src/test/java/org/apache/airavata/core/gfac/services/impl/security/GSISecurityContextTestWithMyProxyAuth.java
index 86bd4d3..02479f3 100644
--- a/modules/gfac/gfac-gsissh/src/test/java/org/apache/airavata/core/gfac/services/impl/security/GSISecurityContextTestWithMyProxyAuth.java
+++ b/modules/gfac/gfac-gsissh/src/test/java/org/apache/airavata/core/gfac/services/impl/security/GSISecurityContextTestWithMyProxyAuth.java
@@ -30,6 +30,7 @@ import org.apache.airavata.credential.store.store.CredentialReader;
import org.apache.airavata.credential.store.store.CredentialReaderFactory;
import org.apache.airavata.gfac.RequestData;
import org.apache.airavata.gfac.gsissh.security.GSISecurityContext;
+import org.apache.airavata.gfac.gsissh.security.TokenizedMyProxyAuthInfo;
import org.apache.log4j.Logger;
import org.ietf.jgss.GSSCredential;
import org.testng.annotations.AfterClass;
@@ -101,12 +102,11 @@ public class GSISecurityContextTestWithMyProxyAuth extends DatabaseTestCases {
private GSSCredential getGSSCredentials() throws Exception {
- GSISecurityContext gsiSecurityContext = getGSISecurityContext();
-
- return gsiSecurityContext.getGssCredentials();
+ TokenizedMyProxyAuthInfo gsiTokenizedMyProxyAuthInfo = getGSISecurityContext();
+ return gsiTokenizedMyProxyAuthInfo.getCredentials();
}
- private GSISecurityContext getGSISecurityContext() throws Exception {
+ private TokenizedMyProxyAuthInfo getGSISecurityContext() throws Exception {
RequestData requestData = new RequestData();
@@ -116,7 +116,7 @@ public class GSISecurityContextTestWithMyProxyAuth extends DatabaseTestCases {
requestData.setMyProxyLifeTime(ServerSettings.getMyProxyLifetime());
CredentialReader credentialReader = CredentialReaderFactory.createCredentialStoreReader(getDbUtil());
- return new GSISecurityContext(credentialReader, requestData);
+ return new TokenizedMyProxyAuthInfo(credentialReader, requestData);
}
@Test
@@ -142,14 +142,14 @@ public class GSISecurityContextTestWithMyProxyAuth extends DatabaseTestCases {
@Test
public void testGetDefaultCredentials() throws Exception {
- GSISecurityContext gsiSecurityContext = getGSISecurityContext();
+ TokenizedMyProxyAuthInfo gsiSecurityContext = getGSISecurityContext();
Assert.assertNotNull(gsiSecurityContext.getDefaultCredentials());
}
@Test
public void testGetProxyCredentials() throws Exception {
- GSISecurityContext gsiSecurityContext = getGSISecurityContext();
+ TokenizedMyProxyAuthInfo gsiSecurityContext = getGSISecurityContext();
Assert.assertNotNull(gsiSecurityContext.getProxyCredentials());
}
http://git-wip-us.apache.org/repos/asf/airavata/blob/33a6d8b7/modules/orchestrator/airavata-orchestrator-service/src/main/java/org/apache/airavata/orchestrator/server/OrchestratorServerHandler.java
----------------------------------------------------------------------
diff --git a/modules/orchestrator/airavata-orchestrator-service/src/main/java/org/apache/airavata/orchestrator/server/OrchestratorServerHandler.java b/modules/orchestrator/airavata-orchestrator-service/src/main/java/org/apache/airavata/orchestrator/server/OrchestratorServerHandler.java
index 9abb6a1..efa1862 100644
--- a/modules/orchestrator/airavata-orchestrator-service/src/main/java/org/apache/airavata/orchestrator/server/OrchestratorServerHandler.java
+++ b/modules/orchestrator/airavata-orchestrator-service/src/main/java/org/apache/airavata/orchestrator/server/OrchestratorServerHandler.java
@@ -215,7 +215,7 @@ public class OrchestratorServerHandler implements OrchestratorService.Iface,
experimentId);
// launching the experiment
orchestrator.launchExperiment(experiment,
- workflowNodeDetail, taskID);
+ workflowNodeDetail, taskID,null);
}
}
@@ -483,7 +483,7 @@ public class OrchestratorServerHandler implements OrchestratorService.Iface,
.launchExperiment(
(Experiment) experimentList.get(0),
(WorkflowNodeDetails) workflowNodeDetailList
- .get(0), taskData);
+ .get(0), taskData,airavataCredStoreToken);
}
}
} catch (ClassNotFoundException e) {
http://git-wip-us.apache.org/repos/asf/airavata/blob/33a6d8b7/modules/orchestrator/orchestrator-core/src/main/java/org/apache/airavata/orchestrator/core/impl/GFACEmbeddedJobSubmitter.java
----------------------------------------------------------------------
diff --git a/modules/orchestrator/orchestrator-core/src/main/java/org/apache/airavata/orchestrator/core/impl/GFACEmbeddedJobSubmitter.java b/modules/orchestrator/orchestrator-core/src/main/java/org/apache/airavata/orchestrator/core/impl/GFACEmbeddedJobSubmitter.java
index 925251b..518ab05 100644
--- a/modules/orchestrator/orchestrator-core/src/main/java/org/apache/airavata/orchestrator/core/impl/GFACEmbeddedJobSubmitter.java
+++ b/modules/orchestrator/orchestrator-core/src/main/java/org/apache/airavata/orchestrator/core/impl/GFACEmbeddedJobSubmitter.java
@@ -55,7 +55,18 @@ public class GFACEmbeddedJobSubmitter implements JobSubmitter {
public boolean submit(String experimentID, String taskID) throws OrchestratorException {
try {
- return gfac.submitJob(experimentID, taskID);
+ return gfac.submitJob(experimentID, taskID);
+ } catch (Exception e) {
+ String error = "Error launching the job : " + experimentID;
+ logger.error(error);
+ throw new OrchestratorException(error);
+ }
+ }
+
+
+ public boolean submit(String experimentID, String taskID,String tokenId) throws OrchestratorException {
+ try {
+ return submit(experimentID,taskID);
} catch (Exception e) {
String error = "Error launching the job : " + experimentID;
logger.error(error);
http://git-wip-us.apache.org/repos/asf/airavata/blob/33a6d8b7/modules/orchestrator/orchestrator-core/src/main/java/org/apache/airavata/orchestrator/core/impl/GFACServiceJobSubmitter.java
----------------------------------------------------------------------
diff --git a/modules/orchestrator/orchestrator-core/src/main/java/org/apache/airavata/orchestrator/core/impl/GFACServiceJobSubmitter.java b/modules/orchestrator/orchestrator-core/src/main/java/org/apache/airavata/orchestrator/core/impl/GFACServiceJobSubmitter.java
index 1779bea..890ba1c 100644
--- a/modules/orchestrator/orchestrator-core/src/main/java/org/apache/airavata/orchestrator/core/impl/GFACServiceJobSubmitter.java
+++ b/modules/orchestrator/orchestrator-core/src/main/java/org/apache/airavata/orchestrator/core/impl/GFACServiceJobSubmitter.java
@@ -48,7 +48,7 @@ import java.util.Random;
* it will select a gfac instance based on the incoming request and submit to that
* gfac instance.
*/
-public class GFACServiceJobSubmitter implements JobSubmitter,Watcher{
+public class GFACServiceJobSubmitter implements JobSubmitter, Watcher {
private final static Logger logger = LoggerFactory.getLogger(GFACServiceJobSubmitter.class);
public static final String IP = "ip";
@@ -65,15 +65,20 @@ public class GFACServiceJobSubmitter implements JobSubmitter,Watcher{
return null;
}
+
public boolean submit(String experimentID, String taskID) throws OrchestratorException {
+ return this.submit(experimentID, taskID, null);
+ }
+
+
+ public boolean submit(String experimentID, String taskID, String tokenId) throws OrchestratorException {
ZooKeeper zk = orchestratorContext.getZk();
- int retryCount = 0;
try {
if (!zk.getState().isConnected()) {
String zkhostPort = ServerSettings.getSetting(org.apache.airavata.common.utils.Constants.ZOOKEEPER_SERVER_HOST)
+ ":" + ServerSettings.getSetting(org.apache.airavata.common.utils.Constants.ZOOKEEPER_SERVER_PORT);
zk = new ZooKeeper(zkhostPort, 6000, this);
- synchronized (mutex){
+ synchronized (mutex) {
mutex.wait();
}
}
@@ -89,7 +94,7 @@ public class GFACServiceJobSubmitter implements JobSubmitter,Watcher{
String[] split = gfacNodeData.split(":");
GfacService.Client localhost = GFacClientFactory.createGFacClient(split[0], Integer.parseInt(split[1]));
if (zk.exists(gfacServer + File.separator + pickedChild, false) != null) { // before submitting the job we check again the state of the node
- if(GFacUtils.createExperimentEntry(experimentID, taskID, zk, experimentNode, pickedChild)) {
+ if (GFacUtils.createExperimentEntry(experimentID, taskID, zk, experimentNode, pickedChild,tokenId)) {
return localhost.submitJob(experimentID, taskID);
}
}
@@ -108,10 +113,9 @@ public class GFACServiceJobSubmitter implements JobSubmitter,Watcher{
}
-
synchronized public void process(WatchedEvent event) {
synchronized (mutex) {
- switch (event.getState()){
+ switch (event.getState()) {
case SyncConnected:
mutex.notify();
}
http://git-wip-us.apache.org/repos/asf/airavata/blob/33a6d8b7/modules/orchestrator/orchestrator-core/src/main/java/org/apache/airavata/orchestrator/core/job/JobSubmitter.java
----------------------------------------------------------------------
diff --git a/modules/orchestrator/orchestrator-core/src/main/java/org/apache/airavata/orchestrator/core/job/JobSubmitter.java b/modules/orchestrator/orchestrator-core/src/main/java/org/apache/airavata/orchestrator/core/job/JobSubmitter.java
index 5891dff..ff81ac7 100644
--- a/modules/orchestrator/orchestrator-core/src/main/java/org/apache/airavata/orchestrator/core/job/JobSubmitter.java
+++ b/modules/orchestrator/orchestrator-core/src/main/java/org/apache/airavata/orchestrator/core/job/JobSubmitter.java
@@ -52,4 +52,15 @@ public interface JobSubmitter {
* @return boolean return the submit status
*/
boolean submit(String experimentID, String taskID) throws OrchestratorException;
+
+
+ /**
+ * This is similar to submit with expId and taskId but this has extra param called token
+ * @param experimentID
+ * @param taskID
+ * @param tokenId
+ * @return
+ * @throws OrchestratorException
+ */
+ boolean submit(String experimentID,String taskID,String tokenId) throws OrchestratorException;
}
http://git-wip-us.apache.org/repos/asf/airavata/blob/33a6d8b7/modules/orchestrator/orchestrator-core/src/main/java/org/apache/airavata/orchestrator/cpi/Orchestrator.java
----------------------------------------------------------------------
diff --git a/modules/orchestrator/orchestrator-core/src/main/java/org/apache/airavata/orchestrator/cpi/Orchestrator.java b/modules/orchestrator/orchestrator-core/src/main/java/org/apache/airavata/orchestrator/cpi/Orchestrator.java
index 24a6313..ddda0f6 100644
--- a/modules/orchestrator/orchestrator-core/src/main/java/org/apache/airavata/orchestrator/cpi/Orchestrator.java
+++ b/modules/orchestrator/orchestrator-core/src/main/java/org/apache/airavata/orchestrator/cpi/Orchestrator.java
@@ -57,7 +57,7 @@ public interface Orchestrator {
* @throws OrchestratorException
*/
boolean launchExperiment(Experiment experiment, WorkflowNodeDetails workflowNodeDetail,
- TaskDetails taskID) throws OrchestratorException;
+ TaskDetails taskID,String tokenId) throws OrchestratorException;
/**
http://git-wip-us.apache.org/repos/asf/airavata/blob/33a6d8b7/modules/orchestrator/orchestrator-core/src/main/java/org/apache/airavata/orchestrator/cpi/impl/SimpleOrchestratorImpl.java
----------------------------------------------------------------------
diff --git a/modules/orchestrator/orchestrator-core/src/main/java/org/apache/airavata/orchestrator/cpi/impl/SimpleOrchestratorImpl.java b/modules/orchestrator/orchestrator-core/src/main/java/org/apache/airavata/orchestrator/cpi/impl/SimpleOrchestratorImpl.java
index b9814bd..bf7af51 100644
--- a/modules/orchestrator/orchestrator-core/src/main/java/org/apache/airavata/orchestrator/cpi/impl/SimpleOrchestratorImpl.java
+++ b/modules/orchestrator/orchestrator-core/src/main/java/org/apache/airavata/orchestrator/cpi/impl/SimpleOrchestratorImpl.java
@@ -69,14 +69,14 @@ public class SimpleOrchestratorImpl extends AbstractOrchestrator{
}
}
- public boolean launchExperiment(Experiment experiment, WorkflowNodeDetails workflowNode, TaskDetails task) throws OrchestratorException {
+ public boolean launchExperiment(Experiment experiment, WorkflowNodeDetails workflowNode, TaskDetails task,String tokenId) throws OrchestratorException {
// we give higher priority to userExperimentID
String experimentId = experiment.getExperimentID();
String taskId = task.getTaskID();
// creating monitorID to register with monitoring queue
// this is a special case because amqp has to be in place before submitting the job
try {
- return jobSubmitter.submit(experimentId, taskId);
+ return jobSubmitter.submit(experimentId, taskId,tokenId);
} catch (Exception e) {
throw new OrchestratorException("Error launching the job", e);
}