added function to create manager, CE and WN lists with prefix

HEP-Puppet · Jan 29, 2016 · f47a368 · f47a368
1 parent 1df9a63
commit f47a368
Show file tree

Hide file tree

Showing 5 changed files with 69 additions and 5 deletions.
diff --git a/lib/puppet/parser/functions/join_machine_list.rb b/lib/puppet/parser/functions/join_machine_list.rb
@@ -0,0 +1,15 @@
+module Puppet::Parser::Functions
+  newfunction(:join_machine_list, :type => :rvalue) do |args|
+    raise(Puppet::ParseError, "join_machine_list() wrong number of arguments. Given: #{args.size} for 2)") if args.size !=2
+    prefix = args[0]
+    machine_list = args[1]
+    new_machine_list = Array.new
+
+    machine_list.each do |item|
+      machine = prefix + item
+      new_machine_list.push machine
+    end
+
+    return new_machine_list.join(", ")
+  end
+end
diff --git a/manifests/config.pp b/manifests/config.pp
@@ -162,13 +162,33 @@
   $use_cert_map_file              = false,
   $use_krb_map_file               = false,
   $cert_map_file                  = '/etc/condor/certificate_mapfile',
-  $krb_map_file                   = '/etc/condor/kerberos_mapfile',) {
+  $krb_map_file                   = '/etc/condor/kerberos_mapfile',
+  $machine_list_prefix            = 'condor_pool@$(UID_DOMAIN)/',
+  ) {
   $now                 = strftime('%d.%m.%Y_%H.%M')
   $ce_daemon_list      = ['SCHEDD']
   $worker_daemon_list  = ['STARTD']
   $ganglia_daemon_list = ['GANGLIAD']
   $auth_string = construct_auth_string($use_fs_auth, $use_password_auth,
   $use_kerberos_auth, $use_claim_to_be_auth)
+
+  # because HTCondor uses user 'condor_pool' for remote access
+  # and user 'condor' for local the variables below need to include
+  # both users in case a machine has more than one role (i.e. manager + CE)
+  $machine_prefix_local = "${condor_user}@$(UID_DOMAIN)/"
+
+  $manager_string_remote = join_machine_list($machine_list_prefix, $managers)
+  $manager_string_local = join_machine_list($machine_prefix_local, $managers)
+  $manager_string = join([$manager_string_remote, $manager_string_local], ', ')
+
+  $ce_string_remote = join_machine_list($machine_list_prefix, $computing_elements)
+  $ce_string_local = join_machine_list($machine_prefix_local, $computing_elements)
+  $ce_string = join([$ce_string_remote, $ce_string_local], ', ')
+
+  $wn_string_remote = join_machine_list($machine_list_prefix, $worker_nodes)
+  $wn_string_local = join_machine_list($machine_prefix_local, $worker_nodes)
+  $wn_string = join([$wn_string_remote, $wn_string_local], ', ')
+
   if $enable_multicore {
     $manage_daemon_list = ['COLLECTOR', 'NEGOTIATOR', 'DEFRAG']
   } else {

diff --git a/manifests/init.pp b/manifests/init.pp
@@ -186,6 +186,7 @@
   $use_krb_map_file               = false,
   $cert_map_file                  = '/etc/condor/certificate_mapfile',
   $krb_map_file                   = '/etc/condor/kerberos_mapfile',
+  $machine_list_prefix            = 'condor_pool@$(UID_DOMAIN)/'
   ) {
   class { 'htcondor::repositories':
     install_repos   => $install_repositories,
@@ -265,6 +266,7 @@
     use_krb_map_file               => $use_krb_map_file,
     cert_map_file                  => $cert_map_file,
     krb_map_file                   => $krb_map_file,
+    machine_list_prefix            => $machine_list_prefix,
   }
 
   class { 'htcondor::service':

diff --git a/spec/unit/puppet/parser/functions/join_machine_list_spec.rb b/spec/unit/puppet/parser/functions/join_machine_list_spec.rb
@@ -0,0 +1,27 @@
+require 'spec_helper'
+require 'puppetlabs_spec_helper/puppetlabs_spec/puppet_internals'
+
+describe "join_machine_list function" do
+  let(:scope) { PuppetlabsSpec::PuppetInternals.scope }
+  it "should exist" do
+    expect(Puppet::Parser::Functions.function("join_machine_list")).to eq("function_join_machine_list")
+  end
+  machine_prefix = 'condor_pool@$(UID_DOMAIN)/'
+
+  context 'join_machine_list tests' do
+    it "single machine" do
+      result = scope.function_join_machine_list([machine_prefix,['test1.example.com']])
+      expect(result).to eq(machine_prefix + 'test1.example.com')
+    end
+    it "single machine different prefix" do
+      prefix = 'root@$(UID_DOMAIN)/'
+      result = scope.function_join_machine_list([prefix, ['test1.example.com']])
+      expect(result).to eq(prefix + 'test1.example.com')
+    end
+    it "multiple machines" do
+      result = scope.function_join_machine_list([machine_prefix,['test1.example.com', 'test2.example.com', 'test3.example.com']])
+      expect(result).to eq('condor_pool@$(UID_DOMAIN)/test1.example.com, condor_pool@$(UID_DOMAIN)/test2.example.com, condor_pool@$(UID_DOMAIN)/test3.example.com')
+    end
+  end
+end
+
diff --git a/templates/10_security.config.erb b/templates/10_security.config.erb
@@ -15,9 +15,9 @@ TRUST_UID_DOMAIN = True
 <% end -%>
 
 # Machines & users
-CMS = <%= @managers.flatten.join(', ') %>
-CES = <%= @computing_elements.flatten.join(', ') %>
-WNS = <%= @worker_nodes.flatten.join(', ') %>
+CMS = <%= @manager_string %>
+CES = <%= @ce_string %>
+WNS = <%= @wn_string %>
 
 USERS = *@$(UID_DOMAIN)
 
@@ -40,7 +40,7 @@ COLLECTOR.ALLOW_ADVERTISE_MASTER = $(CES), $(CMS), $(WNS)
 COLLECTOR.ALLOW_ADVERTISE_SCHEDD = $(CES)
 COLLECTOR.ALLOW_ADVERTISE_STARTD = $(WNS)
 
-SCHEDD.ALLOW_WRITE = $(USERS), $(CES)
+SCHEDD.ALLOW_WRITE = $(USERS), $(CES), $(WNS)
 
 ALLOW_DAEMON = condor@$(UID_DOMAIN), \
                condor@$(UID_DOMAIN)/*.$(UID_DOMAIN), \