Skip to content

[v7r2] HTTPs services within DIRAC#4677

Merged
atsareg merged 25 commits into
DIRACGrid:integrationfrom
chaen:rel-v7r2_FEAT_HTTPS_2
Oct 14, 2020
Merged

[v7r2] HTTPs services within DIRAC#4677
atsareg merged 25 commits into
DIRACGrid:integrationfrom
chaen:rel-v7r2_FEAT_HTTPS_2

Conversation

@chaen

@chaen chaen commented Jul 13, 2020

Copy link
Copy Markdown
Contributor

This PR replaces #3815 and is mostly based on the work of @louisjdmartin

It should be totally transparent for the existing, as the existing code was mostly left untouched. Most of it is well documented and tested, but a lot of clean up still needs to be done.

This initial PR:

  • implements the basic building blocks
  • Implements a few examples (in particular the CS and the FileCatalog)
  • Contains a fair bunch of documentation, but clearly not yet ready for administrators/users
  • Adds an extra element in the integration tests matrix, where every services that has a Tornado equivalent is replaced with the https version.

When originally designed (2 years ago), a lot of tests were written in order to compare the behaviour of DISET and HTTPs server, as well as performance tests. These tests are still included here in case of need, but no effort has been made to automate it.

The aim of the approach here is that the replacement of the protocol should be as transparent as possible. However, there are known problems, well detailed in various presentations and tasks (links in the docs) that may make it tricky in some places, in particular for global variables.

Having to rebase that two year old extensively tested code was quite some work. Thus I hope that this PR is not going to sit long before being merged.

BEGINRELEASENOTES

*Tests
FIX: Ignore tornado services and test DBs
NEW: new integration tests for Tornado based services

Core:
NEW: X509Chain returns DN entry
NEW: introduction of Tornado based services

ENDRELEASENOTES

@andresailer andresailer left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Basically random observations, mostly typos.

Comment thread ConfigurationSystem/Client/ConfigurationClient.py Outdated
Comment thread ConfigurationSystem/private/Refresher.py Outdated
Comment thread ConfigurationSystem/private/Refresher.py Outdated
Comment thread ConfigurationSystem/private/Refresher.py Outdated
Comment thread ConfigurationSystem/private/Refresher.py Outdated
Comment thread Core/Tornado/Server/TornadoServer.py Outdated
Comment thread Core/Tornado/Server/TornadoService.py Outdated
Comment thread Core/Tornado/Server/TornadoService.py Outdated
Comment thread Core/Tornado/Server/TornadoService.py Outdated
Comment thread Core/Tornado/test/migrationTests/README Outdated

@fstagni fstagni left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Don't you want to run the "dummy" integration tests of Tornado in the CI?

Comment thread .github/workflows/integration.yml
Comment thread ConfigurationSystem/Client/ConfigurationClient.py Outdated
Comment thread ConfigurationSystem/private/ServiceInterfaceBase.py
Comment thread ConfigurationSystem/private/ServiceInterfaceBase.py Outdated
Comment thread ConfigurationSystem/private/ServiceInterfaceBase.py Outdated
Comment thread Core/Base/Client.py
Comment thread Core/DISET/RequestHandler.py Outdated
Comment thread Core/DISET/private/Service.py
Comment thread Core/Tornado/Server/HandlerManager.py Outdated
Comment thread ConfigurationSystem/private/Refresher.py Outdated
self._request(retry=retry + 1, stream=stream, outputFile=outputFile, **kwargs)

errStr = "%s: %s" % (str(e), rawText)
return S_ERROR(errStr)

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It may be worth here returning S_ERROR with the response status code or describe the http codes in the DErrno and return them according to the received status code.

Copy link
Copy Markdown
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hum, I think I understand what you mean. I'll think of it, but I do not think it is a good idea to re-map all the HTTP status code to a DErrno error code. However you are correct that we should distinguish the cases where we get really an HTTP error, or if we get another exception (network for example). I'll try to come up with something

Comment thread ConfigurationSystem/Client/ConfigurationClient.py Outdated
Comment thread ConfigurationSystem/Client/ConfigurationClient.py
Comment thread environment.yml Outdated
Comment thread Core/Tornado/Server/TornadoServer.py Outdated
Comment thread ConfigurationSystem/private/Refresher.py Outdated
Comment thread Core/Tornado/Server/TornadoService.py Outdated
Comment thread Core/Tornado/Server/TornadoService.py Outdated
Comment thread DataManagementSystem/Service/TornadoFileCatalogHandler.py Outdated
Comment thread DataManagementSystem/Service/TornadoFileCatalogHandler.py Outdated
@fstagni

fstagni commented Aug 6, 2020

Copy link
Copy Markdown
Contributor

There are some conflicts, please rebase/fix.

@chaen

chaen commented Aug 6, 2020

Copy link
Copy Markdown
Contributor Author

@fstagni I think there is again a cockup with the required tests. This is constantly a source of problem. Can we either have them all or none as required ?

@chaen chaen force-pushed the rel-v7r2_FEAT_HTTPS_2 branch from 1ddc171 to 7facb5d Compare August 6, 2020 15:36
@fstagni

fstagni commented Aug 6, 2020

Copy link
Copy Markdown
Contributor

I will just put None as required (the interface is pretty silly...)

@fstagni fstagni left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Mostly comments and a few requests.

Comment thread Core/Tornado/Client/RPCClientSelector.py Outdated
Comment thread Core/Tornado/Client/RPCClientSelector.py Outdated
Comment thread Core/Tornado/Client/private/TornadoBaseClient.py Outdated
Comment thread Core/Tornado/Utilities/HTTPErrorCodes.py Outdated
Comment thread Core/Tornado/scripts/tornado-start-CS.py
Comment thread FrameworkSystem/Client/MonitoringClient.py
Comment thread Core/Tornado/Server/TornadoService.py
Comment thread Core/Tornado/Server/TornadoService.py Outdated
Comment thread Core/Tornado/Server/TornadoService.py Outdated
Comment thread Core/Tornado/Server/TornadoService.py Outdated
Comment thread docs/source/DeveloperGuide/TornadoServices/index.rst Outdated
Comment thread docs/source/DeveloperGuide/TornadoServices/index.rst Outdated
Comment thread docs/source/DeveloperGuide/TornadoServices/index.rst Outdated
Comment thread docs/source/DeveloperGuide/TornadoServices/index.rst Outdated
Comment thread docs/source/DeveloperGuide/TornadoServices/index.rst Outdated
Comment thread DataManagementSystem/Service/TornadoFileCatalogHandler.py
Comment thread Core/Tornado/Client/private/TornadoBaseClient.py Outdated
@chaen chaen force-pushed the rel-v7r2_FEAT_HTTPS_2 branch 4 times, most recently from 2e4cce1 to 284183d Compare August 26, 2020 13:54
@chaen

chaen commented Aug 27, 2020

Copy link
Copy Markdown
Contributor Author

OK I think this time it's good to go. @andresailer @chrisburr @fstagni anyone care to do the final review ?

Comment thread ConfigurationSystem/Client/ConfigurationClient.py Outdated
Comment thread Core/Tornado/Client/TornadoClient.py Outdated
@chaen

chaen commented Aug 28, 2020

Copy link
Copy Markdown
Contributor Author

@andresailer done !

@chrisburr chrisburr left a comment

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Just a few uses additions of io.open that should be reverted.

There will be a handful more Python 3 issues but I'll fix them after this is merged rather than making more conflicts with my Python 3 PRs.

Comment thread Core/Security/m2crypto/X509Chain.py
Comment thread Core/Security/m2crypto/X509Chain.py
Comment thread Core/Security/m2crypto/X509Certificate.py
Comment thread Core/Security/m2crypto/X509Certificate.py
Comment thread Core/Security/m2crypto/X509Chain.py
Comment thread Core/Security/m2crypto/X509Chain.py
Comment thread Core/Security/m2crypto/X509Chain.py
Comment thread Core/Security/m2crypto/X509Chain.py
chrisburr
chrisburr previously approved these changes Aug 28, 2020
Comment thread environment.yml Outdated
- Auth attributes are still there (``auth_yourMethod``).

The interface of the DISET request handler was preserved, in particular:
* ``getCSOption``

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
* ``getCSOption``
* ``getCSOption``

I think this needs a newline before the bullet list

************

Two special python packages are needed:
* git+https://github.com/DIRACGrid/tornado.git@iostreamConfigurable : in place of the standard tornado. This adds configurable feature to tornado

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
* git+https://github.com/DIRACGrid/tornado.git@iostreamConfigurable : in place of the standard tornado. This adds configurable feature to tornado
* git+https://github.com/DIRACGrid/tornado.git@iostreamConfigurable : in place of the standard tornado. This adds configurable feature to tornado

Another newline needed here


From the client side, no change is needed since :py:meth:`DIRAC.Core.Tornado.Client.TornadoClient.TornadoClient.receiveFile` keeps the interface

This procedure is not optimized server side (see commented ``export_streamToClient`` implementation in :py:class`DIRAC.Core.Tornado.Server.TornadoService.TornadoService`).

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
This procedure is not optimized server side (see commented ``export_streamToClient`` implementation in :py:class`DIRAC.Core.Tornado.Server.TornadoService.TornadoService`).
This procedure is not optimized server side (see commented ``export_streamToClient`` implementation in :py:class:`DIRAC.Core.Tornado.Server.TornadoService.TornadoService`).


- `Presentation of HTTPS in DIRAC <https://docs.google.com/presentation/d/1t0hVpceXgV8W8R0ef5raMK3sUgXWnKdCmJUrG_5LsT4/edit?usp=sharing>`_.
- `Presentation of HTTPS migration <https://docs.google.com/presentation/d/1NZ8iKRv3c0OL1_RTXL21hP6YsAUXcKSCqDL2uhkf8Oc/edit?usp=sharing>`_.
- `Summary presentation (latest) <https://indico.cern.ch/event/945474/>`.

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
- `Summary presentation (latest) <https://indico.cern.ch/event/945474/>`.
- `Summary presentation (latest) <https://indico.cern.ch/event/945474/>`_.

@andresailer andresailer left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I was wrong about the :py:class; that was fine. Only the one missing colon was giving a bad display. There might be some packages missing now for the readthedocs.org documentation, so this maybe needs a fix PR right after

@atsareg atsareg merged commit 1ca14a6 into DIRACGrid:integration Oct 14, 2020
@TaykYoku TaykYoku mentioned this pull request Mar 18, 2021
@chaen chaen deleted the rel-v7r2_FEAT_HTTPS_2 branch August 11, 2022 12:57
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

6 participants