Add certificates handling to Tier0Handler #45779
Conversation
|
cms-bot internal usage |
|
+code-checks Logs: https://cmssdt.cern.ch/SDT/code-checks/cms-sw-PR-45779/41502 |
|
A new Pull Request was created by @JanChyczynski for master. It involves the following packages:
@cmsbuild, @consuegs, @francescobrivio, @perrotta, @saumyaphor4252 can you please review it and eventually sign? Thanks. cms-bot commands are listed here |
JanChyczynski
force-pushed
the
tier0cert
branch
from
858a7fd to
3771ce9
Compare
|
+code-checks Logs: https://cmssdt.cern.ch/SDT/code-checks/cms-sw-PR-45779/41503 |
|
Pull request #45779 was updated. @cmsbuild, @consuegs, @francescobrivio, @perrotta, @saumyaphor4252 can you please check and sign again. |
JanChyczynski
force-pushed
the
tier0cert
branch
from
3771ce9 to
c086c40
Compare
|
+code-checks Logs: https://cmssdt.cern.ch/SDT/code-checks/cms-sw-PR-45779/41510 |
|
Pull request #45779 was updated. @cmsbuild, @consuegs, @francescobrivio, @perrotta, @saumyaphor4252 can you please check and sign again. |
JanChyczynski
force-pushed
the
tier0cert
branch
from
c086c40 to
d18d64d
Compare
|
please test |
|
+1 Size: This PR adds an extra 12KB to repository Comparison SummarySummary:
|
|
+db
|
cmsbuild
added
fully-signed
db-approved
and removed
db-pending
pending-signatures
labels
|
This pull request is fully signed and it will be integrated in one of the next master IBs (tests are also fine). This pull request will now be reviewed by the release team before it's merged. @rappoccio, @sextonkennedy, @mandrenguyen, @antoniovilela (and backports should be raised in the release meeting by the corresponding L2) |
|
+1 |
|
I am wondering how the lambda alca/db tools user is supposed to setup the environment after this PR is integrated and the cmsweb API-s are rolled back to require authentication. diff --git a/CondCore/Utilities/python/tier0.py b/CondCore/Utilities/python/tier0.py
index ba807914ee1..04be67586b1 100644
--- a/CondCore/Utilities/python/tier0.py
+++ b/CondCore/Utilities/python/tier0.py
@@ -11,7 +11,7 @@ import subprocess
import pycurl
-tier0Url = os.getenv('TIER0_API_URL', 'https://cmsweb.cern.ch/t0wmadatasvc/prod/')
+tier0Url = os.getenv('TIER0_API_URL', 'https://cmsweb-preprod.cern.ch/t0wmadatasvc/prod/')
class Tier0Error(Exception):
'''Tier0 exception.Which (IIUC) should point the API to use a version of the service which is already requiring the certificate. Then I issued the following command: How am I supposed to pass certificates and / or setup the environment? |
The paths to the certificate and the key are meant to be specified in |
does it makes sense to make the command print information on how to set this up when these variables are not set, instead of leaving the user scratching their heads instead? |
Indeed good idea, It's exactly what I thought now, my bad I didn't think of it when writing it |
|
PR description:
This PR adds providing certificates for curl requests done to
https://cmsweb.cern.ch/t0wmadatasvc/prod/.The paths to the certificate and the key are meant to be specified in
X509_USER_CERTandX509_USER_KEY.The certs became obligatory for accessing this API after migration of cmsweb from CC7 and this functionality is required by the conddb command and some O2Os (EcalLaser_prompt_run3, SiStripDetVOff_prompt, possibly also EcalLaser_prompt_hlt, ESGain_prompt, SIntercalibConstants_prompt, SRecHitRatioCuts_prompt, STimeSampleWeights_prompt)
The PR also introduces a way of overriding the hardcoded T0 API URL by setting the
TIER0_API_URLenv variable (eg. for test purposes).PR validation:
Tested by running
python3 tier0.pywhich is running the test for it.Backport
We need backports to 14_1_X and 14_0_X
FYI @perrotta @francescobrivio @PonIlya