diff --git a/origin/self_monitor.go b/origin/self_monitor.go index eec038c33..700a2a503 100644 --- a/origin/self_monitor.go +++ b/origin/self_monitor.go @@ -22,21 +22,18 @@ import ( "context" "time" + log "github.com/sirupsen/logrus" + "github.com/pelicanplatform/pelican/config" "github.com/pelicanplatform/pelican/metrics" "github.com/pelicanplatform/pelican/param" "github.com/pelicanplatform/pelican/server_utils" - log "github.com/sirupsen/logrus" ) func doSelfMonitor(ctx context.Context) { log.Debug("Starting a new self-test monitoring cycle") fileTests := server_utils.TestFileTransferImpl{} - issuerUrl, err := config.GetServerIssuerURL() - if err != nil { - log.Warningln("Self-test monitoring cycle failed due to lack of issuer URL: ", err) - metrics.SetComponentHealthStatus(metrics.OriginCache_XRootD, metrics.StatusCritical, "Self-test monitoring cycle due to lack of issuer URL: "+err.Error()) - } + issuerUrl := param.Server_ExternalWebUrl.GetString() ok, err := fileTests.RunTests(ctx, param.Origin_Url.GetString(), config.GetServerAudience(), issuerUrl, server_utils.OriginSelfFileTest) if ok && err == nil { log.Debugln("Self-test monitoring cycle succeeded at", time.Now().Format(time.UnixDate)) diff --git a/server_utils/server_utils.go b/server_utils/server_utils.go index 194c60f9c..22b920bc4 100644 --- a/server_utils/server_utils.go +++ b/server_utils/server_utils.go @@ -28,16 +28,15 @@ import ( "context" "io" "net/http" - "net/url" "reflect" "time" "github.com/fsnotify/fsnotify" - "github.com/pelicanplatform/pelican/config" - "github.com/pelicanplatform/pelican/param" "github.com/pkg/errors" log "github.com/sirupsen/logrus" "golang.org/x/sync/errgroup" + + "github.com/pelicanplatform/pelican/config" ) // Wait until given `reqUrl` returns a HTTP 200. @@ -131,21 +130,6 @@ func WaitUntilWorking(ctx context.Context, method, reqUrl, server string, expect } } -// For calling from within the server. Returns the server's issuer URL/port -func GetServerIssuerURL() (*url.URL, error) { - issuerUrlStr, err := config.GetServerIssuerURL() - if err != nil { - return nil, errors.Wrap(err, "The server failed to determine its own issuer url. Something is wrong!") - } - - issuerUrl, err := url.Parse(issuerUrlStr) - if err != nil { - return nil, errors.Wrapf(err, "The server's issuer URL is malformed: %s. Something is wrong!", param.Server_IssuerUrl.GetString()) - } - - return issuerUrl, nil -} - // Launch a maintenance goroutine. // The maintenance routine will watch the directory `dirPath`, invoking `maintenanceFunc` whenever // an event occurs in the directory. Note the behavior of directory watching differs across platforms; diff --git a/xrootd/authorization.go b/xrootd/authorization.go index fb4cdcf08..2250bbf0c 100644 --- a/xrootd/authorization.go +++ b/xrootd/authorization.go @@ -442,11 +442,8 @@ func GenerateMonitoringIssuer() (issuer Issuer, err error) { return } issuer.Name = "Built-in Monitoring" - issuerUrl, err := server_utils.GetServerIssuerURL() - if err != nil { - return - } - issuer.Issuer = issuerUrl.String() + // We use server local issuer regardless of Server.IssuerUrl + issuer.Issuer = param.Server_ExternalWebUrl.GetString() issuer.BasePaths = []string{"/pelican/monitoring"} issuer.DefaultUser = "xrootd" @@ -459,11 +456,11 @@ func GenerateOriginIssuer(exportedPaths []string) (issuer Issuer, err error) { return } issuer.Name = "Origin" - issuerUrl, err := server_utils.GetServerIssuerURL() + issuerUrl, err := config.GetServerIssuerURL() if err != nil { return } - issuer.Issuer = issuerUrl.String() + issuer.Issuer = issuerUrl issuer.BasePaths = exportedPaths issuer.RestrictedPaths = param.Origin_ScitokensRestrictedPaths.GetStringSlice() issuer.MapSubject = param.Origin_ScitokensMapSubject.GetBool() @@ -556,36 +553,47 @@ func EmitScitokensConfig(server server_structs.XRootDServer) error { } // Writes out the origin's scitokens.cfg configuration -func WriteOriginScitokensConfig(exportedPaths []string) error { +func WriteOriginScitokensConfig(authedPaths []string) error { cfg, err := makeSciTokensCfg() if err != nil { return err } - if issuer, err := GenerateMonitoringIssuer(); err == nil && len(issuer.Name) > 0 { + if issuer, err := GenerateOriginIssuer(authedPaths); err == nil && len(issuer.Name) > 0 { if val, ok := cfg.IssuerMap[issuer.Issuer]; ok { val.BasePaths = append(val.BasePaths, issuer.BasePaths...) + val.Name += " and " + issuer.Name cfg.IssuerMap[issuer.Issuer] = val } else { cfg.IssuerMap[issuer.Issuer] = issuer cfg.Global.Audience = append(cfg.Global.Audience, config.GetServerAudience()) } + } else if err != nil { + return errors.Wrap(err, "failed to generate xrootd issuer for the origin") } - if issuer, err := GenerateOriginIssuer(exportedPaths); err == nil && len(issuer.Name) > 0 { + + if issuer, err := GenerateMonitoringIssuer(); err == nil && len(issuer.Name) > 0 { if val, ok := cfg.IssuerMap[issuer.Issuer]; ok { val.BasePaths = append(val.BasePaths, issuer.BasePaths...) + val.Name += " and " + issuer.Name cfg.IssuerMap[issuer.Issuer] = val } else { cfg.IssuerMap[issuer.Issuer] = issuer cfg.Global.Audience = append(cfg.Global.Audience, config.GetServerAudience()) } + } else if err != nil { + return errors.Wrap(err, "failed to generate xrootd issuer for self-monitoring") } + if issuer, err := GenerateDirectorMonitoringIssuer(); err == nil && len(issuer.Name) > 0 { if val, ok := cfg.IssuerMap[issuer.Issuer]; ok { val.BasePaths = append(val.BasePaths, issuer.BasePaths...) + val.Name += " and " + issuer.Name cfg.IssuerMap[issuer.Issuer] = val } else { cfg.IssuerMap[issuer.Issuer] = issuer } + } else if err != nil { + return errors.Wrap(err, "failed to generate xrootd issuer for director-based monitoring") } return writeScitokensConfiguration(config.OriginType, &cfg) diff --git a/xrootd/resources/test-scitokens-monitoring.cfg b/xrootd/resources/test-scitokens-monitoring.cfg index 62454ae18..efd36259a 100644 --- a/xrootd/resources/test-scitokens-monitoring.cfg +++ b/xrootd/resources/test-scitokens-monitoring.cfg @@ -27,10 +27,9 @@ issuer = https://demo.scitokens.org base_path = /foo, /bar default_user = osg -[Issuer Built-in Monitoring] +[Issuer Origin and Built-in Monitoring] issuer = https://origin.example.com:8444 -base_path = /pelican/monitoring, /foo/bar -default_user = xrootd +base_path = /foo/bar, /pelican/monitoring [Issuer WLCG] issuer = https://wlcg.cnaf.infn.it