Re: [HTCondor-users] Question about the curl transfer plugin

[Benoit Roland <benoit.roland@xxxxxxx>]

    Hi Greg,
    
    thanks a lot for your feedback.
    
    o) I modified the plugin [1] in the "InitializeCurlHandle" function,
    introducing the settings for "CURLOPT_SSL_VERIFYPEER" and
    "CURLOPT_CAPATH".
    
    After building successfully HTCondor, and running it in full debug
    mode, it seems to me that the multifile_curl_plugin executable is
    not used 
    or that a previous error prevents the execution process to reach it.
    
    In my jdl file, the settings for the transfer of the HTCondor output
    is set to:
    
    use_oauth_services = helmholtz
    output_destination =
    helmholtz+https://hifis-storage.desy.de:2443/punch/c4p-credmon-test
    
    where helmholtz.use is the credential saved in _CONDOR_CREDS.
    
    o) The error message I get is the following:
    
    07/27/23 19:57:32 (pid:1708042) (D_ALWAYS) FILE TRANSFER
    C4P-HTCondor: Entering ExitDoUpload
    07/27/23 19:57:32 (pid:1708042) (D_ALWAYS) DoUpload: (Condor error
    code 13, subcode 1) STARTER at 2a00:139c:3:2e5:0:21:d2:6c 
    failed to send file(s) to <[2a00:139c:3:2e5:0:21:d2:6c]:9618>:
    : FILETRANSFER:1: non-zero exit (1) from
      /usr/libexec/condor/curl_plugin. | Error: NSS: client certificate
      not found (nickname not specified) ( URL file =
      helmholtz+https://hifis-storage.desy.de:2443/punch/c4p-credmon-test/test-credential.txt
      ) || FILETRANSFER:1:"/usr/libexec/condor/onedrive_plugin.py
    -classad" did not produce any output,
    ignoring|FILETRANSFER:1:"/usr/libexec/condorgdrive_plugin.py
    -classad" did not produce any output, ignoring |
    FILETRANSFER:1:"/usr/libexec/condor/box_plugin.py -classad" did not
    produce 
    any output, ignoring; SHADOW failed to receive file(s) from
    <[2a00:139c:3:2e5:0:21:d2:6c]:28244>
    
    It comes from the "ExitDoUpload" function from file_transfer.cpp
    [2].
    
    o) When running the curl or davix commands in a shell, I can copy
    successfully a test file to the storage element, via the command
    lines:
    
    curl -L -X PUT -H "Authorization: Bearer $(oidc-token punch-aai)"
    --upload-file ./test.txt $STORAGE/c4p-credmon-test/test.txt
    davix-put --capath $X509_CERT_DIR -H "Authorization: Bearer
    $(oidc-token punch-aai)" ./test.txt
    $STORAGE/c4p-credmon-test/test.txt
    
    o) With a small script that I embed in my job.jdl via:
    
    transfer_input_files = transfer-storage.py
    
    I am also able to copy the output of the HTCondor test job to the
    storage element.
    
    This small script is basically running the curl or davix commands
    above, after having retrieved the credential from the _CONDOR_CREDS.
    Concerning the CAPATH, it's retrieved successfully from cvmfs.
    
    o) I would really like to be able to use the available plugin -
    after the required modifications are applied - because the jdl
    setting is straightforward for users:
    
    use_oauth_services = helmholtz
    output_destination =
    helmholtz+https://hifis-storage.desy.de:2443/punch/c4p-credmon-test
    
    Would you have some idea about the origin of my issue, or point me
    to the piece of code where I should look at?
    
    Thanks again for your help!
    
    Cheers,
    Benoit
    
    [1]
https://github.com/benoitroland/C4P-HTCondor/blob/main/src/condor_filetransfer_plugins/multifile_curl_plugin.cpp#L246
    [2]
https://github.com/benoitroland/C4P-HTCondor/blob/main/src/condor_utils/file_transfer.cpp#L5884

On 18/07/2023 22:42, Greg Thain via HTCondor-users wrote:

> On
>       7/18/23 08:42, Benoit Roland wrote:
>       
> >         
> >         
> >         I tried to find in [2,3] if there is a way to define the option
> >         "-k" or "--capath" without modifying the curl plugin, but I
> >         didn't succeed so far.
> >         
> >         
> >         Can these options be specified?
> >         
> >       
>       
>       
>       Hi Benoit:
>       
>       
>       
>       Currently, there is no way to do this. If you want to modify the
>       plugin, the source is located here:
>       
>       
> https://github.com/htcondor/htcondor/blob/main/src/condor_filetransfer_plugins/multifile_curl_plugin.cpp
>       
>       
>       Perhaps a better way in the short term is to send the plugin along
>       with the job. That way, you do not need to modify the worker node
>       code at all. This is documented here:
>       
>       
> https://github.com/htcondor/htcondor/blob/main/src/condor_filetransfer_plugins/multifile_curl_plugin.cpp
>       
>       
>       
>       -greg
>       
>       
>       
>       _______________________________________________
>       
>       HTCondor-users mailing list
>       
>       To unsubscribe, send a message to
>       htcondor-users-request@xxxxxxxxxxx with a
>       
>       subject: Unsubscribe
>       
>       You can also unsubscribe by visiting
>       
>       https://lists.cs.wisc.edu/mailman/listinfo/htcondor-users
>       
>       
>       The archives can be found at:
>       
>       https://lists.cs.wisc.edu/archive/htcondor-users/
>