[v8.0.31] Unexpected configuration result when installing TokenManager

[marianne013]

Hi,

I just followed fairly blindly the instructions given here: https://dirac.readthedocs.io/en/integration/AdministratorGuide/HowTo/pilotsWithTokens.html My tornado config (which existed before installing this service) reads: Tornado/Port = 8444

The above instructions tell me to install the TokenManager using

install service Framework TokenManager

No error. This results in the service being installed the 'classic' way:

[dirac@dirac00 ~]$ ps aux | grep Token
dirac     3458 84.0  0.6 328652 48612 ?        Rl   14:39   0:00 /opt/dirac/diracos/bin/python3.11 /opt/dirac/diracos/bin/dirac-service Framework/TokenManager --cfg /opt/dirac/etc/Framework_TokenManager.cfg
dirac    20860  0.0  0.0   4232   448 ?        R    14:28   0:00 runsv Framework_TokenManager

but at the same time the configuration generated reads:

TokenManager = https://dirac00.grid.hep.ph.ic.ac.uk:8443/Framework/TokenManager

(note the port). If this is meant to run exclusively as a tornado service, could that please be reflected in the instructions, and why does it have the incorrect port number ?

[marianne013]

I just noticed I was missing a level in my Tornado config, i.e. it's now Tornado/Devel/Port = 8444. I can install the the service as a tornado service on the server if I copy my admin proxy across and then run

dirac-install-tornado-service Framework/TokenManager

I haven't tried to backtrack and install the service again the old fashioned way, but while I can see that the port number is my fault, I'm not sure the old school install was.

[fstagni]

This is indeed a Tornado only service (it is also indicated in https://dirac.readthedocs.io/en/integration/AdministratorGuide/HowTo/pilotsWithTokens.html#launching-the-tokenmanagerhandler). The installation through the SystemAdministrator has been fixed in version v9, but for v8 indeed these instructions are incorrect, so I created just now https://github.com/DIRACGrid/DIRAC/pull/7275

[marianne013]

Thanks. I think there's an additional issue with the documentation. We are currently testing tokens for pilot submissions, best wishes to @aldbr the "mixed mode" for CEs supporting token and non-token VOs seems to work. But we get an error in the tornado log

2023-11-07 10:37:05 UTC Tornado/Tornado/FrameworkTokenManagerHandler ERROR: Cannot get database parameters: Failed to get the configuration parameter: DBName
Traceback (most recent call last):
  File "/opt/dirac/DIRAC/src/DIRAC/FrameworkSystem/Service/TokenManagerHandler.py", line 73, in initializeHandler
    cls.__tokenDB = TokenDB(parentLogger=cls.log)
                    ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/opt/dirac/DIRAC/src/DIRAC/FrameworkSystem/DB/TokenDB.py", line 47, in __init__
    self._initializeConnection("Framework/TokenDB")
  File "/opt/dirac/DIRAC/src/DIRAC/Core/Base/SQLAlchemyDB.py", line 41, in _initializeConnection
    raise Exception(f"Cannot get database parameters: {result['Message']}")
Exception: Cannot get database parameters: Failed to get the configuration parameter: DBName

TokenDB is not mentioned in https://dirac.readthedocs.io/en/latest/AdministratorGuide/HowTo/pilotsWithTokens.html I gather it's only meant to be used for user tokens, and the code seems to work fine without it. My current inclination would be to install the DB for future use and just add this to the instructions, though if you wanted to fix the code, that would be fine with me as well.

[chrisburr]

I gather it's only meant to be used for user tokens, and the code seems to work fine without it. My current inclination would be to install the DB for future use

I doubt this DB will actually be used for anything.

[marianne013]

I don't really care, but I don't like stacktraces in my log files that don't mean anything (well, I don't like any trackbacks at all, but this is worse).

[fstagni]

TokenDB is effectively only used for interacting with User tokens. For the case of pilots submissions the only effectively used part is this: https://github.com/DIRACGrid/DIRAC/blob/rel-v8r0/src/DIRAC/FrameworkSystem/Service/TokenManagerHandler.py#L185-L243 (which, could be only in the TokenManagerClient, it seems).

If no-one is right now using user tokens, nor planning to use user tokens in DIRAC (and before DiracX) then we can do a massive simplification.

[chaen]

Don't simplify yet. We may need it for the DMS (I don't know yet)

[fstagni]

@marianne013 can the issue be closed?

[marianne013]

I just saw that error (TokenDB) again yesterday and afaik the integration version of the instructions still has no mention of this one way or another. Following instructions should not result in tracebacks, so I don't think this is fixed.