Mailing List Archives
Authenticated access
|
|
![[Computer Systems Lab]](http://www.cs.wisc.edu/pics/csl_logo.gif)
|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[HTCondor-users] token authorized grid universe submission
- Date: Tue, 21 Mar 2023 14:02:36 +0100
- From: Thomas Hartmann <thomas.hartmann@xxxxxxx>
- Subject: [HTCondor-users] token authorized grid universe submission
Hi all,
I am trying to submit grid universe jobs to our CondorCEs authorized by
WLCGTokens - however the set up does not seem to be working.
I.e., we have a VOBox with daemons locally collector + negotiator +
scheduler + gridmanager/gahp on Condor 9 [1], so that users can submit
their grid universe job locally for the daemons to forward them to the CEs.
Jobs submitted with a X509 proxy work, so that the submission file and
local daemon set up should be in general OK. However when unsetting X509
and only using a token, the submission fails [1] as no proxy file is found.
I guess gridmanager/gahp in Condor 9 do not support {Sci,WLCG}Tokens and
we have to update the VOBox to 10.0/1, or?
Cheers,
Thomas
[1]
condor-9.0.17-1.el7.x86_64
condor-classads-9.0.17-1.el7.x86_64
condor-externals-9.0.17-1.el7.x86_64
condor-procd-9.0.17-1.el7.x86_64
python2-condor-9.0.17-1.el7.x86_64
python3-condor-9.0.17-1.el7.x86_64
[2]
> export BEARER_TOKEN_FILE=/tmp/token_$(id -u)
> condor_submit belle.sub
Submitting job(s)ERROR: unable to read proxy file
[3]
> cat belle.sub
universe = grid
use_x509userproxy = true
X509UserProxy=$ENV(X509_USER_PROXY)
grid_resource = condor grid-htcondorce1.desy.de
grid-htcondorce1.desy.de:9619
# transfer_input_files = ${HOME}/k5-ca-proxy-belle.pem
# environment = "X509_USER_PROXY=${HOME}/k5-ca-proxy-belle.pem"
executable = belle.sh
output = $(Cluster)_$(Process).out
error = $(Cluster)_$(Process).err
log = $(Cluster)_$(Process).logs
ShouldTransferFiles = YES
WhenToTransferOutput = ON_EXIT
+remote_jobuniverse = 5
+remote_requirements = True
+remote_ShouldTransferFiles = "YES"
+remote_WhenToTransferOutput = "ON_EXIT"
queue
[4]
> cat /tmp/token_$(id -u) | cut -d "." -f 2 | base64 -d 2>/dev/null | jq
{
"wlcg.ver": "1.0",
"sub": "1ec796cb-250b-479d-a9e9-6509995adab0",
"aud": "https://wlcg.cern.ch/jwt/v1/any";,
"nbf": 1679402025,
"scope": "openid compute.create offline_access compute.read
compute.cancel compute.modify",
"iss": "https://wlcg.cloud.cnaf.infn.it/";,
"exp": 1679403225,
"iat": 1679402025,
"jti": "448e3bf4-14e8-4aa7-a5ee-a396e38f83a3",
"client_id": "5e4d8e45-2fa0-4a56-b646-113c3b0bf9c1"
}
Attachment:
smime.p7s
Description: S/MIME Cryptographic Signature