Dear all,
I have compiled the HTCondor versionÂ23.5.0 using the
x86_64_AlmaLinux8-23050000 container [1], adding to the
existing code
some plugins to produce [2], monitor and refresh [3,4]
Helmhotz AAI access tokens.
The credential monitor [4] is based on the abstract class
[5].
While I can successfully run standalone the executables
/usr/sbin/condor_producer_mytoken and
/usr/sbin/condor_credmon_mytoken,
only the producer is run when sending an condor test job
(sleep 1800). It seems like the credmon does not start to
run.
Â
My configuration is given by [6].
The credmon used to run successfully before I migrate to
23.5.0.
I don't have anymore the details about the version I was
using by then.
I also tried to run the OAUTH credmon, but here gain, the
credmon does not start to run when submitting a condor test
job.
The main changes wrt my previous code is to make it
compliant with the 23.5.0 update of [5].
Running my credmon standalone, I can see that these changes
seem to be applied successfully, the credmon is running fine
and doing its job.
Would you have any clue about what I would miss?
Thanks a lot in advance for your help!
Cheers,
ben
[1]
https://github.com/benoitroland/C4P-HTCondor/blob/devel_rhel8/c4p-condor-utils/build-c4p-condor.sh
[2]
https://github.com/benoitroland/C4P-HTCondor/blob/devel_rhel8/src/condor_credd/condor_credmon_oauth/condor_producer_mytoken
[3]
https://github.com/benoitroland/C4P-HTCondor/blob/devel_rhel8/src/condor_credd/condor_credmon_oauth/condor_credmon_mytoken
[4]
https://github.com/benoitroland/C4P-HTCondor/blob/devel_rhel8/src/condor_credd/condor_credmon_oauth/credmon/CredentialMonitors/MytokenCredmon.py
[5]
https://github.com/benoitroland/C4P-HTCondor/blob/devel_rhel8/src/condor_credd/condor_credmon_oauth/credmon/CredentialMonitors/AbstractCredentialMonitor.py
[6] DAEMON_LIST = $(DAEMON_LIST), CREDD, CREDMON_OAUTH
use feature : OAUTH
SEC_PROCESS_SUBMIT_TOKENS = True
SendCredential = True
CREDD_HOST = $(FULL_HOSTNAME)
SEC_DEFAULT_ENCRYPTION = REQUIRED
OAUTH_ISSUER_URL =
https://login.helmholtz.de/oauth2/
OAUTH_ISSUER_NAME = helmholtz
MYTOKEN_ISSUER_URL =
https://mytoken.data.kit.edu
MYTOKEN_PROFILE = kit/c4p-htcondor
CREDMON_OAUTH = /usr/sbin/condor_credmon_mytoken
CREDMON_OAUTH_DEBUG = D_FULLDEBUG:2
SEC_CREDENTIAL_DIRECTORY_OAUTH =
/var/lib/condor/mytoken_credentials
SEC_ENCRYPTION_KEY_DIRECTORY =
/etc/condor/encryption.d/ENCRYPTION-KEY
# period at which the credd is checking the remaining life
time of stored credentials
CRED_CHECK_INTERVAL = 60
# period at which the collector is updated - default value 5
minutes
CREDD_UPDATE_INTERVAL = 60
_______________________________________________