Do not set GLIDEIN_ToDie based on X509 user proxy expiration
GLIDEIN_ToDie should not be statically configured based on X509 user proxy expiration.
- The most common CEs these days (Arc, CREAM, HTCondor-CE) can all push updated proxies during the job lifetime.
- Some of the desired pilot lifetimes are longer than the maximum possible VOMS extension lifetimes.
- As opposed to the original design, GSI is rarely used - it'll establish a security session with the collector which is subsequently reused. GSI is no longer used for schedd<->startd auth. Hence, a pilot can be perfectly functional with an expired proxy.
Two thoughts on how to improve the situation:
- Check for a minimum validity (it's currently 12 hours, right?) at startup but do not adjust GLIDEIN_ToDie.
- Make GLIDEIN_ToDie an expression referring to the proxy expiration time, which is then updated periodically throughout the startd's lifetime via the "startd cron" mechanism.
#4 Updated by Marco Mambelli almost 3 years ago
- Status changed from New to Feedback
- Assignee changed from Marco Mambelli to Lorena Lobato Pardavila
Added GLIDEIN_Ignore_X509_Duration (default: true)
If set to false, the glidein will shorten its lifetime depending on the current proxy duration.
If the current proxy duration is less than 15min (900 s), then the glidein will always shorten its lifetime (independent from the value of GLIDEIN_Ignore_X509_Duration)
changes in v34/17102