Project

General

Profile

Support #23278

Feature #23092: Use token-auth for Glideins authentication and add support for sci-token

Condor 8.9.2 configuration changes

Added by Dennis Box 8 months ago. Updated 3 months ago.

Status:
New
Priority:
High
Assignee:
Category:
Configuration Management
Target version:
Start date:
09/16/2019
Due date:
% Done:

0%

Estimated time:
Stakeholders:
Duration:

Description

Condor 8.9.2 (development series) has quite a few security and authentication changes from the 8.8 series.
Assuming you are using FS,GSI authentication, upgrading a GWMS using condor 8.8.5 or earlier to condor 8.9.2 requires the following configuration steps:
  • easiest install of condor 8.9.2 at the time of creation of this ticket:
  • frontend needs two new ALLOW_ settings
    • ALLOW_READ = * yum install --enablerepo osg-upcoming-development condor
    • ALLOW_DAEMON=$(ALLOW_WRITE)
  • the factory needs 3 ALLOW_ Settings
    • ALLOW_READ = *
    • ALLOW_DAEMON=$(ALLOW_WRITE)
    • ALLOW_ADVERTISE_MASTER = $(ALLOW_DAEMON)
  • If you are upgrading from the condor 8.6 series, you need to install glideinwms-switchboard
    • yum install glideinwms-switchboard --enablerepo=osg-development

History

#1 Updated by Dennis Box 8 months ago

easiest install of condor 8.9.2 on a working gwms system is
  • yum install --enablerepo osg-upcoming-development condor

#2 Updated by Marco Mambelli 3 months ago

  • Target version set to v3_7_1

#3 Updated by Marco Mambelli 3 months ago

  • Target version changed from v3_7_1 to v3_7
  • Priority changed from Normal to High

Was this already handled somewhere else?

1. Swithchboard is no more needed. All supported branches use single user factories
2. Are these changes needed? What is the exact error encountered?
3. Is this the same problem that was caused by not publishing the DNs and using the correct mapfile ([#22245])?

#4 Updated by Dennis Box 3 months ago

  • Target version changed from v3_7 to v3_7_1


Also available in: Atom PDF