Bug #24160

Submission to GCE broken

Added by Marco Mambelli 9 months ago. Updated 8 months ago.

Target version:
Start date:
Due date:
% Done:


Estimated time:
First Occurred:
Occurs In:


The submission to GCE is broken because the Factory is parring to condor the simple x509 credential instead of a key=value file

Here the email from Steve:

We are running hepcloud production with htcondor 8.9.5 and glideinwms factory 3.6.2.

We have observed the following:

The script on the GCE VM is looking for two values in the instance metadata

        self.userdata_attributes = (

It fails because it cannot find the second one glidein_credentials.

Analysis of the call that is being made to google shows that only the first one,
glideinwms_metadata is being sent, correctly.

Below is the job.condor file that is created

You can see that it is using both the gce_metadata and gce_metadata_file options
in the condor submit. 

The problem is that the gce_metadata_file is supposed to have
a key=value structure, and as submitted it does not.  We are just appending the gzipped proxy directly as
the file name.  therefore it appears that the proxy is just getting ignored and not getting sent as part of the metadata.
This causes the glideinwms-pilot launcher on the VM to error out and fail.

A quick examination of the AWS job.condor shows that exactly the same thing is happening there.

Please advise.

Steve Timm (17.3 KB) Marco Mambelli, 03/11/2020 11:48 AM

Related issues

Related to GlideinWMS - Feature #24165: Refactor credential handlingNew03/10/2020


#1 Updated by Marco Mambelli 9 months ago

  • Priority changed from Normal to Urgent
  • Assignee set to Bruno Coimbra
  • Status changed from New to Feedback

In the single-user factory update the change of format of the compressed credentials done in creation/web_base/update_proxy.p had been overlooked.
Changes are in v36/24160

#2 Updated by Marco Mambelli 9 months ago

  • Target version set to v3_6_2

#3 Updated by Marco Mambelli 9 months ago

  • File added

Patching instructions:
VERSIONS: GlideinWMS v3_6, v3_6_1
OS: RHEL6, RHEL7 and compatibles

FILES: (attached to this ticket)

EFFECT: Changes in the code are very limited, it will affect only the compressed credential that is used for AWS and GCE, fixing the problem.

  1. stop the Factory
  2. In the python site-packages directory, glideinwms/factory subdirectory (/usr/lib/python2.6/site-packages/glideinwms/factory/ on RHEL6, /usr/lib/python2.7/site-packages/glideinwms/factory/ on RHEL7) do the following:
    1. replace with the prowided one
    2. remove glideFactoryCredentials.pyc glideFactoryCredentials.pyo
  3. start the Factory

#4 Updated by Marco Mambelli 9 months ago

  • Assignee changed from Bruno Coimbra to Marco Mambelli
  • Status changed from Feedback to Resolved

#5 Updated by Marco Mambelli 9 months ago

#6 Updated by Steven Timm 9 months ago

The patch successfully got credentials to the google VMs and glideins were able to complete initiation, call back to the pool, match and run jobs.

#7 Updated by Marco Mambelli 8 months ago


#8 Updated by Marco Mambelli 8 months ago

  • Status changed from Resolved to Closed

#9 Updated by Marco Mambelli 18 days ago

Also available in: Atom PDF