Project

General

Profile

Feature #25506

Glidein not relying on HTCondor file transfer

Added by Marco Mambelli 2 months ago. Updated 2 months ago.

Status:
New
Priority:
Normal
Assignee:
-
Category:
-
Target version:
Start date:
02/10/2021
Due date:
% Done:

0%

Estimated time:
Stakeholders:

Internship

Duration:

Description

With the use of tokens, there is no more an x509 proxy forwarded from the CE to the job (Glidein) via some alternative mechanism.
The tokens, including the one used by the glidein to authenticate back to the pool, are sent via an encrypted condor file transfer.
These are small, so they do not cause significant load, but they are necessary.
If something breaks (like in a recent accident w/ an ARC CE, https://support.opensciencegrid.org/public/tickets/aa67f18c18cae2ce21b5e1865ca8692d3f7acfcdfd2b854dab5e960ecd1f8010), then the Glidein is failing.
We introduced a new dependency.
We should evaluate the possibility to remove that, e.g. by adding a key as a command-line attribute or encrypted attribute in the HTCondor job, and using that to decode the secrets downloaded from the already existing Web servers on the Frontend and Factory.

Also available in: Atom PDF