Project

General

Profile

Idea #2665

Graceful dealing with Frontend changing proxy DN

Added by Igor Sfiligoi over 8 years ago. Updated about 8 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Douglas Strain
Category:
Factory
Target version:
Start date:
04/22/2012
Due date:
% Done:

0%

Estimated time:
Stakeholders:
Duration:

Description

Here is the problem;
if the frontend changes the proxy DN and/or FQAN, it will be propagated to the factory,
and the factory will loose control of the already submitted glideins.

Possible solutions, either:
  • track the DN+FQAN of submitted glideins, and refuse to accept anything different until those are gone, or
  • add the (hash of the) DN+FQAN to the proxy file name... this way Condor-G will never loose track of the glideins (modulo expired proxy)

History

#1 Updated by Igor Sfiligoi over 8 years ago

My preference is for the 2nd option, i.e. adding the hash to the proxy file.

Igor

#2 Updated by Burt Holzman over 8 years ago

  • Assignee set to Douglas Strain

#3 Updated by Burt Holzman over 8 years ago

  • Target version set to v2_7_x

#4 Updated by Douglas Strain over 8 years ago

This has been done and updated in branch_v2plus_2665. It is ready for review.

#5 Updated by Douglas Strain about 8 years ago

  • Status changed from New to Assigned
  • Assignee changed from Douglas Strain to Igor Sfiligoi

The review of this branch has been assigned during the meeting to Igor. I just implented the second option to change the filename. If there is additional work here, let me know and assign it back to me. Thanks!

#6 Updated by Parag Mhashilkar about 8 years ago

  • Assignee changed from Igor Sfiligoi to Douglas Strain

1) You are only hashing the DN and not the FQAN. Use case of changes to FQAN is not handled.

2) Running the two commands from python prompt did not result in the subject being captured in dn. Need to verify if following actually works and you indeed get the dn value correctly in the variable.

dn_process = subprocess.Popen("openssl x509 -subject -noout", shell=True, stdin=subprocess.PIPE)
(dn,err_out)=dn_process.communicate(proxy_data)

#7 Updated by Douglas Strain about 8 years ago

  • Status changed from Assigned to Resolved

Parag's changes have been addressed and this has been merged into branch_v2plus.

#8 Updated by Parag Mhashilkar about 8 years ago

  • Target version changed from v2_7_x to v2_6

#9 Updated by Parag Mhashilkar about 8 years ago

  • Status changed from Resolved to Closed


Also available in: Atom PDF