Mailing List Archives

Public Access

 		[Computer Systems Lab]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [HTCondor-users] AuthTokenIssuer classads vs DAGs...

note that we have a standing htcondor-admin ticket 109117 about this too.

Steve Timm

From: HTCondor-users <htcondor-users-bounces@xxxxxxxxxxx> on behalf of Marc W Mengel via HTCondor-users <htcondor-users@xxxxxxxxxxx>
Sent: Thursday, August 17, 2023 10:53 AM
To: htcondor-users@xxxxxxxxxxx <htcondor-users@xxxxxxxxxxx>
Cc: Marc W Mengel <mengel@xxxxxxxx>
Subject: [HTCondor-users] AuthTokenIssuer classads vs DAGs...
 

First a little background: the OSG folks are trying to use the token
authentication generated classads (AuthTokenId, AuthTokenIssuer, etc.)
for accounting purposes.  This works well for regular jobs, but for
DAGs these are not currently set (since the dagman job, which launches
them, running in the scheduler universe, does not have credentials
forwarded to it, and must launch with FS client authentication)

We have been trying to get these classads set for dagman-launched jobs.

Just setting them with +AuthTokenIssuer=xxx etc. does not work, as
condor (correctly) scrubs those if you try to set them in the submit
file, etc.

Instead, I have been trying running the dagman job in the "local"
universe, where it gets a credential forwarded to it, rather
than "scheduler",  and setting:
    BEARER_TOKEN_FILE=$_CONDOR_CREDS/xxx.use
    _condor_SEC_CLIENT_AUTHENTICATION_METHODS=SCITOKENS
and most recently:
    _condor_DAGMAN_USE_DIRECT_SUBMIT=False
in the environment for the dagman.

This *appears* to be using condor_submit to do the submissions, and it
seems to be using scitokens authentication to talk to the schedd; but
the dagman-launched jobs *still* do not get AuthTokenIssuer, etc.
set in their classads.

Any suggestions for how to get the dagman-launched jobs to have the
authentication classads set, or even how to debug further what is going
on,  appreciated.

--
Marc W. Mengel
Computer Services Senior Developer

Data Management and Applications
Fermi National Accelerator Laboratory
630 840 8256 office
www.fnal.gov

Connect with us!
Newsletter | Facebook | Twitter