TWiki> UCSDTier2 Web>GlideinWMS (2009/10/30, IgorSfiligoi)EditAttach

glideinWMS Project TWiki Home Page

This page should be used by the glideinWMS development team for the project related information.
The official page for users is located at http://www.uscms.org/SoftwareComputing/Grid/WMS/glideinWMS/.

Task List

TaskList

Developer access to the code

To access the code in read-write mode, one first needs a valid krb5 ticket and be explicitly authorized.
Once that is acchieved,
set CVSROOT to cvsuser@cdcvs.fnal.gov:/cvs/cd
and CVSRSH to ssh.

Recent code changes

-- IgorSfiligoi - 2009/10/28- head/install&creation

Change the default of 

GLEXEC_JOB

from False to True. All new versions of condor require this to be true.

-- IgorSfiligoi - 2009/10/28- head/most dirs

Frontend will now only communicate with trusted factories. This is acchieved by using AuthenticatedIdentity? attribute of the classads.

The frontend config needed to be changed to acchieve this. But the previous format was not very apt for this, as all the factory collectors were listed as a single string. So the new frontend config now has a proper XML tree for the factories:

Old New 
<factory collectors="node1,node2"/>
 
<factory>
  <collectors>
    <collector node="node1" classad_identity="id1@node1"/>
    <collector node="node2" classad_identity="id2@domain2"/>
  </collectors>
</factory>

To keep the consistency between the factory collectors and job schedds, I also changed the schedds from a string to a XML tree:

Old New 
<job schedds="node1,sched2@node2"/>


<job>
  <schedds>
    <schedd fullname="node1"/>
    <schedd fullname="schedd2@node2"/>
  </schedds>
</job>

The installer has been updated to properly create the new config.

-- IgorSfiligoi - 2009/10/26 - head/most dirs

Changed protocol between frontend and factory.

Frontend classad added 

 ReqEncIdentity

The factory check this and after decoding, compares it to AuthenticatedIdentity? . This prevents replay attacks

The frontend config changed to add this info: 

 <security classad_identity="identity" classad_proxy="fname">

The factory, the frontend and the installer were modified.

The documentation was updated to reflect the change.

-- IgorSfiligoi - 2009/10/26 - head/install&creation/web_base

Found and fixed the GLEXEC problem.

I had enabled publish_glidein for GLEXEC_BIN. Since it is not quoted, it cannot be exported, and this created a lot of problems for Condor.

-- IgorSfiligoi - 2009/10/16 - head&branch_v1_6plus/creation

Improved the proxy_url="OSG" handling in glidein_startup.sh.

It was way too simplistic and would fail on some OSG sites.

-- IgorSfiligoi - 2009/10/16 - head/creation

Implemented support for multiple condor binaries.

The config changes from 

<condor base_dir="/home/igorfactory/glidecondor"/>

to 

 <condor_tarballs>
   <condor_tarball arch="x86" os="linux-rhel3" base_dir="/home/igorfactory/glidecondor_rhel3"/>
   <condor_tarball arch="x86" os="linux-rhel5" base_dir="/home/igorfactory/glidecondor_rhel5"/>
</condor_tarballs>

The factory must also define the gollowing attributes 

<attr name="CONDOR_ARCH" const="True" glidein_publish="False" job_publish="False" parameter="True" publish="False" type="string" value="x86"/>
<attr name="CONDOR_OS" const="True" glidein_publish="False" job_publish="False" parameter="True" publish="False" type="string" value="linux-rhel3"/>

If not defined, it defaults to "default". A value of "auto" for either or both of the above will enable auto-detection of that component.

The implementation creates one tarball per os/arch pair. The "condor_platform_select.sh" script will enable the downloading of the appropriate tarball at runtime.

Installer and documentation also updated.

-- IgorSfiligoi - 2009/10/15 - head/creation

Add debug option to both create_glidein and create_frontend. Will print out the full traceback in case of problems.

-- IgorSfiligoi - 2009/10/09 - head/installer

Made VDT optional. openssl used anywhere where grid-proxy-info was used before.
User can now provide its ownTRUSTED_CA dir and its own voms-proxy-info.

Added support for VDT 2.0, and made it the default.
Also added Globus-Client and Myproxy-Client in the minimal VDT install.

The installer now asks for the collector port number. This allows several users to coexist on the same node.

-- IgorSfiligoi - 2009/10/09 - head/factory

Factory now only checks X509_USER_PROXY if it needs it.

Edit | Attach | Print version | History: r13 < r12 < r11 < r10 < r9 | Backlinks | Raw View | Raw edit | More topic actions
Topic revision: r13 - 2009/10/30 - 23:36:42 - IgorSfiligoi
 
This site is powered by the TWiki collaboration platformCopyright © by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
Ideas, requests, problems regarding TWiki? Send feedback