GlideinWMS The Glidein-based Workflow Management System

WMS Factory Design

glideclient ClassAd

Jump to:
  1. User defined values
  2. Identify the ClassAd
  3. Configuration and installation
  4. Request information
  5. Encryption information
  6. Security credentials
  7. Identity credentials
  8. Security information
  9. Frontend glidein information
  10. Monitoring
Factory Design Topics:

Frontend Advertisement of Requests

The Frontend creates request Classads for the Factory to submit glideins. In the Frontend configuration, you can either match to all entries or customize the match string to request pilots at specific sites. This match string will use information published in the Factory entry Classads and the user’s job Classads.

  1. User defined values.
    1. Users are not supposed to affect how glideins are submitted. Users can affect where they are submitted when the Frontend configures match expressions and the user provides supported requirements but this all takes place in the Frontend. User requirements are not put into the Frontend request for the Factory to interpret. The only exception is the Project ID.
      • GlideinEncParamProjectId = "abcx123"
  2. Information used to identify the ClassAd.
    1. Values used to manage ClassAds in the Collector. The id is the credential ID in this ClassAd and is the grid_proxy, public cert, public key, or username, depending on the authentication method for this entry. Each request ClassAd contains one set of credentials.
      • Name = "id_entry@glidein_name@factory_name @frontend_name.group_name"
      • Internal ClassAd type of Master
    2. Values used to distinguish the different ClassAd types
      • GlideinMyType = "glideclient"
    3. Values set by GlideinWMS for consistency but are not used
      • MyType = "glideclient"
  3. Information about the configuration and installation. This is used by admins for querying the collector or possibly in match expressions.
    1. These describe the frontend and group making the request.
      • ClientName = "frontend_name.group_name"
      • FrontendName = "frontend_name"
      • GroupName = "group_name"
      • GlideinWMSVersion = "glideinWMS UNKNOWN"
  4. Information specific to a request.
    1. Information on the numbers related to how many glideins needed.
      • ReqIdleGlideins = 0
      • ReqMaxGlideins = 1
    2. The entry that the Frontend needs glideins from. This value is used to match the request to the entry so it must exactly match the "Name" attribute in the entry ClassAd.
      • ReqGlidein = "entry_name@glidein_name@factory_name"
  5. Encryption information. The Factory and Frontend use these to identify and talk with each other.
    1. The Factory Key ID must match the one published by the Factory.
      • ReqPubKeyID = "03910dfe2d1101f80fd4f7c388fd2e1c"
    2. Encrypted symmetric key.
      • ReqPubKeyCode = "03910dfe2d1101f80fd4f7c388fd2e1c"
  6. Security Credentials. All glideins are submitted with some kind of credentials. The Factory Entry specifies what credentials are needed in the authentication method and the Frontend passes the required info in the request. Only one (set) of credentials is allowed in a request. All proxy information is prefaced with GlideinEncParam and the values are encrypted with the symmetric key. The identifier for a given credential does not change between requests (it is a hash based on filename and not the contents of the credentials).
    1. Authentication method contains "grid_proxy"
      • GlideinEncParamSubmitProxy = ID
    2. Authentication method contains "cert_pair"
      • GlideinEncParamPublicCert = ID
      • GlideinEncParamPrivateCert = ID
      • GlideinEncParamGlideinProxy = ID
    3. Authentication method contains "key_pair"
      • GlideinEncParamPublicKey = ID
      • GlideinEncParamPrivateKey = ID
      • GlideinEncParamGlideinProxy = ID
    4. Authentication method contains "username_password"
      • GlideinEncParamUsername = ID
      • GlideinEncParamPassword = ID
      • GlideinEncParamGlideinProxy = ID
  7. Identity Credentials. The Factory may also require the Frontend to pass identity information in addition to the authenication methods for glidein submission.
    1. Authentication method contains "+project_id". This is only applied for TeraGrid sites.
      • GlideinEncParamProjectId = encrypted project id
    2. Authentication method contains "+vm_id". This is used on cloud sites.
      • GlideinEncParamVMId = encrypted VM id
    3. Authentication method contains "+vm_type". This is used on cloud sites.
      • GlideinEncParamVMType = encrypted VM type
    4. Authentication method contains "+voms_attr"
      • The Frontend must validate that the submit or glidein proxy contains the VOMS extension. No additional parameter is passed.
  8. Security Information. The Factory needs additional security information to make sure the request is allowed. These values are encrypted using the symmetric key.
    1. Encrypted identity information.
      • ReqEncIdentity = "frontend_name@factorynode.domain.name"
    2. The Factory uses the security name for whitelisting Frontends in an entry. The security class must be agreed upon with the Factory to ensure the correct security mappings exist. If this is not correct, the Frontend request will be denied.
      • GlideinEncParamSecurityName = "frontend_name"
      • GlideinEncParamSecurityClass = "frontend"
  9. Frontend defined information for affecting glideins.
    1. Optional Frontend Admin defined variables. They will be prefaced with GlideinParam.
      • GlideinParamUSE_MATCH_AUTH = "True"
      • GlideinParamGLIDEIN_Entry_Start = "True"
      • Etc.
    2. The Frontend specifies what Collector the glideins will report to and is required. This value is passed through to the glideins and is not used by the Factory.
      • GlideinParamGLIDEIN_Collector = "collectornode.domain.name:9618"
    3. The Frontend specifies the web staging area where the glideins will download Frontend provided files. A descript file (and signature for verification) is used to point to the files and their signs that will be used in starting the glideins. A Frontend can also contain groups with additional information so both the Frontend and group descript files are specified. Refer to here for the structure of the web area on the Frontend as well as the type and format of files expected.
      • WebURL = "http:⁄⁄frontend.domain.name⁄path-to-staging-area⁄stage⁄frontend_name"
      • WebSignType = "sha1"
      • WebDescriptFile = "description.abtfgq.cfg"
      • WebDescriptSign = "15af90be49a498528828d321f91ca2302"
      • WebGroupURL = "http:⁄⁄cms- frontend.domain.name⁄path-to-staging-area⁄stage⁄frontend_name⁄group_name"
      • WebGroupDescriptFile = "description.abtfgq.cfg"
      • WebGroupDescriptSign = "b7fde1fd2bc02b02dafd85a655c93f090cfa1e51"
  10. Monitoring and debugging values.
    1. These are generated by the Frontend and used for generating the monitoring data. All are prefaced with GlideinMonitor. Monitoring values may be shared between services but are only used in generating monitoring data and not to affect glidein requests.
      • Any Classad variable that begins with GlideinMonitor: GlideinMonitorRunning = 0, GlideinMonitorGlideinsIdle = 0, etc.
    2. This not used by the Factory but in VO Frontends, where it is used for monitoring and debugging.
      • ReqName = "entry_name@glidein_name@factory_name"

Example glideclient ClassAd

MyType = "glideclient"
TargetType = ""
GlideinMyType = "glideclient"
GlideinWMSVersion = "glideinWMS UNKNOWN"
Name = "entry@glidein@factory@frontend-instance.main"
ClientName = "frontend-instance.main"
FrontendName = "frontend-instance"
GroupName = "main"
ReqName = "entry@glidein@factory"
ReqGlidein = " entry@glidein@factory "
WebURL = "http://node.domain.name/vofrontend/stage/frontend"
WebSignType = "sha1"
WebDescriptFile = "description.acgfgp.cfg"
WebDescriptSign = "f878f3762273245aa3d87f05b8c7306be0eff51c"
WebGroupURL = "http://cms-node.domain.name/vofrontend/stage/frontend /group_main"
WebGroupDescriptFile = "description.acgdrf.cfg"
WebGroupDescriptSign = "0e832bcc4e47d388803255ac7a98fbe4580f4961"
ReqPubKeyID = "60b25b1dca401abad2d17c2f5f15e887"
**ReqEncKeyCode = "f8ee5f9f031141071ef5a40f0e0911de3c09f35517335f721fbbe912b32f73"
**ReqEncIdentity = "1dcd10a1ca601b5a55fe27db93b2c8f7242559cd15fed974ac28f153236689d06"
ReqIdleGlideins = 0
ReqMaxGlideins = 1
GlideinParamUSE_MATCH_AUTH = "True"
GlideinParamGLIDEIN_Entry_Start = "True"
GlideinParamGLIDEIN_Entry_Rank = "1"
GlideinParamGLIDEIN_Collector = "node.domain.name"
GlideinMonitorRunning = 0
GlideinMonitorGlideinsRunning = 0
GlideinMonitorIdle = 0
GlideinMonitorGlideinsTotal = 0
GlideinMonitorOldIdle = 0
GlideinMonitorGlideinsIdle = 0
GlideinMonitorRunningHere = 0
GlideinEncParamx509_proxy_0_identifier = "e5e86dea2bc94f357b922ff41866385d"
GlideinEncParamSecurityName = "798a603c1d9017ab1f250d79388e7fe9"
**GlideinEncParamx509_proxy_0 = "79dbcbba4de07ac0578b342db4b63b91a1b12020dc89ab17601d2b634"
GlideinEncParamnr_x509_proxies = "36d9444ae0177f649c492a01e3575806"
GlideinEncParamx509_proxy_0_security_class = "160d7ca0e441da3407675d2003571a3e"
MyAddress = "<111.222.333.44:0>"
AuthenticatedIdentity = "frontend_user@node.domain.name"
LastHeardFrom = 1294182587
UpdatesTotal = 159
UpdatesSequenced = 0
UpdatesLost = 0
UpdatesHistory = "0x00000000000000000000000000000000"

**Note:  This attribute was shortened to fit into this document.
Banner image by Madhusudan Katti used under Creative Commons license.
Original Home URL: https://glideinwms.fnal.gov. GlideinWMS email support: glideinwms-support at fnal.gov