GlideinWMS The Glidein-based Workflow Management System

Frontend Advertisement of Globals

The Frontend advertises the one ClassAd per Frontend Group per Factory. The ClassAd contains the credentials that are mapped to that Factory and are categorized by security class.

1. Information used to identify the Classad.
   1. Values used to manage Classads in the Collector.
      • Name = "glidein_name@factory_name@frontend_name.group_name" (this is just ReqName@ClientName)
      • Internal ClassAd type of Master
   2. Values used to distinguish the different ClassAd types and used by GlideinWMS to query the Collector
      • GlideinMyType = "glideclientglobal"
   3. Values set by GlideinWMS to be used by HTCondor but not by GlideinWMS
      • MyType = "glideclientglobal"
2. Information about the configuration and installation. This is used by admins for querying the collector or possibly in match expressions.
   1. These describe the Frontend and group making the request.
      • ClientName = "frontend_name.group_name"
      • FrontendName = "frontend_name"
      • GroupName = "group_name"
      • GlideinWMSVersion = "glideinWMS UNKNOWN"
3. Encrypted security parameters. The Factory and Frontend use these to identify and talk with each other. These values will be encrypted in the actual Classad.
   1. The Frontend needs to tell the Factory what security name it is mapped to.
      • GlideinEncParamSecurityName = "encrypted security name"
   2. The symmetric key used for encryption. The Frontend generates this key and encrypts it using the Factory public key. All other encrypted parameters passed to the Factory are encrypted with the symmetric key.
      • ReqPubKeyID = "03910dfe2d1101f80fd4f7c388fd2e1c"
      • ReqPubKeyCode = "03910dfe2d1101f80fd4f7c388fd2e1c"
   3. Encrypted identity that is mapped to expected identity (as listed in the Factory configuration).
      • ReqEncIdentity = "frontend_name@factorynode.domain.name"
4. Credentials allowed for this Frontend group for this Factory. The credentials are identified by an ID, which needs to be unique and must stay the same for the lifetime of the requests that use it (a renewed proxy will have the same ID as the expired proxy with the same subject). Credential ids should not based on the type or content of the credential. An example would be to base the ID on a hash of the filename. All these attributes are encrypted with the Frontend-generated symmetric key.
   1. Credential and associated security class.
      • GlideinEncParamID = "encrypted credential with id_1"
      • GlideinEncParamSecurityClassID = "encrypted security class for credential id_1"
      • GlideinEncParamID = "encrypted credential with id_2"
      • GlideinEncParamSecurityClassID = "encrypted security class for credential id_2"
      • Etc.
   2. Total number of credentials sent which is used for verification in the Factory.
      • GlideinEncParamNumberOfCredentials = encrypted number of credentials

Example glideclient ClassAd

MyType = "glideclientglobal"
GlideinMyType = "glideclientglobal"
**ReqEncIdentity = "fb5c26ceaca17ead"
Name = "glidein_name@factory_name@frontend_name.group_name"
AuthenticatedIdentity = "frontend_user@node.domain.name"
**GlideinEncParam16118 = "15bb98e16d8a062dad0eec6312c53cb6970"
MyAddress = "<131.225.206.32:0>"
UpdatesHistory = "0x00000000000000000000000000000000"
GlideinWMSVersion = "glideinWMS Version"
UpdatesLost = 0
ReqPubKeyID = "b3dde1f9a255898119c1ca2de46e1a38"
UpdatesSequenced = 0
UpdatesTotal = 3
GlideinEncParamNumberOfCredentials = "1dcc07fd85a3ed4b63703e26511faa17"
GlideinEncParamSecurityName = "0c8cc8ed2c70d1e3611485094a71c97b"
CurrentTime = time()
**GlideinEncParamSecurityClassCREDID = "fb5c26dc228c85e7d5f1b28cff017"
LastHeardFrom = 1310400471
**ReqEncKeyCode = "bea430068f971255df594a5c4f4cbed8157a8a7511d20f13ab"

**Note:  This attribute was shortened to fit into this document.