WMS Factory
- Overview
- Install
- Configuration
- Design
- Monitoring
- Troubleshooting
Custom Condor Variables
Description
This document describes what configuration variables are used by the glideins. Most administrators never need to touch most of them, but a sophisticated Glidein Factory administrator may need to tweak some of them to implement the desired policies (for example: require encryption over the wire) or to address the needs of a particular site (for example: max allowed wallclock time).
Configuration variable location
The glideinWMS ships with a set of pre-defined configuration variables, that are stored in two files, known as condor vars files:
glideinWMS/creation/web_base/condor_vars.lst
glideinWMS/creation/web_base/condor_vars.lst.entry
The two files are equivalent, but were split for historical
reasons, and the second one is meant to contain site specific
configuration variables.
These files should never be modified,
and represent just the default shipped by the software!
A glideinWMS administrator can change the values of the predefined variables (with some exceptions, see below), and define new ones using the Glidein Factory configuration file.
Condor vars files
The condor vars files contain the glideinWMS pre-defined
configuration variables, and should never be modified.
However,
a glideinWMS administrator should nevertheless be able to read them.
Each of them is an ASCII file, with one entry per row.
Lines
starting with # are comments and are ignored.
Each non comment line must have 7 columns. Each column has a specific meaning:
- Attribute name
- Attribute type
- I – integer
- S – quoted string
- C – unquoted string (i.e. Condor keyword or expression)
- Default value, use – if no default
- Condor name, i.e. under which name should this attributed be known in the configuration used by Condor daemons
- Is a value required for this attribute?
Must be Y or N. If Y and the attribute is not defined, the glidein will fail. - Will condor_startd publish this attribute to the
collector?
Must be Y or N. - Will the attribute be exported to the user job environment?
- - - Do not export (for glidein/condor internal use)
- + - Export to the user job environment using the original attribute name
- @ - Export to the user job environment using the Condor name
Here below, you can see a short extract; the semantics of the variables is defined below.
# VarName Type Default CondorName Req. Export UserJobEnvName # S=Quote - = No Default + = VarName Condor - = Do not export # + = Use VarName # @ = Use CondorName ################################################################################################################# X509_USER_PROXY C - GSI_DAEMON_PROXY Y N - USE_MATCH_AUTH C - SEC_ENABLE_MATCH_PASSWORD_AUTHENTICATION N N - GLIDEIN_Factory S - + Y Y @ GLIDEIN_Name S - + Y Y @ GLIDEIN_Collector C - HEAD_NODE Y N - GLIDEIN_Expose_Grid_Env C False JOB_INHERITS_STARTER_ENVIRONMENT N Y + TMP_DIR S - GLIDEIN_Tmp_Dir Y Y @ CONDORG_CLUSTER I - GLIDEIN_ClusterId Y Y @ CONDORG_SUBCLUSTER I - GLIDEIN_ProcId Y Y @ CONDORG_SCHEDD S - GLIDEIN_Schedd Y Y @ SEC_DEFAULT_ENCRYPTION C OPTIONAL + N N - SEC_DEFAULT_INTEGRITY C REQUIRED + N N - MAX_MASTER_LOG I 1000000 + N N - MAX_STARTD_LOG I 10000000 + N N -
Glidein Variables
This section defines all the variables that the glideins explicity use. Please be aware that, apart from the below mentioned variable many other variables will be used by the Condor daemons, since glideins are Condor based; see the Condor manual for more details.
The variables can be divided based on their source:
Factory config xml - attr tags
This section presents all the variables that can be directly changed by a Glidein Factory administrator using attr tags in the factory configuration XML using the following tags:
<attr name=“name” value=“val” type=“type” .../>
More information on the XML format can be found in
Glidein Factory configuration section.
If not specified in the XML, most of these variables have
defaults set in condor vars files,
which are used if the Glidein Factory administrator does not override
them. These defaults are listed below.
Please also note that some of these variables may also be provided by the VO factory clients.
Name |
Type |
Default Value |
Description |
GLIDEIN_Site | String | Entry name | Logical name of the Grid site where the glidein is running. This information is published both in the startd ClassAd and in the user job environment. |
GLIDEIN_Hold | Exp (Bool) | True |
Condor expression to use to specify when a user job in the glideins should be held. If any expression is true, the glidein is held. This is usually done to specify "bad" jobs, such as those that claim too much memory. |
GLIDEIN_Entry_PREEMPT | Exp (Bool) | True | |
GLIDEIN_PREEMPT | Exp (Bool) | True |
Condor expression to use to specify when a user job in the glideins should be preempted. If any expression is true, the glidein is preempted. This is usually done to specify custom preemption policies for user jobs. |
GLIDEIN_Rank | Exp (Int) | 1 |
Used in calculating the Condor RANK They are summed together, and the user job with the largest rank will run first. |
GLIDEIN_Entry_Rank | Exp (Int) | 1 | |
GLIDEIN_Max_Idle | Int | 1200 (20 mins) |
Max amount of time a condor_startd will wait to be matched before giving up and terminating. |
GLIDEIN_Max_Tail | Int | 400 (6 mins) |
Max amount of time a condor_startd will wait after having already completed a job to be matched again. (i.e. the tail of a job). |
GLIDEIN_Retire_Time | Int | 21600 (6 hours) |
How long the condor_startd be running before
no longer accepting jobs.
|
GLIDEIN_Retire_Time_Spread | Int | 7200 (2 hours) |
|
GLIDEIN_Max_Walltime | Int | N/A |
Max allowed time for the glidein. |
GLIDEIN_Graceful_Shutdown | Int | 120 |
Once DAEMON_SHUTDOWN is reached and the glidein pilot enters the Retiring state, this amount passes to allow the startd and job to gracefully shutdown before forcefully terminating the glidein. See Lifetime of a glidein for details. |
PREEMPT | Bool | False | 1 | Specifies whether preemption is allowed to occur on this glidein.
PREEMPT_GRACE_TIME | Int | 10000000 | This value affects the condor value "MaxJobRetirementtime" and is an integer value representing the number of seconds a preempted job will be allowed to run before being evicted. This only affects behaviour if PREEMPT=True. |
HOLD_GRACE_TIME | Int | 0 | This value affects the condor value "MaxJobRetirementtime" and is an integer value representing the number of seconds a job that triggers WANT_HOLD will be allowed to run before being evicted. This only affects behaviour if GLIDEIN_HOLD, GLIDEIN_Entry_HOLD, GLIDECLIENT_HOLD, or GLIDECLIENT_Group_HOLD are specified and become true. By default, these "bad" jobs are immediately evicted. |
GLIDEIN_Monitoring_Enabled | Bool | True | Ability to control whether the pseduo-interactive monitoring slot is started on the worker node. Set to False if you do not want the monitoring slot started. |
GLEXEC_BIN | String | None |
If set, Condor will launch all user jobs via glexec,
thus running the job under the
appropriate local account. This is important both for glideinWMS
security and for accounting
purposes. This variable is renamed to GLEXEC in the condor config. |
GLEXEC_JOB | Bool | False |
If set to False, the condor_starter is run sharing the same UID as the user job. This has security implications. If running Condor 7.1.3 or later, it is recommended to turn this on and have the condor_starter be protected from the user jobs. |
GLIDEIN_Use_PGroups | Bool | False |
Should process group monitoring be enabled? This is a Condor optimization parameter. Unfortunately, it negatively interferes with the batch systems used by the Grid sites, so it should not be turned on unless you have a very good reason to do so. |
UPDATE_COLLECTOR_WITH_TCP | Bool | True |
If True, forces the glidein to use TCP updates. Also see the Condor documentation for implications and side effects. |
WANT_UDP_COMMAND_SOCKET | Bool | False |
If True, enable the startd UDP command socket (Condor default). Using the UDP command socket is a Condor optimization that makes working over firewalls and NATs very difficult. It is thus recommended you leave it disabled in the glideins. Please note if you leave it disabled, that you must configure
the schedd with |
STARTD_SENDS_ALIVES | Bool | True |
If set to False, the schedd will be sending keepalives to the startd. Setting this to True instructs the startd to send keepalives to the schedd. This improves the glidein behavior when running behind a firewall or a NAT. Please note that the schedd must be configured in the same way for this to work. |
SEC_DEFAULT_INTEGRITY | Exp | REQUIRED |
Security related settings. Please notice that the glideins always require GSI authentication. For more details see the configuration page or the Condor manual. |
SEC_DEFAULT_ENCRYPTION | Exp | OPTIONAL | |
USE_MATCH_AUTH | Bool | False |
Another security setting. If set to True, the schedd and the startd will use a low overhead protocol. See the configuration page or the Condor manual. |
MAX_MASTER_LOG | Int | 1M |
What is the maximum size the logs should grow. Setting them too low will made debugging difficult. |
MAX_STARTD_LOG | Int | 10M | |
MAX_STARTER_LOG | Int | 10M | |
GCB_LIST | List | - |
Configure GCB. GCB is needed to run glideins on worker nodes behind a firewall or a NAT. For more information, see the configuration page. |
GCB_ORDER | String | ||
GCB_MIN_FREE | Int | ||
GCB_REMAP_ROUTE | String | ||
MASTER_GCB_RECONNECT_TIMEOUT | Int | 1200 (20 mins) |
Specifies how long should a glidein wait before giving up on a GCB, if network connectivity is lost. |
USE_CCB | Bool | False |
If set to True, it will enable CCB (available since Condor v7.3.0). |
GLIDEIN_CPUS | Int | 1 |
Number of CPUs glidein should use. GLIDEIN_CPUS is used to set NUM_CPUS for the HTCondor started by the glidein. Use "auto" to let glidein determine this from the worker node, set a value to force a different number. In case of static partitioning, glidein will create GLIDEIN_CPUS number of slots. In case of dynamic partitioning, the slots will be created automatically based on the CPUs required by the job and GLIDEIN_CPUS is the sum of the slots made available. Refer to HTCondor manual for info on NUM_CPUS |
GLIDEIN_MaxMemMBs | Int | None |
Amount of memory glidein should use. If set, GLIDEIN_MaxMemMBs is used to set total MEMORY used for the HTCondor and Startd and jobs started by the glidein. If not GLIDEIN_MaxMemMBs is not set and GLIDEIN_MaxMemMBs_Estimate is TRUE, GLIDEIN_MaxMemMBs is calculated based on the memory available on the worker node. If GLIDEIN_MaxMemMBs is not set and GLIDEIN_MaxMemMBs_Estimate is not TRUE, glidein lets HTCondor decide the amount of memory. Refer to HTCondor manual for info on MEMORY |
GLIDEIN_MaxMemMBs_Estimate | Bool | False |
Used in conjunction with GLIDEIN_MaxMemMBs. See GLIDEIN_MaxMemMBs for the description. |
Factory config xml - configuration
The second set of variables comes from values the Glidein Factory administrator defined to make the factory to work. They are generated based on xml tags in the factory configuration (most in the entry tag). They cannot be changed by an administrator in any other way.
Name | Type | Source | Description |
GLIDEIN_Factory | String | <glidein factory_name="value"> |
Logical name of the Glidein Factory machine (like “osg1”). |
GLIDEIN_Name | String | <glidein glidein_name="value"> |
Identification name of the Glidein Factory instance (like “v1_0”). |
GLIDEIN_Entry_Name | String | ...<entries><entry name=”value”> |
Identification name of the entry point (like “ucsd5”). |
GLIDEIN_GridType | String | ...<entries><entry gridtype=“value”> |
Type of Grid resource (like “gt2”). |
GLIDEIN_Gatekeeper | String | ...<entries><entry gatekeeper=“value”> |
URI of the Grid gatekeeper (like “osg1.ucsd.edu/jobmanager-pbs”) |
GLIDEIN_GlobusRSL | String | ...<entries><entry rsl=“value”> |
Optional RSL string (like "(condor_submit=('+ProdSlot' 'TRUE'))") |
PROXY_URL | String | ...<entries><entry proxy_url=“value”> |
Optional URL of the site Web proxy. A special value “OSG” can be used to automatically discover the local Web proxy on OSG worker nodes. This variable is exported as GLIDEIN_Proxy_URL to the use job environment. |
DEBUG_MODE | String | ...<entries><entry verbosity=“value”> |
This setting can be either:
|
Frontend Client Variables
The third set of values comes from the Glidein Frontend clients. While a client can set any number of variables, the ones described below ar the most often used.
Name | Type | Description |
GLIDEIN_Client | String |
Identification name of the VO frontend request (like “ucsd5@v1_0@osg1@cms4”). |
GLIDEIN_Collector | List |
List of Collector URIs used by the VO Condor pool (like “cc.cms.edu:9620,cc.cms.edu:9621”). One of the URIs in the list will be selected and used as HEAD_NODE in the condor_config. |
GLIDECLIENT_Hold | Exp (Bool) |
Condor expression to use to specify when a user job in the glideins should be held. If any expression is true, the glidein is held. This is usually done to specify "bad" jobs, such as those that claim too much memory. |
GLIDECLIENT_Group_Hold | Exp (Bool) | |
GLIDECLIENT_PREEMPT | Exp (Bool) |
Condor expression to use to specify when a user job in the glideins should be preempted. If any expression is true, the glidein is preempted. This is usually done to specify custom preemption policies. |
GLIDECLIENT_Group_PREEMPT | Exp (Bool) | |
GLIDECLIENT_Rank | Exp (Int) |
Used in calculating the Condor RANK They are summed together, and the user job with the largest rank will run first. |
GLIDECLIENT_Group_Rank | Exp (Int) | |
GLIDEIN_Job_Max_Time | Int |
Max allowed time for the job to end. |
GLIDEIN_Expose_Grid_Env | Exp (Bool) |
If False, the user job environment will contain only glidein factory provided variables. If True, the user job environment will also contain the environment variables defined at glidein startup. See JOB_INHERITS_STARTER_ENVIRONMENT documentation for more details. |
GLIDEIN_Expose_X509 | Exp (Bool) |
By default, the glidein will unset the variable X509_USER_PROXY for security reasons to prevent the user jobs from accessing the pilot proxy. Setting this to true will override this behavior and keep the X509_USER_PROXY in the environment. |
SLOTS_LAYOUT | String |
Defines how multi-core glideins should split their resources. There are only two legal values:
Note: This variable MUST NOT be passed as a parameter, or the glideins will fail! |
FORCE_PARTITIONABLE | String (Bool) |
By default, single core glideins will never be configured as partitionable,
independently of the value of SLOTS_LAYOUT. If partitionable slots are desired also for single-core glideins, set this variable to "True". |
GLIDEIN_Report_Failed | String |
This attribute regulates advertising of validation failures to the user collector.
When advertised, the classad is flagged GLIDEIN_Failed=True, the error is recorded in the GLIDEIN_FAILURE_REASON and GLIDEIN_EXIT_CODE attributes, and the failing script is recorded in the GLIDEIN_LAST_SCRIPT attribute. |
GLIDEIN_CLAIM_WORKLIFE | Int |
CLAIM_WORKLIFE for non-dynamic slots. Defaults to -1 i.e. HTCondor will treat this as an infinite claim worklife and schedd will hold claim to the slot until jobs are preempted or user runs out of jobs. |
GLIDEIN_CLAIM_WORKLIFE_DYNAMIC | Int |
CLAIM_WORKLIFE for dynamically partitionable slots. Defaults to 3600. This controls how frequently the dynamically partionable slots will coalesce. |
Cloud VM specific Variables
The following variables are only applicable to Cloud VMs.
These variables can be either configured by factory or the frontend
Name |
Type |
Default Value |
Description |
VM_MAX_LIFETIME | Int | 172800 (48 hours) |
Max lifetime of the VM. When this timer is reached the glideinwms-pilot service will terminate and glidein process, shutdown the glideinwms-pilot service and issue a VM shutdown |
VM_DISABLE_SHUTDOWN | Bool | False |
Disables VM from automatically shutting down after
the glideinwms-pilot service has exited. |
Dynamically generated variables
The following variables are being dynamically generated and/or modified by glideinWMS processes. The glideinWMS administrators cannot directly change them.
The first set of variables comes from the Glidein Factory.
Name | Type | Description |
GLIDEIN_Signature | String |
These variables contain the SHA1 signature of the signature files. These signatures are used as a base to ensure the integrity of all the data downloaded in the glidein startup scripts, but they also provide a fingerprint of the configuration used by the glidein. These variables are published both in the glidein ClassAd and in the user job environenmt. |
GLIDEIN_Entry_Signature | String | |
CONDORG_SCHEDD | String |
The schedd used by the Glidein Factory to submit the glidein. This variables is exported a GLIDEIN_Schedd both in the glidein ClassAd and to the user job environment. |
CONDORG_CLUSTER | Int |
The cluster and process id assigned by the Glidein Factory schedd to this glidein. These variables are exported as GLIDEIN_ClusterId and GLIDEIN_ProcId both in the glidein ClassAd and to the user job environment. |
CONDORG_SUBCLUSTER | Int |
Directory Path Variables
The next set contains the location of files and/or directories downloaded or created by the glidein. Most of them are located under the working directory specified by
<entry work_dir=“value”>
Name | Description |
TMP_DIR |
Path to the directory that admin-provided scripts and user jobs can use for storing temporary data. This variable is exported as GLIDEIN_Tmp_Dir both to the glidein ClassAd and to the use job environment. |
CONDOR_VARS_FILE |
File path to the condor vars files. Admin-provided scripts may want to add entries to these files. |
CONDOR_VARS_ENTRY_FILE | |
ADD_CONFIG_LINE_SOURCE |
File path to the script containing the add_config_line and add_confir_vars line functions. |
X509_USER_PROXY |
File path to the glidein proxy file. |
X509_CONDORMAP |
File path to the Condor mapfile used by the glidein. |
X509_CERT_DIR |
Path to the directory containing the trusted CAs' public keys and RSLs. |
CONDOR_DIR |
Directory where the glidein Condor binary distribution have been installed. |
WRAPPER_LIST |
File path to the list of wrapper scripts used by the glidein. |
GLIDEIN_WRAPPER_EXEC |
This is the executable that glideins will run (ie what to
put after "exec" in the condor job wrapper). By default,
glideins will perform exec "\$@" to run the pilot.
For other modes of execution, you may need different
arguments. For example, to run a program under parrot, you
may need
exec "$GLIDEIN_PARROT/parrot_run"
-t "$parrot_tmp" "$@" .
|
Glidein Script Variables (dynamic)
The last set contains various variables generated by the glidein startup scripts.
Name | Type | Description |
X509_GRIDMAP_DNS | String |
List of DNs trusted by the glidein. |
X509_EXPIRE | time_t |
When is the proxy expected to expire. |
GLEXEC_STARTER | Bool | If gLExec is used and this is set to True, the condor_starter will be run sharing the same UID as the user job. |
ALTERNATIVE_SHELL | String |
If gLExec is used, this variable points to a trusted copy of a shell. |
GLEXEC_USER_DIR | String | If gLExec is used, this variable points to the working directory under which all user jobs will be started. |
Lifetime of a Glidein
All the various variables in the glidein configuration can be confusing. The above diagram illustrates the lifetime of a glidein pilot that has a long-running job.
- Green: For the first GLIDEIN_Retire_Time seconds (modified by a random spread GLIDEIN_Retire_Spread to smooth out glideins all ending simultaneously), jobs can start on the glidein pilot.
- Yellow: During the yellow period, START will evauluate to FALSE, so no new jobs will start. However, already running jobs will continue to run for GLIDEIN_Job_Max_Time. (Note that the glideins will end during this period if the job ends. They will not idle afterwards since no new jobs can start anyway).
- Once this period is done, the DAEMON_SHUTDOWN variable will be true.
- Orange: There can be a delay of up to UPDATE_INTERVAL (usually about 5 minutes) between when DAEMON_SHUTDOWN becomes true and when it is actually updated in the collector. This is because the collector only reevaluates this expression periodically.
- Red: Once DAEMON_SHUTDOWN is true, condor gives a short grace period of GLIDEIN_Graceful_Shutdown before forcefully terminating everything and shutting down. All of these periods are totalled and calculated to fit within GLIDEIN_MAX_WALLTIME if specified.
Note that if a job ends early in the green period, a new job will start. If a job ends after this period, then the glidein will shut down and end early. This can be seen in the example below with two jobs below:
- Orange: A glidein first starts up.
- Yellow: After starting up, the glidein will wait for Glidein_Max_Idle for its initial matching. If it is Idle for longer than this, it will assume no jobs are available and will shutdown.
- Green: A job runs (subject to the maximum limits in the previous diagram).
- Yellow: Once a job runs, it will wait for Glidein_Max_Tail for another job.
- Green: Another matching job runs.
- Yellow: Once the job finishes, it will wait for Glidein_Max_Tail for another job. If cannot find one, it will shutdown.