WMS Factory Design
glideclientglobal ClassAd
Jump to:
Frontend Advertisement of Globals
The Frontend advertises the one ClassAd per Frontend Group per Factory. The ClassAd contains the credentials that are mapped to that Factory and are categorized by security class.
- Information used to identify the Classad.
- Values used to manage Classads in the Collector.
- Name = "glidein_name@factory_name@frontend_name.group_name" (this is just ReqName@ClientName)
- Internal ClassAd type of Master
- Values used to distinguish the different ClassAd types and used by GlideinWMS to query the Collector
- GlideinMyType = "glideclientglobal"
- Values set by GlideinWMS to be used by HTCondor but not by GlideinWMS
- MyType = "glideclientglobal"
- Values used to manage Classads in the Collector.
- Information about the configuration and installation. This is used by admins for
querying the collector or possibly in match expressions.
- These describe the Frontend and group making the request.
- ClientName = "frontend_name.group_name"
- FrontendName = "frontend_name"
- GroupName = "group_name"
- GlideinWMSVersion = "glideinWMS UNKNOWN"
- These describe the Frontend and group making the request.
- Encrypted security parameters. The Factory and Frontend use these to identify and
talk with each other. These values will be encrypted in the actual Classad.
- The Frontend needs to tell the Factory what security name it is mapped to.
- GlideinEncParamSecurityName = "encrypted security name"
- The symmetric key used for encryption. The Frontend generates this key and encrypts it using the Factory
public key. All other encrypted parameters passed to the Factory are encrypted with the symmetric key.
- ReqPubKeyID = "03910dfe2d1101f80fd4f7c388fd2e1c"
- ReqPubKeyCode = "03910dfe2d1101f80fd4f7c388fd2e1c"
- Encrypted identity that is mapped to expected identity (as listed in the Factory configuration).
- ReqEncIdentity = "frontend_name@factorynode.domain.name"
- The Frontend needs to tell the Factory what security name it is mapped to.
- Credentials allowed for this Frontend group for this Factory. The credentials are
identified by an ID, which needs to be unique and must stay the same for the lifetime of the requests that use it (a renewed proxy
will have the same ID as the expired proxy with the same subject). Credential ids should not based on the type or content of the
credential. An example would be to base the ID on a hash of the filename. All these attributes are encrypted with the
Frontend-generated symmetric key.
- Credential and associated security class.
- GlideinEncParamID = "encrypted credential with id_1"
- GlideinEncParamSecurityClassID = "encrypted security class for credential id_1"
- GlideinEncParamID = "encrypted credential with id_2"
- GlideinEncParamSecurityClassID = "encrypted security class for credential id_2"
- Etc.
- Total number of credentials sent which is used for verification in the Factory.
- GlideinEncParamNumberOfCredentials = encrypted number of credentials
- Credential and associated security class.
Example glideclient ClassAd
MyType = "glideclientglobal" GlideinMyType = "glideclientglobal" **ReqEncIdentity = "fb5c26ceaca17ead" Name = "glidein_name@factory_name@frontend_name.group_name" AuthenticatedIdentity = "frontend_user@node.domain.name" **GlideinEncParam16118 = "15bb98e16d8a062dad0eec6312c53cb6970" MyAddress = "<131.225.206.32:0>" UpdatesHistory = "0x00000000000000000000000000000000" GlideinWMSVersion = "glideinWMS Version" UpdatesLost = 0 ReqPubKeyID = "b3dde1f9a255898119c1ca2de46e1a38" UpdatesSequenced = 0 UpdatesTotal = 3 GlideinEncParamNumberOfCredentials = "1dcc07fd85a3ed4b63703e26511faa17" GlideinEncParamSecurityName = "0c8cc8ed2c70d1e3611485094a71c97b" CurrentTime = time() **GlideinEncParamSecurityClassCREDID = "fb5c26dc228c85e7d5f1b28cff017" LastHeardFrom = 1310400471 **ReqEncKeyCode = "bea430068f971255df594a5c4f4cbed8157a8a7511d20f13ab" **Note: This attribute was shortened to fit into this document.